Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Unable to list keys for azure function app

Tags:

azure-web-app-service

azure-functions

I have an azure function app in a "development" subscription that's created from a bicep template that's run from a devops pipeline. The function app is hosted on a windows app service plan that's happily running other function apps. The app settings are shown below:

var functionAppSettings = {
  WEBSITE_RUN_FROM_PACKAGE: 1
  AzureWebJobsStorage__accountname: storageAccountName
  FUNCTIONS_EXTENSION_VERSION: '~4'
  FUNCTIONS_WORKER_RUNTIME: 'dotnet-isolated'
}

It uses the managed identity of the function app to connect to its storage account. I've ensured the storage account has 'Storage Blob Data Contributor' and 'Storage Queue Data Contributor' role membership on the storage account.

If I run the following azure cli:

az functionapp keys list --name <func app name> --resource-group <rg name> --query functionKeys.default | tr -d '"'

Then I get the response: Operation returned an invalid status 'Bad Request'

I thought I'd test to see if the function app had connectivity / permission to its storage account by asking it to create a new key using the following azure cli:

az functionapp keys set -g <rg name> -n <func app name> --key-type functionkeys --key-name MyHostKey

This also came back with: ERROR: Operation returned an invalid status 'Bad Request'

However, I then took a look in the storage account and could see a host.json in a blob container named "azure-webjobs-secrets". The content of host.json did contain an entry for MyHostKey.

The function app does have vnet integration configured and makes use of a nat gateway attached to its subnet. The storage account has "Public network access Enabled from all networks" set.

If I browse to the "App keys" blade for the function app it shows no keys:

enter image description here

The same devops pipeline later deploys to a "test" subscription and that has no problems. I have tried deleting everything from the resource group of the "development" subscription and re running the devops pipeline but still hit the same problem.

I've read the docs and followed the steps from this blog post but without success.

like image 461
Rob Bowman Avatar asked Oct 20 '25 06:10

Rob Bowman

1 Answers

Here are a few things you could investigate:

  1. Ensure that the app settings (especially AzureWebJobsStorage) correctly point to the storage account you're expecting it to use.

  2. The logs from Application Insights (which needs to be enabled for the Function App) might provide more detailed error messages.

  3. Ensure that the Function App has access to Azure Storage endpoints. This is typically done through service endpoints or private endpoints.

  4. Sometimes these errors can occur due to Azure CLI version incompatibilities, make sure it's updated to the latest version.

  5. If you have set up CORS on your storage account, ensure that the necessary origins are allowed.

Lastly, try deploying the function manually and see if it works. This will help isolate whether the issue is with the app or the way it is being deployed.

like image 74
nickdoesstuff Avatar answered Oct 22 '25 04:10

nickdoesstuff

Sign in to Comment

Related questions

How to configure Azure Function access restrictions to allow for testing via portal
Can I change the Azure Function Event Hub trigger starting checkpoint?
Is there a way I can delay the retry for a service bus message in an Azure function?
Why is the functions runtime not finding my functions when I import certain packages?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!