Github deploy code Fails where Func app in Vnet - auth error using OIDC
Regarding section Deploy a Service Bus trigger and HTTP trigger I get auth error IP Forbidden to to deploy the code via github. Since both storage and func app are behind private end points is github expected to successfully be authorized even with a managed identity since it's outside the vnet?
Func app settings:
I confirm github repo yml file has the correct secrets, both attempted automatically generated and manually entered.
I am using a service principal federated credentials for deployment with RBAC storage and website contributor roles assigned at resource group level.
Thrown error at deployment:
Error: Failed to deploy web package to App Service.
Error: Execution Exception (state: PublishContent) (step: Invocation)
Error: When request Azure resource at PublishContent, zipDeploy : Failed to use /home/runner/work/_temp/temp_web_package_045189892229569706.zip as ZipDeploy content
Error: Failed to deploy web package to App Service.
Ip Forbidden (CODE: 403)
Suggested alternative zip deploy also fails because it is outside the vnet. Unfortunately I do not have the flexibility to setup my own self-hosted github.
To deploy a function to Azure function functionapp which is configured with Private endpoints, you need add the below application settings in the function app.
WEBSITE_DNS_SERVER=168.63.129.16
WEBSITE_VNET_ROUTE_ALL=1
WEBSITE_CONTENTOVERVNET=1
To resolve the 403 forbidden error, selectEnable from selected virtual networks and IP addresses in the Function app=>Networking and add a rule to enable vnet access.
- I have deployed the function to Azure:
References:
Function App Deployment Failed - The remote server returned an error: (403) Forbidden
- Azure Service Plan - Convert Consumption App to Premium App
- Azure Blob:- How to automate Azure Archive Storage to Cool/Hot tier conversion, send download link once it's avaible , and re-archive after 72 hours?
- .NET 8 (isolated worker model) PUT/POST methods have null body
- logs not appearing in Application Insights for Azure Functions v4 with .NET 8
- Azure Function App - frequent hang and deadlocks
- Azure function fails Value cannot be null. Parameter name: value
- Using Google.Cloud.BigQuery.V2 API in Azure Functions
- Azure Functions no job found (python)
- Is it possible to read File from same folder where Azure function exists
- port 7071 is unavailable. Close the process using that port, or specify another port using --port [-p]
- azure function app (python) - How to check package versions in function app
- Azure Function on consumption plan cold start can be up to 30 minutes
- No job functions found. Try making your job classes and methods public
- Is GetConnectionStringOrSetting deprecated? What is the best replacement?
- Array properties not mapped/deserialized when deserializing JSON
- Exception: AttributeError: Anonymous when starting a basic function app
- EventHubTrigger C# with eventData object does not work
- How can you set the MessageId of a service bus message using the Azure Functions output binding and IAsyncCollector?
- Unit test Azure Event Hub Trigger (Azure Function)
- Starting Azurite when debugging (F5) Azure Functions with VS Code
- How to create zip from multiple azure blob files?
- Azure Durable Functions v4 HTTP Trigger Request Object Different from v3
- If blob storage container is private will azure functions need to use sas tokens to access?
- Format of the initialization string does not conform to specification starting at index 0 in Azure Functions Application
- Some Azure function logs are missing from Application Insights
- Azure Functions not accepting an url-encoded value as a query parameter?
- How can I configure ENV values from task AzureFunctionApp in ADO pipeline?
- 403 Forbidden when deploying a NodeJS Function App
- Testing manually a Time Triggered Function App in the Azure Portal fails
- "Azure Function" with Docker image is not working for "Azure Cosmos DB trigger"