Warn user if two apps are sharing the same secrets. Fixes #2740

Author: alrod

src/WebJobs.Script.WebHost/Properties/Resources.Designer.cs

@@ -117,8 +117,11 @@
   <resheader name="writer">
     <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
+  <data name="ErrorSameSecrets" xml:space="preserve">
+    <value>Two or more function apps are sharing the same secrets ({0})</value>
+  </data>
   <data name="ErrorTooManySecretBackups" xml:space="preserve">
-    <value>Repository has more than {0} non-decryptable secrets backups ({1}).</value>
+    <value>Repository has more than {0} non-decryptable secrets backups ({1}). {2}</value>
   </data>
   <data name="FunctionSecretsSchemaV0" xml:space="preserve">
     <value>{

src/WebJobs.Script.WebHost/Properties/Resources.resx

@@ -409,7 +409,7 @@ private async Task PersistSecretsAsync<T>(T secrets, string keyScope = null, boo
 
                 if (secretBackups.Length >= ScriptConstants.MaximumSecretBackupCount)
                 {
-                    string message = string.Format(Resources.ErrorTooManySecretBackups, ScriptConstants.MaximumSecretBackupCount, string.IsNullOrEmpty(keyScope) ? "host" : keyScope);
+                    string message = string.Format(Resources.ErrorTooManySecretBackups, ScriptConstants.MaximumSecretBackupCount, string.IsNullOrEmpty(keyScope) ? "host" : keyScope, await AnalizeSnapshots<T>(secretBackups));
                     TraceEvent traceEvent = new TraceEvent(TraceLevel.Verbose, message);
                     _traceWriter.Verbose(message);
                     _logger?.LogDebug(message);
@@ -475,6 +475,31 @@ private void OnSecretsChanged(object sender, SecretsChangedEventArgs e)
             }
         }
 
+        private async Task<string> AnalizeSnapshots<T>(string[] secretBackups) where T : ScriptSecrets
+        {
+            string analizeResult = string.Empty;
+            try
+            {
+                List<T> shapShots = new List<T>();
+                foreach (string secretPath in secretBackups)
+                {
+                    string secretString = await _repository.ReadAsync(ScriptSecretsType.Function, Path.GetFileNameWithoutExtension(secretPath));
+                    shapShots.Add(ScriptSecretSerializer.DeserializeSecrets<T>(secretString));
+                }
+                string[] hosts = shapShots.Select(x => x.HostName).Distinct().ToArray();
+                if (hosts.Length > 1)
+                {
+                    analizeResult = string.Format(Resources.ErrorSameSecrets, string.Join(",", hosts));
+                }
+            }
+            catch
+            {
+                // best effort
+            }
+            return analizeResult;
+        }
+
+
         public async Task PurgeOldSecretsAsync(string rootScriptPath, TraceWriter traceWriter, ILogger logger)
         {
             if (!Directory.Exists(rootScriptPath))

src/WebJobs.Script.WebHost/Security/SecretManager.cs

@@ -589,7 +589,8 @@ public async Task GetHostSecrets_WhenTooManyBackups_ThrowsException()
             using (var directory = new TempDirectory())
             {
                 string functionName = "testfunction";
-                string expectedTraceMessage = string.Format(Resources.ErrorTooManySecretBackups, ScriptConstants.MaximumSecretBackupCount, functionName);
+                string expectedTraceMessage = string.Format(Resources.ErrorTooManySecretBackups, ScriptConstants.MaximumSecretBackupCount, functionName,
+                    string.Format(Resources.ErrorSameSecrets, "test0,test1"));
                 string functionSecretsJson =
                      @"{
     'keys': [
@@ -625,13 +626,19 @@ public async Task GetHostSecrets_WhenTooManyBackups_ThrowsException()
                                 await Task.Delay(500);
                             }
 
+                            string hostName = "test" + (i % 2).ToString();
+                            _settingsManager.SetSetting(EnvironmentSettingNames.AzureWebsiteHostName, hostName);
                             functionSecrets = await secretManager.GetFunctionSecretsAsync(functionName);
                         }
                     }
                     catch (InvalidOperationException ex)
                     {
                         ioe = ex;
                     }
+                    finally
+                    {
+                        _settingsManager.SetSetting(EnvironmentSettingNames.AzureWebsiteHostName, null);
+                    }
 
                     Assert.True(ioe != null, string.Join(Environment.NewLine, traceWriter.GetTraces()));
                 }