2

When I try to read a txt-file from blob storage using a Function App, it returns this error in the log:

Result: Failure Exception: HttpResponseError: This request is not authorized to perform this operation using this permission. RequestId:00000-0000-00000-00000-000000000000 Time:2021-07-28T13:14:46.7803762Z ErrorCode:AuthorizationPermissionMismatch Error:None

In the Access Control menu of the storage account, the role 'Storage Blob Data Contributor' has been given to the system-assigned-identity of the Function App.

This is my code:

import logging
import azure.functions as func
from azure.storage.blob import BlobServiceClient, BlobClient
from azure.identity import DefaultAzureCredential

def main(req: func.HttpRequest) -> func.HttpResponse:
    blob_url = "https://my-storage-account.blob.core.windows.net"
    blob_credential = DefaultAzureCredential()
    blob_client = BlobClient(account_url=blob_url, container_name='tests', blob_name='file.txt', credential=blob_credential)
    download_stream = blob_client.download_blob()
    logging.info('Contents of the download_stream: %s', download_stream)

    return func.HttpResponse("OK", status_code=200)

Why do I get the error instead of the contents of the 'file.txt'?

Improve this question

1 Answer 1

Reset to default
1

The system-assigned-identity also needs the role 'Storage Queue Data Contributor '. And to show the contents of the file in the logging 'download_stream' should be replaced by download_stream.readall().

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.