I am currently working on a Power Automate flow to create a database on SharePoint lists of all the resource groups in each subscription of my organization's tenant on Azure.

To focus on first getting the list of subscriptions in our tenant, I used the Azure REST API to get a list of all the subscriptions in the tenant. This worked perfectly and got what I needed, however it uses a Bearer token for authorization and I am looking for a solution that won't expire. Hence, I decided to go down the Active Directory OAuth route for authorization, in which I created an app registration on Azure for this. This is what I have so far:

Currently, my flow is running successfully, however essentially returns no information:

{
  "value": [],
  "count": {
    "type": "Total",
    "value": 0
  }
}

The schema I am looking to return is supposed to look like this:

{
    "type": "object",
    "properties": {
        "value": {
            "type": "array",
            "items": {
                "type": "object",
                "properties": {
                    "id": {
                        "type": "string"
                    },
                    "authorizationSource": {
                        "type": "string"
                    },
                    "managedByTenants": {
                        "type": "array",
                        "items": {
                            "type": "object",
                            "properties": {
                                "tenantId": {
                                    "type": "string"
                                }
                            },
                            "required": [
                                "tenantId"
                            ]
                        }
                    },
                    "subscriptionId": {
                        "type": "string"
                    },
                    "tenantId": {
                        "type": "string"
                    },
                    "displayName": {
                        "type": "string"
                    },
                    "state": {
                        "type": "string"
                    },
                    "subscriptionPolicies": {
                        "type": "object",
                        "properties": {
                            "locationPlacementId": {
                                "type": "string"
                            },
                            "quotaId": {
                                "type": "string"
                            },
                            "spendingLimit": {
                                "type": "string"
                            }
                        }
                    }
                },
                "required": [
                    "id",
                    "authorizationSource",
                    "managedByTenants",
                    "subscriptionId",
                    "tenantId",
                    "displayName",
                    "state",
                    "subscriptionPolicies"
                ]
            }
        },
        "count": {
            "type": "object",
            "properties": {
                "type": {
                    "type": "string"
                },
                "value": {
                    "type": "integer"
                }
            }
        }
    }
}

CodePudding user response：

Your issue here is a question of permissions of your app registration.

If the App has not been affected to any role in the subscriptions, you will not get them when calling the API using its identity.

Sample

Without being added to a subscription

I got the same result as yours when creating an app registration and calling the subscription list:

After adding the app as Reader of the subscription

I added the App as Reader in the IAM of 1 subscription:

Result: I got it in my flow: