feat(thalos-bff): propagate provider metadata at edge adapters
This commit is contained in:
José René White Enciso
parent
26c6e141c0
commit
cc221eab1a
@ -7,6 +7,8 @@ Keep thalos-bff as an edge adapter layer that consumes thalos-service and adopte
|
|||||||
- Edge contract handling
|
- Edge contract handling
|
||||||
- Service client adaptation
|
- Service client adaptation
|
||||||
- Correlation/tracing propagation
|
- Correlation/tracing propagation
|
||||||
|
- Single active edge protocol policy enforcement (`rest`)
|
||||||
|
- Provider metadata propagation (`InternalJwt`, `AzureAd`, `Google`)
|
||||||
|
|
||||||
## Prohibited
|
## Prohibited
|
||||||
- Direct DAL access
|
- Direct DAL access
|
||||||
|
|||||||
@ -12,13 +12,21 @@ public sealed class IdentityEdgeContractAdapter : IIdentityEdgeContractAdapter
|
|||||||
/// <inheritdoc />
|
/// <inheritdoc />
|
||||||
public EvaluateIdentityPolicyRequest ToPolicyRequest(IssueTokenApiRequest request, string permissionCode)
|
public EvaluateIdentityPolicyRequest ToPolicyRequest(IssueTokenApiRequest request, string permissionCode)
|
||||||
{
|
{
|
||||||
return new EvaluateIdentityPolicyRequest(request.SubjectId, request.TenantId, permissionCode);
|
return new EvaluateIdentityPolicyRequest(
|
||||||
|
request.SubjectId,
|
||||||
|
request.TenantId,
|
||||||
|
permissionCode,
|
||||||
|
request.Provider);
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <inheritdoc />
|
/// <inheritdoc />
|
||||||
public IssueIdentityTokenRequest ToIssueTokenRequest(IssueTokenApiRequest request)
|
public IssueIdentityTokenRequest ToIssueTokenRequest(IssueTokenApiRequest request)
|
||||||
{
|
{
|
||||||
return new IssueIdentityTokenRequest(request.SubjectId, request.TenantId);
|
return new IssueIdentityTokenRequest(
|
||||||
|
request.SubjectId,
|
||||||
|
request.TenantId,
|
||||||
|
request.Provider,
|
||||||
|
request.ExternalToken);
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <inheritdoc />
|
/// <inheritdoc />
|
||||||
@ -30,7 +38,10 @@ public sealed class IdentityEdgeContractAdapter : IIdentityEdgeContractAdapter
|
|||||||
/// <inheritdoc />
|
/// <inheritdoc />
|
||||||
public RefreshIdentitySessionRequest ToRefreshSessionRequest(RefreshSessionApiRequest request)
|
public RefreshIdentitySessionRequest ToRefreshSessionRequest(RefreshSessionApiRequest request)
|
||||||
{
|
{
|
||||||
return new RefreshIdentitySessionRequest(request.RefreshToken, request.CorrelationId);
|
return new RefreshIdentitySessionRequest(
|
||||||
|
request.RefreshToken,
|
||||||
|
request.CorrelationId,
|
||||||
|
request.Provider);
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <inheritdoc />
|
/// <inheritdoc />
|
||||||
|
|||||||
@ -11,12 +11,32 @@ public sealed class IdentityEdgeGrpcContractAdapter : IIdentityEdgeGrpcContractA
|
|||||||
/// <inheritdoc />
|
/// <inheritdoc />
|
||||||
public IssueIdentityTokenGrpcContract ToGrpc(IssueTokenApiRequest request)
|
public IssueIdentityTokenGrpcContract ToGrpc(IssueTokenApiRequest request)
|
||||||
{
|
{
|
||||||
return new IssueIdentityTokenGrpcContract(request.SubjectId, request.TenantId, request.CorrelationId);
|
return new IssueIdentityTokenGrpcContract(
|
||||||
|
request.SubjectId,
|
||||||
|
request.TenantId,
|
||||||
|
request.CorrelationId,
|
||||||
|
request.Provider.ToString(),
|
||||||
|
request.ExternalToken);
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <inheritdoc />
|
/// <inheritdoc />
|
||||||
public IssueTokenApiRequest FromGrpc(IssueIdentityTokenGrpcContract contract)
|
public IssueTokenApiRequest FromGrpc(IssueIdentityTokenGrpcContract contract)
|
||||||
{
|
{
|
||||||
return new IssueTokenApiRequest(contract.SubjectId, contract.TenantId, contract.CorrelationId);
|
return new IssueTokenApiRequest(
|
||||||
|
contract.SubjectId,
|
||||||
|
contract.TenantId,
|
||||||
|
contract.CorrelationId,
|
||||||
|
ParseProvider(contract.Provider),
|
