resolving comments

sezalchug · sezalchug · commit 7bad17f37fc4 · 2025-04-03T18:18:30.000+05:30
diff --git a/src/Config/Converters/RuntimeHealthOptionsConvertorFactory.cs b/src/Config/Converters/RuntimeHealthOptionsConvertorFactory.cs
@@ -53,7 +53,7 @@ internal HealthCheckOptionsConverter(bool replaceEnvVar)
             if (reader.TokenType is JsonTokenType.StartObject)
             {
                 bool? enabled = null;
-                List<string>? roles = null;
+                HashSet<string>? roles = null;
 
                 while (reader.Read())
                 {
@@ -80,7 +80,7 @@ internal HealthCheckOptionsConverter(bool replaceEnvVar)
                                 // Check if the token type is an array
                                 if (reader.TokenType == JsonTokenType.StartArray)
                                 {
-                                    List<string> stringList = new();
+                                    HashSet<string> stringList = new();
 
                                     // Read the array elements one by one
                                     while (reader.Read() && reader.TokenType != JsonTokenType.EndArray)
diff --git a/src/Config/HealthCheck/RuntimeHealthCheckConfig.cs b/src/Config/HealthCheck/RuntimeHealthCheckConfig.cs
@@ -8,7 +8,7 @@ public record RuntimeHealthCheckConfig : HealthCheckConfig
     // TODO: Add support for caching in upcoming PRs
     // public int cache-ttl-seconds { get; set; };
 
-    public List<string>? Roles { get; set; }
+    public HashSet<string>? Roles { get; set; }
 
     // TODO: Add support for parallel stream to run the health check query in upcoming PRs
     // public int MaxDop { get; set; } = 1; // Parallelized streams to run Health Check (Default: 1)
@@ -17,7 +17,7 @@ public RuntimeHealthCheckConfig() : base()
     {
     }
 
-    public RuntimeHealthCheckConfig(bool? Enabled, List<string>? Roles = null) : base(Enabled)
+    public RuntimeHealthCheckConfig(bool? Enabled, HashSet<string>? Roles = null) : base(Enabled)
     {
         this.Roles = Roles;
     }
diff --git a/src/Config/ObjectModel/RuntimeConfig.cs b/src/Config/ObjectModel/RuntimeConfig.cs
@@ -151,8 +151,8 @@ Runtime.GraphQL is not null &&
         Runtime.GraphQL.EnableAggregation;
 
     [JsonIgnore]
-    public List<string> AllowedRolesForHealth =>
-        Runtime?.Health?.Roles ?? new List<string>();
+    public HashSet<string> AllowedRolesForHealth =>
+        Runtime?.Health?.Roles ?? new HashSet<string>();
 
     private Dictionary<string, DataSource> _dataSourceNameToDataSource;
 
diff --git a/src/Service.Tests/Configuration/HealthEndpointRolesTests.cs b/src/Service.Tests/Configuration/HealthEndpointRolesTests.cs
@@ -114,7 +114,7 @@ private static void CreateCustomConfigFile(Dictionary<string, Entity> entityMap,
                 Schema: string.Empty,
                 DataSource: dataSource,
                 Runtime: new(
-                    Health: new(Enabled: true, Roles: role != null ? new List<string> { role } : null),
+                    Health: new(Enabled: true, Roles: role != null ? new HashSet<string> { role } : null),
                     Rest: new(Enabled: true),
                     GraphQL: new(Enabled: true),
                     Host: hostOptions
diff --git a/src/Service/HealthCheck/ComprehensiveHealthReportResponseWriter.cs b/src/Service/HealthCheck/ComprehensiveHealthReportResponseWriter.cs
@@ -69,34 +69,25 @@ public Task WriteResponse(HttpContext context)
             // Global comprehensive Health Check Enabled
             if (config.IsHealthEnabled)
             {
-                _healthCheckHelper.UpdateIncomingRoleHeader(context);
+                _healthCheckHelper.StoreIncomingRoleHeader(context);
                 if (!_healthCheckHelper.IsUserAllowedToAccessHealthCheck(context, config.IsDevelopmentMode(), config.AllowedRolesForHealth))
                 {
-                    LogTrace("Comprehensive Health Check Report is not allowed: 403 Forbidden due to insufficient permissions.");
+                    _logger.LogError("Comprehensive Health Check Report is not allowed: 403 Forbidden due to insufficient permissions.");
                     context.Response.StatusCode = StatusCodes.Status403Forbidden;
                     return context.Response.CompleteAsync();
                 }
 
                 ComprehensiveHealthCheckReport dabHealthCheckReport = _healthCheckHelper.GetHealthCheckResponse(context, config);
                 string response = JsonSerializer.Serialize(dabHealthCheckReport, options: new JsonSerializerOptions { WriteIndented = true, DefaultIgnoreCondition = System.Text.Json.Serialization.JsonIgnoreCondition.WhenWritingNull });
-                LogTrace($"Health check response writer writing status as: {dabHealthCheckReport.Status}");
+                _logger.LogTrace($"Health check response writer writing status as: {dabHealthCheckReport.Status}");
                 return context.Response.WriteAsync(response);
             }
             else
             {
-                LogTrace("Comprehensive Health Check Report Not Found: 404 Not Found.");
+                _logger.LogError("Comprehensive Health Check Report Not Found: 404 Not Found.");
                 context.Response.StatusCode = StatusCodes.Status404NotFound;
                 return context.Response.CompleteAsync();
             }
         }
-
-        /// <summary>
-        /// Logs a trace message if a logger is present and the logger is enabled for trace events.
-        /// </summary>
-        /// <param name="message">Message to emit.</param>
-        private void LogTrace(string message)
-        {
-            _logger.LogTrace(message);
-        }
     }
 }
diff --git a/src/Service/HealthCheck/HealthCheckHelper.cs b/src/Service/HealthCheck/HealthCheckHelper.cs
@@ -1,6 +1,7 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
+using System;
 using System.Collections.Generic;
 using System.Diagnostics;
 using System.Linq;
@@ -62,11 +63,17 @@ public ComprehensiveHealthCheckReport GetHealthCheckResponse(HttpContext context
         }
 
         // Updates the incoming role header with the appropriate value from the request headers.
-        public void UpdateIncomingRoleHeader(HttpContext httpContext)
+        public void StoreIncomingRoleHeader(HttpContext httpContext)
         {
             StringValues clientRoleHeader = httpContext.Request.Headers[AuthorizationResolver.CLIENT_ROLE_HEADER];
             StringValues clientTokenHeader = httpContext.Request.Headers[AuthenticationOptions.CLIENT_PRINCIPAL_HEADER];
 
+            if (clientRoleHeader.Count > 1 || clientTokenHeader.Count > 1)
+            {
+                throw new ArgumentException("Multiple values for the client role or token header are not allowed.");
+            }
+
+            // Role Header is not present in the request, set it to anonymous.
             if (clientRoleHeader.Count == 1)
             {
                 _incomingRoleHeader = clientRoleHeader.ToString().ToLowerInvariant();
@@ -82,7 +89,7 @@ public void UpdateIncomingRoleHeader(HttpContext httpContext)
         /// <param name="hostMode">Compare with the HostMode of DAB</param>
         /// <param name="allowedRoles">AllowedRoles in the Runtime.Health config</param>
         /// <returns></returns>
-        public bool IsUserAllowedToAccessHealthCheck(HttpContext httpContext, bool isDevelopmentMode, List<string> allowedRoles)
+        public bool IsUserAllowedToAccessHealthCheck(HttpContext httpContext, bool isDevelopmentMode, HashSet<string> allowedRoles)
         {
             if (allowedRoles == null || allowedRoles.Count == 0)
             {
diff --git a/src/Service/HealthCheck/HttpUtilities.cs b/src/Service/HealthCheck/HttpUtilities.cs
@@ -106,7 +106,7 @@ public void ConfigureApiRoute(HttpContext httpContext)
                     // Send a GET request to the API
                     apiRoute = $"{apiRoute}{Utilities.CreateHttpRestQuery(entityName, first)}";
                     HttpRequestMessage message = new(method: HttpMethod.Get, requestUri: apiRoute);
-                    if (string.IsNullOrEmpty(incomingRoleToken) && string.IsNullOrEmpty(incomingRoleHeader))
+                    if (!(string.IsNullOrEmpty(incomingRoleToken) && string.IsNullOrEmpty(incomingRoleHeader)))
                     {
                         message.Headers.Add(AuthenticationOptions.CLIENT_PRINCIPAL_HEADER, incomingRoleToken);
                         message.Headers.Add(AuthorizationResolver.CLIENT_ROLE_HEADER, incomingRoleHeader);
@@ -168,7 +168,7 @@ public void ConfigureApiRoute(HttpContext httpContext)
                             Content = content
                         };
 
-                        if (string.IsNullOrEmpty(incomingRoleToken) && string.IsNullOrEmpty(incomingRoleHeader))
+                        if (!(string.IsNullOrEmpty(incomingRoleToken) && string.IsNullOrEmpty(incomingRoleHeader)))
                         {
                             message.Headers.Add(AuthenticationOptions.CLIENT_PRINCIPAL_HEADER, incomingRoleToken);
                             message.Headers.Add(AuthorizationResolver.CLIENT_ROLE_HEADER, incomingRoleHeader);

Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ internal HealthCheckOptionsConverter(bool replaceEnvVar)`
`53`	`53`	`if (reader.TokenType is JsonTokenType.StartObject)`
`54`	`54`	`{`
`55`	`55`	`bool? enabled = null;`
`56`		`- List<string>? roles = null;`
	`56`	`+ HashSet<string>? roles = null;`
`57`	`57`
`58`	`58`	`while (reader.Read())`
`59`	`59`	`{`
`@@ -80,7 +80,7 @@ internal HealthCheckOptionsConverter(bool replaceEnvVar)`
`80`	`80`	`// Check if the token type is an array`
`81`	`81`	`if (reader.TokenType == JsonTokenType.StartArray)`
`82`	`82`	`{`
`83`		`- List<string> stringList = new();`
	`83`	`+ HashSet<string> stringList = new();`
`84`	`84`
`85`	`85`	`// Read the array elements one by one`
`86`	`86`	`while (reader.Read() && reader.TokenType != JsonTokenType.EndArray)`
Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@ public record RuntimeHealthCheckConfig : HealthCheckConfig`
`8`	`8`	`// TODO: Add support for caching in upcoming PRs`
`9`	`9`	`// public int cache-ttl-seconds { get; set; };`
`10`	`10`
`11`		`- public List<string>? Roles { get; set; }`
	`11`	`+ public HashSet<string>? Roles { get; set; }`
`12`	`12`
`13`	`13`	`// TODO: Add support for parallel stream to run the health check query in upcoming PRs`
`14`	`14`	`// public int MaxDop { get; set; } = 1; // Parallelized streams to run Health Check (Default: 1)`
`@@ -17,7 +17,7 @@ public RuntimeHealthCheckConfig() : base()`
`17`	`17`	`{`
`18`	`18`	`}`
`19`	`19`
`20`		`- public RuntimeHealthCheckConfig(bool? Enabled, List<string>? Roles = null) : base(Enabled)`
	`20`	`+ public RuntimeHealthCheckConfig(bool? Enabled, HashSet<string>? Roles = null) : base(Enabled)`
`21`	`21`	`{`
`22`	`22`	`this.Roles = Roles;`
`23`	`23`	`}`
Original file line number	Diff line number	Diff line change
`@@ -69,34 +69,25 @@ public Task WriteResponse(HttpContext context)`
`69`	`69`	`// Global comprehensive Health Check Enabled`
`70`	`70`	`if (config.IsHealthEnabled)`
`71`	`71`	`{`
`72`		`- _healthCheckHelper.UpdateIncomingRoleHeader(context);`
	`72`	`+ _healthCheckHelper.StoreIncomingRoleHeader(context);`
`73`	`73`	`if (!_healthCheckHelper.IsUserAllowedToAccessHealthCheck(context, config.IsDevelopmentMode(), config.AllowedRolesForHealth))`
`74`	`74`	`{`
`75`		`- LogTrace("Comprehensive Health Check Report is not allowed: 403 Forbidden due to insufficient permissions.");`
	`75`	`+ _logger.LogError("Comprehensive Health Check Report is not allowed: 403 Forbidden due to insufficient permissions.");`
`76`	`76`	`context.Response.StatusCode = StatusCodes.Status403Forbidden;`
`77`	`77`	`return context.Response.CompleteAsync();`
`78`	`78`	`}`
`79`	`79`
`80`	`80`	`ComprehensiveHealthCheckReport dabHealthCheckReport = _healthCheckHelper.GetHealthCheckResponse(context, config);`
`81`	`81`	`string response = JsonSerializer.Serialize(dabHealthCheckReport, options: new JsonSerializerOptions { WriteIndented = true, DefaultIgnoreCondition = System.Text.Json.Serialization.JsonIgnoreCondition.WhenWritingNull });`
`82`		`- LogTrace($"Health check response writer writing status as: {dabHealthCheckReport.Status}");`
	`82`	`+ _logger.LogTrace($"Health check response writer writing status as: {dabHealthCheckReport.Status}");`
`83`	`83`	`return context.Response.WriteAsync(response);`
`84`	`84`	`}`
`85`	`85`	`else`
`86`	`86`	`{`
`87`		`- LogTrace("Comprehensive Health Check Report Not Found: 404 Not Found.");`
	`87`	`+ _logger.LogError("Comprehensive Health Check Report Not Found: 404 Not Found.");`
`88`	`88`	`context.Response.StatusCode = StatusCodes.Status404NotFound;`
`89`	`89`	`return context.Response.CompleteAsync();`
`90`	`90`	`}`
`91`	`91`	`}`
`92`		`-`
`93`		`- /// <summary>`
`94`		`- /// Logs a trace message if a logger is present and the logger is enabled for trace events.`
`95`		`- /// </summary>`
`96`		`- /// <param name="message">Message to emit.</param>`
`97`		`- private void LogTrace(string message)`
`98`		`- {`
`99`		`- _logger.LogTrace(message);`
`100`		`- }`
`101`	`92`	`}`
`102`	`93`	`}`