如何从Bicep中获取Azure Functions密钥

huangapple go评论63阅读模式
英文:

How can I get Azure Functions keys from Bicep

问题

以下是您要求的代码部分的翻译:

我有以下代码来创建一个使用Bicep语言的Azure **Function App**

resource webSite 'Microsoft.Web/sites@2022-03-01' = {
  name: 'xxxxxx'
  location: resourceGroup().location
  kind: 'functionapp'
  properties: {
    serverFarmId: 'zzzzzz'
    siteConfig: {     
      appSettings: [
        // 一些值
      ]
    }
  }
}

然后,我需要获取主机密钥,如'master'或'default'密钥。

我尝试了一些选项,如

resource functionApp 'Microsoft.Web/sites/functions@2022-03-01' existing = { name: 'xxxxxx' }

output key string = functionApp.listkeys().properties.masterKey

output key string = listKeys(resourceId('Microsoft.Web/sites/host', 'xxxxxx', 'default'), '2022-03-01').masterKey

但我总是从Azure收到错误消息,内容为“遇到来自主机运行时的错误(BadGateway)”。

是否有一种简便的方式来获取这些密钥?

要获取这些密钥,是否需要在我的Function App中部署一个函数?

英文:

I have the following code to create an Azure Function App with Bicep lang

resource webSite 'Microsoft.Web/sites@2022-03-01' = {
  name: 'xxxxxx'
  location: resourceGroup().location
  kind: 'functionapp'
  properties: {
    serverFarmId: 'zzzzzz'
    siteConfig: {     
      appSettings: [
        // some values
      ]
    }
  }
}

Then I need to get the host keys like 'master' or 'default' key

I tried some options like

resource functionApp 'Microsoft.Web/sites/functions@2022-03-01' existing = { name: 'xxxxxx' }

output key string = functionApp.listkeys().properties.masterKey

or

output key string = listKeys(resourceId('Microsoft.Web/sites/host', 'xxxxxx', 'default'), '2022-03-01').masterKey

But I allways receive an error from Azure with this message Encountered an error (BadGateway) from host runtime.

There are a way to get the keys easily?

To get the keys do I need to deploy a function inside my Function App?

答案1

得分: 3

  1. Using Az CLI:

使用以下命令在 Azure Bash 中检索 function app 密钥和它们的机密值:

az functionapp keys list -g <resourcegroup> -n <functionappname>

输出:

如何从Bicep中获取Azure Functions密钥

使用以下命令在 Azure Bash 中检索 function 密钥和它们的机密值:

az functionapp function keys list -g <resourcegroup> -n <functionappname> --function-name <functionname>

输出:

如何从Bicep中获取Azure Functions密钥

  1. Bicep 代码:

我还尝试通过在我的环境中创建一个 Bicep 配置文件来实现,脚本如下:

param  functionApp  string
resource  appKeys  'Microsoft.Web/sites/functions@2022-03-01'  existing ={
name: functionApp
}
output key object = listkeys(concat(resourceId('Microsoft.Web/sites', functionApp), '/host/default/'),'2021-02-01').masterKey

通过使用以下命令构建成功:

bicep build <文件名>:

如何从Bicep中获取Azure Functions密钥

注意: 但是根据详细的代码审查规则,Bicep 输出不应包含机密值 MSDoc

或者,您可以参考 SO 提供的方法,使用 ARM JSON 模板列出函数密钥。

英文:

To get the Azure functionApp/function keys, I tried the below approaches and it worked for me.

  1. Using Az CLI:

Use below command to retrieve the function app keys and their secret values in Azure Bash:

az functionapp keys list -g &lt;resourcegroup&gt; -n &lt;functionappname&gt;

Output:

如何从Bicep中获取Azure Functions密钥

Use below command to retrieve the function keys and their secret values in Azure Bash:

az functionapp function keys list -g &lt;resourcegroup&gt; -n &lt;functionappname&gt; --function-name &lt;functionname&gt;

Output:

如何从Bicep中获取Azure Functions密钥

  1. Bicep code:

I also tried by creating a bicep configuration file in my environment with the below script as follows:

param  functionApp  string
resource  appKeys  &#39;Microsoft.Web/sites/functions@2022-03-01&#39;  existing ={
name: functionApp
}
output key object = listkeys(concat(resourceId(&#39;Microsoft.Web/sites&#39;, functionApp), &#39;/host/default/&#39;),&#39;2021-02-01&#39;).masterKey

Build succeeded by using below command:

bicep build &lt; filename &gt;:

如何从Bicep中获取Azure Functions密钥

Note: But in bicep, output should not have secret values according to the linter rule code as detailed in MSDoc.

Alternatively, you can refer SO given by @Shui shengbao to list the function keys with ARM json template.

答案2

得分: 1

错误表明存储帐户访问存在问题。

请检查您的应用程序设置。您还可以在 Azure 门户中查看是否可以显示密钥。

  • AzureWebJobsStorage 应该是有效的连接字符串,且帐户可访问(VNET 等)。
  • 如果设置了 WEBSITE_RUN_FROM_PACKAGE,请确保您的函数代码也已正确部署并运行。

获取密钥的有效 Bicep 代码:

output key string = listkeys('${functionApp.id}/host/default', '2022-03-01').masterKey

请注意,listkeys('${functionApp.id}/host/xxxx/default' ... 是不正确的。您不需要在那里使用 xxxx。如果您需要槽的密钥,可以使用 output key2 string = listkeys('${functionApp.id}/slots/${slotname}/host/default', ...)

英文:

The error is indicative of a storage account access issue.

Please check your appsettings. You can also see if you can show the keys using Azure Portal.

  • AzureWebJobsStorage should be a valid connection string and the account accessible (VNETs etc.)
  • If WEBSITE_RUN_FROM_PACKAGE is set, make sure your function code is also deployed correctly and working

A valid bicep code to get the keys:

output key string = listkeys(&#39;${functionApp.id}/host/default&#39;, &#39;2022-03-01&#39;).masterKey

Note that listkeys(&#39;${functionApp.id}/host/xxxx/default&#39; ... is incorrect. You don't need xxxx there. If you need the key of a slot you can use output key2 string = listkeys(&#39;${functionApp.id}/slots/${slotname}/host/default&#39;, ...

huangapple
  • 本文由 发表于 2023年2月23日 19:42:33
  • 转载请务必保留本文链接:https://go.coder-hub.com/75544346.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定