当您的功能设置为只读时,如何创建Azure功能,功能键
摘要::我直接在Visual Studio中编写了一个函数,根据设计,该函数将导致门户中的只读函数管理。我的问题是,一个轻松如何为所述webhook创建功能键?
Summary: I'm authoring a function directly in Visual Studio which by design results in readonly function management in the portal. My question is how does one easily create a function key for said webhook?
上下文::我正在尝试将通用Webhook连接到事件网格。这个过程使我走上了一条需要触发SubscriptionValidationEvent的道路,而这又需要我的Webhook在URL上提供一个代码,我认为这是一个功能键。
Context: I'm trying to hook up a generic webhook to Event Grid. This process has led me down a path of needing to trigger a SubscriptionValidationEvent which in turn requires my webhook to provide a "code" on the URL which I'm assuming is a function key.
另外,在我被否决之前,我非常清楚,这里已经有人提出并回答了这个问题。我已经尝试了所有这些方法,由于某种原因或其他原因,没有一种解决方案涉及我使用Kudu凭据针对文档记录较差的Keys API编写PowerShell的任何方法。
Also before I get down voted, I'm very well aware that there are multiple variants of this question asked and answered here already. I've tried them all and for one reason or another none of the solutions that involve writing PowerShell against a poorly documented Keys API using Kudu creds seem to work for me.
我希望有人知道用CLI甚至更简单的方法来解决此问题,创建一个 functionName.json 手动将文件拖放到secrets目录中。
My hope is that someone knows of a way to solve this with the CLI or even easier, creating a functionName.json file by hand and dropping it in the secrets directory.
使用预发布EventGrid绑定对我来说很诱人,目前我无法在环境中推送预发布代码。
Lastly as tempting as it is for me to use the prerelease EventGrid binding, I'm currently unable to push pre-release code in my environment.
找到了这篇有趣的文章,内容涉及如何从 Powershell 管理天蓝色函数键>:
Found this interesting article on how to manage azure functions keys from Powershell:
- Manage Azure Functions Keys
也有官方文档(很难找到此Wiki):
Also official documentation (was hard to find this wiki):
- Key management API
以下是关键点:
- 获取发布凭据
- 生成Kudu API授权令牌
- 调用Kudu / api / functions / admin / token获取可以与功能键API一起使用的JWT
- 然后您可以做任何您想做的事
- Get the publishing credentials
- Generate the Kudu API Authorisation token
- Call Kudu /api/functions/admin/token to get a JWT that can be used with the Functions Key API
- Then you can do whatever you want
这是我现有的脚本
Param(
[string] [Parameter(Mandatory=$true)] $resourceGroupName,
[string] [Parameter(Mandatory=$true)] $functionappName,
[string] [Parameter(Mandatory=$true)] $keyname,
[string] [Parameter()] $slot
)
if (![string]::IsNullOrWhiteSpace($slot)){
$apiBaseUrl = "https://$functionappName-$slot.scm.azurewebsites.net/api"
$siteBaseUrl = "https://$functionappName-$slot.azurewebsites.net"
$resourceType = "Microsoft.Web/sites/slots/config"
$resourceName = "$functionappName/$slot/publishingcredentials"
}
else {
$apiBaseUrl = "https://$functionappName.scm.azurewebsites.net/api"
$siteBaseUrl = "https://$functionappName.azurewebsites.net"
$resourceType = "Microsoft.Web/sites/config"
$resourceName = "$functionappName/publishingcredentials"
}
Write-Host "Get the publishing credentials"
$publishingCredentials = Invoke-AzureRmResourceAction -ResourceGroupName $resourceGroupName -ResourceType $resourceType -ResourceName $resourceName -Action list -ApiVersion 2015-08-01 -Force
Write-Host "Generate the Kudu API Authorisation Token"
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $publishingCredentials.Properties.PublishingUserName, $publishingCredentials.Properties.PublishingPassword)))
Write-Host "Call Kudu /api/functions/admin/token to get a JWT that can be used with the Functions Key API"
$jwt = Invoke-RestMethod -Uri "$apiBaseUrl/functions/admin/token" -Headers @{Authorization=("Basic {0}" -f $base64AuthInfo)} -Method GET
Write-Host "Creates or updates an host key at the specified resource with an auto generated key"
$mynewkey = (Invoke-RestMethod -Uri "$siteBaseUrl/admin/host/keys/$keyname" -Headers @{Authorization=("Bearer {0}" -f $jwt)} -Method Post).value
编辑
新创建的功能应用默认情况下使用TLS 1.2 o您需要在Powershell脚本的顶部添加以下行:
Newly created function apps use TLS 1.2 by default so you need to add this line at the top of the Powershell script:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12