[PM-5645] Cosmos DB Grant Storage (#3634)

* table storage grants * simple shard on storage accounts * use is not * cosmos grant repo * remove single storage connection string * some fixes to dapper grant repo * pattern matching * add fallback to base PersistedGrantStore * service collection extension cleanup * cleanup * remove unused Id * empty string rowkey * fix sharding method logic * ttl for cosmos * make ttl an int * fixes to cosmos implementation * fix partition key values * catch notfound exceptions * indenting * update grantitem with custom serialization * use new transform helpers * grantloader perf test tool * ref * remove grant loader project * remove table storage implementation * remove table storage stuff * all redis fallback to build to null * revert sln file change * EOF new line * remove trailing comma * lint fixes * add grant to names * move cosmos serilaizer to utils * add some .net 8 keyed service comments * EnableContentResponseOnWrite * Fix type in EF grant repository
2025-12-27 05:33:17 +00:00 · 2024-01-10 07:59:16 -05:00
parent 03cbc7983b
commit a6db79f613
15 changed files with 411 additions and 66 deletions
--- a/src/Identity/Utilities/ServiceCollectionExtensions.cs
+++ b/src/Identity/Utilities/ServiceCollectionExtensions.cs
@@ -1,4 +1,5 @@
-using Bit.Core.IdentityServer;
+using Bit.Core.Auth.Repositories;
+using Bit.Core.IdentityServer;
 using Bit.Core.Settings;
 using Bit.Core.Utilities;
 using Bit.Identity.IdentityServer;
@@ -51,31 +52,58 @@ public static class ServiceCollectionExtensions
            .AddIdentityServerCertificate(env, globalSettings)
            .AddExtensionGrantValidator<WebAuthnGrantValidator>();

-        if (CoreHelpers.SettingHasValue(globalSettings.IdentityServer.RedisConnectionString))
+        if (CoreHelpers.SettingHasValue(globalSettings.IdentityServer.CosmosConnectionString))
        {
-            // If we have redis, prefer it
-
-            // Add the original persisted grant store via it's implementation type
-            // so we can inject it right after.
-            services.AddSingleton<PersistedGrantStore>();
-
-            services.AddSingleton<IPersistedGrantStore>(sp =>
-            {
-                return new RedisPersistedGrantStore(
-                    // TODO: .NET 8 create a keyed service for this connection multiplexer and even PersistedGrantStore
-                    ConnectionMultiplexer.Connect(globalSettings.IdentityServer.RedisConnectionString),
-                    sp.GetRequiredService<ILogger<RedisPersistedGrantStore>>(),
-                    sp.GetRequiredService<PersistedGrantStore>() // Fallback grant store
-                );
-            });
+            services.AddSingleton<IPersistedGrantStore>(sp => BuildCosmosGrantStore(sp, globalSettings));
+        }
+        else if (CoreHelpers.SettingHasValue(globalSettings.IdentityServer.RedisConnectionString))
+        {
+            services.AddSingleton<IPersistedGrantStore>(sp => BuildRedisGrantStore(sp, globalSettings));
        }
        else
        {
-            // Use the original grant store
-            identityServerBuilder.AddPersistedGrantStore<PersistedGrantStore>();
+            services.AddTransient<IPersistedGrantStore>(sp => BuildSqlGrantStore(sp));
        }

        services.AddTransient<ICorsPolicyService, CustomCorsPolicyService>();
        return identityServerBuilder;
    }
+
+    private static PersistedGrantStore BuildCosmosGrantStore(IServiceProvider sp, GlobalSettings globalSettings)
+    {
+        if (!CoreHelpers.SettingHasValue(globalSettings.IdentityServer.CosmosConnectionString))
+        {
+            throw new ArgumentException("No cosmos config string available.");
+        }
+        return new PersistedGrantStore(
+            // TODO: Perhaps we want to evaluate moving this repo to DI as a keyed service singleton in .NET 8
+            new Core.Auth.Repositories.Cosmos.GrantRepository(globalSettings),
+            g => new Core.Auth.Models.Data.GrantItem(g),
+            fallbackGrantStore: BuildRedisGrantStore(sp, globalSettings, true));
+    }
+
+    private static RedisPersistedGrantStore BuildRedisGrantStore(IServiceProvider sp,
+        GlobalSettings globalSettings, bool allowNull = false)
+    {
+        if (!CoreHelpers.SettingHasValue(globalSettings.IdentityServer.RedisConnectionString))
+        {
+            if (allowNull)
+            {
+                return null;
+            }
+            throw new ArgumentException("No redis config string available.");
+        }
+
+        return new RedisPersistedGrantStore(
+            // TODO: .NET 8 create a keyed service for this connection multiplexer and even PersistedGrantStore
+            ConnectionMultiplexer.Connect(globalSettings.IdentityServer.RedisConnectionString),
+            sp.GetRequiredService<ILogger<RedisPersistedGrantStore>>(),
+            fallbackGrantStore: BuildSqlGrantStore(sp));
+    }
+
+    private static PersistedGrantStore BuildSqlGrantStore(IServiceProvider sp)
+    {
+        return new PersistedGrantStore(sp.GetRequiredService<IGrantRepository>(),
+            g => new Core.Auth.Entities.Grant(g));
+    }
 }