Share via

How to link Service Queue Function App in ADF

Rajamannar A K 86 Reputation points
2021-12-22T13:42:52.863+00:00

How can I add an Azure Service queue function activity in the ADF. I'm getting this error only for Service Bus - Function App and not for the one based onHTTP triger.

error msg: 

   There was an error while calling endpoint with error message - 'Failed to get MI access token. The error message is: Acquire MI token from AAD failed. ErrorCode: invalid_resource, Message: AADSTS500011: The resource principal named https://dbxfuncapp.azurewebsites.net was not found in the tenant named *******.'

But the function app is returning response while triggered via Service Bus, but I get this when I hit the debug option in pipeline.

I have attached the Settings for linking the Function app here.

159630-adf-settings.png

this is the link app settings

159756-link-the-function.png

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. ラ セイ 6 Reputation points
    2021-12-24T03:14:22.693+00:00

    I solve it.

    The reason is that the system administrator gave me wrong AAD role. My AAD role should be AAD Global Administrator but the administrator gave me AAD Global Viewer.
    And my functions using private links to prevent outbound access. And I created a managed private endpoint in ADF, but cause I am only a viewer, this endpoint doesn't obtain permissions to access fqDNS setting in another private endpoint.

    And that fqDNS is https://******.azurewebsites.net

    To solve it, you need to remove maneged private endpoint, obtain correct role and create it again.

    0 comments
  2. Saurabh Sharma 23,866 Reputation points Microsoft Employee Moderator
    2021-12-28T22:11:06.797+00:00

    Hi @Rajamannar A K ,

    You normally get this error as you need to pass ResourceId when using Managed Identity for Authentication. In order to get the ResourceID you need to follow the below steups -

    1. Add "Microsoft" as an Identity provider in your Azure Function under Authentication blade as shown below to register your Azure Function in Azure Active Directory
      161021-image.png
      161031-image.png
      You can create either create a new app registration or use an existing app registration in the directory.
    2. Once App Service Authentication is enabled you will be getting a ClientId/Application Id under the same Authentication blade.
      160930-image.png
    3. You need to take the above created Application Id and pass as Resource ID in your Azure Function linked service like below
      161004-image.png
      You should be then able to execute the function like below
      161014-image.png

    The above results are based on HTTP based trigger as I believe this is the only supported one in Azure Data Factory.
    Please let me know if you have any questions.
    But can you please elaborate why you need an Azure Service Bus queue trigger function as this function is invoked only when a queue or a topic is created?

    Thanks
    Saurabh

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.