Add new resource for azurerm_function_app_host_keys

shep1987 commented 3 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Ability to manage host keys rather than just get them, this can be useful for swapping slots and needing to retain the same key across slots

Current workaround

resource "null_resource" "check_key" {
  triggers = {
    key = data.azurerm_function_app_host_keys.example.default_function_key
  }

  provisioner "local-exec" {
    command = "${path.module}\\update_function_key.ps1 -webapp \"${azurerm_function_app_slot.example.id}\" -functionkey \"${data.azurerm_function_app_host_keys.example.default_function_key}\""
    interpreter = ["pwsh", "-Command"]
  }
}

[CmdletBinding()]
param (
    [Parameter(Mandatory = $true)]
    [string]
    $functionkey,
    [Parameter(Mandatory = $true)]
    [string]
    $webapp
)

$payload = (@{ properties=@{ name=$keyName; value="$functionkey" } } | ConvertTo-Json -Compress).Replace('"', '\"')
az rest --method put --uri "$webapp/host/default/functionkeys/default?api-version=2018-11-01" --body "$payload"

New or Affected Resource(s)

NEW - azurerm_function_app_host_keys NEW - azurerm_function_app_slot_host_keys

Potential Terraform Configuration

resource"azurerm_function_app_host_keys" "example" {
  name                = "example-function"
  resource_group_name = azurerm_resource_group.example.name
  key ="default"
  value = "(secret)"
}

resource"azurerm_function_app_slot_host_keys" "example" {
  name                = "example-function"
  resource_group_name = azurerm_resource_group.example.name
  slotname = "slot"
  key ="default"
  value = "(secret)"
}

References

Link to Interface in go sdk https://github.com/Azure/azure-sdk-for-go/blob/master/services/web/mgmt/2018-02-01/web/webapi/interfaces.go#L265

0000

cheinz71 commented 3 years ago

Hi, this feature (adding host keys to function apps by terraform) is important, would be great if that can be implemented! We are using Terraform for a huge deployment scenario to Azure for a big customer and need to configure the API Management against Azure Functions which requires the host key be generated in the function app. Thank you in advance, Christian

aristosvo commented 3 years ago

@shep1987 Do you only need host keys/secrets or also/preferable function keys/secrets?

We probably won't need a key if we already have a name specified, are there specific reasons to distinguish both?

Like this:

resource "azurerm_function_app_host_keys" "example" {
  name                = "example-host_key" 
  function_app_name   = "example-function-app"
  resource_group_name = azurerm_resource_group.example.name

  value = "(secret)"
}

resource "azurerm_function_app_slot_host_keys" "example" {
  name                    = "example-function_slot_host_key" 
  function_name           = "example-function"
  function_app_slot_name  = "slot"
  function_app_name       = "example-function-app"
  resource_group_name     = azurerm_resource_group.example.name

  value = "(secret)"
}

Or, for function keys:

resource "azurerm_function_keys" "example" {
  name                = "example-function_key" 
  function_name       = "example-function"
  function_app_name   = "example-function-app"
  resource_group_name = azurerm_resource_group.example.name

  value = "(secret)"
}

and maybe this one as wel..

resource "azurerm_function_slot_keys" "example" {
  name                    = "example-function_key" 
  function_name           = "example-function"
  function_app_slot_name  = "slot"
  function_app_name       = "example-function-app"
  resource_group_name     = azurerm_resource_group.example.name

  value = "(secret)"
}

shep1987 commented 3 years ago

Personally I only require host, though function may be useful for some people.

I think you will need both:

name => azurerm_function_app.name key => host_key_name (as seen below)

Hopefully this makes sense :)

Shaun

aristosvo commented 3 years ago

Hi @shep1987!

Unfortunately my first attempt to create this resource ended in an issue on the Azure REST API specs repo.

At the moment the Azure Go SDK (which we use to implement the Terraform resources) is generated based on these specs, and these specs are incorrect.

allenhumphreys commented 2 years ago

@aristosvo I think we've finally gotten traction on getting the GoSDK fixed for making this resource possible

https://github.com/Azure/azure-rest-api-specs/pull/17653

hashicorp / terraform-provider-azurerm