Table of Contents

Class AuthorizationCore

Namespace
FoundationaLLM.AuthorizationEngine.Services
Assembly
FoundationaLLM.AuthorizationEngine.dll

Implements the core authorization engine.

public class AuthorizationCore : IAuthorizationCore
Inheritance
AuthorizationCore
Implements
Inherited Members
Extension Methods

Constructors

AuthorizationCore(IOptions<AuthorizationCoreSettings>, IStorageService, IAzureKeyVaultService, IConfiguration, IResourceValidatorFactory, ILogger<AuthorizationCore>)

Creates a new instance of the AuthorizationCore class.

public AuthorizationCore(IOptions<AuthorizationCoreSettings> options, IStorageService storageService, IAzureKeyVaultService azureKeyVaultService, IConfiguration configuration, IResourceValidatorFactory resourceValidatorFactory, ILogger<AuthorizationCore> logger)

Parameters

options IOptions<AuthorizationCoreSettings>

The options used to configure the authorization core.

storageService IStorageService

The IStorageService providing storage services.

azureKeyVaultService IAzureKeyVaultService

The IAzureKeyVaultService providing key vault services.

configuration IConfiguration

The application configuration values.

resourceValidatorFactory IResourceValidatorFactory

The resource validator factory used to create resource validators.

logger ILogger<AuthorizationCore>

The logger used for logging.

Methods

AllowAuthorizationRequestsProcessing(string, string)

Checks if a specified security principal is allowed to process authorization requests.

public bool AllowAuthorizationRequestsProcessing(string instanceId, string securityPrincipalId)

Parameters

instanceId string

The FoundationaLLM instance id.

securityPrincipalId string

The id of the security principal whose authorization is checked.

Returns

bool

True if the security principal is allowed to process authorization requests.

CreateRoleAssignment(string, RoleAssignmentRequest)

Creates a role assignment for a specified security principal.

public Task<RoleAssignmentOperationResult> CreateRoleAssignment(string instanceId, RoleAssignmentRequest roleAssignmentRequest)

Parameters

instanceId string

The FoundationaLLM instance identifier.

roleAssignmentRequest RoleAssignmentRequest

The role assignment request.

Returns

Task<RoleAssignmentOperationResult>

The role assignment result.

DeleteRoleAssignment(string, string)

Revokes a role from an Entra ID user or group.

public Task<RoleAssignmentOperationResult> DeleteRoleAssignment(string instanceId, string roleAssignment)

Parameters

instanceId string

The FoundationaLLM instance identifier.

roleAssignment string

The role assignment object identifier.

Returns

Task<RoleAssignmentOperationResult>

The role assignment result.

DeleteSecretKey(string, string, string)

Deletes a specified secret key.

public Task DeleteSecretKey(string instanceId, string contextId, string secretKeyId)

Parameters

instanceId string

The FoundationaLLM instance identifier.

contextId string

The identifier of the context containing the secret key to delete.

secretKeyId string

The unique identifier of the secret key being deleted.

Returns

Task

GetRoleAssignments(string, RoleAssignmentQueryParameters)

Returns a list of role assignments for the specified instance and resource path.

public List<RoleAssignment> GetRoleAssignments(string instanceId, RoleAssignmentQueryParameters queryParameters)

Parameters

instanceId string

The FoundationaLLM instance identifier.

queryParameters RoleAssignmentQueryParameters

The RoleAssignmentQueryParameters providing the inputs for filtering the role assignments.

Returns

List<RoleAssignment>

The list of all role assignments for the specified instance.

GetSecretKeys(string, string)

Gets a list of SecretKey items that are associated with the specified instance and context.

public List<SecretKey> GetSecretKeys(string instanceId, string contextId)

Parameters

instanceId string

The FoundationaLLM instance identifier.

contextId string

The identifier of the context for which the secret keys are retrieved.

Returns

List<SecretKey>

A list of SecretKey items.

Remarks

Each consumer of secret keys should have a unique context identifier. For example, FoundationaLLM resource providers could use the resource object identifier as the context identifier.

ProcessAuthorizationRequest(string, ActionAuthorizationRequest)

Processes an authorization request.

public ActionAuthorizationResult ProcessAuthorizationRequest(string instanceId, ActionAuthorizationRequest authorizationRequest)

Parameters

instanceId string

The FoundationaLLM instance id.

authorizationRequest ActionAuthorizationRequest

The ActionAuthorizationRequest containing the details of the authorization request.

Returns

ActionAuthorizationResult

An ActionAuthorizationResult indicating whether the requested authorization was successfull or not for each resource path.

UpsertSecretKey(string, SecretKey)

Creates a new or updates an existing SecretKey item.

public Task<string?> UpsertSecretKey(string instanceId, SecretKey secretKey)

Parameters

instanceId string

The FoundationaLLM instance identifier.

secretKey SecretKey

The SecretKey item containing the properties of the secret key being created or updated.

Returns

Task<string>

If the secret key is being created, it returns the secret value of the key. Otherwise, returns null.

ValidateSecretKey(ClientSecretKey)

Validates a secret key value.

public Task<SecretKeyValidationResult> ValidateSecretKey(ClientSecretKey clientSecretKey)

Parameters

clientSecretKey ClientSecretKey

The ClientSecretKey containing the secret key value to validate.

Returns

Task<SecretKeyValidationResult>

A SecretKeyValidationResult item with the results of the validation.

Remarks

Each valid secret key has an associated virtual identity that is returned in the VirtualIdentity property. It is the responsibility of the caller to use the virtual identity to authorize the request.

Edit this page