Containerized Azure Functions- Part 2
Assign custom access keys to containerized function app
In previous part-1 blog, we saw how to create containerized function app and run locally using anonymous authorization. In this blog, we will see how to apply custom access keys and use same for executing HTTP functions with authorization level as Function. We will assign custom key values for master key, host key and function key. Check here for more details about access keys.
Follow below steps to set-up custom keys and link with containerized function app.
Change HTTP function authorization level from anonymous to Function.
Add a new file host_secrets.json with below content. This file contains unencrypted custom function key and master key. I have set some dummy keys but you can set value as per your requirement. Function keys can be used to execute all the functions present in app.
{ "masterKey": { "name": "master", "value": "mymasterkey1234", "encrypted": false }, "functionKeys": [ { "name": "host", "value": "myfunctionappkey1234", "encrypted": false } ] }Add new file HttpTrigger1_secrets.json with below content. This file contains unencrypted function specific key. This key is exclusively applicable for function HttpTrigger1.
{ "keys": [ { "name": "default", "value": "httptriggerkey1234", "encrypted": false } ] }Modify dockerfile as below to copy these secrets keys into image and link with function app via environment variable FUNCTIONS_SECRETS_PATH.
FROM mcr.microsoft.com/dotnet/sdk:6.0 AS installer-env COPY ./bin/Release/net6.0/publish/ /home/site/wwwroot # this will copy published artifacts to wwwroot folder # To enable ssh & remote debugging on app service change the base image to the one below # FROM mcr.microsoft.com/azure-functions/dotnet:4-appservice FROM mcr.microsoft.com/azure-functions/dotnet:4 ENV AzureWebJobsScriptRoot=/home/site/wwwroot \ AzureFunctionsJobHost__Logging__Console__IsEnabled=true ENV SB_Conn_String=<sb_connection_string> #added commands for custom access keys- part 2 RUN mkdir /etc/secrets/ ENV FUNCTIONS_SECRETS_PATH=/etc/secrets ENV AzureWebJobsSecretStorageType=Files ADD host_secrets.json /etc/secrets/host.json ADD HttpTrigger1_secrets.json /etc/secrets/httptrigger1.json # end of commands for custom access keys- part 2 COPY --from=installer-env ["/home/site/wwwroot", "/home/site/wwwroot"]Newly added commands create a directory etc/secrets/ and point FUNCTIONS_SECRETS_PATH to this location. Next, it copies host_secrets.json as host.json and HttpTrigger1_secrets.json as httptrigger1.json in this location.
Now build docker image and run the container as shown in part-1 blog using below commands-
> docker build --tag local/containerizedfnapp . > docker run -e WEBSITE_HOSTNAME=localhost -p 8080:80 local/containerizedfnappNow, our azure functions are running in container. lets test HTTP function with custom keys.
Using host key- as this key allows executing all the functions, we can call HttpTrigger1 function using this key. You can see in below screenshot that we have used host key “myfunctionappkey1234“ from host_secrets.json to execute function successfully.
Using function key- we created a function specific key for HttpTrigger1 function. This key can also be used to trigger the function HttpTrigger1 only and will not work with any other function. You can see in below screenshot that we have used function key “httptriggerkey1234“ from HttpTrigger1_secrets.json to execute function successfully.
Hope you found this blog helpful.
You can find the repository of above discussed sample project at - github.com/SurajSomani14/containerized-az-f..
Thanks for reading !