azure-devopsazure-functionscontinuous-deploymentazure-powershellpaas

Script to get the azure function key and put it in keyvault using azure powershell inline task in azure devops


I have ran this below commands in azure PowerShell inline script task with 3.1.0 version in Azure DevOps.

$accountInfo = az account show

$accountInfoObject = $accountInfo | ConvertFrom-Json

$subscriptionId  = $accountInfoObject.id

$resourceGroup = "BZE1ERG01"

$functionName = "BAZE1EFA01"

$functionkeylist = az rest --method post --uri "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroup/providers/Microsoft.Web/sites/$functionName/host/default/listKeys?api-version=2018-11-01"

$keylistobject = $functionkeylist | ConvertFrom-Json
$functionKey = $keylistobject.functionKeys.default    

$tmpSecret1 = ConvertTo-SecureString $functionKey -AsPlainText -Force

Set-AzKeyVaultSecret -VaultName 'azu-qa-keyvault' -Name functionkeysecret -SecretValue $tmpSecret1

DevOps screenshot

enter image description here

I am getting an error

enter image description here


Solution

  • Above error Please run 'az login' to setup account occurred is because you were running azure cli commands (eg. az account show) inside azure powershell task.

    So if you want to run azure cli commands inside Azure powershell task. You will need to run az login to login. eg. az login --service-principal -u <app-url> -p <password-or-cert> --tenant <tenant>. If you donot have a service principal. You can follow the detailed steps in this document.

    Please check Document Sign in with Azure CLI for more information.

    Update: Use powershell to call Azure rest API.

    You can use Invoke-RestMethod to make Azure rest API call. You will still need to provide authentication for the API calls. You can refer to below example from this blog.

    function Get-AccessToken {
        $context = Get-AzContext
        $profile = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile
        $profileClient = New-Object -TypeName Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient -ArgumentList ($profile)
        $token = $profileClient.AcquireAccessToken($context.Subscription.TenantId)
        return $token.AccessToken
    }
    $subscriptionid = "subscriptionid"
    $rg_name = "off-rg"
    $rm_endpoint = "https://management.azure.com"
    $authHeader = @{
        'Content-Type'  = 'application/json'
        'Authorization' = 'Bearer ' + (Get-AccessToken)
    }
    
    $uri = "$rm_endpoint/subscriptions/$subscriptionid/resourceGroups/$rg_name/providers/Microsoft.Compute/virtualMachines?api-version=2019-03-01"
    
    $respone = Invoke-RestMethod -Method Get -Headers $authHeader -Uri $uri
    

    You can also check out blog Access Azure REST API using PowerShell for more information.