Revert support for no storage account scenario.

Author: kashimiz

src/WebJobs.Script.WebHost/Security/Authentication/Keys/AuthenticationLevelHandler.cs

@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the MIT License. See License.txt in the project root for license information.
 
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
@@ -83,25 +84,22 @@ protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
 
         internal static Task<(string, AuthorizationLevel)> GetAuthorizationKeyInfoAsync(HttpRequest request, ISecretManagerProvider secretManagerProvider)
         {
-            if (secretManagerProvider.SecretsEnabled)
+            // first see if a key value is specified via headers or query string (header takes precedence)
+            string keyValue = null;
+            if (request.Headers.TryGetValue(FunctionsKeyHeaderName, out StringValues values))
             {
-                // first see if a key value is specified via headers or query string (header takes precedence)
-                string keyValue = null;
-                if (request.Headers.TryGetValue(FunctionsKeyHeaderName, out StringValues values))
-                {
-                    keyValue = values.First();
-                }
-                else if (request.Query.TryGetValue(FunctionsKeyQueryParamName, out values))
-                {
-                    keyValue = values.First();
-                }
+                keyValue = values.First();
+            }
+            else if (request.Query.TryGetValue(FunctionsKeyQueryParamName, out values))
+            {
+                keyValue = values.First();
+            }
 
-                if (!string.IsNullOrEmpty(keyValue))
-                {
-                    ISecretManager secretManager = secretManagerProvider.Current;
-                    var functionName = request.HttpContext.Features.Get<IFunctionExecutionFeature>()?.Descriptor.Name;
-                    return secretManager.GetAuthorizationLevelOrNullAsync(keyValue, functionName);
-                }
+            if (!string.IsNullOrEmpty(keyValue))
+            {
+                ISecretManager secretManager = secretManagerProvider.Current;
+                var functionName = request.HttpContext.Features.Get<IFunctionExecutionFeature>()?.Descriptor.Name;
+                return secretManager.GetAuthorizationLevelOrNullAsync(keyValue, functionName);
             }
 
             return Task.FromResult<(string, AuthorizationLevel)>((null, AuthorizationLevel.Anonymous));

test/WebJobs.Script.Tests.Integration/TestFunctionHost.cs

@@ -4,7 +4,6 @@
 using System;
 using System.Collections.Generic;
 using System.Diagnostics;
-using System.IdentityModel.Tokens.Jwt;
 using System.IO;
 using System.Linq;
 using System.Net.Http;
@@ -15,12 +14,11 @@
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.TestHost;
-using Microsoft.Azure.Web.DataProtection;
 using Microsoft.Azure.WebJobs.Host.Executors;
 using Microsoft.Azure.WebJobs.Script.ExtensionBundle;
+using Microsoft.Azure.WebJobs.Script.Grpc;
 using Microsoft.Azure.WebJobs.Script.Models;
 using Microsoft.Azure.WebJobs.Script.WebHost;
-using Microsoft.Azure.WebJobs.Script.WebHost.Authentication;
 using Microsoft.Azure.WebJobs.Script.WebHost.DependencyInjection;
 using Microsoft.Azure.WebJobs.Script.WebHost.Middleware;
 using Microsoft.Azure.WebJobs.Script.WebHost.Models;
@@ -34,7 +32,6 @@
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
-using Microsoft.IdentityModel.Tokens;
 using Microsoft.WebJobs.Script.Tests;
 using Newtonsoft.Json.Linq;
 using IApplicationLifetime = Microsoft.AspNetCore.Hosting.IApplicationLifetime;
@@ -62,10 +59,9 @@ public TestFunctionHost(string scriptPath,
            Action<IWebJobsBuilder> configureScriptHostWebJobsBuilder = null,
            Action<IConfigurationBuilder> configureScriptHostAppConfiguration = null,
            Action<ILoggingBuilder> configureScriptHostLogging = null,
-           Action<IServiceCollection> configureScriptHostServices = null,
-           Action<IConfigurationBuilder> configureWebHostAppConfiguration = null)
+           Action<IServiceCollection> configureScriptHostServices = null)
             : this(scriptPath, Path.Combine(Path.GetTempPath(), @"Functions"), configureWebHostServices, configureScriptHostWebJobsBuilder,
-                  configureScriptHostAppConfiguration, configureScriptHostLogging, configureScriptHostServices, configureWebHostAppConfiguration)
+                  configureScriptHostAppConfiguration, configureScriptHostLogging, configureScriptHostServices)
         {
         }
 
@@ -74,9 +70,7 @@ public TestFunctionHost(string scriptPath, string logPath,
             Action<IWebJobsBuilder> configureScriptHostWebJobsBuilder = null,
             Action<IConfigurationBuilder> configureScriptHostAppConfiguration = null,
             Action<ILoggingBuilder> configureScriptHostLogging = null,
-            Action<IServiceCollection> configureScriptHostServices = null,
-            Action<IConfigurationBuilder> configureWebHostAppConfiguration = null,
-            bool addTestSettings = true)
+            Action<IServiceCollection> configureScriptHostServices = null)
         {
             _appRoot = scriptPath;
 
