Support for no storage account scenario.

Author: kashimiz

release_notes.md

@@ -3,6 +3,7 @@
 - My change description (#PR)
 -->
 - Add admin/host/config API (#7394)
+- Added support for no storage account scenarios (#8083)
 
 **Release sprint:** Sprint 118
 [ [bugs](https://github.com/Azure/azure-functions-host/issues?q=is%3Aissue+milestone%3A%22Functions+Sprint+<successiveSprint>%22+label%3Abug+is%3Aclosed) | [features](https://github.com/Azure/azure-functions-host/issues?q=is%3Aissue+milestone%3A%22Functions+Sprint+<successiveSprint>%22+label%3Afeature+is%3Aclosed) ]

src/WebJobs.Script.WebHost/Security/Authentication/Keys/AuthenticationLevelHandler.cs

@@ -1,7 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the MIT License. See License.txt in the project root for license information.
 
-using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
@@ -84,22 +83,25 @@ protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
 
         internal static Task<(string, AuthorizationLevel)> GetAuthorizationKeyInfoAsync(HttpRequest request, ISecretManagerProvider secretManagerProvider)
         {
-            // first see if a key value is specified via headers or query string (header takes precedence)
-            string keyValue = null;
-            if (request.Headers.TryGetValue(FunctionsKeyHeaderName, out StringValues values))
+            if (secretManagerProvider.SecretsEnabled)
             {
-                keyValue = values.First();
-            }
-            else if (request.Query.TryGetValue(FunctionsKeyQueryParamName, out values))
-            {
-                keyValue = values.First();
-            }
+                // first see if a key value is specified via headers or query string (header takes precedence)
+                string keyValue = null;
+                if (request.Headers.TryGetValue(FunctionsKeyHeaderName, out StringValues values))
+                {
+                    keyValue = values.First();
+                }
+                else if (request.Query.TryGetValue(FunctionsKeyQueryParamName, out values))
+                {
+                    keyValue = values.First();
+                }
 
-            if (!string.IsNullOrEmpty(keyValue))
-            {
-                ISecretManager secretManager = secretManagerProvider.Current;
-                var functionName = request.HttpContext.Features.Get<IFunctionExecutionFeature>()?.Descriptor.Name;
-                return secretManager.GetAuthorizationLevelOrNullAsync(keyValue, functionName);
+                if (!string.IsNullOrEmpty(keyValue))
+                {
+                    ISecretManager secretManager = secretManagerProvider.Current;
+                    var functionName = request.HttpContext.Features.Get<IFunctionExecutionFeature>()?.Descriptor.Name;
+                    return secretManager.GetAuthorizationLevelOrNullAsync(keyValue, functionName);
+                }
             }
 
             return Task.FromResult<(string, AuthorizationLevel)>((null, AuthorizationLevel.Anonymous));

test/WebJobs.Script.Tests.Integration/TestFunctionHost.cs

@@ -4,6 +4,7 @@
 using System;
 using System.Collections.Generic;
 using System.Diagnostics;
+using System.IdentityModel.Tokens.Jwt;
 using System.IO;
 using System.Linq;
 using System.Net.Http;
@@ -14,11 +15,12 @@
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.TestHost;
+using Microsoft.Azure.Web.DataProtection;
 using Microsoft.Azure.WebJobs.Host.Executors;
 using Microsoft.Azure.WebJobs.Script.ExtensionBundle;
-using Microsoft.Azure.WebJobs.Script.Grpc;
 using Microsoft.Azure.WebJobs.Script.Models;
 using Microsoft.Azure.WebJobs.Script.WebHost;
+using Microsoft.Azure.WebJobs.Script.WebHost.Authentication;
 using Microsoft.Azure.WebJobs.Script.WebHost.DependencyInjection;
 using Microsoft.Azure.WebJobs.Script.WebHost.Middleware;
 using Microsoft.Azure.WebJobs.Script.WebHost.Models;
@@ -32,6 +34,7 @@
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.Tokens;
 using Microsoft.WebJobs.Script.Tests;
 using Newtonsoft.Json.Linq;
 using IApplicationLifetime = Microsoft.AspNetCore.Hosting.IApplicationLifetime;
@@ -59,9 +62,10 @@ public TestFunctionHost(string scriptPath,
            Action<IWebJobsBuilder> configureScriptHostWebJobsBuilder = null,
            Action<IConfigurationBuilder> configureScriptHostAppConfiguration = null,
            Action<ILoggingBuilder> configureScriptHostLogging = null,
-           Action<IServiceCollection> configureScriptHostServices = null)
+           Action<IServiceCollection> configureScriptHostServices = null,
+           Action<IConfigurationBuilder> configureWebHostAppConfiguration = null)
             : this(scriptPath, Path.Combine(Path.GetTempPath(), @"Functions"), configureWebHostServices, configureScriptHostWebJobsBuilder,
-                  configureScriptHostAppConfiguration, configureScriptHostLogging, configureScriptHostServices)
+                  configureScriptHostAppConfiguration, configureScriptHostLogging, configureScriptHostServices, configureWebHostAppConfiguration)
         {
         }
 
