Resource token fix - 1 (Azure#19547)

* Fix resourceToke in V4- part 1

Co-authored-by: annie-mac <annie-mac@s-pkges.redmond.corp.microsoft.com>
Co-authored-by: annie-mac <annie-mac@Gurpreet.fareast.corp.microsoft.com>

Author: 3 people

sdk/cosmos/azure-cosmos/src/main/java/com/azure/cosmos/CosmosAsyncClient.java

@@ -13,6 +13,7 @@
 import com.azure.cosmos.implementation.CosmosAuthorizationTokenResolver;
 import com.azure.cosmos.implementation.Database;
 import com.azure.cosmos.implementation.HttpConstants;
+import com.azure.cosmos.implementation.Permission;
 import com.azure.cosmos.implementation.TracerProvider;
 import com.azure.cosmos.implementation.directconnectivity.rntbd.RntbdMetrics;
 import com.azure.cosmos.implementation.throughputControl.config.ThroughputControlGroupInternal;
@@ -32,13 +33,14 @@
 import reactor.core.publisher.Mono;
 
 import java.io.Closeable;
+import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
 import java.util.ServiceLoader;
+import java.util.stream.Collectors;
 
 import static com.azure.core.util.FluxUtil.withContext;
 import static com.azure.cosmos.implementation.Utils.setContinuationTokenAndMaxItemCount;
-import static com.azure.cosmos.implementation.guava25.base.Preconditions.checkArgument;
 import static com.azure.cosmos.implementation.guava25.base.Preconditions.checkNotNull;
 
 /**
@@ -93,6 +95,17 @@ public final class CosmosAsyncClient implements Closeable {
         this.clientTelemetryEnabled = builder.isClientTelemetryEnabled();
         this.contentResponseOnWriteEnabled = builder.isContentResponseOnWriteEnabled();
         this.tracerProvider = new TracerProvider(TRACER);
+
+        List<Permission> permissionList = new ArrayList<>();
+        if (this.permissions != null) {
+            permissionList =
+                this.permissions
+                    .stream()
+                    .map(permissionProperties -> ModelBridgeInternal.getPermission(permissionProperties))
+                    .filter(permission -> permission != null)
+                    .collect(Collectors.toList());
+        }
+
         this.asyncDocumentClient = new AsyncDocumentClient.Builder()
                                        .withServiceEndpoint(this.serviceEndpoint)
                                        .withMasterKeyOrResourceToken(this.keyOrResourceToken)
@@ -105,6 +118,7 @@ public final class CosmosAsyncClient implements Closeable {
                                        .withTransportClientSharing(this.enableTransportClientSharing)
                                        .withContentResponseOnWriteEnabled(this.contentResponseOnWriteEnabled)
                                        .withTokenCredential(this.tokenCredential)
+                                       .withPermissionFeed(permissionList)
                                        .build();
     }
 

sdk/cosmos/azure-cosmos/src/main/java/com/azure/cosmos/implementation/InternalObjectNode.java

@@ -139,4 +139,4 @@ public <T> T getObject(Class<T> klass) throws IOException {
 
         return MAPPER.treeToValue(this.getPropertyBag(), klass);
     }
-}
+}

sdk/cosmos/azure-cosmos/src/main/java/com/azure/cosmos/implementation/Permission.java

@@ -4,13 +4,16 @@
 package com.azure.cosmos.implementation;
 
 import com.azure.cosmos.BridgeInternal;
+import com.azure.cosmos.models.ModelBridgeInternal;
 import com.azure.cosmos.models.PartitionKey;
 import com.azure.cosmos.models.PermissionMode;
 import com.fasterxml.jackson.databind.node.ArrayNode;
 import com.azure.cosmos.implementation.apachecommons.lang.StringUtils;
 
 import java.util.Locale;
 
+import static com.azure.cosmos.implementation.guava25.base.Preconditions.checkNotNull;
+
 /**
  * Represents a per-User Permission to access a specific resource e.g. item or container in the Azure Cosmos DB
  * database service.
@@ -112,9 +115,10 @@ public PartitionKey getResourcePartitionKey() {
      * @param partitionkey the partition key.
      */
     public void setResourcePartitionKey(PartitionKey partitionkey) {
+        checkNotNull(partitionkey, "Partition key can not be null");
+
         BridgeInternal.setProperty(this,
-                                   Constants.Properties.RESOURCE_PARTITION_KEY,
-                                   BridgeInternal.getPartitionKeyInternal(partitionkey)
-                                       .toJson());
+            Constants.Properties.RESOURCE_PARTITION_KEY,
+            new Object[]{ModelBridgeInternal.getPartitionKeyObject(partitionkey)});
     }
 }

sdk/cosmos/azure-cosmos/src/main/java/com/azure/cosmos/implementation/ResourceTokenAuthorizationHelper.java

