Is there a way to deploy Azure Function App from Visual Studio Code using Active Directory authorization not Access Keys?

Makoto Oda 291 Reputation points
2023-02-07T05:28:29.96+00:00

I want to deploy Azure Function App from Visual Studio Code using Active Directory authorization not Access Keys.

Our team have configured a Azure Storage account as follows:

  • Settings
    • Configuration
      Item Setting
      Account kind StorageV2 (general purpose v2)
      Performance Standard
      Secure transfer required Enabled
      Allow Blob public access Disabled
      Allow storage account key access Disabled
      Allow recommended upper limit for shared access signature (SAS) expiry interval Disabled
      Default to Azure Active Directory authorization in the Azure portal Enabled
      Minimum TLS version Version 1.2
      Permitted scope for copy operations (preview) From any storage account
      Blob access tier (default) Hot
      Large file shares Disabled

In the Access Control (IAM) - Role assignments, the Function App is assigned properly.

In the Function App - Settings - Configuration, we have removed AzureWebJobsStorage, and we have added AzureWebJobsStorage__accountName instead.

In the above situation, when we try to deploy the Function App from Visual Studio Code, the prompt to select Storage account appears. If we select a Storage account on the prompt, AzureWebJobsStorage seems to be created automatically and we fail to deploy.

When we delete AzureWebJobsStorage, and deploy using Publish-AzWebapp (Azure Powershell cmdlet), the deploy succeeds.

Is there a way to deploy Azure Function App from Visual Studio Code using Active Directory authorization not Access Keys?

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,263 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,687 questions
0 comments
Accepted answer
  1. MuthuKumaranMurugaachari-MSFT 22,141 Reputation points
    2023-02-09T22:35:37.3366667+00:00

    Makoto Oda Thank you for posting your question in Microsoft Q&A. Based on my understanding, you are following doc: Use managed identity for AzureWebJobsStorage (Preview) and have set up Managed Identity successfully with AzureWebJobsStorage__accountName but facing the issue when performing the deployment from VS code (since it expects AzureWebJobsStorage).

    Unfortunately, Remote build using Managed Identity is not supported yet and please check thread: Support publish when using ManagedIdentity for AzureWebJobsStorage and Run From Package = 1 for updates regarding this implementation (not just for VS Code, it is applicable to other deployments like CLI #25375 as well). For any feedback on this feature, feel free to add a comment on GitHub thread directly with our product team.

    The workaround depends on the stack you are using for Azure Functions and here are some steps involved:

    1. Build the app and Zip it locally.
      • MSBuild for .NET
      • Pip install for Python
      • NPM install for Node.
    2. Upload the Zip to Storage
    3. Generate a SAS Token
      1. Both of these steps are covered in Run your functions from a package file in Azure | Microsoft Learn
    4. Take the URL from step 3 and enable the Application Setting WEBSITE_RUN_FROM_PACKAGE = {URL}
    5. Now you application will be running from URL.

    I hope this helps with your question and let me know if you have any other questions. Would be happy to answer them. Please accept as "Yes" if the answer is helpful, so that it can help others in the community.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest