Merge main branch into Usr/sogh/mcpconfigentities.v3

Author: souvikghosh04

src/Cli.Tests/EndToEndTests.cs

@@ -116,10 +116,11 @@ public void TestInitializingRestAndGraphQLGlobalSettings()
         string[] args = { "init", "-c", TEST_RUNTIME_CONFIG_FILE, "--connection-string", SAMPLE_TEST_CONN_STRING, "--database-type", "mssql", "--rest.path", "/rest-api", "--rest.enabled", "false", "--graphql.path", "/graphql-api" };
         Program.Execute(args, _cliLogger!, _fileSystem!, _runtimeConfigLoader!);
 
+        DeserializationVariableReplacementSettings replacementSettings = new(azureKeyVaultOptions: null, doReplaceEnvVar: true, doReplaceAkvVar: true);
         Assert.IsTrue(_runtimeConfigLoader!.TryLoadConfig(
             TEST_RUNTIME_CONFIG_FILE,
             out RuntimeConfig? runtimeConfig,
-            replaceEnvVar: true));
+            replacementSettings: replacementSettings));
 
         SqlConnectionStringBuilder builder = new(runtimeConfig.DataSource.ConnectionString);
         Assert.AreEqual(ProductInfo.GetDataApiBuilderUserAgent(), builder.ApplicationName);
@@ -195,10 +196,11 @@ public void TestEnablingMultipleCreateOperation(CliBool isMultipleCreateEnabled,
 
         Program.Execute(args.ToArray(), _cliLogger!, _fileSystem!, _runtimeConfigLoader!);
 
+        DeserializationVariableReplacementSettings replacementSettings = new(azureKeyVaultOptions: null, doReplaceEnvVar: true, doReplaceAkvVar: true);
         Assert.IsTrue(_runtimeConfigLoader!.TryLoadConfig(
             TEST_RUNTIME_CONFIG_FILE,
             out RuntimeConfig? runtimeConfig,
-            replaceEnvVar: true));
+            replacementSettings: replacementSettings));
 
         Assert.IsNotNull(runtimeConfig);
         Assert.AreEqual(expectedDbType, runtimeConfig.DataSource.DatabaseType);

src/Cli.Tests/EnvironmentTests.cs

@@ -19,7 +19,13 @@ public class EnvironmentTests
     [TestInitialize]
     public void TestInitialize()
     {
-        StringJsonConverterFactory converterFactory = new(EnvironmentVariableReplacementFailureMode.Throw);
+        DeserializationVariableReplacementSettings replacementSettings = new(
+            azureKeyVaultOptions: null,
+            doReplaceEnvVar: true,
+            doReplaceAkvVar: false,
+            envFailureMode: EnvironmentVariableReplacementFailureMode.Throw);
+
+        StringJsonConverterFactory converterFactory = new(replacementSettings);
         _options = new()
         {
             PropertyNameCaseInsensitive = true

src/Cli/ConfigGenerator.cs

@@ -2657,9 +2657,10 @@ private static bool TryUpdateConfiguredAzureKeyVaultOptions(
                 // Azure Key Vault Endpoint
                 if (options.AzureKeyVaultEndpoint is not null)
                 {
+                    // Ensure endpoint flag is marked user provided so converter writes it.
                     updatedAzureKeyVaultOptions = updatedAzureKeyVaultOptions is not null
-                        ? updatedAzureKeyVaultOptions with { Endpoint = options.AzureKeyVaultEndpoint }
-                        : new AzureKeyVaultOptions { Endpoint = options.AzureKeyVaultEndpoint };
+                        ? updatedAzureKeyVaultOptions with { Endpoint = options.AzureKeyVaultEndpoint, UserProvidedEndpoint = true }
+                        : new AzureKeyVaultOptions(endpoint: options.AzureKeyVaultEndpoint);
                     _logger.LogInformation("Updated RuntimeConfig with azure-key-vault.endpoint as '{endpoint}'", options.AzureKeyVaultEndpoint);
                 }
 
@@ -2668,7 +2669,7 @@ private static bool TryUpdateConfiguredAzureKeyVaultOptions(
                 {
                     updatedRetryPolicyOptions = updatedRetryPolicyOptions is not null
                         ? updatedRetryPolicyOptions with { Mode = options.AzureKeyVaultRetryPolicyMode.Value, UserProvidedMode = true }
-                        : new AKVRetryPolicyOptions { Mode = options.AzureKeyVaultRetryPolicyMode.Value, UserProvidedMode = true };
+                        : new AKVRetryPolicyOptions(mode: options.AzureKeyVaultRetryPolicyMode.Value);
                     _logger.LogInformation("Updated RuntimeConfig with azure-key-vault.retry-policy.mode as '{mode}'", options.AzureKeyVaultRetryPolicyMode.Value);
                 }
 
@@ -2683,7 +2684,7 @@ private static bool TryUpdateConfiguredAzureKeyVaultOptions(
 
                     updatedRetryPolicyOptions = updatedRetryPolicyOptions is not null
                         ? updatedRetryPolicyOptions with { MaxCount = options.AzureKeyVaultRetryPolicyMaxCount.Value, UserProvidedMaxCount = true }
-                        : new AKVRetryPolicyOptions { MaxCount = options.AzureKeyVaultRetryPolicyMaxCount.Value, UserProvidedMaxCount = true };
+                        : new AKVRetryPolicyOptions(maxCount: options.AzureKeyVaultRetryPolicyMaxCount.Value);
                     _logger.LogInformation("Updated RuntimeConfig with azure-key-vault.retry-policy.max-count as '{maxCount}'", options.AzureKeyVaultRetryPolicyMaxCount.Value);
                 }
 
@@ -2698,7 +2699,7 @@ private static bool TryUpdateConfiguredAzureKeyVaultOptions(
 
                     updatedRetryPolicyOptions = updatedRetryPolicyOptions is not null
                         ? updatedRetryPolicyOptions with { DelaySeconds = options.AzureKeyVaultRetryPolicyDelaySeconds.Value, UserProvidedDelaySeconds = true }
-                        : new AKVRetryPolicyOptions { DelaySeconds = options.AzureKeyVaultRetryPolicyDelaySeconds.Value, UserProvidedDelaySeconds = true };
+                        : new AKVRetryPolicyOptions(delaySeconds: options.AzureKeyVaultRetryPolicyDelaySeconds.Value);
                     _logger.LogInformation("Updated RuntimeConfig with azure-key-vault.retry-policy.delay-seconds as '{delaySeconds}'", options.AzureKeyVaultRetryPolicyDelaySeconds.Value);
                 }
 
@@ -2713,7 +2714,7 @@ private static bool TryUpdateConfiguredAzureKeyVaultOptions(
 
                     updatedRetryPolicyOptions = updatedRetryPolicyOptions is not null
                         ? updatedRetryPolicyOptions with { MaxDelaySeconds = options.AzureKeyVaultRetryPolicyMaxDelaySeconds.Value, UserProvidedMaxDelaySeconds = true }
-                        : new AKVRetryPolicyOptions { MaxDelaySeconds = options.AzureKeyVaultRetryPolicyMaxDelaySeconds.Value, UserProvidedMaxDelaySeconds = true };
+                        : new AKVRetryPolicyOptions(maxDelaySeconds: options.AzureKeyVaultRetryPolicyMaxDelaySeconds.Value);
                     _logger.LogInformation("Updated RuntimeConfig with azure-key-vault.retry-policy.max-delay-seconds as '{maxDelaySeconds}'", options.AzureKeyVaultRetryPolicyMaxDelaySeconds.Value);
                 }
 
@@ -2728,16 +2729,17 @@ private static bool TryUpdateConfiguredAzureKeyVaultOptions(
 
                     updatedRetryPolicyOptions = updatedRetryPolicyOptions is not null
                         ? updatedRetryPolicyOptions with { NetworkTimeoutSeconds = options.AzureKeyVaultRetryPolicyNetworkTimeoutSeconds.Value, UserProvidedNetworkTimeoutSeconds = true }
-                        : new AKVRetryPolicyOptions { NetworkTimeoutSeconds = options.AzureKeyVaultRetryPolicyNetworkTimeoutSeconds.Value, UserProvidedNetworkTimeoutSeconds = true };
+                        : new AKVRetryPolicyOptions(networkTimeoutSeconds: options.AzureKeyVaultRetryPolicyNetworkTimeoutSeconds.Value);
                     _logger.LogInformation("Updated RuntimeConfig with azure-key-vault.retry-policy.network-timeout-seconds as '{networkTimeoutSeconds}'", options.AzureKeyVaultRetryPolicyNetworkTimeoutSeconds.Value);
                 }
 
-                // Update Azure Key Vault options with retry policy if retry policy was modified
+                // Update Azure Key Vault options with retry policy if modified
                 if (updatedRetryPolicyOptions is not null)
                 {
+                    // Ensure outer AKV object marks retry policy as user provided so it serializes.
                     updatedAzureKeyVaultOptions = updatedAzureKeyVaultOptions is not null
-                        ? updatedAzureKeyVaultOptions with { RetryPolicy = updatedRetryPolicyOptions }
-                        : new AzureKeyVaultOptions { RetryPolicy = updatedRetryPolicyOptions };
+                        ? updatedAzureKeyVaultOptions with { RetryPolicy = updatedRetryPolicyOptions, UserProvidedRetryPolicy = true }
+                        : new AzureKeyVaultOptions(retryPolicy: updatedRetryPolicyOptions);
                 }
 
