当前位置: 文江博客话题详情

逻辑应用标准自动化跨环境工作流参考

发布于 2025-01-11 15:03:36 字数 430 浏览 0 评论 0原文

我已使用 Arm 模板通过 Azure Devops Pipeline 自动部署逻辑应用标准

我有另一个管道,它使用 Azure Devops zip 部署任务 来部署工作流(按照 Microsoft 文档的建议)。

我当前的困境是当我有调用其他工作流程的工作流程时。 当我跨不同逻辑应用标准实例部署 zip 文件时,引用的工作流 URL 始终相同

如何以非硬编码且在部署中动态更改的方式引用/调用工作流程?我可以使用 workflow() 引用其他工作流程吗?

由于访问键是工作流的属性而不是逻辑应用程序标准,我无法将其设置为要在工作流内使用的应用程序设置或参数。

关于如何绕过这个问题有什么想法吗?

原文

I have automated the deployment of a logic app standard via Azure Devops Pipeline using an arm template.

I have another pipeline that uses the Azure Devops zip deployment task to deploy the workflows (as recommended by Microsoft documentation).

My current struggle is when I have workflows that call other workflows.
When I deploy the zip file across different logic app standard instances the workflow url referenced is always the same.

How can I reference/call the workflow in a way that is not hardcoded and dynamically changes in the deploy? Can I use workflow() to reference other workflows?

As the access key is a property of the workflow and not the logic app standard I'm not able to set it as an app setting or parameter to be consumed inside the workflow.

Any ideas on how to bypass this issue?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

我喜欢麦丽素 2025-01-18 15:03:36

我最终做了以下事情。
我已经创建了密钥库机密。在这些密钥保管库机密中,我存储包含授权机密的工作流程 URL。

由于我创建了指向密钥保管库秘密名称而不是硬编码 URL 的其他工作流,逻辑应用在运行时将查询密钥保管库,从我想要进行身份验证的工作流中检索 URL 并将其用作输入。由于它已经包含签名,因此可以正确进行身份验证。

这可能是一种解决方法,但这是我能够在此操作中取得成功的唯一方法。

对于那些和我有同样问题的人,步骤如下:

  1. 首先,我开发了工作流程,从 keyvault 获取包含 url 的秘密

获取 keyvault 机密

  1. 然后使用该机密作为输入来调用 url。
    秘密作为 URL 的输入

  2. 当我准备好部署工作流程时。我导出它们并将代码放在 Azure Devops 上。

  3. 然后在构建管道中我使用以下任务

task: ArchiveFiles@2
displayName: "Archive Functions"
inputs:
rootFolderOrFile: "$(Build.Repository.LocalPath)/LogicApps"
includeRootFolder: false
archiveFile: "$(Build.ArtifactStagingDirectory)/LogicApps.zip"

task: AzureFunctionApp@1
displayName: "Deploy Functions"
inputs:
azureSubscription: "${ { parameters.Subscription }}"
appName: "mylogicappstandard"
package: "$(Agent.BuildDirectory)/${ { parameters.ArtifactName}}/LogicApps.zip"

task: AzureCLI@2
displayName: 'Update Signature url in ${ { parameters.KeyvaultName}}'
inputs:
azureSubscription: "${ { parameters.Subscription }}"
scriptType: 'ps'
scriptLocation: 'inlineScript'
inlineScript: "$(Agent.BuildDirectory)/${ { parameters.ArtifactName}}/Scripts/Get-WorkflowUrlSignature.ps1 $(AzureSubscriptionId) ${ { parameters.ResourceGroup }} mylogicappstandard ${ { parameters.KeyvaultName}}"

您可以在此处找到该脚本的详细信息 Get-WorkflowUrlSignature.ps1

    [CmdletBinding()]
 param (
     [Parameter(Mandatory)][string]$SubscriptionId,
     [Parameter(Mandatory)][string]$ResourceGroup,
     [Parameter(Mandatory)][string]$LogicAppName,
     [Parameter(Mandatory)][string]$KeyVaultName
 )
    
 $json = az rest --method get --uri "https://management.azure.com/subscriptions/$SubscriptionId/resourceGroups/$ResourceGroup/providers/Microsoft.Web/sites/$LogicAppName/hostruntime/runtime/webhooks/workflow/api/management/workflows?api-version=2018-11-01"
 $workflows = $json | convertfrom-json
    
 foreach ($workflow in $workflows.Name){
     $uri ="https://management.azure.com/subscriptions/$SubscriptionId/resourceGroups/$ResourceGroup/providers/Microsoft.Web/sites/$LogicAppName/hostruntime/runtime/webhooks/workflow/api/management/workflows/$workflow/triggers/manual/listCallbackUrl?api-version=2018-11-01"
     if (az rest --method post --uri $uri){
         # Gets the url with signature
         $sigurl = az rest --method post --uri $uri | convertfrom-json
         $secret = $sigurl.value.Replace('&','"&"')
         $workflowName = $workflow.Replace("_","")
         #Creates or updates secret in the keyvault
         Write-Output "Updating secret $workflowName in the keyvault"
         az keyvault secret set --name $workflowName --vault-name $KeyVaultName --value $secret
     }else{
         Write-Output "The workflow $workflow does not have any trigger url"
     }
 }

我希望这可以帮助其他人自动化该过程。如果您有更简单的方法或查询访问密钥或 url sig,请告诉我。

What I ended up doing was the following.
I have created key vault secrets. In those key vault secrets I store the workflow url containing the authorization secret.

As I've created the other workflows pointing to the key vault secret name instead of a hardcoded url the logic app at run time will query the key vault, retrieve the url from the workflow i want to authenticate to and use it as input. As it already contains the signature it authenticates correctly.

It's probably a workaround but it was the only way I was able to achieve success in this operation.

For those with the same problem as me here are the steps:

  1. First I have developed the workflow to obtain the secret containing the url from the keyvault

Get keyvault secret

  1. Then it calls the url using the secret as input.
    Secret as input for the url

  2. When I have my workflows ready to deploy. I export them and put the code on Azure Devops.

  3. Then in a build pipeline I use the following tasks

task: ArchiveFiles@2
displayName: "Archive Functions"
inputs:
rootFolderOrFile: "$(Build.Repository.LocalPath)/LogicApps"
includeRootFolder: false
archiveFile: "$(Build.ArtifactStagingDirectory)/LogicApps.zip"

task: AzureFunctionApp@1
displayName: "Deploy Functions"
inputs:
azureSubscription: "${ { parameters.Subscription }}"
appName: "mylogicappstandard"
package: "$(Agent.BuildDirectory)/${ { parameters.ArtifactName}}/LogicApps.zip"

task: AzureCLI@2
displayName: 'Update Signature url in ${ { parameters.KeyvaultName}}'
inputs:
azureSubscription: "${ { parameters.Subscription }}"
scriptType: 'ps'
scriptLocation: 'inlineScript'
inlineScript: "$(Agent.BuildDirectory)/${ { parameters.ArtifactName}}/Scripts/Get-WorkflowUrlSignature.ps1 $(AzureSubscriptionId) ${ { parameters.ResourceGroup }} mylogicappstandard ${ { parameters.KeyvaultName}}"

You can find the details for the script here Get-WorkflowUrlSignature.ps1

    [CmdletBinding()]
 param (
     [Parameter(Mandatory)][string]$SubscriptionId,
     [Parameter(Mandatory)][string]$ResourceGroup,
     [Parameter(Mandatory)][string]$LogicAppName,
     [Parameter(Mandatory)][string]$KeyVaultName
 )
    
 $json = az rest --method get --uri "https://management.azure.com/subscriptions/$SubscriptionId/resourceGroups/$ResourceGroup/providers/Microsoft.Web/sites/$LogicAppName/hostruntime/runtime/webhooks/workflow/api/management/workflows?api-version=2018-11-01"
 $workflows = $json | convertfrom-json
    
 foreach ($workflow in $workflows.Name){
     $uri ="https://management.azure.com/subscriptions/$SubscriptionId/resourceGroups/$ResourceGroup/providers/Microsoft.Web/sites/$LogicAppName/hostruntime/runtime/webhooks/workflow/api/management/workflows/$workflow/triggers/manual/listCallbackUrl?api-version=2018-11-01"
     if (az rest --method post --uri $uri){
         # Gets the url with signature
         $sigurl = az rest --method post --uri $uri | convertfrom-json
         $secret = $sigurl.value.Replace('&','"&"')
         $workflowName = $workflow.Replace("_","")
         #Creates or updates secret in the keyvault
         Write-Output "Updating secret $workflowName in the keyvault"
         az keyvault secret set --name $workflowName --vault-name $KeyVaultName --value $secret
     }else{
         Write-Output "The workflow $workflow does not have any trigger url"
     }
 }

I hope this helps other people automate the process. Please let me know if you have an easier way to do it or to query the access key or url sig.

回复 原文
~没有更多了~

关于作者

月下客

暂无简介

文章
评论
26 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

卷耳

文章 0 评论 0

佚名

文章 0 评论 0

℉服软

文章 0 评论 0

qq_2gSKZM

文章 0 评论 0

凉宸

文章 0 评论 0

gyhjy

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文