Azure Function - trigger Python script containing Azure CLI commands

Question

I have a python script for provisioning infrastructure in Azure - IaC. This script is using mostly the Python SDK, but is also running multiple Azure CLI commands - it is needed at times when I didn't find an equivalent command in the Python SDK.

My goal is to trigger this script on-demand using Azure Functions. When testing the Azure Function locally, everything works fine as I have Azure CLI installed on my machine, however, when I publish it to Azure functions, I will run into an error that: /bin/sh: 1: az: not found

Below is the sample python function I trigger in the Azure Function (Please note that the rest of script works fine, so I can create RG, SQL server etc, the problem is just the az commands). I wonder, if and how could I install Azure CLI on the Azure Function in order to be able to run the CLI commands?

Here is the python function causing the error:

    # Loging to AZ
    call("az login --service-principal -u '%s' -p '%s' --tenant '%s'" % (client_id, client_secret, tenant_id), shell=True)
    b2c_id = check_output("az resource show -g '<rg_name>' -n '<b2c_name>' --resource-type 'Microsoft.AzureActiveDirectory/b2cDirectories' --query id --output tsv", shell=True)
    print("The B2C ID is: %s" % b2c_id)```

Answer 1

I tried to create a simple Azure Function with HttpTrigger to invoke Azure CLI tools by different ways, but never works on cloud after published.

It seems the only solution is to publish the function as docker image with --build-native-deps option for the command func azure functionapp publish <your function app name> after add the required package azure-cli into the requirements.txt file, as the figure with error below said,

There was an error restoring dependencies.ERROR: cannot install antlr4-python3-runtime-4.7.2 dependency: binary dependencies without wheels are not supported. Use the --build-native-deps option to automatically build and configure the dependencies using a Docker container. More information at https://aka.ms/func-python-publish

Due to there is not docker tools in my local, I did not successfully run func azure functionapp publish <your function app name> --build-native-deps .

Meanwhile, running Azure CLI commands is not the only one ways to use the functions of Azure CLI. The az command is just a runnable script file, not a binary execute file. After I reviewd az and some source codes of azure-cli package, I think you can directly import the package via from azure.cli.core import get_default_cli and to use it to do the same operations like the code below.

from azure.cli.core import get_default_cli

az_cli = get_default_cli()
exit_code = az_cli.invoke(args)
sys.exit(exit_code)

The code is written by referring to the source code of azure/cli/__main__.py of azure-cli package, you can see it from the lib/python3.x/site-packages path of your virtual environment.

Hope it helps.

Answer 2

Thanks, Peter, I used something similar in the end and got it working. I have this function which will run the AZ CLI commands and return results if we need to (like for example if I need to run the cli command but also store the output, for example if I want to know what an object ID of a service principal is, I can get the results like in this example:

def az_cli (args):
    cli = get_default_cli()
    cli.invoke(args)
    if cli.result.result:
        return cli.result.result
    elif cli.result.error:
        raise cli.result.error
    return True

Now, I can make the call like this ( client_id is the ServicePrincipal ID):

ob_id = az_cli(['ad', 'sp', 'show', '--id', client_id])
print(ob_id["objectId"])