CODEWITHSUNDEEP
azureazure-functionsmanaged
Botond Szakács
Botond Szakács

Reputation: 51

Using managed identities in queue triggers in azure functions

I'd like to use managed identities instead of username and password configured in the storage account connection. I only see the option to configure the queue trigger with a connection string, but can't add a managed identity to avoid secrets to be configured. Is that possible at all?

Upvotes: 5

Views: 1188

Answers (2)

Mike WP
Mike WP

Reputation: 175

This is now possible using the Microsoft Azure Function Extension Libraries, e.g. "Microsoft.Azure.WebJobs.Extensions.Storage.Blobs".

Exampleconnection configuration for managed identities:

"QueueSettings:StorageAccount": "",
"QueueSettings:StorageAccount__queueServiceUri": "https://mytestfa.queue.core.windows.net/",
"QueueSettings:StorageAccount__credential": "managedidentity"

And reference the connection in the function trigger like this:

 [Function("ProcessUserData")]
 public async Task ProcessUserData([QueueTrigger("%QueueSettings:UserDataQueue%", Connection = "QueueSettings:StorageAccount")] string queueItem, FunctionContext context)
 {
      var logger = context.GetLogger<QueueListener>();
      ... 
 }

Original announcement from the Microsoft DevBlog here: https://devblogs.microsoft.com/azure-sdk/introducing-the-new-azure-function-extension-libraries-beta/

also reference here: Azure Functions - use queue trigger with managed identity

Upvotes: 0

4c74356b41
4c74356b41

Reputation: 72171

I'm fairly certain it is not possible as of now, you can only use managed identities when the function runs to access resources, not for the trigger. I cannot dig up a proof for that right now, saw it on some GH issue.

Upvotes: 2

Related Questions