Implement sync triggers in the runtime

Author: ahmelsayed

src/WebJobs.Script.WebHost/Controllers/HostController.cs

@@ -14,6 +14,7 @@
 using Microsoft.Azure.WebJobs.Host;
 using Microsoft.Azure.WebJobs.Script.WebHost.Authentication;
 using Microsoft.Azure.WebJobs.Script.WebHost.Filters;
+using Microsoft.Azure.WebJobs.Script.WebHost.Management;
 using Microsoft.Azure.WebJobs.Script.WebHost.Models;
 using Microsoft.Azure.WebJobs.Script.WebHost.Security.Authorization.Policies;
 using Microsoft.Extensions.Logging;
@@ -31,13 +32,15 @@ public class HostController : Controller
         private readonly WebHostSettings _webHostSettings;
         private readonly ILogger _logger;
         private readonly IAuthorizationService _authorizationService;
+        private readonly IWebFunctionsManager _functionsManager;
 
-        public HostController(WebScriptHostManager scriptHostManager, WebHostSettings webHostSettings, ILoggerFactory loggerFactory, IAuthorizationService authorizationService)
+        public HostController(WebScriptHostManager scriptHostManager, WebHostSettings webHostSettings, ILoggerFactory loggerFactory, IAuthorizationService authorizationService, IWebFunctionsManager functionsManager)
         {
             _scriptHostManager = scriptHostManager;
             _webHostSettings = webHostSettings;
             _logger = loggerFactory.CreateLogger(ScriptConstants.LogCategoryHostController);
             _authorizationService = authorizationService;
+            _functionsManager = functionsManager;
         }
 
         [HttpGet]
@@ -125,6 +128,19 @@ public IActionResult LaunchDebugger()
             return StatusCode(StatusCodes.Status501NotImplemented);
         }
 
+        [HttpPost]
+        [Route("admin/host/synctriggers")]
+        [Authorize(Policy = PolicyNames.AdminAuthLevel)]
+        public async Task<IActionResult> SyncTriggers()
+        {
+            (var success, var error) = await _functionsManager.TrySyncTriggers();
+
+            // Return a dummy body to make it valid in ARM template action evaluation
+            return success
+                ? Ok(new { status = "success" })
+                : StatusCode(StatusCodes.Status500InternalServerError, new { status = error });
+        }
+
         [HttpGet]
         [HttpPost]
         [Authorize(AuthenticationSchemes = AuthLevelAuthenticationDefaults.AuthenticationScheme)]

src/WebJobs.Script.WebHost/Extensions/FunctionMetadataExtensions.cs

@@ -3,13 +3,10 @@
 
 using System;
 using System.IO;
-using System.Runtime.InteropServices;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
-using Microsoft.Azure.WebJobs.Script.Config;
 using Microsoft.Azure.WebJobs.Script.Description;
 using Microsoft.Azure.WebJobs.Script.Management.Models;
-using Microsoft.Azure.WebJobs.Script.WebHost.Helpers;
 using Microsoft.Azure.WebJobs.Script.WebHost.Management;
 using Newtonsoft.Json.Linq;
 
@@ -43,7 +40,7 @@ public static async Task<FunctionMetadataResponse> ToFunctionMetadataResponse(th
                 TestDataHref = VirtualFileSystem.FilePathToVfsUri(functionMetadata.GetTestDataFilePath(config), baseUrl, config),
                 Href = GetFunctionHref(functionMetadata.Name, baseUrl),
                 TestData = await GetTestData(functionMetadata.GetTestDataFilePath(config), config),
-                Config = await GetFunctionConfig(functionMetadataFilePath, config),
+                Config = await GetFunctionConfig(functionMetadataFilePath),
 
                 // Properties below this comment are not present in the kudu version.
                 IsDirect = functionMetadata.IsDirect,
@@ -53,13 +50,50 @@ public static async Task<FunctionMetadataResponse> ToFunctionMetadataResponse(th
             return response;
         }
 
+        /// <summary>
+        /// This method converts a FunctionMetadata into a JObject
+        /// the scale conteller understands. It's mainly the trigger binding
+        /// with functionName inserted in it.
+        /// </summary>
+        /// <param name="functionMetadata">FunctionMetadata object to convert to a JObject.</param>
+        /// <param name="config">ScriptHostConfiguration to read RootScriptPath from.</param>
+        /// <returns>JObject that represent the trigger for scale controller to consume</returns>
+        public static async Task<JObject> ToFunctionTrigger(this FunctionMetadata functionMetadata, ScriptHostConfiguration config)
+        {
+            // Only look at the function if it's not disabled
+            if (!functionMetadata.IsDisabled)
+            {
+                // Get function.json path
+                var functionPath = Path.Combine(config.RootScriptPath, functionMetadata.Name);
+                var functionMetadataFilePath = Path.Combine(functionPath, ScriptConstants.FunctionMetadataFileName);
+
+                // Read function.json as a JObject
+                var functionConfig = await GetFunctionConfig(functionMetadataFilePath);
+
+                // Find the trigger and add functionName to it
+                // Q: Do we plan on supporting multiple triggers?
+                foreach (JObject binding in (JArray)functionConfig["bindings"])
+                {
+                    var type = (string)binding["type"];
+                    if (type.EndsWith("Trigger", StringComparison.OrdinalIgnoreCase))
+                    {
+                        binding.Add("functionName", functionMetadata.Name);
+                        return binding;
+                    }
+                }
+            }
+
+            // If the function is disabled or has no trigger return null
+            return null;
+        }
+
         public static string GetTestDataFilePath(this FunctionMetadata functionMetadata, ScriptHostConfiguration config) =>
             GetTestDataFilePath(functionMetadata.Name, config);
 
         public static string GetTestDataFilePath(string functionName, ScriptHostConfiguration config) =>
             Path.Combine(config.TestDataPath, $"{functionName}.dat");
 
-        private static async Task<JObject> GetFunctionConfig(string path, ScriptHostConfiguration config)
+        private static async Task<JObject> GetFunctionConfig(string path)
         {
             try
             {

src/WebJobs.Script.WebHost/Helpers/SimpleWebTokenHelper.cs

@@ -0,0 +1,77 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Security.Cryptography;
+using System.Text;
+
+namespace Microsoft.Azure.WebJobs.Script.WebHost.Helpers
+{
+    public static class SimpleWebTokenHelper
+    {
+        /// <summary>
+        /// A SWT or a Simple Web Token is a token that's made of key=value pairs seperated
+        /// by &. We only specify expiration in ticks from now (exp={ticks})
+        /// The SWT is then returned as an encrypted string
+        /// </summary>
+        /// <param name="validUntil">Datetime for when the token should expire</param>
+        /// <returns>a SWT signed by this app</returns>
+        public static string CreateToken(DateTime validUntil) => Encrypt($"exp={validUntil.Ticks}");
+
+        private static string Encrypt(string value)
+        {
+            using (var aes = new AesManaged { Key = GetWebSiteAuthEncryptionKey() })
+            {
+                // IV is always generated for the key every time
+                aes.GenerateIV();
+                var input = Encoding.UTF8.GetBytes(value);
+                var iv = Convert.ToBase64String(aes.IV);
+
+                using (var encrypter = aes.CreateEncryptor(aes.Key, aes.IV))
+                using (var cipherStream = new MemoryStream())
+                {
+                    using (var cryptoStream = new CryptoStream(cipherStream, encrypter, CryptoStreamMode.Write))
+                    using (var binaryWriter = new BinaryWriter(cryptoStream))
+                    {
+                        binaryWriter.Write(input);
+                        cryptoStream.FlushFinalBlock();
+                    }
+
+                    // return {iv}.{swt}.{sha236(key)}
+                    return string.Format("{0}.{1}.{2}", iv, Convert.ToBase64String(cipherStream.ToArray()), GetSHA256Base64String(aes.Key));
+                }
+            }
+        }
+
+        private static string GetSHA256Base64String(byte[] key)
+        {
+            using (var sha256 = new SHA256Managed())
+            {
+                return Convert.ToBase64String(sha256.ComputeHash(key));
+            }
+        }
+
+        private static byte[] GetWebSiteAuthEncryptionKey()
+        {
+            var hexOrBase64 = Environment.GetEnvironmentVariable("WEBSITE_AUTH_ENCRYPTION_KEY");
+            if (string.IsNullOrEmpty(hexOrBase64))
+            {
+                throw new InvalidOperationException("No WEBSITE_AUTH_ENCRYPTION_KEY defined in the environment");
+            }
+
+            // only support 32 bytes (256 bits) key length
+            if (hexOrBase64.Length == 64)
+            {
+                return Enumerable.Range(0, hexOrBase64.Length)
+                                 .Where(x => x % 2 == 0)
+                                 .Select(x => Convert.ToByte(hexOrBase64.Substring(x, 2), 16))
+                                 .ToArray();
+            }
+
+            return Convert.FromBase64String(hexOrBase64);
+        }
+    }
+}

src/WebJobs.Script.WebHost/Management/IWebFunctionsManager.cs

@@ -17,5 +17,7 @@ public interface IWebFunctionsManager
         Task<(bool, bool, FunctionMetadataResponse)> CreateOrUpdate(string name, FunctionMetadataResponse functionMetadata, HttpRequest request);
 
