Functions SyncTriggers improvements

Author: mathewc

src/WebJobs.Script.WebHost/Controllers/FunctionsController.cs

@@ -48,7 +48,7 @@ public FunctionsController(IWebFunctionsManager functionsManager, IWebJobsRouter
         [Authorize(Policy = PolicyNames.AdminAuthLevel)]
         public async Task<IActionResult> List(bool includeProxies = false)
         {
-            var result = await _functionsManager.GetFunctionsMetadata(Request, includeProxies);
+            var result = await _functionsManager.GetFunctionsMetadata(includeProxies);
             return Ok(result);
         }
 
@@ -144,7 +144,7 @@ public async Task<IActionResult> GetFunctionStatus(string name, [FromServices] I
             {
                 // if we don't have any errors registered, make sure the function exists
                 // before returning empty errors
-                var result = await _functionsManager.GetFunctionsMetadata(Request, includeProxies: true);
+                var result = await _functionsManager.GetFunctionsMetadata(includeProxies: true);
                 var function = result.FirstOrDefault(p => p.Name.ToLowerInvariant() == name.ToLowerInvariant());
                 if (function == null)
                 {

src/WebJobs.Script.WebHost/Controllers/KeysController.cs

@@ -10,6 +10,7 @@
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.Azure.WebJobs.Script.WebHost.Management;
 using Microsoft.Azure.WebJobs.Script.WebHost.Models;
 using Microsoft.Azure.WebJobs.Script.WebHost.Properties;
 using Microsoft.Azure.WebJobs.Script.WebHost.Security.Authorization.Policies;
@@ -28,13 +29,15 @@ public class KeysController : Controller
         private readonly ILogger _logger;
         private readonly IOptions<ScriptApplicationHostOptions> _applicationOptions;
         private readonly IFileSystem _fileSystem;
+        private readonly IFunctionsSyncManager _functionsSyncManager;
 
-        public KeysController(IOptions<ScriptApplicationHostOptions> applicationOptions, ISecretManagerProvider secretManagerProvider, ILoggerFactory loggerFactory, IFileSystem fileSystem)
+        public KeysController(IOptions<ScriptApplicationHostOptions> applicationOptions, ISecretManagerProvider secretManagerProvider, ILoggerFactory loggerFactory, IFileSystem fileSystem, IFunctionsSyncManager functionsSyncManager)
         {
             _applicationOptions = applicationOptions;
             _secretManagerProvider = secretManagerProvider;
             _logger = loggerFactory.CreateLogger(ScriptConstants.LogCategoryKeysController);
             _fileSystem = fileSystem;
+            _functionsSyncManager = functionsSyncManager;
         }
 
         [HttpGet]
@@ -186,11 +189,13 @@ private async Task<IActionResult> AddOrUpdateSecretAsync(string keyName, string
                 case OperationResult.Created:
                     {
                         var keyResponse = ApiModelUtility.CreateApiModel(new { name = keyName, value = operationResult.Secret }, Request);
+                        await _functionsSyncManager.TrySyncTriggersAsync();
                         return Created(ApiModelUtility.GetBaseUri(Request), keyResponse);
                     }
                 case OperationResult.Updated:
                     {
                         var keyResponse = ApiModelUtility.CreateApiModel(new { name = keyName, value = operationResult.Secret }, Request);
+                        await _functionsSyncManager.TrySyncTriggersAsync();
                         return Ok(keyResponse);
                     }
                 case OperationResult.NotFound:
@@ -245,6 +250,8 @@ private async Task<IActionResult> DeleteFunctionSecretAsync(string keyName, stri
                 return NotFound();
             }
 
+            await _functionsSyncManager.TrySyncTriggersAsync();
+
             _logger.LogDebug(string.Format(Resources.TraceKeysApiSecretChange, keyName, keyScope ?? "host", "Deleted"));
 
             return StatusCode(StatusCodes.Status204NoContent);

src/WebJobs.Script.WebHost/Extensions/FunctionMetadataExtensions.cs

@@ -5,8 +5,6 @@
 using System.IO;
 using System.Linq;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http;
-using Microsoft.Azure.WebJobs.Extensions.Http;
 using Microsoft.Azure.WebJobs.Script.Description;
 using Microsoft.Azure.WebJobs.Script.Management.Models;
 using Microsoft.Azure.WebJobs.Script.WebHost.Management;

src/WebJobs.Script.WebHost/Management/FunctionsSyncManager.cs

@@ -27,6 +27,12 @@ namespace Microsoft.Azure.WebJobs.Script.WebHost.Management
 {
     public class FunctionsSyncManager : IFunctionsSyncManager, IDisposable
     {
+        // Until ANT 82 is fully released, the default value is disabled and we continue
+        // to return just the trigger data.
+        // After ANT 82, we will change the default to enabled.
+        // Note that this app setting is honored by both GeoMaster and Runtime.
+        public const string AzureWebsiteArmCacheEnabledDefaultValue = "0";
+
         private const string HubName = "HubName";
         private const string TaskHubName = "taskHubName";
         private const string Connection = "connection";
@@ -47,10 +53,10 @@ public class FunctionsSyncManager : IFunctionsSyncManager, IDisposable
 
         private CloudBlockBlob _hashBlob;
 
