Skip to content

Instantly share code, notes, and snippets.

@zplume
Last active December 16, 2018 22:11
Show Gist options
  • Save zplume/555332c4b953117d9f721b585a6064e7 to your computer and use it in GitHub Desktop.
Save zplume/555332c4b953117d9f721b585a6064e7 to your computer and use it in GitHub Desktop.
Get-AzureFunctionKeys.ps1 retrieves Azure Function auth. codes for the Functions specified in FunctionAppMap.ps1, using the Azure REST API and user credentials. This script uses Get-AADToken.ps1 (https://gist.github.com/zplume/574e133b43ecf3037473286580ed524e) to retrieve an Azure access token.
# Map Function App friendly name to URL
return @{
DEV = @{
"CreateTenderSite" = "https://dev-createtendersite.azurewebsites.net";
"CopyDocuments" = "https://dev-copydocuments.azurewebsites.net";
"Notifications" = "https://dev-notifications.azurewebsites.net";
"PermissionAssignment" = "https://dev-permissions.azurewebsites.net"
};
TEST = @{
"CreateTenderSite" = "https://test-createtendersite.azurewebsites.net";
"CopyDocuments" = "https://test-copydocuments.azurewebsites.net";
"Notifications" = "https://test-notifications.azurewebsites.net";
"PermissionAssignment" = "https://test-permissions.azurewebsites.net"
};
UAT = @{
"CreateTenderSite" = "https://uat-createtendersite.azurewebsites.net";
"CopyDocuments" = "https://uat-copydocuments.azurewebsites.net";
"Notifications" = "https://uat-notifications.azurewebsites.net";
"PermissionAssignment" = "https://uat-permissions.azurewebsites.net"
};
PROD = @{
"CreateTenderSite" = "https://prod-createtendersite.azurewebsites.net";
"CopyDocuments" = "https://prod-copydocuments.azurewebsites.net";
"Notifications" = "https://prod-notifications.azurewebsites.net";
"PermissionAssignment" = "https://prod-permissions.azurewebsites.net"
};
}
param(
# e.g. "tenant.onmicrosoft.com"
[Parameter(Mandatory = $true)]
[string]$TenantDomain,
# Credentials paramter should be a variable containing the result of Get-Credential
[Parameter(Mandatory = $true)]
[pscredential]$Credentials,
[Parameter(Mandatory = $true)]
[ValidateSet("DEV", "TEST", "UAT", "PROD")]
[string]$Environment
)
function Get-PubCreds([string]$accessToken, [string]$id) {
$pubCreds = Invoke-RestMethod -Method POST -Headers @{Authorization=$accessToken} `
-Uri "https://management.azure.com$id/publishxml?api-version=2016-08-01"
$user = $pubCreds.publishData.publishProfile[0].userName
$pass = $pubCreds.publishData.publishProfile[0].userPWD
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
return $encodedCreds
}
function Get-FunctionKey([string]$encodedCreds, [string]$appName, [string]$functionName) {
$accessToken = Invoke-RestMethod -Uri "https://$appName.scm.azurewebsites.net/api/functions/admin/token" `
-Headers @{Authorization=("Basic {0}" -f $encodedCreds)} -Method GET
$keys = Invoke-RestMethod -Method GET -Headers @{Authorization="Bearer $accessToken"} `
-Uri "https://$appName.azurewebsites.net/admin/functions/$functionName/keys"
$code = $keys.keys[0].value
return $code
}
function Get-FunctionAppFunctions([string]$accessToken, [string]$id) {
return (Invoke-RestMethod -Method GET -Headers @{Authorization=$accessToken} `
-Uri "https://management.azure.com$id/functions?api-version=2016-08-01").value
}
function Get-Subscription([string]$accessToken) {
return Invoke-RestMethod -Method GET -Headers @{Authorization=$accessToken} `
-Uri "https://management.azure.com/subscriptions?api-version=2016-06-01"
}
function Get-FunctionApps([string]$accessToken, [string]$subscriptionId) {
return (Invoke-RestMethod -Method GET -Headers @{Authorization=$accessToken} `
-Uri "https://management.azure.com/subscriptions/$subscriptionId/providers/Microsoft.Web/sites?api-version=2016-08-01&`$filter=kind eq functionapp").value
}
$ErrorActionPreference = "Stop"
# this is required to prevent "underlying connection closed" errors with Invoke-RestMethod
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$functionAppMap = .\FunctionAppMap.ps1
. .\Get-AADToken.ps1
$accessToken = Get-AADToken -TenantADName $TenantDomain -Credential $Credentials
$subscriptions = Get-Subscription -accessToken $accessToken
$subscriptionId = $subscriptions.value.subscriptionId
$functionApps = Get-FunctionApps -accessToken $accessToken -subscriptionId $subscriptionId
Write-Host "`nLoading Function Apps"
$functionCodes = @{}
$functionMapApps = $functionAppMap[$Environment]
foreach($functionApp in $functionApps) {
$appName = $functionApp.name
Write-Host -f Yellow "`n$appName"
Write-Host "Loading Functions"
$functions = Get-FunctionAppFunctions -accessToken $accessToken -id $functionApp.id
$pubCreds = Get-PubCreds -accessToken $accessToken -id $functionApp.id
Write-Host "Retrieving Function keys"
foreach($function in $functions) {
$functionName = $function.properties.name
Write-Host " - $functionName"
$functionUrl = "https://$($functionApp.properties.defaultHostName)"
$functionCode = Get-FunctionKey -encodedCreds $pubCreds -appName $appName -functionName $functionName
# Match function URL to function app name via FunctionAppMap and add key to functionCodes hashtable
foreach($appMapName in $functionMapApps.Keys) {
$appMapUrl = $functionMapApps[$appMapName]
if($appMapUrl -eq $functionUrl) {
Write-Host -f Green " - Retrieved key for Function $appMapName\$functionName"
$functionCodes["$($appMapName)_$($functionName)Code"] = $functionCode
}
}
}
}
Write-Host
return $functionCodes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment