#585 #2316 Authentication global configuration (#2336)

* Delete AuthenticationOptionsBuilder
* Properly deprecate the AuthenticationProviderKey property in models
* Redesign models to support global AuthenticationOptions
* Delete RouteOptionsBuilder
* Remove RouteOptions configuration model and take IRouteOptionsCreator out of DI container
* Relocate the middleware to the higher-level namespace
* Stabilizing tests after refactoring, aka taking out the trash from codebase
* Implement global configuration feature
* Relocate AuthorizationMiddleware to the higher-level namespace
* Review DownstreamUrlCreatorMiddleware
* Improve code coverage
* Code review by @ggnaegi
* Relocate unit testing files to the Auth folder
* Unit tests for AuthenticationOptionsCreator after refactoring
* Initial version of the Administration feat without IdentityServer4
* Turn acceptance testing back on for Authentication and Authorization using custom JWT signing
* Code review by @RaynaldM
* Acceptance tests for static routes
* Bump Ocelot.Testing pack to 24.0.3-beta.3
* Acceptance tests for dynamic routes
* Relocate ClaimsParser to a higher-level namespace
* Review infrastructure extensions and improve code coverage
* Update docs

Author: raman-m

docs/features/authentication.rst

@@ -104,7 +104,7 @@ Finally, in order to use caching on a route in your route configuration add thes
 * Finally, ``EnableContentHashing`` is disabled due to the current route using the ``GET`` verb, which does not include a request body.
 
 .. _24.1: https://github.com/ThreeMammals/Ocelot/releases/tag/24.1.0
-.. _25.0: https://github.com/ThreeMammals/Ocelot/milestone/12
+.. _25.0: https://github.com/ThreeMammals/Ocelot/milestone/13
 .. warning::
   According to the static :ref:`config-route-schema`, the ``FileCacheOptions`` section has been deprecated!
 

docs/features/caching.rst

@@ -122,6 +122,7 @@ Here is the complete dynamic route configuration, also known as the *"dynamic ro
 .. code-block:: json
 
     {
+      "AuthenticationOptions": {},
       "CacheOptions": {},
       "DownstreamHttpVersion": "",
       "DownstreamHttpVersionPolicy": "",
@@ -142,7 +143,7 @@ The actual dynamic route schema with all the properties can be found in the C# `
   Use ``RateLimitOptions`` instead of ``RateLimitRule``! Note that ``RateLimitRule`` will be removed in version `25.0`_!
   For backward compatibility in version `24.1`_, the ``RateLimitRule`` section takes precedence over the ``RateLimitOptions`` section.
 
-  **Note 2**: The following options were not supported in versions prior to `24.1`_ for overriding globally configured options: ``CacheOptions``, ``HttpHandlerOptions``, ``LoadBalancerOptions``, ``QoSOptions``, ``RateLimitOptions``, ``ServiceNamespace``, and ``Timeout``.
+  **Note 2**: The following options were not supported in versions prior to `24.1`_ for overriding globally configured options: ``AuthenticationOptions``, ``CacheOptions``, ``HttpHandlerOptions``, ``LoadBalancerOptions``, ``QoSOptions``, ``RateLimitOptions``, ``ServiceNamespace``, and ``Timeout``.
   Starting with version `24.1`_, both global and route-level options for :ref:`Dynamic Routing <routing-dynamic>` were introduced.
   For a clearer understanding of the changes, refer to the `previous schema (version 24.0) <https://ocelot.readthedocs.io/en/24.0/features/configuration.html#dynamic-route-schema>`_.
 
@@ -187,6 +188,7 @@ Here is the complete global configuration, also known as the *"global configurat
 .. code-block:: json
 
     {
+      "AuthenticationOptions": {},
       "BaseUrl": "",
       "CacheOptions": {},
       "DownstreamHeaderTransform": {}, // dictionary
@@ -208,6 +210,13 @@ Here is the complete global configuration, also known as the *"global configurat
 
 The actual global configuration schema with all the properties can be found in the C# `FileGlobalConfiguration`_ class.
 
+  **Note 1**: The following global options were not supported in versions prior to `24.1`_ for overriding in the :ref:`config-dynamic-route-schema`: ``AuthenticationOptions``, ``CacheOptions``, ``HttpHandlerOptions``, ``LoadBalancerOptions``, ``QoSOptions``, ``RateLimitOptions``, and ``Timeout``.
+  Moreover, these global options were not available in versions prior to `24.1`_ for static routes, as stated in issue `585`_.
+  Starting with version `24.1`_, both static and dynamic route *global* options are fully supported.
+  For a clearer understanding of the changes, refer to the :ref:`config-dynamic-route-schema` and related notes.
+
+  **Note 2**: The ``DownstreamHeaderTransform`` and ``UpstreamHeaderTransform`` global options were introduced in version `24.1`_, but they are available only for static routes.
+
 .. _config-overview:
 
 Configuration Overview
@@ -929,6 +938,7 @@ However, keep in mind that the absolute timeout has the lowest priority—theref
 
 .. _default timeout of 90 seconds: https://github.com/ThreeMammals/Ocelot/blob/24.0.0/src/Ocelot/Requester/MessageInvokerPool.cs#L38
 .. _296: https://github.com/ThreeMammals/Ocelot/issues/296
+.. _585: https://github.com/ThreeMammals/Ocelot/issues/585
 .. _738: https://github.com/ThreeMammals/Ocelot/issues/738
 .. _1216: https://github.com/ThreeMammals/Ocelot/issues/1216
 .. _1227: https://github.com/ThreeMammals/Ocelot/pull/1227
@@ -943,4 +953,4 @@ However, keep in mind that the absolute timeout has the lowest priority—theref
 .. _23.2: https://github.com/ThreeMammals/Ocelot/releases/tag/23.2.0
 .. _23.3: https://github.com/ThreeMammals/Ocelot/releases/tag/23.3.0
 .. _24.1: https://github.com/ThreeMammals/Ocelot/releases/tag/24.1.0
-.. _25.0: https://github.com/ThreeMammals/Ocelot/milestone/12
+.. _25.0: https://github.com/ThreeMammals/Ocelot/milestone/13

docs/features/configuration.rst

@@ -322,7 +322,7 @@ Filter the current discussions by the `Rate Limiting <https://github.com/ThreeMa
 .. _23.3: https://github.com/ThreeMammals/Ocelot/releases/tag/23.3.0
 .. _24.0: https://github.com/ThreeMammals/Ocelot/releases/tag/24.0.0
 .. _24.1: https://github.com/ThreeMammals/Ocelot/releases/tag/24.1.0
-.. _25.0: https://github.com/ThreeMammals/Ocelot/milestone/12
+.. _25.0: https://github.com/ThreeMammals/Ocelot/milestone/13
 
 .. |octocat| image:: https://assets-git.f3mw1.com/images/icons/emoji/octocat.png
   :alt: octocat

docs/features/ratelimiting.rst

@@ -680,4 +680,4 @@ However, you can retain this ``Type`` option to maintain compatibility between b
 .. _13.5.2: https://github.com/ThreeMammals/Ocelot/releases/tag/13.5.2
 .. _23.3: https://github.com/ThreeMammals/Ocelot/releases/tag/23.3.0
 .. _24.1: https://github.com/ThreeMammals/Ocelot/releases/tag/24.1.0
-.. _25.0: https://github.com/ThreeMammals/Ocelot/milestone/12
+.. _25.0: https://github.com/ThreeMammals/Ocelot/milestone/13

docs/features/servicediscovery.rst

@@ -1,6 +1,6 @@
 using Microsoft.Extensions.Primitives;
 
-namespace Ocelot.Infrastructure.Extensions;
+namespace Ocelot.Tracing.Butterfly;
 
 public static class StringValuesExtensions
 {

…ure/Extensions/StringValuesExtensions.cs …cing.Butterfly/StringValuesExtensions.cssrc/Ocelot/Infrastructure/Extensions/StringValuesExtensions.cs renamed to src/Ocelot.Tracing.Butterfly/StringValuesExtensions.cs src/Ocelot/Infrastructure/Extensions/StringValuesExtensions.cs renamed to src/Ocelot.Tracing.Butterfly/StringValuesExtensions.cs

@@ -0,0 +1,15 @@
+namespace Ocelot.Administration;
+
+public class AdministrationPath : IAdministrationPath
+{
+    public AdministrationPath(string path, string apiSecret, Uri externalJwtServerUrl = null)
+    {
+        Path = path;
+        IssuerSigningKey = apiSecret;
+        ExternalJwtSigningUrl = externalJwtServerUrl;
+    }
+
+    public string Path { get; }
+    public string IssuerSigningKey { get; }
+    public Uri ExternalJwtSigningUrl { get; }
+}

src/Ocelot/Administration/AdministrationPath.cs

@@ -1,11 +1,13 @@
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using Ocelot.Configuration;
 using Ocelot.Configuration.File;
 using Ocelot.Configuration.Repository;
 using Ocelot.Configuration.Setter;
 
-namespace Ocelot.Configuration;
+namespace Ocelot.Administration;
 
+// [ApiController] // TODO: Make it ApiController
 [Authorize]
 [Route("configuration")]
 public class FileConfigurationController : Controller

…iguration/FileConfigurationController.cs …istration/FileConfigurationController.cssrc/Ocelot/Configuration/FileConfigurationController.cs renamed to src/Ocelot/Administration/FileConfigurationController.cs src/Ocelot/Configuration/FileConfigurationController.cs renamed to src/Ocelot/Administration/FileConfigurationController.cs

@@ -0,0 +1,8 @@
+namespace Ocelot.Administration;
+
+public interface IAdministrationPath
+{
+    string Path { get; }
+    string IssuerSigningKey { get; }
+    Uri ExternalJwtSigningUrl { get; }
+}

src/Ocelot/Administration/IAdministrationPath.cs

@@ -1,24 +1,27 @@
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Mvc;
-
-namespace Ocelot.Cache;
-
-[Authorize]
-[Route("outputcache")]
-public class OutputCacheController : Controller
-{
-    private readonly IOcelotCache<CachedResponse> _cache;
-
-    public OutputCacheController(IOcelotCache<CachedResponse> cache)
-    {
-        _cache = cache;
-    }
-
-    [HttpDelete]
-    [Route("{region}")]
-    public IActionResult Delete(string region)
-    {
-        _cache.ClearRegion(region);
-        return new NoContentResult();
-    }
-}
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Ocelot.Cache;
+
+namespace Ocelot.Administration;
+
+// [ApiController] // TODO: Make it ApiController
+//[Authorize(Policy = "OcelotAdministration")]
+[Authorize]
+[Route("outputcache")]
+public class OutputCacheController : Controller
+{
+    private readonly IOcelotCache<CachedResponse> _cache;
+
+    public OutputCacheController(IOcelotCache<CachedResponse> cache)
+    {
+        _cache = cache;
+    }
+
+    [HttpDelete]
+    [Route("{region}")]
+    public IActionResult Delete(string region)
+    {
+        _cache.ClearRegion(region);
+        return new NoContentResult();
+    }
+}