@@ -70,7 +74,9 @@ public TestFunctionHost(string scriptPath, string logPath,
             Action<IWebJobsBuilder> configureScriptHostWebJobsBuilder = null,
             Action<IConfigurationBuilder> configureScriptHostAppConfiguration = null,
             Action<ILoggingBuilder> configureScriptHostLogging = null,
-            Action<IServiceCollection> configureScriptHostServices = null)
+            Action<IServiceCollection> configureScriptHostServices = null,
+            Action<IConfigurationBuilder> configureWebHostAppConfiguration = null,
+            bool addTestSettings = true)
         {
             _appRoot = scriptPath;
 
@@ -123,7 +129,10 @@ public TestFunctionHost(string scriptPath, string logPath,
                 })
                 .ConfigureScriptHostAppConfiguration(scriptHostConfigurationBuilder =>
                 {
-                    scriptHostConfigurationBuilder.AddTestSettings();
+                    if (addTestSettings)
+                    {
+                        scriptHostConfigurationBuilder.AddTestSettings();
+                    }
                     configureScriptHostAppConfiguration?.Invoke(scriptHostConfigurationBuilder);
                 })
                 .ConfigureScriptHostLogging(scriptHostLoggingBuilder =>
@@ -146,7 +155,11 @@ public TestFunctionHost(string scriptPath, string logPath,
                     }
 
                     config.Add(new ScriptEnvironmentVariablesConfigurationSource());
-                    config.AddTestSettings();
+                    if (addTestSettings)
+                    {
+                        config.AddTestSettings();
+                    }
+                    configureWebHostAppConfiguration?.Invoke(config);
                 })
                 .UseStartup<TestStartup>();
 
@@ -182,7 +195,9 @@ public TestFunctionHost(string scriptPath, string logPath,
 
         public ScriptJobHostOptions ScriptOptions => JobHostServices.GetService<IOptions<ScriptJobHostOptions>>().Value;
 
-        public ISecretManager SecretManager => _testServer.Host.Services.GetService<ISecretManagerProvider>().Current;
+        public ISecretManagerProvider SecretManagerProvider => _testServer.Host.Services.GetService<ISecretManagerProvider>();
+
+        public ISecretManager SecretManager => SecretManagerProvider.Current;
 
         public string LogPath => _hostOptions.LogPath;
 
@@ -192,6 +207,11 @@ public TestFunctionHost(string scriptPath, string logPath,
 
         public async Task<string> GetMasterKeyAsync()
         {
+            if (!SecretManagerProvider.SecretsEnabled)
+            {
+                return null;
+            }
+
             HostSecretsInfo secrets = await SecretManager.GetHostSecretsAsync();
             return secrets.MasterKey;
         }
@@ -345,13 +365,44 @@ public async Task<FunctionStatus> GetFunctionStatusAsync(string functionName)
 
