Azure Functions
Azure Functions is an event driven, compute-on-demand experience that extends the existing Azure application platform with capabilities to implement code triggered by events occurring in other Azure services, SaaS products, and on-premises systems. With Azure Functions, your applications scale based on demand and you pay only for the resources you consume. Azure Functions provides an intuitive, browser-based user interface allowing you to create scheduled or triggered pieces of code implemented in a variety of programming languages.
-
Add max calls/per day|hour|minute configuration for throttling
Now- any light ddos attack that Azure will not recognize- will affect me and my account. If I know that my service shouldn't receive more than 10000 calls per day, but I can't setup limits on incoming requests.
"Daily Usage Quota (GB-Sec)"- not bad idea, but it's something internal and synthetic for me. Call/per day- is much more native metrics for users.
88 votesHere’s the latest as there seem to be 2 types of ask here and so two seperate updates. Need comments for if this issue should close to be focused on one or other:
1. I want to control how many calls my function can make to another API (the 3rd party API rate limiting).
– In all plans we now have a way to specify the max instances. This can limit how far a function app instance can scale: https://docs.microsoft.com/en-us/azure/azure-functions/functions-scale#limit-scale-out2. I want to stop my function from triggering more than x times an hour.
Nothing planned in this in the short term. Using API Management for HTTP functions with throttles would be our recommendation for HTTP, nothing out of box for non-HTTP triggers yet. -
Support Service Bus trigger with use of SAS token
In our company we are using Service Bus with a framework that deals out the SAS tokens to queues. These tokens are living for few days only and concern hierarchical queues (eg. queue name could be productA/event-type-B/subtypeC) and only Listen policy.
This would mean that listening on a different level then root level of namespace would be needed.
Best if also the whole connection to SB described by this token would be separate object from the Function, so we could modify it (by altering with new SAS token/whole connection string) without modifying the Function code (as API Connections in Logic…25 votesI believe in our latest SDK versions you should be able to use connection strings specific to a single queue / listen-only. These connection strings are stored in app settings and can be updated / rolled without having to modify or redeploy the code. Believe this would be sufficient today? Not sure if anything blocking anymore
-
Add RPC support for Azure Functions
RPC support for Azure functions to allow compile-time verification of RPC calls. As it is, HTTP trigger endpoints are not verifiable at compile-time.
3 votesWaiting for more feedback in the comments to assign this item
Alex
Azure Functions PM Team -
Durable Azure Function Development By Visual Studio Not VSCode
1- We want the function to be development together with other related projects solution
2- We don't like VSCode1 voteYou can use Visual Studio to build .NET Durable Functions. Do you see the templates when creating a new function? – Anthony
-
authentication
Allow authentication to Azure functions with accounts that have MFA enabled.
Currently, if you use functions as middleware for a non-authenticated client app (like wasm blazor), there is no way to authenticate to a function middleware layer if your account is MFA enabled. This could be either a) having some kind of ms auth phone-like app connection to do the auth or 2) to do pre-auth like is done with logic apps and some of the connectors (e.g. twitter).
I think this could take any of a number of forms, but is definitely a current limitation when integrating serverless applications.
1 voteIt’s unclear exactly what is breaking in the example scenario. MFA as a feature of AAD can work here, especially if the public client is using one of the identity SDKs for login. Is this specific to a given provider, or more around a general pattern?
There are patterns in Durable Functions for dealing with human interaction flows if looking to build your own MFA flow: https://docs.microsoft.com/en-us/azure/azure-functions/durable/durable-functions-overview?tabs=csharp#human
-
Built-in role for Azure functions
There is now built-in role Azure functions. I would like see soem built-in role for Azure Functions. For example,
- Developer Role
- Platform Admin role
- Read-only role
- Security role.
is there any roadmap for built-in role for Azure Functions.
1 voteI believe the request here is for roles like an equivalent of “Web App Contributor” which adjusts specific permissions different from the standard “Contributor” Role.
It’s a valid request, but currently unplanned. Please keep the votes coming, and it would be great to get some examples of what proposed roles might look like.
Do remember that you can always create custom roles: https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles
-
Durable Functions Workflow fixes support
Workflows on Durable Functions is great until you make some bug in it. And when you do (not "if you do") make a bug, it may result in thousands or even millions of workflows in inappropriate state, or waiting for never-happen events, or just hang in some infinite loop - there are a lot of ways things can go wrong.
And we need some way to recover the system from those mistakes. Cancellation is one option (AFAIK, it still doesn't support cancelling sub-orchestrators and activities, so not very useful anyway), but workflows sometimes may take days or months to get…1 voteAre you able to resolve these issues by fixing the underlying problem and rewinding the orchestration? https://docs.microsoft.com/en-us/azure/azure-functions/durable/durable-functions-instance-management?tabs=csharp#rewind-instances-preview
- Anthony -
Expose StorageClientFactory or QueueProcessorFactory to enable triggering on client-side-encrypted queues
With WebJobs, a custom StorageClientFactory can set an EncryptionPolicy in the DefaultRequestOptions such that encrypted queue messages are transparently decrypted when triggering a WebJob.
Alternatively, the EncryptionPolicy can be set on a queue by queue basis using a custom QueueProcessorFactory.
If these, or a more general way to modify the JobHostConfiguration were provided, then we would be able to store the storage connection string in Azure KeyVault and use client side encryption with Azure Functions apps.
1 voteMarking to needs feedback per below:
Nothing planned but still curious on this one. I think the ask is that you could decrypt on trigger. I expect trigger would work today but you’d have to have decrypt in code per execution. Is hope to decrypt before execution? – Jeff
- Don't see your idea?