当您的功能设置为只读时，如何创建Azure功能，功能键 [英] How to create a Azure Function, Function Key when your functions are set to Readonly

问题描述

摘要：：我直接在Visual Studio中编写了一个函数，根据设计，该函数将导致门户中的只读函数管理。我的问题是，一个轻松如何为所述webhook创建功能键？

Summary: I'm authoring a function directly in Visual Studio which by design results in readonly function management in the portal. My question is how does one easily create a function key for said webhook?

上下文：：我正在尝试将通用Webhook连接到事件网格。这个过程使我走上了一条需要触发SubscriptionValidationEvent的道路，而这又需要我的Webhook在URL上提供一个代码，我认为这是一个功能键。

Context: I'm trying to hook up a generic webhook to Event Grid. This process has led me down a path of needing to trigger a SubscriptionValidationEvent which in turn requires my webhook to provide a "code" on the URL which I'm assuming is a function key.

另外，在我被否决之前，我非常清楚，这里已经有人提出并回答了这个问题。我已经尝试了所有这些方法，由于某种原因或其他原因，没有一种解决方案涉及我使用Kudu凭据针对文档记录较差的Keys API编写PowerShell的任何方法。

Also before I get down voted, I'm very well aware that there are multiple variants of this question asked and answered here already. I've tried them all and for one reason or another none of the solutions that involve writing PowerShell against a poorly documented Keys API using Kudu creds seem to work for me.

我希望有人知道用CLI甚至更简单的方法来解决此问题，创建一个 functionName.json 手动将文件拖放到secrets目录中。

My hope is that someone knows of a way to solve this with the CLI or even easier, creating a functionName.json file by hand and dropping it in the secrets directory.

使用预发布EventGrid绑定对我来说很诱人，目前我无法在环境中推送预发布代码。

Lastly as tempting as it is for me to use the prerelease EventGrid binding, I'm currently unable to push pre-release code in my environment.

推荐答案

找到了这篇有趣的文章，内容涉及如何从 Powershell ：

Found this interesting article on how to manage azure functions keys from Powershell:

• 管理Azure功能键

• Manage Azure Functions Keys

也有官方文档（很难找到此Wiki）：

Also official documentation (was hard to find this wiki):

• 密钥管理API

• Key management API

以下是关键点：

1. 获取发布凭据


2. 生成Kudu API授权令牌


3. 调用Kudu / api / functions / admin / token获取可以与功能键API一起使用的JWT


4. 然后您可以做任何您想做的事

1. Get the publishing credentials
2. Generate the Kudu API Authorisation token
3. Call Kudu /api/functions/admin/token to get a JWT that can be used with the Functions Key API
4. Then you can do whatever you want

这是我现有的脚本

    Param(
    [string] [Parameter(Mandatory=$true)] $resourceGroupName,
    [string] [Parameter(Mandatory=$true)] $functionappName,
    [string] [Parameter(Mandatory=$true)] $keyname,
    [string] [Parameter()] $slot
)

if (![string]::IsNullOrWhiteSpace($slot)){
    $apiBaseUrl = "https://$functionappName-$slot.scm.azurewebsites.net/api"
    $siteBaseUrl = "https://$functionappName-$slot.azurewebsites.net"
    $resourceType = "Microsoft.Web/sites/slots/config"
    $resourceName = "$functionappName/$slot/publishingcredentials"
}
else {
    $apiBaseUrl = "https://$functionappName.scm.azurewebsites.net/api"
    $siteBaseUrl = "https://$functionappName.azurewebsites.net"
    $resourceType = "Microsoft.Web/sites/config"
    $resourceName = "$functionappName/publishingcredentials"
}

Write-Host "Get the publishing credentials"
$publishingCredentials = Invoke-AzureRmResourceAction -ResourceGroupName $resourceGroupName -ResourceType $resourceType -ResourceName $resourceName -Action list -ApiVersion 2015-08-01 -Force

Write-Host "Generate the Kudu API Authorisation Token"
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $publishingCredentials.Properties.PublishingUserName, $publishingCredentials.Properties.PublishingPassword)))

Write-Host "Call Kudu /api/functions/admin/token to get a JWT that can be used with the Functions Key API"
$jwt = Invoke-RestMethod -Uri "$apiBaseUrl/functions/admin/token" -Headers @{Authorization=("Basic {0}" -f $base64AuthInfo)} -Method GET

Write-Host "Creates or updates an host key at the specified resource with an auto generated key"
$mynewkey = (Invoke-RestMethod -Uri "$siteBaseUrl/admin/host/keys/$keyname" -Headers @{Authorization=("Bearer {0}" -f $jwt)} -Method Post).value

编辑

新创建的功能应用默认情况下使用TLS 1.2 o您需要在Powershell脚本的顶部添加以下行：

Newly created function apps use TLS 1.2 by default so you need to add this line at the top of the Powershell script:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

这篇关于当您的功能设置为只读时，如何创建Azure功能，功能键的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！