获取ARM中的功能应用程序的Webhook网址以用于事件网格订阅

时间:2018-07-26 11:17:48

标签: azure azure-functions azure-eventgrid

我正在尝试自动化环境vir ARM模板的部署。我可以部署事件网格和功能应用程序,但是现在我需要在部署功能应用程序后将功能应用程序订阅到事件网格。有没有办法获取功能应用程序

的webhook网址
  1. 通过ARM
  2. 发布管道中的某些其他组件(Powershell)

有了webhook网址后,我们便可以通过ARM创建订阅-但是要获得正确的网址似乎就是我们的命题。

请帮助

5 个答案:

答案 0 :(得分:4)

在上面@Van和@Barrie的回答的帮助下,我设法使它开始工作。

此脚本从azure api返回主密钥和默认密钥,使您能够从发布管道中的functionApp / webApp创建eventgrid订阅。

Van的脚本(7月30日)适用于FA版本1,但不适用于FunctionApps V2(API中有所更改)。在V2中使用此脚本时,错误为:

  

运行时密钥存储在Blob存储中。该API不支持此配置。请将环境变量AzureWebJobsSecretStorageType的值更改为“文件”。

我修改了此脚本,现在可以在V2中使用

#DEBUG: when debugging (running in powershell on local pc) you need to comment out the next line by starting the line with #
param($resourceGroupName, $webAppname)

function Get-PublishingProfileCredentials($resourceGroupName, $webAppName){
        $resourceType = "Microsoft.Web/sites/config"
        $resourceName = "$webAppName/publishingcredentials"
        $publishingCredentials = Invoke-AzureRmResourceAction -ResourceGroupName $resourceGroupName -ResourceType $resourceType -ResourceName $resourceName -Action list -ApiVersion 2015-08-01 -Force
        return $publishingCredentials
}

function Get-KuduApiAuthorisationHeaderValue($resourceGroupName, $webAppName){
        $publishingCredentials = Get-PublishingProfileCredentials $resourceGroupName $webAppName
        return ("Basic {0}" -f [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $publishingCredentials.Properties.PublishingUserName, $publishingCredentials.Properties.PublishingPassword))))
}

function Get-MasterAPIKey($kuduApiAuthorisationToken, $webAppName ){    
        $bearerToken = Invoke-RestMethod -Uri https://$webAppName.scm.azurewebsites.net/api/functions/admin/token  -Headers @{"Authorization"=$kuduApiAuthorisationToken;"If-Match"="*"} 

        $masterkeyResponse = Invoke-RestMethod -Method GET -Headers @{Authorization=("Bearer {0}" -f $bearerToken)} -Uri "https://$webAppName.azurewebsites.net/admin/host/systemkeys/_master" 
        $masterKeyValue = $masterkeyResponse.value
        return $masterKeyValue
}

function Get-HostAPIKeys($kuduApiAuthorisationToken, $webAppName, $masterKey ){
        $apiUrl = "https://$webAppName.azurewebsites.net/admin/host/keys?code=$masterKey"
        $result = Invoke-WebRequest $apiUrl
        return $result
}

#DEBUG: when debugging this in powershell on my local pc I use this to authenticate (remove # to uncomment the next line):
#Login-AzureRmAccount -SubscriptionName "Insert_Subscription_Name_Here"


#DEBUG: when debugging you need to set these parameters:
# $resourceGroupName = "Insert_ResourceGroup_Name_Here"
# $webAppname = "Insert_FunctionApp_Name_Here"


#Auth Header
$kuduToken = Get-KuduApiAuthorisationHeaderValue $resourceGroupName $webAppName

#MasterKey
$masterKey = Get-MasterAPIKey $kuduToken $webAppName
Write-Host "masterKey = " $masterKey

#Default Key
$result = Get-HostAPIKeys $kuduToken $webAppName $masterkey
$keysCode =  $result.Content | ConvertFrom-Json
Write-Host "default Key = " $keysCode.Keys[0].Value

#Set Return Values:
$faMasterKey = $masterkey
$faDefaultKey = $keysCode.Keys[0].Value

Write-Output ("##vso[task.setvariable variable=fa_MasterKey;]$faMasterKey")
Write-Output ("##vso[task.setvariable variable=fa_DefaultKey;]$faDefaultKey")

此脚本与Van的脚本之间只有很小的区别。主要区别在于此脚本将在Azure CLI Functions V2上运行。更多信息:https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-event-grid

答案 1 :(得分:1)

您应该能够像这样输出webhook URL:

"outputs": {       
    "Url": {
        "type": "string",
        "value": "[listsecrets(resourceId('Microsoft.Web/sites/functions', parameters('yourFunctionAppName'), parameters('yourFunctionName')),'2015-08-01').trigger_url]"
    }        
}

这里是相关的answer

答案 2 :(得分:1)

我终于设法解决了这个问题。最后,我创建了一个powershell任务,该任务提取了masterkey(和defaultKey),现在我可以创建eventgrid订阅了。

