python-3.xpermissionsazure-functionsparamikoazure-security

How to elevate permissions for an Azure Function?


I've created an Azure Function (timer trigger) (see below for an edited version of it) where I get ValueError("unknown cipher") error when it's run on Azure. I did some debugging on the linux machine that's running the Azure Function by using the bash shell that's available via SSH under Development Options for the Azure Function in the Azure Portal. Here I used an approximation of the of the code below in a python script, and was able to reproduce the error - ValueError("unknown cipher"). However when I ran the python script using sudo command (sudo python nameOfScript.py) then the error message did not appear, which leads me to believe that the error occurred in the Azure Function because of limited permissions for the Azure Function. So my question is this: How can I elevate the permissions for the Azure Function? Or make it run with sudo if that's possible? In case it's relevant then I use an Azure DevOps pipeline to deploy the Azure Function to Azure.

import datetime
import logging
import azure.functions as func
from azure.identity import DefaultAzureCredential
from azure.keyvault.secrets import SecretClient
import paramiko


def main(mytimer: func.TimerRequest) -> None:
    utc_timestamp = datetime.datetime.utcnow().replace(
        tzinfo=datetime.timezone.utc).isoformat()

    if mytimer.past_due:
        logging.info('The timer is past due!')

    logging.Logger.root.level = 10
    logging.basicConfig()
    logging.getLogger("paramiko").setLevel(logging.DEBUG)
          
    # Used for getting access to secrets on Azure key vault for authentication purposes
    credential = DefaultAzureCredential()

    secret_client = SecretClient(vault_url="InsertVaultURL", credential=credential)
    secret_name = secret_client.get_secret("InsertSecretUsernameName")
    secret_pass = secret_client.get_secret("InsertSecretPasswordName")
    secret_host_key = secret_client.get_secret("InsertSecretHostKeyName")
    
    # Server name for FSTP server 
    host_name = 'InsertFSTPHostAddress'
          
    # Connecting to FSTP server
    ssh = paramiko.SSHClient()
    ssh.get_host_keys().add(hostname = host_name, keytype='ssh-rsa', key = paramiko.PKey(data = secret_host_key.value.encode('ascii')))
    ssh.load_system_host_keys()
    ssh.connect(hostname = host_name, port = 22, username=secret_name.value, password=secret_pass.value)
    sftp = ssh.open_sftp()

    # Perform some activity with SFTP connection

    # Close the SFTP session
    sftp.close()

    # Close SSH Client
    ssh.close()

Solution

  • Glad @PythonForAzure3942 that you had resolved the issue yourself by using fabric python library. Posting this resolution as an answer to help other community members.

    Yes, Fabric Python library is used to interact and automate tasks like App deployment to the General System Administration for elevating permissions/privileges.