01: Before Starting
In this tutorial, we will explore Azure server less offering Azure Function. Please read the pre-requisite as below before starting. This tutorial expect you to know what is server less computing. Familiarity with Python and Flask framework. Azure Subscription Azure CLI installed on your machine VS Code as an IDE. Account on github.com At the end of this tutorial, you will be able to design a service in Azure Function with concept of API Authentication, Logging and Telemetry, Configuring Azure Function for popular python framework like Flask or FastAPI.
02: Setting up Environment
Browser Login to Azure Portal with your account. Select your subscription. Say: Visual Studio Enterprise Subscription. Create a new Resource Group. Name: az-func-demo-wus Region: West US AZ CLI Authenticate az cli. Select your account when prompted az login Set Account to Visual Studio Enterprise Subscription. Copy subscription Id from portal. az account set --subscription xxx-0fc2-xxxxx-9342-xxxxxxx GitHub Repo Create a GitHub repo on github.com for committing the code. Click on github.com Create a new public repository.
03: Creating Azure Function App
For this tutorial, we will create azure function using Azure Portal, however, this can also be created directly from VSCode, Az Cli etc. Creating Azure Function App using Azure Portal Select resource group az-func-demo-wus Click on +Create button in overview tab. Search for Function App in marketplace and click create In Create Function App page: Ensure right subscription and resource group are selected. Function App name: Provide a unique name to Azure Function.
04: Writing an API
Now we have Azure Function App with a Function (API) running. Lets us know write our API. There is no set rules or patterns to develop APIs on Azure Function App. One can have one-function-one-api or we can use popular framework like Flask or FastApi integrated with Azure Function. For this tutorial we will use Flask as that can help us migrate existing Flask App running on Virtual Machine or any Host to Azure Function.
05: API Authentication
As we now have a function integrated with flask framework and exposing two APIs i.e. /health and /vault/<secret_name>. In this step, we will see who to have protected api. If we just need to protect all APIs then we can simply use Azure Function Identity feature, however in most cases, not all api’s needs Authz as we may have health api which needs to be open. Also, in many other cases we want to verify token for custom roles based on access to certain specific api.
06: Accessing Protected API
To access protected API in our Function App, we need to get an access token from Azure AD App. This diagram shows a high-level view of the authentication flow: The E2E oauth2 auth code flow is being described here Generate Client Id and Secret To generate an access token to access our APIs, A User first need to onboard their AD App (Client AD App) to our AD App (Server AD App).
07: Logging with App Insight
Before we start, we need to verify if Azure Function App is connected to an instance of App Insight or not. To check this, go to Application Insights in Azure Function and verify if it is connected to an App Insight Resource. If not, we either need to create a new App Insight resource and attach it to Function App or use an existing App Insight app. Get App Insight Connection String Click on App Insight attached to Azure Function Copy Instrumentation Key and Connection String from overview tab Code Changes Notes:
08: Telemetry with App Insight
Let us now create work on injestig code for App Insight telemetry. This help observe how a request was served from the different part of the code. Code Changes In src/appinsight/logger.py, we will create decorator that help inject trace to App Insight def trace_as_dependency(tracer: Tracer = None, name: str = None, prefix: str = None): """trace_as_dependency [method decorator to trace a method invocation as a dependency (in AppInsights)] Args: tracer (Tracer): [Opencensus tracer object used to create the trace record.