azure-functions-openapi-extension icon indicating copy to clipboard operation
azure-functions-openapi-extension copied to clipboard

Published 20 hours ago verified publisher icon Azure

Hide Swagger UI depending on settings value for isolated functions

Open CaffeineIntoCode opened this issue 2 years ago • 3 comments

Issue:

I want to be able to hide the Swagger UI page depending on what the settings file value is set to. For example, if I am in a Prod environment then I do not want to expose my Swagger UI site to the public. Then I just enable the true flag in the prod settings to hide the UI and return 404.

This feature option is currently available for "In-proc" model of Azure functions V4 but not for "Out-of-Proc"

To enable hiding the UI in a non-isolated model, all one has to do is set "OpenApi__HideDocument" to "true" in the json settings file.

I was wondering if there is currently any workarounds or hacks that someone has implemented to make this work for out of process functions? Thanks in advanced.

CaffeineIntoCode avatar Nov 07 '22 14:11 CaffeineIntoCode

I ran across this extension the other day with my need to generate openapi docs for function apps and pass to APIM. After we deployed to a development subscription I realized that the UI and all of the rendered openapi endpoints were anonymously accessible. Reading the documentation, much like you, I realized that there are deficiencies in the configuration with this extension between in-proc versus out-of-proc and unfortunately the authorization level is one of them. This is a pity because out-of-proc is Microsoft's "path forward".

However, I did notice that I can disable the generated endpoints through my local.settings.json by using the following:

    "AzureWebJobs.RenderSwaggerDocument.Disabled": true,
    "AzureWebJobs.RenderSwaggerUI.Disabled": true,
    "AzureWebJobs.RenderOpenApiDocument.Disabled": true

Tying this back to a workaround, theoretically when deployed in Azure this should disable those endpoints which accomplishes "hiding" the UI. Then the concept for actually generating the document would take place in the CI/CD pipeline through a script, importing to APIM, and then deploying with the endpoints disabled. Haven't actually tested it out yet deployed with the settings, but theoretically... this should be a workaround.

Of course if the function app is not exposed publicly, that mitigates some of the concerns about the endpoints being exposed anonymously to the public... but of course that costs more.

DavidKessler80 avatar Apr 19 '23 12:04 DavidKessler80

"AzureWebJobs.RenderSwaggerDocument.Disabled": true, "AzureWebJobs.RenderSwaggerUI.Disabled": true, "AzureWebJobs.RenderOpenApiDocument.Disabled": true

That worked perfectly locally and deployed.

ArtyProf avatar Apr 19 '24 09:04 ArtyProf