CODEWITHSUNDEEP
azureazure-functionsazure-rm-templateazure-eventgrid
Nicolas Mommaerts
Nicolas Mommaerts

Reputation: 3263

Possible to get an Azure Function systemkey in an ARM template?

I know that I can get the host key and trigger_url of an Azure Function in an ARM template by using the listKeys/listSecrets method. But I need the systemkey, I'm deploying an Event Grid Subscription and it needs the Azure Function endpoint url which contains the system key:

"resources": [
        {
            "type": "Microsoft.Storage/StorageAccounts/providers/eventSubscriptions",
            "name": "[concat(concat(parameters('publisherName'), '/Microsoft.EventGrid/'), parameters('name'))]",
            "apiVersion": "2018-01-01",
            "properties": {
                "destination": {
                    "endpointType": "[parameters('endpointType')]",
                    "properties": {
                        "endpointUrl": "[parameters('endpointUrl')]"
                    }
                },
                "filter": {
                    "subjectBeginsWith": "[parameters('subjectBeginsWith')]",
                    "subjectEndsWith": "[parameters('subjectEndsWith')]",
                    "subjectIsCaseSensitive": "[parameters('subjectIsCaseSensitive')]",
                    "includedEventTypes": "[parameters('includedEventTypes')]"
                },
                "labels": "[parameters('labels')]"
            }
        }
    ]

where endpointUrl is in the form of:

https://<function-app-name>.azurewebsites.net/admin/extensions/EventGridExtensionConfig?functionName=<function-name>&code=XZvGU0ROPxxxxxxxxxxxxxxxxxxxxxxxxxxxxaaieD89gPQ==

The parameter named 'code' is the systemkey, which can be retrieved by doing a GET on 

http://<function-app-name>.azurewebsites.net/admin/host/systemkeys/eventgridextensionconfig_extension?code=<master_key>

Is there a way to retrieve this systemkey (or the entire endpointurl) in the ARM template without resorting to bash scripts that inject it or other external systems?

The documentation does say: "However, you cannot use list operations that require values in the request body." So I don't think I'll be able to with a 'list' operation.

Upvotes: 3

Views: 1351

Answers (2)

Monsignor
Monsignor

Reputation: 2947

Yes, it is now possible:

"destination": {
    "endpointType": "WebHook",
    "properties": {
        "endpointUrl": "[concat(variables('functionUrl'), listKeys(resourceId(variables('functionResourceGroupName'), 'Microsoft.Web/sites/host/', variables('functionAppName'), 'default'),'2016-08-01').systemkeys.eventgrid_extension)]"
    }
},

Where functionUrl ends with &code=. Tested that on runtime ~2.

Upvotes: 5

Alexey Rodionov
Alexey Rodionov

Reputation: 1446

This is not possible right now. You can return only function keys using the ARM template. Same described here: https://blog.mexia.com.au/list-of-access-keys-from-output-values-after-arm-template-deployment#functions

Upvotes: 2

Related Questions