Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit cca7a73

Browse files
committed
added azure function samples
1 parent 29ecdbf commit cca7a73

File tree

4 files changed

+241
-52
lines changed

4 files changed

+241
-52
lines changed

‎.gitattributes

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
# Thanks to: https://rehansaeed.com/gitattributes-best-practices/
2+
3+
# Set default behavior to automatically normalize line endings.
4+
* text=auto
5+
6+
# Force batch scripts to always use CRLF line endings so that if a repo is accessed
7+
# in Windows via a file share from Linux, the scripts will work.
8+
*.{cmd,[cC][mM][dD]} text eol=crlf
9+
*.{bat,[bB][aA][tT]} text eol=crlf
10+
11+
# Force bash scripts to always use LF line endings so that if a repo is accessed
12+
# in Unix via a file share from Windows, the scripts will work.
13+
*.sh text eol=lf

‎README.md

Lines changed: 8 additions & 52 deletions
Original file line numberDiff line numberDiff line change
@@ -1,57 +1,13 @@
1-
# Project Name
1+
# Azure SQL DB sp_invoke_external_rest_endpoint samples
22

3-
(short, 1-3 sentenced, description of the project)
3+
`sp_invoke_external_rest_endpoint` is a system stored procedure that allows native invocation of an HTTPS REST endpoint from Azure SQL DB.
44

5-
## Features
5+
For full details on this stored procedure, please take a look at the official documentation here: [sp_invoke_external_rest_endpoint (Transact-SQL)](https://learn.microsoft.com/sql/relational-databases/system-stored-procedures/sp-invoke-external-rest-endpoint-transact-sql)
66

7-
This project framework provides the following features:
7+
## Samples
88

9-
* Feature 1
10-
* Feature 2
11-
* ...
9+
### [Azure Functions](./azure-functions.ipynb)
1210

13-
## Getting Started
14-
15-
### Prerequisites
16-
17-
(ideally very short, if any)
18-
19-
- OS
20-
- Library version
21-
- ...
22-
23-
### Installation
24-
25-
(ideally very short)
26-
27-
- npm install [package name]
28-
- mvn install
29-
- ...
30-
31-
### Quickstart
32-
(Add steps to get up and running quickly)
33-
34-
1. git clone [repository clone url]
35-
2. cd [repository name]
36-
3. ...
37-
38-
39-
## Demo
40-
41-
A demo app is included to show how to use the project.
42-
43-
To run the demo, follow these steps:
44-
45-
(Add steps to start up the demo)
46-
47-
1.
48-
2.
49-
3.
50-
51-
## Resources
52-
53-
(Any additional resources or related projects)
54-
55-
- Link to supporting information
56-
- Link to similar sample
57-
- ...
11+
- Call a public (or anonymous) Azure Function
12+
- Call an Azure Function protected by a secret key
13+
- Call an Azure Function protected by Azure AD

