When developing a function, it is imperative to thoroughly test the code on multiple occasions. Utilizing the Code+Test feature in the portal provides a straightforward method for testing, where you can simply click the "Run" button.
If your function is configured to be accessible from the public network, testing on your local PC is a viable option. However, in the scenario where the private endpoint is enabled within your function app, attempting to test may result in a 403 error accompanied by an error message.
Error message: You must have direct network access in order to run your function. Your app may be restricted with Private Endpoints, Access Restrictions or Service Endpoints.
Why did I get the 403 status code?
As you are aware, a private endpoint imposes restrictions on public access. When executing Code+Test on your local PC, the inbound IP is associated with your local PC. Therefore, requests access from a public network.
While running an HttpTrigger on my local with a private endpoint, I encountered a 403 IpForbidden status code.
Here is the private endpoint document. You can see the details for the private endpoint setting.
How to run Code+Test with a private endpoint?
Prerequisites
To use the Code + Test option in the portal from that VM, you need to add following CORS origins to your function app:
https://functions-next.azure.comhttps://functions-staging.azure.comhttps://functions.azure.comhttps://portal.azure.com
Please refer this documents for more detail.
Step1. Check VNet which is connected to the private endpoint.
You can check the Private endpoint and VNet information in the Networking blade.
Step2. Create VM in the same VNet.
You can verify the private IP on the VM overview page. This information will be utilized to compare with the function app access log IP.
Step3. Connect VM and access Azure portal on the VM.
Access the Azure portal from the VM.
Step4. Run Code+Test
You can check the test result is 200 OK.
When reviewing the function app access log, observed that the client IP corresponds to the private IP of the VM.
Conclusion
When setting up configurations for a private endpoint or implementing access restrictions, it is crucial to conduct the Test+Code process from an explicitly allowed IP address. Therefore, it is necessary to examine various elements such as Virtual Network (VNet) configurations, peering configurations, Virtual Private Network (VPN) settings, and other relevant factors in order to comprehensively assess and address the situation.