I have this resource in azure.
(fa-001) Function App (Resource A)
(fa-001/slot) App Service (Slot) (Resource B)
Both resource have the url's below.
https://fa-001.azurewebsites.net/api/Example_Function (Resource A)
https://fa-001-slot.azurewebsites.net/api/Example_Function (Resource B)
When running locally I need to use the default App Keys in order to access the functions.
So the url's looks like below.
https://fa-001.azurewebsites.net/api/Example_Function?code=XXX (Resource A)
https://fa-001-slot.azurewebsites.net/api/Example_Function?code=YYY (Resource B)
I executed the url's initially on POSTMAN without a problem.
Now, I have a yaml script in azure devops that will swap the slots of this resources.
I executed the yaml script.
Resource A will become Resource B.
Resource B will become Resource A.
I executed the urls again on POSTMAN but with a 401 response.
https://fa-001.azurewebsites.net/api/Example_Function?code=XXX (Resource A)
https://fa-001-slot.azurewebsites.net/api/Example_Function?code=YYY (Resource B)
But If I swap the codes, I can access the url's without any problem.
https://fa-001.azurewebsites.net/api/Example_Function?code=YYY (Resource A)
https://fa-001-slot.azurewebsites.net/api/Example_Function?code=XXX (Resource B)
Is there a way to preserve App Keys when swapping azure function slots ?
If there's a way, how ?
Please check the below workaround I have done:
Created Azure Functions .NET 6 App in the Portal with 2 deployment slots: Production and Staging.
Production Slot - ProdHttpTrigger
Staging Slot - StagingHttpTrigger
These are the App Keys different in those 2 slots:
After Swapping:
Functions changed in between the slots but not the App Keys (Code=Value).
Every time you swap, the keys will not change and both slots use the same keys.
Those keys will be reset during swapping the slots and having the app setting AzureWebJobsSecretStorageType to files.
You can also use Function Keys where you create the custom key-value pair of that API/trigger and that works for both the slots as similar to the App Keys.
Related
I have developed a number of JavaScript functions that all get deployed to an Azure Function App. I have two different code sets intended for two different Azure FAs. Unfortunately, when the FAs were created they were not given a meaningful name, and instead are just a random string of letters and numbers.
I primarily deploy my code to Azure from within VSCode, and that seems to work fine. However, I have a strong concern that one day I will deploy one set of functions to the wrong FA, which would of course cause big problems.
Is there anywhere that I can define a list of "allowed" function apps, so that if I were to attempt deploying the code to another FA it would fail? Or is there another method to achieve a similar result?
As of right now, I can deploy any codebase to any FA.
To prevent deploying code to the wrong function:
There are few methods for restricting deployment to only particular Function Apps and preventing deployment to undesired Function Apps.
Use Deployment slots:
As detailed in MSDoc, You can choose a deployment slot for a function app which has a different URL than function app.
Instead of executing immediately in a production environment, you can test any fixes or incorrect deployments in a different deployment slot before it goes live by deploying it into a secondary deployment slot.
Because it is your production environment slot, your users will be accessing your original Function App.
How to work with Deployment Slots:
Goto Function App and you will find Deployment slots under deployment and then Add a slot as described in the below image:
You can also create a deployment slot using Az CLI command az functionapp deployment slot.
Use below format:
az functionapp deployment slot create --name <Functionapp> --resource-group <ResourceGroup> --slot "slot1"
Use Deployment Scripts:
When you deploy your code, you can specify a deployment script, which can be a CLI or PowerShell script.
You can create a deployment script that verifies the target Function App's name and fails if it does not match one of the given Function Apps.
Goto Azure Portal and search for Deployment Scripts to work with this.
In azure when i go to an App Service -> Settings -> Configuration -> Path mappings i see the following:
Now let's suppose i want to add more path mappings to it how can i do it, without using App service slots, how can we implement something like this with terraform?
example of what i pretend:
I found an github answer from the terraform providers that involved an azure template deploy using App Service Slots.
https://github.com/terraform-providers/terraform-provider-azurerm/issues/1422
Anyone found a way of doing this?
It looks like this is not yet possible in Terraform. According to this post on GitHub, you can add more path mappings via a PowerShell script once Terraform has finished provisioning its resources.
Does anyone know what the possible values are for kind on a Microsoft.Web/sites object in an Azure Resource Manager template?
There is no indication what the valid values are, only that it is a string.
https://learn.microsoft.com/en-us/azure/templates/microsoft.web/2019-08-01/sites
There are five possible values, they are api, app, app,linux, functionapp, functionapp,linux.
Meaning:
api - api app
app - windows web app
app,linux - linux web app
functionapp - windows function app
functionapp,linux - linux function app
You could easily check it in the portal -> App Services -> Add filter -> Kind.
If you are curious, you can also create one and check it in the resource explorer, it will be like below.
I am having different slots for a web app on azure for dev, test, production. I need to move different slots to their respective resource groups.
Can different slots for a single web app be in different resource groups? I tried to move a slot to different resource but gives me error (The list of resources in move definition cannot be null or empty. (Code: InvalidResourceMoveRequest)). Cannot make out much from the error. Is there a way to get more details on this error somewhere?
Thanks!
Can different slots for a single web app be in different resource groups?
You could not move the slot to other resource group, because the azure slot is not a top level resource.
This means that you could move the top level resource in order to move the child resource.
You could get more details about the limitation when moving resources to new group or subscription.
How can I compare the App Service configuration settings in two different App Services?
You can use the Azure Resource Explorer to navigate to and view a JSON representation of the conifguration of an App Service. This is built into Azure and doesn't require additional tooling.
For a Proof-of-Concept application I have, I navigated it as such:
subscriptions
-> My Subscription
-> resourceGroups
-> My PoC Apps
-> providers
-> Microsoft.Web
-> sites
-> MyTestApp
-> config (click on config for some, expand it and browse children for other config)`
I'm assuming you know how to compare two different blocks of JSON via various means (DIFF tools, etc), so I won't explain that part.
You can you PowerShell to get all the configuration details of your app services
Login to your Azure Subscription using Login-AzureRmAccount
To get all Configuration Settings execute below command.
Get-AzureRmWebApp -Name YourAppServiceName1;Get-AzureRmWebApp -Name YourAppServiceName2