         public async Task<HostStatus> GetHostStatusAsync()
         {
-            HostSecretsInfo secrets = await SecretManager.GetHostSecretsAsync();
-            string uri = $"admin/host/status?code={secrets.MasterKey}";
-            HttpResponseMessage response = await HttpClient.GetAsync(uri);
+            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, "admin/host/status");
+
+            if (SecretManagerProvider.SecretsEnabled)
+            {
+                // use admin key
+                HostSecretsInfo secrets = await SecretManager.GetHostSecretsAsync();
+                request.Headers.Add(AuthenticationLevelHandler.FunctionsKeyHeaderName, secrets.MasterKey);
+            }
+            else
+            {
+                // use admin jwt token
+                string token = GenerateAdminJwtToken();
+                request.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", token);
+            }
+            
+            HttpResponseMessage response = await HttpClient.SendAsync(request);
             response.EnsureSuccessStatusCode();
             return await response.Content.ReadAsAsync<HostStatus>();
         }
 
+        public string GenerateAdminJwtToken()
+        {
+            var tokenHandler = new JwtSecurityTokenHandler();
+            string defaultKey = Util.GetDefaultKeyValue();
+            var key = Encoding.ASCII.GetBytes(defaultKey);
+            var tokenDescriptor = new SecurityTokenDescriptor
+            {
+                Audience = string.Format(ScriptConstants.AdminJwtValidAudienceFormat, Environment.GetEnvironmentVariable(EnvironmentSettingNames.AzureWebsiteName)),
+                Issuer = string.Format(ScriptConstants.AdminJwtValidIssuerFormat, Environment.GetEnvironmentVariable(EnvironmentSettingNames.AzureWebsiteName)),
+                Expires = DateTime.UtcNow.AddHours(1),
+                SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
+            };
+            var token = tokenHandler.CreateToken(tokenDescriptor);
+            string tokenHeaderValue = tokenHandler.WriteToken(token);
+
+            return tokenHeaderValue;
+        }
+
         public void Dispose()
         {
             if (!_isDisposed)

test/WebJobs.Script.Tests.Integration/TestScripts/CSharp/HttpTrigger-FunctionAuth/function.json

@@ -0,0 +1,16 @@
+{
+    "bindings": [
+        {
+            "type": "httpTrigger",
+            "name": "input",
+            "direction": "in",
+            "methods": [ "get" ],
+            "authLevel": "function"
+        },
+        {
+            "type": "http",
+            "name": "$return",
+            "direction": "out"
+        }
+    ]
+}

test/WebJobs.Script.Tests.Integration/TestScripts/CSharp/HttpTrigger-FunctionAuth/run.csx

@@ -0,0 +1,4 @@
+public static string Run(dynamic input)
+{
+    return $"Success";
+}

test/WebJobs.Script.Tests.Integration/TestScripts/CSharp/HttpTrigger-Scenarios/run.csx

@@ -2,6 +2,7 @@
 
 using System;
 using System.Net;
+using System.Web;
 using Newtonsoft.Json;
 using Newtonsoft.Json.Linq;
 
@@ -13,6 +14,10 @@ public static async Task<HttpResponseMessage> Run(HttpRequestMessage req, Execut
 
     switch (scenario)
     {
+        case "swa":
+            var query = HttpUtility.ParseQueryString(req.RequestUri.Query ?? string.Empty);
+            var code = query["code"];
+            return new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent(code) };
         case "appServiceFixupMiddleware":
             return new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent(req.RequestUri.ToString()) };
         case "appInsights-Success":

test/WebJobs.Script.Tests.Integration/WebHostEndToEnd/EndToEndTestFixture.cs

@@ -35,15 +35,21 @@ public abstract class EndToEndTestFixture : IAsyncLifetime
         private string _functionsWorkerRuntime;
         private int _workerProcessCount;
         private string _functionsWorkerRuntimeVersion;
+        private bool _addTestSettings;
 
