We are facing a strange issue with one of our Az Functions. We are using a durable functions which it does have several AppKeys configured, one of them is called "durabletask_extension".
We are trying to automate the refresh of the keys using Az Cli but apparently when we try to refresh the key - the shell gives an error like "Operation Returned an invalid status "NotFound" "
However, I can see from listing the keys that the key-name provided is supposed to be correct.
Kindly see images attached :)
is this a bug or am I doing something wrong?
Refresh of default or master keys seems to be working just fine.
Images:
Keys List:-
Keys Set:-
We are able to reproduce the issue,
The key name which you have provided is systemKeys which is automatically managed by the Function runtime.
Instead, of that we have tried with functionkeys and it just worked fine with the same keyname "durabletask_extension" which we can add in our function app .
NOTE:- To add masterKey as in your functions you can use the below cmdlts.
az functionapp function keys set -g MyResourceGroup -n MyFunctionAppName --function-name MyFunctionName --key-name systemKey --key-value MyKeyValue
For more information please refer the below links:-
MS DOC| az functionapp keys set.& az functionapp function keys set .
Related
Is there any way to configure the deployment center of a function, as below, using the az cli?
I tried to use az functionapp deployment source config, but I didn't find any parameter to put the password and user.
According to the docs you have parameters available to provide the authentication information:
https://docs.azure.cn/en-us/cli/functionapp/deployment/source?view=azure-cli-latest#az-functionapp-deployment-source-config
[--private-repo-password]
[--private-repo-username]
However I don't get these as options when using the Azure CLI -h (not even in the latest version in cloud shell). Not sure if the auto-complete is just failing to parse them or they're not available at all.
I have a configuration in App Service like this
I want to pass this setting into the argument of a pipeline's task
How can I do it?
I've tried to create a variable group but I still don't know how to link the app setting into the variable
Microsoft provide command line tools to access this information. I don't have a web-app to access to give specific commands but roughly something like this.
See documentation here: https://learn.microsoft.com/en-us/azure/app-service/configure-common?tabs=cli#configure-app-settings
For example using az cli you could do something like:
az webapp config connection-string list --resource-group <group-name> --name <app-name> > settings.json
You can then select the specific item out of that list using jq.
myvalue=$(jq -r .some.path settings.json)
And you can also set the value in a variable which you can use in another task:
##vso[task.setvariable variable=appsetting;]value
So :
Download app settings
Select item
Set variable to pass to next step
Use variable in next step.
We have an Azure Key Vault task in our release pipeline which downloads some secrets for use in the stage.
In an Inline Azure PowerShell script you can just use the following to get the secret value:
$secretValue = $(nameOfTheSecretInKeyVault)
This works fine.
However we want to move to using scripts in the repo, i.e. poiting the DevOps task to a file path i.e. /somePath/myScript.ps1
So I would need to parameterise the above line of code, as I cannot just change the name in the inline script like I'm currently doing, but I can't get it to work.
I have tried:
$compositeName = "${someParameter}-Application"
$secretValue1 = $($compositeName)
$secretValue2 = $("${compositeName}")
$secretValue3 = env:$compositeName
$secretValue4 = $(${compositeName})
The top line is just building up the name of the secret which it needs to look for. Unfortunately none of these work. Attempt #1, #2 and #4 come back with the string name only, not having actually got the secret value, and #3 errors saying it doesn't exist.
Is there a way to achieve this, or do I simply need to parameterise the secret and pass it into the script from the ADO task?
As you, I couldn't figure out a way to access the variables the log mentions are loaded in the Download secrets task of the job. It did work in inline mode, but not a chance with a script file.
So instead I leveraged the existing wiring (variable group linked to my KeyVault) and just run the command myself at the start of my script:
$mySecretValue = (Get-AzKeyVaultSecret -VaultName "myVault" -Name "mySecret").SecretValueText
From there I could use it as any other variable.
Either run your KeyVault tasks first, before your PowerShell script, or do it all in PowerShell.
You will need to create a service connection to your Azure subscription from Azure DevOps. Allow the service connection to access the KeyVault. Access the KeyVault from PowerShell or Azure CLI.
E.g. for PowerShell:
(Get-AzKeyVaultSecret -vaultName "Contosokeyvault" -name "ExamplePassword").SecretValueText
Here is a detailed walk through.
There is also native key vault integration now so you can just have your keys read in as a variable group transparently, no Keyvault-specific powershell code required.
https://learn.microsoft.com/en-us/azure/devops/pipelines/library/variable-groups?view=azure-devops&tabs=yaml#link-secrets-from-an-azure-key-vault
One way to tackle this would be to add a parameter for your script to pass the release variable in when you call it, something like -secretValue $(nameOfTheSecretInKeyVault)
You should be able to use $env:nameOfTheSecretInKeyVault, but remember . become _
EDIT: Looking at your question again if you used env:$nameOfTheSecretInKeyVault you would have had an issue. It's $env:<variable_name>
If anyone comes across this in the future and is looking for a bash alternative, I ended up being able to do this with the following command
$(az keyvault secret show --name "${secret_name}" --vault-name "${vault_name} --query "value" | sed "s/\"//g")
This let's you get the value of the vault secret and use it wherever. The sed at the end is needed to drop the " that gets pulled out from the query
I have an Azure Function executed by Event Grid trigger. The function is debugged and functioning as designed. I was able to successfully create a subscription to an Event Grid topic using UI in the Azure Portal (click Add Event Grid subscription and complete the on-screen form).
The problem is I cannot get the endpoint format correct when attempting to use the CLI (Cloud Shell logged in as Administrator) to create a subscription. The basic template I'm using is
az eventgrid event-subscription create --resource-group $resourceGroup
--topic-name $topicName
--included-event-types $includedEventTypes
--name $eventSubscriptionName
--endpoint https://XXX.azurewebsites.net/admin/extensions/EventGridExtensionConfig?functionName=FunctionName&code=ABC123
I've tried copying the auto-populated endpoint, including its code parameter, from the UI. It works in the UI but not from CLI. When I run the above script using the endpoint and code provided in the portal, I get the following
The term 'code=<XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX> is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
If I omit the code, I get a message indicating the subscription failed because it couldn't validate the endpoint.
If I attempt to use the endpoint, in the form usually seen for function endpoints, https://XXX.azurewebsites.net/FunctionName, I also get complaints about validation.
What is the proper format for the endpoint when creating a subscription from the CLI in Cloud Shell? Do I include the code parameter or not? Where do I get the proper code?
Using:
Microsoft.NET.Sdk.Functions 1.0.19
Microsoft.Azure.EventGrid 1.4.0
Microsoft.Azure.WebJobs.Extensions.EventGrid 1.0.0
Try to wrap your function endpoint with quote sign, & seems a reserved sign in CLi syntax hence your parameter code is cut from the url.
I'm am following the steps here on this tutorial to automatically create image thumbnails
I get to the step to create the function app by running this code (replacing all relevant values):
az functionapp create --name <function_app> --storage-account <general_storage_account>
\ --resource-group myResourceGroup --consumption-plan-location westcentralus
At any stage after this step, if I view the function app in the portal I receive the following error and am unable to find the cause The function runtime is unable to start. Please check the runtime logs for any errors or try again later. Microsoft.AspNetCore.DataProtection: The payload was invalid.
The issue seems to be related to:
https://github.com/Azure/azure-webjobs-sdk-script/issues/2072
If in case you are using Website_ContentShare setting (which means using the same storage account) you might face this issue.
Go to https://.scm.azurewebsites.net/DebugConsole
Go into data -> functions
Delete the secrets folder
If that doesn't work:
browse to the storage account for your function app into the azure portal,
go into containers -> azure-webjobs-secrets
delete the container with your function app name e.g. the circled entry in this screenshot:
enter image description here