1

Im trying to write an Azure function which has an Event Grid output binding, how do I configure it to use a manage identity instead of the topic key ?

    [Function("TestEventGrid")]
    [EventGridOutput(TopicEndpointUri = "MyEventGridTopicUriSetting", TopicKeySetting = "MyEventGridTopicKeySetting")]
    public async Task<MyEvent> Run([HttpTrigger(AuthorizationLevel.Anonymous, "post")] HttpRequestData req)
    {
        return await Task.FromResult(new MyEvent
        {
            Id = "123",
            Subject = "sub",
            EventType = "myevent",
            EventTime = DateTime.Now,
            Data = new TestData(),
            DataVersion = "1.0"
        });
    }
Gary
  • 11
  • 1
  • I'm trying to find the same info, please update this with an answer if you find out how to do this. The documentation is pretty severely lacking here. Since function apps can use managed identities, it certainly seems like it should be possible.. – Jake Boomgaarden Oct 02 '22 at 16:43

2 Answers2

0

Instead of EventGridAttribute, use EventGridAsyncCollector, which lives nextdoor:

enter image description here

EventGridAsyncCollector uses EventGridPublisherClient behind the scenes:

public EventGridPublisherClient(System.Uri endpoint, Azure.AzureKeyCredential credential) { }

Azure.AzureKeyCredential credential is what you are looking for.

UPDATE: You should completely ditch EventGridAttribute and go for the lower level EventGridPublisherClient. Here's a link to how to use it: https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/eventgrid/Azure.Messaging.EventGrid#authenticate-using-azure-active-directory

Mithgroth
  • 1,114
  • 2
  • 13
  • 23
0

I've implemented this feature in the SDK because our team needed it too, it's now available in version 3.3.0. You can use managed identity the same way as many other Azure-native bindings, by specifying the 'Connection' property instead of the TopicEndpointUri and TopicKey. As per the updated documentation:

It is also possible to use Azure Identity with the output binding. To do so, set the Connection property to the name of your app setting that contains your Event Grid Topic endpoint along with a set of optional Identity information that is described in detail here. When setting the Connection property, the TopicEndpointUri and TopicKeySetting properties should NOT be set.

public static class CloudEventOutputBindingWithIdentityFunction
{
    [FunctionName("CloudEventOutputBindingWithIdentityFunction")]
    public static async Task<IActionResult> RunAsync(
        [HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)] HttpRequest req,
        [EventGrid(Connection = "MyConnection")] IAsyncCollector<CloudEvent> eventCollector)
    {
        CloudEvent e = new CloudEvent("IncomingRequest", "IncomingRequest", await req.ReadAsStringAsync());
        await eventCollector.AddAsync(e);
        return new OkResult();
    }
}

For local development, use the local.settings.json file to store the connection information:

{
  "Values": {
    "myConnection__topicEndpointUri": "{topicEndpointUri}"
  }
}
Andrew Williamson
  • 8,299
  • 3
  • 34
  • 62