Just for reference I am coming from AWS so any comparisons would be welcome.
I need to create a function which detects when a blob is placed into a storage container and then downloads the blob to perform some actions on the data in it.
I have created a storage account with a container in, and a function app with a python function in it. I have then set up a event grid topic and subscription so that blob creation events trigger the event. I can verify that this is working. This gives me the URL of the blob which looks something like https://<name>.blob.core.windows.net/<container>/<blob-name>
. However then when I try to download this blob using BlobClient I get various errors about not having the correct authentication or key. Is there a way in which I can just allow the function to access the container in the same way that in AWS I would give a lambda an execution role with S3 permissions, or do I need to create some key to pass through somehow?
Edit: I need this to run ASAP when the blob is put in the container so as far as I can tell I need to use EventGrid triggers not the normal blob triggers
2
Answers
The answer lied somewhere between @rickvdbosch's answer and Abdul's comment. I first had to assign an identity to the function giving it permission to access the storage account. Then I was able to use the
azure.identity.DefaultAzureCredential
class to automatically handle the credentials for theBlobClient
This can be achieved by using an Azure Blob storage trigger for Azure Functions.
This last sentence, "The blob contents are provided as input to the function", means the blob can be an input parameter to the Function. This way, there’s no (or less) need for you to download it manually.
Have a look at Using Managed Identity between Azure Functions and Azure Storage.
EDIT
This is correct, a Blob trigger could have up to 10 minutes of delay before it actually triggers the Function. The second part of the answer still stands, though.