azure-functions-host icon indicating copy to clipboard operation
azure-functions-host copied to clipboard
verified publisher icon Azure

Host unable to write diagnostics events to table storage if app is configured with managed identity

Open nzthiago opened this issue 1 year ago • 2 comments

I had a function app that triggers from Service Bus. The app has service identity configured and the app and has the following role assignments: Storage Blob Data Owner Storage Table Data Contributor Azure Service Bus Data Owner Everything seems to work fine and the app successfully processes messages from Service Bus using identity but looking at the FunctionsLogs for the app I see a lot of entries with "Unable to get table reference. Aborting write operation" and "Azure Storage connection string is empty or invalid. Unable to write diagnostic events." exceptions in logs.

This could be is due to the WebHost expecting only a connection string to write to table storage and not checking for identity-based connections. Worried this could happen for any app that has storage diagnostics settings on. https://github.com/Azure/azure-functions-host/src/WebJobs.Script.WebHost/Diagnostics/DiagnosticEventTableStorageRepository.cs#L64

nzthiago avatar May 14 '24 20:05 nzthiago

@fabiocav - please triage - tracking this for FlexConsumption GA

pragnagopa avatar Jun 24 '24 11:06 pragnagopa

Causes noise in the logs; Affects all SKUs. P1

pragnagopa avatar Jun 27 '24 05:06 pragnagopa

This is related to https://github.com/Azure/azure-functions-host/issues/9569 - the resolution here could be to properly converge on the shared services and fully remove the conditional check and log statement here.

mattchenderson avatar Aug 02 '24 00:08 mattchenderson

Was this closed because it's a dupe of #9569 ?

nzthiago avatar Aug 20 '24 23:08 nzthiago

I had a function app that triggers from Service Bus. The app has service identity configured and the app and has the following role assignments: Storage Blob Data Owner Storage Table Data Contributor Azure Service Bus Data Owner Everything seems to work fine and the app successfully processes messages from Service Bus using identity but looking at the FunctionsLogs for the app I see a lot of entries with "Unable to get table reference. Aborting write operation" and "Azure Storage connection string is empty or invalid. Unable to write diagnostic events." exceptions in logs.

This could be is due to the WebHost expecting only a connection string to write to table storage and not checking for identity-based connections. Worried this could happen for any app that has storage diagnostics settings on. https://github.com/Azure/azure-functions-host/src/WebJobs.Script.WebHost/Diagnostics/DiagnosticEventTableStorageRepository.cs#L64

@nzthiago - good day. I have an Azure Function app with the same issue. Did you manage to resolve this and if so how?

Image

Red1971 avatar Dec 05 '24 08:12 Red1971

This was a duplicate of #9569, which should have addressed this problem. @mattchenderson FYI.

nzthiago avatar Dec 05 '24 17:12 nzthiago