||||||
|
contract.ExternalToken);
|
||||||
|
}
|
||||||
|
|
||||||
|
private static BuildingBlock.Identity.Contracts.Conventions.IdentityAuthProvider ParseProvider(string provider)
|
||||||
|
{
|
||||||
|
return Enum.TryParse<BuildingBlock.Identity.Contracts.Conventions.IdentityAuthProvider>(
|
||||||
|
provider,
|
||||||
|
true,
|
||||||
|
out var parsedProvider)
|
||||||
|
? parsedProvider
|
||||||
|
: BuildingBlock.Identity.Contracts.Conventions.IdentityAuthProvider.InternalJwt;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -6,4 +6,11 @@ namespace Thalos.Bff.Application.Grpc;
|
|||||||
/// <param name="SubjectId">Identity subject identifier.</param>
|
/// <param name="SubjectId">Identity subject identifier.</param>
|
||||||
/// <param name="TenantId">Tenant identifier.</param>
|
/// <param name="TenantId">Tenant identifier.</param>
|
||||||
/// <param name="CorrelationId">Request correlation identifier.</param>
|
/// <param name="CorrelationId">Request correlation identifier.</param>
|
||||||
public sealed record IssueIdentityTokenGrpcContract(string SubjectId, string TenantId, string CorrelationId);
|
/// <param name="Provider">Identity provider.</param>
|
||||||
|
/// <param name="ExternalToken">External provider token when applicable.</param>
|
||||||
|
public sealed record IssueIdentityTokenGrpcContract(
|
||||||
|
string SubjectId,
|
||||||
|
string TenantId,
|
||||||
|
string CorrelationId,
|
||||||
|
string Provider = "InternalJwt",
|
||||||
|
string ExternalToken = "");
|
||||||
|
|||||||
@ -1,3 +1,5 @@
|
|||||||
|
using BuildingBlock.Identity.Contracts.Conventions;
|
||||||
|
|
||||||
namespace Thalos.Bff.Contracts.Api;
|
namespace Thalos.Bff.Contracts.Api;
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
@ -6,4 +8,11 @@ namespace Thalos.Bff.Contracts.Api;
|
|||||||
/// <param name="SubjectId">Identity subject identifier.</param>
|
/// <param name="SubjectId">Identity subject identifier.</param>
|
||||||
/// <param name="TenantId">Tenant identifier.</param>
|
/// <param name="TenantId">Tenant identifier.</param>
|
||||||
/// <param name="CorrelationId">Request correlation identifier.</param>
|
/// <param name="CorrelationId">Request correlation identifier.</param>
|
||||||
public sealed record IssueTokenApiRequest(string SubjectId, string TenantId, string CorrelationId = "");
|
/// <param name="Provider">Identity auth provider.</param>
|
||||||
|
/// <param name="ExternalToken">External provider token when applicable.</param>
|
||||||
|
public sealed record IssueTokenApiRequest(
|
||||||
|
string SubjectId,
|
||||||
|
string TenantId,
|
||||||
|
string CorrelationId = "",
|
||||||
|
IdentityAuthProvider Provider = IdentityAuthProvider.InternalJwt,
|
||||||
|
string ExternalToken = "");
|
||||||
|
|||||||
@ -1,3 +1,5 @@
|
|||||||
|
using BuildingBlock.Identity.Contracts.Conventions;
|
||||||
|
|
||||||
namespace Thalos.Bff.Contracts.Api;
|
namespace Thalos.Bff.Contracts.Api;
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
@ -5,4 +7,8 @@ namespace Thalos.Bff.Contracts.Api;
|
|||||||
/// </summary>
|
/// </summary>
|
||||||
/// <param name="RefreshToken">Refresh token value.</param>
|
/// <param name="RefreshToken">Refresh token value.</param>
|
||||||
/// <param name="CorrelationId">Request correlation identifier.</param>
|
/// <param name="CorrelationId">Request correlation identifier.</param>
|
||||||
public sealed record RefreshSessionApiRequest(string RefreshToken, string CorrelationId = "");
|
/// <param name="Provider">Identity auth provider.</param>
|
||||||
|
public sealed record RefreshSessionApiRequest(
|
||||||
|
string RefreshToken,
|
||||||
|
string CorrelationId = "",
|
||||||
|
IdentityAuthProvider Provider = IdentityAuthProvider.InternalJwt);
|
||||||
|
|||||||
@ -6,5 +6,6 @@
|
|||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<ProjectReference Include="..\..\..\blueprint-platform\src\Core.Blueprint.Common\Core.Blueprint.Common.csproj" />
