Ensuring host secrets are created on startup

Author: fabiocav

src/WebJobs.Script.WebHost/App_Start/WebHostResolver.cs

@@ -184,7 +184,7 @@ private static ScriptHostConfiguration GetScriptHostConfiguration(string scriptP
             return scriptHostConfig;
         }
 
-        private static ISecretManager GetSecretManager(string secretsPath) => new SecretManager(secretsPath);
+        private static ISecretManager GetSecretManager(string secretsPath) => new SecretManager(secretsPath, true);
 
         public void Dispose()
         {

src/WebJobs.Script.WebHost/GlobalSuppressions.cs

@@ -69,4 +69,6 @@
 [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1021:AvoidOutParameters", MessageId = "2#", Scope = "member", Target = "Microsoft.Azure.WebJobs.Script.WebHost.ISecretManager.#TryAddOrUpdateHostFunctionSecret(System.String,System.String,System.String&)")]
 [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1710:IdentifiersShouldHaveCorrectSuffix", Scope = "type", Target = "Microsoft.Azure.WebJobs.Script.WebHost.Models.ApiModel")]
 [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Usage", "CA2227:CollectionPropertiesShouldBeReadOnly", Scope = "member", Target = "Microsoft.Azure.WebJobs.Script.WebHost.Models.ApiModel.#Links")]
-[assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Performance", "CA1810:InitializeReferenceTypeStaticFieldsInline", Scope = "member", Target = "Microsoft.Azure.WebJobs.Script.WebHost.Models.ApiModelUtility.#.cctor()")]
+[assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Performance", "CA1810:InitializeReferenceTypeStaticFieldsInline", Scope = "member", Target = "Microsoft.Azure.WebJobs.Script.WebHost.Models.ApiModelUtility.#.cctor()")]
+[assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Scope = "member", Target = "Microsoft.Azure.WebJobs.Script.WebHost.SecretManager.#.ctor(System.String,Microsoft.Azure.WebJobs.Script.WebHost.IKeyValueConverterFactory,System.Boolean)")]
+[assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Usage", "CA2214:DoNotCallOverridableMethodsInConstructors", Scope = "member", Target = "Microsoft.Azure.WebJobs.Script.WebHost.SecretManager.#.ctor(System.String,Microsoft.Azure.WebJobs.Script.WebHost.IKeyValueConverterFactory,System.Boolean)")]

src/WebJobs.Script.WebHost/Security/SecretManager.cs

@@ -26,12 +26,12 @@ public SecretManager()
         {
         }
 
-        public SecretManager(string secretsPath)
-            : this(secretsPath, new DefaultKeyValueConverterFactory())
+        public SecretManager(string secretsPath, bool createHostSecretsIfMissing = false)
+            : this(secretsPath, new DefaultKeyValueConverterFactory(), createHostSecretsIfMissing)
         {
         }
 
-        public SecretManager(string secretsPath, IKeyValueConverterFactory keyValueConverterFactory)
+        public SecretManager(string secretsPath, IKeyValueConverterFactory keyValueConverterFactory, bool createHostSecretsIfMissing = false)
         {
             _secretsPath = secretsPath;
             _hostSecretsPath = Path.Combine(_secretsPath, ScriptConstants.HostMetadataFileName);
@@ -49,6 +49,13 @@ public SecretManager(string secretsPath, IKeyValueConverterFactory keyValueConve
             _fileWatcher.Created += OnChanged;
             _fileWatcher.Deleted += OnChanged;
             _fileWatcher.Renamed += OnChanged;
+
+            if (createHostSecretsIfMissing)
+            {
+                // The SecretManager implementation of GetHostSecrets will
+                // create a host secret if one is not present.
+                GetHostSecrets();
+            }
         }
 
         public void Dispose()

test/WebJobs.Script.Tests/Security/SecretManagerTests.cs

@@ -410,6 +410,29 @@ public void SetMasterKey_WithoutProvidedKey_GeneratesKeyAndPersistsFile()
             }
         }
 
+        [Fact]
+        public void Constructor_WithCreateHostSecretsIfMissingSet_CreatesHostSecret()
+        {
+            var secretsPath = Path.Combine(Path.GetTempPath(), Guid.NewGuid().ToString());
+            var hostSecretPath = Path.Combine(secretsPath, ScriptConstants.HostMetadataFileName);
+            try
+            {
+                bool preExistingFile = File.Exists(hostSecretPath);
+
+                Mock<IKeyValueConverterFactory> mockValueConverterFactory = GetConverterFactoryMock(false);
+
+                var secretManager = new SecretManager(secretsPath, mockValueConverterFactory.Object, true);
+                bool fileCreated = File.Exists(hostSecretPath);
+
+                Assert.False(preExistingFile);
+                Assert.True(fileCreated);
+            }
+            finally
+            {
+                Directory.Delete(secretsPath, true);
+            }
+        }
+
         private Mock<IKeyValueConverterFactory> GetConverterFactoryMock(bool simulateWriteConversion = true)
         {
             var mockValueReader = new Mock<IKeyValueReader>();