How to return function app keys from a terraform module

Question

I am creating a webapp and a function. The web app calls the function. my terraform structure is like this

main.tf
variable.tf
module/webapp
module/function

in the main.tf I call module/function to create the function and then I call module/webapp to create the webapp. I need to provide the function key in the configuration for webpp.

Terraform azurerm provider 2.27.0 has added function keys as a data source. https://github.com/terraform-providers/terraform-provider-azurerm/pull/7902 This is how it is described in terraform documentation. https://www.terraform.io/docs/providers/azurerm/d/function_app_host_keys.html

data "azurerm_function_app_host_keys" "example" {
  name                = "example-function"
  resource_group_name = azurerm_resource_group.example.name
}

How exactly do I return these keys to the main module? I tried the following but it returns the error that follows the code:

resource "azurerm_function_app" "myfunc" {
  name                      = var.function_app
  location                  = var.region
...
  tags                      = var.tags
}

output "hostname" {
  value = azurerm_function_app.actico.default_hostname
}

output "functionkeys" {
  value = azurerm_function_app.actico.azurerm_function_app_host_keys
}

Error: unsupported attribute
This object has no argument, nested block, or exported attribute named
"azurerm_function_app_host_keys".

Another attempt appears more promising. In the main module added a data element, expecting that it will execute after the function has been created and fetch the key. But getting 400 Error.

in main module

data "azurerm_function_app_host_keys" "keymap" {
  name                = var.function_app_name
  resource_group_name = var.resource_group_name

  depends_on = [module.function_app]
}


Error making Read request on AzureRM Function App Hostkeys "FunctionApp": web.AppsClient#ListHostKeys: Failure responding to request: 

StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="BadRequest" Message="Encountered an error (ServiceUnavailable) from host runtime." Details=[{"Message":"Encountered an error (ServiceUnavailable) from host runtime."},{"Code":"BadRequest"},{"ErrorEntity":{"Code":"BadRequest","Message":"Encountered an error 
(ServiceUnavailable) from host runtime."}}]

Thanks,

Tauqir

"it did not work." its not very specific. How did you use them in main.tf exactly? What error messages did you get? — Marcin
@Tauqir did you solve this? I found that you also receive 400 Bad requests if your Function has been set up to ignore all app settings via the lifecycle system. What else have you put in your function app creation? You can check function status in Azure to see if it has been granted a host key - if it hasn't it is faulted. That was what happened for me. — The Senator

Tim Tharratt Tim Tharratt · Accepted Answer · 2020-11-27T14:13:08

I did some testing around this and there's two things. It looks like you need to deploy a function or restart the function app for it to generate the keys. If your deploying the function and then try to get the keys, it doesn't seem to wait. There's a delay between the function starting and the keys becoming available. Also there's issues with terraform around this. I had the issue with V12 see #26074.

I've gone back to using a module I wrote (bottom link), this waits for the key to become available.

https://github.com/hashicorp/terraform/issues/26074 https://github.com/eltimmo/terraform-azure-function-app-get-keys

How to return function app keys from a terraform module

2 Answers