CODEWITHSUNDEEP
pythonazure-functionsazure-blob-storage
cb0008
cb0008

Reputation: 143

AuthorizationPermissionMismatch when Python Function App attempts to read file

When I try to read a txt-file from blob storage using a Function App, it returns this error in the log:

Result: Failure Exception: HttpResponseError: This request is not authorized to perform this operation using this permission. RequestId:00000-0000-00000-00000-000000000000 Time:2021-07-28T13:14:46.7803762Z ErrorCode:AuthorizationPermissionMismatch Error:None

In the Access Control menu of the storage account, the role 'Storage Blob Data Contributor' has been given to the system-assigned-identity of the Function App.

This is my code:

import logging
import azure.functions as func
from azure.storage.blob import BlobServiceClient, BlobClient
from azure.identity import DefaultAzureCredential

def main(req: func.HttpRequest) -> func.HttpResponse:
    blob_url = "https://my-storage-account.blob.core.windows.net"
    blob_credential = DefaultAzureCredential()
    blob_client = BlobClient(account_url=blob_url, container_name='tests', blob_name='file.txt', credential=blob_credential)
    download_stream = blob_client.download_blob()
    logging.info('Contents of the download_stream: %s', download_stream)

    return func.HttpResponse("OK", status_code=200)

Why do I get the error instead of the contents of the 'file.txt'?

Upvotes: 2

Views: 491

Answers (1)

cb0008
cb0008

Reputation: 143

The system-assigned-identity also needs the role 'Storage Queue Data Contributor '. And to show the contents of the file in the logging 'download_stream' should be replaced by download_stream.readall().

Upvotes: 1

Related Questions