@@ -123,7 +123,7 @@ public static String getAuthorizationTokenUsingResourceTokens(
             }
 
             if (resourceToken == null) {
-                throw new IllegalArgumentException(RMResources.ResourceTokenNotFound);
+                throw new UnauthorizedException(RMResources.ResourceTokenNotFound);
             }
 
             logger.debug("returned token for resourceAddress [{}] = [{}]",
@@ -171,21 +171,22 @@ public static String getAuthorizationTokenUsingResourceTokens(
                     ResourceId tokenRid;
                     final String key = entry.getKey();
                     Pair<Boolean, ResourceId> pair = ResourceId.tryParse(key);
-                    ResourceId test1= pair.getRight().getDocumentCollectionId();
-                    boolean test = test1.equals(resourceId);
-                    if (!PathsHelper.isNameBased(key) && pair.getLeft()
+                    if (pair.getLeft()) {
+                        ResourceId test1= pair.getRight().getDocumentCollectionId();
+                        boolean test = test1.equals(resourceId);
+                        if (!PathsHelper.isNameBased(key) && pair.getLeft()
                             && pair.getRight().getDocumentCollectionId().equals(resourceId)) {
-                        List<PartitionKeyAndResourceTokenPair> resourceTokens = entry.getValue();
-                        if (resourceTokens != null && resourceTokens.size() > 0) {
-                            resourceToken = resourceTokens.get(0).getResourceToken();
+                            List<PartitionKeyAndResourceTokenPair> resourceTokens = entry.getValue();
+                            if (resourceTokens != null && resourceTokens.size() > 0) {
+                                resourceToken = resourceTokens.get(0).getResourceToken();
+                            }
                         }
                     }
                 }
-
             }
 
             if (resourceToken == null) {
-                throw new IllegalArgumentException(RMResources.ResourceTokenNotFound);
+                throw new UnauthorizedException(RMResources.ResourceTokenNotFound);
             }
 
             logger.debug("returned token for resourceAddress [{}] = [{}]",

sdk/cosmos/azure-cosmos/src/main/java/com/azure/cosmos/implementation/RxDocumentClientImpl.java

@@ -1515,6 +1515,7 @@ public String getUserAuthorizationToken(String resourceName,
             if(resourceType.equals(ResourceType.DatabaseAccount)) {
                 return this.firstResourceTokenFromPermissionFeed;
             }
+
             return ResourceTokenAuthorizationHelper.getAuthorizationTokenUsingResourceTokens(resourceTokensMap, requestVerb, resourceName, headers);
         }
     }

sdk/cosmos/azure-cosmos/src/main/java/com/azure/cosmos/implementation/directconnectivity/GatewayAddressCache.java

@@ -27,6 +27,7 @@
 import com.azure.cosmos.implementation.ResourceType;
 import com.azure.cosmos.implementation.RxDocumentServiceRequest;
 import com.azure.cosmos.implementation.RxDocumentServiceResponse;
+import com.azure.cosmos.implementation.UnauthorizedException;
 import com.azure.cosmos.implementation.UserAgentContainer;
 import com.azure.cosmos.implementation.Utils;
 import com.azure.cosmos.implementation.apachecommons.lang.StringUtils;
@@ -311,13 +312,22 @@ public Mono<List<Address>> getServerAddressesViaGatewayAsync(
         headers.put(HttpConstants.HttpHeaders.X_DATE, Utils.nowAsRFC1123());
 
         if (tokenProvider.getAuthorizationTokenType() != AuthorizationTokenType.AadToken) {
-            String token = this.tokenProvider.getUserAuthorizationToken(
+            String token = null;
+            try {
+                token = this.tokenProvider.getUserAuthorizationToken(
                     collectionRid,
                     ResourceType.Document,
                     RequestVerb.GET,
                     headers,
                     AuthorizationTokenType.PrimaryMasterKey,
                     request.properties);
+            } catch (UnauthorizedException e) {
+                // User doesn't have rid based resource token. Maybe user has name based.
+
+                if (logger.isDebugEnabled()) {
+                    logger.debug("User doesn't have resource token for collection rid {}", collectionRid);
+                }
+            }
 
             if (token == null && request.getIsNameBased()) {
                 // User doesn't have rid based resource token. Maybe user has name based.

sdk/cosmos/azure-cosmos/src/main/java/com/azure/cosmos/implementation/query/DocumentQueryExecutionContextFactory.java

@@ -104,9 +104,13 @@ private static <T extends Resource> Mono<Pair<List<Range<String>>,QueryInfo>> ge
             }
         }
 
-        queryExecutionInfoMono = QueryPlanRetriever
-                                     .getQueryPlanThroughGatewayAsync(diagnosticsClientContext, client, query,
-                                                                      resourceLink);
+        queryExecutionInfoMono =
+            QueryPlanRetriever.getQueryPlanThroughGatewayAsync(
+                diagnosticsClientContext,
+                client,
+                query,
+                resourceLink,
+                cosmosQueryRequestOptions != null ? cosmosQueryRequestOptions.getPartitionKey() : null);
 
         return queryExecutionInfoMono.flatMap(
             partitionedQueryExecutionInfo -> {

sdk/cosmos/azure-cosmos/src/main/java/com/azure/cosmos/implementation/query/QueryPlanRetriever.java

@@ -3,8 +3,11 @@
 
 package com.azure.cosmos.implementation.query;
 
+import com.azure.cosmos.BridgeInternal;
 import com.azure.cosmos.implementation.DiagnosticsClientContext;
+import com.azure.cosmos.implementation.routing.PartitionKeyInternal;
 import com.azure.cosmos.models.ModelBridgeInternal;
+import com.azure.cosmos.models.PartitionKey;
 import com.azure.cosmos.models.SqlQuerySpec;
 import com.azure.cosmos.implementation.BackoffRetryUtility;
 import com.azure.cosmos.implementation.DocumentClientRetryPolicy;
@@ -35,13 +38,19 @@ class QueryPlanRetriever {
     static Mono<PartitionedQueryExecutionInfo> getQueryPlanThroughGatewayAsync(DiagnosticsClientContext diagnosticsClientContext,
                                                                                IDocumentQueryClient queryClient,
                                                                                SqlQuerySpec sqlQuerySpec,
-                                                                               String resourceLink) {
+                                                                               String resourceLink,
+                                                                               PartitionKey partitionKey) {
         final Map<String, String> requestHeaders = new HashMap<>();
         requestHeaders.put(HttpConstants.HttpHeaders.CONTENT_TYPE, RuntimeConstants.MediaTypes.JSON);
         requestHeaders.put(HttpConstants.HttpHeaders.IS_QUERY_PLAN_REQUEST, TRUE);
         requestHeaders.put(HttpConstants.HttpHeaders.SUPPORTED_QUERY_FEATURES, SUPPORTED_QUERY_FEATURES);
         requestHeaders.put(HttpConstants.HttpHeaders.QUERY_VERSION, HttpConstants.Versions.QUERY_VERSION);
 
+        if (partitionKey != null && partitionKey != PartitionKey.NONE) {
+            PartitionKeyInternal partitionKeyInternal = BridgeInternal.getPartitionKeyInternal(partitionKey);
+            requestHeaders.put(HttpConstants.HttpHeaders.PARTITION_KEY, partitionKeyInternal.toJson());
+        }
+
         final RxDocumentServiceRequest request = RxDocumentServiceRequest.create(diagnosticsClientContext,
                                                                                  OperationType.QueryPlan,
                                                                                  ResourceType.Document,

sdk/cosmos/azure-cosmos/src/main/java/com/azure/cosmos/models/CosmosPermissionProperties.java

@@ -221,7 +221,7 @@ String getResourcePath(String databaseName) {
         if (databaseName == null || databaseName.isEmpty()) {
             throw new IllegalArgumentException("databaseName");
         }
-        resourcePrefixPath.append("/").append(Paths.DATABASES_PATH_SEGMENT)
+        resourcePrefixPath.append(Paths.DATABASES_PATH_SEGMENT)
             .append("/").append(databaseName);
 
         if (this.containerName == null || this.containerName.isEmpty()) {
@@ -264,6 +264,10 @@ Permission getResource(String databaseName) {
         permission.setPermissionMode(this.permissionMode);
         permission.setResourceLink(getResourcePath(databaseName));
 
+        if (this.resourcePartitionKey != null) {
+            permission.setResourcePartitionKey(this.resourcePartitionKey);
+        }
+
         return permission;
     }
 
@@ -320,6 +324,10 @@ Permission getPermission(String databaseName) {
         return getResource(databaseName);
     }
 
+    Permission getPermission() {
+        return this.permission;
+    }
+
     static List<CosmosPermissionProperties> getPermissions(List<Permission> results) {
         return results.stream().map(permission -> new CosmosPermissionProperties(permission.toJson()))
             .collect(Collectors.toList());

sdk/cosmos/azure-cosmos/src/main/java/com/azure/cosmos/models/ModelBridgeInternal.java

@@ -170,6 +170,11 @@ public static Permission getPermission(CosmosPermissionProperties permissionProp
         return permissionProperties.getPermission(databaseName);
     }
 
+    @Warning(value = INTERNAL_USE_ONLY_WARNING)
+    public static Permission getPermission(CosmosPermissionProperties permissionProperties) {
+        return permissionProperties.getPermission();
+    }
+
     @Warning(value = INTERNAL_USE_ONLY_WARNING)
     public static List<CosmosPermissionProperties> getCosmosPermissionPropertiesFromResults(List<Permission> results) {
         return CosmosPermissionProperties.getPermissions(results);