I'm new to azure functions. So I have build a normal http trigger which takes 2 parameters as input. So using those parameters I'm pulling data from gen2 locations and showing it at the response side.
Currently I'm using function keys (created one for my testing purpose) and using the same.
So the Request which I'm passing looks something like this:-
https://(APP-NAME).azurewebsites.net/(RESOURCE-PATH)?param1=¶m2=,code=(Generated by function key)
Till this point everything is working well. Now I'm sharing this request API to set of people.
The response API is data which they can see. Now I'm trying to make the code dynamic (like the existing one should expire after a certain time and I should be able to pick new function key from the same function key name I created)
Is is possible to generate our own function keys (using some random key generator) from the back end and keep updating the values after a particular time interval
Please feel free to provide more suggestions.
Azure has provided an api for the function key management in azure
function. This api will allow you to create, delete and update the
function keys. It is available at runtime when your app is deployed
in the azure.
According to this documentation you can make the required changes to the function keys, also you need to pass Bearer Token credentials with you get/post requests as you must be authorized to be able to view or make changes to the function keys.
Since you want to change the function key after a particular interval of time, you can use a time trigger which will change the function key (after a particular interval of time) using the above api.
To generate a key use any random string generator provided in the
programming language of your choice . You can then store the new
generated function key in a blob storage for further use.
REFERENCES:
Timer trigger for Azure Functions
Related
I am trying to figure out if Azure LogicApp can be used for files/documents migration from Azure Blob Storage to a custom service, where we have REST API. Here is the shortlist of requirements I have right now:
Files/documents must be uploaded into Azure Storage weekly or daily, which means that we need to migrate only new items. The amount of files/documents per week is about hundreds of thousands
The custom service REST API is secured and any interaction with endpoints should have JWT passed in the headers
I did the following exercise according to tutorials:
Everything seems fine, but the following 2 requirements make me worry:
Getting only new files and not migrate those that already moved
Getting JWT to pass security checks in REST
For the first point, I think that I can introduce a DB instance (for example Azure Table Storage) to track files that have been already moved, and for the second one I have an idea to use Azure Function instead of HTTP Action. But everything looks quite complicated and I believe that there might be better and easier options.
Could you please advise what else I can use for my case?
For the first point, you can use "When a blob is added or modified" trigger as the logic app's trigger. Then it will just do operation on the new blob item.
For the second point, just provide some steps for your reference:
1. Below is a screenshot that I request for the token in logic app in the past.
2. Then use "Parse JSON" action to parse the response body from the "HTTP" action above.
3. After that, your can request your rest api (with the access token from "Parse JSON" above)
I basically want to achieve what is described under this link and I did stuck on the 'Get the system key' step. It does work for Azure Function without custom domain:
http://{functionappname}.azurewebsites.net/admin/host/systemkeys/eventgridextensionconfig_extension?code={masterkey}
but for any Azure Functions with custom domain it doesn't work. Response is not in expected format, it's just a static web site without the system key. Is there a way to get this key? I assume it might not be supported for such case.
From your description, you are talking about the function app on azure.
Function key is just a valication method to let you hit the endpoint of the trigger. Custom domain or use original domain both can use function key.
Go to this place to get the key:
trigger tier key:
function app tier key:
You can even add your custom key.
Let me know whether this can answer your question.
I'm looking to get at an Azure function app's list of operational endpoints for each function, in particular the secret code that needs to be passed in to invoke the function.
I've tried lots of current answers in SO but all only seem to work with Function App's which use Files as the secret storage type.
We have a requirement to use Blob storage which is also the default in V2 function apps.
What I'm really after is the code piece that comes after the function name when it's retrieved from the Azure portal, I can manufacture all the other pieces before that myself.
For example https://mytestfunapp-onazure-apidev03.azurewebsites.net/api/AcceptQuote?code=XYZABCYkVeEj8zkabgSUTRsCm7za4jj2OLIQWnbvFRZ6ZIiiB3RNFg==
I can see where the secrets are stored in Azure Blob Storage as we need to configure that anyway when we create all the resources in our scripts.
What I'm really look for is how to decrypt the secret stored in the file. I don't care what programming language or script the solution may be written in, I'll work with it, or convert it to another language that we can use.
Here's a snippet of what the stored secret looks like in Blob storage, it's just a JSON file.
I'm wondering if anyone out there has some experience with this issue and may be able to help me out.
For now it's not supported to get the true key value programmatically. you could just view your key or create new key in the portal. You could find the description here: Obtaining keys.
If your function is a WebHook, when using a key other than the default you must also specify the clientId as a query param (the client ID is the name of your new key):
https://<yourapp>.azurewebsites.net/api/<funcname>?clientid=<your key name>
More information refer to this wiki doc: WebHooks.
I am working my first Azure function with http trigger. code are stored in TFS, our release team will deploy it use octopus.
my question is in which situation, authorization key of azure function will change?
remove function app? delete function? any other case?
Thanks,
Wes
my question is in which situation, authorization key of azure function will change? remove function app? delete function? any other case?
If you metioned authorization key is authorization code for http trigger. There are 2 types of keys (API Keys and Master key) for the http tigger function.
API Keys:
Function App Level keys means that all of specific function are the same for the current app. (Unless delete the function app, the key will changed/not exist)
Function level keys apply to the specific functions(Delete the specific functions, it will change)
Host: Also commonly referred to as Function App Level keys. Keys defined at this level apply to the entire Function App. You have the ability to define Function Keys at this level, and they would allow clients to authenticate against any function. This is also where your Master Key is defined.
Function: Function level keys apply to the specific functions they're defined under, restricting its use for authentication to that function only.
Master Key:
The master key provides administrative access to the runtime APIs. You should exercise care if you choose to use the Admin authorization level for your functions as we do not recommend redistributing the master key.
We also could use the Rest API to change the key. For more information about Http trigger function, please refer to this document.
The Azure Function documentation is clear on using Host and/or Function keys to provide "api key" authorization. However, I can't find anything that indicates if there is a limit on how many keys can be created on a particular function or function app.
I would like to share a unique key with each tenant in a multi-tenant application so I can update or revoke them on a per-tenant basis. However, this approach will only work if I am able to generate hundreds (or potentially thousands) of keys.
Can anyone confirm any known limits on the number of keys that can be generated on a function app?
There aren't any strict limits imposed by the runtime, but we can't make any guarantees that this would be performant at scale.