Upload files to Azure blob storage container

Image by https://www.pexels.com/@apasaric/
Image by https://www.pexels.com/@apasaric/

We have a common use case when we need to upload a sizable file to Azure Blob Storage (or any form of Cloud storage) and then the file content is then processed by Azure Function App. This blog is about an anti-pattern and an effective way to handle this use case.

Setup

Create a resource group and create these services

  1. Azure Function app
  2. Azure Blob Storage

Enable the Managed Service Identity option for Azure Function App.

Next grant this identity to blob storage's Storage Blob Data Contributor role. This is an important step otherwise the generated Shared Access Signature (SAS) Token does have the right permissions.

Add Application Settings in Function App

The BLOB_CONTAINER_NAME and BLOB_STORAGE_URL are in the Python code later.
  • BLOB_CONTAINER_NAME is the container name. I have created one and I named it as "test".
  • BLOB_STORAGE_URL is like https://<you-blob-storage-account-name>.blob.core.windows.net/


Anti Pattern

When we allow the upload of files that are targeted to storage in cloud storage via Azure Function App (or any lightweight microservices), we face the following issues
  1. One extra hop. The file has to go to the function-app first and then to the target blob storage container.
    1. Making the upload process unnecessarily slow.
  2. Unnecessary memory consumption in the function-app for staging the data.


Using Shared Access Signature token

We shall share some code on how to generate Shared Access Signature Token (aka SAS Token).
# azure-identity
# azure-functions
# azure-storage-blob

import logging
import json
import os
import azure.functions as func

from datetime import datetime, timedelta
from azure.identity import ManagedIdentityCredential
from azure.storage.blob import AccountSasPermissions, BlobServiceClient, generate_blob_sas

BLOB_STORAGE_URL = os.environ["BLOB_STORAGE_URL"]
BLOB_CONTAINER_NAME = os.environ["BLOB_CONTAINER_NAME"]

def generate_sas_token(blob_name: str) -> str:
    """generate storage access token

    Args:
        blob_name (str): name of blob

    Returns:
        str: storage access token
    """
    msi_credential = ManagedIdentityCredential()
    blob_client = BlobServiceClient(
        account_url=BLOB_STORAGE_URL,
        credential=msi_credential)

    # Get user-delegated key
    user_key = blob_client.get_user_delegation_key(
        key_start_time = datetime.utcnow(),
        key_expiry_time = datetime.utcnow() + timedelta(minutes=5)
    )

    return generate_blob_sas(
        account_name=blob_client.account_name,
        container_name=BLOB_CONTAINER_NAME,
        blob_name=blob_name,
        user_delegation_key=user_key,
        permission=AccountSasPermissions(create=True, read=True),
        expiry=datetime.utcnow() + timedelta(minutes=5),
    )
    

def main(req: func.HttpRequest) -> func.HttpResponse:
    logging.info('Request SAS URL [Python HTTP trigger] called.')

    name = req.params.get('name')
    if name:
        try:
            token = generate_sas_token(name)

            result = {"sas_url": f"{BLOB_STORAGE_URL}{BLOB_CONTAINER_NAME}/{name}?{token}"}
            return func.HttpResponse(
                json.dumps(result),
                mimetype="application/json",
            )        
        except Exception as e:
            logging.error(e)
            return func.HttpResponse(str(e), status_code=400)

    return func.HttpResponse("name parameter value is required", status_code=400)

The code is very concise and self-explanatory. Here are a few things to note.

  1. ManagedIdentityCredential works because we have created the MSI (Managed Service Identity) for the function-app and assigned the Blob Data Contributor role to it.
  2. The function app will return the URL for uploading a file to Azure Blob Storage. We need to
    1. The generated URL expires in 5 minutes
    2. Use HTTP/1.1 PUT method on this URL
    3. Add x-ms-blob-type=BlockBlob to the header of the HTTP request.




Comments

Post a Comment

Popular posts from this blog

Happy New Year, 2024 from DALL-E

Image
generated by DALL-E Wishing everyone a happy new year. Year 2023 is great for me because I learned much about OpenAI. I am involved in a live deployment with it, and involved in a handful of interesting user scenarios around it. On top of this, a copilot hackathon. The image above is generated by DALL-E and following is the code. 1. Dependencies python = "^3.10" pydantic-settings = "^2.1.0" openai = "^1.3.8" 2. Environment Parameters OPENAI_AZURE_ENDPOINT="<your azure openai endpoint>" AZURE_OPENAI_API_KEY="<your azure openai secret>" OPENAI_API_VERSION="2023-12-01-preview" OPENAI_DALLE_MODEL="dalle" Note: OPENAI_API_VERSION has to be 2023-12-01-preview otherwise you will get an exception openai.NotFoundError: Error code: 404 - {'error': {'code': '404', 'message': 'Resource not found'}} dalle  is the name of my dall-e-3 deployment model. You need to change it to
Read more

Bing Search as tool for OpenAI

Image
  Image from https://www.pexels.com/@skitterphoto/ Many times, we need to search for information in the web when we are working with OpenAI. One of the reasons is that the dataset for training for OpenAI is never up to date. For instance, the OpenAI GPT-4 Turbo has knowledge of events up to April 2023. Here is the Python implementation with Pydantic model. Dependencies python = "^3.10" pydantic-settings = "^2.1.0" pydantic = "^2.5.2" azure-cognitiveservices-search-websearch = "^2.0.0" Environment These are the environment parameters needed. Have the following in a .env file. azure_bing_search_endpoint="https://api.bing.microsoft.com" azure_bing_search_key="<key>" We look under "Keys and Endpoint" for these values. Pydantic Setting Model from pydantic_settings import BaseSettings class BingSearchSettings(BaseSettings): azure_bing_search_endpoint: str azure_bing_search_key: str class Config:
Read more

OpenAI: Functions Feature in 2023-07-01-preview API version

Image
  Image from https://www.pexels.com/@pavel-danilyuk/ One of the cool features of OpenAI version 2023-07-01 is its custom Functions feature. This feature is close to me because I am working on a project where we require OpenAI to generate JSON responses. We always want the generated JSON to be consistent, otherwise, we need to do some post-processing tasks to get the JSON object in the correct schema. In the blog, we observe the completion with and without this new feature. Development Setup python -m venv .venv poetry init poetry shell poetry add openai poetry add python-dotenv poetry add pydantic I am using Python version 3.11 Create .env file OPENAI_API_TYPE="azure" OPENAI_API_BASE="<OpenAI endpoint>" OPENAI_API_KEY="<OpenAI secret>" OPENAI_API_VERSION="2023-07-01-preview" OPENAI_DEPLOYMENT_ID="<deployment identifier>" Without OpenAI functions feature We use two sample texts for experimentation. We want to get the na
Read more