|
<ProjectReference Include="..\..\..\blueprint-platform\src\Core.Blueprint.Common\Core.Blueprint.Common.csproj" />
|
||||||
|
<ProjectReference Include="..\..\..\building-block-identity\src\BuildingBlock.Identity.Contracts\BuildingBlock.Identity.Contracts.csproj" />
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
</Project>
|
</Project>
|
||||||
|
|||||||
@ -25,7 +25,9 @@ public sealed class ThalosServiceGrpcClientAdapter(
|
|||||||
var grpcRequest = new IssueIdentityTokenGrpcRequest
|
var grpcRequest = new IssueIdentityTokenGrpcRequest
|
||||||
{
|
{
|
||||||
SubjectId = request.SubjectId,
|
SubjectId = request.SubjectId,
|
||||||
TenantId = request.TenantId
|
TenantId = request.TenantId,
|
||||||
|
Provider = request.Provider.ToString(),
|
||||||
|
ExternalToken = request.ExternalToken
|
||||||
};
|
};
|
||||||
|
|
||||||
var grpcResponse = await grpcClient.IssueIdentityTokenAsync(
|
var grpcResponse = await grpcClient.IssueIdentityTokenAsync(
|
||||||
@ -43,7 +45,8 @@ public sealed class ThalosServiceGrpcClientAdapter(
|
|||||||
{
|
{
|
||||||
SubjectId = request.SubjectId,
|
SubjectId = request.SubjectId,
|
||||||
TenantId = request.TenantId,
|
TenantId = request.TenantId,
|
||||||
PermissionCode = request.PermissionCode
|
PermissionCode = request.PermissionCode,
|
||||||
|
Provider = request.Provider.ToString()
|
||||||
};
|
};
|
||||||
|
|
||||||
var grpcResponse = await grpcClient.EvaluateIdentityPolicyAsync(
|
var grpcResponse = await grpcClient.EvaluateIdentityPolicyAsync(
|
||||||
@ -63,7 +66,8 @@ public sealed class ThalosServiceGrpcClientAdapter(
|
|||||||
var grpcRequest = new IssueIdentityTokenGrpcRequest
|
var grpcRequest = new IssueIdentityTokenGrpcRequest
|
||||||
{
|
{
|
||||||
SubjectId = request.RefreshToken,
|
SubjectId = request.RefreshToken,
|
||||||
TenantId = refreshTenantId
|
TenantId = refreshTenantId,
|
||||||
|
Provider = request.Provider.ToString()
|
||||||
};
|
};
|
||||||
|
|
||||||
var grpcResponse = await grpcClient.IssueIdentityTokenAsync(
|
var grpcResponse = await grpcClient.IssueIdentityTokenAsync(
|
||||||
|
|||||||
@ -11,6 +11,12 @@ using Thalos.Service.Grpc;
|
|||||||
const string CorrelationHeaderName = "x-correlation-id";
|
const string CorrelationHeaderName = "x-correlation-id";
|
||||||
|
|
||||||
var builder = WebApplication.CreateBuilder(args);
|
var builder = WebApplication.CreateBuilder(args);
|
||||||
|
var edgeProtocol = builder.Configuration["ThalosBff:EdgeProtocol"] ?? "rest";
|
||||||
|
if (!string.Equals(edgeProtocol, "rest", StringComparison.OrdinalIgnoreCase))
|
||||||
|
{
|
||||||
|
throw new InvalidOperationException(
|
||||||
|
$"Thalos BFF supports one active edge protocol per deployment. Configured: '{edgeProtocol}'. Expected: 'rest'.");
|
||||||
|
}
|
||||||
|
|
||||||
builder.Services.AddHttpContextAccessor();
|
builder.Services.AddHttpContextAccessor();
|
||||||
builder.Services.AddHealthChecks();
|
builder.Services.AddHealthChecks();
|
||||||
|
|||||||
@ -1,4 +1,5 @@
|
|||||||
using Core.Blueprint.Common.Contracts;
|
using Core.Blueprint.Common.Contracts;
|
||||||
|
using BuildingBlock.Identity.Contracts.Conventions;
|
||||||
using Thalos.Bff.Contracts.Api;
|
using Thalos.Bff.Contracts.Api;
|
||||||
using Thalos.Bff.Contracts.Conventions;
|
using Thalos.Bff.Contracts.Conventions;
|
||||||
|
|
||||||
@ -14,6 +15,7 @@ public class ContractShapeTests
|
|||||||
Assert.Equal("user-1", request.SubjectId);
|
Assert.Equal("user-1", request.SubjectId);
|
||||||
Assert.Equal("tenant-1", request.TenantId);
|
Assert.Equal("tenant-1", request.TenantId);
|
||||||
Assert.Equal("corr-123", request.CorrelationId);
|
Assert.Equal("corr-123", request.CorrelationId);
|
||||||
|
Assert.Equal(IdentityAuthProvider.InternalJwt, request.Provider);
|
||||||
}
|
}
|
||||||
|
|
||||||
[Fact]
|
[Fact]
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user