fix(Runner): Fixed the AuthorizationInfo to resolve referenced authentication policies defined at top level

Signed-off-by: Charles d'Avernas <[email protected]>

Author: cdavernas

src/core/Synapse.Core/SynapseDefaults.cs

@@ -766,7 +766,7 @@ public static class Secrets
             /// <summary>
             /// Gets the prefix for all secrets related environment variables
             /// </summary>
-            public const string Prefix = EnvironmentVariables.Prefix + "SECRETS";
+            public const string Prefix = EnvironmentVariables.Prefix + "SECRETS_";
             /// <summary>
             /// Gets the name of the environment variable used to configure the path to the directory that contains secrets files
             /// </summary>

src/runner/Synapse.Runner/AuthorizationInfo.cs

@@ -42,16 +42,22 @@ public class AuthorizationInfo(string scheme, string parameter)
     /// <summary>
     /// Creates a new <see cref="AuthorizationInfo"/> based on the specified <see cref="AuthenticationPolicyDefinition"/>
     /// </summary>
+    /// <param name="workflow">The <see cref="WorkflowDefinition"/> that defines the <see cref="AuthenticationPolicyDefinition"/> to create a new <see cref="AuthorizationInfo"/> for</param>
     /// <param name="authentication">The <see cref="AuthenticationPolicyDefinition"/> to create a new <see cref="AuthorizationInfo"/> for</param>
     /// <param name="serviceProvider">The current <see cref="IServiceProvider"/></param>
     /// <param name="cancellationToken">A <see cref="CancellationToken"/></param>
     /// <returns>A new <see cref="AuthorizationInfo"/> based on the specified <see cref="AuthenticationPolicyDefinition"/></returns>
-    public static async Task<AuthorizationInfo> CreateAsync(AuthenticationPolicyDefinition authentication, IServiceProvider serviceProvider, CancellationToken cancellationToken = default)
+    public static async Task<AuthorizationInfo> CreateAsync(WorkflowDefinition workflow, AuthenticationPolicyDefinition authentication, IServiceProvider serviceProvider, CancellationToken cancellationToken = default)
     {
         ArgumentNullException.ThrowIfNull(nameof(authentication));
         ArgumentNullException.ThrowIfNull(nameof(serviceProvider));
         string scheme, parameter;
         var logger = serviceProvider.GetRequiredService<ILoggerFactory>().CreateLogger("AuthenticationPolicyHandler");
+        if (!string.IsNullOrWhiteSpace(authentication.Use))
+        {
+            if (workflow.Use?.Authentications?.TryGetValue(authentication.Use, out AuthenticationPolicyDefinition? referencedAuthentication) != true || referencedAuthentication == null) throw new NullReferenceException($"Failed to find the specified authentication policy '{authentication.Use}'");
+            else authentication = referencedAuthentication;
+        }
         var isSecretBased = authentication.TryGetBaseSecret(out var secretName);
         object? authenticationProperties = null;
         if (isSecretBased && !string.IsNullOrWhiteSpace(secretName))

src/runner/Synapse.Runner/Extensions/HttpClientExtensions.cs

@@ -25,14 +25,16 @@ public static class HttpClientExtensions
     /// Configures the <see cref="HttpClient"/> to use the specified authentication mechanism 
     /// </summary>
     /// <param name="httpClient">The <see cref="HttpClient"/> to configure</param>
+    /// <param name="workflow">The <see cref="WorkflowDefinition"/> that defines the authentication to configure</param>
     /// <param name="authentication">An object that describes the authentication mechanism to use</param>
     /// <param name="serviceProvider">The current <see cref="IServiceProvider"/></param>
     /// <param name="cancellationToken">A <see cref="CancellationToken"/></param>
     /// <returns>A new awaitable <see cref="Task"/></returns>
-    public static async Task ConfigureAuthenticationAsync(this HttpClient httpClient, AuthenticationPolicyDefinition? authentication, IServiceProvider serviceProvider, CancellationToken cancellationToken = default)
+    public static async Task ConfigureAuthenticationAsync(this HttpClient httpClient, WorkflowDefinition workflow, AuthenticationPolicyDefinition? authentication, IServiceProvider serviceProvider, CancellationToken cancellationToken = default)
     {
+        ArgumentNullException.ThrowIfNull(workflow);
         if (authentication == null) return;
-        var authorization = await AuthorizationInfo.CreateAsync(authentication, serviceProvider, cancellationToken).ConfigureAwait(false);
+        var authorization = await AuthorizationInfo.CreateAsync(workflow, authentication, serviceProvider, cancellationToken).ConfigureAwait(false);
         httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(authorization.Scheme, authorization.Parameter);
     }
 

