search

Azure / azure-rest-api-specs

The source for REST API specifications for Microsoft Azure.
MIT License
2.61k stars 5.03k forks source link

FunctionApp: Microsoft.Web/sites/host/functionKeys is undocumented #13424

Open ssanderlin opened 3 years ago

ssanderlin commented 3 years ago

https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/sites?tabs=json is missing documentation for Microsoft.Web/sites/host/functionkeys.

According to this comment, the schema for this resource type is:

{  
  "type": "Microsoft.Web/sites/host/functionKeys",
  "apiVersion": "2018-11-01",
  "name": "[concat(variables('functionAppName'), '/default/sharedAccessKey')]",
  // if you want to create function level key, please replace "default" with {function name}
  "properties": {
    "name": "sharedAccessKey",
    "value": "[parameters('key')]"
  },
  "dependsOn": [
    "[resourceId('Microsoft.Web/sites', variables('functionAppName'))]"
  ]
}

I've encountered issues with customers excluding this resource type from their security policies - thereby preventing the creation of host-level keys - because this resource type is undocumented.

ghost commented 3 years ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @AzureAppServiceCLI, @antcp.

Issue Details
https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/sites?tabs=json is missing documentation for Microsoft.Web/sites/host/functionkeys. According to [this comment](https://github.com/Azure/azure-quickstart-templates/issues/6757#issuecomment-582008031), the schema for this resource type is: ``` xml { "type": "Microsoft.Web/sites/host/functionKeys", "apiVersion": "2018-11-01", "name": "[concat(variables('functionAppName'), '/default/sharedAccessKey')]", // if you want to create function level key, please replace "default" with {function name} "properties": { "name": "sharedAccessKey", "value": "[parameters('key')]" }, "dependsOn": [ "[resourceId('Microsoft.Web/sites', variables('functionAppName'))]" ] } ``` I've encountered issues with customers excluding this resource type from their security policies - thereby preventing the creation of host-level keys - because this resource type is undocumented.
Author: ssanderlin
Assignees: PhoenixHe-msft
Labels: `Service Attention`, `Web Apps`, `needs-triage`
Milestone: -
slavizh commented 3 years ago

This seems reported but never resolved. Shouldn't be so hard to document it.

Francisco-Gamino commented 3 years ago

@ggailey777 / @craigshoemaker -- Could you please move this item to the correct repo? This content should go here https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/sites?tabs=json. Thanks.

majorvin commented 3 years ago

Does this work for anyone? I'm getting NotFound: Error updating host key.

anthony-c-martin commented 2 years ago

@ggailey777 / @craigshoemaker -- Could you please move this item to the correct repo? This content should go here https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/sites?tabs=json. Thanks.

https://github.com/Azure/azure-rest-api-specs is the correct repo for this issue - it is the source of truth for all Azure API documentation. The template reference documentation you linked is automatically generated from this repo.

asdkant-bf commented 1 year ago

This is still a problem

tstooke commented 1 year ago

This is still an issue. We had to dig around in blog posts and comments to figure it out.

ggailey777 commented 1 year ago

I see that there is documentation for function-level keys but not for host-level keys, which would include the master key. Let me see if I can find someone who can help look into this missing REST API content.

Sorry for the delay on this, I just was informed about it today.

Alfonsoaz01 commented 7 months ago

hello! is there any update about this? thank you!

ThomasBleijendaal commented 6 months ago

Any update?

felixnext commented 6 months ago

It appears that the /host/ namespace has not been removed? At least I get deployment errors. Is there any update on this and an alternative way to deploy Keys at App level (not at function level)?

Update: Apparently this was just related to the pure host object, which I used as parent.

DylanMunyardSixPivot commented 3 months ago

Also experienced issues using Microsoft.Web/sites/host/functionkeys@2022-03-01. Tried using parent to refer to the default host, but received InternalServerError result, so used the name to refer to the parent instead.

Finally, used listKeys to access the key (i.e. do not try to access the resource via hostKey.value as you will get an error that the GET operation is not supported, 

resource functionApimKey 'Microsoft.Web/sites/host/functionkeys@2022-03-01' = {
  name: '${functionName}/default/apimKey'
  properties: {
    name: 'apimKey'
  }
}

var functionApimAccessKey = listKeys('${resourceId('Microsoft.Web/sites', functionName)}/host/default/', '2022-03-01').functionKeys['apimKey']
SoucianceEqdamRashti commented 2 weeks ago

This is still an issue. We would like to generate function app level key in Bicep and not function level. But there is no documentation about this. What is the process for this?