如何从 ARM 模板检索 Azure Function App 的默认主机密钥?
How to retrieve an Azure Function App's default host key from an ARM template?
我能够使用来自 Postman 的 /admin/host/keys REST API 检索 Azure Function App 的默认主机密钥。
我使用针对 https://{{Function-App-Kudu-Url}}/api/functions/admin/token 的部署凭据和基本身份验证从 Kudu 获取令牌。然后我使用针对 https://{{Function-App-Url}}/admin/host/keys/default 的不记名身份验证包含 returned 令牌并接收默认主机密钥。
但是,我想从 ARM JSON 模板中检索此值。谷歌搜索并没有证明在揭示如何做到这一点方面卓有成效。
似乎 listkeys 或 listsecrets 功能可能会起作用,但我提供给他们的任何参数都不是 return 密钥。
如何从 ARM JSON 模板中访问默认主机密钥?
您将能够在您的函数代码中使用函数主机密钥,而且该函数会将您的函数密钥输出为 ARM 模板兼容字符串,因此您将能够在您的主 ARM 模板中引用它。
这里是函数代码,适配ARM模板获取输入。
[FunctionName("GetKeys")]
public static async System.Threading.Tasks.Task<HttpResponseMessage> RunAsync([HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)]HttpRequest req, TraceWriter log, ExecutionContext context)
{
//get the publishing profile information from function argument
var queryStrings=req.GetQueryParameterDictionary();
string publishingUserName = "";
string publishingPassword = "";
string hostKey = "";
queryStrings.TryGetValue("publishingUserName", out publishingUserName);
queryStrings.TryGetValue("publishingPassword", out publishingPassword);
//get the JWT token to call the KUDU Api
var base64Auth = Convert.ToBase64String(Encoding.Default.GetBytes($"{publishingUserName}:{publishingPassword}"));
var apiUrl = new Uri($"https://{Environment.GetEnvironmentVariable("WEBSITE_CONTENTSHARE")}.scm.azurewebsites.net/api");
string JWT;
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Add("Authorization", $"Basic {base64Auth}");
var result = client.GetAsync($"{apiUrl}/functions/admin/token").Result;
JWT = result.Content.ReadAsStringAsync().Result.Trim('"'); //get JWT for call funtion key
}
//get the key from KUDU
var siteUrl = new Uri($"https://{Environment.GetEnvironmentVariable("WEBSITE_CONTENTSHARE")}.azurewebsites.net");
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Add("Authorization", "Bearer " + JWT);
string jsonResult = client.GetAsync($"{siteUrl}/admin/host/keys").Result.Content.ReadAsStringAsync().Result;
dynamic resObject = JsonConvert.DeserializeObject(jsonResult);
hostKey = resObject.keys[0].value;
}
var template = @"{'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#', 'contentVersion': '1.0.0.0', 'parameters': {}, 'variables': {}, 'resources': [],
'outputs': {
'HostKey':{
'value': {hostKey},
'type' : 'string'
}
}
}";
HttpResponseMessage response = new HttpResponseMessage(HttpStatusCode.OK);
response.Content = new StringContent(template, System.Text.Encoding.UTF8, "application/json");
return response;
}
更详细的代码可以参考这个article.
我能够使用来自 Postman 的 /admin/host/keys REST API 检索 Azure Function App 的默认主机密钥。
我使用针对 https://{{Function-App-Kudu-Url}}/api/functions/admin/token 的部署凭据和基本身份验证从 Kudu 获取令牌。然后我使用针对 https://{{Function-App-Url}}/admin/host/keys/default 的不记名身份验证包含 returned 令牌并接收默认主机密钥。
但是,我想从 ARM JSON 模板中检索此值。谷歌搜索并没有证明在揭示如何做到这一点方面卓有成效。
似乎 listkeys 或 listsecrets 功能可能会起作用,但我提供给他们的任何参数都不是 return 密钥。
如何从 ARM JSON 模板中访问默认主机密钥?
您将能够在您的函数代码中使用函数主机密钥,而且该函数会将您的函数密钥输出为 ARM 模板兼容字符串,因此您将能够在您的主 ARM 模板中引用它。
这里是函数代码,适配ARM模板获取输入。
[FunctionName("GetKeys")]
public static async System.Threading.Tasks.Task<HttpResponseMessage> RunAsync([HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)]HttpRequest req, TraceWriter log, ExecutionContext context)
{
//get the publishing profile information from function argument
var queryStrings=req.GetQueryParameterDictionary();
string publishingUserName = "";
string publishingPassword = "";
string hostKey = "";
queryStrings.TryGetValue("publishingUserName", out publishingUserName);
queryStrings.TryGetValue("publishingPassword", out publishingPassword);
//get the JWT token to call the KUDU Api
var base64Auth = Convert.ToBase64String(Encoding.Default.GetBytes($"{publishingUserName}:{publishingPassword}"));
var apiUrl = new Uri($"https://{Environment.GetEnvironmentVariable("WEBSITE_CONTENTSHARE")}.scm.azurewebsites.net/api");
string JWT;
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Add("Authorization", $"Basic {base64Auth}");
var result = client.GetAsync($"{apiUrl}/functions/admin/token").Result;
JWT = result.Content.ReadAsStringAsync().Result.Trim('"'); //get JWT for call funtion key
}
//get the key from KUDU
var siteUrl = new Uri($"https://{Environment.GetEnvironmentVariable("WEBSITE_CONTENTSHARE")}.azurewebsites.net");
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Add("Authorization", "Bearer " + JWT);
string jsonResult = client.GetAsync($"{siteUrl}/admin/host/keys").Result.Content.ReadAsStringAsync().Result;
dynamic resObject = JsonConvert.DeserializeObject(jsonResult);
hostKey = resObject.keys[0].value;
}
var template = @"{'$schema': 'https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#', 'contentVersion': '1.0.0.0', 'parameters': {}, 'variables': {}, 'resources': [],
'outputs': {
'HostKey':{
'value': {hostKey},
'type' : 'string'
}
}
}";
HttpResponseMessage response = new HttpResponseMessage(HttpStatusCode.OK);
response.Content = new StringContent(template, System.Text.Encoding.UTF8, "application/json");
return response;
}
更详细的代码可以参考这个article.