Connectors-NET-SDK/scripts/Setup-Connection.ps1 at main · Azure/Connectors-NET-SDK · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
<#
.SYNOPSIS
    Sets up a Logic Apps connection for local DirectClient SDK testing.

.DESCRIPTION
    This script:
    1. Gets the connection runtime URL
    2. Adds an access policy for your Azure CLI identity
    3. Tests the connection
    4. Outputs the runtime URL for local.settings.json

    Supports both standalone API connections (Microsoft.Web/connections) and
    Connector Namespace connections (Microsoft.Web/connectorGateways). Use the
    -NamespaceName parameter to target a Connector Namespace connection.

.PARAMETER SubscriptionId
    The Azure subscription ID containing the connection.

.PARAMETER ResourceGroup
    The resource group containing the connection.

.PARAMETER NamespaceName
    The Connector Namespace name. When provided, the script uses
    Microsoft.Web/connectorGateways URIs (api-version 2026-05-01-preview).
    When omitted, legacy Microsoft.Web/connections behavior is used.

.PARAMETER ConnectionName
    The name of the API connection (e.g., "sharepointonline-1").

.PARAMETER PolicyName
    The name for the access policy (default: "local-dev").

.PARAMETER TestPath
    The API path to test (default: "/datasets" for SharePoint, "/Categories" for Office365).

.PARAMETER SkipTest
    Skip the connection test step.

.EXAMPLE
    # Legacy: standalone API connection
    .\Setup-Connection.ps1 -SubscriptionId "00000000-0000-0000-0000-000000000000" `
        -ResourceGroup "my-resource-group" -ConnectionName "sharepointonline-1"

.EXAMPLE
    # Legacy: standalone Office365 connection
    .\Setup-Connection.ps1 -SubscriptionId "00000000-0000-0000-0000-000000000000" `
        -ResourceGroup "my-resource-group" -ConnectionName "office365" -TestPath "/Categories"

.EXAMPLE
    # Connector Namespace connection
    .\Setup-Connection.ps1 -SubscriptionId "00000000-0000-0000-0000-000000000000" `
        -ResourceGroup "my-resource-group" -NamespaceName "my-namespace" `
        -ConnectionName "office365-test"
#>

param(
    [Parameter(Mandatory = $true, Position = 0)]
    [string]$SubscriptionId,

    [Parameter(Mandatory = $true, Position = 1)]
    [string]$ResourceGroup,

    [string]$NamespaceName,

    [Parameter(Mandatory = $true, Position = 2)]
    [string]$ConnectionName,

    [string]$PolicyName = "local-dev",

    [string]$TestPath = "/datasets",

    [switch]$SkipTest
)

$ErrorActionPreference = "Stop"

$useNamespace = -not [string]::IsNullOrWhiteSpace($NamespaceName)
if ($useNamespace) { $NamespaceName = $NamespaceName.Trim() }

$connectorNamespacePortalUrl = "https://nice-desert-04d03581e.2.azurestaticapps.net/"

Write-Host "=== DirectClient SDK Connection Setup ===" -ForegroundColor Cyan
if ($useNamespace) {
    Write-Host "  Mode: Connector Namespace (Microsoft.Web/connectorGateways)" -ForegroundColor Magenta
} else {
    Write-Host "  Mode: Legacy (Microsoft.Web/connections)" -ForegroundColor Magenta
}
Write-Host ""

# Step 1: Get user info
Write-Host "[1/4] Getting user identity..." -ForegroundColor Yellow
$userObjectId = az ad signed-in-user show --query "id" -o tsv
if (-not $userObjectId) {
    Write-Error "Failed to get user object ID. Make sure you're logged in with 'az login'."
    exit 1
}
$tenantId = az account show --query "tenantId" -o tsv
Write-Host "  User Object ID: $userObjectId"
Write-Host "  Tenant ID: $tenantId"

# Step 2: Get runtime URL
Write-Host ""
Write-Host "[2/4] Getting connection runtime URL..." -ForegroundColor Yellow

if ($useNamespace) {
    $connectionResourceId = "/subscriptions/$SubscriptionId/resourceGroups/$ResourceGroup/providers/Microsoft.Web/connectorGateways/$NamespaceName/connections/$ConnectionName"
    $apiVersion = "2026-05-01-preview"
    $connectionUri = "https://management.azure.com$connectionResourceId`?api-version=$apiVersion"

    $connectionJson = az rest --method GET --uri $connectionUri -o json
    if (-not $connectionJson) {
        Write-Error @"
Failed to get Connector Namespace connection. Verify:
  - Namespace '$NamespaceName' exists in resource group '$ResourceGroup'
  - Connection '$ConnectionName' exists in the namespace
  - You have completed OAuth consent via the Connector Namespace Manager Portal
    ($connectorNamespacePortalUrl)
"@
        exit 1
    }

