Connecting the Paconn CLI Tool to GCC, GCCH, and DoD Environments for Power Platform Connectors

Connecting the Paconn CLI Tool to GCC, GCCH, and DoD Environments for Power Platform Connectors

When working with the paconn CLI tool to create and manage custom connectors in the Power Platform, it’s essential to configure your environment settings properly, especially when targeting different government cloud environments like GCC, GCC High, and DoD. In this article, we’ll guide you through setting up these configurations, including creating a connectionSettings.json file for each environment, downloading a custom connector, and updating the connector’s settings for seamless management.

Prerequisites

  1. Azure Subscription: You need an active Azure subscription to register an application.
  2. Paconn CLI Tool: Ensure you have the paconn CLI tool installed. You can install it using Python’s pip:
    pip install paconn

Step 1: Create an Azure App Registration

Begin by registering an application in Azure Active Directory (Azure AD) that will serve as the identity for your paconn operations.

  1. Navigate to Azure AD: Sign in to the Azure portal and go to Azure Active Directory.

  2. Create a New App Registration:

    • Go to App registrations > New registration.
    • Provide a name, such as “Paconn Connector App.”
    • Redirect URI: Skip this step as it is not required.

  3. API Permissions:

    • The app automatically includes the User.Read permission under Microsoft Graph. No additional API permissions are needed.

      image

  4. Allow Public Client Flows:

    • Under Authentication > Advanced settings, set Allow public client flows to Yes. This enables the device code flow, which paconn uses for authentication.

      image

  5. Copy Your IDs:

    • After registering the application, go to the Overview section.

    • Copy the Application (client) ID and Directory (tenant) ID. These values will be used in the connectionSettings.json file in the next step.

      image

By the end of this step, you should have your Application (client) ID and Directory (tenant) ID ready for configuring the connection settings in the following step.

Step 2: Create the connectionSettings.json File

Next, you’ll create a connectionSettings.json file with specific values tailored for each environment. This file is crucial for authenticating and operating within your selected cloud.

GCC Environment

{
  "powerAppsUrl": "https://gov.api.powerapps.us/",
  "flowUrl": "https://gov.api.flow.microsoft.us/",  
  "resource": "https://gov.service.powerapps.us/",
  "authorityUrl": "https://login.microsoftonline.com/",
  "clientId": "<Your Application (client) ID>",
  "tenant": "<Your Directory (tenant) ID>"
}

GCC High Environment

{
  "powerAppsUrl": "https://high.api.powerapps.us/",
  "flowUrl": "https://high.api.flow.microsoft.us/",
  "resource": "https://high.service.powerapps.us/",
  "authorityUrl": "https://login.microsoftonline.us/",
  "clientId": "<Your Application (client) ID>",
  "tenant": "<Your Directory (tenant) ID>"
}

DoD Environment

{
  "powerAppsUrl": "https://api.apps.appsplatform.us/",
  "flowUrl": "https://api.flow.appsplatform.us/",
  "resource": "https://service.apps.appsplatform.us/",
  "authorityUrl": "https://login.microsoftonline.us/",
  "clientId": "<Your Application (client) ID>",
  "tenant": "<Your Directory (tenant) ID>"
}

Replace <Your Application (client) ID> and <Your Directory (tenant) ID> with the values from your Azure App Registration.

Step 3: Log In to Paconn

Once you’ve configured your connectionSettings.json file with the correct values for your environment, the next step is to log in to the paconn CLI tool. This authentication process is essential for performing any subsequent operations with the tool.

To log in, use the following command:

paconn login --settings connectionSettings.json

This command initiates the login process. Follow the prompts to authenticate using the device code flow. Once logged in, you’ll be ready to download and manage your custom connectors.

Step 4: Download a Custom Connector

After successfully logging in, you can download an existing custom connector from your environment. This process involves selecting the environment and the specific connector you want to work with.

Run the following command:

paconn download --settings connectionSettings.json

This command will prompt you to choose the environment based on your connectionSettings.json file. After selecting the environment, you’ll be able to choose the connector you wish to download. The connector will be saved locally, along with a settings.json file.

image

Step 5: Update the Connector

Once you have downloaded the connector, you may need to update it. The settings.json file downloaded with the connector needs to include the same settings you have in your connectionSettings.json file. This ensures consistency when managing or updating the connector.

