Replacing connection string to managed Identity for azure blob trigger > Azure function app from VS to azure portal
I have performed the following
- Created a simple azure blob triggered function app in visual studio with default setup
- Publish into Azure portal and the trigger is set to a different azure blob location
Requirement is to Relplace azure blob connection string with function app Managed identity
- I followed this blog which mentions simple setup but in my case the connection string is a different one so I am not sure if this work
Can you please help to identify
- Steps to follow in order to replace with managed identity in Visual studio for this case
- Versions of function app and azure blob supports managed identity
I also found this blog which resonates the requirement however I am not sure how to perform this in VS and sync to azure portal for my current function app
thanks
I successfully ran the Blob trigger function locally and in the Azure Function App using DefaultAzureCredentials and Managed Identity.
As mentioned in this MS DOC.
The Blob Trigger manages failures after multiple retries by writing poison blobs to a queue. When using the
serviceUriformat, theAzureWebJobsStorageconnection is required.If
blobServiceUriis specified, you must also include thequeueServiceUriin thelocal.settings.json.You can use the Blob and Queue service URIs in place of the connection string in the local environment (e.g., Visual Studio).
local.settings.sjon :
{
"IsEncrypted": false,
"Values": {
"AzureWebJobsStorage": "UseDevelopmentStorage=true",
"FUNCTIONS_WORKER_RUNTIME": "dotnet-isolated",
"BlobConnection__blobServiceUri": "https://<storagename>.blob.core.windows.net/",
"BlobConnection__queueServiceUri": "https://<storagename>.queue.core.windows.net/"
}
}
Function1.cs :
using Microsoft.Azure.Functions.Worker;
using Microsoft.Extensions.Logging;
namespace FunctionApp4
{
public class Function1
{
private readonly ILogger<Function1> _logger;
public Function1(ILogger<Function1> logger)
{
_logger = logger;
}
[Function(nameof(Function1))]
public async Task Run([BlobTrigger("kamcontainer/{name}", Connection = "BlobConnection")] Stream stream, string name)
{
using var blobStreamReader = new StreamReader(stream);
var content = await blobStreamReader.ReadToEndAsync();
_logger.LogInformation($"C# Blob trigger function Processed blob\n Name: {name} \n Data: {content}");
}
}
Program.cs :
using Microsoft.Azure.Functions.Worker.Builder;
using Microsoft.Extensions.Hosting;
var builder = FunctionsApplication.CreateBuilder(args);
builder.ConfigureFunctionsWebApplication();
builder.Build().Run();
I have created a Service principle in Azure AD and added the clientID, clientSecret and TenantID to the System Environment Variables to run the function using DefaultAzureCredentials as shown below.
Add below to your System Environment Variables :
AZURE_CLIENT_ID = <clientID>
AZURE_CLIENT_SECRET = <clientSecret>
AZURE_TENANT_ID = <TenantID>
I have Enabled the Manged Identity in the Azure Function App as shown below.
I have assigned the Storage Blob Data Owner role to the Service Principal and the Storage Blob Data Contributor role to the Function App under Access Control (IAM) in the Storage account, as shown below.
Local Output :
I started running the Blob trigger function and upload a file in the Blob storage as shown below.
The Blob Trigger function ran successfully and retrieved the blob details, as shown below.
I have updated the below in the function app > Environment Variables > App settings and published the Blob trigger function to the Azure Function App, as shown below.
"BlobConnection__blobServiceUri": "https://<storagename>.blob.core.windows.net/",
"BlobConnection__queueServiceUri": "https://<storagename>.queue.core.windows.net/"
Azure Function App Output :
I successfully ran the Blob Trigger function in the Azure Function App and retrived the blob details, as shown below.
- Why does an empty preprocessor command still evaluate to something?
- How to implement variable sized array within C struct
- Character array typecasting to integer
- How can I exclude non-numeric keys? CS50 Caesar Pset2
- How to get the sign, mantissa and exponent of a floating point number
- Why do MCU libraries use logic operations instead of bitfield structs?
- What kind of implementation can I use for a static associative array on a vintage system with very limited resources?
- Determine libraries to link against for a windows library function?
- Passing macro values to arm linker that places variable at a specific location
- running a program with wildcards as arguments
- How to perform addition of two vectors of 8-bit integers with a single addition in C/C++
- GNU RISC-V Embedded GCC throws "x ISA extension `xw' must be set with the versions" error
- Counting pulses using a swiss flow meter with an Arduino, how is it done?
- How to create a folder in C (need to run on both Linux and Windows)
- Is there any way to compute the width of an integer type at compile-time?
- How can I initialize all members of an array to the same value?
- Is C notably faster than C++
- How to get the Windows SDK version number a program is compiling with at compile time
- Confused by difference between expression inside if and expression outside if
- Equivalent of atoi for unsigned integers
- k&r: Exercise 1-18. Program takes input but doesnt produce any output?
- Using in C thrd_sleep() to either wait for time or interrupt by signal. Example?
- How can I compute `exp(x)/2` when `x` is large?
- c programming: answer always equates to 0
- Is it possible to access a parameter of a function from another function in C?
- Will this expression evaluate to true or false (1 or 0) in C?
- What Is the Return Value of strcspn() When Str1 Does not Contain Str2?
- Mapping a numeric range onto another
- Signalled and non-signalled state of event
- Why is faster to do a branch than a lookup?