Disabled functions are now registered, but only invokable via admin API

Author: mathewc

WebJobs.Script.sln

@@ -208,6 +208,12 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "WebHook-Generic-CSharp", "W
 		sample\WebHook-Generic-CSharp\run.csx = sample\WebHook-Generic-CSharp\run.csx
 	EndProjectSection
 EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "HttpTrigger-Disabled", "HttpTrigger-Disabled", "{97B9DB7D-8014-46A0-9E51-6C02A99E4D38}"
+	ProjectSection(SolutionItems) = preProject
+		sample\HttpTrigger-Disabled\function.json = sample\HttpTrigger-Disabled\function.json
+		sample\HttpTrigger-Disabled\index.js = sample\HttpTrigger-Disabled\index.js
+	EndProjectSection
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -274,5 +280,6 @@ Global
 		{B5FA5BC0-F929-4B85-BC9E-E5C7754D8FC7} = {FF9C0818-30D3-437A-A62D-7A61CA44F459}
 		{ACEE40C6-DA72-422E-99B6-2FA3824733CE} = {FF9C0818-30D3-437A-A62D-7A61CA44F459}
 		{DC1805CF-39CE-40E3-9F3A-E7C7DAD52B7E} = {FF9C0818-30D3-437A-A62D-7A61CA44F459}
+		{97B9DB7D-8014-46A0-9E51-6C02A99E4D38} = {FF9C0818-30D3-437A-A62D-7A61CA44F459}
 	EndGlobalSection
 EndGlobal

sample/HttpTrigger-Disabled/function.json

@@ -0,0 +1,14 @@
+{
+  "disabled": true,
+  "bindings": [
+    {
+      "type": "httpTrigger",
+      "direction": "in",
+      "methods": [ "get" ]
+    },
+    {
+      "type": "http",
+      "direction": "out"
+    }
+  ]
+}

sample/HttpTrigger-Disabled/index.js

@@ -0,0 +1,10 @@
+module.exports = function (context, req) {
+    context.log('Node.js HTTP trigger function invoked!');
+
+    context.res = {
+        status: 200,
+        body: 'Hello World!'
+    };
+
+    context.done();
+}

src/WebJobs.Script.WebHost/Controllers/FunctionsController.cs

@@ -45,6 +45,13 @@ public override async Task<HttpResponseMessage> ExecuteAsync(HttpControllerConte
             SecretManager secretManager = (SecretManager)controllerContext.Configuration.DependencyResolver.GetService(typeof(SecretManager));
             AuthorizationLevel authorizationLevel = AuthorizationLevelAttribute.GetAuthorizationLevel(request, secretManager, functionName: function.Name);
 
+            if (function.Metadata.IsDisabled && 
+                authorizationLevel != AuthorizationLevel.Admin)
+            {
+                // disabled functions are not publically addressable w/o Admin level auth
+                return new HttpResponseMessage(HttpStatusCode.NotFound);
+            }
+
             // Dispatch the request
             HttpTriggerBindingMetadata httpFunctionMetadata = (HttpTriggerBindingMetadata)function.Metadata.InputBindings.FirstOrDefault(p => p.Type == BindingType.HttpTrigger);
             bool isWebHook = !string.IsNullOrEmpty(httpFunctionMetadata.WebHookType);

src/WebJobs.Script/Description/CSharp/CSharpFunctionDescriptionProvider.cs

@@ -88,6 +88,8 @@ protected override Collection<ParameterDescriptor> GetFunctionParameters(IFuncti
 
             try
             {
+                ApplyMethodLevelAttributes(functionMetadata, triggerMetadata, methodAttributes);
+
                 MethodInfo functionTarget = csharpInvoker.GetFunctionTargetAsync().Result;
                 ParameterInfo[] parameters = functionTarget.GetParameters();
                 Collection<ParameterDescriptor> descriptors = new Collection<ParameterDescriptor>();
@@ -97,7 +99,7 @@ protected override Collection<ParameterDescriptor> GetFunctionParameters(IFuncti
                     // Is it the trigger parameter?
                     if (string.Compare(parameter.Name, triggerMetadata.Name, StringComparison.Ordinal) == 0)
                     {
-                        descriptors.Add(CreateTriggerParameterDescriptor(parameter, triggerMetadata, methodAttributes));
+                        descriptors.Add(CreateTriggerParameterDescriptor(parameter, triggerMetadata));
                     }
                     else
                     {
@@ -152,8 +154,7 @@ protected override Collection<ParameterDescriptor> GetFunctionParameters(IFuncti
             return base.GetFunctionParameters(functionInvoker, functionMetadata, triggerMetadata, methodAttributes, inputBindings, outputBindings);
         }
 
-        private ParameterDescriptor CreateTriggerParameterDescriptor(ParameterInfo parameter, BindingMetadata triggerMetadata,
-            Collection<CustomAttributeBuilder> methodAttributes)
+        private ParameterDescriptor CreateTriggerParameterDescriptor(ParameterInfo parameter, BindingMetadata triggerMetadata)
         {
             ParameterDescriptor triggerParameter = null;
             switch (triggerMetadata.Type)
@@ -174,10 +175,10 @@ private ParameterDescriptor CreateTriggerParameterDescriptor(ParameterInfo param
                     triggerParameter = ParseTimerTrigger((TimerBindingMetadata)triggerMetadata, parameter.ParameterType);
                     break;
                 case BindingType.HttpTrigger:
-                    triggerParameter = ParseHttpTrigger((HttpTriggerBindingMetadata)triggerMetadata, methodAttributes, parameter.ParameterType);
+                    triggerParameter = ParseHttpTrigger((HttpTriggerBindingMetadata)triggerMetadata, parameter.ParameterType);
                     break;
                 case BindingType.ManualTrigger:
-                    triggerParameter = ParseManualTrigger(triggerMetadata, methodAttributes, parameter.ParameterType);
+                    triggerParameter = ParseManualTrigger(triggerMetadata, parameter.ParameterType);
                     break;
             }
 

src/WebJobs.Script/Description/FunctionDescriptorProvider.cs

@@ -39,11 +39,6 @@ public virtual bool TryCreate(FunctionMetadata functionMetadata, out FunctionDes
 
             functionDescriptor = null;
 
-            if (functionMetadata.IsDisabled)
-            {
-                return false;
-            }
-
             // Default the trigger binding name if a name hasn't
             // been specified
             // TODO: Remove this logic and always require it to be explicitly
@@ -135,13 +130,15 @@ protected virtual Collection<ParameterDescriptor> GetFunctionParameters(IFunctio
                     triggerParameter = ParseTimerTrigger((TimerBindingMetadata)triggerMetadata, typeof(TimerInfo));
                     break;
                 case BindingType.HttpTrigger:
-                    triggerParameter = ParseHttpTrigger((HttpTriggerBindingMetadata)triggerMetadata, methodAttributes, typeof(HttpRequestMessage));
+                    triggerParameter = ParseHttpTrigger((HttpTriggerBindingMetadata)triggerMetadata, typeof(HttpRequestMessage));
                     break;
                 case BindingType.ManualTrigger:
-                    triggerParameter = ParseManualTrigger(triggerMetadata, methodAttributes);
+                    triggerParameter = ParseManualTrigger(triggerMetadata);
                     break;
             }
 
+            ApplyMethodLevelAttributes(functionMetadata, triggerMetadata, methodAttributes);
+
             Collection<ParameterDescriptor> parameters = new Collection<ParameterDescriptor>();
             triggerParameter.IsTrigger = true;
             parameters.Add(triggerParameter);
@@ -158,6 +155,19 @@ protected virtual Collection<ParameterDescriptor> GetFunctionParameters(IFunctio
             return parameters;
         }
 
+        protected static void ApplyMethodLevelAttributes(FunctionMetadata functionMetadata, BindingMetadata triggerMetadata, Collection<CustomAttributeBuilder> methodAttributes)
+        {
+            if (functionMetadata.IsDisabled ||
+                (triggerMetadata.Type == BindingType.HttpTrigger || triggerMetadata.Type == BindingType.ManualTrigger))
+            {
+                // the function can be run manually, but there will be no automatic
+                // triggering
+                ConstructorInfo ctorInfo = typeof(NoAutomaticTriggerAttribute).GetConstructor(new Type[0]);
+                CustomAttributeBuilder attributeBuilder = new CustomAttributeBuilder(ctorInfo, new object[0]);
+                methodAttributes.Add(attributeBuilder);
+            }
+        }
+
         protected abstract IFunctionInvoker CreateFunctionInvoker(string scriptFilePath, BindingMetadata triggerMetadata, FunctionMetadata functionMetadata, Collection<FunctionBinding> inputBindings, Collection<FunctionBinding> outputBindings);
 
         protected ParameterDescriptor ParseEventHubTrigger(EventHubBindingMetadata trigger, Type triggerParameterType = null)
@@ -314,58 +324,34 @@ protected ParameterDescriptor ParseTimerTrigger(TimerBindingMetadata trigger, Ty
             return new ParameterDescriptor(parameterName, triggerParameterType, attributes);
         }
 
-        protected ParameterDescriptor ParseHttpTrigger(HttpTriggerBindingMetadata trigger, Collection<CustomAttributeBuilder> methodAttributes, Type triggerParameterType = null)
+        protected ParameterDescriptor ParseHttpTrigger(HttpTriggerBindingMetadata trigger, Type triggerParameterType = null)
         {
             if (trigger == null)
             {
                 throw new ArgumentNullException("trigger");
             }
 
-            if (methodAttributes == null)
-            {
-                throw new ArgumentNullException("methodAttributes");
-            }
-
             if (triggerParameterType == null)
             {
                 triggerParameterType = typeof(string);
             }
 
