.NET 8 Upgrade (Multi Framework targetting)

.pipelines/templates/build-pipelines.yml

@@ -50,11 +50,14 @@ steps:
     echo "##vso[task.setvariable variable=\$id]$schemaId"
   displayName: Set dab version
 
+# The .NET CLI commands in proceeding tasks use the .NET SDK version specified here.
+# Per Microsoft Learn Docs, "Selecting the .NET SDK version is independent from 
+# specifying the runtime version a project targets."
 - task: UseDotNet@2
-  displayName: Setup .NET SDK v6.0.x
+  displayName: Setup .NET SDK v8.0.x
   inputs:
     packageType: sdk
-    version: 6.0.x
+    version: 8.0.x
     installationPath: $(Agent.ToolsDirectory)/dotnet
 
 - task: NuGetToolInstaller@1

Dockerfile

@@ -3,9 +3,9 @@
 #
 # Version values referenced from https://hub.docker.com/_/microsoft-dotnet-aspnet
 
-FROM mcr.microsoft.com/dotnet/sdk:6.0-cbl-mariner2.0. AS build
+FROM mcr.microsoft.com/dotnet/sdk:8.0-cbl-mariner2.0. AS build
 WORKDIR /src
-FROM mcr.microsoft.com/dotnet/aspnet:6.0-cbl-mariner2.0 AS runtime
+FROM mcr.microsoft.com/dotnet/aspnet:8.0-cbl-mariner2.0 AS runtime
 
 # The ./src/out path below points to the finalized build bits created by the pipeline.
 # The path is relative to the "Docker build context" specified by the parameter dockerFileContextPath

Nuget.config

@@ -2,7 +2,7 @@
 <configuration>
   <packageSources>
     <clear />
-    <add key="data_api_builder_build_packages" value="https://pkgs.dev.azure.com/sqldab/fcb212b3-b288-4c9e-b55a-5842a268b16d/_packaging/data_api_builder_build_packages/nuget/v3/index.json" />
+    <add key="nuget.org" value="https://api.nuget.org/v3/index.json" protocolVersion="3" />
   </packageSources>
   <disabledPackageSources>
     <clear />

global.json

@@ -1,6 +1,6 @@
 {
   "sdk": {
-    "version": "6.0.100",
+    "version": "8.0.100",
     "rollForward": "latestFeature"
   }
 }

src/Auth/Azure.DataApiBuilder.Auth.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFrameworks>net8.0;net6.0</TargetFrameworks>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
     <OutputPath>$(BaseOutputPath)\engine</OutputPath>

src/Cli.Tests/Cli.Tests.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
     <PropertyGroup>
-        <TargetFramework>net6.0</TargetFramework>
+        <TargetFrameworks>net8.0;net6.0</TargetFrameworks>
         <ImplicitUsings>enable</ImplicitUsings>
         <Nullable>enable</Nullable>
         <IsPackable>false</IsPackable>
@@ -14,7 +14,10 @@
             <PrivateAssets>all</PrivateAssets>
             <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
         </PackageReference>
-        <PackageReference Include="coverlet.msbuild" />
+        <PackageReference Include="coverlet.msbuild">
+          <PrivateAssets>all</PrivateAssets>
+          <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+        </PackageReference>
         <PackageReference Include="Microsoft.NET.Test.Sdk" />
         <PackageReference Include="Moq" />
         <PackageReference Include="MSTest.TestAdapter" />

src/Cli.Tests/StringLogger.cs

@@ -11,7 +11,7 @@ class StringLogger : ILogger
 {
     public List<string> Messages { get; } = new();
 
-    public IDisposable BeginScope<TState>(TState state)
+    public IDisposable? BeginScope<TState>(TState state) where TState : notnull
     {
         return new Mock<IDisposable>().Object;
     }

src/Cli/Cli.csproj

@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFrameworks>net8.0;net6.0</TargetFrameworks>
     <RootNamespace>Cli</RootNamespace>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>

src/Cli/CustomLoggerProvider.cs

@@ -81,9 +81,7 @@ public bool IsEnabled(LogLevel logLevel)
         {
             return true;
         }
-
-        /// <inheritdoc/>
-        public IDisposable BeginScope<TState>(TState state)
+        public IDisposable? BeginScope<TState>(TState state) where TState : notnull
         {
             throw new NotImplementedException();
         }

src/Config/Azure.DataApiBuilder.Config.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFrameworks>net8.0;net6.0</TargetFrameworks>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
     <OutputPath>$(BaseOutputPath)\engine</OutputPath>

src/Core/AuthenticationHelpers/AppServiceAuthentication.cs

@@ -69,11 +69,11 @@ public class AppServiceClaim
     {
         ClaimsIdentity? identity = null;
 