@@ -132,10 +126,7 @@ public TestFunctionHost(string scriptPath, string logPath,
                 })
                 .ConfigureScriptHostAppConfiguration(scriptHostConfigurationBuilder =>
                 {
-                    if (addTestSettings)
-                    {
-                        scriptHostConfigurationBuilder.AddTestSettings();
-                    }
+                    scriptHostConfigurationBuilder.AddTestSettings();
                     configureScriptHostAppConfiguration?.Invoke(scriptHostConfigurationBuilder);
                 })
                 .ConfigureScriptHostLogging(scriptHostLoggingBuilder =>
@@ -158,11 +149,7 @@ public TestFunctionHost(string scriptPath, string logPath,
                     }
 
                     config.Add(new ScriptEnvironmentVariablesConfigurationSource());
-                    if (addTestSettings)
-                    {
-                        config.AddTestSettings();
-                    }
-                    configureWebHostAppConfiguration?.Invoke(config);
+                    config.AddTestSettings();
                 })
                 .UseStartup<TestStartup>();
 
@@ -198,9 +185,7 @@ public TestFunctionHost(string scriptPath, string logPath,
 
         public ScriptJobHostOptions ScriptOptions => JobHostServices.GetService<IOptions<ScriptJobHostOptions>>().Value;
 
-        public ISecretManagerProvider SecretManagerProvider => _testServer.Host.Services.GetService<ISecretManagerProvider>();
-
-        public ISecretManager SecretManager => SecretManagerProvider.Current;
+        public ISecretManager SecretManager => _testServer.Host.Services.GetService<ISecretManagerProvider>().Current;
 
         public string LogPath => _hostOptions.LogPath;
 
@@ -210,11 +195,6 @@ public TestFunctionHost(string scriptPath, string logPath,
 
         public async Task<string> GetMasterKeyAsync()
         {
-            if (!SecretManagerProvider.SecretsEnabled)
-            {
-                return null;
-            }
-
             HostSecretsInfo secrets = await SecretManager.GetHostSecretsAsync();
             return secrets.MasterKey;
         }
@@ -368,44 +348,13 @@ public async Task<FunctionStatus> GetFunctionStatusAsync(string functionName)
 
         public async Task<HostStatus> GetHostStatusAsync()
         {
-            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, "admin/host/status");
-
-            if (SecretManagerProvider.SecretsEnabled)
-            {
-                // use admin key
-                HostSecretsInfo secrets = await SecretManager.GetHostSecretsAsync();
-                request.Headers.Add(AuthenticationLevelHandler.FunctionsKeyHeaderName, secrets.MasterKey);
-            }
-            else
-            {
-                // use admin jwt token
-                string token = GenerateAdminJwtToken();
-                request.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", token);
-            }
-            
-            HttpResponseMessage response = await HttpClient.SendAsync(request);
+            HostSecretsInfo secrets = await SecretManager.GetHostSecretsAsync();
+            string uri = $"admin/host/status?code={secrets.MasterKey}";
+            HttpResponseMessage response = await HttpClient.GetAsync(uri);
             response.EnsureSuccessStatusCode();
             return await response.Content.ReadAsAsync<HostStatus>();
         }
 
-        public string GenerateAdminJwtToken()
-        {
-            var tokenHandler = new JwtSecurityTokenHandler();
-            string defaultKey = Util.GetDefaultKeyValue();
-            var key = Encoding.ASCII.GetBytes(defaultKey);
-            var tokenDescriptor = new SecurityTokenDescriptor
-            {
-                Audience = string.Format(ScriptConstants.AdminJwtValidAudienceFormat, Environment.GetEnvironmentVariable(EnvironmentSettingNames.AzureWebsiteName)),
-                Issuer = string.Format(ScriptConstants.AdminJwtValidIssuerFormat, Environment.GetEnvironmentVariable(EnvironmentSettingNames.AzureWebsiteName)),
-                Expires = DateTime.UtcNow.AddHours(1),
-                SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
-            };
-            var token = tokenHandler.CreateToken(tokenDescriptor);
-            string tokenHeaderValue = tokenHandler.WriteToken(token);
-
-            return tokenHeaderValue;
-        }
-
         public void Dispose()
         {
             if (!_isDisposed)

test/WebJobs.Script.Tests.Integration/TestScripts/CSharp/HttpTrigger-FunctionAuth/function.json

@@ -2,7 +2,6 @@
 
 using System;
 using System.Net;
-using System.Web;
 using Newtonsoft.Json;
 using Newtonsoft.Json.Linq;
 
@@ -14,10 +13,6 @@ public static async Task<HttpResponseMessage> Run(HttpRequestMessage req, Execut
 
     switch (scenario)
     {
-        case "swa":
-            var query = HttpUtility.ParseQueryString(req.RequestUri.Query ?? string.Empty);
-            var code = query["code"];
-            return new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent(code) };
         case "appServiceFixupMiddleware":
             return new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent(req.RequestUri.ToString()) };
         case "appInsights-Success":

test/WebJobs.Script.Tests.Integration/TestScripts/CSharp/HttpTrigger-FunctionAuth/run.csx

@@ -35,21 +35,15 @@ public abstract class EndToEndTestFixture : IAsyncLifetime
         private string _functionsWorkerRuntime;
         private int _workerProcessCount;
         private string _functionsWorkerRuntimeVersion;
-        private bool _addTestSettings;
 
-        protected EndToEndTestFixture(string rootPath, string testId, 
-            string functionsWorkerRuntime, 
-            int workerProcessesCount = 1, 
-            string functionsWorkerRuntimeVersion = null,
-            bool addTestSettings = true)
+        protected EndToEndTestFixture(string rootPath, string testId, string functionsWorkerRuntime, int workerProcessesCount = 1, string functionsWorkerRuntimeVersion = null)
         {
             FixtureId = testId;
 
             _rootPath = rootPath;
             _functionsWorkerRuntime = functionsWorkerRuntime;
             _workerProcessCount = workerProcessesCount;
             _functionsWorkerRuntimeVersion = functionsWorkerRuntimeVersion;
-            _addTestSettings = addTestSettings;
         }
 
         public CloudBlobContainer TestInputContainer { get; private set; }
@@ -132,7 +126,7 @@ string GetDestPath(int counter)
             FunctionsSyncManagerMock = new Mock<IFunctionsSyncManager>(MockBehavior.Strict);
             FunctionsSyncManagerMock.Setup(p => p.TrySyncTriggersAsync(It.IsAny<bool>())).ReturnsAsync(new SyncTriggersResult { Success = true });
 
-            Host = new TestFunctionHost(_copiedRootPath, logPath, addTestSettings: _addTestSettings,
+            Host = new TestFunctionHost(_copiedRootPath, logPath,
                 configureScriptHostWebJobsBuilder: webJobsBuilder =>
                 {
                     ConfigureScriptHost(webJobsBuilder);
@@ -141,35 +135,23 @@ string GetDestPath(int counter)
                 {
                     s.AddSingleton<IFunctionsSyncManager>(_ => FunctionsSyncManagerMock.Object);
                     s.AddSingleton<IMetricsLogger>(_ => MetricsLogger);
-                    ConfigureScriptHost(s);
-                },
-                configureScriptHostAppConfiguration: configBuilder =>
-                {
-                    ConfigureScriptHost(configBuilder);
                 },
                 configureWebHostServices: s =>
                 {
                     s.AddSingleton<IEventGenerator>(_ => EventGenerator);
                     ConfigureWebHost(s);
-                },
-                configureWebHostAppConfiguration: configBuilder =>
-                {
-                    ConfigureWebHost(configBuilder);
                 });
 
             string connectionString = Host.JobHostServices.GetService<IConfiguration>().GetWebJobsConnectionString(ConnectionStringNames.Storage);
-            if (!string.IsNullOrEmpty(connectionString))
-            {
-                CloudStorageAccount storageAccount = CloudStorageAccount.Parse(connectionString);
+            CloudStorageAccount storageAccount = CloudStorageAccount.Parse(connectionString);
 
-                QueueClient = storageAccount.CreateCloudQueueClient();
-                BlobClient = storageAccount.CreateCloudBlobClient();
+            QueueClient = storageAccount.CreateCloudQueueClient();
+            BlobClient = storageAccount.CreateCloudBlobClient();
 
-                TableStorageAccount tableStorageAccount = TableStorageAccount.Parse(connectionString);
-                TableClient = tableStorageAccount.CreateCloudTableClient();
+            TableStorageAccount tableStorageAccount = TableStorageAccount.Parse(connectionString);
+            TableClient = tableStorageAccount.CreateCloudTableClient();
 
-                await CreateTestStorageEntities();
-            }
+            await CreateTestStorageEntities();
 
             MasterKey = await Host.GetMasterKeyAsync();
         }
@@ -178,22 +160,10 @@ public virtual void ConfigureScriptHost(IWebJobsBuilder webJobsBuilder)
         {
         }
 
-        public virtual void ConfigureScriptHost(IServiceCollection services)
-        {
-        }
-
-        public virtual void ConfigureScriptHost(IConfigurationBuilder configBuilder)
-        {
-        }
-
         public virtual void ConfigureWebHost(IServiceCollection services)
         {
         }
 
-        public virtual void ConfigureWebHost(IConfigurationBuilder configBuilder)
-        {
-        }
-
         public async Task<CloudQueue> GetNewQueue(string queueName)
         {
             var queue = QueueClient.GetQueueReference(string.Format("{0}-{1}", queueName, FixtureId));