未加星标

Invoke Azure LogicApp over HTTPS with HTTP triggers

字体大小 | |
[系统(windows) 所属分类 系统(windows) | 发布者 店小二05 | 时间 2017 | 作者 红领巾 ] 0人收藏点击收藏

Ah LogicApps , the IFTT of Azure, the very young and lightweight "cousin" of Microsoft BizTalk. LogicApps is a great integration and workflow service that works great not only with Azure services but also with many SaaS products and 3rd party services. Think of LogicApps as a tool that you attach connectors to communicate with various components (sFTP, blob storage, email, Twitter etc) and grab data that you can manipulate or pass directly to another service. What I described here is IFTT but for enterprises with scalability, performance and flexibility in mind.

One of the cool things that you get with LogicApps is the ability to go totally off script and provide your own customised connectors. Alternatively you could use the generic HTTP Request trigger to create a sort of RESTful microservice. This is becoming a common pattern due to its versatility and lightness. The HTTP trigger is very popular and one that many LogicApp developers seem to favour. The HTTP Request trigger is a clever solution because it exposes a public HTTP endpoint. This, in extension, allows 2 things:

You can nest LogicApps and have the parent(s) LogicApp call a child LogicApp You can call the LogicApp using a POST and even pass it a payload, if one's been defined and expected.

Unlike timers or triggers, HTTP Request connectors are invoked manually. The tricky part is finding and using the publically available HTTP URL. There are 2 ways to do this as I will explain in a bit.

LogicApp endpoint URL in the Azure Portal

This is pretty much self explanatory. Once you create your HTTP Request connector in the Designer in the Azure Portal and save the app, you will be presented with the URL as per the picture below:


Invoke Azure LogicApp over HTTPS with HTTP triggers

Another way to get the CallbackUrl through the portal is from the LogicApp Overview blade -> Click on Triggers -> select your trigger name -> and this should open a new blade that contains a reference to your CallbackUrl:


Invoke Azure LogicApp over HTTPS with HTTP triggers
LogicApp endpoint URL using PowerShell

If you're like me, then you want to do everything programmatically. And Azure PowerShell (PoSH) is the best tool to do it. Unfortunately, the Azure CLI doesn't support LogicApps yet and as such we're "stuck" with PosH for now. I put "stuck" in quotes because I'm sure that by now you're aware that PoSH is cross platform and you can run it on linux and MacOS. Right? Cool, I was just checking.

Ok then, let's get to work. The steps required (we'll take it from the top are):

1. Log in to Azure

2. Select the right subscription (if more than one)

3. Get the LogicApp (optional)

4. Get the LogicApp Trigger (optional - unless you know the trigger name)

5. Get the LogicApp Trigger URL

And now the PowerShell script to do all this:

LogicApp public URL dissection and security

Access to the signature is secured using a Shared Access Signature (SAS) which is a SHA-256 hash generated using the Logic App secret key, URL path and parameters. Even though the Logic App has a section for Secret Keys, you only get the option to regenerate them. You never get access to the raw keys and all access to the endpoints is done through the use of SAS.


Invoke Azure LogicApp over HTTPS with HTTP triggers

If you regenerate the LogicApp secret, the previous SAS become invalid and any code that uses it will fail.

Your logic app will only authorize calls to triggers that contain a valid signature created with the secret key. Hence the reason why this code is handy

So what does a LogicApp Callback URL look like?

https://prod-03.northeurope.logic.azure.com:443/workflows/e0cb341841ad45d8b406eff71e3d0f12/triggers/manual/run?api-version=2016-06-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=3B9tKN3epKBlRsHi3dNN64pRyeSDoO_IoBxLxYpnYpU Logic App URL trigger : https://prod-03.northeurope.logic.azure.com:443/workflows/e0cb341841ad45d8b406eff71e3d0f12/triggers/manual/run Logic App Api version : api-version=2016-06-01 Permissions : sp=/triggers/manual/run (URL decoded) SAS : sig=3B9tKN3epKBlRsHi3dNN64pRyeSDoO_IoBxLxYpnYpU

Finally, there's a way to create time-limited SAS using the LogicApp REST Api. Using this functionality, you can share your LogicApp URL with 3rd party user outside your organisation using an SAS with an expiry date & time attached to it. This feature could prove handy if you want to showcase the functionality or show an early demo.

The URL should look like this:

https://management.core.windows.net/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{workflowName}/triggers/{triggerName}/listCallbackUrl?api-version=2016-06-01

The HTTP Request body should contain the following value:

{ "NotAfter" : "2017-01-10T18:25:43.511Z" }

Note: your REST API call will need to contain an authorisation header which should be based on a Service Principal account credentials

Information about registering for and obtaining tokens can be found at the official REST Api documentation . As for the Service Principal (SP) requirement, jump to myearlier blog post for information on how to create a SP programmatically.

本文系统(windows)相关术语:三级网络技术 计算机三级网络技术 网络技术基础 计算机网络技术

主题: RESTPowerShellLinuxMacOSSASSaaSTwitter
分页:12
转载请注明
本文标题:Invoke Azure LogicApp over HTTPS with HTTP triggers
本站链接:http://www.codesec.net/view/522644.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 系统(windows) | 评论(0) | 阅读(52)