Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add new resource for azurerm_function_app_host_keys #10902

Open
shep1987 opened this issue Mar 9, 2021 · 5 comments
Open

Add new resource for azurerm_function_app_host_keys #10902

shep1987 opened this issue Mar 9, 2021 · 5 comments
Labels
enhancement service/functions Function Apps

Comments

@shep1987
Copy link
Contributor

shep1987 commented Mar 9, 2021

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Ability to manage host keys rather than just get them, this can be useful for swapping slots and needing to retain the same key across slots

Current workaround

resource "null_resource" "check_key" {
  triggers = {
    key = data.azurerm_function_app_host_keys.example.default_function_key
  }

  provisioner "local-exec" {
    command = "${path.module}\\update_function_key.ps1 -webapp \"${azurerm_function_app_slot.example.id}\" -functionkey \"${data.azurerm_function_app_host_keys.example.default_function_key}\""
    interpreter = ["pwsh", "-Command"]
  }
}
[CmdletBinding()]
param (
    [Parameter(Mandatory = $true)]
    [string]
    $functionkey,
    [Parameter(Mandatory = $true)]
    [string]
    $webapp
)

$payload = (@{ properties=@{ name=$keyName; value="$functionkey" } } | ConvertTo-Json -Compress).Replace('"', '\"')
az rest --method put --uri "$webapp/host/default/functionkeys/default?api-version=2018-11-01" --body "$payload"

New or Affected Resource(s)

NEW - azurerm_function_app_host_keys
NEW - azurerm_function_app_slot_host_keys

Potential Terraform Configuration

resource"azurerm_function_app_host_keys" "example" {
  name                = "example-function"
  resource_group_name = azurerm_resource_group.example.name
  key ="default"
  value = "(secret)"
}
resource"azurerm_function_app_slot_host_keys" "example" {
  name                = "example-function"
  resource_group_name = azurerm_resource_group.example.name
  slotname = "slot"
  key ="default"
  value = "(secret)"
}

References

Link to Interface in go sdk
https://github.com/Azure/azure-sdk-for-go/blob/master/services/web/mgmt/2018-02-01/web/webapi/interfaces.go#L265

  • #0000
@cheinz71

This comment has been minimized.

Sign in to view
@aristosvo
Copy link
Contributor

aristosvo commented May 21, 2021
edited
Loading

@shep1987 Do you only need host keys/secrets or also/preferable function keys/secrets?

We probably won't need a key if we already have a name specified, are there specific reasons to distinguish both?

Like this:

resource "azurerm_function_app_host_keys" "example" {
  name                = "example-host_key" 
  function_app_name   = "example-function-app"
  resource_group_name = azurerm_resource_group.example.name

  value = "(secret)"
}
resource "azurerm_function_app_slot_host_keys" "example" {
  name                    = "example-function_slot_host_key" 
  function_name           = "example-function"
  function_app_slot_name  = "slot"
  function_app_name       = "example-function-app"
  resource_group_name     = azurerm_resource_group.example.name

  value = "(secret)"
}

Or, for function keys:

resource "azurerm_function_keys" "example" {
  name                = "example-function_key" 
  function_name       = "example-function"
  function_app_name   = "example-function-app"
  resource_group_name = azurerm_resource_group.example.name

  value = "(secret)"
}

and maybe this one as wel..

resource "azurerm_function_slot_keys" "example" {
  name                    = "example-function_key" 
  function_name           = "example-function"
  function_app_slot_name  = "slot"
  function_app_name       = "example-function-app"
  resource_group_name     = azurerm_resource_group.example.name

  value = "(secret)"
}

@shep1987
Copy link
Contributor Author

Personally I only require host, though function may be useful for some people.

I think you will need both:

name => azurerm_function_app.name
key => host_key_name (as seen below)

image

Hopefully this makes sense :)

Shaun

@aristosvo
Copy link
Contributor

Hi @shep1987!

Unfortunately my first attempt to create this resource ended in an issue on the Azure REST API specs repo.

At the moment the Azure Go SDK (which we use to implement the Terraform resources) is generated based on these specs, and these specs are incorrect.

@allenhumphreys
Copy link
Contributor

@aristosvo I think we've finally gotten traction on getting the GoSDK fixed for making this resource possible

Azure/azure-rest-api-specs#17653

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement service/functions Function Apps
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@favoretti @shep1987 @allenhumphreys @aristosvo @cheinz71