Table of Contents

Class AzureAIResourceProviderService

Namespace
AzureAI.ResourceProviders
Assembly
AzureAI.dll

Implements the FoundationaLLM.AzureAI resource provider.

public class AzureAIResourceProviderService : ResourceProviderServiceBase<AzureAIReference>, IResourceProviderService, IManagementProviderService
Inheritance
AzureAIResourceProviderService
Implements
Inherited Members
Extension Methods

Constructors

AzureAIResourceProviderService(IOptions<InstanceSettings>, IOptions<ResourceProviderCacheSettings>, IAuthorizationServiceClient, IStorageService, IEventService, IResourceValidatorFactory, IAzureCosmosDBService, IServiceProvider, ILogger<AzureAIResourceProviderService>, bool)

Implements the FoundationaLLM.AzureAI resource provider.

public AzureAIResourceProviderService(IOptions<InstanceSettings> instanceOptions, IOptions<ResourceProviderCacheSettings> cacheOptions, IAuthorizationServiceClient authorizationService, IStorageService storageService, IEventService eventService, IResourceValidatorFactory resourceValidatorFactory, IAzureCosmosDBService cosmosDBService, IServiceProvider serviceProvider, ILogger<AzureAIResourceProviderService> logger, bool proxyMode = false)

Parameters

instanceOptions IOptions<InstanceSettings>

The options providing the InstanceSettings with instance settings.

cacheOptions IOptions<ResourceProviderCacheSettings>

The options providing the ResourceProviderCacheSettings with settings for the resource provider cache.

authorizationService IAuthorizationServiceClient

The IAuthorizationServiceClient providing authorization services.

storageService IStorageService
eventService IEventService

The IEventService providing event services.

resourceValidatorFactory IResourceValidatorFactory

The IResourceValidatorFactory providing the factory to create resource validators.

cosmosDBService IAzureCosmosDBService

The IAzureCosmosDBService providing Cosmos DB services.

serviceProvider IServiceProvider

The IServiceProvider of the main dependency injection container.

logger ILogger<AzureAIResourceProviderService>

The ILogger used for logging.

proxyMode bool

Indicates whether the resource provider is running in proxy mode.

Properties

_name

The name of the resource provider. Must be overridden in derived classes.

protected override string _name { get; }

Property Value

string

Methods

DeleteResourceAsync(ResourcePath, UnifiedUserIdentity)

The internal implementation of DeleteResourceAsync. Must be overridden in derived classes.

protected override Task DeleteResourceAsync(ResourcePath resourcePath, UnifiedUserIdentity userIdentity)

Parameters

resourcePath ResourcePath

A ResourcePath containing information about the resource path.

userIdentity UnifiedUserIdentity

The UnifiedUserIdentity with details about the identity of the user.

Returns

Task

ExecuteActionAsync(ResourcePath, ResourcePathAuthorizationResult, string, UnifiedUserIdentity, Func<object, bool>?)

The internal implementation of ExecuteActionAsync. Must be overriden in derived classes.

protected override Task<object> ExecuteActionAsync(ResourcePath resourcePath, ResourcePathAuthorizationResult authorizationResult, string serializedAction, UnifiedUserIdentity userIdentity, Func<object, bool>? requestPayloadValidator = null)

Parameters

resourcePath ResourcePath

A ResourcePath containing information about the resource path.

authorizationResult ResourcePathAuthorizationResult

The ResourcePathAuthorizationResult containing the result of the resource path authorization request.

serializedAction string

The serialized details of the action being executed.

userIdentity UnifiedUserIdentity

The UnifiedUserIdentity with details about the identity of the user.

requestPayloadValidator Func<object, bool>

An optional validator used to perform additional validation on the action payload after deserialization.

Returns

Task<object>

Remarks

In the special case of the filter action, the override must handle the authorization result and return the appropriate response as follows:

  1. The read action is authorized for the resource path itself. In this case, all matching resources must be returned according to the PBAC policies specified by the authorization result (if any).
  2. The read action is denied for the resource path itself. In this case, only the matching resources specified in the subordinate authorized resource paths list of the authorization result should be returned (if any).

ExecuteResourceActionAsyncInternal<T, TAction, TResult>(ResourcePath, ResourcePathAuthorizationResult, TAction, UnifiedUserIdentity)

The internal implementation of ExecuteResourceActionAsync. Must be overridden in derived classes.

protected override Task<TResult> ExecuteResourceActionAsyncInternal<T, TAction, TResult>(ResourcePath resourcePath, ResourcePathAuthorizationResult authorizationResult, TAction actionPayload, UnifiedUserIdentity userIdentity) where T : ResourceBase where TAction : class? where TResult : ResourceProviderActionResult

Parameters

resourcePath ResourcePath

A ResourcePath containing information about the resource path.

authorizationResult ResourcePathAuthorizationResult

The ResourcePathAuthorizationResult containing the result of the resource path authorization request.

actionPayload TAction

The TAction object containing details about the action to be executed.

userIdentity UnifiedUserIdentity

The UnifiedUserIdentity with details about the identity of the user.

Returns

Task<TResult>

A TResult object with the result of the action.

Type Parameters

T
TAction
TResult

Remarks

In the special case of the filter action, the override must handle the authorization result and return the appropriate response as follows:

  1. The read action is authorized for the resource path itself. In this case, all matching resources must be returned according to the PBAC policies specified by the authorization result (if any).
  2. The read action is denied for the resource path itself. In this case, only the matching resources specified in the subordinate authorized resource paths list of the authorization result should be returned (if any).

GetResourceAsyncInternal<T>(ResourcePath, ResourcePathAuthorizationResult, UnifiedUserIdentity, ResourceProviderGetOptions?, ResourceBase?)

The internal implementation of GetResource. Must be overridden in derived classes.

protected override Task<T> GetResourceAsyncInternal<T>(ResourcePath resourcePath, ResourcePathAuthorizationResult authorizationResult, UnifiedUserIdentity userIdentity, ResourceProviderGetOptions? options = null, ResourceBase? parentResourceInstance = null) where T : ResourceBase

Parameters

resourcePath ResourcePath

A ResourcePath containing information about the resource path.

authorizationResult ResourcePathAuthorizationResult

The ResourcePathAuthorizationResult containing the result of the resource path authorization request.

userIdentity UnifiedUserIdentity

The UnifiedUserIdentity providing information about the calling user identity.

options ResourceProviderGetOptions

The ResourceProviderGetOptions which provides operation parameters.

parentResourceInstance ResourceBase

The optional parent resource of the resource identified by resourcePath.

Returns

Task<T>

Type Parameters

T

Remarks

When the parent resource instance is provided, and it specifies inheritable authorizable actions, the parent resource instance is used to authorize the request for any of those actions.

GetResourceTypes()

Gets the details about the resource types managed by the resource provider.

protected override Dictionary<string, ResourceTypeDescriptor> GetResourceTypes()

Returns

Dictionary<string, ResourceTypeDescriptor>

A dictionary of ResourceTypeDescriptor objects with details about the resource types.

GetResourcesAsync(ResourcePath, ResourcePathAuthorizationResult, UnifiedUserIdentity, ResourceProviderGetOptions?)

The internal implementation of GetResourcesAsync. Must be overridden in derived classes.

protected override Task<object> GetResourcesAsync(ResourcePath resourcePath, ResourcePathAuthorizationResult authorizationResult, UnifiedUserIdentity userIdentity, ResourceProviderGetOptions? options = null)

Parameters

resourcePath ResourcePath

A ResourcePath containing information about the resource path.

authorizationResult ResourcePathAuthorizationResult

The ResourcePathAuthorizationResult containing the result of the resource path authorization request.

userIdentity UnifiedUserIdentity

The UnifiedUserIdentity with details about the identity of the user.

options ResourceProviderGetOptions

The ResourceProviderGetOptions which provides operation parameters.

