From 17f094f1318f2dd1124b3d63b7e6bfeedee71690 Mon Sep 17 00:00:00 2001
From: Andrei Alistar <andrei.alistar@genisoft.eu>
Date: Thu, 1 Aug 2024 11:16:56 +0300
Subject: [PATCH] Add SecurityGroupRetrievalStrategy instance setting.

---
 .../Configuration/AppConfigurationKeys.cs      |  7 +++++++
 .../Constants/Data/AppConfiguration.json       |  8 ++++++++
 .../SecurityGroupRetrievalStrategies.cs        | 18 ++++++++++++++++++
 .../Common/Middleware/CallContextMiddleware.cs |  6 ++++--
 .../Configuration/Instance/InstanceSettings.cs | 13 ++++++-------
 5 files changed, 43 insertions(+), 9 deletions(-)
 create mode 100644 src/dotnet/Common/Constants/Instance/SecurityGroupRetrievalStrategies.cs

diff --git a/src/dotnet/Common/Constants/Configuration/AppConfigurationKeys.cs b/src/dotnet/Common/Constants/Configuration/AppConfigurationKeys.cs
index ef0eda53d2..a35402dc7a 100644
--- a/src/dotnet/Common/Constants/Configuration/AppConfigurationKeys.cs
+++ b/src/dotnet/Common/Constants/Configuration/AppConfigurationKeys.cs
@@ -20,6 +20,13 @@ public static class AppConfigurationKeys
         /// </summary>
         public const string FoundationaLLM_Instance_Id =
             "FoundationaLLM:Instance:Id";
+        
+        /// <summary>
+        /// The app configuration key for the FoundationaLLM:Instance:SecurityGroupRetrievalStrategy setting.
+        /// <para>Value description:<br/>The security group retrieval strategy of the FoundationaLLM instance.</para>
+        /// </summary>
+        public const string FoundationaLLM_Instance_SecurityGroupRetrievalStrategy =
+            "FoundationaLLM:Instance:SecurityGroupRetrievalStrategy";
 
         #endregion
 
diff --git a/src/dotnet/Common/Constants/Data/AppConfiguration.json b/src/dotnet/Common/Constants/Data/AppConfiguration.json
index 682d96f3f1..71829d7179 100644
--- a/src/dotnet/Common/Constants/Data/AppConfiguration.json
+++ b/src/dotnet/Common/Constants/Data/AppConfiguration.json
@@ -13,6 +13,14 @@
 				"value": "${env:FOUNDATIONALLM_INSTANCE_ID}",
 				"content_type": "",
 				"first_version": "0.8.0"
+			},
+			{
+				"name": "SecurityGroupRetrievalStrategy",
+				"description": "The security group retrieval strategy of the FoundationaLLM instance.",
+				"secret": "",
+				"value": "IdentityManagementService",
+				"content_type": "",
+				"first_version": "0.8.0"
 			}
 		]
 	},
diff --git a/src/dotnet/Common/Constants/Instance/SecurityGroupRetrievalStrategies.cs b/src/dotnet/Common/Constants/Instance/SecurityGroupRetrievalStrategies.cs
new file mode 100644
index 0000000000..65cf0c09df
--- /dev/null
+++ b/src/dotnet/Common/Constants/Instance/SecurityGroupRetrievalStrategies.cs
@@ -0,0 +1,18 @@
+namespace FoundationaLLM.Common.Constants.Instance
+{
+    /// <summary>
+    /// Security group retrieval strategies for the FoundationaLLM instance.
+    /// </summary>
+    public static class SecurityGroupRetrievalStrategies
+    {
+        /// <summary>
+        /// None.
+        /// </summary>
+        public const string None = "None";
+
+        /// <summary>
+        /// Identity management service.
+        /// </summary>
+        public const string IdentityManagementService = "IdentityManagementService";
+    }
+}
diff --git a/src/dotnet/Common/Middleware/CallContextMiddleware.cs b/src/dotnet/Common/Middleware/CallContextMiddleware.cs
index e5b35a9e0a..317b014974 100644
--- a/src/dotnet/Common/Middleware/CallContextMiddleware.cs
+++ b/src/dotnet/Common/Middleware/CallContextMiddleware.cs
@@ -1,4 +1,5 @@
-using FoundationaLLM.Common.Interfaces;
+using FoundationaLLM.Common.Constants.Instance;
+using FoundationaLLM.Common.Interfaces;
 using FoundationaLLM.Common.Models.Authentication;
 using FoundationaLLM.Common.Models.Configuration.Instance;
 using Microsoft.AspNetCore.Http;
@@ -45,7 +46,8 @@ public async Task InvokeAsync(
                 callContext.CurrentUserIdentity = claimsProviderService.GetUserIdentity(context.User);
 
                 if (callContext.CurrentUserIdentity != null
-                    && !claimsProviderService.IsServicePrincipal(context.User))
+                    && !claimsProviderService.IsServicePrincipal(context.User)
+                    && instanceSettings.Value.SecurityGroupRetrievalStrategy == SecurityGroupRetrievalStrategies.IdentityManagementService)
                 {
                     // We are only expanding group membership for User objects
                     // Service Principal permissions must be assigned directly and not over group membership.
diff --git a/src/dotnet/Common/Models/Configuration/Instance/InstanceSettings.cs b/src/dotnet/Common/Models/Configuration/Instance/InstanceSettings.cs
index 3a302a56a6..b34790ee58 100644
--- a/src/dotnet/Common/Models/Configuration/Instance/InstanceSettings.cs
+++ b/src/dotnet/Common/Models/Configuration/Instance/InstanceSettings.cs
@@ -1,10 +1,4 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-using System.Threading.Tasks;
-
-namespace FoundationaLLM.Common.Models.Configuration.Instance
+namespace FoundationaLLM.Common.Models.Configuration.Instance
 {
     /// <summary>
     /// Provides configuration settings for the current FoundationaLLM deployment instance.
@@ -16,5 +10,10 @@ public class InstanceSettings
         /// Format is a GUID.
         /// </summary>
         public required string Id { get; set; }
+
+        /// <summary>
+        /// The security group retrieval strategy of the FoundationaLLM instance.
+        /// </summary>
+        public string? SecurityGroupRetrievalStrategy { get; set; }
     }
 }