                 // Update runtime config if Azure Key Vault options were modified

src/Cli/Exporter.cs

@@ -44,7 +44,8 @@ public static bool Export(ExportOptions options, ILogger logger, FileSystemRunti
             }
 
             // Load the runtime configuration from the file
-            if (!loader.TryLoadConfig(runtimeConfigFile, out RuntimeConfig? runtimeConfig, replaceEnvVar: true))
+            DeserializationVariableReplacementSettings replacementSettings = new(azureKeyVaultOptions: null, doReplaceEnvVar: true, doReplaceAkvVar: true);
+            if (!loader.TryLoadConfig(runtimeConfigFile, out RuntimeConfig? runtimeConfig, replacementSettings: replacementSettings))
             {
                 logger.LogError("Failed to read the config file: {0}.", runtimeConfigFile);
                 return false;

src/Config/Azure.DataApiBuilder.Config.csproj

@@ -15,6 +15,7 @@
 
   <ItemGroup>
       <PackageReference Include="Azure.Identity" />
+      <PackageReference Include="Azure.Security.KeyVault.Secrets" />
       <PackageReference Include="Microsoft.AspNetCore.Authorization" />
       <PackageReference Include="Microsoft.IdentityModel.Protocols" />
       <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" />

src/Config/Converters/AKVRetryPolicyOptionsConverterFactory.cs

@@ -12,9 +12,9 @@ namespace Azure.DataApiBuilder.Config.Converters;
 /// </summary>
 internal class AKVRetryPolicyOptionsConverterFactory : JsonConverterFactory
 {
-    // Determines whether to replace environment variable with its
-    // value or not while deserializing.
-    private bool _replaceEnvVar;
+    // Settings for variable replacement during deserialization.
+    // Currently allows for Azure Key Vault (via @akv('secret-name')) and Environment Variable replacement.
+    private readonly DeserializationVariableReplacementSettings? _replacementSettings;
 
     /// <inheritdoc/>
     public override bool CanConvert(Type typeToConvert)
@@ -25,34 +25,34 @@ public override bool CanConvert(Type typeToConvert)
     /// <inheritdoc/>
     public override JsonConverter? CreateConverter(Type typeToConvert, JsonSerializerOptions options)
     {
-        return new AKVRetryPolicyOptionsConverter(_replaceEnvVar);
+        return new AKVRetryPolicyOptionsConverter(_replacementSettings);
     }
 
-    /// <param name="replaceEnvVar">Whether to replace environment variable with its
-    /// value or not while deserializing.</param>
-    internal AKVRetryPolicyOptionsConverterFactory(bool replaceEnvVar)
+    /// <param name="replacementSettings">Settings for variable replacement during deserialization.
+    /// If null, no variable replacement will be performed.</param>
+    internal AKVRetryPolicyOptionsConverterFactory(DeserializationVariableReplacementSettings? replacementSettings = null)
     {
-        _replaceEnvVar = replaceEnvVar;
+        _replacementSettings = replacementSettings;
     }
 
     private class AKVRetryPolicyOptionsConverter : JsonConverter<AKVRetryPolicyOptions>
     {
-        // Determines whether to replace environment variable with its
-        // value or not while deserializing.
-        private bool _replaceEnvVar;
+        // Settings for variable replacement during deserialization.
+        // Currently allows for Azure Key Vault (via @akv('<secret>')) and Environment Variable replacement.
+        private readonly DeserializationVariableReplacementSettings? _replacementSettings;
 
-        /// <param name="replaceEnvVar">Whether to replace environment variable with its
-        /// value or not while deserializing.</param>
-        public AKVRetryPolicyOptionsConverter(bool replaceEnvVar)
+        /// <param name="replacementSettings">Settings for variable replacement during deserialization.
+        /// If null, no variable replacement will be performed.</param>
+        public AKVRetryPolicyOptionsConverter(DeserializationVariableReplacementSettings? replacementSettings)
         {
-            _replaceEnvVar = replaceEnvVar;
+            _replacementSettings = replacementSettings;
         }
 
         /// <summary>
         /// Defines how DAB reads AKV Retry Policy options and defines which values are
         /// used to instantiate those options.
         /// </summary>
-        /// <exception cref="JsonException">Thrown when improperly formatted cache options are provided.</exception>
+        /// <exception cref="JsonException">Thrown when improperly formatted retry policy options are provided.</exception>
         public override AKVRetryPolicyOptions? Read(ref Utf8JsonReader reader, Type typeToConvert, JsonSerializerOptions options)
         {
             if (reader.TokenType is JsonTokenType.StartObject)
@@ -82,7 +82,7 @@ public AKVRetryPolicyOptionsConverter(bool replaceEnvVar)
                             }
                             else
                             {
-                                mode = EnumExtensions.Deserialize<AKVRetryPolicyMode>(reader.DeserializeString(_replaceEnvVar)!);
+                                mode = EnumExtensions.Deserialize<AKVRetryPolicyMode>(reader.DeserializeString(_replacementSettings)!);
                             }
 
                             break;

src/Config/Converters/AzureKeyVaultOptionsConverterFactory.cs

@@ -0,0 +1,128 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+using System.Text.Json;
+using System.Text.Json.Serialization;
+using Azure.DataApiBuilder.Config.ObjectModel;
+
+namespace Azure.DataApiBuilder.Config.Converters;
+
+/// <summary>
+/// Converter factory for AzureKeyVaultOptions that can optionally perform variable replacement.
+/// </summary>
+internal class AzureKeyVaultOptionsConverterFactory : JsonConverterFactory
+{
+    // Determines whether to replace environment variable with its
+    // value or not while deserializing.
+    private readonly DeserializationVariableReplacementSettings? _replacementSettings;
+
+    /// <param name="replacementSettings">How to handle variable replacement during deserialization.</param>
+    internal AzureKeyVaultOptionsConverterFactory(DeserializationVariableReplacementSettings? replacementSettings = null)
+    {
+        _replacementSettings = replacementSettings;
+    }
+
+    /// <inheritdoc/>
+    public override bool CanConvert(Type typeToConvert)
+    {
+        return typeToConvert.IsAssignableTo(typeof(AzureKeyVaultOptions));
+    }
+
+    /// <inheritdoc/>
+    public override JsonConverter? CreateConverter(Type typeToConvert, JsonSerializerOptions options)
+    {
+        return new AzureKeyVaultOptionsConverter(_replacementSettings);
+    }
+
+    private class AzureKeyVaultOptionsConverter : JsonConverter<AzureKeyVaultOptions>
+    {
+        // Determines whether to replace environment variable with its
+        // value or not while deserializing.
+        private readonly DeserializationVariableReplacementSettings? _replacementSettings;
+
+        /// <param name="replaceEnvVar">Whether to replace environment variable with its
+        /// value or not while deserializing.</param>
+        public AzureKeyVaultOptionsConverter(DeserializationVariableReplacementSettings? replacementSettings)
+        {
+            _replacementSettings = replacementSettings;
+        }
+
+        /// <summary>
+        /// Reads AzureKeyVaultOptions with optional variable replacement.
+        /// </summary>
+        public override AzureKeyVaultOptions? Read(ref Utf8JsonReader reader, Type typeToConvert, JsonSerializerOptions options)
+        {
+            if (reader.TokenType is JsonTokenType.Null)
+            {
+                return null;
+            }
+
+            if (reader.TokenType is JsonTokenType.StartObject)
+            {
+                string? endpoint = null;
+                AKVRetryPolicyOptions? retryPolicy = null;
+
+                while (reader.Read())
+                {
+                    if (reader.TokenType is JsonTokenType.EndObject)
+                    {
+                        return new AzureKeyVaultOptions(endpoint, retryPolicy);
+                    }
+
+                    string? property = reader.GetString();
+                    reader.Read();
+
+                    switch (property)
+                    {
+                        case "endpoint":
+                            if (reader.TokenType is JsonTokenType.String)
+                            {
+                                endpoint = reader.DeserializeString(_replacementSettings);
+                            }
+
+                            break;
+
+                        case "retry-policy":
+                            if (reader.TokenType is JsonTokenType.StartObject)
+                            {
+                                // Uses the AKVRetryPolicyOptionsConverter to read the retry-policy object.
+                                retryPolicy = JsonSerializer.Deserialize<AKVRetryPolicyOptions>(ref reader, options);
+                            }
+
+                            break;
+
+                        default:
+                            throw new JsonException($"Unexpected property {property}");
+                    }
+                }
+            }
+
+            throw new JsonException("Invalid AzureKeyVaultOptions format");
+        }
+
+        /// <summary>
+        /// When writing the AzureKeyVaultOptions back to a JSON file, only write the properties
+        /// if they are user provided. This avoids polluting the written JSON file with properties
+        /// the user most likely omitted when writing the original DAB runtime config file.
+        /// This Write operation is only used when a RuntimeConfig object is serialized to JSON.
+        /// </summary>
+        public override void Write(Utf8JsonWriter writer, AzureKeyVaultOptions value, JsonSerializerOptions options)
+        {
+            writer.WriteStartObject();
+
+            if (value?.UserProvidedEndpoint is true)
+            {
+                writer.WritePropertyName("endpoint");
+                JsonSerializer.Serialize(writer, value.Endpoint, options);
+            }
+
+            if (value?.UserProvidedRetryPolicy is true)
+            {
+                writer.WritePropertyName("retry-policy");
+                JsonSerializer.Serialize(writer, value.RetryPolicy, options);
+            }
+
+            writer.WriteEndObject();
+        }
+    }
+}