Skip to content

Instantly share code, notes, and snippets.

@astaykov

astaykov/workflow.json

Created March 21, 2024 08:49
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save astaykov/c9ba7543044c48d0229d5738c92d93ba to your computer and use it in GitHub Desktop.
Save astaykov/c9ba7543044c48d0229d5738c92d93ba to your computer and use it in GitHub Desktop.
Download ZIP
Logic App to check results of access review and execute termination workflow
Raw
workflow.json
{
"definition": {
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"contentVersion": "1.0.0.0",
"triggers": {
"Recurrence": {
"type": "Recurrence",
"recurrence": {
"frequency": "Day",
"interval": 1
}
}
},
"actions": {
"ForEachInstance": {
"type": "Foreach",
"foreach": "@outputs('GetActiveInstancesOfAccessReview')['body']?['value']",
"actions": {
"For_each": {
"type": "Foreach",
"foreach": "@body('GetInstanceDecisions')?['value']",
"actions": {
"AppendSubjectToArray": {
"type": "AppendToArrayVariable",
"inputs": {
"name": "SubjectsJsonArray",
"value": "@outputs('ComposeSubject')"
},
"runAfter": {
"ComposeSubject": [
"Succeeded"
]
}
},
"ComposeSubject": {
"type": "Compose",
"inputs": {
"id": "@{items('For_each')['principal']['id']}"
}
},
"Condition": {
"type": "If",
"expression": {
"and": [
{
"equals": [
"@length(variables('SubjectsJsonArray'))",
10
]
}
]
},
"actions": {
"CleanUpSubjects": {
"type": "SetVariable",
"inputs": {
"name": "SubjectsJsonArray",
"value": "@null"
},
"runAfter": {
"TriggerTerminationWorkflow": [
"Succeeded"
]
}
},
"TriggerTerminationWorkflow": {
"type": "Http",
"inputs": {
"uri": "https://graph.microsoft.com/v1.0/identityGovernance/lifecycleWorkflows/workflows/@{variables('WorkflowId')}/activate",
"method": "POST",
"headers": {
"Conent-Type": "application/json"
},
"body": {
"subjects": "@variables('SubjectsJsonArray')"
},
"authentication": {
"audience": "https://graph.microsoft.com",
"identity": "/subscriptions/5ea2c968-dac1-41de-ab07-19b3619077aa/resourceGroups/iga-mod-demos/providers/Microsoft.ManagedIdentity/userAssignedIdentities/iga-mod-demos-graph-access",
"type": "ManagedServiceIdentity"
}
},
"operationOptions": "DisableAsyncPattern"
}
},
"else": {
"actions": {}
},
"runAfter": {
"AppendSubjectToArray": [
"Succeeded"
]
}
}
},
"runAfter": {
"GetInstanceDecisions": [
"Succeeded"
]
}
},
"GetInstanceDecisions": {
"type": "Http",
"inputs": {
"uri": "https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions/@{variables('AccessReviewId')}/instances/@{items('ForEachInstance')?['id']}/decisions",
"method": "GET",
"authentication": {
"audience": "https://graph.microsoft.com/",
"identity": "/subscriptions/5ea2c968-dac1-41de-ab07-19b3619077aa/resourceGroups/iga-mod-demos/providers/Microsoft.ManagedIdentity/userAssignedIdentities/iga-mod-demos-graph-access",
"type": "ManagedServiceIdentity"
}
}
},
"WorkFlowRanOrSubjectsGreaterThan0": {
"type": "If",
"expression": {
"or": [
{
"greater": [
"@length(variables('SubjectsJsonArray'))",
0
]
}
]
},
"actions": {
"RunWorkflowFinal": {
"type": "Http",
"inputs": {
"uri": "https://graph.microsoft.com/v1.0/identityGovernance/lifecycleWorkflows/workflows/@{variables('WorkflowId')}/activate",
"method": "POST",
"headers": {
"Content-Type": "application/json"
},
"body": {
"subjects": "@variables('SubjectsJsonArray')"
},
"authentication": {
"audience": "https://graph.microsoft.com/",
"identity": "/subscriptions/5ea2c968-dac1-41de-ab07-19b3619077aa/resourceGroups/iga-mod-demos/providers/Microsoft.ManagedIdentity/userAssignedIdentities/iga-mod-demos-graph-access",
"type": "ManagedServiceIdentity"
}
},
"operationOptions": "DisableAsyncPattern"
}
},
"else": {
"actions": {}
},
"runAfter": {
"For_each": [
"Succeeded"
]
}
}
},
"runAfter": {
"GetActiveInstancesOfAccessReview": [
"Succeeded"
]
}
},
"GetActiveInstancesOfAccessReview": {
"type": "Http",
"inputs": {
"uri": "https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions/@{variables('AccessReviewId')}/instances",
"method": "GET",
"queries": {
"$filter": "status eq 'InProgress'",
"$select": "id"
},
"authentication": {
"audience": "https://graph.microsoft.com/",
"identity": "/subscriptions/5ea2c968-dac1-41de-ab07-19b3619077aa/resourceGroups/iga-mod-demos/providers/Microsoft.ManagedIdentity/userAssignedIdentities/iga-mod-demos-graph-access",
"type": "ManagedServiceIdentity"
}
},
"runAfter": {
"InitializeSubjects": [
"Succeeded"
]
}
},
"InitAccessReviewId": {
"type": "InitializeVariable",
"inputs": {
"variables": [
{
"name": "AccessReviewId",
"type": "string",
"value": "7b278ea8-33ba-494c-916d-1daafde4bced"
}
]
},
"runAfter": {
"InitiWorkflowId": [
"Succeeded"
]
}
},
"InitiWorkflowId": {
"type": "InitializeVariable",
"inputs": {
"variables": [
{
"name": "WorkflowId",
"type": "string",
"value": "ee68cfbb-0a11-4ecf-bcf6-263b44132ac8"
}
]
},
"runAfter": {}
},
"InitializeSubjects": {
"type": "InitializeVariable",
"inputs": {
"variables": [
{
"name": "SubjectsJsonArray",
"type": "array"
}
]
},
"runAfter": {
"InitAccessReviewId": [
"Succeeded"
]
}
}
},
"outputs": {},
"parameters": {
"$connections": {
"type": "Object",
"defaultValue": {}
}
}
},
"parameters": {
"$connections": {
"value": {}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment