Question:
In our VSTS release pipeline we want to call a powershell script that adds a function key for one of my Azure Functions (using the Key Management rest API).
I’ve created a script based on this article:
https://www.markheath.net/post/managing-azure-function-keys
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
Param( [string] [Parameter(Mandatory=$true)] $ResourceGroup, [string] [Parameter(Mandatory=$true)] $AppName, [string] [Parameter(Mandatory=$true)] $FunctionName, [string] [Parameter(Mandatory=$true)] $KeyName, [string] [Parameter(Mandatory=$true)] $KeyValue ) function getAuthenticationToken([string]$appName, [string]$resourceGroup) { $user = az webapp deployment list-publishing-profiles -n $appName -g $resourceGroup ` --query "[?publishMethod=='MSDeploy'].userName" -o tsv $pass = az webapp deployment list-publishing-profiles -n $appName -g $resourceGroup ` --query "[?publishMethod=='MSDeploy'].userPWD" -o tsv $pair = "$($user):$($pass)" $encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair)) $jwt = Invoke-RestMethod -Uri "https://$appName.scm.azurewebsites.net/api/functions/admin/token" -Headers @{Authorization=("Basic {0}" -f $encodedCreds)} -Method GET return $jwt } function setFunctionKey([string]$appName, [string]$functionName, [string] $keyName, [string]$keyValue, [string]$jwt) { $body = (@{ "name" = $keyName "value" = $keyValue } | ConvertTo-Json) #Setting the SecurityProtocol is a workaround for calling Azure APIs, I think? [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 try { Invoke-RestMethod -Uri "https://$appName.azurewebsites.net/admin/functions/$functionName/keys/$keyName/" ` -Headers @{Authorization=("Bearer $jwt")} ` -Method PUT ` -ContentType "application/json" ` -Body $body } catch { $_.Exception | Format-List -Force } } $jwt = getAuthenticationToken $AppName $ResourceGroup setFunctionKey $AppName $FunctionName $KeyName $KeyValue $jwt Write-Host "Specified key '$KeyName' has been added to $FunctionName" |
Works locally, but when running it VSTS it gets and error when calling
|
1 2 3 |
$user = az webapp deployment list-publishing-profiles -n $appName -g $resourceGroup ` --query "[?publishMethod=='MSDeploy'].userName" -o tsv |
with the message:
ERROR: Please run ‘az login’ to setup account.
We have other azure cli calls that works, ex: az cosmosdb database, so I guess our Service Principle connections are in place. What could be the issue here?
Answer:
Seems like we had an old powershell version containing a bug that keeps the old service connection authentication context when you create a new service connection authentication, which I did in this case.
So we updated powershell on our build agents and we got things going!