Script to get the azure function key and put it in keyvault using azure powershell inline task in azure devops

0
votes

I have ran this below commands in azure PowerShell inline script task with 3.1.0 version in Azure DevOps.

$accountInfo = az account show

$accountInfoObject = $accountInfo | ConvertFrom-Json

$subscriptionId  = $accountInfoObject.id

$resourceGroup = "BZE1ERG01"

$functionName = "BAZE1EFA01"

$functionkeylist = az rest --method post --uri "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroup/providers/Microsoft.Web/sites/$functionName/host/default/listKeys?api-version=2018-11-01"

$keylistobject = $functionkeylist | ConvertFrom-Json
$functionKey = $keylistobject.functionKeys.default    

$tmpSecret1 = ConvertTo-SecureString $functionKey -AsPlainText -Force

Set-AzKeyVaultSecret -VaultName 'azu-qa-keyvault' -Name functionkeysecret -SecretValue $tmpSecret1

DevOps screenshot

enter image description here

I am getting an error

enter image description here

2
azure-devopsazure-functionscontinuous-deploymentazure-powershellpaas

2 Answers

0
votes

You are getting this because it looks that you call using az cli is not authenticated. Following docs:

Use this task to run a PowerShell script within an Azure environment. The Azure context is authenticated with the provided Azure Resource Manager service connection.

You should use plain PowerShell Az module or if you want to use az li please consider using Azure CLI task which will take care of autorization. You can use az keyvault secret set to create/update a secret in KeyVault. Please take a look on documentation for more details. Of course all powershell code is valid in this task.

It looks that authentication for one doesn't applu for the other. You can also login to az cli from your task with following syntax:

az login --service-principal --username <app-id> --password <password> --tenant <tenant-id>
0
votes

Above error Please run 'az login' to setup account occurred is because you were running azure cli commands (eg. az account show) inside azure powershell task.

So if you want to run azure cli commands inside Azure powershell task. You will need to run az login to login. eg. az login --service-principal -u <app-url> -p <password-or-cert> --tenant <tenant>. If you donot have a service principal. You can follow the detailed steps in this document.

Please check Document Sign in with Azure CLI for more information.

Update: Use powershell to call Azure rest API.

You can use Invoke-RestMethod to make Azure rest API call. You will still need to provide authentication for the API calls. You can refer to below example from this blog.

function Get-AccessToken {
    $context = Get-AzContext
    $profile = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile
    $profileClient = New-Object -TypeName Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient -ArgumentList ($profile)
    $token = $profileClient.AcquireAccessToken($context.Subscription.TenantId)
    return $token.AccessToken
}
$subscriptionid = "subscriptionid"
$rg_name = "off-rg"
$rm_endpoint = "https://management.azure.com"
$authHeader = @{
    'Content-Type'  = 'application/json'
    'Authorization' = 'Bearer ' + (Get-AccessToken)
}

$uri = "$rm_endpoint/subscriptions/$subscriptionid/resourceGroups/$rg_name/providers/Microsoft.Compute/virtualMachines?api-version=2019-03-01"

$respone = Invoke-RestMethod -Method Get -Headers $authHeader -Uri $uri

You can also check out blog Access Azure REST API using PowerShell for more information.