How to authorize Azure gmail connector when deploying through Terraform

Question

How to authorize Azure gmail connector when deploying through Terraform

448 Views Asked by Akila Induranga At 14 March 2023 at 06:24

I am deploying a Logic App to Azure using Terraform, where I use the newer azapi provider. The logic app is a simple one where it sends an email to me whenever an article is published to an RSS feed.

For the logic app, I need two API connections for rss, and gmail. I'm deploying those 2 resources too, using azapi provider. The RSS connection gets deployed fine, but the gmail connector gets deployed and goes to Error status. Terraform apply command fails at deploying the logic app giving me this error.

--------------------------------------------------------------------------------
│ RESPONSE 400: 400 Bad Request
│ ERROR CODE: GmailConnectorPolicyViolation
│ --------------------------------------------------------------------------------
│ {
│   "error": {
│     "code": "GmailConnectorPolicyViolation",
│     "message": "The operation on workflow 'emailTestLogicApp' cannot be completed because it contains connections to 'gmail' connector which are not valid. Please re-authorize the connections and try again."
│   }
│ }
│ --------------------------------------------------------------------------------
│ 
│ 
│   with azapi_resource.workflow,
│   on emailTestLogicApp.tf line 102, in resource "azapi_resource" "workflow":
│  102: resource "azapi_resource" "workflow" {
│

Does anyone know how should I write my gmail connection resource so that it gets authorized at the deployment please?

Original Q&A

There are 1 best solutions below

**kavyaS** · Answer 1 · 2023-03-15T10:18:43.487000

Make sure the gmail connection is done with access token and having the required permissions.

resource "azapi_resource" "gmail_connection" {
  type      = "Microsoft.Web/connections@2016-06-01"
  name      = "gmail-connection"
  location            =  data.azurerm_resource_group.example.location
  parent_id = data.azurerm_resource_group.example.id

  body = jsonencode({
    properties = {
      api = {
        id          = "/subscriptions/xx/providers/Microsoft.Web/locations/${data.azurerm_resource_group.example.location}/managedApis/gmail"
        displayName = "Gmail"
      }
      displayName = "Gmail Connection"
      parameterValues = {
        "accessToken" = "<access_token>"
      }
      customParameterValues = {}
    }
  })
}

Check if the access token is expired .

Verify that the Azure AD application associated with your Logic App workflow has the necessary permissions to access the Gmail connector.

Go to "API Connections" tab in your Logic App designer,check gmail connector , and verifying that the Azure AD application has the necessary permissions.

If you deploy the ARM Template, API Connections wwill be created but inside logic apps you may have to update manually the connection by entering your credentials for the this service.

In logic app ,select re-authenticate to authenticate again

Then execute the flow again:

resource "azurerm_resource_group_template_deployment" "gmail_send" {
  name                = "gmail-send-deployment"
  resource_group_name = data.azurerm_resource_group.example.name
  deployment_mode     = "Incremental"
    depends_on = [azapi_resource.gmail_connection]

  template_content = jsonencode({
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "variables": {
      "apiVersion": "2016-06-01",
      "location": "${data.azurerm_resource_group.example.location}"
    },
    "resources": [
      {
        "name": "mylogicapp",
        "type": "Microsoft.Logic/workflows",
        "location": "[variables('location')]",
        "apiVersion": "[variables('apiVersion')]",
        "properties": {
          "state": "Enabled",
          "definition": {
            "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
            "contentVersion": "1.0.0.0",
            "parameters": {
              "$connections": {
                "defaultValue": {},
                "type": "Object"
              }
            },
              .....        
        }
              ]
            }
          }  
          
                  
                 
                }
              }
            },
            "outputs": {}
          },
          "parameters": {
            "$connections": {
              "value": {
                "gmail": {
                  "connectionId": "${azapi_resource.gmail_connection.id}",
                  "connectionName": "gmail",
                  "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('location'), '/managedIdentities/gmail')]"
            }
          }
        }
      }
    }
  }
],
"outputs": {}
  })
}

Reference: azure-docs/tutorial-process-email-attachments-workflow.md at main · MicrosoftDocs/azure-docs · GitHub

How to authorize Azure gmail connector when deploying through Terraform

There are 1 best solutions below

Related Questions in AZURE

Related Questions in GMAIL

Related Questions in AUTHORIZATION

Related Questions in AZURE-LOGIC-APPS

Related Questions in AZAPI

Trending Questions

Popular # Hahtags

Popular Questions