Search code examples
azurefunctionazure-data-exploreringestadx

Kusto data ingestion from an Azure Function App ends with a 403

I try to ingest data from azure function app into a ADX database. I followed the instruction found in the the article here.

The difference is, I'd like to insert data into the table. I struggle with a 403 error "Principal 'aadapp=;' is not authorized to access table"

What I did: I have created a AAD App with the following API permissions: AAD App configured permission

I configured the database via Kusto Explorer:

.add database myDB ingestors ('aadapp=;') 'theAADAppname'

.add table PressureRecords ingestors ('aadapp=;') 'theAADAppname'

.add table TemperatureRecords ingestors ('aadapp=;') 'theAADAppname'

My code:

 var kcsbDM = new KustoConnectionStringBuilder($"https://ingest-{serviceNameAndRegion}.kusto.windows.net:443/").WithAadApplicationKeyAuthentication(
            applicationClientId: "<my AD app Id>",
            applicationKey: "<my App Secret from Certificates & secrets>",
            authority: "<my tenant Id>");

        using (var ingestClient = KustoIngestFactory.CreateQueuedIngestClient(kcsbDM))
        {

            var ingestProps = new KustoQueuedIngestionProperties(databaseName, tableName);
            ingestProps.ReportLevel = IngestionReportLevel.FailuresAndSuccesses;
            ingestProps.ReportMethod = IngestionReportMethod.Queue;
            ingestProps.JSONMappingReference = mappingName;
            ingestProps.Format = DataSourceFormat.json;

            using (var memStream = new MemoryStream())
            using (var writer = new StreamWriter(memStream))
            {
                var messageString = JsonConvert.SerializeObject(myObject); // maps to the table / mapping 
                writer.WriteLine(messageString);
                writer.Flush();
                memStream.Seek(0, SeekOrigin.Begin);

                // Post ingestion message
                ingestClient.IngestFromStream(memStream, ingestProps, leaveOpen: true);
            }
Solution

  • Update: the issue is fixed in the system and now it works as expected.

    Avnera thanks for your hint, potential it is an issue because of the Real vs double translation. In one of my first try I used double in the table and that worked. That is not longer possible, looks the supported data types changed.

    My current configuration:

    .create table PressureRecords ( Timestamp:datetime, DeviceId:guid, Pressure:real )

.create-or-alter table PressureRecords ingestion json mapping "PressureRecords"
'['
'{"column":"TimeStamp","path":"$.DateTime","datatype":"datetime","transform":null},'
'{"column":"DeviceId","path":"$.DeviceId","datatype":"guid","transform":null},'
'{"column":"Pressure","path":"$.Pressure","datatype":"real","transform":null}'
']'

public class PressureRecord
{
    [JsonProperty(PropertyName = "Pressure")]
    public double Pressure { get; set; }
    [JsonProperty(PropertyName = "DateTime")]
    public DateTime DateTime { get; set; } = DateTime.Now;
    [JsonProperty(PropertyName = "DeviceId")]
    [Key]
    public Guid DeviceId { get; set; }
}