感谢

这是我使用的powershell脚本:

param($resourceGroupName, $webAppname)

function Get-PublishingProfileCredentials($resourceGroupName, $webAppName){

$resourceType = "Microsoft.Web/sites/config"
$resourceName = "$webAppName/publishingcredentials"
$publishingCredentials = Invoke-AzureRmResourceAction -ResourceGroupName 
$resourceGroupName -ResourceType $resourceType -ResourceName $resourceName -Action 
list -ApiVersion 2015-08-01 -Force
return $publishingCredentials   
}

function Get-KuduApiAuthorisationHeaderValue($resourceGroupName, $webAppName){

$publishingCredentials = Get-PublishingProfileCredentials $resourceGroupName $webAppName
return ("Basic {0}" -f [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $publishingCredentials.Properties.PublishingUserName, $publishingCredentials.Properties.PublishingPassword))))
}

function Get-MasterAPIKey($kuduApiAuthorisationToken, $webAppName ){

$apiUrl = "https://$webAppName.scm.azurewebsites.net/api/functions/admin/masterkey"

$result = Invoke-RestMethod -Uri $apiUrl -Headers @{"Authorization"=$kuduApiAuthorisationToken;"If-Match"="*"} 

return $result`
}

function Get-HostAPIKeys($kuduApiAuthorisationToken, $webAppName, $masterKey ){

$apiUrl = "https://$webAppName.azurewebsites.net/admin/host/keys?code=$masterKey"

$result = Invoke-WebRequest $apiUrl

return $result`
}

$accessToken = Get-KuduApiAuthorisationHeaderValue $resourceGroupName $webAppname

$adminCode = Get-MasterAPIKey $accessToken $webAppname

Write-Host "masterKey = " $adminCode.Masterkey

$result = Get-HostAPIKeys $accessToken $webAppname $adminCode.Masterkey

$keysCode =  $result.Content | ConvertFrom-Json

Write-Host "default Key = " $keysCode.Keys[0].Value

$faMasterKey = $adminCode.Masterkey
$faDefaultKey = $keysCode.Keys[0].Value

Write-Output ("##vso[task.setvariable variable=fa_MasterKey;]$faMasterKey")
Write-Output ("##vso[task.setvariable variable=fa_DefaultKey;]$faDefaultKey")

这将输出:

  • “ fa_MasterKey”变量中的主键
  • “ fa_DefaultKey”变量中的defaultKey

(我将尝试创建VSTS任务并将其发布到市场上-详细内容将在后面进行)

答案 3 :(得分:1)

我和您同舟共济,最终完成了这项工作,但是花了很多时间才能得出正确的端点等。我试图做的是使用以下方法为我的一个资源组创建事件订阅az eventgrid event-subscription create。主要问题是--endpoint参数,因为它上面有一个code查询字符串参数。通过执行以下操作,我可以在Azure门户中轻松找到它:

  1. 转到我的功能应用程序
  2. 转到我要添加为事件订阅处理程序的函数
  3. 点击“添加事件网格订阅”
  4. 复制“订户端点”值

但是,我想以编程方式完成所有工作,事实证明这很困难。最后,我使用的bash脚本如下所示:

#!/bin/bash

appName="myfunctionappname"
resourceGroup="myresourcegroupname"

# First do a KUDU login so we can get a JWT bearer token
user=$(az webapp deployment list-publishing-profiles -n $appName -g $resourceGroup --query "[?publishMethod=='MSDeploy'].userName" -o tsv)
pass=$(az webapp deployment list-publishing-profiles -n $appName -g $resourceGroup --query "[?publishMethod=='MSDeploy'].userPWD" -o tsv)
bearerToken=$(curl -s -u $user:$pass https://$appName.scm.azurewebsites.net/api/functions/admin/token | tr -d '"')

# Creating event grid subscription linked against the endpoint is an admin function so requires a master key
masterKeyResponse=$(curl -s -H "Authorization: Bearer $bearerToken" "https://$appName.azurewebsites.net/admin/host/systemkeys/_master")
masterKey=$(echo $masterKeyResponse | jq '.value' | tr -d '"')

functionName="MyFunctionName"
az eventgrid event-subscription create -g $resourceGroup --name "test-event-subscription" --endpoint "https://$appName.azurewebsites.net/runtime/webhooks/EventGridExtensionConfig?functionName=$functionName&code=$masterKey"

答案 4 :(得分:0)

对于 V 2.0 和 3.0 函数应用,您必须将 AzureWebJobsSecretStorageType 设置为文件:

  "properties": {
    "name": "[variables('functionsName')]",
    "siteConfig": {
      "appSettings": [
        {
          "name": "FUNCTIONS_EXTENSION_VERSION",
          "value": "~3"
        },
        {
          "name": "AzureWebJobsSecretStorageType",
          "value": "files"
        },

然后您可以使用以下方法获取网址或密钥和网址:

  "outputs": {
    "mValidateConfigurationUrl": {
      "type": "string",
      "value": "[listsecrets(resourceId('Microsoft.Web/sites/functions', variables('functionsName'), 'mValidateConfiguration'),'2015-08-01').trigger_url]"
    },
    "mValidateConfigurationUrlObj": {
      "type": "object",
      "value": "[listsecrets(resourceId('Microsoft.Web/sites/functions', variables('functionsName'), 'mValidateConfiguration'),'2015-08-01')]"
    }