‎assets/managed-identity.png

110 KB
Loading[フレーム]

‎azure-functions.ipynb

Lines changed: 220 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,220 @@
1+
{
2+
"metadata": {
3+
"kernelspec": {
4+
"name": "SQL",
5+
"display_name": "SQL",
6+
"language": "sql"
7+
},
8+
"language_info": {
9+
"name": "sql",
10+
"version": ""
11+
}
12+
},
13+
"nbformat_minor": 2,
14+
"nbformat": 4,
15+
"cells": [
16+
{
17+
"cell_type": "markdown",
18+
"source": [
19+
"# Call an Azure Function from Azure SQL DB\r\n",
20+
"\r\n",
21+
"Make sure to have an Azure Function deployed in Azure to run the following samples. If you need help in creating your first Azure Function, please take a look here: [Getting started with Azure Functions](https://learn.microsoft.com/azure/azure-functions/functions-get-started). \r\n",
22+
"\r\n",
23+
"**Please note** that the Azure Function must have an [HTTP Trigger](https://learn.microsoft.com/azure/azure-functions/functions-bindings-http-webhook) to be able to be called by Azure SQL DB: [Azure Functions HTTP trigger](https://learn.microsoft.com/azure/azure-functions/functions-bindings-http-webhook-trigger)\r\n",
24+
"\r\n",
25+
"In the next samples is assumed that there is an Azure Function with HTTP Trigger support deployed at `https://azure-sql-function.azurewebsites.net/api/sample-function`. To have the samples working in your environment make sure to use the URL of your Azure Function. "
26+
],
27+
"metadata": {
28+
"azdata_cell_guid": "8411c7b8-5798-44aa-8f07-87c8ecd0496d"
29+
},
30+
"attachments": {}
31+
},
32+
{
33+
"cell_type": "markdown",
34+
"source": [
35+
"## Call a public (or anonymous) Azure Function\r\n",
36+
"\r\n",
37+
"If the function doesn't require any authentication, it can be called without any additional requirement"
38+
],
39+
"metadata": {
40+
"azdata_cell_guid": "5d1731bf-3fbb-4f66-8c36-be5a3e2a71d3"
41+
},
42+
"attachments": {}
43+
},
44+
{
45+
"cell_type": "code",
46+
"source": [
47+
"declare @url nvarchar(4000) = N'https://azure-sql-function.azurewebsites.net/api/sample-function';\r\n",
48+
"declare @headers nvarchar(4000) = N'{\"header1\":\"value_a\", \"header2\":\"value2\", \"header1\":\"value_b\"}'\r\n",
49+
"declare @payload nvarchar(max) = N'{\"some\":{\"data\":\"here\"}}'\r\n",
50+
"declare @ret int, @response nvarchar(max);\r\n",
51+
"\r\n",
52+
"exec @ret = sp_invoke_external_rest_endpoint \r\n",
53+
"\t@url = @url,\r\n",
54+
"\t@method = 'GET',\r\n",
55+
"\t@headers = @headers,\r\n",
56+
"\t@payload = @payload,\r\n",
57+
"\t@response = @response output;\r\n",
58+
"\t\r\n",
59+
"select @ret as ReturnCode, @response as Response;"
60+
],
61+
"metadata": {
62+
"azdata_cell_guid": "a07b64e8-b0f4-42fc-9252-8028a6f0036e",
63+
"language": "sql"
64+
},
65+
"outputs": [],
66+
"execution_count": null
67+
},
68+
{
69+
"cell_type": "markdown",
70+
"source": [
71+
"## Call an Azure Function protected by a secret key\n",
72+
"\n",
73+
"Azure Funtions can be protected via the usage of a \"authorization key\" that must be passed to the function in order to execution to happen: [Authorization level](https://learn.microsoft.com/azure/azure-functions/functions-bindings-http-webhook-trigger?tabs=in-process%2Cfunctionsv2&pivots=programming-language-csharp#http-auth)\n",
74+
"\n",
75+
"Since the authorization key is a sensitive value, it is recommended to store its value in a `DATABASE SCOPED CREDENTIAL` (more info here: [Credentials (Database Engine)](https://learn.microsoft.com/sql/relational-databases/security/authentication-access/credentials-database-engine))"
76+
],
77+
"metadata": {
78+
"azdata_cell_guid": "3d4540a5-eb05-4e38-b8f9-5aea80121945"
79+
},
80+
"attachments": {}
81+
},
82+
{
83+
"cell_type": "code",
84+
"source": [
85+
"-- make sure a database master key exists\r\n",
86+
"if not exists(select * from sys.symmetric_keys where [name] = '##MS_DatabaseMasterKey##') begin\r\n",
87+
" create master key encryption by password = 'LONg_Pa$$_w0rd!'\r\n",
88+
"end\r\n",
89+
"\r\n",
90+
"-- create database scoped credential\r\n",
91+
"create database scoped credential [https://azure-sql-function.azurewebsites.net/api/sample-function]\r\n",
92+
"with identity = 'HTTPEndpointHeaders', secret = '{\"x-functions-key\":\"<your-function-key-here>\"}';\r\n",
93+
"go"
94+
],
95+
"metadata": {
96+
"azdata_cell_guid": "854cb13b-d2bc-4f27-a051-518819f1b1e3",
97+
"language": "sql"
98+
},
99+
"outputs": [],
100+
"execution_count": null
101+
},
102+
{
103+
"cell_type": "markdown",
104+
"source": [
105+
"Once the `DATABASE SCOPED CREDENTIAL` has been defined, it can be used by anyone who has been granted the `REFERENCE` permissions on it (see: [Grant permissions to use credential](https://learn.microsoft.com/sql/relational-databases/system-stored-procedures/sp-invoke-external-rest-endpoint-transact-sql?view=azuresqldb-current&tabs=request-headers#grant-permissions-to-use-credential)):"
106+
],
107+
"metadata": {
108+
"language": "sql",
109+
"azdata_cell_guid": "1a72e6b1-6a7c-4a48-85b4-ebcc236e8634"
110+
},
