How to execute Code+Test when a private endpoint is enabled?

  • Thread starter Thread starter Youna_Hyun
  • Start date Start date
Y

Youna_Hyun

When developing a function, it is imperative to thoroughly test the code on multiple occasions. Utilizing the Code+Test feature in the portal provides a straightforward method for testing, where you can simply click the "Run" button.



If your function is configured to be accessible from the public network, testing on your local PC is a viable option. However, in the scenario where the private endpoint is enabled within your function app, attempting to test may result in a 403 error accompanied by an error message.

Error message: You must have direct network access in order to run your function. Your app may be restricted with Private Endpoints, Access Restrictions or Service Endpoints.

large?v=v2&px=999.png



Why did I get the 403 status code?


As you are aware, a private endpoint imposes restrictions on public access. When executing Code+Test on your local PC, the inbound IP is associated with your local PC. Therefore, requests access from a public network.



large?v=v2&px=999.png



While running an HttpTrigger on my local with a private endpoint, I encountered a 403 IpForbidden status code.

large?v=v2&px=999.png

Here is the private endpoint document. You can see the details for the private endpoint setting.





How to run Code+Test with a private endpoint?




Step1. Check VNet which is connected to the private endpoint.


You can check the Private endpoint and VNet information in the Networking blade.

large?v=v2&px=999.png



Step2. Create VM in the same VNet.


You can verify the private IP on the VM overview page. This information will be utilized to compare with the function app access log IP.

large?v=v2&px=999.png



Step3. Connect VM and access Azure portal on the VM.



Access the Azure portal from the VM.



Step4. Run Code+Test


You can check the test result is 200 OK.

large?v=v2&px=999.png



When reviewing the function app access log, observed that the client IP corresponds to the private IP of the VM.

large?v=v2&px=999.png





Conclusion


When setting up configurations for a private endpoint or implementing access restrictions, it is crucial to conduct the Test+Code process from an explicitly allowed IP address. Therefore, it is necessary to examine various elements such as Virtual Network (VNet) configurations, peering configurations, Virtual Private Network (VPN) settings, and other relevant factors in order to comprehensively assess and address the situation.

Continue reading...
 
Back
Top