-        protected EndToEndTestFixture(string rootPath, string testId, string functionsWorkerRuntime, int workerProcessesCount = 1, string functionsWorkerRuntimeVersion = null)
+        protected EndToEndTestFixture(string rootPath, string testId, 
+            string functionsWorkerRuntime, 
+            int workerProcessesCount = 1, 
+            string functionsWorkerRuntimeVersion = null,
+            bool addTestSettings = true)
         {
             FixtureId = testId;
 
             _rootPath = rootPath;
             _functionsWorkerRuntime = functionsWorkerRuntime;
             _workerProcessCount = workerProcessesCount;
             _functionsWorkerRuntimeVersion = functionsWorkerRuntimeVersion;
+            _addTestSettings = addTestSettings;
         }
 
         public CloudBlobContainer TestInputContainer { get; private set; }
@@ -126,7 +132,7 @@ string GetDestPath(int counter)
             FunctionsSyncManagerMock = new Mock<IFunctionsSyncManager>(MockBehavior.Strict);
             FunctionsSyncManagerMock.Setup(p => p.TrySyncTriggersAsync(It.IsAny<bool>())).ReturnsAsync(new SyncTriggersResult { Success = true });
 
-            Host = new TestFunctionHost(_copiedRootPath, logPath,
+            Host = new TestFunctionHost(_copiedRootPath, logPath, addTestSettings: _addTestSettings,
                 configureScriptHostWebJobsBuilder: webJobsBuilder =>
                 {
                     ConfigureScriptHost(webJobsBuilder);
@@ -135,23 +141,35 @@ string GetDestPath(int counter)
                 {
                     s.AddSingleton<IFunctionsSyncManager>(_ => FunctionsSyncManagerMock.Object);
                     s.AddSingleton<IMetricsLogger>(_ => MetricsLogger);
+                    ConfigureScriptHost(s);
+                },
+                configureScriptHostAppConfiguration: configBuilder =>
+                {
+                    ConfigureScriptHost(configBuilder);
                 },
                 configureWebHostServices: s =>
                 {
                     s.AddSingleton<IEventGenerator>(_ => EventGenerator);
                     ConfigureWebHost(s);
+                },
+                configureWebHostAppConfiguration: configBuilder =>
+                {
+                    ConfigureWebHost(configBuilder);
                 });
 
             string connectionString = Host.JobHostServices.GetService<IConfiguration>().GetWebJobsConnectionString(ConnectionStringNames.Storage);
-            CloudStorageAccount storageAccount = CloudStorageAccount.Parse(connectionString);
+            if (!string.IsNullOrEmpty(connectionString))
+            {
+                CloudStorageAccount storageAccount = CloudStorageAccount.Parse(connectionString);
 
-            QueueClient = storageAccount.CreateCloudQueueClient();
-            BlobClient = storageAccount.CreateCloudBlobClient();
+                QueueClient = storageAccount.CreateCloudQueueClient();
+                BlobClient = storageAccount.CreateCloudBlobClient();
 
-            TableStorageAccount tableStorageAccount = TableStorageAccount.Parse(connectionString);
-            TableClient = tableStorageAccount.CreateCloudTableClient();
+                TableStorageAccount tableStorageAccount = TableStorageAccount.Parse(connectionString);
+                TableClient = tableStorageAccount.CreateCloudTableClient();
 
-            await CreateTestStorageEntities();
+                await CreateTestStorageEntities();
+            }
 
             MasterKey = await Host.GetMasterKeyAsync();
         }
@@ -160,10 +178,22 @@ public virtual void ConfigureScriptHost(IWebJobsBuilder webJobsBuilder)
         {
         }
 
+        public virtual void ConfigureScriptHost(IServiceCollection services)
+        {
+        }
+
+        public virtual void ConfigureScriptHost(IConfigurationBuilder configBuilder)
+        {
+        }
+
         public virtual void ConfigureWebHost(IServiceCollection services)
         {
         }
 
+        public virtual void ConfigureWebHost(IConfigurationBuilder configBuilder)
+        {
+        }
+
         public async Task<CloudQueue> GetNewQueue(string queueName)
         {
             var queue = QueueClient.GetQueueReference(string.Format("{0}-{1}", queueName, FixtureId));