TechQA.

Why does an anonymous httptrigger azure function throw a 500 internal server error when 'code' is a param in query string?

679 views Asked by At

I have a Function App that is running in a container in Kubernetes. One of my endpoints is an httptrigger with anonymous access. However the query string contains a parameter code (supplied by a 3rd party vendor with no control over its name) that causes the app to throw a 500 error with no log indicating what happened. The odd part is if I deploy the same function to an Azure Function App everything works as expected. So my question is what configuration or environment variables need to be set in order for this to behave correctly?

Related to this as a follow up question - Azure Function running in AKS throws 500 on query string parameter for http trigger function

azure azure-functions azure-functions-runtime azure-functions-core-tools azure-functions-docker
Original Q&A
1

There are 1 answers

0
tanzencoder On BEST ANSWER

The issue turned out that the runtime tries to write files to the azure-functions-host/Secrets directory for anonymous functions where code is a parameter in the query string. Due to the way Kubernetes mounts volumes for secrets when it creates the directory it sets the permissions in a read only fasion even if readonly is false.

As a work-around I ended up creating the directory in the docker file

# To enable ssh & remote debugging on app service change the base image to the one below
# FROM mcr.microsoft.com/azure-functions/dotnet:3.0-appservice
FROM mcr.microsoft.com/azure-functions/dotnet:3.0
ENV AzureWebJobsScriptRoot=/home/site/wwwroot \
    AzureFunctionsJobHost__Logging__Console__IsEnabled=true \
    FUNCTIONS_WORKER_RUNTIME=dotnet 
    
EXPOSE 80 443

RUN mkdir azure-functions-host/Secrets

COPY . /home/site/wwwroot

In the kubernetes deployment file I mounted the specific file to that directory so that the mount action did not mess with the directory permissions.

volumeMounts:
  - name: functionhostkeys-store
    mountPath: "/azure-functions-host/Secrets/host.json"
    subPath: "host.json"
    readOnly: false

This approach allowed the runtime to still write to that directory as needed but allowed me to manage my function keys in Azure KeyVault and mount them at runtime in a known configuration.

Related Questions in AZURE

Related Questions in AZURE-FUNCTIONS

Related Questions in AZURE-FUNCTIONS-RUNTIME

Related Questions in AZURE-FUNCTIONS-CORE-TOOLS

Related Questions in AZURE-FUNCTIONS-DOCKER

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions