Remove function from Azure Function

In todays article I want to share with you script for remove function from Azure function.

I was looking for some ready Powershell command for removing function, but AzureRM module is very limited in this area. The only thing which I found was information that most of operation on Azure function is available via API (however is still very limited). You can find Kudu documentation on https://github.com/projectkudu/kudu/wiki/REST-API.

How script works?

First of all you need to have account with Contributor permission to remove function from Azure function. Best way to do that is to create Service Principal with limited permission. You can check how to do it in one of my previous article . In first way entry variables must be provided to gather authentication token and information about Azure function. In next steps script is connecting to API to remove function from Azure function. Once it is done, script is listing all functions to ensure that desired function has been removed.

Script:

$SubscriptionID = "subscription_id"
$resourceGroup = "resource_group_name"
$webapp = "azure_function_name"
$function = "function_name"
$tenantID = ''
$tokenEndpoint = "https://login.microsoftonline.com/$tenantID/oauth2/token"
$contributorId = "application_id"
$contributorSecret = "SUperSecretPassword"
$contributorSecret = [uri]::EscapeDataString($contributorSecret)

$tokenBody = [string]::Concat("grant_type=client_credentials&client_id=", $contributorId.ToString(), `
                                  "&client_secret=", $contributorSecret.ToString(), `
                                  "&resource=https://management.azure.com&scope=openid+offline_access")
$tokenHeaders = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$tokenHeaders.Add('Content-Type','application/x-www-form-urlencoded')
$tokenResponse = Invoke-WebRequest -Uri $tokenEndpoint -Method POST -Body $tokenBody -Headers $tokenHeaders
$tokenContent = ConvertFrom-Json -InputObject $tokenResponse.Content
$token = [string]::Concat($tokenContent.token_type, " ", $tokenContent.access_token)
Write-Host "Token received" -ForegroundColor Green

$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add('Authorization', $token.ToString())
$headers.Add('Content-Type','application/json')
$apiUrl =[string]::Concat("https://management.azure.com/subscriptions/$SubscriptionID/resourceGroups/", $resourceGroup,"/providers/Microsoft.Web/sites/", $webapp, "/functions/", $function, "?api-version=2016-08-01")
 
Invoke-RestMethod -Uri $apiUrl -Headers $headers -Method DELETE -ContentType "application/json"

#Check if function exist

$PublishingProfile = (Get-AzureRmWebAppPublishingProfile -ResourceGroupName $resourceGroup -Name $webapp)
 
$user = (Select-Xml -Xml $PublishingProfile -XPath "//publishData/publishProfile[contains(@profileName,'Web Deploy')]/@userName").Node.Value
$pass = (Select-Xml -Xml $PublishingProfile -XPath "//publishData/publishProfile[contains(@profileName,'Web Deploy')]/@userPWD").Node.Value

$pair = "$($user):$($pass)"
$kuduCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))

Write-Host "kuduCreds: $kuduCreds" 
$jwt = Invoke-RestMethod -Uri "https://$webapp.scm.azurewebsites.net/api/functions/admin/token" -Headers @{Authorization=("Basic {0}" -f $kuduCreds)} -Method GET

$Functions = Invoke-RestMethod -Method GET -Headers @{Authorization=("Bearer {0}" -f $jwt)} -Uri "https://$webapp.azurewebsites.net/admin/functions"
$FunctionExist = $Functions | ? {$_.name -eq $function}
if($FunctionExist -eq $null)
{
    Write-Host -ForegroundColor Green "Function $function has been removed!"
}
else{
    Write-Host -ForegroundColor Red "Function $function not removed!"
}

4 thoughts on “Remove function from Azure Function

  1. Hi,

    I’m trying to delete an Azure HTTP Trigger based function and Timer based functions in my Function App(App Service Plan) through PS script, but when I am using the commands as mentioned in your blog, I am getting an error which says as shown below

    “$Invoke-WebRequest : Cannot validate argument on parameter ‘Uri’. The argument
    tokenResponse = Invoke-WebRequest -Uri $tokenEndpoint -Method POST -Body $tokenBody -Headers $tokenHeaders
    PS D:\home> is null or empty. Provide an argument that is not null or empty, and then try
    the command again.
    At line:1 char:41
    + $tokenResponse = Invoke-WebRequest -Uri $tokenEndpoint -Method POST – …
    + ~~~~~~~~~~~~~~
    + CategoryInfo : InvalidData: (:) [Invoke-WebRequest], ParameterB
    indingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.Power
    Shell.Commands.InvokeWebRequestCommand

    Inshort, $tokenEndpoint is not defined anywhere. Am I missing something? Awaiting your reply.

    Thanks,
    SK.

      1. Hi Artur,

        Thanks for your previous response. I did the changes and it worked but I am still stuck on the same line of code.

        I’m getting an error on the same step but this time it’s a different error and I am unable to unable to understand, so need your help on the same.

        I’ve registered an application in Azure AD, and I am using its Application ID, and Secret ID.. I’ve also created a Function App, and inside function app I have an http timer based function. I’m getting an error while generating tokens(see error below).

        “The response content cannot be parsed because the Internet Explorer engine is not available, or Internet Explorer’s first-launch
        configuration is not complete. Specify the UseBasicParsing parameter and try
        again”

        So I edited my Invoke WebRequest to the following
        “$tokenResponse = Invoke-WebRequest -Uri $tokenEndpoint -Method POST -Body $tokenBody -Headers $tokenHeaders -UseBasicParsing”

        Even after adding “-UseBasicParsing”, I still get an error (see below)
        “Invoke-WebRequest : Win32 internal error “The handle is invalid” 0x6 occurred while reading the console output buffer. Contact Microsoft Customer Support Services.”

        And also I want to know whats the use of resource in the below piece of code.

        $tokenBody = [string]::Concat(“grant_type=client_credentials&client_id=”,$contributorId.ToString(), `
        “&client_secret=”, $contributorSecret.ToString(), ` “&resource=https://management.azure.com&scope=openid+offline_access”)

        Do I need to give any permission to Azure AD application?

        Any help on the above mentioned points would be much appreciated.

        Thanks.
        SK

        1. Hi Syed,

          Did you added contributor permission for Azure AD App on resource group on which Azure Function resource is created?

          Regards,
          Artur

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.