JetBrains/azure-tools-for-intellij

Azure credentials not available in Functions host.

DJ4ddi opened this issue · 1 comments

DJ4ddi commented

When starting an Azure Function from the IDE (same result with run and debug), the host process does not have access to any credentials configured for Rider (using the toolkits own Service Authentication section) or the Azure CLI.

Reproduction

  1. Login to an Azure account with the Service Authentication options or globally with the Azure CLI.
  2. Create a private Azure Storage account for testing purposes. Assign the Storage Blob Data Owner role to your test user.
  3. Create an Azure Function HTTP trigger from the template.
  4. Add any authorized access to the test storage with DefaultAzureCredentials. Make sure that you configure the client with an endpoint, not a full connection string. For example, you could use the Azure.Storage.Blobs library:
var bc = new BlobServiceClient(
  new Uri(context.Configuration.GetRequiredSection("BlobStorage").GetValue<string>("Endpoint")),
  new DefaultAzureCredential());
var containers = bc.GetBlobContainers().AsPages().First().Values.Select(b => b.Name);
Console.WriteLine(containers);
  1. Run or debug the Function locally. Observe how the example call causes an exception indicating that the request is not authorized.

Workaround

It is possible to circumvent this issue by specifying the tenant (and other required authentication information) as environment variables in the local.settings.json file (or the run/debug configuration).

DJ4ddi commented

It turns out that the reason this wasn't working is that Visual Studio (for unknown reasons) changed my default Azure tenant. In Rider itself, the VisualStudioCredential provider failed with an exception because I had configured a tenant ID (which wasn't included in the Visual Studio logins). It then used the working Azure CLI provider as a fallback.

The Functions host did not have this tenant override and therefore chose the wrong tenant provided by Visual Studio. I resolved the issue by reconfiguring the correct login in Visual Studio. It can also be solved by disabling the VS login:

new DefaultAzureCredentialOptions { ExcludeVisualStudioCredential = true }