azure-maven-plugins
azure-maven-plugins copied to clipboard
[Functions] Set app settings on deployment
Problem statement:
Currently to set application settings, a user needs to configure them in the pom.xml
file. This is insecure if you're using version control without a CI/CD setup.
Options:
-
Ideally, a user is able to publish the connection strings as app settings along with
azure-functions:deploy
command. We'll need to come up with the idiomaticmvn
experience for this. -
Potentially introduce a new target to create the app settings.
/cc @hexiaokai @selvasingh @jeffhollan @JasonFreeberg @brunoborges
I think the best way to do this from a CI/CD context is leverage environment variables. I know POM.xml already supports that. However for the non-CI/CD I do think there is always this hiccup between publishing and THEN updating app settings. Maybe we could split this into 2 things:
- Allow a flag for
mvn azure-functions:deploy
like-DincludeLocalSettings=true
or whatever that will also sync whatever you have inlocal.settings.json
to whatever environment you push to. - Add samples (or maybe automatically do some of this?) to create App Settings with placements for {EnvironmentVariables}. I'm not sure if Java developers have a preferred way to capture environment variables (node users use
.env
for example), but maybe we could template or better make a pairing between a.env
file,pom.xml
, andlocal.settings.json
You are better off with a configuration system that uses keyvault by default.
pom.xml
<configuration>
<env>
FOO=FooBarKeyNameForVaultProperty
</env>
</configuration>
Then, user can get values from the ExecutionContext
object:
String foo = executionContext.getConfigValue("FOO");
And the above will return the value that is stored in the vault under property FooBarKeyNameForVaultProperty. For testing purposes, or when there is no vault, getConfigValue
will return what is in the environment variable.
The reason for a pom.xml
configuration is to create the app setting during deployment.
Bringing this to notice again.
There needs to be a simple way to provide configurations as part of the deployment!
@brunoborges A lot of times these configurations are not required to be pulled from key-vault. To keep it simple.
This is how we are doing currently as part of CICD pipeline:
mvn azure-function:deploy
az functionapp config appsettings set --name function-app --resource-group XXXX --settings "EndPoint=https://XXXX" "Key2=YYYY" "Key3=ZZZZ"
Publishing first and then updating the configuration creates a few problems. Also, it complicates cicd agent to have az cli installed