Upload files to Azure blob storage container

Image by https://www.pexels.com/@apasaric/
Image by https://www.pexels.com/@apasaric/

We have a common use case when we need to upload a sizable file to Azure Blob Storage (or any form of Cloud storage) and then the file content is then processed by Azure Function App. This blog is about an anti-pattern and an effective way to handle this use case.

Setup

Create a resource group and create these services

  1. Azure Function app
  2. Azure Blob Storage

Enable the Managed Service Identity option for Azure Function App.

Next grant this identity to blob storage's Storage Blob Data Contributor role. This is an important step otherwise the generated Shared Access Signature (SAS) Token does have the right permissions.

Add Application Settings in Function App

The BLOB_CONTAINER_NAME and BLOB_STORAGE_URL are in the Python code later.
  • BLOB_CONTAINER_NAME is the container name. I have created one and I named it as "test".
  • BLOB_STORAGE_URL is like https://<you-blob-storage-account-name>.blob.core.windows.net/


Anti Pattern

When we allow the upload of files that are targeted to storage in cloud storage via Azure Function App (or any lightweight microservices), we face the following issues
  1. One extra hop. The file has to go to the function-app first and then to the target blob storage container.
    1. Making the upload process unnecessarily slow.
  2. Unnecessary memory consumption in the function-app for staging the data.


Using Shared Access Signature token

We shall share some code on how to generate Shared Access Signature Token (aka SAS Token).
# azure-identity
# azure-functions
# azure-storage-blob

import logging
import json
import os
import azure.functions as func

from datetime import datetime, timedelta
from azure.identity import ManagedIdentityCredential
from azure.storage.blob import AccountSasPermissions, BlobServiceClient, generate_blob_sas

BLOB_STORAGE_URL = os.environ["BLOB_STORAGE_URL"]
BLOB_CONTAINER_NAME = os.environ["BLOB_CONTAINER_NAME"]

def generate_sas_token(blob_name: str) -> str:
    """generate storage access token

    Args:
        blob_name (str): name of blob

    Returns:
        str: storage access token
    """
    msi_credential = ManagedIdentityCredential()
    blob_client = BlobServiceClient(
        account_url=BLOB_STORAGE_URL,
        credential=msi_credential)

    # Get user-delegated key
    user_key = blob_client.get_user_delegation_key(
        key_start_time = datetime.utcnow(),
        key_expiry_time = datetime.utcnow() + timedelta(minutes=5)
    )

    return generate_blob_sas(
        account_name=blob_client.account_name,
        container_name=BLOB_CONTAINER_NAME,
        blob_name=blob_name,
        user_delegation_key=user_key,
        permission=AccountSasPermissions(create=True, read=True),
        expiry=datetime.utcnow() + timedelta(minutes=5),
    )
    

def main(req: func.HttpRequest) -> func.HttpResponse:
    logging.info('Request SAS URL [Python HTTP trigger] called.')

    name = req.params.get('name')
    if name:
        try:
            token = generate_sas_token(name)

            result = {"sas_url": f"{BLOB_STORAGE_URL}{BLOB_CONTAINER_NAME}/{name}?{token}"}
            return func.HttpResponse(
                json.dumps(result),
                mimetype="application/json",
            )        
        except Exception as e:
            logging.error(e)
            return func.HttpResponse(str(e), status_code=400)

    return func.HttpResponse("name parameter value is required", status_code=400)

The code is very concise and self-explanatory. Here are a few things to note.

  1. ManagedIdentityCredential works because we have created the MSI (Managed Service Identity) for the function-app and assigned the Blob Data Contributor role to it.
  2. The function app will return the URL for uploading a file to Azure Blob Storage. We need to
    1. The generated URL expires in 5 minutes
    2. Use HTTP/1.1 PUT method on this URL
    3. Add x-ms-blob-type=BlockBlob to the header of the HTTP request.




Comments

Post a Comment

Popular posts from this blog

OpenAI: Functions Feature in 2023-07-01-preview API version

Image
  Image from https://www.pexels.com/@pavel-danilyuk/ One of the cool features of OpenAI version 2023-07-01 is its custom Functions feature. This feature is close to me because I am working on a project where we require OpenAI to generate JSON responses. We always want the generated JSON to be consistent, otherwise, we need to do some post-processing tasks to get the JSON object in the correct schema. In the blog, we observe the completion with and without this new feature. Development Setup python -m venv .venv poetry init poetry shell poetry add openai poetry add python-dotenv poetry add pydantic I am using Python version 3.11 Create .env file OPENAI_API_TYPE="azure" OPENAI_API_BASE="<OpenAI endpoint>" OPENAI_API_KEY="<OpenAI secret>" OPENAI_API_VERSION="2023-07-01-preview" OPENAI_DEPLOYMENT_ID="<deployment identifier>" Without OpenAI functions feature We use two sample texts for experimentation. We want to get the na
Read more

Storing embedding in Azure Database for PostgreSQL

Image
  Image from https://www.pexels.com/@tara-winstead/ There are many options to store text embeddings. In this blog, we shall look at storing embedding in Azure Database for PostgreSQL. Installing Azure Database for PostgreSQL Install Azure Database for PostgreSQL Flexible Server.  Once it is deployed, enable two extensions. Install Python modules python -m venv .venv poetry init poetry shell poetry add openai[datalib] poetry add python-dotenv poetry add psycopg2-binary My Python version is 3.10. Create .env OPENAI_API_TYPE="azure" OPENAI_API_BASE="<HTTP endpoint to Azure OpenAI Service>" OPENAI_API_KEY="<secret to Azure OpenAI Service>" OPENAI_API_VERSION="2023-05-15" TEXT_MODEL="<deployment id of text embedding model>" PGHOST="<my-service>.postgres.database.azure.com" PGUSER="<user name>" PGPASSWORD="<secret>" PGPORT="5432" PGDATABASE="< database name
Read more

Happy New Year, 2024 from DALL-E

Image
generated by DALL-E Wishing everyone a happy new year. Year 2023 is great for me because I learned much about OpenAI. I am involved in a live deployment with it, and involved in a handful of interesting user scenarios around it. On top of this, a copilot hackathon. The image above is generated by DALL-E and following is the code. 1. Dependencies python = "^3.10" pydantic-settings = "^2.1.0" openai = "^1.3.8" 2. Environment Parameters OPENAI_AZURE_ENDPOINT="<your azure openai endpoint>" AZURE_OPENAI_API_KEY="<your azure openai secret>" OPENAI_API_VERSION="2023-12-01-preview" OPENAI_DALLE_MODEL="dalle" Note: OPENAI_API_VERSION has to be 2023-12-01-preview otherwise you will get an exception openai.NotFoundError: Error code: 404 - {'error': {'code': '404', 'message': 'Resource not found'}} dalle  is the name of my dall-e-3 deployment model. You need to change it to
Read more