coolhome
commented
1 year ago @szszoke I think that was an API old, the new ones I believe are the following:
Open szszoke opened 1 year ago
coolhome
commented
1 year ago @szszoke I think that was an API old, the new ones I believe are the following:
szszoke
commented
1 year ago I think what you linked would allow me to add a key to an individual function. That is not what I am doing. I am adding a single host key to the function application itself that would work for authenticating against all functions.
coolhome
commented
1 year ago @szszoke I see! I remember hitting this problem myself actually. I believe a feature recently allows you to just import the function app via resource id and it will automatically pull the host keys. I think the host api is not exposed because of a timing issue. Don't quote but I think they are populated after the App Service is provisioned and running post bicep creation.
https://learn.microsoft.com/en-us/azure/api-management/backends
resource apiBackend 'Microsoft.ApiManagement/service/backends@2021-08-01' = {
parent: apimService
name: 'functionApp'
properties: {
description: 'Function Application'
resourceId: site.id
}
}I don't actually have a problem importing the host key.
My problem is that in order to generate them as part of the deployment, I had to use something seemingly undocumented.
Everything works other than that but I don't feel comfortable using this for something mission critical.
stephaniezyen
commented
1 year ago Microsoft.Web team - @naveedaz and @seligj95 please look into this.
Camios
commented
1 year ago Any updates?
Camios
commented
1 year ago I'm getting intermittent Bad Request from attempts with an error message "Encountered an error (InternalServerError) from host runtime."
The two requests which intermittently succeed/fail (sometimes one will work or both will succeed or both fail). I don't see a pattern why) are:
Provisioning operation: Action
Type: Microsoft.Web/sites/host
Resource: <function-app-name>/default
Provisioning operation: Create
Type: Microsoft.Web/sites/host/functionkeys
Resource: <function-app-name>/default/<function-host-key-name>
What's strange is the the function host key is being created, yet the deploy operations stops. It doesn't seem to get to the next step where I declare an APIM named value resource which attempts a list keys on the new function's host key. In the named value I have a dependsOn the function host key resource.
Camios
commented
1 year ago It also seems like ARM template suffers from the same problem
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"functions": [],
"variables": {
"keyName": "apimanagement",
"FunctionAppName": "func-app"
},
"resources": [
{
"type": "Microsoft.Web/sites/host/functionKeys",
"apiVersion": "2022-03-01",
"name": "[concat(variables('FunctionAppName'), '/default/', variables('keyName'))]",
"properties": {
"name": "[variables('keyName')]"
}
}
],
"outputs": {}
}The VSCode ARM template says there's a problem with the "type": "Microsoft.Web/sites/host/functionKeys"
Specifically Value must be one of the following values: "Microsoft.Genomics/accounts", "Microsoft.RecoveryServices/vaults", etc
Works/fails intermittently. When it does fail, here's the deployment error:
{
"status": "Failed",
"error": {
"code": "BadRequest",
"message": "Encountered an error (InternalServerError) from host runtime.",
"details": [
{
"message": "Encountered an error (InternalServerError) from host runtime."
},
{
"code": "BadRequest"
},
{}
]
}
}If this affects both bicep and ARM templates, where should I report this problem? Noting one difference is the bicep request seems to make two deployment requests vs one for ARM. It seems fundamentally unsound and that might be why it isn't listed as supported...
I deployed this ARM template in a phased approach (phase 1 is the initial creation of the function app and some other resources via a bicep template; the second phase publishing the function app). I notice it can intermittently fail when run immediately after phase one or two. But then I can rerun the same script a few minutes later and it worked? Perhaps I could put this into a retry loop until it works? Or it might just intermittently fail regardless of how close it is run after another phase.
fleed
commented
1 year ago I have the same problem. After deploying a function app with bicep, the portal doesn't show any host keys. Every attempt to generate keys using bicep fails
elvismangarae
commented
1 year ago I'm getting intermittent Bad Request from attempts with an error message "Encountered an error (InternalServerError) from host runtime."
The two requests which intermittently succeed/fail (sometimes one will work or both will succeed or both fail). I don't see a pattern why) are:
Provisioning operation:
ActionType:Microsoft.Web/sites/hostResource:<function-app-name>/defaultProvisioning operation:
CreateType:Microsoft.Web/sites/host/functionkeysResource:<function-app-name>/default/<function-host-key-name>What's strange is the the function host key is being created, yet the deploy operations stops. It doesn't seem to get to the next step where I declare an APIM named value resource which attempts a list keys on the new function's host key. In the named value I have a dependsOn the function host key resource.
I ran into this same issue. Issue was resolved by first creating the function app resource, then creating the APIM resource in a module that takes the function app name as a param. That module creates the host key AFTER the intial APIM service is created, by using the apimService.name within the functionapp host key name. I think the way I'm doing it is not important, but just that you need to allow several minutes between app creation and host key creation. For me, creating the APIM service was enough time.
Bicep version
Bicep CLI version 0.13.1 (e3ac80d678)Describe the bug
I am deploying a function application and an APIM API within the same deployment. I am creating function host key that would be used to authenticate requests between the function app and APIM. The function host key is rotated on each deployment and it is stored as a named secret value in APIM. A backend for the function app is registered and the named secret value is used there to provide a function key. This backend is assigned to each operation by default.
When I deploy my resources, I get the following warnings but otherwise the resources seem to be created as expected.
I originally found this method in a blog post and then I also found a Microsoft Q&A page with similar information.
The expectation is to either document these two resources or provide an alternative to setting host keys (not function keys) as part of a Bicep deployment.
To Reproduce Here are some Bicep snippets to illustrate what I am doing:
apim/policies/defaultBackend.xmlAdditional context Blog post where I learned about
Microsoft.Web/sites/host/functionKeys: link Microsoft Q&A page: link