ARM Deployment: Get Azure Function API Key - azure

As part of a Stream Analytics deployment solution I want to retrieve the API key for a Azure Function App in an ARM template via e.g. the listkeys() function. Is there a way to retrieve this key via an ARM template respectively during an ARM deployment and if yes, how?
Thanks

The new Key Management API of Azure Functions has gone live. Its possible via the following ARM Script. Also check this Github issue
"variables": {
"functionAppId": "[concat(parameters('functionAppResourceGroup'),'/providers/Microsoft.Web/sites/', parameters('functionAppName'))]"
},
"resources": [
{
"type": "Microsoft.KeyVault/vaults/secrets",
"name": "[concat(parameters('keyVaultName'),'/', parameters('functionAppName'))]",
"apiVersion": "2015-06-01",
"properties": {
"contentType": "text/plain",
"value": "[listkeys(concat(variables('functionAppId'), '/host/default/'),'2016-08-01').functionKeys.default]"
},
"dependsOn": []
}
]

This question has already been answered here:
listKeys for Azure function app
Get Function & Host Keys of Azure Function In Powershell
What is important in this context is to set the 'Minimum TLS Version' to '1.0' before deploying the job. Otherwise you will get failures when testing the connection health.

Related

How can I use slotted deployments in Azure DevOps for an Azure App Service?

I'm having some problems with slotted deployments in Azure DevOps. The problem is that my app goes down during deployment. But once the deployment finishes, it comes up again.
My app comes with an azuredeploy.json file: https://pastebin.com/CPVzE5hM.
While trying to access my web app once it is deploying, it seems to go down at the first step:
Azure Deployment: Create Or Update Resource Group acti...
There are usually no changes to the azuredeploy.json file, so I don't understand why it goes down at this step. There is nothing to create -- it exists before, and there is nothing to update either.
I have set up the slots manually in Azure Portal. The deployment mode is incremental.
How can I use slotted deployments in Azure DevOps for an Azure App Service?
According to your description, we need to create new deployment slot for an existing WebApp.
So, we need to check if we create or update for the new deployment slot instead of the Production:
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"siteName": {
"type": "string"
},
"slotName": {
"type": "string"
}
},
"resources": [
{
"apiVersion": "2015-04-01",
"type": "Microsoft.Web/Sites/Slots",
"name": "[concat(parameters('siteName'), '/', parameters('slotName'))]",
"location": "[resourceGroup().location]",
"properties": {},
"resources": []
}
]
}
The template on GitHub.
You could check the document this, this and the similar thread for some more details. If this not resolve this issue, please share your json file to use.

API to add properties to Azure Webapp Application settings

I have one web app running on a Azure appservice plan. The web app has a lot of settings defined in Application settings of the Web App. Now I want to replicate that web app with all its Application settings. I got the REST API to list down all the settings available for any web app (/api/settings). Although there is a POST call to add/update the settings , But it is not updating Application settings.
Is there any REST API to add/update the Application settings of Azure web app ?
Thanks,
Abhiram
Is there any REST API to add/update the Application settings of Azure web app ?
Yes, we could update the application setting with the following Update Application Settings REST API
Put https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resource group}/providers/Microsoft.Web/sites/{WebAppName}/config/appsettings?api-version=2016-08-01
Body
{
"id": "subscriptions/{subscriptionId}/resourceGroups/{resource group}/providers/Microsoft.Web/sites/{WebAppName}/config/appsettings",
"name": "appsettings",
"type": "Microsoft.Web/sites/config",
"location": "South Central US",
"tags": {
"hidden-related:/subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Web/serverfarms/tomfreePlan": "empty"
},
"properties": {
"WEBSITE_NODE_DEFAULT_VERSION": "6.9.1",
"Test1": "testValue1" //Added value
}
}
Note: we could use the following List Application Settings REST API post way to list the appsetting body.
Post https://management.azure.com/subscriptions/{subscription}/resourceGroups/CXP-{resourceGroup}/providers/Microsoft.Web/sites/{WebAppName}/config/appsettings/list?api-version=2016-08-01
To my knowledge, there is not. But have you considered scripting your Web App settings with an ARM template? This is exactly the kind of thing that ARM templates are intended for.
An example of the properties section of a Web App's ARM template that lets you script appSettings and connectionStrings is listed below:
"properties": {
"name": "YourWebAppsName",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', YourAppServicePlanName)]",
"siteConfig": {
"appSettings": [
{
"name": "someAppSettingKey",
"value": "someAppSettingValue"
},
{
"name": "someOtherAppSettingKey",
"value": "someOtherAppSettingValue"
}
],
"connectionStrings": [
{
"name": "defautlConnection",
"connectionString": "YourConnectionString",
"type": "2"
},
]
}
When you deploy an ARM template, Azure will ensure that the target resource's settings match what's specified in your template.
Visual Studio has a project type for developing and deploying these. It's the Azure Resource Group project type located under the Cloud node in the project templates.
As an added bonus, you can check these ARM templates into source control alongside your code.

