This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 26%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
Hi Team,
We are working on bot framework project and using azure functions for triggering time trigger and cosmos db trigger. As part of RBAC access we have upgraded the web job commos db package and used the cosmos db endpoint and default azure credentials for creating cosmos client. Also configured the endpoint of tables in storage account. And upgraded the packages for web job extensions for storage and cosmos. But still we are getting the below error while building the Azure function.
"Cannot create Collection Information for entity in database %CosmosDatabaseId% with lease leases in database %CosmosDatabaseId% : Format of the initialization string does not conform to specification starting at index 0. System.Data.Common: Format of the initialization string does not conform to specification starting at index 0."
In Cosmos Db trigger we are directly providing the connection name which is the cosmos db connection string with endpoint. Is that the reason why we are getting the error. is there any other ways through which we can implement rbac in azure function for triggers
We have already referred a document and get samples for Http trigger by creating cosmos client with endpoint and default azure credentials.
But in our case we are passing along with connection name in cosmso db trigger
public async Task Run([CosmosDBTrigger(
databaseName: "%CosmosDatabaseId%",
containerName: "availableEmployes",
Connection = "CosmosDbConnection", // taking the connection name provided in the josn file (https://<account_name>.table.core.windows.net/")
LeaseContainerName = "leases",
CreateLeaseContainerIfNotExists = true)] IReadOnlyList<Item> input,
ILogger logger,
[Table("employeelogs", Connection = "AzureWebJobsStorage")] IAsyncCollector<EmployeeEntity> table,
[CosmosDB(
databaseName: "%CosmosDatabaseId%",
containerName: "availableEmployes",
Connection = "CosmosDbConnection")]CosmosClient client)
This is already supported; can you go through the sample below? https://learn.microsoft.com/en-us/azure/cosmos-db/managed-identity-based-authentication
Sajeetharan, Thanks for the reply, Do you have any examples of Cosmos DB triggers. In Cosmos DB trigger we pass the connection string as a trigger attribute for the Cosmos DB trigger. How can we handle the cosmos db connection attribute with endpoint name only
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 87%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
@MikeUrnun Yes , The samples which i got from github and ms is for http trigger. But in Cosmos db trigger we are providing the cosmos db connection string and storage table link directly . But how to handle this when the connection stringds replace with endpoints without key??
Thanks for confirming, @lakshmi! I'll look into it and share my findings with you!
UPDATE:
It seems that the official doc covers the required config in detail. The CosmosDB trigger using managed identity would look as follows:
[Function("CosmosTrigger")]
public void Run([CosmosDBTrigger(
databaseName: "ToDoItems",
containerName:"TriggerItems",
Connection = "CosmosDBConnection",
LeaseContainerName = "leases",
CreateLeaseContainerIfNotExists = true)] IReadOnlyList<ToDoItem> todoItems,
FunctionContext context)
{
if (todoItems is not null && todoItems.Any())
{
foreach (var doc in todoItems)
{
_logger.LogInformation("ToDoItem: {desc}", doc.Description);
}
}
}
Here, the Connection attribute points to the name of an app setting or setting collection that specifies how to connect to the Azure Cosmos DB account being monitored. This setting, which is the name of the app setting, will be in the following format: <CONNECTION_NAME_PREFIX>__accountEndpoint
The value for the setting will reference the Cosmos DB account endpoint URI, as shown in the doc: https://<database_account_name>.documents.azure.com:443/
So, if I had a CosmosDB account named contosodb, I would have the following:
In the local.settings.json file:
{
"IsEncrypted": false,
"Values": {
"FUNCTIONS_WORKER_RUNTIME": "<language worker>",
"AzureWebJobsStorage": "<connection-string>",
"mycontosodb_accountEndpoint": "https://contosodb.documents.azure.com:443/"
}
}
And in the trigger function:
[Function("CosmosTrigger")]
public void Run([CosmosDBTrigger(
databaseName: "ToDoItems",
containerName:"TriggerItems",
Connection = "mycontosodb_accountEndpoint",
LeaseContainerName = "leases",
CreateLeaseContainerIfNotExists = true)] IReadOnlyList<ToDoItem> todoItems,
FunctionContext context)
{
if (todoItems is not null && todoItems.Any())
{
foreach (var doc in todoItems)
{
_logger.LogInformation("ToDoItem: {desc}", doc.Description);
}
}
}
That should be it as far as config on the functions side. However, you'll definitely want to give your Functions App the required RBAC permissions: Grant permission to the identity
Hope this helps!