pulumi · mikhailshilkov · Jul 10, 2019 · Jul 8, 2019 · Jul 8, 2019 · Jul 8, 2019
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,8 +2,7 @@ CHANGELOG
 =========
 
 ## HEAD (Unreleased)
-___NULL___
-
+* Introduce `listHostKeys` and `listFunctionKeys` mix-in functions to retrieve Azure Functions management keys
 
 ---
 

diff --git a/resources.go b/resources.go
@@ -1028,6 +1028,8 @@ func Provider() tfbridge.ProviderInfo {
 			Dependencies: map[string]string{
 				"@pulumi/pulumi":                "^0.17.12",
 				"@azure/functions":              "^1.0.3",
+				"@azure/ms-rest-azure-js":       "^1.3.8",
+				"@azure/ms-rest-nodeauth":       "^2.0.2",
 				"azure-functions-ts-essentials": "^1.3.2",
 			},
 			Overlay: &tfbridge.OverlayInfo{
@@ -1044,6 +1046,11 @@ func Provider() tfbridge.ProviderInfo {
 							"zMixins_timer.ts",
 						},
 					},
+					"core": {
+						DestFiles: []string{
+							"zMixins.ts",
+						},
+					},
 					"cosmosdb": {
 						DestFiles: []string{
 							"zMixins.ts",

diff --git a/sdk/nodejs/appservice/zMixins.ts b/sdk/nodejs/appservice/zMixins.ts
@@ -15,6 +15,7 @@
 import * as pulumi from "@pulumi/pulumi";
 
 import * as azurefunctions from "@azure/functions";
+import { AzureServiceClient } from "@azure/ms-rest-azure-js";
 
 import { FunctionApp } from "./functionApp";
 
@@ -196,7 +197,7 @@ interface FunctionAppArgsBase {
     /**
      * A mapping of tags to assign to the resource.
      */
-    readonly tags?: pulumi.Input<{[key: string]: any}>;
+    readonly tags?: pulumi.Input<{ [key: string]: any }>;
 
     /**
      * The runtime version associated with the Function App. Defaults to `~2`.
@@ -248,7 +249,7 @@ export interface HostSettings {
          * A sliding time window used in conjunction with the `healthCheckThreshold` setting.
          * Defaults to 2 minutes.
          */
-        healthCheckWindow:string,
+        healthCheckWindow: string,
         /**
          * Maximum number of times the health check can fail before a host recycle is initiated.  Defaults to `6`.
          */
@@ -354,14 +355,14 @@ async function produceDeploymentArchiveAsync(args: MultiCallbackFunctionAppArgs)
 
         const body = await serializeFunctionCallback(func.callback);
 
-        map[`${func.name}/index.js`] = new pulumi.asset.StringAsset(`module.exports = require("./handler").handler`),
+        map[`${func.name}/index.js`] = new pulumi.asset.StringAsset(`module.exports = require("./handler").handler`);
         map[`${func.name}/handler.js`] = new pulumi.asset.StringAsset(body.text);
     }
 
     return new pulumi.asset.AssetArchive(map);
 }
 
-function combineAppSettings(args: MultiCallbackFunctionAppArgs): pulumi.Output<{[key: string]: string}> {
+function combineAppSettings(args: MultiCallbackFunctionAppArgs): pulumi.Output<{ [key: string]: string }> {
     const applicationSetting = args.appSettings || {};
     const perFunctionSettings = args.functions !== undefined ? args.functions.map(c => c.appSettings || {}) : [];
     return pulumi.all([applicationSetting, ...perFunctionSettings]).apply(items => items.reduce((a, b) => ({ ...a, ...b }), {}));
@@ -435,10 +436,9 @@ export interface ArchiveFunctionAppArgs extends FunctionAppArgsBase {
     archive: pulumi.Input<pulumi.asset.Archive>;
 };
 
-function createFunctionAppParts(
-        name: string,
-        args: ArchiveFunctionAppArgs,
-        opts: pulumi.CustomResourceOptions = {}) {
+function createFunctionAppParts(name: string,
+                                args: ArchiveFunctionAppArgs,
+                                opts: pulumi.CustomResourceOptions = {}) {
 
     if (!args.archive) {
         throw new Error("Deployment [archive] must be provided.");
@@ -594,7 +594,7 @@ export abstract class PackagedFunctionApp extends pulumi.ComponentResource {
      */
     public readonly endpoint: pulumi.Output<string>;
 
-    constructor(type:string,
+    constructor(type: string,
                 name: string,
                 args: ArchiveFunctionAppArgs,
                 opts: pulumi.ComponentResourceOptions = {}) {
@@ -711,3 +711,77 @@ export function getResourceGroupNameAndLocation(
     const getResult = resourceGroupName.apply(n => core.getResourceGroup({ name: n }));
     return { resourceGroupName, location: getResult.location };
 }
+
+/**
+ * Keys associated with a Function App.
+ */
+export interface FunctionHostKeys {
+    /** Master key. */
+    masterKey: string;
+    /** A dictionary of system keys, e.g. for Durable Functions or Event Grid. */
+    systemKeys: { [key: string]: string };
+    /** Default function keys. */
+    functionKeys: FunctionKeys;
+}
+
+/**
+ * Keys associated with a single Function.
+ */
+export interface FunctionKeys {
+    default: string;
+    [key: string]: string;
+}
+
+declare module "./functionApp" {
+    interface FunctionApp {
+        /**
+         * Retrieve the keys associated with the Function App.
+         */
+        getHostKeys(): pulumi.Output<FunctionHostKeys>;
+
+        /**
+         * Retrieve the keys associated with the given Function.
+         */
+        getFunctionKeys(functionName: pulumi.Input<string>): pulumi.Output<FunctionKeys>;
+    }
+}
+
+FunctionApp.prototype.getHostKeys = function(this: FunctionApp) {
+    return this.id.apply(async id => {
+        const credentials = await core.getServiceClientCredentials();
+        const client = new AzureServiceClient(credentials);
+        const url = `https://management.azure.com${id}/host/default/listkeys?api-version=2018-02-01`;
+
+        const response = await client.sendRequest({ method: "POST", url });
+        if (response.status >= 400) {
+            throw new Error(`Failed to retrieve the host keys: ${response.bodyAsText}`);
+        }
+
+        const body = response.parsedBody;
+        if (body.masterKey === undefined || body.systemKeys === undefined || body.functionKeys === undefined) {
+            throw new Error(`Wrong shape of the host keys response: ${response.bodyAsText}`);
+        }
+
+        return body as FunctionHostKeys;
+    });
+};
+
+FunctionApp.prototype.getFunctionKeys = function(this: FunctionApp, functionName) {
+    return pulumi.all([this.id, functionName]).apply(async ([id, functionName]) => {
+        const credentials = await core.getServiceClientCredentials();
+        const client = new AzureServiceClient(credentials);
+        const url = `https://management.azure.com${id}/functions/${functionName}/listkeys?api-version=2018-02-01`;
+
+        const response = await client.sendRequest({ method: "POST", url });
+        if (response.status >= 400) {
+            throw new Error(`Failed to retrieve the function keys: ${response.bodyAsText}`);
+        }
+
+        const body = response.parsedBody;
+        if (body.default === undefined) {
+            throw new Error(`Wrong shape of the function keys response: ${response.bodyAsText}`);
+        }
+
+        return body as FunctionKeys;
+    });
+};
diff --git a/sdk/nodejs/core/index.ts b/sdk/nodejs/core/index.ts
@@ -9,3 +9,4 @@ export * from "./getSubscriptions";
 export * from "./getUserAssignedIdentity";
 export * from "./resourceGroup";
 export * from "./templateDeployment";
+export * from "./zMixins";
diff --git a/sdk/nodejs/core/zMixins.ts b/sdk/nodejs/core/zMixins.ts
@@ -0,0 +1,37 @@
+// Copyright 2016-2018, Pulumi Corporation.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import { ServiceClientCredentials } from "@azure/ms-rest-js";
+import * as msnodeauth from "@azure/ms-rest-nodeauth";
+import * as config from "../config";
+
+/**
+ * Obtain credentials to query Azure Management API. Depending on the environment configuration, this
+ * are either based on MSI, a service principal, or Azure CLI user credentials.
+ */
+export async function getServiceClientCredentials(): Promise<ServiceClientCredentials> {
+    let credentials: ServiceClientCredentials;
+
+    if (config.useMsi) {
+        credentials = await msnodeauth.loginWithAppServiceMSI({ msiEndpoint: config.msiEndpoint });
+    } else if (config.clientId && config.clientSecret && config.tenantId) {
+        credentials = await msnodeauth.loginWithServicePrincipalSecret(
+            config.clientId, config.clientSecret, config.tenantId);
+    } else {
+        // `create()` will throw an error if the Az CLI is not installed or `az login` has never been run.
+        credentials = await msnodeauth.AzureCliCredentials.create();
+    }
+
+    return credentials;
+}
diff --git a/sdk/nodejs/package.json b/sdk/nodejs/package.json
@@ -14,6 +14,8 @@
     },
     "dependencies": {
         "@azure/functions": "^1.0.3",
+        "@azure/ms-rest-azure-js": "^1.3.8",
+        "@azure/ms-rest-nodeauth": "^2.0.2",
         "@pulumi/pulumi": "^0.17.12",
         "azure-functions-ts-essentials": "^1.3.2"
     },

diff --git a/sdk/nodejs/tsconfig.json b/sdk/nodejs/tsconfig.json
@@ -132,6 +132,7 @@
         "core/index.ts",
         "core/resourceGroup.ts",
         "core/templateDeployment.ts",
+        "core/zMixins.ts",
         "cosmosdb/account.ts",
         "cosmosdb/cassandraKeyspace.ts",
         "cosmosdb/getAccount.ts",