Feature request: export Functions host keys #699
Comments
|
Hi @tombuildsstuff , @katbyte I also want this feature, do you plan to implement this feature? |
|
Hi @TsuyoshiUshio, Currently this is not on our short term roadmap so if you were to contribute it would be fantastic 🙂 |
|
I have a question for implementing this feature. I finish investigating how to implement it now ready to code. However, I have one question. This API is not the API of AppService. https://github.com/Azure/azure-functions-host/wiki/Key-management-API Also, Lifecycle is slight different from the creation of the FunctionApp. The function Key is auto generated for each Azure Functions. Which means process is something like this.
In this case, we can't fetch the functions key from the function_app resource. We need to create a new resource. However, we don't need to create the new resource. Usually, Terraform resource has Create/Update/Read methods. The new resource (maybe, azure_arm_function_app_keys) only requires Read. If we add something, the API can re-generate the key (I'm not sure we need this or not). In this case, how can I implement that. Just empty implementation of Create/Update with delegate to Read method is right? |
|
I might understand. All I need is implement data_source_function_app.go , right? When I contributed this repo last time, you might haven't had it, right? I'll start to create pull request. :) |
|
If anyone ends up here looking for a workaround while the API's are updated in the Go SDK to enable this feature I wrote one up here: https://blog.gripdev.xyz/2019/07/16/terraform-get-azure-function-key/ |
|
@lawrencegripper You saved my day, your solution works perfectly. As a side note, when dealing with EventGrid triggers, we need the "value": "[listkeys(concat(variables('functionAppId'), '/host/default'), '2018-11-01').functionKeys.default]"To this: "value": "[listkeys(concat(variables('functionAppId'), '/host/default'), '2018-11-01').systemKeys.eventgrid_extension]" |
|
It is possible to use "az rest --method post" to call the listKeys api to retrieve the keys. Pipe that into jq '.systemKeys.eventgridextensionconfig_extension' to pull the right key. Wrap this into a local-exec so it becomes part of the terraform config. |
|
Gathered from different sources would like to post our workaround: data "external" "hostKey" {
program = ["bash", "-c", "az rest --method post --uri ${azurerm_resource_group.storage_service.id}/providers/Microsoft.Web/sites/${azurerm_function_app.function.name}/host/default/listKeys?api-version=2018-11-01 --query systemKeys"]
depends_on = [
azurerm_function_app.function
]
}
resource "azurerm_eventgrid_event_subscription" "event_subscription" {
[...]
webhook_endpoint {
url = "https://${azurerm_function_app.function.name}.azurewebsites.net/runtime/webhooks/eventgrid?functionName=Thumbnail&code=${data.external.hostKey.result.eventgrid_extension}"
}
lifecycle {
ignore_changes = [
webhook_endpoint,
]
}
}The |
|
@Bessonov when I use that CLI command I get "{}" as the return. I suspect that's because I haven't deployed any code packages to my Azure Function and that the eventgrid extension is automatically loaded whenever a code deployment with an EventGridTrigger is loaded there... |
|
I would love to see host keys treated as a resource, where we could import an existing key into the Terraform state, but also have the ability to create new custom host keys so we can align keys for geo-redundant resources. |
|
It'd be great to see this implemented, this is causing problems all over the place now. I used the ARM template method to get the keys, and this worked fine until recently. However this now fails due to timing reasons, I'm not sure if anyone else is seeing this?. The template is called after the function creates, using the functions ID as the dependency. By the time I re-run the template or deployment this always works. I will look at options with a retry or some other logic as a work around. |
Hi, I had the same issue with this extension. To automate this I had our developers create a deployable package with the extension as a .zip. Then I created a function in terraform that deployed this and then extracted the key using and ARM template. There's a good example of how to deploy a packaged function here Deploying an Azure Function App with Terraform |
|
@eltimmo this happens to me somtimes, what I have found is that if the RGT resource that is pulling the function key fails to provision in terraform its because there is a failed deployment in the resource group history. If I delete that failed deployment and try terraform again it works! Check out my updated module library for azure functions: https://github.com/markti/tf_azure_fn this one demonstrates how to use the tf_azure_fn modules.... https://github.com/markti/tf_azure_microservices I use the same technique for the eventgrid key...but the host key I can get without deploying any code...I think the problem with EventGrid key is that the EventGrid extension is only loaded (which generates the event grid key) when Azure Functions detects that the DLL contains a class decorated with [EventGridTrigger] |
This comment has been minimized.
This comment has been minimized.
|
Hi, I've created a TF module that waits and gets a key of your choice. It uses a combination of methods described in this thread to do this. It uses powershell 7 to get the key, so it's able to keep trying until it's available. I've been using this for a couple of weeks and it's reliable. I've not tested in Linux, also I've not tested it yet with the function extenion keys but it should work. |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
Good news guys, ListHostKeys is part of the go-sdk now, I opened a PR to resolve this issue |
|
In which |
|
Does it successfully return the key? In my attempts a while back the call existed in the SDK but always returned an empty value due to an issue with the services spec. See #4066 |
|
@lawrencegripper Looks like they have fixed it, as I was able to successfully fetch the keys (check the test in the PR ) |
|
@lawrencegripper thanks for the blog post, it helps a lot. Currently using workaround desribed in https://blog.gripdev.xyz/2019/07/16/terraform-get-azure-function-key/. However noticed that when deploying infratructure for the first time it fails. With below error. In order to get successful consecutive deployments, I need to delete failed deployment and deploy function app. Does anyone know fix for this one?
|
|
I got around this by using a bash script that basically did |
|
This has been released in version 2.27.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example: provider "azurerm" {
version = "~> 2.27.0"
}
# ... other configuration ... |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks! |
ghost
locked as resolved and limited conversation to collaborators
Community Note
Terraform Version
0.10.6
Affected Resource(s)
azurerm_function_app
Expected Behavior
Should export Functions host keys
Actual Behavior
It only exports
idanddefault_hostnames:https://www.terraform.io/docs/providers/azurerm/r/function_app.html#attributes-reference
The text was updated successfully, but these errors were encountered: