stackoom
  简体   繁体   中英

Why does an anonymous httptrigger azure function throw a 500 internal server error when 'code' is a param in query string?

 原文  2021-07-16 15:30:56       azure/ azure-functions/ azure-functions-runtime/ azure-functions-core-tools/ azure-functions-docker

Question

I have a Function App that is running in a container in Kubernetes. One of my endpoints is an httptrigger with anonymous access. However the query string contains a parameter code (supplied by a 3rd party vendor with no control over its name) that causes the app to throw a 500 error with no log indicating what happened. The odd part is if I deploy the same function to an Azure Function App everything works as expected. So my question is what configuration or environment variables need to be set in order for this to behave correctly?

Related to this as a follow up question - Azure Function running in AKS throws 500 on query string parameter for http trigger function

1 answers

solution1
 0 ACCPTED  2021-07-21 12:27:55

The issue turned out that the runtime tries to write files to the azure-functions-host/Secrets directory for anonymous functions where code is a parameter in the query string. Due to the way Kubernetes mounts volumes for secrets when it creates the directory it sets the permissions in a read only fasion even if readonly is false.

As a work-around I ended up creating the directory in the docker file

# To enable ssh & remote debugging on app service change the base image to the one below
# FROM mcr.microsoft.com/azure-functions/dotnet:3.0-appservice
FROM mcr.microsoft.com/azure-functions/dotnet:3.0
ENV AzureWebJobsScriptRoot=/home/site/wwwroot \
    AzureFunctionsJobHost__Logging__Console__IsEnabled=true \
    FUNCTIONS_WORKER_RUNTIME=dotnet 
    
EXPOSE 80 443

RUN mkdir azure-functions-host/Secrets

COPY . /home/site/wwwroot

In the kubernetes deployment file I mounted the specific file to that directory so that the mount action did not mess with the directory permissions.

volumeMounts:
  - name: functionhostkeys-store
    mountPath: "/azure-functions-host/Secrets/host.json"
    subPath: "host.json"
    readOnly: false

This approach allowed the runtime to still write to that directory as needed but allowed me to manage my function keys in Azure KeyVault and mount them at runtime in a known configuration.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Azure function : HttpTrigger and output queue returned “Internal Server Error” Azure Function Status Code 500 internal server error Azure Function returns 500 internal server error 500 - Internal server error in azure Why is My Azure API returning 500 internal server error when it works in a local environment? Internal Server Error (500) when trying to invoke a Azure Function wrapped in a Docker container Azure function's http trigger is giving 500 internal server error httphandlers in azure 500 internal server error 500(Internal Server Error): Forge deployed on Azure Internal 500 error when uploading to azure storage
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM