ADConstants.java

package io.cattle.platform.iaas.api.auth.integration.ldap.ad;

import io.cattle.platform.archaius.util.ArchaiusUtil;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;

import com.netflix.config.DynamicBooleanProperty;
import com.netflix.config.DynamicIntProperty;
import com.netflix.config.DynamicLongProperty;
import com.netflix.config.DynamicStringProperty;

public class ADConstants {

    public static final String NAME = "ldap";
    public static final String USER_SCOPE = NAME + "_user";
    public static final String GROUP_SCOPE = NAME + "_group";

    public static final String CONFIG = NAME + "config";
    public static final String LDAP_ACCESS_TOKEN = NAME + "AccessToken";
    public static final String LDAP_JWT = NAME + "Jwt";


    //Names for Settings in cattle.
    public static final String SETTING_BASE = "api.auth.ldap.";
    public static final String ACCESS_MODE_SETTING = SETTING_BASE + "access.mode";
    public static final String DOMAIN_SETTING = SETTING_BASE + "domain";
    public static final String GROUP_SEARCH_DOMAIN_SETTING = SETTING_BASE + "group.search.domain";
    public static final String LOGIN_DOMAIN_SETTING = SETTING_BASE + "login.domain";
    public static final String PORT_SETTING = SETTING_BASE + "port";
    public static final String USER_SEARCH_FIELD_SETTING = SETTING_BASE + "user.search.field";
    public static final String SERVICE_ACCOUNT_USERNAME_SETTING = SETTING_BASE + "service.account.user";
    public static final String GROUP_SEARCH_FIELD_SETTING = SETTING_BASE + "group.search.field";
    public static final String USER_OBJECT_CLASS_SETTING = SETTING_BASE + "user.object.class";
    public static final String USER_NAME_FIELD_SETTING = SETTING_BASE + "user.name.field";
    public static final String GROUP_OBJECT_CLASS_SETTING = SETTING_BASE + "group.object.class";
    public static final String USER_LOGIN_FIELD_SETTING = SETTING_BASE + "user.login.field";
    public static final String USER_DISABLED_BIT_MASK_SETTING = SETTING_BASE + "user.enabled.mask.bit";
    public static final String SERVER_SETTING = SETTING_BASE + "server";
    public static final String SERVICE_ACCOUNT_PASSWORD_SETTING = SETTING_BASE + "service.account.password";
    public static final String USER_ENABLED_ATTRIBUTE_SETTING = SETTING_BASE + "user.enabled.attribute";
    public static final String GROUP_NAME_FIELD_SETTING = SETTING_BASE + "group.name.field";
    public static final String TLS_SETTING = SETTING_BASE + "tls";
    public static final String TIMEOUT_SETTING = SETTING_BASE + "connection.timeout";
    public static final String ALLOWED_IDENTITIES_SETTING = SETTING_BASE + "allowed.identities";
    public static final String GROUP_DN_FIELD_SETTING = SETTING_BASE + "group.dn.field";
    public static final String GROUP_MEMBER_USER_ATTRIBUTE_SETTING = SETTING_BASE + "group.member.user.attribute";

    public static final Set<String> SCOPES = Collections.unmodifiableSet(
            new HashSet<>(Arrays.asList(
                    USER_SCOPE,
                    GROUP_SCOPE
            )));

    public static final DynamicStringProperty ACCESS_MODE = ArchaiusUtil.getString(ACCESS_MODE_SETTING);
    public static final DynamicStringProperty LDAP_DOMAIN = ArchaiusUtil.getString(DOMAIN_SETTING);
    public static final DynamicStringProperty LDAP_GROUP_SEARCH_DOMAIN = ArchaiusUtil.getString(GROUP_SEARCH_DOMAIN_SETTING);
    public static final DynamicStringProperty LDAP_LOGIN_DOMAIN = ArchaiusUtil.getString(LOGIN_DOMAIN_SETTING);
    public static final DynamicIntProperty LDAP_PORT = ArchaiusUtil.getInt(PORT_SETTING);
    public static final DynamicStringProperty LDAP_SERVER = ArchaiusUtil.getString(SERVER_SETTING);
    public static final DynamicStringProperty SERVICE_ACCOUNT_PASSWORD = ArchaiusUtil.getString(SERVICE_ACCOUNT_PASSWORD_SETTING);
    public static final DynamicStringProperty SERVICE_ACCOUNT_USER = ArchaiusUtil.getString(SERVICE_ACCOUNT_USERNAME_SETTING);

