Fix: [Functions][Kubernetes]SyncTrigger issue

[TsuyoshiUshio]

I open this PR for sharing / discussing the design of the fix.
@pragnagopa @divyagandhisethi @ahmelsayed @cgillum

On the Kudu Lite Side, We found these issues.

SSL Connection issue when we call SyncTrigger API from Azure Functions Host

That is caused when the API access to the Kubernetes API, however, the HTTP Client
doesn't refer to the /var/run/secrets/kubernetes.io/serviceaccount/ca.crt.

We have three ways to fix.

1. Add HttpClientHandler for accepting Self-Signed-Certificate
2. Add HttpClientHandler for implementing a custom ca.cert validation.
3. Include the ca.cert when BuildServer startup cp /var/run/secrets/kubernetes.io/serviceaccount/ca.crt /usr/local/share/ca-certificates/ && update-ca-certificates.

Since the ca.crt is mounted and it is possible that is updated, so that the second solution is the best, however, IMO, we can fix the first one for a while and create a new issue for 2 might be the best.

Wrong URL name

The correct secret name is functionApp-secrets. There are the following secrets are found. Probably, functionApp-encryption-secrets is old one. functionApp-secrets contains more information.

$ kubectl get secrets
tsushiququecon1901                                     Opaque                                2      4d4h
tsushiququecon1901-encryptionkey-secrets               Opaque                                1      4d4h
tsushiququecon1901-keys                                Opaque                                2      4d4h
tsushiququecon1901-secrets                             Opaque                                12     4d4h
tsushiququecon1901-token-84s6f                         kubernetes.io/service-account-token   3      4d4h

token validation fails

The token validation fails, because of the Decryption using the different logic with Azure Functions Host. I change it to use the same logic as Azure Functions Host.

Sync Trigger Payload is not what is expected.

Current Code, It assume that the payload will be an array of the following.

            string jsonText = @"
            {
                ""functionName"": ""f1"",
                ""bindings"": [{
                    ""type"": ""eventGridTrigger"",
                    ""methods"": [""GET""],
                    ""authLevel"": ""anonymous""
                }]
            }";

However, the sync trigger payload that is coming from Azure Functions Host is

{
    "triggers": [
        {
            "name": "myQueueItem",
            "type": "queueTrigger",
            "direction": "in",
            "queueName": "js-queue-items",
            "connection": "AzureWebJobsStorage",
            "functionName": "QueueTrigger"
        }
    ],
    "functions": [
        {
            "name": "QueueTrigger",
            "script_root_path_href": "https://tsushiququecon1901.limaarcncsenv19--k53aemd.northcentralusstage.k4apps.io/admin/vfs/home/site/wwwroot/QueueTrigger/",
            "script_href": "https://tsushiququecon1901.limaarcncsenv19--k53aemd.northcentralusstage.k4apps.io/admin/vfs/home/site/wwwroot/QueueTrigger/index.js",
            "config_href": "https://tsushiququecon1901.limaarcncsenv19--k53aemd.northcentralusstage.k4apps.io/admin/vfs/home/site/wwwroot/QueueTrigger/function.json",
            "test_data_href": "https://tsushiququecon1901.limaarcncsenv19--k53aemd.northcentralusstage.k4apps.io/admin/vfs/tmp/FunctionsData/QueueTrigger.dat",
            "href": "https://tsushiququecon1901.limaarcncsenv19--k53aemd.northcentralusstage.k4apps.io/admin/functions/QueueTrigger",
            "invoke_url_template": null,
            "language": "node",
            "config": {
                "bindings": [
                    {
                        "name": "myQueueItem",
                        "type": "queueTrigger",
                        "direction": "in",
                        "queueName": "js-queue-items",
                        "connection": "AzureWebJobsStorage"
                    }
                ]
            },
            "files": null,
            "test_data": "",
            "isDisabled": false,
            "isDirect": false,
            "isProxy": false
        }
    ]
}

I create a transformation logic simply convert from the triggers.

Durable Functions / Logic Apps Usage requires host.json information

Durable Functions / Logic Apps Transformation requires host.json information. It is ok for zip deploy, however, for sync trigger scenario with container app, there is no host.json information on the SyncTrigger payload.
We need to update the Azure Functions Host for enabling it.

KuduLite/Kudu.Core/Functions/KedaFunctionTriggerProvider.cs

Line 252 in a17a854

JObject storageProviderConfig = hostJson.SelectToken(durableStorageProviderPath) as JObject;

Logging

Currently, I use Console.WriteLine for the debugging. However, we should use ITracer However, it doesn't show something. Do we need to configure it? I'll remove the Console.WriteLine before migrating to the PullRequest.

[cgillum]

Not just Durable Functions - Logic Apps also requires host.json: https://github.com/Azure-App-Service/KuduLite/pull/196/files

[TsuyoshiUshio]

Thank you @cgillum I updated the description.

[ahmelsayed]

are these Console.WriteLine needed? Can they use a logger of some sort?

[TsuyoshiUshio]

Thank you @ahmelsayed This line is just for temporary debugging, However, I'd like to use Logger.
I found ITracer is injected, so that I tried to use it, However, it doesn't show anything on the console log. Do you know why it doesn't show the console log? Do we need to configure for it?

[pragnagopa]

Are you referring to ILogger ? If yes, you need to explicitly add console logging provider - https://docs.microsoft.com/en-us/aspnet/core/fundamentals/logging/?view=aspnetcore-5.0

[TsuyoshiUshio]

As we discussed on the standup, I remove the Console logs.
I'll update the logs for production on this issue. #202

[pragnagopa]

Host issue: Azure/azure-functions-host#7382

[TsuyoshiUshio]

Hi @pragnagopa @ahmelsayed
I update the PR and remove the draft.
I tested on the latest build and see the transformation happens when I send a rest request from a function host container.

TODO:
For the fix of the Durable Functions, I'll create a new PR after I create a PR of the functions host first.

[ahmelsayed]

Should this be a POST https://github.com/TsuyoshiUshio/KuduLite/blob/4281694bee2ed02ae99398912759708daabe5dea/Kudu.Services.Web/Startup.cs#L684

In the runtime: https://github.com/Azure/azure-functions-host/blob/d831b969dcd3c8ed6a6949b82329b0db7ababf12/src/WebJobs.Script.WebHost/Management/FunctionsSyncManager.cs#L561-L585

[TsuyoshiUshio]

Hi @ahmelsayed
I update the API to the POST. Looks good?

[ahmelsayed]

Does it not need to change in Startup.cs? if this works, then it's fine, I'm not sure what order aspnet core loads these in.

[TsuyoshiUshio]

HI @ahmelsayed
Good point. I'll change it as well and test it if it works.

[TsuyoshiUshio]

Hi @ahmelsayed
I tested this branch and send POST request. I can see the transformation by this request from Azure Functions Host pod.

[pragnagopa]

👍