         (bool, string) TryDeleteFunction(FunctionMetadataResponse function);
+
+        Task<(bool success, string error)> TrySyncTriggers();
     }
 }

src/WebJobs.Script.WebHost/Management/WebFunctionsManager.cs

@@ -6,15 +6,18 @@
 using System.Collections.ObjectModel;
 using System.IO;
 using System.Linq;
+using System.Net.Http;
+using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
-using Microsoft.Azure.WebJobs.Script;
+using Microsoft.Azure.WebJobs.Script.Description;
+using Microsoft.Azure.WebJobs.Script.Extensions;
 using Microsoft.Azure.WebJobs.Script.Management.Models;
-using Microsoft.Azure.WebJobs.Script.WebHost;
 using Microsoft.Azure.WebJobs.Script.WebHost.Extensions;
 using Microsoft.Azure.WebJobs.Script.WebHost.Helpers;
 using Microsoft.Extensions.Logging;
 using Newtonsoft.Json;
+using Newtonsoft.Json.Linq;
 
 namespace Microsoft.Azure.WebJobs.Script.WebHost.Management
 {
@@ -37,9 +40,7 @@ public WebFunctionsManager(WebHostSettings webSettings, ILoggerFactory loggerFac
         /// <returns>collection of FunctionMetadataResponse</returns>
         public async Task<IEnumerable<FunctionMetadataResponse>> GetFunctionsMetadata(HttpRequest request)
         {
-            return await ScriptHost.ReadFunctionsMetadata(FileUtility.EnumerateDirectories(_config.RootScriptPath), _logger, new Dictionary<string, Collection<string>>())
-                .Select(fm => fm.ToFunctionMetadataResponse(request, _config))
-                .WhenAll();
+            return await GetFunctionsMetadata().Select(fm => fm.ToFunctionMetadataResponse(request, _config)).WhenAll();
         }
 
         /// <summary>
@@ -123,7 +124,7 @@ await functionMetadata
         /// <returns>(success, FunctionMetadataResponse)</returns>
         public async Task<(bool, FunctionMetadataResponse)> TryGetFunction(string name, HttpRequest request)
         {
-            var functionMetadata = ScriptHost.ReadFunctionMetadata(Path.Combine(_config.RootScriptPath, name), _logger, new Dictionary<string, Collection<string>>());
+            var functionMetadata = ScriptHost.ReadFunctionMetadata(Path.Combine(_config.RootScriptPath, name), new Dictionary<string, Collection<string>>());
             if (functionMetadata != null)
             {
                 return (true, await functionMetadata.ToFunctionMetadataResponse(request, _config));
@@ -158,6 +159,88 @@ await functionMetadata
             }
         }
 