    public static final String TOKEN_CREATOR = NAME + "TokenCreator";
    public static final DynamicBooleanProperty TLS_ENABLED = ArchaiusUtil.getBoolean(TLS_SETTING);
    public static final DynamicStringProperty USER_SEARCH_FIELD = ArchaiusUtil.getString(USER_SEARCH_FIELD_SETTING);
    public static final DynamicStringProperty USER_LOGIN_FIELD = ArchaiusUtil.getString(USER_LOGIN_FIELD_SETTING);
    public static final DynamicStringProperty GROUP_SEARCH_FIELD = ArchaiusUtil.getString(GROUP_SEARCH_FIELD_SETTING);
    public static final DynamicStringProperty USER_OBJECT_CLASS = ArchaiusUtil.getString(USER_OBJECT_CLASS_SETTING);
    public static final DynamicIntProperty USER_DISABLED_BIT_MASK = ArchaiusUtil.getInt(USER_DISABLED_BIT_MASK_SETTING);
    public static final DynamicStringProperty USER_ENABLED_ATTRIBUTE = ArchaiusUtil.getString(USER_ENABLED_ATTRIBUTE_SETTING);
    public static final DynamicStringProperty AD_ALLOWED_IDENTITIES = ArchaiusUtil.getString(ALLOWED_IDENTITIES_SETTING);
    public static final String MANAGER = NAME + "Manager";


    /* * All of these
           * Fields Should be configurable. Make them configurable in ldap config. and used in appropriate places.
           * Add the member attributes and memberOf attributes. Make Comma separated list of ous that are allowed as setting.
           * This setting will be iterated on every login request/ search for results. We only support direct membership currently.
        * */
    public static final DynamicStringProperty USER_NAME_FIELD = ArchaiusUtil.getString(USER_NAME_FIELD_SETTING);
    public static final DynamicStringProperty GROUP_NAME_FIELD = ArchaiusUtil.getString(GROUP_NAME_FIELD_SETTING);
    public static final String MEMBER_OF = "memberOf";
    public static final String OBJECT_CLASS = "objectClass";
    public static final DynamicStringProperty GROUP_OBJECT_CLASS = ArchaiusUtil.getString(GROUP_OBJECT_CLASS_SETTING);

    public static final DynamicLongProperty CONNECTION_TIMEOUT = ArchaiusUtil.getLong(TIMEOUT_SETTING);
    public static final DynamicStringProperty GROUP_DN_FIELD = ArchaiusUtil.getString(GROUP_DN_FIELD_SETTING);
    public static final DynamicStringProperty GROUP_MEMBER_USER_ATTRIBUTE = ArchaiusUtil.getString(GROUP_MEMBER_USER_ATTRIBUTE_SETTING);

    public static final String CONFIG_DOMAIN = "domain";
    public static final String CONFIG_GROUP_SEARCH_DOMAIN = "groupSearchDomain";
    public static final String CONFIG_ALLOWED_IDENTITIES = "allowedIdentities";
    public static final String CONFIG_GROUP_NAME_FIELD = "groupNameField";
    public static final String CONFIG_GROUP_OBJECT_CLASS = "groupObjectClass";
    public static final String CONFIG_GROUP_SEARCH_FIELD = "groupSearchField";
    public static final String CONFIG_LOGIN_DOMAIN = "loginDomain";
    public static final String CONFIG_PORT = "port";
    public static final String CONFIG_SERVER = "server";
    public static final String CONFIG_SERVICE_ACCOUNT_PASSWORD = "serviceAccountPassword";
    public static final String CONFIG_SERVICE_ACCOUNT_USERNAME = "serviceAccountUsername";
    public static final String CONFIG_TLS = "tls";
    public static final String CONFIG_USER_DISABLED_BIT_MASK = "userDisabledBitMask";
    public static final String CONFIG_USER_ENABLED_ATTRIBUTE = "userEnabledAttribute";
    public static final String CONFIG_USER_LOGIN_FIELD = "userLoginField";
    public static final String CONFIG_USER_NAME_FIELD = "userNameField";
    public static final String CONFIG_USER_OBJECT_CLASS = "userObjectClass";
    public static final String CONFIG_USER_SEARCH_FIELD = "userSearchField";
    public static final String CONFIG_TIMEOUT = "connectionTimeout";
    public static final String CONFIG_SECURITY = "enabled";
    public static final String CONFIG_GROUP_DN_FIELD = "groupDNField";
    public static final String CONFIG_GROUP_MEMBER_USER_ATTRIBUTE = "groupMemberUserAttribute";

}