Reputation: 3850
How can an Azure Function App interact with Azure resources?
I have a c# funtion app, I want to use this app to make automated updates to an Azure Network Security Group under the same subscription.
The function app is behind Azure AD authentication which works fine, I can get the user details.
The next step is to somehow access the Azure objects, all the examples of this I have seen use the following namespace:
using Microsoft.Azure.Management.Fluent;
However, adding this and compiling the function app, I get an error:
error CS0234: The type or namespace name 'Management' does not exist in the namespace 'Microsoft.Azure' (are you missing an assembly reference?)
I have tried to add in a reference:
#r "Microsoft.Azure.Management.Fluent"
But doing this gives me another error:
error CS0006: Metadata file 'Microsoft.Azure.Management.Fluent' could not be found
All the samples I have seen use syntax like:
var azure = Azure.Configure().WithDefaultSubscription();
However they don't explain how the function app is able to reference Azure as an object. Can anyone explain this?
Upvotes: 1
Views: 1476
Answers (2)
Reputation: 9664
Firstly you need to work with the relevant Nuget pacakges in your application. Here are a couple of them to get you started, but you may need more depending on what you're trying to do further:
- Microsoft.Azure.Management.Fluent
- Microsoft.Azure.Management.AppService.Fluent (for app services)
- Microsoft.Azure.Management.ResourceManager.Fluent (for resource group and resource management)
Another important consideration will be how you authenticate
There are a fews ways.. You can find good details here
Through a cred file in your solution (experimental and subject to change, so wouldn't be recommended)
Azure azure = Azure.Authenticate("my.azureauth").WithDefaultSubscription();Through Service principal registration
Using client secret
var creds = new AzureCredentialsFactory().FromServicePrincipal(client, key, tenant, AzureEnvironment.AzureGlobalCloud); var azure = Azure.Authenticate(creds).WithSubscription(subscriptionId);Using certificate
var creds = new AzureCredentialsFactory().FromServicePrincipal(client, pfxCertificatePath, password, tenant, AzureEnvironment.AzureGlobalCloud); var azure = Azure.Authenticate(creds).WithSubscription(subscriptionId);Using Managed Service Identity or MSI
AzureCredentialsFactory factory = new AzureCredentialsFactory(); AzureCredentials msiCred = factory.FromMSI(new MSILoginInformation(MSIResourceType.AppService), AzureEnvironment.AzureGlobalCloud); var azure = Azure.Configure().WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic).Authenticate(msiCred).WithDefaultSubscription();
Here is the root level documentation and code samples for Azure Management Libraries for .NET
Here are samples specific to Azure Functions that may help you: Samples
You have mentioned that you want to work with NSG's as part of your function, so I quickly tried out one at my end.
I used the 3rd way to authenticate explained above, by first enabling MSI for my Azure Function. Here are the steps that I had to do:
Enable Managed Service Identity for my Function App
Give permissions for working with NSG to my Function App's MSI
Here is the full (quick & dirty) working code.. using the above mentioned Nuget pacakges
using Microsoft.AspNetCore.Mvc;
using Microsoft.Azure.Management.Fluent;
using Microsoft.Azure.Management.ResourceManager.Fluent;
using Microsoft.Azure.Management.ResourceManager.Fluent.Authentication;
using Microsoft.Azure.Management.ResourceManager.Fluent.Core;
using Microsoft.Azure.WebJobs;
using Microsoft.Azure.WebJobs.Extensions.Http;
using Microsoft.Extensions.Logging;
using System.Net.Http;
using System.Threading.Tasks;
namespace RSFunctionCallingFluent
{
public static class SimpleFunction
{
[FunctionName("SimpleFunction")]
public static async Task<IActionResult> Run([HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)]HttpRequestMessage req, ILogger log)
{
AzureCredentialsFactory factory = new AzureCredentialsFactory();
AzureCredentials msiCred = factory.FromMSI(new MSILoginInformation(MSIResourceType.AppService), AzureEnvironment.AzureGlobalCloud);
var azure = Azure.Configure().WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic).Authenticate(msiCred).WithDefaultSubscription();
var nsg = azure.NetworkSecurityGroups.GetByResourceGroup("TestNSGRG", "RSTestNSG1");
return (ActionResult)new OkObjectResult(string.Format("NSG {0} found with {1} default security rules", nsg.Name, nsg.DefaultSecurityRules.Count));
}
}
}
Final Output
Upvotes: 4
Reputation: 769
Try:
Microsoft.Azure.Management.ResourceManager.Fluent
Azure Resource Manager resource Fluent Provides resource group and resource management (Fluent) capabilities for Microsoft Azure.
OR
Microsoft.Azure.Management.ResourceManager
https://www.nuget.org/profiles/azure-sdk?page=2
Upvotes: 1
Related Questions
- Calling an API via Azure Function
- How to structure a .net azure function app to use as an web API?
- Azure function apps and web sockets
- How to call function App in Azure portal from .NET Core API
- Using external programs inside azure-functions
- Calling Microsoft Azure functions from Windows Applications
- Azure Functions - C# - Running external applications?
- Azure Function .net framework
- Azure Function App - referencing external library
- Invoking Azure function using C#