Merge pull request #1312 from solliancenet/aa-instance-settings

src/dotnet/Common/Constants/Configuration/AppConfigurationKeys.cs

@@ -20,6 +20,13 @@ public static class AppConfigurationKeys
         /// </summary>
         public const string FoundationaLLM_Instance_Id =
             "FoundationaLLM:Instance:Id";
+
+        /// <summary>
+        /// The app configuration key for the FoundationaLLM:Instance:SecurityGroupRetrievalStrategy setting.
+        /// <para>Value description:<br/>The security group retrieval strategy of the FoundationaLLM instance.</para>
+        /// </summary>
+        public const string FoundationaLLM_Instance_SecurityGroupRetrievalStrategy =
+            "FoundationaLLM:Instance:SecurityGroupRetrievalStrategy";
 
         #endregion
 

src/dotnet/Common/Constants/Data/AppConfiguration.json

@@ -13,6 +13,14 @@
 				"value": "${env:FOUNDATIONALLM_INSTANCE_ID}",
 				"content_type": "",
 				"first_version": "0.8.0"
+			},
+			{
+				"name": "SecurityGroupRetrievalStrategy",
+				"description": "The security group retrieval strategy of the FoundationaLLM instance.",
+				"secret": "",
+				"value": "IdentityManagementService",
+				"content_type": "",
+				"first_version": "0.8.0"
 			}
 		]
 	},

src/dotnet/Common/Constants/Instance/SecurityGroupRetrievalStrategies.cs

@@ -0,0 +1,18 @@
+namespace FoundationaLLM.Common.Constants.Instance
+{
+    /// <summary>
+    /// Security group retrieval strategies for the FoundationaLLM instance.
+    /// </summary>
+    public static class SecurityGroupRetrievalStrategies
+    {
+        /// <summary>
+        /// None.
+        /// </summary>
+        public const string None = "None";
+
+        /// <summary>
+        /// Identity management service.
+        /// </summary>
+        public const string IdentityManagementService = "IdentityManagementService";
+    }
+}

src/dotnet/Common/Middleware/CallContextMiddleware.cs

@@ -1,4 +1,5 @@
-using FoundationaLLM.Common.Interfaces;
+using FoundationaLLM.Common.Constants.Instance;
+using FoundationaLLM.Common.Interfaces;
 using FoundationaLLM.Common.Models.Authentication;
 using FoundationaLLM.Common.Models.Configuration.Instance;
 using Microsoft.AspNetCore.Http;
@@ -45,7 +46,8 @@ public async Task InvokeAsync(
                 callContext.CurrentUserIdentity = claimsProviderService.GetUserIdentity(context.User);
 
                 if (callContext.CurrentUserIdentity != null
-                    && !claimsProviderService.IsServicePrincipal(context.User))
+                    && !claimsProviderService.IsServicePrincipal(context.User)
+                    && instanceSettings.Value.SecurityGroupRetrievalStrategy == SecurityGroupRetrievalStrategies.IdentityManagementService)
                 {
                     // We are only expanding group membership for User objects
                     // Service Principal permissions must be assigned directly and not over group membership.

src/dotnet/Common/Models/Configuration/Instance/InstanceSettings.cs

@@ -1,10 +1,4 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-using System.Threading.Tasks;
-
-namespace FoundationaLLM.Common.Models.Configuration.Instance
+namespace FoundationaLLM.Common.Models.Configuration.Instance
 {
     /// <summary>
     /// Provides configuration settings for the current FoundationaLLM deployment instance.
@@ -16,5 +10,10 @@ public class InstanceSettings
         /// Format is a GUID.
         /// </summary>
         public required string Id { get; set; }
+
+        /// <summary>
+        /// The security group retrieval strategy of the FoundationaLLM instance.
+        /// </summary>
+        public string? SecurityGroupRetrievalStrategy { get; set; }
     }
 }