-            ConstructorInfo ctorInfo = typeof(NoAutomaticTriggerAttribute).GetConstructor(new Type[0]);
-            CustomAttributeBuilder attributeBuilder = new CustomAttributeBuilder(ctorInfo, new object[0]);
-            methodAttributes.Add(attributeBuilder);
-
-            ctorInfo = typeof(TraceLevelAttribute).GetConstructor(new Type[] { typeof(TraceLevel) });
-            attributeBuilder = new CustomAttributeBuilder(ctorInfo, new object[] { TraceLevel.Off });
-            methodAttributes.Add(attributeBuilder);
-
-            string parameterName = trigger.Name;
-            return new ParameterDescriptor(parameterName, triggerParameterType);
+            return new ParameterDescriptor(trigger.Name, triggerParameterType);
         }
 
-        protected ParameterDescriptor ParseManualTrigger(BindingMetadata trigger, Collection<CustomAttributeBuilder> methodAttributes, Type triggerParameterType = null)
+        protected ParameterDescriptor ParseManualTrigger(BindingMetadata trigger, Type triggerParameterType = null)
         {
             if (trigger == null)
             {
                 throw new ArgumentNullException("trigger");
             }
 
-            if (methodAttributes == null)
-            {
-                throw new ArgumentNullException("methodAttributes");
-            }
-
             if (triggerParameterType == null)
             {
                 triggerParameterType = typeof(string);
             }
 
-            ConstructorInfo ctorInfo = typeof(NoAutomaticTriggerAttribute).GetConstructor(new Type[0]);
-            CustomAttributeBuilder attributeBuilder = new CustomAttributeBuilder(ctorInfo, new object[0]);
-            methodAttributes.Add(attributeBuilder);
-
-            string parameterName = trigger.Name;
-            return new ParameterDescriptor(parameterName, triggerParameterType);
+            return new ParameterDescriptor(trigger.Name, triggerParameterType);
         }
     }
 }

src/WebJobs.Script/GlobalSuppressions.cs

@@ -57,3 +57,6 @@
 [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Maintainability", "CA1502:AvoidExcessiveComplexity", Scope = "member", Target = "Microsoft.Azure.WebJobs.Script.ScriptHost.#ApplyConfiguration(Newtonsoft.Json.Linq.JObject,Microsoft.Azure.WebJobs.Script.ScriptHostConfiguration)")]
 [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Scope = "member", Target = "Microsoft.Azure.WebJobs.Script.ScriptHost.#Initialize()")]
 [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Usage", "CA1801:ReviewUnusedParameters", MessageId = "metadata", Scope = "member", Target = "Microsoft.Azure.WebJobs.Script.Binding.FunctionBinding.#.ctor(Microsoft.Azure.WebJobs.Script.ScriptHostConfiguration,Microsoft.Azure.WebJobs.Script.Description.BindingMetadata,System.IO.FileAccess)")]
+[assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1011:ConsiderPassingBaseTypesAsParameters", Scope = "member", Target = "Microsoft.Azure.WebJobs.Script.Description.FunctionDescriptorProvider.#ParseHttpTrigger(Microsoft.Azure.WebJobs.Script.Description.HttpTriggerBindingMetadata,System.Type)")]
+[assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Performance", "CA1822:MarkMembersAsStatic", Scope = "member", Target = "Microsoft.Azure.WebJobs.Script.Description.FunctionDescriptorProvider.#ParseHttpTrigger(Microsoft.Azure.WebJobs.Script.Description.HttpTriggerBindingMetadata,System.Type)")]
+[assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Performance", "CA1822:MarkMembersAsStatic", Scope = "member", Target = "Microsoft.Azure.WebJobs.Script.Description.FunctionDescriptorProvider.#ParseManualTrigger(Microsoft.Azure.WebJobs.Script.Description.BindingMetadata,System.Type)")]

test/WebJobs.Script.Tests/SamplesEndToEndTests.cs

@@ -50,6 +50,24 @@ public async Task HttpTrigger_Get_Succeeds()
             Assert.Equal("Hello Mathew", body);
         }
 
+        [Fact]
+        public async Task HttpTrigger_Disabled_SucceedsWithAdminKey()
+        {
+            // first try with function key only - expect 404
+            string uri = "api/httptrigger-disabled?code=zlnu496ve212kk1p84ncrtdvmtpembduqp25ajjc";
+            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, uri);
+            HttpResponseMessage response = await this._fixture.HttpClient.SendAsync(request);
+            Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
+
+            // now try with admin key
+            uri = "api/httptrigger-disabled?code=t8laajal0a1ajkgzoqlfv5gxr4ebhqozebw4qzdy";
+            request = new HttpRequestMessage(HttpMethod.Get, uri);
+            response = await this._fixture.HttpClient.SendAsync(request);
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            string body = await response.Content.ReadAsStringAsync();
+            Assert.Equal("Hello World!", body);
+        }
+
         [Fact]
         public async Task GenericWebHook_Post_Succeeds()
         {