API Management – Restrict Operation Access per Product

Last week I had an interesting request from a client. They have been creating generic APIs, using a variety of different backend systems (on-prem APIs, Azure Functions, Logic Apps, cloud APIs). Those APIs were grouped by product but even within a product they would like to restrict access to only some operations, so product A would have access to a group of operations, while product B would have access to different group. Initially I thought that role based access driven by claims, but the issue was that we didn’t have control of the identity providers, or the back end services. In the end we would have to find a solution within API Management to create this ACL like style.

Initally I didn’t like the idea to create our own access controls in APIM, but faced with the other constraints, I slowly warmed up to the idea and learned a couple of things about policies along the way.

Continue reading “API Management – Restrict Operation Access per Product”

Logic App Trigger Conditions

During December’s episode of Integration Downunder, Alessandro Moura showed a recap of the main features that announced for Logic Apps throughout the year. If you didn’t watch it on the day, you should take a look at the webcast.

One of the features that caught my attention, which I haven’t seen before, was the trigger condition. The ability to only fire a logic app if the condition is met. This is great for scenarios where you don’t have control over the event which triggers the logic app (like for example Dynamics 365 triggers, which only allow you to execute a logic app when a record for a given entity has been created or updated), but don’t want to implement the checks within the logic apps itself.

Continue reading “Logic App Trigger Conditions”

Creating Logic Apps Classic Alerts with Powershell

Have you ever created a logic apps solution – maybe 10 or so logic apps – and noticed that you needed to enable basic notification alerts for all of them? I found a while ago that this was kind of a tedious process, so I end up creating a PowerShell script for that. I end up forgetting that I never blogged about that, so here it goes.

Continue reading “Creating Logic Apps Classic Alerts with Powershell”

Automating API Management Backup and Restore with Logic Apps

I’ve been working during the last week or so on setting up a DR strategy for a solution that is based on API Management, Azure Functions and Service Bus. Most of the deployment to the secondary site is dealt by VSTS, but one of the main issues on the proposed strategy was the fact that APIM instance utilized is Standard, which doesn’t allow multi-region deployments. This way, to guarantee that all APIM configuration, including users, API policies and subscriptions, I had to leverage from the backup/restore functionality available in APIM, based on the Management API.

The API calls for backup and restores are quite straight forward, but use a authorization token that must be requested before the API call can be executed. So, to automate the process to generate the token and execute the backup or restore API calls, I decided to use Logic Apps. Continue reading “Automating API Management Backup and Restore with Logic Apps”

Acessing Event Hubs with Confluent Kafka Library

A while ago, I was involved in a project that needed to push messages to a Kafka topic. I found that while the .NET code required for that implementation was relatively straight-forward – thanks to the Confluent’s .NET client for Kafka –  configuring the server was a nightmare. The IT team at the client site was supposed to get the kafka cluster sorted and dragged the issue for a month or so. And I understood why when I tried to setup a cluster myself – configuring a kafka cluster is not a walk in the park. If only we had a managed, one click solution to implement a event streaming solution, based on kafka protocol… 😀

When Microsoft announced last month Event Hubs support for the Kafka protocol – I thought that a great way to prove that this was really interoperable, was to use part of the original code I wrote and see if I could connect to Event Hubs without any significant changes. And I was pleasantly surprised! The only changes required was some additions to the producer/consumer configuration. This post shows how I managed to get this working, and show one of the main gotchas I found along the way. Continue reading “Acessing Event Hubs with Confluent Kafka Library”

Rethinking an old Logic App deployment package- part IV

Previously in Note to self…

I got one step closer to my goal to export all logic apps from a resource group to a Visual Studio project, using linked templates to deploy all logic apps in one when required, but still being able to deploy individual logic apps for a patch template. In previous posts, I’ve managed to use the extend a open source component originally created by Jeff Hollan and maintained by Mattias Lögdberg, adding a couple of extra cmdlets. You can get the last post here.

Visual Studio ARM Deployment Project

For the last step in this process, I needed to create an Azure Resource Manager deployment project. I decided to go through the most pragmatic route – to use an existing project as template. So as a first step, I created an empty Azure Resource Group VS project and tried to find out how artefacts can be associated to it. Continue reading “Rethinking an old Logic App deployment package- part IV”

Rethinking an old Logic App deployment package – part III

Previously in Note to self…

I’ve been discussing how I’ve leveraged Jeff Hollan’s Logic App Template Generator and some PowerShell goodness to export a ARM templates to all Logic Apps in a specific resource group. You can read about that here.

Linking ARM Templates together

Azure Resource Manager templates have the ability to link templates, creating a “parent-child” or “nested” relationship, allowing a single template to deploy resources that are defined in various individual templates. The advantages of this technique in my opinion are:

  • Each resource can be defined in isolation, which makes maintenance of that resource simpler.
  • Related components can be grouped in “parent” templates for a simpler deployment experience, but they can still be deployed individually if required.

This was exactly the type of solution I was looking for, after having to deal with the pain of replacing a logic app template in the middle of a monolithic ARM template containing another 15 templates. That would usually take a couple of hours to make sure that the template was replaced correctly and nothing was removed that would make the deploy to break. Continue reading “Rethinking an old Logic App deployment package – part III”

Rethinking an old Logic App deployment package – part II

Previously in Note to self…

I’ve been discussing how my first Logic App deployment package was not exactly what I’ve envisaged. So when I had a chance to revamp it, I jumped into the opportunity. You can read about that here.

Logic App Template Generator

I’ve decided to use Jeff Hollan’s Logic App Template Generator – a PowerShell utility that Jeff created sometime ago and have made available on GitHub. Jeff’s PowerShell module have a two cmdlets: Continue reading “Rethinking an old Logic App deployment package – part II”