111+
"attachments": {}
112+
},
113+
{
114+
"cell_type": "code",
115+
"source": [
116+
"declare @url nvarchar(4000) = N'https://azure-sql-function.azurewebsites.net/api/sample-function';\r\n",
117+
"declare @headers nvarchar(4000) = N'{\"header1\":\"value_a\", \"header2\":\"value2\", \"header1\":\"value_b\"}'\r\n",
118+
"declare @payload nvarchar(max) = N'{\"some\":{\"data\":\"here\"}}'\r\n",
119+
"declare @ret int, @response nvarchar(max);\r\n",
120+
"\r\n",
121+
"exec @ret = sp_invoke_external_rest_endpoint \r\n",
122+
"\t@url = @url,\r\n",
123+
"\t@method = 'GET',\r\n",
124+
"\t@headers = @headers,\r\n",
125+
"\t@payload = @payload,\r\n",
126+
" @credential = [https://azure-sql-function.azurewebsites.net/api/sample-function],\r\n",
127+
"\t@response = @response output;\r\n",
128+
"\t\r\n",
129+
"select @ret as ReturnCode, @response as Response;"
130+
],
131+
"metadata": {
132+
"language": "sql",
133+
"azdata_cell_guid": "cf6bc5cd-1a33-446d-9e97-becca68f5065"
134+
},
135+
"outputs": [],
136+
"execution_count": null
137+
},
138+
{
139+
"cell_type": "markdown",
140+
"source": [
141+
"## Call an Azure Function protected by Azure AD\n",
142+
"\n",
143+
"Make sure you have enabled the Managed Identity support for the Azure SQL Server related to the database you are using to call the Azure Function, or via AZ CLI:\n",
144+
"\n",
145+
"```\n",
146+
"az sql server update -g <resource-group> -n <azure-sql-server> --identity-type SystemAssigned\n",
147+
"\n",
148+
"```\n",
149+
"\n",
150+
"or via the the Azure Portal\n",
151+
"\n",
152+
"![Enable Managed Identity via Azure Portal](.\\assets\\managed-identity.png)\n",
153+
"\n",
154+
"and then enable Azure AD authentication in your Azure Function as explained here: [Tutorial: Add app authentication to your web app running on Azure App Service](https://learn.microsoft.com/azure/app-service/scenario-secure-app-authentication-app-service).\n",
155+
"\n",
156+
"After the Azure AD principal has been enabled on Azure Function, you'll see that there is a App (client) ID available (for example: `02f5c654-0d70-4074-a82f-40d6a0dce8ff`). The provided App ID must be used to allow Azure SQL Database to correctly make the authenticated call to the Azure Function. Create a `DATABASE SCOPED CREDENTIAL` and speciofy `Managed Identity` as the `identity` value. The `secrect` value must be a flat JSON that contains the APP ID value in the `resourceid` property:"
157+
],
158+
"metadata": {
159+
"language": "sql",
160+
"azdata_cell_guid": "9b0da9bc-ce54-482b-8277-fab07e51a0d5"
161+
},
162+
"attachments": {}
163+
},
164+
{
165+
"cell_type": "code",
166+
"source": [
167+
"-- make sure a database master key exists\r\n",
168+
"if not exists(select * from sys.symmetric_keys where [name] = '##MS_DatabaseMasterKey##') begin\r\n",
169+
" create master key encryption by password = 'LONg_Pa$$_w0rd!'\r\n",
170+
"end\r\n",
171+
"\r\n",
172+
"-- create database scoped credential\r\n",
173+
"create database scoped credential [https://azure-sql-function.azurewebsites.net/api/sample-function]\r\n",
174+
"with identity = 'Managed Identity', secret = '{\"resourceid\":\"02f5c654-0d70-4074-a82f-40d6a0dce8ff\"}';\r\n",
175+
"go"
176+
],
177+
"metadata": {
178+
"azdata_cell_guid": "a1337a1c-f307-4501-ad4a-645a83c09f6c",
179+
"language": "sql"
180+
},
181+
"outputs": [],
182+
"execution_count": null
183+
},
184+
{
185+
"cell_type": "markdown",
186+
"source": [
187+
"Once the `DATABASE SCOPED CREDENTIAL` has been defined, it can be used by anyone who has been granted the `REFERENCE` permissions on it (see: [Grant permissions to use credential](https://learn.microsoft.com/sql/relational-databases/system-stored-procedures/sp-invoke-external-rest-endpoint-transact-sql?view=azuresqldb-current&tabs=request-headers#grant-permissions-to-use-credential)):"
188+
],
189+
"metadata": {
190+
"azdata_cell_guid": "d6579560-6d31-4880-9014-09de408af25e"
191+
},
192+
"attachments": {}
193+
},
194+
{
195+
"cell_type": "code",
196+
"source": [
197+
"declare @url nvarchar(4000) = N'https://azure-sql-function.azurewebsites.net/api/sample-function';\r\n",
198+
"declare @headers nvarchar(4000) = N'{\"header1\":\"value_a\", \"header2\":\"value2\", \"header1\":\"value_b\"}'\r\n",
199+
"declare @payload nvarchar(max) = N'{\"some\":{\"data\":\"here\"}}'\r\n",
200+
"declare @ret int, @response nvarchar(max);\r\n",
201+
"\r\n",
202+
"exec @ret = sp_invoke_external_rest_endpoint \r\n",
203+
"\t@url = @url,\r\n",
204+
"\t@method = 'GET',\r\n",
205+
"\t@headers = @headers,\r\n",
206+
"\t@payload = @payload,\r\n",
207+
" @credential = [https://azure-sql-function.azurewebsites.net/api/sample-function],\r\n",
208+
"\t@response = @response output;\r\n",
209+
"\t\r\n",
210+
"select @ret as ReturnCode, @response as Response;"
211+
],
212+
"metadata": {
213+
"azdata_cell_guid": "bdccbcf9-e54e-4ce6-a0d9-3fac412a1a17",
214+
"language": "sql"
215+
},
216+
"outputs": [],
217+
"execution_count": null
218+
}
219+
]
220+
}

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /