From f19bc0176f8b3b311aa1f937be1df53e562f60bd Mon Sep 17 00:00:00 2001 From: Markus Tacker Date: Wed, 29 Jan 2020 17:44:41 +0100 Subject: [PATCH] feat: authenticate function using MSI --- azuredeploy.json | 3 +++ listDevices/index.ts | 32 +++++++++++++++++++++++++------- 2 files changed, 28 insertions(+), 7 deletions(-) diff --git a/azuredeploy.json b/azuredeploy.json index cb254b7..e3fc7cc 100644 --- a/azuredeploy.json +++ b/azuredeploy.json @@ -158,6 +158,9 @@ "name": "[concat(parameters('appName'), 'WebSite')]", "location": "[parameters('location')]", "kind": "functionapp", + "identity": { + "type": "SystemAssigned" + }, "dependsOn": [ "[resourceId('Microsoft.Web/serverfarms', concat(parameters('appName'), 'ServerFarm'))]", "[resourceId('Microsoft.Storage/storageAccounts', parameters('AppStorageName'))]" diff --git a/listDevices/index.ts b/listDevices/index.ts index 8680173..cd8ea01 100644 --- a/listDevices/index.ts +++ b/listDevices/index.ts @@ -1,21 +1,39 @@ import { AzureFunction, Context, HttpRequest } from '@azure/functions' +import { IotHubClient } from '@azure/arm-iothub' +import * as msRestNodeAuth from '@azure/ms-rest-nodeauth' const listDevices: AzureFunction = async ( context: Context, req: HttpRequest, ): Promise => { - context.log('HTTP trigger function processed a request.') - const name = req.query.name || (req.body && req.body.name) + context.log({ req }) + try { + // See https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=dotnet#obtaining-tokens-for-azure-resources + const msiTokenRes = await msRestNodeAuth.loginWithAppServiceMSI({ + msiEndpoint: process.env.MSI_ENDPOINT || '', + msiSecret: process.env.MSI_SECRET || '', + }) + console.log(msiTokenRes) + + const iotHubClient = new IotHubClient( + msiTokenRes, + process.env.AZURE_SUBSCRIPTION_ID || '', + ) + const iotHubs = await iotHubClient.iotHubResource.listBySubscription() - if (name) { context.res = { // status: 200, /* Defaults to 200 */ - body: `Hello ${req.query.name || req.body.name}`, + headers: { + 'Content-Type': 'application/json; charset=uft-8', + }, + isRaw: true, + body: JSON.stringify(iotHubs), } - } else { + } catch (error) { context.res = { - status: 400, - body: 'Please pass a name on the query string or in the request body', + status: 500, + isRaw: true, + body: JSON.stringify(error), } } }