How to stop a resource deployment in arm Azure template until first one is done?

I'm trying to deploy a SQL server and SQL data warehouse in arm template mode in Azure CLI. The issue is, the template fails because it's using a SQL server name to create a data warehouse. So, my question is how to stop the data warehouse deployment until the SQL server is deployed successfully?
Or is there any way to stop it until the SQL server is successfully deployed?
You would use the dependsOn property of a resource definition:
{
"type": "Microsoft.Compute/virtualMachineScaleSets",
"name": "[variables('namingInfix')]",
"location": "[variables('location')]",
"apiVersion": "2016-03-30",
"tags": {
"displayName": "VMScaleSet"
},
"dependsOn": [
"[variables('loadBalancerName')]",
"[variables('virtualNetworkName')]",
"storageLoop",
],
...
}
In the example above, the vm scale set does not get created until the load balancer, vnet and storage account are first created.
Documentation on how to use it: https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-group-define-dependencies

Connect Azure Function App to VNet

How can I deploy my function app attached to a VNet using an arm template?
Right now my arm template deploys an AppServicePlan based function app just fine and sets the "vnetName" in the "site" resource "properties" section...but after the deploy the function app still shows as "not configured" for any VNet. I can then go into the portal and add to the desired VNet in a couple of clicks...but why doesn't it work via the arm template? Can someone please provide a sample arm template to do this?
Upon further review this is not possible via only ARM. Here are the instructions to connect a web app to a VNet: https://learn.microsoft.com/en-gb/azure/app-service-web/app-service-vnet-integration-powershell
Old Answer: Here is another post trying to achieve the same with Web Apps (Functions is built on Web Apps): https://stackoverflow.com/a/39518349/5915331
If I had to guess based on the powershell command, try adding a sub resource to the site of type config with name web, similar to the arm template for a github deployment: https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/app-service-web/app-service-web-arm-from-github-provision.md#web-app
There may be some magic happening under the hood, however.
{
"name": "[parameters('siteName')]",
"type": "Microsoft.Web/sites"
"location": ...,
"apiVersion": ...,
"properties": ...,
"resources": [
"name": "web",
"type": "config",
"apiVersion": "2015-08-01",
"dependsOn": [
"[resourceId('Microsoft.Web/Sites', parameters('siteName'))]"
],
"properties": {
"vnetName": "[parameters('vnetName')]"
},
]
}
I can do everything with ARM except create the VPN package - which is what makes the difference between just setting the resource properties and actually making the app connect to the VNET correctly.
Everything in this article (https://learn.microsoft.com/en-gb/azure/app-service-web/app-service-vnet-integration-powershell) can be easily converted from PowerShell to ARM except for Get-AzureRmVpnClientPackage
Hypothetically, if you are using a legacy VNET, you could get the VPN client package URL via ARM because the legacy VNET resource provider supports that operation (https://learn.microsoft.com/en-us/azure/active-directory/role-based-access-control-resource-provider-operations):
Microsoft.ClassicNetwork/virtualNetworks/gateways/listPackage/action
The ARM VNET provider does not seem to

Since it's not possible to create Blob container in Azure ARM, then how can I enable Archive using ARM?

According to the documentation I can enable the Azure Event Hubs Archive feature using an Azure Resource Manager template. The template takes a blobContainerName argument:
"The blob container where you want your event data be archived."
But afaik it's not possible to create a blob container using an ARM template, then how am I supposed to enable the Archive feature on an Event Hub?
The purpose of the ARM template is to provision everything from scratch, not to manually create some of the resources using the portal.
It wasn't possible before to create containers in your storage account, but this has been changed. New functionality has been added to the ARM template for Storage Accounts which enable you to create containers.
To create a storage account with a container called theNameOfMyContainer, add this to your resources block of the ARM template.
{
"name": "[parameters('storageAccountName')]",
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2018-02-01",
"location": "[resourceGroup().location]",
"kind": "StorageV2",
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"properties": {
"accessTier": "Hot"
},
"resources": [{
"name": "[concat('default/', 'theNameOfMyContainer')]",
"type": "blobServices/containers",
"apiVersion": "2018-03-01-preview",
"dependsOn": [
"[parameters('storageAccountName')]"
],
"properties": {
"publicAccess": "Blob"
}
}]
}
To my knowledge, you can use None, Blob or Container for your publicAccess.
It's still not possible to create Queues and Tables, but hopefull this will be added soon.
Just like you said, there is no way to create a blob in Azure ARM Template, so the only logical answer to this question is: supply existing blob at deployment time. One way to do that would be to create a blob with powershell and pass it as a parameter to ARM Deployment.

Resources