I have a doubt that the service identity (managed identity) has the appropriate permissions to read secrets from Azure Key Vault. It should have at least the "Get" permission for secrets. This permission difference might not be evident during debug mode because the debug execution might be using a different authentication mechanism or permissions setup. One other doubt is there are maybe IP restrictions or VNEt integrations set up for your Azure Function, ensure that the Data Factory managed identity is allowed to communicate with the function. This might not affect debug runs if they are executed from a different network context.
Azure Function activity in Data Factory works on debug, but not during trigger
I have a Data Factory pipeline in which one of the activities calls an Azure Function that does some basic transformation on data to prepare for ingestion into copy activity. This function has no parameters being passed or anything of the sort. The function activity is merely meant to call the function, and all data transformation to include the loading of the file itself from blob storage, happens within the function. The function in question is an HTTP function, no authorization needed, the only authentication it uses is the function key stored in Azure Key Vault. Again, during debug mode there are no issues. But I am getting an error which states
Call to provided Azure function 'req' failed with status-'Unauthorized' while invoking 'POST' on 'https://MYFUNCTION.azurewebsites.net' and message - 'Invoking Azure function failed with HttpStatusCode - Unauthorized.'. I am not understanding why the activity runs perfectly fine in debug mode, but fails when its actually triggered in a live run. The function authorizes just fine during debug, but suddenly runs into an auth error when it is triggered. Any thoughts?