How to return function app keys from a terraform module

Question

I am creating a webapp and a function. The web app calls the function. my terraform structure is like this

main.tf
variable.tf
module/webapp
module/function

in the main.tf I call module/function to create the function and then I call module/webapp to create the webapp. I need to provide the function key in the configuration for webpp.

Terraform azurerm provider 2.27.0 has added function keys as a data source. https://github.com/terraform-providers/terraform-provider-azurerm/pull/7902 This is how it is described in terraform documentation. https://www.terraform.io/docs/providers/azurerm/d/function_app_host_keys.html

data "azurerm_function_app_host_keys" "example" {
  name                = "example-function"
  resource_group_name = azurerm_resource_group.example.name
}

How exactly do I return these keys to the main module? I tried the following but it returns the error that follows the code:

resource "azurerm_function_app" "myfunc" {
  name                      = var.function_app
  location                  = var.region
...
  tags                      = var.tags
}

output "hostname" {
  value = azurerm_function_app.actico.default_hostname
}

output "functionkeys" {
  value = azurerm_function_app.actico.azurerm_function_app_host_keys
}

Error: unsupported attribute
This object has no argument, nested block, or exported attribute named
"azurerm_function_app_host_keys".

Another attempt appears more promising. In the main module added a data element, expecting that it will execute after the function has been created and fetch the key. But getting 400 Error.

in main module

data "azurerm_function_app_host_keys" "keymap" {
  name                = var.function_app_name
  resource_group_name = var.resource_group_name

  depends_on = [module.function_app]
}


Error making Read request on AzureRM Function App Hostkeys "FunctionApp": web.AppsClient#ListHostKeys: Failure responding to request: 

StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="BadRequest" Message="Encountered an error (ServiceUnavailable) from host runtime." Details=[{"Message":"Encountered an error (ServiceUnavailable) from host runtime."},{"Code":"BadRequest"},{"ErrorEntity":{"Code":"BadRequest","Message":"Encountered an error 
(ServiceUnavailable) from host runtime."}}]

Thanks,

Tauqir

Answer 1

I did some testing around this and there's two things. It looks like you need to deploy a function or restart the function app for it to generate the keys. If your deploying the function and then try to get the keys, it doesn't seem to wait. There's a delay between the function starting and the keys becoming available. Also there's issues with terraform around this. I had the issue with V12 see #26074.

I've gone back to using a module I wrote (bottom link), this waits for the key to become available.

https://github.com/hashicorp/terraform/issues/26074 https://github.com/eltimmo/terraform-azure-function-app-get-keys

Answer 2

I was able to achieve this by using the lifecycle events of resources that are being created

• depends_on

essentially letting terraform know that first create the resource group and the azure function before trying to pull the keys

resource "azurerm_resource_group" "rg" {
...
}

resource "azurerm_function_app" "app" {
...
}

# wait for the azure resource group and azure function are created.
# i believe that you can wait just for the function and this will work too
data "azurerm_function_app_host_keys" "hostkey" {
  depends_on = [
    azurerm_resource_group.rg,
    azurerm_function_app.app
  ]
...
}