Ensuring host secrets are created on startup

fabiocav · fabiocav · commit 9808402bb1e7 · 2016-10-20T17:11:29.000-07:00
diff --git a/src/WebJobs.Script.WebHost/App_Start/WebHostResolver.cs b/src/WebJobs.Script.WebHost/App_Start/WebHostResolver.cs
@@ -184,7 +184,7 @@ private static ScriptHostConfiguration GetScriptHostConfiguration(string scriptP
             return scriptHostConfig;
         }
 
-        private static ISecretManager GetSecretManager(string secretsPath) => new SecretManager(secretsPath);
+        private static ISecretManager GetSecretManager(string secretsPath) => new SecretManager(secretsPath, true);
 
         public void Dispose()
         {
diff --git a/src/WebJobs.Script.WebHost/GlobalSuppressions.cs b/src/WebJobs.Script.WebHost/GlobalSuppressions.cs
@@ -69,4 +69,6 @@
 [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1021:AvoidOutParameters", MessageId = "2#", Scope = "member", Target = "Microsoft.Azure.WebJobs.Script.WebHost.ISecretManager.#TryAddOrUpdateHostFunctionSecret(System.String,System.String,System.String&)")]
 [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1710:IdentifiersShouldHaveCorrectSuffix", Scope = "type", Target = "Microsoft.Azure.WebJobs.Script.WebHost.Models.ApiModel")]
 [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Usage", "CA2227:CollectionPropertiesShouldBeReadOnly", Scope = "member", Target = "Microsoft.Azure.WebJobs.Script.WebHost.Models.ApiModel.#Links")]
-[assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Performance", "CA1810:InitializeReferenceTypeStaticFieldsInline", Scope = "member", Target = "Microsoft.Azure.WebJobs.Script.WebHost.Models.ApiModelUtility.#.cctor()")]
+[assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Performance", "CA1810:InitializeReferenceTypeStaticFieldsInline", Scope = "member", Target = "Microsoft.Azure.WebJobs.Script.WebHost.Models.ApiModelUtility.#.cctor()")]
+[assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Scope = "member", Target = "Microsoft.Azure.WebJobs.Script.WebHost.SecretManager.#.ctor(System.String,Microsoft.Azure.WebJobs.Script.WebHost.IKeyValueConverterFactory,System.Boolean)")]
+[assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Usage", "CA2214:DoNotCallOverridableMethodsInConstructors", Scope = "member", Target = "Microsoft.Azure.WebJobs.Script.WebHost.SecretManager.#.ctor(System.String,Microsoft.Azure.WebJobs.Script.WebHost.IKeyValueConverterFactory,System.Boolean)")]
diff --git a/src/WebJobs.Script.WebHost/Security/SecretManager.cs b/src/WebJobs.Script.WebHost/Security/SecretManager.cs
@@ -26,12 +26,12 @@ public SecretManager()
         {
         }
 
-        public SecretManager(string secretsPath)
-            : this(secretsPath, new DefaultKeyValueConverterFactory())
+        public SecretManager(string secretsPath, bool createHostSecretsIfMissing = false)
+            : this(secretsPath, new DefaultKeyValueConverterFactory(), createHostSecretsIfMissing)
         {
         }
 
-        public SecretManager(string secretsPath, IKeyValueConverterFactory keyValueConverterFactory)
+        public SecretManager(string secretsPath, IKeyValueConverterFactory keyValueConverterFactory, bool createHostSecretsIfMissing = false)
         {
             _secretsPath = secretsPath;
             _hostSecretsPath = Path.Combine(_secretsPath, ScriptConstants.HostMetadataFileName);
@@ -49,6 +49,13 @@ public SecretManager(string secretsPath, IKeyValueConverterFactory keyValueConve
             _fileWatcher.Created += OnChanged;
             _fileWatcher.Deleted += OnChanged;
             _fileWatcher.Renamed += OnChanged;
+
+            if (createHostSecretsIfMissing)
+            {
+                // The SecretManager implementation of GetHostSecrets will
+                // create a host secret if one is not present.
+                GetHostSecrets();
+            }
         }
 
         public void Dispose()
diff --git a/test/WebJobs.Script.Tests/Security/SecretManagerTests.cs b/test/WebJobs.Script.Tests/Security/SecretManagerTests.cs
@@ -410,6 +410,29 @@ public void SetMasterKey_WithoutProvidedKey_GeneratesKeyAndPersistsFile()
             }
         }
 
+        [Fact]
+        public void Constructor_WithCreateHostSecretsIfMissingSet_CreatesHostSecret()
+        {
+            var secretsPath = Path.Combine(Path.GetTempPath(), Guid.NewGuid().ToString());
+            var hostSecretPath = Path.Combine(secretsPath, ScriptConstants.HostMetadataFileName);
+            try
+            {
+                bool preExistingFile = File.Exists(hostSecretPath);
+
+                Mock<IKeyValueConverterFactory> mockValueConverterFactory = GetConverterFactoryMock(false);
+
+                var secretManager = new SecretManager(secretsPath, mockValueConverterFactory.Object, true);
+                bool fileCreated = File.Exists(hostSecretPath);
+
+                Assert.False(preExistingFile);
+                Assert.True(fileCreated);
+            }
+            finally
+            {
+                Directory.Delete(secretsPath, true);
+            }
+        }
+
         private Mock<IKeyValueConverterFactory> GetConverterFactoryMock(bool simulateWriteConversion = true)
         {
             var mockValueReader = new Mock<IKeyValueReader>();

Original file line number	Diff line number	Diff line change
`@@ -184,7 +184,7 @@ private static ScriptHostConfiguration GetScriptHostConfiguration(string scriptP`
`184`	`184`	`return scriptHostConfig;`
`185`	`185`	`}`
`186`	`186`
`187`		`- private static ISecretManager GetSecretManager(string secretsPath) => new SecretManager(secretsPath);`
	`187`	`+ private static ISecretManager GetSecretManager(string secretsPath) => new SecretManager(secretsPath, true);`
`188`	`188`
`189`	`189`	`public void Dispose()`
`190`	`190`	`{`
Original file line number	Diff line number	Diff line change
`@@ -26,12 +26,12 @@ public SecretManager()`
`26`	`26`	`{`
`27`	`27`	`}`
`28`	`28`
`29`		`- public SecretManager(string secretsPath)`
`30`		`- : this(secretsPath, new DefaultKeyValueConverterFactory())`
	`29`	`+ public SecretManager(string secretsPath, bool createHostSecretsIfMissing = false)`
	`30`	`+ : this(secretsPath, new DefaultKeyValueConverterFactory(), createHostSecretsIfMissing)`
`31`	`31`	`{`
`32`	`32`	`}`
`33`	`33`
`34`		`- public SecretManager(string secretsPath, IKeyValueConverterFactory keyValueConverterFactory)`
	`34`	`+ public SecretManager(string secretsPath, IKeyValueConverterFactory keyValueConverterFactory, bool createHostSecretsIfMissing = false)`
`35`	`35`	`{`
`36`	`36`	`_secretsPath = secretsPath;`
`37`	`37`	`_hostSecretsPath = Path.Combine(_secretsPath, ScriptConstants.HostMetadataFileName);`
`@@ -49,6 +49,13 @@ public SecretManager(string secretsPath, IKeyValueConverterFactory keyValueConve`
`49`	`49`	`_fileWatcher.Created += OnChanged;`
`50`	`50`	`_fileWatcher.Deleted += OnChanged;`
`51`	`51`	`_fileWatcher.Renamed += OnChanged;`
	`52`	`+`
	`53`	`+ if (createHostSecretsIfMissing)`
	`54`	`+ {`
	`55`	`+ // The SecretManager implementation of GetHostSecrets will`
	`56`	`+ // create a host secret if one is not present.`
	`57`	`+ GetHostSecrets();`
	`58`	`+ }`
`52`	`59`	`}`
`53`	`60`
`54`	`61`	`public void Dispose()`