-
Notifications
You must be signed in to change notification settings - Fork 455
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to Retrieve the Azure function keys for functions created in version 2.0 #3767
Comments
@paulbatum will reply in email thread |
Closing this as there was a direct follow up. |
Could you share the recommended workaround that was shared offline here, please? |
@fabiocav @paulbatum |
@ashokkhurana I have deleted your comment, it included references to private APIs. |
Anyone on this issue that recieved those details - please don't use those APIs unless you're on another Microsoft team and are in touch with me. Otherwise you might find that they randomly start breaking at some point in the future. |
I should add, the original issue filed here is about some details around the implementation of some Azure portal UX. Some of the other replies on this issue are "me too" replies, but I assume the scenario is different. If you can reply here and explain your actual scenario, I can try to help. |
Hello Paul,
I'm trying to link azure alerts to my azure function App. When I click on
save, Throws me this error:
[image: Screen Shot 2019-02-05 at 1.38.18 PM.png]
Regards!
Gayathri Muralidharan.
Never. Stop. Learning.
…On Thu, Jan 31, 2019 at 4:20 PM Paul Batum ***@***.***> wrote:
I should add, the original issue filed here is about some details around
the implementation of some Azure portal UX. Some of the other replies on
this issue are "me too" replies, but I assume the scenario is different. If
you can reply here and explain your actual scenario, I can try to help.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#3767 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AVd4dA-55wi7j5pqN4TSn6o7-SekfNsJks5vI4hHgaJpZM4YaV-c>
.
|
@Gayathri92 your image did not make it. Can you reshare? Also I am not familiar with the process of linking azure alerts to a function app, so if you can include some more detail it might help. |
Hello Paul,
Steps to reproduce:
1) Click on Monitoring
[image: Screen Shot 2019-02-05 at 2.35.53 PM.png]
2) Click on Alerts
3) Click on "Create New Alert"
4) In the action Group, you can link your azure function( To perform some
computation when the alert is raised). That's when I get the issue.
[image: Screen Shot 2019-02-05 at 2.36.14 PM.png]
[image: Screen Shot 2019-02-05 at 1.38.18 PM.png]
Regards!
Gayathri Muralidharan.
Never. Stop. Learning.
…On Tue, Feb 5, 2019 at 2:01 PM Paul Batum ***@***.***> wrote:
@Gayathri92 <https://github.com/Gayathri92> your image did not make it.
Can you reshare? Also I am not familiar with the process of linking azure
alerts to a function app, so if you can include some more detail it might
help.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#3767 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AVd4dPFt_INqUTp9XVX59ON2KlXF8Uuwks5vKf86gaJpZM4YaV-c>
.
|
I am facing a similar issue, when referencing a deployed function (v2) and reading the API key from the listkeys function in my arm template deployment. It used to work when my function was in v1. This is the piece of arm template: The error I get is the following:
|
If you follow the link in the error message, most of it is explained there: Until we release ARM API updates, the best workaround is to switch the key storage back to files mode. Be aware that if you do this all your keys will be reset and you won't be able to use the slots feature set (the incompatibility between file based key storage and slots is the main reason that we changed the default). |
@paulbatum So when will it be implemented in ARM API? |
Scenario: We have an Ibiza blade (Iot hUB) )where we are showing a list of all the azure functions in a selected subscription. When selecting the azure function, we are fetching the azure function key. Here is the URI we are using to fetch the key https://myfunctionAppName.scm.azurewebsites.net/api/functions/admin/masterkey
This worked perfectly with the Azure function runtime version 1.0.
But recently with the runtime version 2.0 we started getting 409 error.
{"Message":"An error has occurred.","ExceptionMessage":"Runtime keys are stored on blob storage. This API doesn't support this configuration. Please change Environment variable AzureWebJobsSecretStorageType value to 'Files'. For more info, visit https://aka.ms/funcsecrets","ExceptionType":"System.InvalidOperationException","StackTrace":" at Kudu.Core.Functions.FunctionManager.d__9`1.MoveNext() in C:\Kudu Files\Private\src\master\Kudu.Core\Functions\FunctionManager.cs:line 141\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at Kudu.Core.Functions.FunctionManager.d__11.MoveNext() in C:\Kudu Files\Private\src\master\Kudu.Core\Functions\FunctionManager.cs:line 213\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at Kudu.Services.Functions.FunctionController.d__11.MoveNext() in C:\Kudu Files\Private\src\master\Kudu.Services\Functions\FunctionController.cs:line 121"}
I came across this document https://github.com/Azure/azure-functions-host/wiki/Key-management-API but realize that these API requires some auth token, may be because with 2.0 we are moved to a blob storage for keys.
After more finding I found there is a KUDU API to generate the auth token before retrieving the keys. So now I am making following calls
Kudu API calls work fine and I GET the token. But when passing the token to second API, I am seeing following error.
Security issue: Request to send auth token to untrusted domain 'askhura-custom-allocation-app.scm.azurewebsites.net'. Only a fixed set of domains should be configured to receive auth tokens.
Investigative information
Please provide the following:
Repro steps
Provide the steps required to reproduce the problem:
Getting the error pasted above from my Ibiza blade.
Tried to do the same steps in a C# console app. The error I got an unhandled exception that the connection was forcibly closed by the remote host. So didn't get the exact error.
Note: I am able to run the above two APIs without any issue in a POSTMAN.
Expected behavior
Provide a description of the expected behavior.
Actual behavior
Provide a description of the actual behavior observed.
Known workarounds
Provide a description of any known workarounds.
Related information
Provide any related information
The text was updated successfully, but these errors were encountered: