Warn user if two apps are sharing the same secrets. Fixes #2740

alrod · alrod · commit f3170f53f3d2 · 2018-04-26T17:55:53.000-07:00
diff --git a/src/WebJobs.Script.WebHost/Properties/Resources.Designer.cs b/src/WebJobs.Script.WebHost/Properties/Resources.Designer.cs
diff --git a/src/WebJobs.Script.WebHost/Properties/Resources.resx b/src/WebJobs.Script.WebHost/Properties/Resources.resx
@@ -117,8 +117,11 @@
   <resheader name="writer">
     <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
+  <data name="ErrorSameSecrets" xml:space="preserve">
+    <value>Two or more function apps are sharing the same secrets ({0})</value>
+  </data>
   <data name="ErrorTooManySecretBackups" xml:space="preserve">
-    <value>Repository has more than {0} non-decryptable secrets backups ({1}).</value>
+    <value>Repository has more than {0} non-decryptable secrets backups ({1}). {2}</value>
   </data>
   <data name="FunctionSecretsSchemaV0" xml:space="preserve">
     <value>{
diff --git a/src/WebJobs.Script.WebHost/Security/KeyManagement/SecretManager.cs b/src/WebJobs.Script.WebHost/Security/KeyManagement/SecretManager.cs
@@ -387,7 +387,7 @@ private async Task PersistSecretsAsync<T>(T secrets, string keyScope = null, boo
 
                 if (secretBackups.Length >= ScriptConstants.MaximumSecretBackupCount)
                 {
-                    string message = string.Format(Resources.ErrorTooManySecretBackups, ScriptConstants.MaximumSecretBackupCount, string.IsNullOrEmpty(keyScope) ? "host" : keyScope);
+                    string message = string.Format(Resources.ErrorTooManySecretBackups, ScriptConstants.MaximumSecretBackupCount, string.IsNullOrEmpty(keyScope) ? "host" : keyScope, await AnalizeSnapshots<T>(secretBackups));
                     _logger?.LogDebug(message);
                     throw new InvalidOperationException(message);
                 }
@@ -451,6 +451,30 @@ private void OnSecretsChanged(object sender, SecretsChangedEventArgs e)
             }
         }
 
+        private async Task<string> AnalizeSnapshots<T>(string[] secretBackups) where T : ScriptSecrets
+        {
+            string analizeResult = string.Empty;
+            try
+            {
+                List<T> shapShots = new List<T>();
+                foreach (string secretPath in secretBackups)
+                {
+                    string secretString = await _repository.ReadAsync(ScriptSecretsType.Function, Path.GetFileNameWithoutExtension(secretPath));
+                    shapShots.Add(ScriptSecretSerializer.DeserializeSecrets<T>(secretString));
+                }
+                string[] hosts = shapShots.Select(x => x.HostName).Distinct().ToArray();
+                if (hosts.Length > 1)
+                {
+                    analizeResult = string.Format(Resources.ErrorSameSecrets, string.Join(",", hosts));
+                }
+            }
+            catch
+            {
+                // best effort
+            }
+            return analizeResult;
+        }
+
         public async Task PurgeOldSecretsAsync(string rootScriptPath, ILogger logger)
         {
             if (!Directory.Exists(rootScriptPath))
diff --git a/test/WebJobs.Script.Tests/Security/SecretManagerTests.cs b/test/WebJobs.Script.Tests/Security/SecretManagerTests.cs
@@ -7,10 +7,13 @@
 using System.Linq;
 using System.Security.Cryptography;
 using System.Threading.Tasks;
+using Microsoft.Azure.WebJobs.Logging;
 using Microsoft.Azure.WebJobs.Script.Config;
 using Microsoft.Azure.WebJobs.Script.WebHost;
 using Microsoft.Azure.WebJobs.Script.WebHost.Properties;
+using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Logging.Abstractions;
+using Microsoft.WebJobs.Script.Tests;
 using Moq;
 using Newtonsoft.Json;
 using WebJobs.Script.Tests;
@@ -548,7 +551,8 @@ public async Task GetHostSecrets_WhenTooManyBackups_ThrowsException()
             using (var directory = new TempDirectory())
             {
                 string functionName = "testfunction";
-                string expectedTraceMessage = string.Format(Resources.ErrorTooManySecretBackups, ScriptConstants.MaximumSecretBackupCount, functionName);
+                string expectedTraceMessage = string.Format(Resources.ErrorTooManySecretBackups, ScriptConstants.MaximumSecretBackupCount, functionName,
+                    string.Format(Resources.ErrorSameSecrets, "test0,test1"));
                 string functionSecretsJson =
                      @"{
     'keys': [
@@ -564,13 +568,17 @@ public async Task GetHostSecrets_WhenTooManyBackups_ThrowsException()
         }
     ]
 }";
-
+                ILoggerFactory loggerFactory = new LoggerFactory();
+                TestLoggerProvider loggerProvider = new TestLoggerProvider();
+                loggerFactory.AddProvider(loggerProvider);
+                var logger = loggerFactory.CreateLogger(LogCategories.CreateFunctionCategory("Test1"));
                 IDictionary<string, string> functionSecrets;
                 ISecretsRepository repository = new FileSystemSecretsRepository(directory.Path);
 
-                using (var secretManager = new SecretManager(_settingsManager, repository, null))
+                using (var secretManager = new SecretManager(_settingsManager, repository, logger))
                 {
-                    await Assert.ThrowsAsync<InvalidOperationException>(async () =>
+                    InvalidOperationException ioe = null;
+                    try
                     {
                         for (int i = 0; i < ScriptConstants.MaximumSecretBackupCount + 20; i++)
                         {
@@ -582,12 +590,26 @@ await Assert.ThrowsAsync<InvalidOperationException>(async () =>
                                 await Task.Delay(500);
                             }
 
+                            string hostName = "test" + (i % 2).ToString();
+                            _settingsManager.SetSetting(EnvironmentSettingNames.AzureWebsiteHostName, hostName);
                             functionSecrets = await secretManager.GetFunctionSecretsAsync(functionName);
                         }
-                    });
+                    }
+                    catch (InvalidOperationException ex)
+                    {
+                        ioe = ex;
+                    }
+                    finally
+                    {
+                        _settingsManager.SetSetting(EnvironmentSettingNames.AzureWebsiteHostName, null);
+                    }
                 }
 
                 Assert.True(Directory.GetFiles(directory.Path, $"{functionName}.{ScriptConstants.Snapshot}*").Length >= ScriptConstants.MaximumSecretBackupCount);
+                Assert.True(loggerProvider.GetAllLogMessages().Any(
+                    t => t.Level == LogLevel.Debug && t.FormattedMessage.IndexOf(expectedTraceMessage, StringComparison.OrdinalIgnoreCase) > -1),
+                    "Expected Trace message not found");
+
             }
         }
 