src/runner/Synapse.Runner/Services/Executors/HttpCallExecutor.cs

@@ -56,7 +56,7 @@ protected override async Task DoInitializeAsync(CancellationToken cancellationTo
         {
             this.Http = (HttpCallDefinition)this.JsonSerializer.Convert(this.Task.Definition.With, typeof(HttpCallDefinition))!;
             var authentication = this.Http.Endpoint.Authentication == null ? null : await this.Task.Workflow.Expressions.EvaluateAsync<AuthenticationPolicyDefinition>(this.Http.Endpoint.Authentication, this.Task.Input, this.Task.Arguments, cancellationToken).ConfigureAwait(false);
-            await this.HttpClient.ConfigureAuthenticationAsync(authentication, this.ServiceProvider, cancellationToken).ConfigureAwait(false);
+            await this.HttpClient.ConfigureAuthenticationAsync(this.Task.Workflow.Definition, authentication, this.ServiceProvider, cancellationToken).ConfigureAwait(false);
         }
         catch(Exception ex)
         {

src/runner/Synapse.Runner/Services/Executors/OpenApiCallExecutor.cs

@@ -109,7 +109,7 @@ protected override async Task DoInitializeAsync(CancellationToken cancellationTo
     {
         this.OpenApi = (OpenApiCallDefinition)this.JsonSerializer.Convert(this.Task.Definition.With, typeof(OpenApiCallDefinition))!;
         using var httpClient = this.HttpClientFactory.CreateClient();
-        await httpClient.ConfigureAuthenticationAsync(this.OpenApi.Document.Endpoint.Authentication, this.ServiceProvider, cancellationToken).ConfigureAwait(false);
+        await httpClient.ConfigureAuthenticationAsync(this.Task.Workflow.Definition, this.OpenApi.Document.Endpoint.Authentication, this.ServiceProvider, cancellationToken).ConfigureAwait(false);
         using var request = new HttpRequestMessage(HttpMethod.Get, this.OpenApi.Document.EndpointUri);
         using var response = await httpClient.SendAsync(request, cancellationToken).ConfigureAwait(false);
         if (!response.IsSuccessStatusCode)
@@ -226,7 +226,7 @@ protected override async Task DoExecuteAsync(CancellationToken cancellationToken
                 }
             }
             using var httpClient = this.HttpClientFactory.CreateClient();
-            await httpClient.ConfigureAuthenticationAsync(this.OpenApi.Authentication, this.ServiceProvider, cancellationToken).ConfigureAwait(false);
+            await httpClient.ConfigureAuthenticationAsync(this.Task.Workflow.Definition, this.OpenApi.Authentication, this.ServiceProvider, cancellationToken).ConfigureAwait(false);
             using var response = await httpClient.SendAsync(request, cancellationToken);
             if (response.StatusCode == HttpStatusCode.ServiceUnavailable) continue;
             var rawContent = await response.Content.ReadAsByteArrayAsync(cancellationToken)!;

src/runner/Synapse.Runner/Services/ExternalResourceProvider.cs

@@ -54,8 +54,10 @@ public virtual async Task<Stream> ReadAsync(WorkflowDefinition workflow, Externa
     /// <returns>The specified <see cref="ExternalResourceDefinition"/>'s content <see cref="Stream"/></returns>
     protected virtual async Task<Stream> ReadOverHttpAsync(WorkflowDefinition workflow, ExternalResourceDefinition resource, CancellationToken cancellationToken = default)
     {
+        ArgumentNullException.ThrowIfNull(workflow);
+        ArgumentNullException.ThrowIfNull(resource);
         using var httpClient = this.HttpClientFactory.CreateClient();
-        await httpClient.ConfigureAuthenticationAsync(resource.Endpoint.Authentication, this.ServiceProvider, cancellationToken).ConfigureAwait(false);
+        await httpClient.ConfigureAuthenticationAsync(workflow, resource.Endpoint.Authentication, this.ServiceProvider, cancellationToken).ConfigureAwait(false);
         return await httpClient.GetStreamAsync(resource.EndpointUri, cancellationToken).ConfigureAwait(false);
     }