Refactor AuthenticationHeaderValueProvider construction (#2463)

rayokota · web-flow · commit 044b04f1c3a6 · 2025-04-29T12:36:17.000-07:00
diff --git a/src/Confluent.SchemaRegistry.Encryption/CachedDekRegistryClient.cs b/src/Confluent.SchemaRegistry.Encryption/CachedDekRegistryClient.cs
@@ -173,87 +173,8 @@ public CachedDekRegistryClient(IEnumerable<KeyValuePair<string, string>> config,
                     $"Configured value for {SchemaRegistryConfig.PropertyNames.SchemaRegistryMaxCachedSchemas} must be an integer.");
             }
 
-            var basicAuthSource = config.FirstOrDefault(prop =>
-                    prop.Key.ToLower() == SchemaRegistryConfig.PropertyNames.SchemaRegistryBasicAuthCredentialsSource)
-                .Value ?? "";
-            var basicAuthInfo = config.FirstOrDefault(prop =>
-                prop.Key.ToLower() == SchemaRegistryConfig.PropertyNames.SchemaRegistryBasicAuthUserInfo).Value ?? "";
-
-            string username = null;
-            string password = null;
-
-            if (basicAuthSource == "USER_INFO" || basicAuthSource == "")
-            {
-                if (basicAuthInfo != "")
-                {
-                    var userPass = basicAuthInfo.Split(new char[] { ':' }, 2);
-                    if (userPass.Length != 2)
-                    {
-                        throw new ArgumentException(
-                            $"Configuration property {SchemaRegistryConfig.PropertyNames.SchemaRegistryBasicAuthUserInfo} must be of the form 'username:password'.");
-                    }
-
-                    username = userPass[0];
-                    password = userPass[1];
-                }
-            }
-            else if (basicAuthSource == "SASL_INHERIT")
-            {
-                if (basicAuthInfo != "")
-                {
-                    throw new ArgumentException(
-                        $"{SchemaRegistryConfig.PropertyNames.SchemaRegistryBasicAuthCredentialsSource} set to 'SASL_INHERIT', but {SchemaRegistryConfig.PropertyNames.SchemaRegistryBasicAuthUserInfo} as also specified.");
-                }
-
-                var saslUsername = config.FirstOrDefault(prop => prop.Key == "sasl.username");
-                var saslPassword = config.FirstOrDefault(prop => prop.Key == "sasl.password");
-                if (saslUsername.Value == null)
-                {
-                    throw new ArgumentException(
-                        $"{SchemaRegistryConfig.PropertyNames.SchemaRegistryBasicAuthCredentialsSource} set to 'SASL_INHERIT', but 'sasl.username' property not specified.");
-                }
-
-                if (saslPassword.Value == null)
-                {
-                    throw new ArgumentException(
-                        $"{SchemaRegistryConfig.PropertyNames.SchemaRegistryBasicAuthCredentialsSource} set to 'SASL_INHERIT', but 'sasl.password' property not specified.");
-                }
-
-                username = saslUsername.Value;
-                password = saslPassword.Value;
-            }
-            else
-            {
-                throw new ArgumentException(
-                    $"Invalid value '{basicAuthSource}' specified for property '{SchemaRegistryConfig.PropertyNames.SchemaRegistryBasicAuthCredentialsSource}'");
-            }
-
-            if (authenticationHeaderValueProvider != null)
-            {
-                if (username != null || password != null)
-                {
-                    throw new ArgumentException(
-                        $"Invalid authentication header value provider configuration: Cannot specify both custom provider and username/password");
-                }
-            }
-            else
-            {
-                if (username != null && password == null)
-                {
-                    throw new ArgumentException(
-                        $"Invalid authentication header value provider configuration: Basic authentication username specified, but password not specified");
-                }
-
-                if (username == null && password != null)
-                {
-                    throw new ArgumentException(
-                        $"Invalid authentication header value provider configuration: Basic authentication password specified, but username not specified");
-                }
-                else if (username != null && password != null)
-                {
-                    authenticationHeaderValueProvider = new BasicAuthenticationHeaderValueProvider(username, password);
-                }
-            }
+            authenticationHeaderValueProvider = DekRestService.AuthenticationHeaderValueProvider(
+                config, authenticationHeaderValueProvider, maxRetries, retriesWaitMs, retriesMaxWaitMs);
 
             foreach (var property in config)
             {
@@ -271,6 +192,14 @@ public CachedDekRegistryClient(IEnumerable<KeyValuePair<string, string>> config,
                     property.Key != SchemaRegistryConfig.PropertyNames.SchemaRegistryLatestCacheTtlSecs &&
                     property.Key != SchemaRegistryConfig.PropertyNames.SchemaRegistryBasicAuthCredentialsSource &&
                     property.Key != SchemaRegistryConfig.PropertyNames.SchemaRegistryBasicAuthUserInfo &&
+                    property.Key != SchemaRegistryConfig.PropertyNames.SchemaRegistryBearerAuthCredentialsSource &&
+                    property.Key != SchemaRegistryConfig.PropertyNames.SchemaRegistryBearerAuthToken &&
+                    property.Key != SchemaRegistryConfig.PropertyNames.SchemaRegistryBearerAuthClientId &&
+                    property.Key != SchemaRegistryConfig.PropertyNames.SchemaRegistryBearerAuthClientSecret &&
+                    property.Key != SchemaRegistryConfig.PropertyNames.SchemaRegistryBearerAuthScope &&
+                    property.Key != SchemaRegistryConfig.PropertyNames.SchemaRegistryBearerAuthTokenEndpointUrl &&
+                    property.Key != SchemaRegistryConfig.PropertyNames.SchemaRegistryBearerAuthLogicalCluster &&
+                    property.Key != SchemaRegistryConfig.PropertyNames.SchemaRegistryBearerAuthIdentityPoolId &&
                     property.Key != SchemaRegistryConfig.PropertyNames.SchemaRegistryKeySubjectNameStrategy &&
                     property.Key != SchemaRegistryConfig.PropertyNames.SchemaRegistryValueSubjectNameStrategy &&
                     property.Key != SchemaRegistryConfig.PropertyNames.SslCaLocation &&
diff --git a/src/Confluent.SchemaRegistry.Encryption/Rest/DekRestService.cs b/src/Confluent.SchemaRegistry.Encryption/Rest/DekRestService.cs
@@ -99,5 +99,15 @@ public async Task<RegisteredDek> CreateDekAsync(string kekName, Dek dek)
                 .ConfigureAwait(continueOnCapturedContext: false);
 
         #endregion Deks
+
+        protected internal static IAuthenticationHeaderValueProvider
+            AuthenticationHeaderValueProvider(
+                IEnumerable<KeyValuePair<string, string>> config,
+                IAuthenticationHeaderValueProvider authenticationHeaderValueProvider,
+                int maxRetries, int retriesWaitMs, int retriesMaxWaitMs)
+        {
+            return RestService.AuthenticationHeaderValueProvider(config,
+                authenticationHeaderValueProvider, maxRetries, retriesWaitMs, retriesMaxWaitMs);
+        }
     }
 }
diff --git a/src/Confluent.SchemaRegistry/CachedSchemaRegistryClient.cs b/src/Confluent.SchemaRegistry/CachedSchemaRegistryClient.cs
@@ -23,7 +23,6 @@
 using System.Threading.Tasks;
 using System.Linq;
 using System;
-using System.Net.Http;
 using System.Collections.Concurrent;
 using System.Net;
 using System.Security.Cryptography.X509Certificates;
@@ -308,165 +307,8 @@ public CachedSchemaRegistryClient(IEnumerable<KeyValuePair<string, string>> conf
                     $"Configured value for {SchemaRegistryConfig.PropertyNames.SchemaRegistryLatestCacheTtlSecs} must be an integer.");
             }
             
-            var basicAuthSource = config.FirstOrDefault(prop =>
-                    prop.Key.ToLower() == SchemaRegistryConfig.PropertyNames.SchemaRegistryBasicAuthCredentialsSource)
-                .Value ?? "";
-            var basicAuthInfo = config.FirstOrDefault(prop =>
-                prop.Key.ToLower() == SchemaRegistryConfig.PropertyNames.SchemaRegistryBasicAuthUserInfo).Value ?? "";
-
-            string username = null;
-            string password = null;
-
-            if (basicAuthSource == "USER_INFO" || basicAuthSource == "")
-            {
-                if (basicAuthInfo != "")
-                {
-                    var userPass = basicAuthInfo.Split(new char[] { ':' }, 2);
-                    if (userPass.Length != 2)
-                    {
-                        throw new ArgumentException(
-                            $"Configuration property {SchemaRegistryConfig.PropertyNames.SchemaRegistryBasicAuthUserInfo} must be of the form 'username:password'.");
-                    }
-
-                    username = userPass[0];
-                    password = userPass[1];
-                    if (authenticationHeaderValueProvider != null)
-                    {
-                        throw new ArgumentException(
-                            $"Invalid authentication header value provider configuration: Cannot specify both custom provider and username/password");
-                    }
-                    authenticationHeaderValueProvider = new BasicAuthenticationHeaderValueProvider(username, password);
-                }
-            }
-            else if (basicAuthSource == "SASL_INHERIT")
-            {
-                if (basicAuthInfo != "")
-                {
-                    throw new ArgumentException(
-                        $"{SchemaRegistryConfig.PropertyNames.SchemaRegistryBasicAuthCredentialsSource} set to 'SASL_INHERIT', but {SchemaRegistryConfig.PropertyNames.SchemaRegistryBasicAuthUserInfo} as also specified.");
-                }
-
-                var saslUsername = config.FirstOrDefault(prop => prop.Key == "sasl.username");
-                var saslPassword = config.FirstOrDefault(prop => prop.Key == "sasl.password");
-                if (saslUsername.Value == null)
-                {
-                    throw new ArgumentException(
-                        $"{SchemaRegistryConfig.PropertyNames.SchemaRegistryBasicAuthCredentialsSource} set to 'SASL_INHERIT', but 'sasl.username' property not specified.");
-                }
-
-                if (saslPassword.Value == null)
-                {
-                    throw new ArgumentException(
-                        $"{SchemaRegistryConfig.PropertyNames.SchemaRegistryBasicAuthCredentialsSource} set to 'SASL_INHERIT', but 'sasl.password' property not specified.");
-                }
-
-                username = saslUsername.Value;
-                password = saslPassword.Value;
-                if (authenticationHeaderValueProvider != null)
-                {
-                    throw new ArgumentException(
-                        $"Invalid authentication header value provider configuration: Cannot specify both custom provider and username/password");
-                }
-                authenticationHeaderValueProvider = new BasicAuthenticationHeaderValueProvider(username, password);
-            }
-            else
-            {
-                throw new ArgumentException(
-                    $"Invalid value '{basicAuthSource}' specified for property '{SchemaRegistryConfig.PropertyNames.SchemaRegistryBasicAuthCredentialsSource}'");
-            }
-
-            var bearerAuthSource = config.FirstOrDefault(prop =>
-                prop.Key.ToLower() == SchemaRegistryConfig.PropertyNames.SchemaRegistryBearerAuthCredentialsSource).Value ?? "";
-
-            if (bearerAuthSource != "" && basicAuthSource != "")
-            {
-                throw new ArgumentException(
-                    $"Invalid authentication header value provider configuration: Cannot specify both basic and bearer authentication");
-            }
-
-            string logicalCluster = null;
-            string identityPoolId = null;
-            string bearerToken = null;
-            string clientId = null;
-            string clientSecret = null;
-            string scope = null;
-            string tokenEndpointUrl = null;
-
-            if (bearerAuthSource == "STATIC_TOKEN" || bearerAuthSource == "OAUTHBEARER")
-            {
-                if (authenticationHeaderValueProvider != null)
-                {
-                    throw new ArgumentException(
-                        $"Invalid authentication header value provider configuration: Cannot specify both custom provider and bearer authentication");
-                }
-                logicalCluster = config.FirstOrDefault(prop =>
-                    prop.Key.ToLower() == SchemaRegistryConfig.PropertyNames.SchemaRegistryBearerAuthLogicalCluster).Value;
-
-                identityPoolId = config.FirstOrDefault(prop =>
-                    prop.Key.ToLower() == SchemaRegistryConfig.PropertyNames.SchemaRegistryBearerAuthIdentityPoolId).Value;
-                if (logicalCluster == null || identityPoolId == null)
-                {
-                    throw new ArgumentException(
-                        $"Invalid bearer authentication provider configuration: Logical cluster and identity pool ID must be specified");
-                }
-            }
-
-            switch (bearerAuthSource)
-            {
-                case "STATIC_TOKEN":
-                    bearerToken = config.FirstOrDefault(prop =>
-                        prop.Key.ToLower() == SchemaRegistryConfig.PropertyNames.SchemaRegistryBearerAuthToken).Value;
-
-                    if (bearerToken == null)
-                    {
-                        throw new ArgumentException(
-                            $"Invalid authentication header value provider configuration: Bearer authentication token not specified");
-                    }
-                    authenticationHeaderValueProvider = new StaticBearerAuthenticationHeaderValueProvider(bearerToken, logicalCluster, identityPoolId);
-                    break;
-
-                case "OAUTHBEARER":
-                    clientId = config.FirstOrDefault(prop =>
-                        prop.Key.ToLower() == SchemaRegistryConfig.PropertyNames.SchemaRegistryBearerAuthClientId).Value;
-
-                    clientSecret = config.FirstOrDefault(prop =>
-                        prop.Key.ToLower() == SchemaRegistryConfig.PropertyNames.SchemaRegistryBearerAuthClientSecret).Value;
-
-                    scope = config.FirstOrDefault(prop =>
-                        prop.Key.ToLower() == SchemaRegistryConfig.PropertyNames.SchemaRegistryBearerAuthScope).Value;
-                    
-                    tokenEndpointUrl = config.FirstOrDefault(prop =>
-                        prop.Key.ToLower() == SchemaRegistryConfig.PropertyNames.SchemaRegistryBearerAuthTokenEndpointUrl).Value;
-                    
-                    if (tokenEndpointUrl == null || clientId == null || clientSecret == null || scope == null)
-                    {
-                        throw new ArgumentException(
-                            $"Invalid bearer authentication provider configuration: Token endpoint URL, client ID, client secret, and scope must be specified");
-                    }
-                    authenticationHeaderValueProvider = new BearerAuthenticationHeaderValueProvider(
-                        new HttpClient(), clientId, clientSecret, scope, tokenEndpointUrl, logicalCluster, identityPoolId, maxRetries, retriesWaitMs, retriesMaxWaitMs);
-                    break;
-
-                case "CUSTOM":
-                    if (authenticationHeaderValueProvider == null)
-                    {
-                        throw new ArgumentException(
-                            $"Invalid authentication header value provider configuration: Custom authentication provider must be specified");
-                    }
-                    if(!(authenticationHeaderValueProvider is IAuthenticationBearerHeaderValueProvider))
-                    {
-                        throw new ArgumentException(
-                            $"Invalid authentication header value provider configuration: Custom authentication provider must implement IAuthenticationBearerHeaderValueProvider");
-                    }
-                    break;
-
-                case "":
-                    break;
-
-                default:
-                    throw new ArgumentException(
-                        $"Invalid value '{bearerAuthSource}' specified for property '{SchemaRegistryConfig.PropertyNames.SchemaRegistryBearerAuthCredentialsSource}'");
-            }
+            authenticationHeaderValueProvider = RestService.AuthenticationHeaderValueProvider(
+                config, authenticationHeaderValueProvider, maxRetries, retriesWaitMs, retriesMaxWaitMs);
 
             foreach (var property in config)
             {
diff --git a/src/Confluent.SchemaRegistry/Rest/RestService.cs b/src/Confluent.SchemaRegistry/Rest/RestService.cs