+        /// <summary>
+        /// Try to perform sync triggers to the scale controller
+        /// </summary>
+        /// <returns>(success, error)</returns>
+        public async Task<(bool success, string error)> TrySyncTriggers()
+        {
+            var durableTaskHubName = await GetDurableTaskHubName();
+            var functionsTriggers = (await GetFunctionsMetadata()
+                .Select(f => f.ToFunctionTrigger(_config))
+                .WhenAll())
+                .Where(t => t != null)
+                .Select(t =>
+                {
+                    // if we have a durableTask hub name and the function trigger is either orchestrationTrigger OR activityTrigger,
+                    // add a property "taskHubName" with durable task hub name.
+                    if (durableTaskHubName != null
+                        && (t["type"]?.ToString().Equals("orchestrationTrigger", StringComparison.OrdinalIgnoreCase) == true
+                            || t["type"]?.ToString().Equals("activityTrigger", StringComparison.OrdinalIgnoreCase) == true))
+                    {
+                        t["taskHubName"] = durableTaskHubName;
+                    }
+                    return t;
+                });
+
+            if (FileUtility.FileExists(Path.Combine(_config.RootScriptPath, ScriptConstants.ProxyMetadataFileName)))
+            {
+                // This is because we still need to scale function apps that are proxies only
+                functionsTriggers = functionsTriggers.Append(new JObject(new { type = "routingTrigger" }));
+            }
+
+            return await InternalSyncTriggers(functionsTriggers);
+        }
+
+        // This function will call POST https://{app}.azurewebsites.net/operation/settriggers with the content
+        // of triggers. It'll verify app owner ship using a SWT token valid for 5 minutes. It should be plenty.
+        private async Task<(bool, string)> InternalSyncTriggers(IEnumerable<JObject> triggers)
+        {
+            var content = JsonConvert.SerializeObject(triggers);
+            var token = SimpleWebTokenHelper.CreateToken(DateTime.UtcNow.AddMinutes(5));
+
+            // This will be a problem for national clouds. However, Antares isn't injecting the
+            // WEBSITE_HOSTNAME yet for linux apps. So until then will use this.
+            var url = $"https://{Environment.GetEnvironmentVariable("WEBSITE_SITE_NAME")}.azurewebsites.net/operations/settriggers";
+
+            using (var request = new HttpRequestMessage(HttpMethod.Post, url))
+            {
+                // This has to start with Mozilla because the frontEnd checks for it.
+                request.Headers.Add("User-Agent", "Mozilla/5.0");
+                request.Headers.Add("x-ms-site-restricted-token", token);
+                request.Content = new StringContent(content, Encoding.UTF8, "application/json");
+
+                var response = await HttpClientUtility.Instance.SendAsync(request);
+                return response.IsSuccessStatusCode
+                    ? (true, string.Empty)
+                    : (false, $"Sync triggers failed with: {response.StatusCode}");
+            }
+        }
+
+        private IEnumerable<FunctionMetadata> GetFunctionsMetadata()
+        {
+            return ScriptHost
+                .ReadFunctionsMetadata(FileUtility.EnumerateDirectories(_config.RootScriptPath), _logger, new Dictionary<string, Collection<string>>());
+        }
+
+        private async Task<string> GetDurableTaskHubName()
+        {
+            string hostJsonPath = Path.Combine(_config.RootScriptPath, ScriptConstants.HostMetadataFileName);
+            if (FileUtility.FileExists(hostJsonPath))
+            {
+                // We're looking for {VALUE}
+                // {
+                //     "durableTask": {
+                //         "HubName": "{VALUE}"
+                //     }
+                // }
+                var hostJson = JsonConvert.DeserializeObject<HostJsonModel>(await FileUtility.ReadAsync(hostJsonPath));
+                return hostJson?.DurableTask?.HubName;
+            }
+
+            return null;
+        }
+
         private void DeleteFunctionArtifacts(FunctionMetadataResponse function)
         {
             // TODO: clear secrets
@@ -169,5 +252,15 @@ private void DeleteFunctionArtifacts(FunctionMetadataResponse function)
                 FileUtility.DeleteFileSafe(testDataPath);
             }
         }
+
+        private class HostJsonModel
+        {
+            public DurableTaskHostModel DurableTask { get; set; }
+        }
+
+        private class DurableTaskHostModel
+        {
+            public string HubName { get; set; }
+        }
     }
 }

src/WebJobs.Script/Extensions/FileUtility.cs

@@ -88,6 +88,8 @@ public static async Task<string> ReadAsync(string path, Encoding encoding = null
             }
         }
 
+        public static string ReadAllText(string path) => Instance.File.ReadAllText(path);
+
         public static Stream OpenFile(string path, FileMode mode, FileAccess access = FileAccess.ReadWrite, FileShare share = FileShare.None)
         {
             return Instance.File.Open(path, mode, access, share);

src/WebJobs.Script/Extensions/HttpClientUtility.cs

@@ -0,0 +1,25 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+using System.Net.Http;
+
+namespace Microsoft.Azure.WebJobs.Script
+{
+    /// <summary>
+    /// This class holds a static instance for HttpClient for all to use.
+    /// It also allows injecting in a new HttpClient for unit testing
+    /// </summary>
+    public static class HttpClientUtility
+    {
+        private static HttpClient _default = new HttpClient();
+        private static HttpClient _instance;
+
+        public static HttpClient Instance
+        {
+            get { return _instance ?? _default; }
+            // Used for testing. You can update this with an HttpClient with a custom
+            // HttpClientHandler with a custom SendAsync implementation.
+            internal set { _instance = value; }
+        }
+    }
+}