cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Helper I
Helper I

Is there ANY Realistic automated deployment for Power Automate?

Hi all,

 

So, having a bit of difficulty. What I'm looking to understand is how might Power Automate actually be maintained when you have a REAL application, that needs to adapt and change.

 

Specifically here's my use-case:

  1. I build my flows in a Development Environment
  2. I want to import my flows into Production - fantastic, I can add the flows to a solution, export them into a .zip and import them into production! (or use Azure DevOps)
  3. Ok, when I import my flows, I need to re-authenticate connections. Fair enough the first time, I understand we need proper security.

But, here's where I run into difficulties...

 

4. So, I've made a few changes to SOME of these flows in Development, in response to feedback, new requirements etc. I now want to update my flows in Production a nice, clean, automated way.

 

But...I can't! (or can I?)

 

As I see it, we have a few options:

Option 1 (Manual Import/Azure DevOps with Build Tools):

  • Zip up the solution file and import the updated flows, you'll have to overwrite the 'unmanaged' customizations though, in order for any updates to patch through, so you'll need to re-authenticate connections in every flow AND turn on all the flows again. Painful and not great if I'm not a system admin in the new environment (Cross tenant and ISV model, for example)

Option 2 (Deploy a separate Admin Flow & invoke every time I deploy):

  • Power Automate has a connector...for Power Automate! That's handy.
  • So, if I deploy a separate admin flow, I can call it with an HTTP request every time I import the other flows. This will activate the flows turned off during import...but I don't think it can automate the authentication of connections?
    • If it can - that's fantastic, problem solved.
    • If not, I'm in no better a place than before if I want to update a flow with a non-CDS connector:
      • I would still have to authenticate the connections in each flow manually if I want to make any updates to any of my existing flows 😞

Option 3 (PowerShell)

  • I notice that PowerShell cmdlets for PowerApps has actions to authorise connections, if I could use a Service Principal (with corresponding admin privileges) to authorise the flow connections, that would solve my issue.
  • I could use the above approach to simply update the flows by:
    1. Overwriting unmanaged customisations
    2. Authenticating the connections with a PowerShell script connected to the service principal
    3. Use either PowerShell or the admin flow to enable the flows in the current environment

 

My question then - is (3) possible? Am I missing an easier way? Or is it the case that, as of now, there is no fully automated way to upgrade a power automate workflow?

1 ACCEPTED SOLUTION

Accepted Solutions
Helper I
Helper I

In the hope that it helps anyone in the same boat, here is my workaround:

 

  • Create an administrative account with system admin privileges in the required environment
  • Turn off MFA defaults for the tenant (changing the AAD security defaults to 'off' )
  • Configure the 'Import Solution' task in Power Platform Build Tools for Azure DevOps:
    • Advanced > 'Overwrite Unmanaged Customizations' (check)
    • Only do this for flows that are CDS (Current Environment)
    • Package other flows in a separate solution file, these cannot be automatically updated AND enabled
  • Add the following task to Azure DevOps (PowerShell script):

Variables:

  • ClientEnvironmentName: name field of your environment (GUID)
  • ClientUsername: administrative user email address
  • ClientAdminPassword: administrative user password (save as securestring in DevOps or use Azure KV)

 

# environment GUID 'Name' field
$environment = "$(ClientEnvironmentName)"

# install/import modules
Install-Module Microsoft.PowerApps.Administration.PowerShell -Scope CurrentUser -Force
Import-Module Microsoft.PowerApps.Administration.PowerShell

# set credentials for the service account - MFA not supported
$pass = ConvertTo-SecureString '$(ClientAdminPassword)' -AsPlainText -Force
Add-PowerAppsAccount -Username $(ClientAdminUsername) -Password $pass 

#activate all flows in the target environment
$flows = Get-AdminFlow -EnvironmentName $environment
foreach ($flow in $flows) {Enable-AdminFlow -EnvironmentName $environment -FlowName $flow.FlowName}

 

 

 

This will deploy the solution, and enable any flows that can be enabled without additional authentication. It will throw an error for flows that require authentication due to missing connections, but it will work.

 

Hope that helps everyone.

View solution in original post

1 REPLY 1
Helper I
Helper I

In the hope that it helps anyone in the same boat, here is my workaround:

 

  • Create an administrative account with system admin privileges in the required environment
  • Turn off MFA defaults for the tenant (changing the AAD security defaults to 'off' )
  • Configure the 'Import Solution' task in Power Platform Build Tools for Azure DevOps:
    • Advanced > 'Overwrite Unmanaged Customizations' (check)
    • Only do this for flows that are CDS (Current Environment)
    • Package other flows in a separate solution file, these cannot be automatically updated AND enabled
  • Add the following task to Azure DevOps (PowerShell script):

Variables:

  • ClientEnvironmentName: name field of your environment (GUID)
  • ClientUsername: administrative user email address
  • ClientAdminPassword: administrative user password (save as securestring in DevOps or use Azure KV)

 

# environment GUID 'Name' field
$environment = "$(ClientEnvironmentName)"

# install/import modules
Install-Module Microsoft.PowerApps.Administration.PowerShell -Scope CurrentUser -Force
Import-Module Microsoft.PowerApps.Administration.PowerShell

# set credentials for the service account - MFA not supported
$pass = ConvertTo-SecureString '$(ClientAdminPassword)' -AsPlainText -Force
Add-PowerAppsAccount -Username $(ClientAdminUsername) -Password $pass 

#activate all flows in the target environment
$flows = Get-AdminFlow -EnvironmentName $environment
foreach ($flow in $flows) {Enable-AdminFlow -EnvironmentName $environment -FlowName $flow.FlowName}

 

 

 

This will deploy the solution, and enable any flows that can be enabled without additional authentication. It will throw an error for flows that require authentication due to missing connections, but it will work.

 

Hope that helps everyone.

View solution in original post

Helpful resources

Announcements
Microsoft Ignite

Microsoft Ignite

Join digitally, March 2–4, 2021 to explore new tech that's ready to implement. Experience the keynote in mixed reality through AltspaceVR!

New Super Users

Meet the Power Automate Super Users!

Many congratulations to the Season 1 2021 Flownaut Crew!

New Badges

New Solution Badges!

Check out our new profile badges recognizing authored solutions!

MPA Community Blog

Power Automate Community Blog

Check out the community blog page where you can find valuable learning material from community and product team members!

Users online (29,457)