EventGrid Webhooks To AzureFunctions with slots

Filip Zan 26 Reputation points
2021-05-26T11:31:11.627+00:00

Hi, Hello!

I'm having an Event Grid that is targeting Azure Functions with slots on consumption plans.
Deployment process looks like this:

  1. Deploy application to slot.
  2. Swap slots.
  3. Use ARM template to create/update EG subscriptions.

At first in the ARM templates we had

"properties.destination.endpointType": "AzureFunction"
"properties.destination.properties.resourceId": "[resourceId(...)]"

However it appears that ARM templates do not update Function system key for Event Grid, so every other deployment we got Unauthrized errors when EG was trying to deliver event.

So we decided to change to use webhooks

"properties.destination.endpointType": "Webhook"
"properties.destination.properties.endpointUrl": [concat(variables('ingestVehicleFunction_function_url'), listKeys(resourceId(variables('resource_groups_data_name'), 'Microsoft.Web/sites/host/', variables('functions_company_data_name'), 'default'),'2016-08-01').systemkeys.eventgrid_extension)]"

but some of EG Subscriptions throws errors for handshakes

2021-05-26T09:19:01.7281161Z ##[error]Url validation: Webhook validation handshake failed for https://myfunction.azurewebsites.net/runtime/webhooks/EventGrid. Http POST request failed with response code Unknown. For troublehooting, visit https://aka.ms/esvalidation. Activity id:2111b58f-c9f4-4ba8-96ac-530289c5c6f2, timestamp: 5/26/2021 9:18:43 AM (UTC).

"Funny" thing is that this occurs only when ARM template is deployed in DevOps Releases, sometimes for one function, sometimes for all - no consistency here ;(
When I run the template locally no issues are there.

What is the most convenient way to make EG subscription to Azure Function when swap of the AF slots changes host keys?
Or
What is going on with those ARM templates?

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
5,394 questions
Azure Event Grid
Azure Event Grid
An Azure event routing service designed for high availability, consistent performance, and dynamic scale.
419 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Mike Urnun 9,836 Reputation points Microsoft Employee
    2021-05-28T20:08:11.323+00:00

    Hi @Filip Zan - At the time of the creation of the Event Subscription resource, the handshake validation requires the event subscriber endpoint to be online and responsive to ensure that it can participate in handshake exchange. For example, in the case of an async handshake, it keeps the validation URL valid for 5mins and if the event subscriber fails to respond with 200 code and validate successfully in that time range, the handshake will be considered failed and you'll get the error message above.

    Release servers, on the other hand, can undergo issues while executing deployment tasks which then often results in performing retry policies, etc. Consequently, it can easily result in exceeding the 5mins wait time or impact the handshake validation requirement indirectly.


  2. Gregory McNamara 37 Reputation points
    2021-11-29T18:10:20.127+00:00

    Hi @Filip Zan , @Mike Urnun , I seem to be having the same problem with ARM deployment and event grid triggers for function apps. The function app has an event grid trigger (no webhooks configured directly) and the subscription is to a System Topic (from IoT Hub). Did you ever figure out a fix or workaround for this? I have a ticket open with MS Support on this issue right now. My deployment uses Azure DevOps pipeline (yaml) which calls ARM (Bicep) at certain points.

    DevOps deployment pipeline calls:

    • create iot hub, system topic and function app (Bicep)
    • provision function code (from build job) to function app (AzureAppServiceManage and AzureRmWebAppDeployment tasks)
    • create system topic event subscription from system topic to function app (Bicep)

    I have "dependsOn" within the 2 Bicep steps, but not between the pipeline tasks. I need 2 Bicep files because I can't create the subscription until the function code exists in the function app.

    If I create these manually it all works fine, but I have to automate this in a CI/CD pipeline so I can deploy into multiple dev/test/prod environments.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.