Azure function unable to install azure-identity dependencies

Question

Azure function unable to install azure-identity dependencies

Richard Haigh 40

I am attempting to install and azure function using the WEBSITE_RUN_FROM_PACKAGE = <STORAGE_BLOB_URL> approach with a python runtime and linux os to a dedicated subnet so as to eliminate public internet traffic.

the specific required installs are:


import logging

import os

import azure.functions as func

from azure.identity import DefaultAzureCredential, CredentialUnavailableError

from azure.keyvault.secrets import SecretClient

from azure.core.exceptions import ResourceNotFoundError, ClientAuthenticationError

Prior to uploading the function folder in zip format, I isolated the function folder through a virtual environment and install the complete requirements.txt:


azure-functions

azure-identity

azure-keyvault-secrets

pymssql

without error. A subsequent func start confirms this allows local deploy. I use a freeze command to isolate the versions and update my requirements.txt. I then install all of these dependencies and packages locally.

My own python runtime is also 3.10 x64bit.

These are uploaded locally with the --upgrade flag specified.


pip install --target="./.python_packages/lib/site-packages" --upgrade -r requirements.txt

I then upload to blob storage and create the function app in a dedicated subnet with a Microsoft.Storage endpoint.

Despite this, looking at the function monitoring output, the error seems to show that it is still unable to resolve dependencies:


Result: Failure Exception: ImportError: cannot import name 'x509' from 'cryptography.hazmat.bindings._rust' (unknown location). Please check the requirements.txt file for the missing module. For more info, please refer the troubleshooting guide: https://aka.ms/functions-modulenotfound Stack: File "/azure-functions-host/workers/python/3.10/LINUX/X64/azure_functions_worker/dispatcher.py", line 387, in _handle__function_load_request func = loader.load_function( File "/azure-functions-host/workers/python/3.10/LINUX/X64/azure_functions_worker/utils/wrappers.py", line 48, in call raise extend_exception_message(e, message) File "/azure-functions-host/workers/python/3.10/LINUX/X64/azure_functions_worker/utils/wrappers.py", line 44, in call return func(*args, **kwargs) File "/azure-functions-host/workers/python/3.10/LINUX/X64/azure_functions_worker/loader.py", line 194, in load_function mod = importlib.import_module(fullmodname) File "/usr/local/lib/python3.10/importlib/__init__.py", line 126, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "<frozen importlib._bootstrap>", line 1050, in _gcd_import File "<frozen importlib._bootstrap>", line 1027, in _find_and_load File "<frozen importlib._bootstrap>", line 1006, in _find_and_load_unlocked File "<frozen importlib._bootstrap>", line 688, in _load_unlocked File "<frozen importlib._bootstrap_external>", line 883, in exec_module File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed File "/home/site/wwwroot/function_folder/__init__.py", line 4, in <module> from azure.identity import DefaultAzureCredential, CredentialUnavailableError File "/home/site/wwwroot/.python_packages/lib/site-packages/azure/identity/__init__.py", line 10, in <module> from ._credentials import ( File "/home/site/wwwroot/.python_packages/lib/site-packages/azure/identity/_credentials/__init__.py", line 5, in <module> from .authorization_code import AuthorizationCodeCredential File "/home/site/wwwroot/.python_packages/lib/site-packages/azure/identity/_credentials/authorization_code.py", line 9, in <module> from .._internal.aad_client import AadClient File "/home/site/wwwroot/.python_packages/lib/site-packages/azure/identity/_internal/__init__.py", line 5, in <module> from .aad_client import AadClient File "/home/site/wwwroot/.python_packages/lib/site-packages/azure/identity/_internal/aad_client.py", line 11, in <module> from .aad_client_base import AadClientBase File "/home/site/wwwroot/.python_packages/lib/site-packages/azure/identity/_internal/aad_client_base.py", line 20, in <module> from .aadclient_certificate import AadClientCertificate File "/home/site/wwwroot/.python_packages/lib/site-packages/azure/identity/_internal/aadclient_certificate.py", line 7, in <module> from cryptography import x509 File "/home/site/wwwroot/.python_packages/lib/site-packages/cryptography/x509/__init__.py", line 7, in <module> from cryptography.x509 import certificate_transparency File "/home/site/wwwroot/.python_packages/lib/site-packages/cryptography/x509/certificate_transparency.py", line 11, in <module> from cryptography.hazmat.bindings._rust import x509 as rust_x509

My question is, is this a x509' from 'cryptography.hazmat.bindings._rust dependency specific error that others have encountered and resolved or is there a different approach that must be taken when deploying a function to an azure function app, contrary to documentation? I have downloaded the compressed folder ploaded to blob storage and everything is in the correct location. The host.json is valid and recognised. The python_packages folder is correctly uploaded and I can see the x509 package present.

Note that the specific error message is:


Result: Failure Exception: ImportError: cannot import name 'x509' from 'cryptography.hazmat.bindings._rust'

Additional application settings have been configured to facilitate a python runtime:


SCM_DO_BUILD_DURING_DEPLOYMENT = true

ENABLE_ORYX_BUILD = true

FUNCTIONS_WORKER_RUNTIME = "python"

note that as VNet integration is required, this is on a service plan of Basic, rather than consumption. Python runtime and Linux OS using function runtime 4.~

I have tried literally moving to the wwwroot directory in kudu ssh and installing the cryptography package and the error remains unchanged.

