Forum Discussion
Function App access restrictions preventing ADO cloud Pipeline to Government tenant from succeeding
Hi there,
I'm running into an access restrictions issue with Function App on our Gov tenant thats preventing the deployment from succeeding from our commercial cloud ADO.
It seems that ADO cloud and / or the agents IP's need to be defined in the function app access restrictions, but unclear where to gather that IP info, or add an additional task on the release side. I read some other forums that reflected that noted the AgentCloud service tag should suffice, however that doesn't work either. Our service connection deploys app service code to the same RG the function app resides in just fine.
Any feedback how solve this issue is greatly appreciated.
2 Replies
You can also use Azure Managed DevOps Pools with a NAT Gateway and your own public IP address that can be whitelisted.
How about this leverage dynamically retrieve the ADO agent's public IP during the pipeline run and temporarily allow it in the Function App's access restrictions:
1. Add a task in your pipeline to get the agent IP:
agentIP=$(curl -s https://api.ipify.org/)2. Use Azure CLI to add the IP to access restrictions:
az functionapp config access-restriction add \ --resource-group <your-rg> \ --name <your-function-app> \ --rule-name "ADOAgentTempAccess" \ --action Allow \ --ip-address $agentIP \ --priority 2003. Deploy your Function App.
4. Remove the IP after deployment:
az functionapp config access-restriction remove \ --resource-group <your-rg> \ --name <your-function-app> \ --rule-name "ADOAgentTempAccess"