-        if (context.Request.Headers.TryGetValue(AuthenticationOptions.CLIENT_PRINCIPAL_HEADER, out StringValues header))
+        if (context.Request.Headers.TryGetValue(AuthenticationOptions.CLIENT_PRINCIPAL_HEADER, out StringValues headerValues) && headerValues.Count == 1)
         {
             try
             {
-                string encodedPrincipalData = header[0];
+                string encodedPrincipalData = headerValues.ToString();
                 byte[] decodedPrincpalData = Convert.FromBase64String(encodedPrincipalData);
                 string json = Encoding.UTF8.GetString(decodedPrincpalData);
                 AppServiceClientPrincipal? principal = JsonSerializer.Deserialize<AppServiceClientPrincipal>(json, new JsonSerializerOptions { PropertyNameCaseInsensitive = true });

src/Core/AuthenticationHelpers/AuthenticationSimulator/SimulatorAuthenticationHandler.cs

@@ -22,6 +22,27 @@ namespace Azure.DataApiBuilder.Core.AuthenticationHelpers.AuthenticationSimulato
 /// </summary>
 public class SimulatorAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
 {
+#if NET8_0_OR_GREATER
+    /// <summary>
+    /// Constructor for the SimulatorAuthenticationHandler.
+    /// Note the parameters are required by the base class.
+    /// </summary>
+    /// <param name="runtimeConfigProvider">Runtime configuration provider.</param>
+    /// <param name="options">Simulator authentication options.</param>
+    /// <param name="logger">Logger factory.</param>
+    /// <param name="encoder">URL encoder.</param>
+    /// <param name="clock">System clock.</param>
+    public SimulatorAuthenticationHandler(
+        RuntimeConfigProvider runtimeConfigProvider,
+        IOptionsMonitor<AuthenticationSchemeOptions> options,
+        ILoggerFactory logger,
+        UrlEncoder encoder)
+        // ISystemClock is obsolete in .NET 8.0 and later
+        // https://learn.microsoft.com/dotnet/core/compatibility/aspnet-core/8.0/isystemclock-obsolete
+        : base(options, logger, encoder)
+    {
+    }
+#else
     /// <summary>
     /// Constructor for the SimulatorAuthenticationHandler.
     /// Note the parameters are required by the base class.
@@ -36,10 +57,10 @@ public class SimulatorAuthenticationHandler : AuthenticationHandler<Authenticati
         IOptionsMonitor<AuthenticationSchemeOptions> options,
         ILoggerFactory logger,
         UrlEncoder encoder,
-        ISystemClock clock
-        ) : base(options, logger, encoder, clock)
+        ISystemClock clock) : base(options, logger, encoder, clock)
     {
     }
+#endif
 
     /// <summary>
     /// Gets any authentication data for a request. When a client role header is present,

src/Core/AuthenticationHelpers/ClientRoleHeaderAuthenticationMiddleware.cs

@@ -94,7 +94,7 @@ public async Task InvokeAsync(HttpContext httpContext)
             // in an authenticated requests.
             if (isAuthenticatedRequest)
             {
-                clientDefinedRole = httpContext.Request.Headers[AuthorizationResolver.CLIENT_ROLE_HEADER];
+                clientDefinedRole = httpContext.Request.Headers[AuthorizationResolver.CLIENT_ROLE_HEADER].ToString();
             }
             else
             {

src/Core/AuthenticationHelpers/EasyAuthAuthenticationHandler.cs

@@ -21,22 +21,40 @@ namespace Azure.DataApiBuilder.Core.AuthenticationHelpers;
 /// </summary>
 public class EasyAuthAuthenticationHandler : AuthenticationHandler<EasyAuthAuthenticationOptions>
 {
+#if NET8_0_OR_GREATER
+    /// <summary>
+    /// Constructor for the EasyAuthAuthenticationHandler.
+    /// Note the parameters are required by the base class.
+    /// </summary>
+    /// <param name="options">EasyAuth authentication options.</param>
+    /// <param name="logger">Logger factory.</param>
+    /// <param name="encoder">URL encoder.</param>
+    public EasyAuthAuthenticationHandler(
+        IOptionsMonitor<EasyAuthAuthenticationOptions> options,
+        ILoggerFactory logger,
+        UrlEncoder encoder)
+        // ISystemClock is obsolete in .NET 8.0 and later
+        // https://learn.microsoft.com/dotnet/core/compatibility/aspnet-core/8.0/isystemclock-obsolete
+        : base(options, logger, encoder)
+    {
+    }
+#else
     /// <summary>
     /// Constructor for the EasyAuthAuthenticationHandler.
     /// Note the parameters are required by the base class.
     /// </summary>
     /// <param name="options">EasyAuth authentication options.</param>
     /// <param name="logger">Logger factory.</param>
     /// <param name="encoder">URL encoder.</param>
-    /// <param name="clock">System clock.</param>
     public EasyAuthAuthenticationHandler(
         IOptionsMonitor<EasyAuthAuthenticationOptions> options,
         ILoggerFactory logger,
         UrlEncoder encoder,
-        ISystemClock clock
-        ) : base(options, logger, encoder, clock)
+        ISystemClock clock)
+        : base(options, logger, encoder, clock)
     {
     }
+#endif
 
     /// <summary>
     /// Attempts processing of a request's authentication metadata.

src/Core/AuthenticationHelpers/StaticWebAppsAuthentication.cs

@@ -46,9 +46,9 @@ public class StaticWebAppsClientPrincipal
         StaticWebAppsClientPrincipal principal = new();
         try
         {
-            if (context.Request.Headers.TryGetValue(AuthenticationOptions.CLIENT_PRINCIPAL_HEADER, out StringValues headerPayload))
+            if (context.Request.Headers.TryGetValue(AuthenticationOptions.CLIENT_PRINCIPAL_HEADER, out StringValues headerPayload) && headerPayload.Count == 1)
             {
-                string data = headerPayload[0];
+                string data = headerPayload.ToString();
                 byte[] decoded = Convert.FromBase64String(data);
                 string json = Encoding.UTF8.GetString(decoded);
                 principal = JsonSerializer.Deserialize<StaticWebAppsClientPrincipal>(json, new JsonSerializerOptions { PropertyNameCaseInsensitive = true }) ?? new();

src/Core/Authorization/RestAuthorizationHandler.cs

@@ -100,7 +100,7 @@ public Task HandleAsync(AuthorizationHandlerContext context)
                     );
                 }
 
-                string roleName = httpContext.Request.Headers[AuthorizationResolver.CLIENT_ROLE_HEADER];
+                string roleName = httpContext.Request.Headers[AuthorizationResolver.CLIENT_ROLE_HEADER].ToString();
                 IEnumerable<EntityActionOperation> operations = HttpVerbToOperations(httpContext.Request.Method);
 
                 foreach (EntityActionOperation operation in operations)
@@ -140,7 +140,7 @@ public Task HandleAsync(AuthorizationHandlerContext context)
                 }
 
                 string entityName = restContext.EntityName;
-                string roleName = httpContext.Request.Headers[AuthorizationResolver.CLIENT_ROLE_HEADER];
+                string roleName = httpContext.Request.Headers[AuthorizationResolver.CLIENT_ROLE_HEADER].ToString();
                 IEnumerable<EntityActionOperation> operations = HttpVerbToOperations(httpContext.Request.Method);
 
                 // Delete operations do not have column level restrictions.
@@ -224,7 +224,7 @@ public Task HandleAsync(AuthorizationHandlerContext context)
                     );
                 }
 
-                string roleName = httpContext.Request.Headers[AuthorizationResolver.CLIENT_ROLE_HEADER];
+                string roleName = httpContext.Request.Headers[AuthorizationResolver.CLIENT_ROLE_HEADER].ToString();
                 Enum.TryParse<SupportedHttpVerb>(httpContext.Request.Method, ignoreCase: true, out SupportedHttpVerb httpVerb);
                 bool isAuthorized = _authorizationResolver.IsStoredProcedureExecutionPermitted(entityName, roleName, httpVerb);
                 if (!isAuthorized)

src/Core/Azure.DataApiBuilder.Core.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFrameworks>net8.0;net6.0</TargetFrameworks>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
     <EmbedUntrackedSources>true</EmbedUntrackedSources>

src/Core/Models/GraphQLFilterParsers.cs

@@ -161,7 +161,7 @@ public GQLFilterParser(RuntimeConfigProvider runtimeConfigProvider, IMetadataPro
 
                     bool columnAccessPermitted = queryStructure.AuthorizationResolver.AreColumnsAllowedForOperation(
                         entityName: originalEntityName,
-                        roleName: GetHttpContextFromMiddlewareContext(ctx).Request.Headers[CLIENT_ROLE_HEADER],
+                        roleName: GetHttpContextFromMiddlewareContext(ctx).Request.Headers[CLIENT_ROLE_HEADER].ToString(),
                         operation: EntityActionOperation.Read,
                         columns: new[] { name });
 
