如何从Bicep中获取Azure Functions密钥

huangapple
go评论95阅读模式
英文:

How can I get Azure Functions keys from Bicep

问题

以下是您要求的代码部分的翻译:

  1. 我有以下代码来创建一个使用Bicep语言的Azure **Function App**
  3. resource webSite 'Microsoft.Web/sites@2022-03-01' = {
  4.   name: 'xxxxxx'
  5.   location: resourceGroup().location
  6.   kind: 'functionapp'
  7.   properties: {
  8.     serverFarmId: 'zzzzzz'
  9.     siteConfig: {     
  10.       appSettings: [
  11.         // 一些值
  12.       ]
  13.     }
  14.   }
  15. }

然后,我需要获取主机密钥,如'master'或'default'密钥。

我尝试了一些选项,如

  1. resource functionApp 'Microsoft.Web/sites/functions@2022-03-01' existing = { name: 'xxxxxx' }
  3. output key string = functionApp.listkeys().properties.masterKey

  1. output key string = listKeys(resourceId('Microsoft.Web/sites/host', 'xxxxxx', 'default'), '2022-03-01').masterKey

但我总是从Azure收到错误消息,内容为“遇到来自主机运行时的错误(BadGateway)”。

是否有一种简便的方式来获取这些密钥?

要获取这些密钥,是否需要在我的Function App中部署一个函数?

英文:

I have the following code to create an Azure Function App with Bicep lang

  1. resource webSite 'Microsoft.Web/sites@2022-03-01' = {
  2.   name: 'xxxxxx'
  3.   location: resourceGroup().location
  4.   kind: 'functionapp'
  5.   properties: {
  6.     serverFarmId: 'zzzzzz'
  7.     siteConfig: {     
  8.       appSettings: [
  9.         // some values
  10.       ]
  11.     }
  12.   }
  13. }

Then I need to get the host keys like 'master' or 'default' key

I tried some options like

  1. resource functionApp 'Microsoft.Web/sites/functions@2022-03-01' existing = { name: 'xxxxxx' }
  3. output key string = functionApp.listkeys().properties.masterKey

or

  1. output key string = listKeys(resourceId('Microsoft.Web/sites/host', 'xxxxxx', 'default'), '2022-03-01').masterKey

But I allways receive an error from Azure with this message Encountered an error (BadGateway) from host runtime.

There are a way to get the keys easily?

To get the keys do I need to deploy a function inside my Function App?

答案1

得分: 3

  1. Using Az CLI:

使用以下命令在 Azure Bash 中检索 function app 密钥和它们的机密值:

  1. az functionapp keys list -g <resourcegroup> -n <functionappname>

输出:

如何从Bicep中获取Azure Functions密钥

使用以下命令在 Azure Bash 中检索 function 密钥和它们的机密值:

  1. az functionapp function keys list -g <resourcegroup> -n <functionappname> --function-name <functionname>

输出:

如何从Bicep中获取Azure Functions密钥

  1. Bicep 代码:

我还尝试通过在我的环境中创建一个 Bicep 配置文件来实现,脚本如下:

  1. param  functionApp  string
  2. resource  appKeys  'Microsoft.Web/sites/functions@2022-03-01'  existing ={
  3. name: functionApp
  4. }
  5. output key object = listkeys(concat(resourceId('Microsoft.Web/sites', functionApp), '/host/default/'),'2021-02-01').masterKey

通过使用以下命令构建成功:

bicep build <文件名>:

如何从Bicep中获取Azure Functions密钥

注意: 但是根据详细的代码审查规则,Bicep 输出不应包含机密值 MSDoc

或者,您可以参考 SO 提供的方法,使用 ARM JSON 模板列出函数密钥。

英文:

To get the Azure functionApp/function keys, I tried the below approaches and it worked for me.

  1. Using Az CLI:

Use below command to retrieve the function app keys and their secret values in Azure Bash:

  1. az functionapp keys list -g &lt;resourcegroup&gt; -n &lt;functionappname&gt;

Output:

如何从Bicep中获取Azure Functions密钥

Use below command to retrieve the function keys and their secret values in Azure Bash:

  1. az functionapp function keys list -g &lt;resourcegroup&gt; -n &lt;functionappname&gt; --function-name &lt;functionname&gt;

Output:

如何从Bicep中获取Azure Functions密钥

  1. Bicep code:

I also tried by creating a bicep configuration file in my environment with the below script as follows:

  1. param  functionApp  string
  2. resource  appKeys  &#39;Microsoft.Web/sites/functions@2022-03-01&#39;  existing ={
  3. name: functionApp
  4. }
  5. output key object = listkeys(concat(resourceId(&#39;Microsoft.Web/sites&#39;, functionApp), &#39;/host/default/&#39;),&#39;2021-02-01&#39;).masterKey

Build succeeded by using below command:

bicep build &lt; filename &gt;:

如何从Bicep中获取Azure Functions密钥

Note: But in bicep, output should not have secret values according to the linter rule code as detailed in MSDoc.

Alternatively, you can refer SO given by @Shui shengbao to list the function keys with ARM json template.

答案2

得分: 1

错误表明存储帐户访问存在问题。

请检查您的应用程序设置。您还可以在 Azure 门户中查看是否可以显示密钥。

  • AzureWebJobsStorage 应该是有效的连接字符串,且帐户可访问(VNET 等)。
  • 如果设置了 WEBSITE_RUN_FROM_PACKAGE,请确保您的函数代码也已正确部署并运行。

获取密钥的有效 Bicep 代码:

  1. output key string = listkeys('${functionApp.id}/host/default', '2022-03-01').masterKey

请注意,listkeys('${functionApp.id}/host/xxxx/default' ... 是不正确的。您不需要在那里使用 xxxx。如果您需要槽的密钥,可以使用 output key2 string = listkeys('${functionApp.id}/slots/${slotname}/host/default', ...)

英文:

The error is indicative of a storage account access issue.

Please check your appsettings. You can also see if you can show the keys using Azure Portal.

  • AzureWebJobsStorage should be a valid connection string and the account accessible (VNETs etc.)
  • If WEBSITE_RUN_FROM_PACKAGE is set, make sure your function code is also deployed correctly and working

A valid bicep code to get the keys:

  1. output key string = listkeys(&#39;${functionApp.id}/host/default&#39;, &#39;2022-03-01&#39;).masterKey

Note that listkeys(&#39;${functionApp.id}/host/xxxx/default&#39; ... is incorrect. You don't need xxxx there. If you need the key of a slot you can use output key2 string = listkeys(&#39;${functionApp.id}/slots/${slotname}/host/default&#39;, ...

huangapple
  • 本文由 发表于 2023年2月23日 19:42:33
  • 转载请务必保留本文链接:https://go.coder-hub.com/75544346.html
  • azure
  • azure-bicep
  • azure-functions
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定