Azure Blueprints – Create custom connector for Power Automate

Written by

Posted on 2 Comments

Within Azure, we have a free service called Azure Blueprints. Azure Blueprints helps us in simplify largescale Azure deployments by packaging key environment artifacts, such as Azure Resource Manager templates, role-based access controls, and policies, in a single blueprint definition. Easily apply the blueprint to new subscriptions and environments, and fine-tune control and management through versioning. The Blueprints REST API’s are available to manage the different API groups.

In the last months, I have worked on a proof of concept, using “Low Coding to assign Blueprints definitions in Azure. This includes a PowerApps App and an Automation flow that’s calling the Azure Blueprint REST API. Within Power Automate, calling REST API’s is mostly done by using the HTTP connector.

API Call to assign Blueprint definition

Using the HTTP Connector, give us some overhead because each time you need the steps to get the authorisation token.

Get authorisation token

Creating a custom connector in Power Automate will make life much easier. Let us have a look at the REST API to create or update Assignments. 

PUT https://management.azure.com/{scope}/providers/Microsoft.Blueprint/blueprintAssignments/{assignmentName}?api-version=2018-11-01-preview

More information about Azure Blueprints REST, can be found here.

Let’s have a look at how I did it and which issues, I had during the creation of the custom connector.

Open Power Automate and select “Data” and click on “Custom connectors”.

Click “New custom connector” and choose in drop down “Create from blank”.

Fill in the connector name and click “Continue”.

The first step of the setup is adding the “General” settings, like uploading icon, set background colour. This colour setting will influence also the top bar of the connector, see examples below.

  • Icon background color: #FFFFFF
  • Top bar softer color of white
  • Color #0066FF
  • Softer color as top bar

Detail of the first step (General)

  1. Image has been uploaded, use PNG or JPG, less then 1MB.
  2. Used background color: #007EE5
  3. Adding a description for the custom connector
  4. Scheme: HTTPS
  5. Host: This information is available in the REST API documentation. https://management.azure.com/{scope}/providers/Microsoft.Blueprint/blueprintAssignments/{assignmentName}?api-version=2018-11-01-preview
    Value: “management.azure.com”
  6. Base URL: Because of variables are not allowed the base URL value is “/”

Step 2: Security

This exist out of two part: Azure and the configuration of the custom connector. In Azure, we will create a new app registration and make note of the application id and secret. Adding the Azure Service Management as API permission and push “Grant Admin consent for <Name>” to activate the permissions

  • App registration
  • API Permissions

Let go back to the first screenshot:

  1. OAuth2.0 is used to authenticate to the Azure service.
  2. Identity provider: Azure Active Directory
  3. Client id: <APP registration application id >
  4. Client Secret: <APP registration Secret >
  5. Login URL: https://login.windows.net
  6. Tenant ID: Common
  7. Resource URL: https://management.azure.com/ (See that the final slash has been included)
  8. Scope: <n/a>
  9. Redirect URL: Will be create when saving the custom connector for the first time. Copy this URL and go back to the

For the APP registration, that we have created in previous step, we will add this copied URI as the “Redirect URIs”.

Step 3: Definition

In the last step, we will create actions based in the REST API list. In this example we will add the get assignments in Azure Blueprints.

Adding Actions, click “New action”

General

  1. Summary, give a name for the action, is displayed as action name in the custom connector.
  2. Description, is shown in the custom connector when selecting the information icon.
  3. Operation ID: This is an unique string used to identify the operation and is internally used into the connector.
Information view of the action in the custom connector.

Adding request for the action and responds of the result.

Click “import from template” and complete the fields at your rights side: GET https://management.azure.com/{scope}/providers/Microsoft.Blueprint/blueprintAssignments/{assignmentName}?api-version=2018-11-01-preview

  1. Verb: GET
  2. URL: https://management.azure.com/{scope}/providers/Microsoft.Blueprint/blueprintAssignments/{assignmentName}
  3. Headers: n/a
  4. Body: Add body example, see REST API information. Copy the result and paste it in the body.
{
  "identity": {
    "type": "SystemAssigned",
    "tenantId": "00000000-0000-0000-0000-000000000000",
    "principalId": "00000000-0000-0000-0000-000000000000"
  },
  "location": "eastus",
  "properties": {
    "description": "enforce pre-defined simpleBlueprint to this XXXXXXXX subscription.",
    "provisioningState": "succeed",
    "blueprintId": "/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprints/simpleBlueprint",
    "parameters": {
      "storageAccountType": {
        "value": "Standard_LRS"
      },
      "costCenter": {
        "value": "Contoso/Online/Shopping/Production"
      },
      "owners": {
        "value": [
          "johnDoe@contoso.com",
          "johnsteam@contoso.com"
        ]
      }
    },
    "resourceGroups": {
      "storageRG": {
        "name": "defaultRG",
        "location": "eastus"
      }
    }
  },
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprintAssignments/assignSimpleBlueprint",
  "type": "Microsoft.Blueprint/Assignment",
  "name": "assignSimpleBlueprint"
}

Click “Import” to save your input. The request will be filled in based on the input. Some small changes need to be done before, we can say that this has been completed.

Click “scope“, adapt the following settings:

Is required: Will add a red star in the beginning of name value.
Visibility: important, this is visible in the connector, when selected.

Assignment Name:

API Version:

Select is required to “Yes” and visibility to internal. This selection will not been shown in the connector action overview, this setting is directly used internally into the custom connector as a default value for this parameter.

Fill in the “Default value” and select “Is required?” to “Yes” and “Visibility” to “Internal”.

Continue to the add responds, see workflow copy an example from the REST API documentation and add in the import from sample window.

Change the default value to 200.

This is the first action defined into the custom connector:

We can test the connector by clicking on test or by adding the connector into a Flow. Create first a new connection to get the token:

Create new connection to get token
Enter values and click “Test operation”

The result of the API request is displayed in the response tab.

Creating a Flow to Get the Assignments of a Azure Blueprint.

Result after running the flow:

Thanks for reading and please like and share!

Posted in Custom Connectors, Power Automate, Power Platform
Tagged , ,

About the Author:

I’m a Microsoft Power Platform enthusiast working in Belgium. In my career as an IT specialist, nothing was an unknown domain, Cisco networking, Microsoft servers, IBM hardware specialist, automation via PowerShell, … But, It all started at the Microsoft Business Application summit in 2018 (Seattle), where I was blown away by the possibilities of “Power Automate” (at that time named “Microsoft Flow“) and the Power Platform. My journey took first a short detour, getting to know “Azure”, but I never lost the connection with “Power Platform“. I took the big step in 2020 to concentrate entirely on the Power Platform with links towards Azure services. In 2019, I came in contact with the community. Became a member of the #BEPAFUG in Belgium, speaker, blogger and became part of a big warm family #FLOWFAM, #POWERADDICTS, #COMMUNITYROCKS

2 comments

  1. Hi, any examples on how to create a office 365 group in power automate, using HTTP action?

    Like

    Reply

    1. Hello Robert Baciu, You can use this
      https://docs.microsoft.com/en-gb/connectors/azuread/

      Command: Create a group
      Create a group in your AAD tenant. >> https://docs.microsoft.com/en-gb/connectors/azuread/#create-group

      Create Office 365 group
      Create an Office 365 group in your AAD tenant. >> https://docs.microsoft.com/en-gb/connectors/azuread/#create-office-365-group

      Create security group
      Create a security group in your AAD tenant. >>https://docs.microsoft.com/en-gb/connectors/azuread/#create-security-group

      Like

      Reply

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: