Improve resilience of secret file management. Fixes #2093

alrod · alrod · commit dc66ddf4482c · 2018-01-03T09:57:24.000-08:00
diff --git a/src/WebJobs.Script.WebHost/Security/FileSystemSecretsRepository.cs b/src/WebJobs.Script.WebHost/Security/FileSystemSecretsRepository.cs
@@ -20,6 +20,8 @@ public sealed class FileSystemSecretsRepository : ISecretsRepository, IDisposabl
     {
         private readonly string _secretsPath;
         private readonly string _hostSecretsPath;
+        private readonly int _retryCount = 5;
+        private readonly int _retryDelay = 100;
         private readonly AutoRecoveringFileSystemWatcher _fileWatcher;
         private bool _disposed = false;
 
@@ -77,16 +79,46 @@ public async Task<string> ReadAsync(ScriptSecretsType type, string functionName)
             string secretsContent = null;
             if (File.Exists(filePath))
             {
-                // load the secrets file
-                secretsContent = await FileUtility.ReadAsync(filePath);
+                for (int currentRetry = 0; ; currentRetry++)
+                {
+                    try
+                    {
+                        // load the secrets file
+                        secretsContent = await FileUtility.ReadAsync(filePath);
+                        break;
+                    }
+                    catch (IOException)
+                    {
+                        if (currentRetry > _retryCount)
+                        {
+                            throw;
+                        }
+                    }
+                    await Task.Delay(_retryDelay);
+                }
             }
             return secretsContent;
         }
 
         public async Task WriteAsync(ScriptSecretsType type, string functionName, string secretsContent)
         {
             string filePath = GetSecretsFilePath(type, functionName);
-            await FileUtility.WriteAsync(filePath, secretsContent);
+            for (int currentRetry = 0; ; currentRetry++)
+            {
+                try
+                {
+                    await FileUtility.WriteAsync(filePath, secretsContent);
+                    break;
+                }
+                catch (IOException)
+                {
+                    if (currentRetry > _retryCount)
+                    {
+                        throw;
+                    }
+                }
+                await Task.Delay(_retryDelay);
+            }
         }
 
         public async Task PurgeOldSecretsAsync(IList<string> currentFunctions, TraceWriter traceWriter, ILogger logger)
diff --git a/test/WebJobs.Script.Tests/Security/SecretManagerTests.cs b/test/WebJobs.Script.Tests/Security/SecretManagerTests.cs
@@ -498,6 +498,140 @@ public void Constructor_WithCreateHostSecretsIfMissingSet_CreatesHostSecret()
             }
         }
 
+        [Fact]
+        public async Task GetHostSecretsAsync_WaitsForNewSecrets()
+        {
+            using (var directory = new TempDirectory())
+            {
+                string hostSecretsJson = @"{
+    'masterKey': {
+        'name': 'master',
+        'value': '1234',
+        'encrypted': false
+    },
+    'functionKeys': [],
+    'systemKeys': []
+}";
+                string filePath = Path.Combine(directory.Path, ScriptConstants.HostMetadataFileName);
+                File.WriteAllText(filePath, hostSecretsJson);
+
+                HostSecretsInfo hostSecrets = null;
+                var traceWriter = new TestTraceWriter(TraceLevel.Verbose);
+                ISecretsRepository repository = new FileSystemSecretsRepository(directory.Path);
+
+                using (var secretManager = new SecretManager(_settingsManager, repository, traceWriter, null))
+                {
+                    await Task.WhenAll(
+                        Task.Run(async () =>
+                        {
+                            // Lock the file
+                            using (FileStream fs = new FileStream(filePath, FileMode.Open, FileAccess.Write))
+                            {
+                                await Task.Delay(500);
+                            }
+                        }),
+                        Task.Run(async () =>
+                        {
+                            await Task.Delay(100);
+                            hostSecrets = await secretManager.GetHostSecretsAsync();
+                        }));
+
+                    Assert.Equal(hostSecrets.MasterKey, "1234");
+                }
+
+                using (var secretManager = new SecretManager(_settingsManager, repository, traceWriter, null))
+                {
+                    await Assert.ThrowsAsync<IOException>(async () =>
+                    {
+                        await Task.WhenAll(
+                            Task.Run(async () =>
+                            {
+                                // Lock the file
+                                using (FileStream fs = new FileStream(filePath, FileMode.Open, FileAccess.Write))
+                                {
+                                    await Task.Delay(3000);
+                                }
+                            }),
+                            Task.Run(async () =>
+                            {
+                                await Task.Delay(100);
+                                hostSecrets = await secretManager.GetHostSecretsAsync();
+                            }));
+                    });
+                }
+            }
+        }
+
+        [Fact]
+        public async Task GetFunctionSecretsAsync_WaitsForNewSecrets()
+        {
+            using (var directory = new TempDirectory())
+            {
+                string functionName = "testfunction";
+                string functionSecretsJson =
+                 @"{
+    'keys': [
+        {
+            'name': 'Key1',
+            'value': 'FunctionValue1',
+            'encrypted': false
+        },
+        {
+            'name': 'Key2',
+            'value': 'FunctionValue2',
+            'encrypted': false
+        }
+    ]
+}";
+                string filePath = Path.Combine(directory.Path, functionName + ".json");
+                File.WriteAllText(filePath, functionSecretsJson);
+
+                IDictionary<string, string> functionSecrets = null;
+                var traceWriter = new TestTraceWriter(TraceLevel.Verbose);
+                ISecretsRepository repository = new FileSystemSecretsRepository(directory.Path);
+                using (var secretManager = new SecretManager(_settingsManager, repository, traceWriter, null))
+                {
+                    await Task.WhenAll(
+                        Task.Run(async () =>
+                        {
+                            // Lock the file
+                            using (FileStream fs = new FileStream(filePath, FileMode.Open, FileAccess.Write))
+                            {
+                                await Task.Delay(500);
+                            }
+                        }),
+                        Task.Run(async () =>
+                        {
+                            await Task.Delay(100);
+                            functionSecrets = await secretManager.GetFunctionSecretsAsync(functionName);
+                        }));
+
+                    Assert.Equal(functionSecrets["Key1"], "FunctionValue1");
+                }
+
+                using (var secretManager = new SecretManager(_settingsManager, repository, traceWriter, null))
+                {
+                    await Assert.ThrowsAsync<IOException>(async () =>
+                    {
+                        await Task.WhenAll(
+                            Task.Run(async () =>
+                            {
+                                // Lock the file
+                                using (FileStream fs = new FileStream(filePath, FileMode.Open, FileAccess.Write))
+                                {
+                                    await Task.Delay(3000);
+                                }
+                            }),
+                            Task.Run(async () =>
+                            {
+                                await Task.Delay(100);
+                                functionSecrets = await secretManager.GetFunctionSecretsAsync(functionName);
+                            }));
+                    });
+                }
+            }
+        }
+
         private Mock<IKeyValueConverterFactory> GetConverterFactoryMock(bool simulateWriteConversion = true, bool setStaleValue = true)
         {
             var mockValueReader = new Mock<IKeyValueReader>();
