I have been trying our this example - trying to run fbprophet within Adx as documented here :
https://learn.microsoft.com/en-us/azure/data-explorer/kusto/functions-library/series-fbprophet-forecast-fl?tabs=query-defined&pivots=azuredataexplorer
We are not allowed to use SAS keys to connect different components, and have to rely on managed identities
So I proceeded as follows :
- enabled the python plugin (3.6.5) on the cluster
- created a blob storage account & uploaded the fbprophet zip file
- changed the function to use the storage account see below)
- Gave the ADX system managed identity access to the storage account (blob storage contributor)
| evaluate python(typeof(*), code, kwargs,
external_artifacts=bag_pack('fbprophet.zip', 'https://<mystorageaccountname>.blob.core.windows.net/fbprophet/fbprophet-0.7.1.zip'))
- Added a callout policy for the managed identity - query in kusto
.alter-merge database db policy managed_identity ```
[
{
"ObjectId": "<managed identity of the Adx cluster>",
"AllowedUsages": "SandboxArtifacts"
}
]
- I also have the following callout policy
```javascript
{
"CalloutType": "sandbox_artifacts",
"CalloutUriRegex": "<mystorageaccountname>\\.blob\\.core\\.windows\\.net/fbprophet/",
"CanCall": true
},
When I try to run the forecasting algorithm, I get the following error :
Details=Access to persistent storage path 'https://<mystorageaccountname>.blob.core.windows.net/fbprophet/fbprophet-0.7.1.zip' was denied (operation 'BlobPersistentStorageFile.DownloadToFileAsync')
Any ideas if something is still missing ?