从azure功能应用程序检索主机密钥

从azure功能应用程序检索主机密钥

本文介绍了从azure功能应用程序检索主机密钥的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试使用Azure cli编写环境脚本.我已经创建了一些功能应用程序,并且想要添加一个主机密钥或至少检索自动创建的默认密钥.蔚蓝的cli对此完全没有支持.

I am trying to script an environment using the Azure cli. I have created a few function apps and would like to add a host key or at least retrieve the default one that is created automatically. The azure cli has no support at all for this.

在函数本身上似乎有一个api(它的文档似乎很稀疏),它允许我获取密钥,但是您需要一个密钥才能使用它..在那里没有帮助.

There seems to be an api (documentation for it seems to be sparse) on the function itself that allows me to get the keys, however you need a key to use it so.. no help there.

https://github.com/Azure/azure-webjobs-sdk-script/wiki/Key-management-API

例如: https://example-functions.azurewebsites.net/admin/host/keys?code = somecodeyoureadyknow

我还看到了一些其他示例,这些示例使用webapps scm api下载包含密钥的json文件,但是我不确定如何使用此API进行身份验证.我有一个服务主体(用户名,密码,tenantid),我希望不必在脚本中添加其他身份验证方案.

I have seen some other examples that use the webapps scm api to download the json file that contains the keys however I'm not sure how to authenticate with this API. I have a service principal (userid, password, tenantid) and I was hoping to not have to add another authentication scheme to my script.

推荐答案

以下是步骤.

  1. 假设您已经具有Kudu部署凭据. (听起来您已经知道如何执行此操作.您可以通过服务原理中的ARM调用来获取它,等等)
  2. 从kudu部署凭据中,您可以获得一个JWT,该JWT可让您调用Functions键API.
  3. 从Functions API中,您可以获得所有密钥(包括主密钥).

以下是一个powershell脚本,该脚本演示了从Kudu部署凭据到Function Master密钥的确切调用:

Here's a powershell script that demonstrates the exact calls to go from Kudu deployment creds to Function Master key:

# You need to start with these:
$site = "YourSiteName"
$username='YourDeploymentUserName'
$password='YourDeploymentPassword'

# Now...
$apiBaseUrl = "https://$($site).scm.azurewebsites.net/api"
$siteBaseUrl = "https://$($site).azurewebsites.net"

# For authenticating to Kudu
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $username,$password)))


# Call Kudu /api/functions/admin/token to get a JWT that can be used with the Functions Key API
$jwt = Invoke-RestMethod -Uri "$apiBaseUrl/functions/admin/token" -Headers @{Authorization=("Basic {0}" -f $base64AuthInfo)} -Method GET

# Call Functions Key API to get the master key
$x = Invoke-RestMethod -Uri "$siteBaseUrl/admin/host/systemkeys/_master" -Headers @{Authorization=("Bearer {0}" -f $jwt)} -Method GET

$masterKey = $x.value

这篇关于从azure功能应用程序检索主机密钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-19 01:27