Open mderriey opened 7 months ago
@mderriey Thanks for your feedback! We will investigate and update as appropriate.
Thanks @mderriey for the feedback. @mattchenderson can you verify this and I'll update the article?
Thanks for looking into this @ggailey777 and @mattchenderson.
Hi 👋
The feedback applied specifically to the "Grant permissions to the identity" section.
The RBAC roles listed for a queue trigger are Storage Queue Data Reader and Storage Queue Data Message Processor.
However, these are not sufficient for the case where a message fails processing and is released to the queue. This is an update message operation which is not covered by the roles mentioned in the documentation. The behavior of releasing the message to the queue is baked in the Storage Queues extension, my application doesn't have any custom code using the Storage Queues client library.
The stack trace looks something like:
The issue is that this exception bubbles up to the
WebScriptHostExceptionHandler
which shuts down the host, meaning the app is down and doesn't process messages for a couple of minutes in our case.Some details:
Microsoft.Azure.Functions.Worker.Sdk
v1.17.2.Microsoft.Azure.Functions.Worker.Extensions.Storage.Queues
v5.3.0.For us, the workaround is to assign the Storage Queue Data Contributor role to the identity we're using.
Document Details
⚠Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.