none
Azure Function Managed Service Identity creating Data Lake File Forbidden issue

    Question

  • I have the following code in an Azure Function.

    var azureServiceTokenProvider = new AzureServiceTokenProvider();
    
                var keyVaultClient = new KeyVaultClient(
                    new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
    
                var secret = await keyVaultClient.GetSecretAsync("https://xxxxxkeyvaulttest.vault.azure.net/secrets/DataPlatformGetById")
                    .ConfigureAwait(false);
    
                var dataLakeToken = await azureServiceTokenProvider.GetAccessTokenAsync("https://datalake.azure.net/");
    
                var randomfileName = Path.GetRandomFileName();
    
                var adlsClient = AdlsClient.CreateClient("xxxxdatalakestoretest.azuredatalakestore.net", $"Bearer {dataLakeToken}");
                using (await adlsClient.CreateFileAsync($"{randomfileName}.xlsx", IfExists.Overwrite)) { };

    The call to the GetSecretAsync to the KeyVault works. 

    The call to CreateFileAsync does not. I get a forbidden exception.

    In the Data Explorer of the Data Lake I select Access. I add the Function MSI and give it Read, Write, Execute, This folder and all children and An access permission entry and a default permission entry.

    What am I doing incorrectly?

    Tuesday, November 20, 2018 3:05 PM

Answers

  • I rebuilt from scratch to insure I didn't mess up any steps. It is working now. Thank you for your input!
    • Marked as answer by baparker Wednesday, November 21, 2018 12:25 AM
    Wednesday, November 21, 2018 12:25 AM

All replies