BUG In Azure Function Trigger with Managed Identity

I think there is a bug in the use of Azure Function Trigger Bindings on the Connection value when a Managed Identity is used.

We are using Managed Identity with Consumption based Function App to receive events from the EventHub. As per the Microsoft documentation: https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-event-hubs-trigger?tabs=csharp#identity-based-connections we are using the following connection string in the EventHub trigger:

EhubSaaSSecConnection__fullyQualifiedNamespace: [[ REDACTED ]].servicebus.windows.net

Here’s the Function App signature:

[FunctionName("EventHub-To-EventHubFunction")]
public static async Task Run(
// SaaS EH Trigger - Receives events from source EH
[EventHubTrigger(Constants.SaasEHName, Connection = Constants.SaasEHConnectionName)] EventData[] events,
// QRadar EH Output binding - Sends events to dest EH
[EventHub(Constants.QRadarEHName, Connection = Constants.QRadarEHConnectionName)] IAsyncCollector<string> outputEvents, ILogger log)

Here are the constants:

public const string SaasEHConnectionName = "EhubSaaSSecConnection";
public const string QRadarEHConnectionName = "EhubQRadarConnection";

The function EventHub-To-EventHubFunction is getting triggered without any exception when the Azure portal is open, but the trigger gets hibernated afterward and does not activate even if events queued up in the Event Hub. Upon the troubleshooting, we found the following errors in Scale Controller which is preventing the function to scale up when there’s an event. After you enable the logging of the Scale Controller Logs you can use the Kusto query: traces
| extend CustomDimensions = todynamic(tostring(customDimensions))
| where CustomDimensions.Category == “ScaleControllerLogs”
| order by timestamp desc

You’ll see logs as the following: Specified connection string is null or empty for connection: EhubSaaSSecConnection. Invalid connection.

More Information below from a different thread: https://github.com/Azure/azure-sdk-for-net/issues/12657#issuecomment-1011820099 All credits to @Swing0601 https://github.com/Swing0601: I got the same error message, and looked into the source code, finally figured it out. Hope it will be helpful.

here is the source code, there is condition whether get the connection with Identity or Shared Access https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/eventhub/Microsoft.Azure.WebJobs.Extensions.EventHubs/src/Config/EventHubClientFactory.cs

Identity-based connections require “<CONNECTION_NAME_PREFIX>__fullyQualifiedNamespace” property. https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-event-hubs-trigger?tabs=csharp#identity-based-connections

My issue is caused by CONNECTION_NAME_PREFIX is not correct, the format is AzureWebJobs + connectionName, here is an example, CONNECTION_NAME_PREFIX is “AzureWebJobsmyEventHubConnectionString”, then “<CONNECTION_NAME_PREFIX>__fullyQualifiedNamespace” value is “AzureWebJobsmyEventHubConnectionString___fullyQualifiedNamespace”

function.json:

BTW, my develop language is Python,

CONNECTION_NAME_PREFIX source code: https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/extensions/Microsoft.Azure.WebJobs.Extensions.Clients/src/Shared/WebJobsConfigurationExtensions.cs

Good Luck!!!

_Originally posted by @Swing0601 in https://github.com/Azure/azure-sdk-for-net/issues/12657#issuecomment-1011820099_