问题描述
我正在使用 SendGrid 绑定.作为该电子邮件内容的一部分,我想包含一个指向 HTTP 方法 了解更多信息.我的所有 HTTP 函数都使用 AuthorizationLevel.Function
进行保护.
I'm sending an email in Azure Functions using the SendGrid bindings. As part of the contents of that email, I'd like to include a link to one of the HTTP methods in the Azure Functions instance for more information. I have all my HTTP functions secured with AuthorizationLevel.Function
.
我已经看到了在 PowerShell 中从 ARM 和 Kudu 中抓取密钥(以及 这个)和输出密钥的解决方案只是 ARM,但它们都依赖于我的 Azure Functions 所没有的东西:对 ARM(Azure 资源管理)API 的权限.
I've seen a solution for scraping the keys from ARM and Kudu in PowerShell (and this one) and a solution to output the keys with just ARM, but these both rely on having something my Azure Functions do not: permissions to the ARM (Azure Resource Management) APIs.
我还找到了 Azure Functions 的 密钥管理 APIhost 在本地完全按照我的要求工作,但是一旦部署了 Azure Functions,我不知道如何通过 401 Unauthorized
.我可以使用 _master
功能键手动通过它,但是我又回到不知道如何在运行时获取该键.
I also found the Key management APIs for the Azure Functions host which works exactly as I want locally, but I don't know how to get past the 401 Unauthorized
once the Azure Functions are deployed. I can get past it manually with the _master
function key, but then I'm back to not knowing how to get that key at runtime.
问题是这样的:是否可以在运行时从 Azure Function Host 获取 Azure Function 的密钥?我非常希望不需要 ARM 权限来执行此操作.
The question is this: Is it possible to get the key for an Azure Function at runtime from the Azure Function Host somehow? I would very much prefer to not need ARM permissions to do that.
推荐答案
要在使用 ARM 模板的 CI 管道中执行此操作,您需要确保您的密钥库和功能启动在同一个资源组中.
To do this in a CI pipeline using ARM templates you need to ensure you key vault and function up are in the same resource group.
- 使用 ARM 部署您的函数应用
- 将函数部署到函数应用 - 更新此代码以从 keyvault 中查找密钥,正如您提到的为您的 SendGrid API 密钥所做的那样
以 ARM 模板的形式运行以下代码,确保它以增量的形式运行.这将从命名函数中获取密钥并将其放入所需的密钥库中.
- Deploy your function app using ARM
- Deploy the function to the function app - update this code to look for the key from keyvault as you've mentioned you do for your SendGrid API Key
Run the below as an ARM template ensuring it is run as incremental. This will get the key from the named function and put it into the desired key vault.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"functionAppName":: {
"type": "string",
"metadata": {
"description": "The name of the function app that you wish to get the key from."
}
},
"functionName": {
"type": "string",
"metadata": {
"description": "The name of the function that you wish to get the key from."
}
},
"keyVaultName": {
"type": "string",
"metadata": {
"description": "The name of the key vault you wish to put the key in."
}
}
},
"variables": {
"functionAppName": "[parameters('functionAppName')]",
"keyVaultName": "[parameters('keyVaultName')]",
"functionName": "[parameters('functionName')]"
},
"resources": [
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(variables('keyVaultName'),'/', variables('functionAppName'))]",
"apiVersion": "2015-06-01",
"properties": {
"contentType": "text/plain",
"value": "[listsecrets(resourceId('Microsoft.Web/sites/functions', variables('functionAppName'), variables('functionName'),'2015-08-01').key]"
},
"dependsOn": []
}
]
}
这篇关于在部署时从 Azure 函数获取 Azure 函数密钥?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!