    $connectionObj = $connectionJson | ConvertFrom-Json
    $runtimeUrl = $connectionObj.properties.connectionRuntimeUrl
    $statuses = $connectionObj.properties.statuses
    $status = if ($statuses -and $statuses.Count -gt 0) { $statuses[0].status } else { "Unknown" }

    if (-not $runtimeUrl) {
        Write-Error @"
Runtime URL is empty. For Connector Namespace connections, you must complete
OAuth consent via the Connector Namespace Manager Portal before the runtime URL
is available:
  1. Open $connectorNamespacePortalUrl
  2. Select your namespace '$NamespaceName'
  3. Click Authorize on connection '$ConnectionName' and complete the OAuth flow
  4. Re-run this script after the status changes to 'Connected'
"@
        exit 1
    }
} else {
    $connectionResourceId = "/subscriptions/$SubscriptionId/resourceGroups/$ResourceGroup/providers/Microsoft.Web/connections/$ConnectionName"
    $apiVersion = "2018-07-01-preview"

    $runtimeUrl = az resource show --ids $connectionResourceId --query "properties.connectionRuntimeUrl" -o tsv
    if (-not $runtimeUrl) {
        Write-Error @"
Runtime URL is empty. This connection was likely created as a classic ARM connection.
Please create a new connection through a Logic Apps Standard app.
"@
        exit 1
    }

    $status = az resource show --ids $connectionResourceId --query "properties.statuses[0].status" -o tsv
}

Write-Host "  Runtime URL: $runtimeUrl"
Write-Host "  Status: $status"

if ($status -ne "Connected") {
    Write-Warning "Connection is not in 'Connected' state. You may need to re-authorize."
    if ($useNamespace) {
        Write-Host "  Complete OAuth consent via the Connector Namespace Manager Portal:" -ForegroundColor Yellow
        Write-Host "  $connectorNamespacePortalUrl" -ForegroundColor Yellow
    } else {
        Write-Host "  Run: az resource invoke-action --ids '$connectionResourceId' --action 'listConsentLinks' --api-version '$apiVersion'"
    }
}

# Step 3: Add access policy
Write-Host ""
Write-Host "[3/4] Adding access policy '$PolicyName'..." -ForegroundColor Yellow

$accessPolicyBody = @{
    properties = @{
        principal = @{
            type = "ActiveDirectory"
            identity = @{
                objectId = $userObjectId
                tenantId = $tenantId
            }
        }
    }
} | ConvertTo-Json -Depth 5

$tempFile = Join-Path $env:TEMP "access-policy-$ConnectionName.json"
$accessPolicyBody | Out-File $tempFile -Encoding UTF8

$policyUri = "https://management.azure.com$connectionResourceId/accessPolicies/$PolicyName`?api-version=$apiVersion"

try {
    if ($useNamespace) {
        $result = az rest --method PUT --uri $policyUri --body "@$tempFile" --headers "Content-Type=application/json" -o json
    } else {
        $result = az rest --method PUT --uri $policyUri --body "@$tempFile" -o json
    }
    if ($LASTEXITCODE -eq 0) {
        Write-Host "  Access policy added successfully."
    } else {
        Write-Warning "Failed to add access policy: $result"
    }
} catch {
    Write-Warning "Failed to add access policy: $_"
}

# Step 4: Test connection
if (-not $SkipTest) {
    Write-Host ""
    Write-Host "[4/4] Testing connection (waiting 30s for ACL propagation)..." -ForegroundColor Yellow
    Start-Sleep -Seconds 30

    $testUri = "$runtimeUrl$TestPath"
    Write-Host "  Testing: $testUri"

    try {
        $testResult = az rest --method GET --uri $testUri --resource "https://apihub.azure.com" -o json
        if ($LASTEXITCODE -eq 0) {
            Write-Host "  Connection test successful!" -ForegroundColor Green
        } else {
            Write-Warning "Connection test failed. The ACL may still be propagating. Try again in a few minutes."
            Write-Host "  Error: $testResult"
        }
    } catch {
        Write-Warning "Connection test failed: $_"
    }
} else {
    Write-Host ""
    Write-Host "[4/4] Skipping connection test." -ForegroundColor Yellow
}

# Output configuration
Write-Host ""
Write-Host "=== Configuration ===" -ForegroundColor Cyan
Write-Host ""
Write-Host "Add this to your local.settings.json:" -ForegroundColor Green

# Derive a settings key name from the connection name
$settingsKey = ($ConnectionName -replace '-', '' -replace '_', '') + "ConnectionRuntimeUrl"
if ([string]::IsNullOrEmpty($settingsKey)) {
    Write-Error "ConnectionName must not be empty."
    exit 1
}
$settingsKey = $settingsKey.Substring(0, 1).ToUpper() + $settingsKey.Substring(1)

Write-Host @"

{
  "Values": {
    "$settingsKey": "$runtimeUrl"
  }
}
"@

Write-Host ""
Write-Host "Done!" -ForegroundColor Green

# Clean up temp file
Remove-Item $tempFile -ErrorAction SilentlyContinue