Here’s what you need to do:

  1. Open the Downloaded settings.json File: Locate the file that was downloaded along with the connector.

  2. Update the Fields: Add or update the following fields with the values from your connectionSettings.json:

    {
  "powerAppsUrl": "https://high.api.powerapps.us/",
  "flowUrl": "https://high.api.flow.microsoft.us/",
  "resource": "https://high.service.powerapps.us/",
  "authorityUrl": "https://login.microsoftonline.us/",
  "clientId": "<Your Application (client) ID>",
  "tenant": "<Your Directory (tenant) ID>"
}

  3. Save the File: Ensure all changes are saved.

To apply the updates to the connector, run:

paconn update --settings settings.json

This command will push the changes to the connector in the selected environment.

image

Step 6: Create a New Connector

Creating a new custom connector follows a similar process to updating an existing one, but with a few differences. Since it’s a new connector, you don’t need to include all the same properties in the settings.json file.

Here’s an example of a settings.json file for a new connector:

{
  "environment": "d9f0b637-5539-e256-9232-ecb5839cdb02",
  "apiProperties": "apiProperties.json",
  "apiDefinition": "apiDefinition.swagger.json",
  "icon": "icon.png",
  "powerAppsUrl": "https://high.api.powerapps.us/",
  "flowUrl": "https://high.api.flow.microsoft.us/",
  "authorityUrl": "https://login.microsoftonline.us/",
  "resource": "https://high.service.powerapps.us/",
  "clientId": "<Your Application (client) ID>",
  "tenant": "<Your Directory (tenant) ID>"
}

Key Differences:

  • No connectorId: Since this is a new connector, you don’t need to include the connectorId property.
  • Optional script Property: If you aren’t including custom code, you can omit the script property from the settings.json file.

Once the settings.json file is ready, you can create the new connector with the following command:

paconn create --settings settings.json

This will create a new custom connector in your specified environment using the provided settings.

Conclusion

When working with government cloud environments like GCC, GCC High, and DoD, it’s essential to consistently use settings.json files for your operations with the paconn CLI tool. This is because attempting to mix the --settings option with other command-line arguments like --api-prop and --api-def will not work as expected.

To ensure smooth operations:

  • Keep a connectionSettings.json file at your project root: This file should contain the basic authentication and environment details.
  • Update the settings.json file for each connector: Tailor it with the specific details for each connector you manage.

By following this approach, you’ll be able to effectively use the paconn CLI tool to manage connectors across various government cloud environments.

It’s also worth noting that while the PAC CLI tool also supports commands for managing connectors, it is relatively new and still has some bugs. Until these issues are resolved, I recommend continuing with the paconn method described here. However, the PAC CLI tool does offer a much easier way to connect to these clouds, so I’m optimistic about its potential in the future.

Comments

Post a Comment

Popular posts from this blog

Add User As Local Administrator On Domain Controller

I recently was settting up a new Microsoft SharePoint 2010 machine and had promoted the machine to a domain controller before creating my SharePoint admin accounts.  I needed to add several of my accounts to the local Administrators group.  Unfortunately after you promote a server to a domain controller you can no longer access the GUI for Local Users and Groups.  Instead I had to use the command line to add the users. Open a command promt using the "Run as administrator" function and then run the following command. net localgroup Administrators /add {domain}\{user} Note: do not include the {} brackets.
Read more

Calling Dataverse Web API in PowerShell using Client Credentials

Image
Connecting to Dataverse using PowerShell can be very helpful for data migrations and use within Azure DevOps. Connecting to an instance in a non-interactive way can be tricky though. This article will provide you the links you need for creation and App registration and adding the app user to your environment. You can then utilize the script provided to call Web API requests including ones you define using the new Custom API functionality now available. The script was written so that it is not dependent on any outside libraries such as the Microsoft.Xrm.Tooling connector. This is helpful in situation where involving an outside library will slow down your deployment time by having to be approved in a change control board. If utilizing an outside code library is not a concern you can create a connection to Dataverse utilizing the Microsoft.Xrm.Tooling connector Get-CrmConnection cmdlet. Create App Registration The first thing to do is create an App Registration within Azure AD for
Read more

Windows Server 2008R2 VMs Shut Down After 1 to 2 Hours

Image
When created a lab environment to test ADFS 2.0 I utilized the Windows 2008R2 VM baselines distributed by Microsoft.  After a few days I was told that I had to activate.  The VMs included a 180 day license for use but I didn't feel like adding another network adapter into Hyper-V to connect them to the internet.  I started having issues though where the servers would shut down every hour or so.  I though that maybe there was a memory issue and Hyper-V was shutting them down in order to free up RAM.  Turns out that if Server 2008R2 is not activated it automatically shuts down after a period of time.  After connecting the server to the internet and activating them the problem went away. Finally the madness of the unknown shut downs has ended :)
Read more