-        public FunctionsSyncManager(IConfiguration configuration, IHostIdProvider hostIdProvider, IOptionsMonitor<ScriptApplicationHostOptions> applicationHostOptions, IOptions<LanguageWorkerOptions> languageWorkerOptions, ILoggerFactory loggerFactory, HttpClient httpClient, ISecretManagerProvider secretManagerProvider, IScriptWebHostEnvironment webHostEnvironment, IEnvironment environment, HostNameProvider hostNameProvider)
+        public FunctionsSyncManager(IConfiguration configuration, IHostIdProvider hostIdProvider, IOptionsMonitor<ScriptApplicationHostOptions> applicationHostOptions, IOptions<LanguageWorkerOptions> languageWorkerOptions, ILogger<FunctionsSyncManager> logger, HttpClient httpClient, ISecretManagerProvider secretManagerProvider, IScriptWebHostEnvironment webHostEnvironment, IEnvironment environment, HostNameProvider hostNameProvider)
         {
             _applicationHostOptions = applicationHostOptions;
-            _logger = loggerFactory?.CreateLogger(ScriptConstants.LogCategoryHostGeneral);
+            _logger = logger;
             _workerConfigs = languageWorkerOptions.Value.WorkerConfigs;
             _httpClient = httpClient;
             _secretManagerProvider = secretManagerProvider;
@@ -61,6 +67,14 @@ public FunctionsSyncManager(IConfiguration configuration, IHostIdProvider hostId
             _hostNameProvider = hostNameProvider;
         }
 
+        internal bool ArmCacheEnabled
+        {
+            get
+            {
+                return _environment.GetEnvironmentVariableOrDefault(EnvironmentSettingNames.AzureWebsiteArmCacheEnabled, AzureWebsiteArmCacheEnabledDefaultValue) == "1";
+            }
+        }
+
         public async Task<SyncTriggersResult> TrySyncTriggersAsync(bool checkHash = false)
         {
             var result = new SyncTriggersResult
@@ -237,15 +251,72 @@ internal async Task<CloudBlockBlob> GetHashBlobAsync()
             return _hashBlob;
         }
 
-        public async Task<JArray> GetSyncTriggersPayload()
+        public async Task<JToken> GetSyncTriggersPayload()
         {
             var hostOptions = _applicationHostOptions.CurrentValue.ToHostOptions();
-            var functionsMetadata = WebFunctionsManager.GetFunctionsMetadata(hostOptions, _workerConfigs, _logger, includeProxies: true);
+            var functionsMetadata = WebFunctionsManager.GetFunctionsMetadata(hostOptions, _workerConfigs, _logger);
 
