Get-AzureFunctionKeys.ps1 retrieves Azure Function auth. codes for the Functions specified in FunctionAppMap.ps1, using the Azure REST API and user credentials. This script uses Get-AADToken.ps1 (https://gist.github.com/zplume/574e133b43ecf3037473286580ed524e) to retrieve an Azure access token.

FunctionAppMap.ps1

# Map Function App friendly name to URL

return @{
    DEV = @{
        "CreateTenderSite" = "https://dev-createtendersite.azurewebsites.net";
        "CopyDocuments" = "https://dev-copydocuments.azurewebsites.net";
        "Notifications" = "https://dev-notifications.azurewebsites.net";
        "PermissionAssignment" = "https://dev-permissions.azurewebsites.net"
    };
    TEST = @{
        "CreateTenderSite" = "https://test-createtendersite.azurewebsites.net";
        "CopyDocuments" = "https://test-copydocuments.azurewebsites.net";
        "Notifications" = "https://test-notifications.azurewebsites.net";
        "PermissionAssignment" = "https://test-permissions.azurewebsites.net"
    };
    UAT = @{
        "CreateTenderSite" = "https://uat-createtendersite.azurewebsites.net";
        "CopyDocuments" = "https://uat-copydocuments.azurewebsites.net";
        "Notifications" = "https://uat-notifications.azurewebsites.net";
        "PermissionAssignment" = "https://uat-permissions.azurewebsites.net"
    };
    PROD = @{
        "CreateTenderSite" = "https://prod-createtendersite.azurewebsites.net";
        "CopyDocuments" = "https://prod-copydocuments.azurewebsites.net";
        "Notifications" = "https://prod-notifications.azurewebsites.net";
        "PermissionAssignment" = "https://prod-permissions.azurewebsites.net"
    };
}

Get-AzureFunctionKeys.ps1

param(
    # e.g. "tenant.onmicrosoft.com"
    [Parameter(Mandatory = $true)]
    [string]$TenantDomain,

    # Credentials paramter should be a variable containing the result of Get-Credential
    [Parameter(Mandatory = $true)]
    [pscredential]$Credentials,

    [Parameter(Mandatory = $true)]
    [ValidateSet("DEV", "TEST", "UAT", "PROD")]
    [string]$Environment
)

function Get-PubCreds([string]$accessToken, [string]$id) {
    $pubCreds = Invoke-RestMethod -Method POST -Headers @{Authorization=$accessToken} `
        -Uri "https://management.azure.com$id/publishxml?api-version=2016-08-01"

    $user = $pubCreds.publishData.publishProfile[0].userName
    $pass = $pubCreds.publishData.publishProfile[0].userPWD

    $pair = "$($user):$($pass)"
    $encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
    return $encodedCreds
}

function Get-FunctionKey([string]$encodedCreds, [string]$appName, [string]$functionName) {
    $accessToken = Invoke-RestMethod -Uri "https://$appName.scm.azurewebsites.net/api/functions/admin/token" `
        -Headers @{Authorization=("Basic {0}" -f $encodedCreds)} -Method GET

    $keys = Invoke-RestMethod -Method GET -Headers @{Authorization="Bearer $accessToken"} `
        -Uri "https://$appName.azurewebsites.net/admin/functions/$functionName/keys"

    $code = $keys.keys[0].value
    return $code
}

function Get-FunctionAppFunctions([string]$accessToken, [string]$id) {
    return (Invoke-RestMethod -Method GET -Headers @{Authorization=$accessToken} `
        -Uri "https://management.azure.com$id/functions?api-version=2016-08-01").value
}

function Get-Subscription([string]$accessToken) {
    return Invoke-RestMethod -Method GET -Headers @{Authorization=$accessToken} `
        -Uri "https://management.azure.com/subscriptions?api-version=2016-06-01"
}

function Get-FunctionApps([string]$accessToken, [string]$subscriptionId) {
    return (Invoke-RestMethod -Method GET -Headers @{Authorization=$accessToken} `
        -Uri "https://management.azure.com/subscriptions/$subscriptionId/providers/Microsoft.Web/sites?api-version=2016-08-01&`$filter=kind eq functionapp").value

}

$ErrorActionPreference = "Stop"

# this is required to prevent "underlying connection closed" errors with Invoke-RestMethod
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

$functionAppMap = .\FunctionAppMap.ps1

. .\Get-AADToken.ps1
$accessToken = Get-AADToken -TenantADName $TenantDomain -Credential $Credentials

$subscriptions = Get-Subscription -accessToken $accessToken

$subscriptionId = $subscriptions.value.subscriptionId

$functionApps = Get-FunctionApps -accessToken $accessToken -subscriptionId $subscriptionId

Write-Host "`nLoading Function Apps"

$functionCodes = @{}

$functionMapApps = $functionAppMap[$Environment]

foreach($functionApp in $functionApps) {
    $appName = $functionApp.name

    Write-Host -f Yellow "`n$appName"

    Write-Host "Loading Functions"

    $functions = Get-FunctionAppFunctions -accessToken $accessToken -id $functionApp.id

    $pubCreds = Get-PubCreds -accessToken $accessToken -id $functionApp.id

    Write-Host "Retrieving Function keys"

    foreach($function in $functions) {
        $functionName = $function.properties.name

        Write-Host " - $functionName"
        $functionUrl = "https://$($functionApp.properties.defaultHostName)"

        $functionCode = Get-FunctionKey -encodedCreds $pubCreds -appName $appName -functionName $functionName

        # Match function URL to function app name via FunctionAppMap and add key to functionCodes hashtable
        foreach($appMapName in $functionMapApps.Keys) {
            $appMapUrl = $functionMapApps[$appMapName]
            if($appMapUrl -eq $functionUrl) {
                Write-Host -f Green " - Retrieved key for Function $appMapName\$functionName"
                $functionCodes["$($appMapName)_$($functionName)Code"] = $functionCode
            }
        }
    }
}

Write-Host

return $functionCodes