AzureFunctionApp - doesn't work when retrieving package with managed identity #17020
Comments
github-actions
bot
added
Area: Release
bug
environment:need-to-triage
|
Hello, @hbuckle in this scenario can you help clarify a few points? Are you deploying to Windows or Linux? Are you deploying to Consumption, Dedicated or the Functions Premium plan? I will investigate and come back to this thread? |
|
@hbuckle Please confirm if your app is on Linux Consumption plan? |
|
@patelchandni I'd need to go back and find the original code, but I'm pretty sure this will apply to any function type that uses managed identity to access storage, as the AzureWebJobsStorage setting that this task looks for is absent |
|
@hbuckle Looks like you are using a Linux Consumption plan, because only that plan needs direct access to storage for deployment. When you enable identity-based connections for AzureWebJobsStorage in Linux Consumption, you will need to deploy via an external deployment package. This task does not support deployments to Linux Consumption plan with managed identity. You can choose one of the following options:
|
|
@patelchandni - the point of raising this issue is that the task should support using managed identity. |
|
Any updates on this? My organization needs this task to support managed identities as well |
|
Hello, we're still discussing how to manage this. As @patelchandni pointed out for Linux Consumption we need direct access to storage and if AzureWebJobsStorage_accountname is the only thing that's specified we would not be able to deploy to Linux Consumption apps. @ReySka91 what's your scenario? If you can provide more information that would be great. |
|
Why would you need anything more than the storage account name? |
|
@FinVamp1. This was actually an issue on our side. We had our app service plan as 'Windows' and our function app as 'Linux'. We changed the function app to 'Windows', and the issue was resolved. |
|
This issue is stale because it has been open for 180 days with no activity. Remove the stale label or comment on the issue otherwise this will be closed in 5 days |
|
Clearly not stale |
FinVamp1
added
FunctionsTaskBacklog
and removed
environment:need-to-triage
|
Just ran into this for the first time while moving to managed identity as part of a .net 8 update. Is this referenced in the docs at all so architects can plan? Need to go back and reset some terraform to make this work now. Managed Identity. |
|
Triaged and we will investigate further. |
Required Information
Entering this information will route you directly to the right team and expedite traction.
Question, Bug, or Feature?
Type: bug
Enter Task Name: AzureFunctionApp@1
list here (V# not needed):
https://github.com/Microsoft/azure-pipelines-tasks/tree/master/Tasks
Environment
Azure Pipelines
Agent - Hosted
Issue Description
When using run from package you can use the function managed identity instead of generating a SAS token
https://learn.microsoft.com/en-us/azure/azure-functions/functions-identity-based-connections-tutorial#use-managed-identity-for-azurewebjobsstorage-preview
https://learn.microsoft.com/en-us/azure/azure-functions/run-functions-from-deployment-package#fetch-a-package-from-azure-blob-storage-using-a-managed-identity
In this case the
AzureWebJobsStorageapp setting is not present, which causes the task to failThe task should also look for the
AzureWebJobsStorage__accountNamesetting and use that if presentTask logs
Error: Unable to find the storage account associated with the function app.
The text was updated successfully, but these errors were encountered: