具有非匿名authLevel的Docker中的Http触发Azure函数 [英] Http Trigger Azure Function in Docker with non anonymous authLevel
问题描述
我正在Docker容器中使用Http触发的Azure函数。到目前为止,我发现的所有教程和指南都将Azure Function配置为 authLevel 设置为 anonymous 。
阅读 b> 仔细地看来,配置其他身份验证级别也是可能的(尽管很棘手)。不幸的是,尚未写出所承诺的后续博客文章。 >有人可以帮助我阐明如何设置吗?
要控制功能主机的主键在启动时使用-而不是生成随机密钥-准备我们自己的 host_secrets.json 文件,例如
{
masterKey:{
name: master,
value: asGmO6TCW / t42krL9CljNod3uG9aji4mJsQ7 ==,
encrypted :false
},
functionKeys:[
{
name: default,
value: asGmO6TCW / t42krL9CljNod3uG9aji4mJsQ7 ==,
已加密:false
}
]
}
,然后将此文件输入到Function主机的指定secrets文件夹中( Dockerfile ):
用于V1函数(假设运行时根为C:CWebHost):
...
添加host_secrets.json C:\\WebHost\\SiteExtensions\\函数\\App_Data\\Secrets\\ host.json
...
用于V2函数(假设您的运行时根为是C:\运行时):
...
添加host_secret.json C:\ \\runtime\\Secrets\\host.json
USER ContainerAdministrator
RUN icacls c:\runtime\secrets / t / grant Users:M
用户ContainerUser
ENV AzureWebJobsSecretStorageType =文件
...
功能键可用于调用受保护的功能,例如 ... / api / myfunction?code = asGmO6TCW / t42krL9CljNod3uG9aji4mJsQ7 == 。
在我的博客我描述了将V1和更高版本的V2 Functions运行时引入<$ c $的整个过程c> Docker 容器并将其托管在Service Fabric中。
I am playing around with an Http Triggered Azure Functions in a Docker container. Up to now all tutorials and guides I found on setting this up configure the Azure Function with the authLevel" set to anonymous.
After reading this blog carefully it seems possible (although tricky) to also configure other authentication levels. Unfortunately the promised follow up blogpost has not (yet) been written.
Can anyone help me clarify on how I would go about and set this up?
To control the master key the Function host uses on startup - instead of generating random keys - prepare our own host_secrets.json file like
{
"masterKey": {
"name": "master",
"value": "asGmO6TCW/t42krL9CljNod3uG9aji4mJsQ7==",
"encrypted": false
},
"functionKeys": [
{
"name": "default",
"value": "asGmO6TCW/t42krL9CljNod3uG9aji4mJsQ7==",
"encrypted": false
}
]
}
and then feed this file into the designated secrets folder of the Function host (Dockerfile):
for V1 Functions (assuming your runtime root is C:\WebHost):
...
ADD host_secrets.json C:\\WebHost\\SiteExtensions\\Functions\\App_Data\\Secrets\\host.json
...
for V2 Functions (assuming your runtime root is C:\runtime):
...
ADD host_secret.json C:\\runtime\\Secrets\\host.json
USER ContainerAdministrator
RUN icacls "c:\runtime\secrets" /t /grant Users:M
USER ContainerUser
ENV AzureWebJobsSecretStorageType=files
...
The function keys can be used to call protected functions like .../api/myfunction?code=asGmO6TCW/t42krL9CljNod3uG9aji4mJsQ7==.
The master key can be used to call Functions Admin API and Key management API.
In my blog I describe the whole journey of bringing V1 and later V2 Functions runtime into Docker containers and host those in Service Fabric.
这篇关于具有非匿名authLevel的Docker中的Http触发Azure函数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
