Support for web pubsub host key in azurerm_function_app_host_keys

[ghost]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Add ability to access the webpubsub_extension system key in azurerm_function_app_host_keys so that we can configure azurerm_web_pubsub_hub in terraform.

Suggest adding an attribute such as webpubsub_extension_key which seems to fit with the naming convention already used.

New or Affected Resource(s)

• azurerm_function_app_host_keys
• azurerm_web_pubsub_hub
• azurerm_web_pubsub

Potential Terraform Configuration

Assuming you have already created a Function App using azurerm_function_app based on the example https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app

1. Create a Web PubSub Instance

resource "azurerm_web_pubsub" "web_pubsub_poc" {
  name                = "wpspoc"
  location            = azurerm_resource_group.rg_webpubsub.location
  resource_group_name = azurerm_resource_group.rg_webpubsub.name

  sku      = "Standard_S1"
  capacity = 1

  public_network_access_enabled = true

  # Need to look at the correct settings here
  local_auth_enabled      = true
  aad_auth_enabled        = true
  tls_client_cert_enabled = false

  # Need to look at the correct settings here
  live_trace {
    enabled                   = true
    messaging_logs_enabled    = true
    connectivity_logs_enabled = true
    http_request_logs_enabled = true
  }

  identity {
    type = "SystemAssigned"
  }
}

2. Define the Function App Data Block

data "azurerm_function_app_host_keys" "example" {
  name                = "example-function"
  resource_group_name = azurerm_resource_group.example.name
}

4. In order to then configure a azurerm_web_pubsub_hub we do something like this:

resource "azurerm_web_pubsub_hub" "test" {
  name          = "tfex-wpsh"
  web_pubsub_id = azurerm_web_pubsub.web_pubsub_poc.id
  event_handler {
    url_template       = format("https://%s/runtime/webhooks/webpubsub?code=%s", azurerm_function_app.example.default_hostname, data.azurerm_function_app_host_keys.example.webpubsub_extension_key)
    user_event_pattern = "*"
    system_events      = ["connect", "connected", "disconnected"]
  }

  anonymous_connections_enabled = false

}

References

• 14579

[jackofallops]

Hi @asdaandrewhaigh - Thanks for opening this issue. The web_pubsub resources are in a separate Resource Provider to the noted data source, so exposing their data there is something of an anti-pattern. Are you looking to reference the primary/secondary access_key from the azurerm_web_pubsub resource for that string? If so, you already have access to that information via azurerm_web_pubsub.web_pubsub_poc.primary_access_key. (Similarly, the data source for that resource exposes the same for use outside the resource definition config).

Let me know if I've misunderstood, web_pubsub is relatively new to the provider.

[wojciech-czyz-asda]

Hi @jackofallops - you might be right, but according to the documentation of azurerm_function_app_host_keys you do sth very similar to signalr and provide signalr_extension_key_attribute_reference: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/function_app_host_keys

[phisn]

Im currently also in need of this feature. @jackofallops The usage of webpubsub_extension system key in the webpubsub hub event handler is required for azure functions webpubsub bindings as seen in this sample.

[github-actions[bot]]

This functionality has been released in v3.30.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.