I'm using DefaultAzureCredential() from azure.identity to get credential and use it to establish TableServiceClient (azure.data.table) connection. It works. If I am trying to do the same for QueueClient (azure.storage.queue), I'm getting following error. As far as I understand documentation, it should be possible to use DefailtAzureCredential() for that.
[2023-05-06T08:40:40.331Z] Response status: 403
Response headers:
'Content-Length': '279'
'Content-Type': 'application/xml'
'Server': 'Windows-Azure-Queue/1.0 Microsoft-HTTPAPI/2.0'
'x-ms-request-id': '30a41a1b-a003-0004-71f6-7f25a6000000'
'x-ms-client-request-id': 'adedb50b-ebe9-11ed-b983-001a7dda7113'
'x-ms-version': 'REDACTED'
'x-ms-error-code': 'REDACTED'
'Date': 'Sat, 06 May 2023 08:40:39 GMT'
I'm connecting in following way. If I switch credential with storage account key, it works.
credential = DefaultAzureCredential()
queue_service_client = QueueClient(
account_url = os.environ["STORAGE_ENDPOINT_QUEUE"],
credential=credential,
queue_name = "smsnotification"
)
def pushNotifyToQueune(queue_service_client, playerId):
logging.info(f"Push notify to queune")
try:
response = queue_service_client.send_message("m")
logging.info(f"Print response form queune {response}")
except:
logging.info(f"Something goes wrong when pusing notify to queune")
#TODO use ErrorName
I were trying to use Storage Account Key and it works. DefaultAzureCredential is also working for TableServiceClient but not for Queue.
Please make sure that your user account is assigned one of the Storage Queue related RBAC roles. Your user account must be assigned one or more of Storage Queue Data Contributor, Storage Queue Data Message Processor, Storage Queue Data Message Sender, or Storage Queue Data Reader roles depending on your requirements.