Answer 1

MikeUrnun 8,326

Hello @Richard Haigh - Thanks for creating a well-formatted post, and reaching out to us on MS Q&A.

When installing the dependencies locally prior to zipping up the deployment package, what is the Operating System you're running on? It's possible that the installed dependencies may be incompatible with the Linux OS which has been the case with other customers who hit the particular error message in the past.

Also, I notice that you have the Remote Build settings set to true but you probably don't need them since you're opting to build locally first, and serving the app with the WEBSITE_RUN_FROM_PACKAGE = <STORAGE_BLOB_URL> setting on Azure.

In addition, getting Python dependencies installed correctly can be quite tricky so the following resources may be of help:

Please "Accept Answer" if the answer is helpful so that others in the community may benefit from your experience.

Richard Haigh 40 Reputation points

2023-11-15T08:18:22.2833333+00:00
Hi Mike, thank you for reaching out.

Yes I realised that after further research and changed my settings to specifically set SCM_DO_BUILD_DURING_DEPLOYMENT and ENABLE_ORYX_BUILD- to false without any success. Adding in PYTHON_ISOLATE_WORKER_DEPENDENCIES =1 has also failed to resolve the issue. For simplicity, my application settings are:

app_settings = { FUNCTIONS_WORKER_RUNTIME = "python" WEBSITE_RUN_FROM_PACKAGE = "${azurerm_storage_blob.function_code.url}${data.azurerm_storage_account_sas.sas_token.sas}" SCM_DO_BUILD_DURING_DEPLOYMENT = false ENABLE_ORYX_BUILD = false "APPINSIGHTS_INSTRUMENTATIONKEY" = azurerm_application_insights.arc_function_insights.instrumentation_key "AzureWebJobsTraceLevel" = "Information" PYTHON_ISOLATE_WORKER_DEPENDENCIES = 1 PYTHON_ENABLE_DEBUG_LOGGING = 1 }

I am working in a Python 3.10 x64 runtime on a windows system.

I am attempting to install on an Azure 4.~ function runtime with a Linux OS.

I thought this OS difference may be the issue but moving to the function runtime in the Kudu SSH and uninstalling then reinstalling the packages does not resolve the issue.

USING WEBSITE_RUN_FROM_PACKAGE = "1"

In an attempt to resolve this, I have also tried:

Creating a local .venv in function folder

Ssetting application settings for WEBSITE_RUN_FROM_PACKAGE = "1" and SCM_DO_BUILD_DURING_DEPLOYMENT = false

installing requirements.txt

compressing and archiving into zip folder

uploading with local exec

The error is the same.
MikeUrnun 8,326 Reputation points

2023-11-16T04:00:21.18+00:00
Thanks for addl' info above, @Richard Haigh . Before ruling out the OS difference completely (which I'm still convinced might be the root cause), could you verify the following for us to be sure?

When using Kudu SSH, were you building the dependencies on the same Linux filesystem, creating a zip, and pointing the server to the correct package via packagename.txt file?

Has the Remote Build with its relevant App Settings been attempted?

Answer 2

Mike

I found the solution. The issue was the use of a deprecated terraform resource. Since the Terraform split of replacing a the azurerm_function_app with a windows and linux version, the need is now to specify a linux app resource using the build on deployment setting.

Note that the WEBSITE_RUN_FROM_PACKAGE in this particular scenario needs to be removed and you instead use build during deployment with the zip_deploy_file argument for success. Complete code in case anyone faces a similar issue:

resource "azurerm_linux_function_app" "function" {
  name                        = var.app_name
  resource_group_name         = data.azurerm_resource_group.arc_resource_group.name
  location                    = data.azurerm_resource_group.arc_resource_group.location
  service_plan_id             = azurerm_service_plan.app_service_plan.id
  storage_account_name        = var.storage_account_name
  storage_account_access_key  = var.storage_account_access_key
  https_only                  = var.https_only
  functions_extension_version = var.functions_extension_version
  app_settings = {
    "ENABLE_ORYX_BUILD"              = var.enable_oryx_build
    "SCM_DO_BUILD_DURING_DEPLOYMENT" = var.scm_do_build_during_deployment
    "FUNCTIONS_WORKER_RUNTIME"       = "python"
    "AzureWebJobsFeatureFlags"       = "EnableWorkerIndexing"
    "APPINSIGHTS_INSTRUMENTATIONKEY" = azurerm_application_insights.arc_function_insights.instrumentation_key
    "KEY_VAULT_URL" = var.key_vault_name
  }

  site_config {
    application_stack {
      python_version = var.python_version
    }
    always_on = var.always_on
  }

  identity {
    type = "SystemAssigned"
  }

  zip_deploy_file = data.archive_file.function_code.output_path

  depends_on = [data.archive_file.function_code]
}

MikeUrnun 8,326 Reputation points

2023-11-16T22:38:17.4233333+00:00

Glad to hear it, @Richard Haigh ! Thanks for sharing details on the root cause & the resolution:

Azure function unable to install azure-identity dependencies

2 answers

Activity