powershell-tools/Create-AzureFunctionLocalSettings.ps1 at main · timmkrause/powershell-tools · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
<#
    .SYNOPSIS
        Create local.settings.json for a local Azure Function based on app settings of a deployed version of the function within Azure.

    .DESCRIPTION
        App settings are being downloaded from the provided Azure Function App resource name.
        They are then decrypted to make them parseable.
        Key Vault references are being exchanged with their actual secret value.
        Depending on the parameters the settings are encrypted again.

    .EXAMPLE
        Create-AzureFunctionLocalSettings -FunctionAppName {functionAppResourceName}

    .EXAMPLE
        Create-AzureFunctionLocalSettings -FunctionAppName {functionAppResourceName} -TargetFolder {targetFolder}

    .EXAMPLE
        Create-AzureFunctionLocalSettings -FunctionAppName {functionAppResourceName} -TargetFolder {targetFolder} -UseDevelopmentStorage $false -Decrypted -Force
#>
param (
    [Parameter(Mandatory = $true, HelpMessage = "Existing Azure Function App resource name from where the app settings should be pulled from.")]
    [string]
    $FunctionAppName,

    [Parameter(Mandatory = $false, HelpMessage = "Target folder where the local.settings.json will be stored.")]
    [string]
    $TargetFolder = (Get-Location).Path,

    [Parameter(Mandatory = $false, HelpMessage = "Replaces Storage Account connection strings with local development storage.")]
    [bool]
    $UseDevelopmentStorage = $true,

    [Parameter(Mandatory = $false, HelpMessage = "Defines whether or not the settings should be encrypted at tSettings won't be encrypted anymore if the flag is provided.")]
    [switch]
    $Decrypted = $false,

    [Parameter(Mandatory = $false, HelpMessage = "Force overwrites of existing local.settings.json.")]
    [switch]
    $Force = $false
)

$ErrorActionPreference = "Stop"

$localSettingsJsonFilePath = "$TargetFolder\local.settings.json"

Write-Host -ForegroundColor Green "Start building $localSettingsJsonFilePath..."

if ((Test-Path $localSettingsJsonFilePath) -and !$Force) {
    Write-Error "Settings file already exists. Aborting. You can use -Force to enforce overwrites."
}

Write-Host -ForegroundColor Gray "Fetching app settings from $FunctionAppName..."
func azure functionapp fetch-app-settings $FunctionAppName --output-file $localSettingsJsonFilePath | Out-Null

if ($LastExitCode -ne 0) {
    return
}

Write-Host -ForegroundColor Gray "Decrypting..."
func settings decrypt

if ($LastExitCode -ne 0) {
    return
}

$localSettingsJsonContent = Get-Content $localSettingsJsonFilePath

Write-Host -ForegroundColor Gray "Replacing Key Vault references with secret values..."
$keyVaultReferenceRegex = "@Microsoft\.KeyVault\(VaultName=(?<vaultName>[^;]+);SecretName=(?<secretName>[^;]+)(;SecretVersion=(?<secretVersion>[^;\)]*))?\)"
$keyVaultReferenceMatches = $localSettingsJsonContent | Select-String -Pattern $keyVaultReferenceRegex -AllMatches | ForEach-Object {$_.Matches}

foreach ($match in $keyVaultReferenceMatches) {
    $vaultName = $match.Groups["vaultName"].Value
    $secretName = $match.Groups["secretName"].Value
    $secretValue = az keyvault secret show --name $secretName --vault-name $vaultName --query value -o tsv

    if ($LastExitCode -ne 0) {
        return
    }

    Write-Host $match.Value

    $localSettingsJsonContent = $localSettingsJsonContent.Replace($match.Value, "$secretValue")
}

if ($UseDevelopmentStorage) {
    Write-Host -ForegroundColor Gray "Replacing Storage Account connection strings with local development storage..."
    $storageAccountConnectionStringRegex = "DefaultEndpointsProtocol=(http|https);AccountName=[a-zA-Z0-9]+;AccountKey=[a-zA-Z0-9+\/=]+(;EndpointSuffix=[a-z.]+)?"
    $storageAccountConnectionStringMatches = $localSettingsJsonContent | Select-String -Pattern $storageAccountConnectionStringRegex -AllMatches | ForEach-Object {$_.Matches}

    foreach ($match in $storageAccountConnectionStringMatches) {
        $localSettingsJsonContent = $localSettingsJsonContent.Replace($match.Value, "UseDevelopmentStorage=true")
    }
}

Set-Content -Path $localSettingsJsonFilePath -Value $localSettingsJsonContent

if (!$Decrypted) {
    Write-Host -ForegroundColor Gray "Encrypting..."
    func settings encrypt

    if ($LastExitCode -ne 0) {
        return
    }
}

Write-Host -ForegroundColor Green "Finished building $localSettingsJsonFilePath."