Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

System managed Identity for "AzureWebJobsStorage__accountName" not working as expected. Throwing permission error #10050

Open
eddynaka opened this issue Apr 22, 2024 · 6 comments
Open

System managed Identity for "AzureWebJobsStorage__accountName" not working as expected. Throwing permission error #10050

eddynaka opened this issue Apr 22, 2024 · 6 comments
Assignees
@bhagyshricompany
Labels
Needs: Attention 👋

Comments

@eddynaka
Copy link

Hello,

I'm trying to change the azure function v4 using C#/.NET 6 to use managed identity to connect into the AzureWebJobsStorage. Following this guideline:
https://learn.microsoft.com/en-us/azure/azure-functions/functions-reference?tabs=blob&pivots=programming-language-csharp#connecting-to-host-storage-with-an-identity, I added/updated the identity permissions and, then, I'm disabling the keys from the azure storage to test that it is really using MSI.

When I disable it, it shows the following error:
image

When I click in details, no data is shown.

Can you help me?
@ltdu
Copy link

ltdu commented Apr 23, 2024

I assume you are using Consumption plan for your Function. If so, you need Azure File Share, which is configured with WEBSITE_CONTENTAZUREFILECONNECTIONSTRING. However, File Share does not support managed identities and you cannot disable keys on storage account:

https://learn.microsoft.com/en-us/azure/azure-functions/functions-app-settings#website_contentazurefileconnectionstring

This setting is required for Consumption and Elastic Premium plan apps running on both Windows and Linux. It's not required for Dedicated plan apps, which aren't dynamically scaled by Functions.

Changing or removing this setting can cause your function app to not start. To learn more, see this troubleshooting article.

Azure Files doesn't support using managed identity when accessing the file share. For more information, see Azure Files supported authentication scenarios.

@bhagyshricompany bhagyshricompany self-assigned this Apr 23, 2024
@bhagyshricompany
Copy link

Thanks for reporting.please check you dedicated plan then it should support or not. as per doc.

@eddynaka
Copy link
Author

Hello @ltdu @bhagyshricompany ,

How do I confirm what plan do I use?
I created the resource some time ago and I'm not sure about it.

Also, if I'm using Consumption plan, will be support in the future for Azure File Share using MSI?

@watfordsuzy
Copy link

@bhagyshricompany when will this be fixed?

@zenmiao7
Copy link

@ltdu @bhagyshricompany How about premium plan Azure function?

@bhagyshricompany
Copy link

please open it on azure portal this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bhagyshricompany bhagyshricompany

Labels
Needs: Attention 👋
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@zenmiao7 @eddynaka @ltdu @watfordsuzy @bhagyshricompany