This demo uses some external resources that must be deployed before developing a Logic App.
I've included instructions how to do deploy manually (using Azure CLI and sqlcmd) or using GitHub Actions workflow.
Type az login and follow instructions. A browser window/tab is opened and you must fill your credentials (Azure portal username and password).
If you have more than one active Azure subscriptions, you must choose the correct one with az account set -s <<YOUR SUBSCRIPTION ID>>
az group create --name <<YOUR RESOURCE GROUP NAME>> --location <<YOUR RESOURCE GROUP LOCATION>>
You must at least specify a resource group name. You must also specify a resource group location (e.g. westeurope) if you haven't set a default location.
File external-resources/parameters.json contains default values for:
- Azure Storage Account name for attachments (
attachment_storage_name) - Azure Storage Account name for expense report files (i.e. a fake REST API) (
expensereports_storage_name) - Azure SQL Server name (
sqlserver_name) - Azure SQL Server database name (
sqlserver_database_name)
Review those parameter values and modify them if needed.
Please notice that extra characters are added to the end of storage accounts and SQL server to make them globally unique (because Azure doesn't allow duplicate storage account or SQL Server names).
N.B. Bicep file external-resources/template.bicep contains also secret parameters for SQL Server user name and password. For security reasons those are not given in the parameter file, but you must give them yourself when running a deploy command.
Do syntax check for a Bicep file:
az bicep build -f external-resources/template.bicep
If there are errors or warnings after running the previous command, you should check those issues before proceeding to the next step.
Validate whether a template is valid at resource group:
az deployment group validate -f external-resources/template.bicep -g <<YOUR RESOURCE GROUP NAME>> --mode Complete -p external-resources/parameters.json -p sqlUser=<<YOUR SQL SERVER USERNAME>> sqlPass=<<YOUR SQL SERVER PASSWORD>>
If there are errors or warnings after running the previous command, you should check those issues before proceeding to the next step.
Do deploy:
az deployment group create -f external-resources/template.bicep -g <<YOUR RESOURCE GROUP NAME>> --mode Complete -p external-resources/parameters.json -p sqlUser=<<YOUR SQL SERVER USERNAME>> sqlPass=<<YOUR SQL SERVER PASSWORD>>
After deployment has finished, you can copy files recursively from external-resources/attachments to Azure Blob Storage using this command:
az storage copy -s "external-resources/attachments/*" -d "https://<<ATTACHMENT STORAGE NAME>>.blob.core.windows.net/files" --recursive
Please notice that your must specify the name of the Azure Storage Account for attachments (if you didn't change the parameters during deploy, it begins with myattachments with some random characters added to the end of the name).
az storage copy -s "external-resources/expense-items/*" -d "https://<<EXPENSE STORAGE NAME>>.blob.core.windows.net/api"
Please notice that your must specify the name of the Azure Storage Account for expense reports (if you didn't change the parameters during deploy, it begins with myexpensereports with some random characters added to the end of the name).
In order to access (and run SQL commands against Azure SQL Server), we must add a temporary firewall rule for Azure SQL Server.
Add a firewall rule for SQL Server:
az sql server firewall-rule create -g <<YOUR RESOURCE GROUP NAME>> -s <<YOUR SQL SERVER NAME>> -n temporaryrule --start-ip-address <<YOUR IP ADDRESS>> --end-ip-address <<YOUR IP ADDRESS>>
For this step, you must download sqlcmd utility to run SQL scripts against Azure SQL Servers databases.
Then you must check your Azure SQL Server and database name (if you didn't change the parameters during deploy, database name is myuserdb and SQL Server name begins with myuserdbserver with some random characters added to the end of the name).
Then run this command to insert tables and rows into your database:
sqlcmd -S <<YOUR SQL SERVER NAME>>.database.windows.net -U <<YOUR SQL SERVER USERNAME>> -P <<YOUR SQL SERVER PASSWORD>> -d <<YOUR SQL SERVER DATABASE NAME>> -i external-resources/database/create_data.sql
After running SQL commands against Azure SQL Server, we don't need to use it from our PC, so we can delete our temporary firewall rule.
az sql server firewall-rule delete -g <<YOUR RESOURCE GROUP NAME>> -s <<YOUR SQL SERVER NAME>> -n temporaryrule
If you like to use CI/CD based approach to deploy external resources using GitHub Actions workflow, here's what you need to do:
Create a resource group for external resources either using Azure Portal or Azure CLI (see instructions for creating a resource group using Azure CLI).
In order to use GitHub Actions to deploy Azure resources, you have to have a service principal, which allows you to authenticate against Azure and run deploy operations without having to manually provide your credentials.
When creating a service principal, make sure it has contributor rights to the resource group you created earlier in step 1.
N.B. If you haven't done Azure login from your CLI, you must do it first before running other Azure CLI commands.
You can create a service principal using Azure CLI:
az ad sp create-for-rbac --name <<YOUR SERVICE PRINCIPAL NAME>> --role contributor --scopes /subscriptions/<<YOUR SUBSCRIPTION ID>>/resourceGroups/<<YOUR RESOURCE GROUP NAME>> --sdk-auth
You can query the id of your current Azure subscription like this: az account show --query id
Output of az ad sp create-for-rbac command is something like this:
{
"clientId": "3e205e08-b990-4598-a8e3-9c0bf54c5f5e",
"clientSecret": "<<SOME SECRET STRING>>",
"subscriptionId": "<<YOUR SUBSCRIPTION ID>>",
"tenantId": "<<YOUR TENANT ID>>",
"activeDirectoryEndpointUrl": "https://login.microsoftonline.com",
"resourceManagerEndpointUrl": "https://management.azure.com/",
"activeDirectoryGraphResourceId": "https://graph.windows.net/",
"sqlManagementEndpointUrl": "https://management.core.windows.net:8443/",
"galleryEndpointUrl": "https://gallery.azure.com/",
"managementEndpointUrl": "https://management.core.windows.net/"
}
Store this output because you'll need it later on.
Clone/fork this GitHub repository and configure your GitHub repository like this:
Service principal:
Go to your GitHub repository then navigate to Settings -> Secrets -> Actions -> New repository secret
- Name: AZURE_CREDENTIALS_EXT
- Secret: <<Paste here the output of
az ad sp create-for-rbaccommand>>
Azure subscription id:
Go to your GitHub repository then navigate to Settings -> Secrets -> Actions -> New repository secret
- Name: SUBSCRIPTION_ID
- Secret: <<Your Azure Subscription Id from step 2>>
SQL Server username:
Go to your GitHub repository then navigate to Settings -> Secrets -> Actions -> New repository secret
- Name: SQL_USER
- Secret: <<Admin user name you have selected for your SQL Server>>
SQL Server password:
Go to your GitHub repository then navigate to Settings -> Secrets -> Actions -> New repository secret
- Name: SQL_PASS
- Secret: <<Password of the admin user you have selected for your SQL Server>>
File external-resources/parameters.json contains default values for:
- Azure Storage Account name for attachments (
attachment_storage_name) - Azure Storage Account name for expense report files (i.e. a fake REST API) (
expensereports_storage_name) - Azure SQL Server name (
sqlserver_name) - Azure SQL Server database name (
sqlserver_database_name)
Review those parameter values and modify them if needed.
Please notice that extra characters are added to the end of storage accounts and SQL server to make them globally unique (because Azure doesn't allow duplicate storage account or SQL Server names).
In file .github/workflows/external-resources.yml, you must change the name of the target resource group if it's different from what you created in step 1. Default value for the resource group is samikomulainen-azuredemo1.
env:
RESOURCE_GROUP_NAME: <<YOUR RESOURCE GROUP NAME>>
Go to your GitHub repository then navigate to Actions -> All workflows.
Select Deploy external resources workflow.
Click Run workflow.
Click the new Run workflow button that appeared.
If you're using a subscription where you haven't registered to use some resource type namespaces, you might get errors messages like these:
The subscription is not registered to use namespace 'Microsoft.Sql'. See https://aka.ms/rps-not-found for how to register subscriptions.
The subscription is not registered to use namespace 'Microsoft.Storage'. See https://aka.ms/rps-not-found for how to register subscriptions.
In that case, go here and look for examples how to check and register namespaces.
If namespace 'Microsoft.Sql' isn't registered to use, you can register it by running this command:
az provider register --namespace Microsoft.Sql
If namespace 'Microsoft.Storage' isn't registered to use, you can register it by running this command:
az provider register --namespace Microsoft.Storage
After registration is complete, you can try running deploy scripts again (manually or using GitHub Actions).
When I was testing my deployment scripts, I got this error during SQL script run. This is probably due to SQL Server or database not yet available (for running SQL scripts) even though deployment has already finished.
If you get an error like this, I recommend running the deployment again.