Azure函数ServiceBustrigger连接字符串值不在应用程序设置中
在我通过PowerShell>部署功能应用程序之前ARM模板我动态获取服务总线连接字符串,并在function.json文件中的连接绑定中更新值。然后,我部署功能应用程序和函数。
部署有效,但是功能应用程序返回错误消息:
Microsoft.Azure.WebJobs.ServiceBus: Microsoft Azure WebJobs SDK ServiceBus connection string 'Endpoint=sb://sbname.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;[Hidden Credential]' is missing or empty.
问题是:我们是否真的必须在功能应用程序上使用此连接字符串创建应用程序设置?除了使用应用程序设置之外,没有其他选择吗?
感觉就像将连接字符串存储在另一个位置,而不是在服务总线上创建另一个漏洞。 我知道我可以在function.json文件中定义“连接”:“ rootmanageHaredAccesskey_servicebus”,然后创建一个具有相同名称的应用程序设置,但这不是我想要前进的方式。
Before I deploy a function app and functions through PowerShell > ARM template I dynamically get a service bus connection string and update the value in the connection binding in the function.json file. Then I deploy the function app and function.
Deployment works, but the function app returns an error message:
Microsoft.Azure.WebJobs.ServiceBus: Microsoft Azure WebJobs SDK ServiceBus connection string 'Endpoint=sb://sbname.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;[Hidden Credential]' is missing or empty.
The question is: Do we really have to create an application setting on the function app with this connection string in it? Is there no other option than using the app setting?
It feels like storing the connection string in another location than on the service bus would just create another vulnerability.
I am aware that I could define "connection": "RootManageSharedAccessKey_SERVICEBUS" in the function.json file and then create an app setting with that same name, but that's not the way forward I want to go.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
请检查我的发现是否有助于:
假设您已将ServiceBus连接字符串存储在密钥库中。您需要通过应用程序设置在函数应用程序中检索,但是在应用程序设置中,您可以定义为:
此键Vault URI无法由任何其他用户访问 。 /em>或 用户分配的托管身份 权限。
Please check if my findings help to:
Assume you have stored the ServiceBus connection string in the Key Vault. That you want to retrieve in the Function App through Application Settings but here in the app setting you can define as:
This KeyVault URI cannot be accessed by any other user until they are assigned with System or User Assigned Managed Identity Permission.