Is it possible at all to create a function key for a just created azure function from powershell script? I have got a release pipeline to create the whole environment for azure function and it is working fine but one part I am missing is a custom function key for the function. I don't want to use the default key. I could create the new key in the portal but I need it to be done from the script.
-
It would be better if you add some more details and what you've done about it till now.J...S– J...S2017-10-02 07:47:21 +00:00Commented Oct 2, 2017 at 7:47
-
Moved to the questionY. A.– Y. A.2017-10-02 08:31:37 +00:00Commented Oct 2, 2017 at 8:31
Add a comment
|
2 Answers
Currently, there is no such Power Shell cmdlet, but you could use Function Api.
Creates or updates the key at the specified resource with an auto generated key:
POST /admin/functions/{functionname}/keys/{keyname}
Use the following Power Shell to use API.
$tenant = ""
$clientId = ""
$clientSecret = ""
$subscriptionId = ""
$body = @{
"grant_type"="client_credentials";
"client_id"=$clientId;
"client_secret"=$clientSecret;
"resource"="https://management.azure.com/"
}
$resourceGroup="shuiapp"
$name="shuifunction"
$authInfo = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$tenant/oauth2/token" -Body $body -Method Post -Headers @{"Content-Type"="application/x-www-form-urlencoded"}
$publishData = Invoke-RestMethod -Uri "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroup/providers/Microsoft.Web/sites/$name/publishxml?api-version=2016-08-01" -Method Post -Headers @{"Authorization"="Bearer $($authInfo.access_token)"}
$userName = $publishData.publishData.publishProfile[0].userName
$password = $publishData.publishData.publishProfile[0].userPWD
$apiBaseUrl = "https://$name.scm.azurewebsites.net/api"
$siteBaseUrl = "https://$name.azurewebsites.net"
# For authenticating to Kudu
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $username,$password)))
# Call Kudu /api/functions/admin/token to get a JWT that can be used with the Functions Key API
$jwt = Invoke-RestMethod -Uri "$apiBaseUrl/functions/admin/token" -Headers @{Authorization=("Basic {0}" -f $base64AuthInfo)} -Method GET
# Call Functions Key API to get the master key
$x = Invoke-RestMethod -Uri "$siteBaseUrl/admin/host/systemkeys/_master" -Headers @{Authorization=("Bearer {0}" -f $jwt)} -Method GET
$masterKey = $x.value
# create a custom function key
$functionname="HttpTriggerPowerShell1"
$v=Invoke-RestMethod -Uri "$siteBaseUrl/admin/functions/$functionname/keys/shui" -Headers @{Authorization=("Bearer {0}" -f $jwt)} -Method POST
$v.value
# get function key value
$x = Invoke-RestMethod -Uri "$siteBaseUrl/admin/functions/HttpTriggerPowerShell1/keys" -Headers @{Authorization=("Bearer {0}" -f $jwt)} -Method GET
Note: You need create a new service principal and give contributor role. Please refer to the official document.
6 Comments
Shui shengbao
@Y. A. Does it work now? Please let me know if you need more future help.
Y. A.
Sorry for not responding yet. I tried to use one of registered apps's clientId and clientsecretId. It does not work so far: The remote server returned an error: (403) Forbidden.
Y. A.
So my question is if I can use registered app principal at all? Or I need to create a user in AD?
Y. A.
I tried to add that registered app to resource group access policy and possibly assign contributor role but I don't have permissions on that level and probably because of it I don't an option to add a new policy. Is it what I need to archieve?
Y. A.
see my comments above please.
|
You can create function keys using Az Cli: az functionapp keys:
Create a function key for an Azure Function app.
az functionapp keys set ` -g MyResourceGroup ` -n MyFunctionAppName ` --key-type functionKeys ` --key-name MyKeyName ` --key-value MyKeyValue
If the --key-value is not specified, it will be auto-generated.