@@ -300,7 +300,7 @@ public GQLFilterParser(RuntimeConfigProvider runtimeConfigProvider, IMetadataPro
         // Validate that the field referenced in the nested input filter can be accessed.
         bool entityAccessPermitted = queryStructure.AuthorizationResolver.AreRoleAndOperationDefinedForEntity(
             entityIdentifier: entityType,
-            roleName: GetHttpContextFromMiddlewareContext(ctx).Request.Headers[CLIENT_ROLE_HEADER],
+            roleName: GetHttpContextFromMiddlewareContext(ctx).Request.Headers[CLIENT_ROLE_HEADER].ToString(),
             operation: EntityActionOperation.Read);
 
         if (!entityAccessPermitted)
@@ -389,7 +389,7 @@ public GQLFilterParser(RuntimeConfigProvider runtimeConfigProvider, IMetadataPro
         // Validate that the field referenced in the nested input filter can be accessed.
         bool entityAccessPermitted = queryStructure.AuthorizationResolver.AreRoleAndOperationDefinedForEntity(
             entityIdentifier: nestedFilterEntityName,
-            roleName: GetHttpContextFromMiddlewareContext(ctx).Request.Headers[CLIENT_ROLE_HEADER],
+            roleName: GetHttpContextFromMiddlewareContext(ctx).Request.Headers[CLIENT_ROLE_HEADER].ToString(),
             operation: EntityActionOperation.Read);
 
         if (!entityAccessPermitted)

src/Core/Resolvers/QueryExecutor.cs

@@ -115,7 +115,7 @@ public class QueryExecutor<TConnection> : IQueryExecutor
                 {
                     if (DbExceptionParser.IsTransientException((DbException)e) && retryAttempt < _maxRetryCount + 1)
                     {
-                        throw e;
+                        throw;
                     }
                     else
                     {

src/Core/Resolvers/SqlMutationEngine.cs

@@ -25,6 +25,7 @@
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Extensions;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Primitives;
 
 namespace Azure.DataApiBuilder.Core.Resolvers
 {
@@ -458,7 +459,15 @@ private static bool IsPointMutation(IMiddlewareContext context)
             }
             else
             {
-                string roleName = GetHttpContext().Request.Headers[AuthorizationResolver.CLIENT_ROLE_HEADER];
+                if (!GetHttpContext().Request.Headers.TryGetValue(AuthorizationResolver.CLIENT_ROLE_HEADER, out StringValues headerValues) && headerValues.Count != 1)
+                {
+                    throw new DataApiBuilderException(
+                            message: $"No role found.",
+                            statusCode: HttpStatusCode.Forbidden,
+                            subStatusCode: DataApiBuilderException.SubStatusCodes.AuthorizationCheckFailed);
+                }
+
+                string roleName = headerValues.ToString();
                 bool isReadPermissionConfiguredForRole = _authorizationResolver.AreRoleAndOperationDefinedForEntity(context.EntityName, roleName, EntityActionOperation.Read);
                 bool isDatabasePolicyDefinedForReadAction = false;
                 JsonDocument? selectOperationResponse = null;

src/Core/Services/Cache/DabCacheService.cs

@@ -58,7 +58,7 @@ public DabCacheService(IFusionCache cache, ILogger<DabCacheService>? logger, IHt
         string cacheKey = CreateCacheKey(queryMetadata);
         JsonElement? result = await _cache.GetOrSetAsync(
                key: cacheKey,
-               async (FusionCacheFactoryExecutionContext<JsonElement> ctx, CancellationToken ct) =>
+               async (FusionCacheFactoryExecutionContext<JsonElement?> ctx, CancellationToken ct) =>
                {
                    // Need to handle undesirable results like db errors or null.
                    JsonElement? result = await queryExecutor.ExecuteQueryAsync(

src/Core/Services/OpenAPI/OpenApiDocumentor.cs

@@ -137,7 +137,7 @@ public void CreateDocument()
                     },
                     Servers = new List<OpenApiServer>
                     {
-                        new OpenApiServer { Url = url }
+                        new() { Url = url }
                     },
                     Paths = BuildPaths(),
                     Components = components