-            // Add trigger information used by the ScaleController
-            JObject result = new JObject();
+            // trigger information used by the ScaleController
             var triggers = await GetFunctionTriggers(functionsMetadata, hostOptions);
-            return new JArray(triggers);
+            var triggersArray = new JArray(triggers);
+
+            if (!ArmCacheEnabled)
+            {
+                // extended format is disabled - just return triggers
+                return triggersArray;
+            }
+
+            // Add triggers to the payload
+            JObject result = new JObject();
+            result.Add("triggers", triggersArray);
+
+            // Add functions details to the payload
+            JObject functions = new JObject();
+            string routePrefix = await WebFunctionsManager.GetRoutePrefix(hostOptions.RootScriptPath);
+            var functionDetails = await WebFunctionsManager.GetFunctionMetadataResponse(functionsMetadata, hostOptions, _hostNameProvider);
+            result.Add("functions", new JArray(functionDetails.Select(p => JObject.FromObject(p))));
+
+            // Add functions secrets to the payload
+            // Only secret types we own/control can we cache directly
+            // Encryption is handled by Antares before storage
+            var secretsStorageType = _environment.GetEnvironmentVariable(EnvironmentSettingNames.AzureWebJobsSecretStorageType);
+            if (string.IsNullOrEmpty(secretsStorageType) ||
+                string.Compare(secretsStorageType, "files", StringComparison.OrdinalIgnoreCase) == 0 ||
+                string.Compare(secretsStorageType, "blob", StringComparison.OrdinalIgnoreCase) == 0)
+            {
+                JObject secrets = new JObject();
+                result.Add("secrets", secrets);
+
+                // add host secrets
+                var hostSecretsInfo = await _secretManagerProvider.Current.GetHostSecretsAsync();
+                var hostSecrets = new JObject();
+                hostSecrets.Add("master", hostSecretsInfo.MasterKey);
+                hostSecrets.Add("function", JObject.FromObject(hostSecretsInfo.FunctionKeys));
+                hostSecrets.Add("system", JObject.FromObject(hostSecretsInfo.SystemKeys));
+                secrets.Add("host", hostSecrets);
+
+                // add function secrets
+                var functionSecrets = new JArray();
+                var httpFunctions = functionsMetadata.Where(p => !p.IsProxy && p.InputBindings.Any(q => q.IsTrigger && string.Compare(q.Type, "httptrigger", StringComparison.OrdinalIgnoreCase) == 0)).Select(p => p.Name);
+                foreach (var functionName in httpFunctions)
+                {
+                    var currSecrets = await _secretManagerProvider.Current.GetFunctionSecretsAsync(functionName);
+                    var currElement = new JObject()
+                    {
+                        { "name", functionName },
+                        { "secrets", JObject.FromObject(currSecrets) }
+                    };
+                    functionSecrets.Add(currElement);
+                }
+                secrets.Add("function", functionSecrets);
+            }
+            else
+            {
+                // TODO: handle other external key storage types
+                // like KeyVault when the feature comes online
+            }
+
+            return result;
         }
 
         internal async Task<IEnumerable<JObject>> GetFunctionTriggers(IEnumerable<FunctionMetadata> functionsMetadata, ScriptJobHostOptions hostOptions)
@@ -352,7 +423,15 @@ internal HttpRequestMessage BuildSetTriggersRequest()
         {
             var token = SimpleWebTokenHelper.CreateToken(DateTime.UtcNow.AddMinutes(5));
 
-            _logger.LogDebug($"SyncTriggers content: {content}");
+            string sanitizedContentString = content;
+            if (ArmCacheEnabled)
+            {
+                // sanitize the content before logging
+                var sanitizedContent = JObject.Parse(content);
+                sanitizedContent.Remove("secrets");
+                sanitizedContentString = sanitizedContent.ToString();
+            }
+            _logger.LogDebug($"SyncTriggers content: {sanitizedContentString}");
 
             using (var request = BuildSetTriggersRequest())
             {
@@ -381,4 +460,4 @@ public void Dispose()
             _syncSemaphore.Dispose();
         }
     }
-}
+}

src/WebJobs.Script.WebHost/Management/IWebFunctionsManager.cs

@@ -10,7 +10,7 @@ namespace Microsoft.Azure.WebJobs.Script.WebHost.Management
 {
     public interface IWebFunctionsManager
     {
-        Task<IEnumerable<FunctionMetadataResponse>> GetFunctionsMetadata(HttpRequest request, bool includeProxies);
+        Task<IEnumerable<FunctionMetadataResponse>> GetFunctionsMetadata(bool includeProxies);
 
         Task<(bool, FunctionMetadataResponse)> TryGetFunction(string name, HttpRequest request);
 

src/WebJobs.Script.WebHost/Management/WebFunctionsManager.cs

@@ -27,42 +27,34 @@ public class WebFunctionsManager : IWebFunctionsManager
         private readonly IEnumerable<WorkerConfig> _workerConfigs;
         private readonly ISecretManagerProvider _secretManagerProvider;
         private readonly IFunctionsSyncManager _functionsSyncManager;
+        private readonly HostNameProvider _hostNameProvider;
 
-        public WebFunctionsManager(IOptionsMonitor<ScriptApplicationHostOptions> applicationHostOptions, IOptions<LanguageWorkerOptions> languageWorkerOptions, ILoggerFactory loggerFactory, HttpClient client, ISecretManagerProvider secretManagerProvider, IFunctionsSyncManager functionsSyncManager)
+        public WebFunctionsManager(IOptionsMonitor<ScriptApplicationHostOptions> applicationHostOptions, IOptions<LanguageWorkerOptions> languageWorkerOptions, ILoggerFactory loggerFactory, HttpClient client, ISecretManagerProvider secretManagerProvider, IFunctionsSyncManager functionsSyncManager, HostNameProvider hostNameProvider)
         {
             _applicationHostOptions = applicationHostOptions;
             _logger = loggerFactory?.CreateLogger(ScriptConstants.LogCategoryHostGeneral);
             _client = client;
             _workerConfigs = languageWorkerOptions.Value.WorkerConfigs;
             _secretManagerProvider = secretManagerProvider;
             _functionsSyncManager = functionsSyncManager;
+            _hostNameProvider = hostNameProvider;
         }
 
-        /// <summary>
-        /// Calls into ScriptHost to retrieve list of FunctionMetadata
-        /// and maps them to FunctionMetadataResponse.
-        /// </summary>
-        /// <param name="request">Current HttpRequest for figuring out baseUrl</param>
-        /// <returns>collection of FunctionMetadataResponse</returns>
-        public async Task<IEnumerable<FunctionMetadataResponse>> GetFunctionsMetadata(HttpRequest request, bool includeProxies)
-        {
-            var baseUrl = $"{request.Scheme}://{request.Host}";
-            return await GetFunctionsMetadata(baseUrl, includeProxies);
-        }
-
-        public async Task<IEnumerable<FunctionMetadataResponse>> GetFunctionsMetadata(string baseUrl, bool includeProxies)
+        public async Task<IEnumerable<FunctionMetadataResponse>> GetFunctionsMetadata(bool includeProxies)
         {
             var hostOptions = _applicationHostOptions.CurrentValue.ToHostOptions();
+            var functionsMetadata = GetFunctionsMetadata(hostOptions, _workerConfigs, _logger, includeProxies);
 
-            string routePrefix = await GetRoutePrefix(hostOptions.RootScriptPath);
-            var tasks = GetFunctionsMetadata(includeProxies).Select(p => p.ToFunctionMetadataResponse(hostOptions, routePrefix, baseUrl));
-            return await tasks.WhenAll();
+            return await GetFunctionMetadataResponse(functionsMetadata, hostOptions, _hostNameProvider);
         }
 
-        internal IEnumerable<FunctionMetadata> GetFunctionsMetadata(bool includeProxies = false)
+        internal static async Task<IEnumerable<FunctionMetadataResponse>> GetFunctionMetadataResponse(IEnumerable<FunctionMetadata> functionsMetadata, ScriptJobHostOptions hostOptions, HostNameProvider hostNameProvider)
         {
-            var hostOptions = _applicationHostOptions.CurrentValue.ToHostOptions();
-            return GetFunctionsMetadata(hostOptions, _workerConfigs, _logger, includeProxies);
+            string baseUrl = GetBaseUrl(hostNameProvider);
+            string routePrefix = await GetRoutePrefix(hostOptions.RootScriptPath);
+            var tasks = functionsMetadata.Select(p => p.ToFunctionMetadataResponse(hostOptions, routePrefix, baseUrl));
+
+            return await tasks.WhenAll();
         }
 
         internal static IEnumerable<FunctionMetadata> GetFunctionsMetadata(ScriptJobHostOptions hostOptions, IEnumerable<WorkerConfig> workerConfigs, ILogger logger, bool includeProxies = false)
@@ -253,5 +245,16 @@ internal static async Task<string> GetRoutePrefix(string rootScriptPath)
 
             return routePrefix;
         }
+
+        internal static string GetBaseUrl(HostNameProvider hostNameProvider)
+        {
+            string hostName = hostNameProvider.Value ?? "localhost";
+            return $"https://{hostName}";
+        }
+
+        internal string GetBaseUrl()
+        {
+            return GetBaseUrl(_hostNameProvider);
+        }
     }
 }

src/WebJobs.Script/Environment/EnvironmentExtensions.cs

@@ -13,6 +13,11 @@ internal static class EnvironmentExtensions
         // For testing
         internal static string BaseDirectory { get; set; }
 
+        public static string GetEnvironmentVariableOrDefault(this IEnvironment environment, string name, string defaultValue)
+        {
+            return environment.GetEnvironmentVariable(name) ?? defaultValue;
+        }
+
         public static bool IsAppServiceEnvironment(this IEnvironment environment)
         {
             return !string.IsNullOrEmpty(environment.GetEnvironmentVariable(AzureWebsiteInstanceId));

src/WebJobs.Script/Environment/EnvironmentSettingNames.cs

@@ -34,6 +34,7 @@ public static class EnvironmentSettingNames
         public const string EasyAuthEnabled = "WEBSITE_AUTH_ENABLED";
         public const string AzureWebJobsSecretStorageKeyVaultName = "AzureWebJobsSecretStorageKeyVaultName";
         public const string AzureWebJobsSecretStorageKeyVaultConnectionString = "AzureWebJobsSecretStorageKeyVaultConnectionString";
+        public const string AzureWebsiteArmCacheEnabled = "WEBSITE_FUNCTIONS_ARMCACHE_ENABLED";
 
         /// <summary>
         /// Environment variable dynamically set by the platform when it is safe to