-
Notifications
You must be signed in to change notification settings - Fork 188
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Storage issue with managed identity for AzureWebJobsStorage #2189
Comments
Just came across this answer after creating the issue. @mattchenderson do you know when Azure Files will support managed identity so that AzureWebJobsStorage__accountName will be enough? I don't want to be rude, but it seems to me that without that the promise of removing secrets from the configuration of Function App running on Windows with the Consumption Plan is not fulfilled. That's a bit disappointing. I was also wondering about the Storage Account Contributor role you mentioned that was needed. My Function seems to work fine just with the Storage Blob Owner Role. So I was wondering is the contributor role was still needed. |
Hi @mattchenderson Do you have any inputs on this? |
Hi @TechWatching Are you still facing this issue? |
I am still facing this issue yes. The answer I linked above explains why it's a problem. I don't know if anything has been implemented or when it will be implemented to make everything work. |
Hi @TechWatching Please refer the issue #2244 and let us know if it helped? Thanks. |
This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment. |
@Ved2806 It does not. The issue you mentioned is about localsettings.json. My issue is with the portal : The problem is already mentioned in a comment of this closed issue. From my understanding, the |
@TechWatching The Azure Files team would be best equipped to field that request. https://feedback.azure.com is probably the best place - I thought an item for that existed there already but am having trouble finding it at the moment. We have requested this of them internally as well. My recommendation in general is to keep Azure Files on function apps if you need it / are concerned about the scaling impact mentioned there, but at least manage that value within Key Vault. That moves the secret away from the function app configuration at the very least. Regarding the Storage Account Contributor, that should only be needed if you are using a blob trigger, I believe. The account metadata needs to be read to handle the $logs collection used for managing the trigger state. |
Hi @TechWatching, Does this answered your question? Can we close it as resolved? |
This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment. |
(There is no way to open an issue on https://github.com/azure/azure-functions-ux, "issues tab" is not enabled. That is why I create this issue here.)
When using managed identity for AzureWebJobsStorage, there is a warning on the portal indicating the storage is not configured properly.
I guess the portal checks that there is the
AzureWebJobsStorage
setting in the Function configuration. But with managed identity enabled, the setting used isAzureWebJobsStorage__accountName
.This warning makes us think something is wrong even if everything works perfectly. It should check that one of the 2 settings is set instead.
The text was updated successfully, but these errors were encountered: