Azure DevOps : Automate Event Grid Subscription for Logic Apps Standard Workflow

Azure event grid is a great candidate for event based exchanges. It allows push notifications to many types of end points :

This article show how you can automate an event grid subscription for a Logic Apps standard Workflow when a file is dropped to a storage account container.

First of all, an Event grid system topic must be created. in my case I used Bicep for my IaC :

resource SASysTopic 'Microsoft.EventGrid/systemTopics@2021-12-01'= {
  name: '${MySA.name}-systopic'
  location: resourceGroup().location  
  properties:{
    source:MySA.id
    topicType:'Microsoft.Storage.StorageAccounts'
  }
  identity:{
    type:'SystemAssigned'
  }
  dependsOn:[
    MySA
  ]
}

this must be executed only once whith infrastructure provisionning pipeline :

To register a subscription to this system topic when a File is created within a specific container, the following powershell can be embedded to an « Azure CLI » on a a release pipeline. But why we cannot create this subscription within IaC? the answer is within logic apps standard we can have more than one workflow, so even if the service is created, no url can be calculated before workflows are deployed. With consumption sku, A logic Apps service = only one workflow.

$subscription = "$(SubID)"
$ResourceGroupName = "$(ResourceGroupName)"
$sysTopicName = "$(SysTopicName)"
$eventSubName = "$(EventGridSubName)"


$LogicAppName = "$(LogicAppsName)"
$MyWorkflow = "$(WorkflowName)"
            
$workflowDetails = az rest --method post --uri https://management.azure.com/subscriptions/$subscription/resourceGroups/$ResourceGroupName/providers/Microsoft.Web/sites/$LogicAppName/hostruntime/runtime/webhooks/workflow/api/management/workflows/$MyWorkflow/triggers/When_a_resource_event_occurs/listCallbackUrl?api-version=2018-11-01
$endPointURL = ($workflowDetails | ConvertFrom-Json).value

Write-Host "Logic App url : $endPointURL"

$restEventSubURL = "https://management.azure.com/subscriptions/$subscription/resourceGroups/$ResourceGroupName/providers/Microsoft.EventGrid/systemTopics/$sysTopicName/eventSubscriptions/$eventSubName"
$restEventSubURL = $restEventSubURL + '?api-version=2021-06-01-preview'

Write-Host "Event Sub url : $restEventSubURL"

$body="{'properties': {'destination': {'endpointType':'WebHook','properties': {'endpointUrl':'$endPointURL'}},'filter': {'isSubjectCaseSensitive': false,'subjectBeginsWith': '/blobServices/default/containers/containerName/blobs','includedEventTypes': ['Microsoft.Storage.BlobCreated']}}}"

az rest --method put --uri $restEventSubURL --body $body --headers Content-Type='application/json'

This script, first get the Logic Apps workflow url, more details here, and create a subscription for blob creation to notify a Webhook : Logic apps end point url with Event Grid connector as a trigger.

The rest API is the only way that works at the moment. AZ CLI experience an issue that borks endpoint url at « & » as confirmed within this thread. An issue is also created for AZ CLI team on GitHub.

At the end, this subscription must be validated to confirm that you are the owner of the endpoint. You can do that by calling the validate url sent to your endpoint when the script registration is executed :

just copy/past this url in the browser, but be quick before its expiration 🙂 :

I’ll try to show how to handle this validation handshake in a future article with a synchronous manner.