code for article pfeilbr/azure-functions-playground
learn azure functions.
Following is based on Create a JavaScript function from the command line - Azure Functions
# create nodejs function project
func init LocalFunctionProj --javascript
cd LocalFunctionProj
# create new function trigger via http request
func new --name HttpExample --template "HTTP trigger" --authlevel "anonymous"
# start locally
func start
# make request against local endpoint
curl http://localhost:7071/api/HttpExample?name=Brian
# create resource group
az group create --name "AzureFunctionsQuickstart-rg" --location "eastus"
# create storage account
az storage account create --name "brianpfeilmystorage01" --location "eastus" --resource-group "AzureFunctionsQuickstart-rg" --sku "Standard_LRS"
# create function app in azure
az functionapp create --resource-group "AzureFunctionsQuickstart-rg" --consumption-plan-location "eastus" --runtime "node" --runtime-version 12 --functions-version 3 --name "brianpfeilmyfn01" --storage-account "brianpfeilmystorage01"
# deploy
func azure functionapp publish "brianpfeilmyfn01"
# invoke function on azure
curl "https://brianpfeilmyfn01.azurewebsites.net/api/httpexample?name=Brianv2"
# view near real-time streaming logs
func azure functionapp logstream "brianpfeilmyfn01"
# fetch the app settings. this populates them in `local.settings.json`
# credentials for the storage account are stored in the `AzureWebJobsStorage` property
# this is needed to store message in storage queue
func azure functionapp fetch-app-settings "brianpfeilmyfn01"
# Show settings for a function app. (autogenerated)
az functionapp config appsettings list --name "brianpfeilmyfn01" --resource-group "AzureFunctionsQuickstart-rg"
# Update a function app's settings. (autogenerated)
az functionapp config appsettings set --name "brianpfeilmyfn01" --resource-group "AzureFunctionsQuickstart-rg" --settings "AzureWebJobsStorage=$storageConnectionString"
# list available function templates for javascript
func templates list -l javascript
# create new function using "Durable Functions HTTP starter" template
func new -t "Durable Functions HTTP starter" -l javascript -n DurableFunctionsHTTPstarter
Screenshots
message(s) in the azure storage queue
Managed Identity for Function in Azure Console
Notes
- app settings can be access via environment variables. See Configure function app settings in Azure Functions
- Use Key Vault references to store secrets stored in Key Vault. They are automatically fetched and provided as environment variables to your function.
- see Secure App Settings variables in Azure Functions
- e.g. App Settings Value KeyVault Reference
@Microsoft.KeyVault(SecretUri=https://pfeilkeyvault01.vault.azure.net/secrets/secret01/e0fca4271fb243178a0a861d8e6fbc59)
- Functions have in/out bindings defined in
function.json
- To access other azure resources/services from a function, you configure a managed identity on the function app and provide access to Azure resources for that identity using Azure role-based access control. See Azure Services that support managed identities - Azure AD.
- system-assigned managed identity - identity tied to and managed by a specific service. when that service instance is deleted, the identity is deleted with it.
- user-assigned managed identity - not owned by a specific service. lifecycle is fully managed by you. can be assigned to multiple services.
- Azure Durable Functions documentation - lets you write stateful functions in a serverless compute environment. Similar to AWS Step Functions, but implemented as language level library.
- shared access signature (SAS) URLs for granting limited access. Similar to S3 signed URLs. See Grant limited access to data with shared access signatures (SAS) - Azure Storage
A shared access signature is a signed URI that points to one or more storage resources. The URI includes a token that contains a special set of query parameters. The token indicates how the resources may be accessed by the client. One of the query parameters, the signature, is constructed from the SAS parameters and signed with the key that was used to create the SAS. This signature is used by Azure Storage to authorize access to the storage resource.
Resources
- Triggers and bindings in Azure Functions
- Create a JavaScript function from the command line - Azure Functions
- Azure Functions scale and hosting - covers limits and constraints
- Using Managed Identity between Azure Functions and Azure Storage - Code Samples
- How to use managed identities for App Service and Azure Functions
- Configure function app settings in Azure Functions
- Secure App Settings variables in Azure Functions
- Source Application Settings from Key Vault
Twitter • Reddit