I was happy with my experiments with AWS Lambda, and tried using AWS portal, using Serverless, using SAM, using Chalice. Then, I “felt” that Azure Functions with SQL Azure could be far cheaper than AWS and ANY RDBMS
Next step – obviously, to see if I could try out Azure Functions (with serverless framework) too! Here’s what happened – merely a record of my experiences.
I chose Python runtime in both clouds – decided to date Python for sometime!
Here’s the log of my actions & thoughts!
Trying to create my second project with Serverless and Azure Functions for Python runtime.
First step is simple
“sls create -t azure-python -p az-sls-py-5”
For some strange reason, sls takes so much time to act on this, I often wonder if my laptop is hanging.
Anyways, boilerplate code is created
Moved to that folder from where I was
“cd az-sls-py-5”
“ls” shows me 2 .json files host.json, package.json; one README.md; one requirements.txt; one serverless.yml, and a folder src
src folder has handlers folder
handlers folder has goodbye.py and hello.py
Thats a bigger hierarchy and more files than I expected. But, way less than some of the other tools generate (not for serverless)
Went back to project main folder (2 levels above)
Issued “sls package” command
Pretty fast
Expect bigger problem now when I issue “sls deploy” command – it ALWAYS gives some error about “Authentication returned an empty list of subscriptions” and makes me go through a series of steps – EACH TIME!!!!
anyways, I issued “sls deploy” command, and it bombed – as expected!
There must be someway to save my configuration, and prompt “sls deploy” to use that by default!
That’s how I use sls deploy for AWS Lambda functions.
Again and again, I search and find my way to https://github.com/serverless/serverless-azure-functions#advanced-authentication and followed the instructions
Step 1) az login
This is crazy. I signed up to work at CLI and this command launches the browser and asks me to login to my Azure account. When there is a CLI, shouldnt there be some access key and secret? Doesnt Azure have this, or, am I missing something?
Anyways, on successful login, my command prompt returns a set of name-value pairs
Names that are returned include – cloudName, homeTenantId, id, isDefault, managedByTenants, name, state, tenantId, user – which had 2 sub-elements – name, type (Apologies for showing this in a text-only way)
Step 2) Next instruction says
“# Set Azure Subscription for which to create Service Principal
$ az account set -s “
Please note that “az login” didnt return us any value that calls itself as “subscription-id”
I went to portal.azure.com and clicked on the Subscriptions icon.
The Subscription ID I find there matches “id” in what “az login” returned
So, now I issue the second command to create Service Principal “az account set -s
Success!
Step 3) next instruction says
“Generate Service Principal for Azure Subscription
Create SP with unique name
$ az ad sp create-for-rbac –name <my-unique-name>”
I dont know what is my-unique-name!
Whenever a user is allowed to enter a string, someone should inform him of min length, max length, permissible characters! (Nor did I understand why I need to do this, and the relevance of this)
My expectations are from the thousands of windows / web applications I used from ’90s.
Success – with 2 yellow color messages in command prompt. I thought they were warnings – looks like they are not
First message said “changing my-unique-name to a valid URI of http://my-unique-name which is the required format used for service principal names.
Second message said “Creating a role assignment under the scope of “/subscriptions/mysubsciptionid”
And, it returned more name-value pairs
Names are – appId, displayName, name, password, tenant
displayName is what was referred to as my-unique-name in last step. Who changed its “name” and why?
name was the URI format of my-unique-name
other 3 values are GUIDs – except that what was called homeTenantId, or tenantId is now being called as tenant
Thanks for adding to my confusion
We’re NOT done yet!
Step 4) this is the last set of instructions before I can run deploy command again. github page says
“Set environment variables with values from above service principal
Bash
$ export AZURE_SUBSCRIPTION_ID=”
$ export AZURE_TENANT_ID=”
$ export AZURE_CLIENT_ID=”
$ export AZURE_CLIENT_SECRET=””
subscriptionId – thats the id returned upon az login
tenantId – last value from previous command’s output – referred to as “tenant”
servicePrincipalId – this is the my-unique-name we gave few minutes ago
password – no confusion
Done!
Step 5) run sls deploy
It bombed
Error message says “Error: Get Token request returned http error: 400 and server response: {“error”:”unauthorized_client”,”error_description”:”AADSTS700016: Application with identifier….”
This means my tenantId was wrong
This time, I reissued the command
$ export AZURE_CLIENT_ID=”
but instead of giving my-unique-name, I typed the URI (http://my-unique-name)
Again, issued “sls deploy” command – this time, it is making progress!
Please also note that I didnt open ANY of the generated files (especially serverless.yml) to make any changes to the desired region or stage or whatever!
Deployment done!
Phew!!!!
Compare this with creating an AWS Lambda function with serverless
Step 1: sls create -t aws-python -p aws-sls-py-6
Step 2: I went into that folder (cd aws-sls–py-6) and checked contents (ls) . Has just 2 files – handler.py and serverless.yml/ (cd is a necessary step, but not ls)
Step 3: next command sls package
Step 4: sls deploy
And, I’m done!
My Lambda function is deployed
Only thing that calls for additional investigation is – why is a .zip file getting uploaded & deployed? And not just plain .py code?
Krishna.Ki.shor 