Returns

Task<object>

Remarks

The override implementation should return a list of resources or a single resource, depending on the resource path. It also must handle the authorization result and return the appropriate response as follows:

  1. The resource path refers to a single resource. In this case, the authorization is already confirmed and the specific resource should be returned.
  2. The resource path refers to a resource type and the read action is authorized for the resource path itself. In this case, all resources must be returned according to the PBAC policies specified by the authorization result (if any).
  3. The resource path refers to a resource type and the read action is denied for the resource path itself. In this case, only the resources specified in the subordinate authorized resource paths list of the authorization result should be returned (if any).

InitializeInternal()

The internal implementation of Initialize. Must be overridden in derived classes.

protected override Task InitializeInternal()

Returns

Task

ResourceExistsAsyncInternal<T>(ResourcePath, ResourcePathAuthorizationResult, UnifiedUserIdentity)

The internal implementation of ResourceExistsAsync. Must be overridden in derived classes.

protected override Task<(bool Exists, bool Deleted)> ResourceExistsAsyncInternal<T>(ResourcePath resourcePath, ResourcePathAuthorizationResult authorizationResult, UnifiedUserIdentity userIdentity) where T : ResourceBase

Parameters

resourcePath ResourcePath

The ResourcePath containing information about the resource path.

authorizationResult ResourcePathAuthorizationResult

The ResourcePathAuthorizationResult containing the result of the resource path authorization request.

userIdentity UnifiedUserIdentity

The UnifiedUserIdentity providing information about the calling user identity.

Returns

Task<(bool Exists, bool Deleted)>

A tuple indicating whether the resource exists or not and whether it is logically deleted or not.

Type Parameters

T

The type of resource being checked.

Remarks

If a resource was logically deleted but not purged, this method will return True, indicating the existence of the resource.

UpsertResourceAsync(ResourcePath, string?, ResourceProviderFormFile?, ResourcePathAuthorizationResult, UnifiedUserIdentity, Func<object, bool>?)

The internal implementation of UpsertResourceAsync. Must be overridden in derived classes.

protected override Task<object> UpsertResourceAsync(ResourcePath resourcePath, string? serializedResource, ResourceProviderFormFile? formFile, ResourcePathAuthorizationResult authorizationResult, UnifiedUserIdentity userIdentity, Func<object, bool>? requestPayloadValidator = null)

Parameters

resourcePath ResourcePath

A ResourcePath containing information about the resource path.

serializedResource string

The optional serialized resource being created or updated.

formFile ResourceProviderFormFile

The optional file attached to the request.

authorizationResult ResourcePathAuthorizationResult

The ResourcePathAuthorizationResult containing the result of the resource path authorization request.

userIdentity UnifiedUserIdentity

The UnifiedUserIdentity with details about the identity of the user.

requestPayloadValidator Func<object, bool>

An optional validator used to perform additional validation on the serialized resource after deserialization.

Returns

Task<object>

UpsertResourceAsyncInternal<T, TResult>(ResourcePath, ResourcePathAuthorizationResult, T, UnifiedUserIdentity, ResourceProviderUpsertOptions?)

The internal implementation of UpsertResourceAsync. Must be overridden in derived classes.

protected override Task<TResult> UpsertResourceAsyncInternal<T, TResult>(ResourcePath resourcePath, ResourcePathAuthorizationResult authorizationResult, T resource, UnifiedUserIdentity userIdentity, ResourceProviderUpsertOptions? options = null) where T : ResourceBase where TResult : ResourceProviderUpsertResult<T>

Parameters

resourcePath ResourcePath

A ResourcePath containing information about the resource path.

authorizationResult ResourcePathAuthorizationResult

The ResourcePathAuthorizationResult containing the result of the resource path authorization request.

resource T

The instance of the resource being created or updated.

userIdentity UnifiedUserIdentity

The UnifiedUserIdentity providing information about the calling user identity.

options ResourceProviderUpsertOptions

The ResourceProviderUpsertOptions which provides operation parameters.

Returns

Task<TResult>

Type Parameters

T

The type of the resource being created or updated.

TResult

The type of the result returned.

Edit this page