chore(settings): refactor userdb config structure

config/settings.yml

@@ -128,15 +128,15 @@ database:
 
 auto-db-migrate: '_env:AUTO_DB_MIGRATE:true'
 
-# External databases used for authentication and user data lookup
-# If the first user database in the list is unreachable, the application will perform a failover to the next list entry, etc.
+# External databases used for authentication and userdata lookups
 user-database:
   mode: single-source
-  protocol: oauth2
+  protocol: azureadv2
   config:
-    client-id:      "_env:OAUTH2CLIENTID:"
-    client-secret:  "_env:OAUTH2CLIENTSECRET:"
-    tenant-id:      "_env:OAUTH2TENANTID:"
+    client-id:     "_env:AZURECLIENTID:00000000-0000-0000-0000-000000000000"
+    client-secret: "_env:AZURECLIENTSECRET:verysecret"
+    tenant-id:     "_env:AZURETENANTID:00000000-0000-0000-0000-000000000000"
+    scopes:        "_env:AZURESCOPES:[]"
     # protocol: "ldap"
     # config:
     #   host:           "_env:LDAPHOST:"
@@ -148,12 +148,13 @@ user-database:
     #   scope:          "_env:LDAPSCOPE:WholeSubtree"
     #   timeout:        "_env:LDAPTIMEOUT:5"
     #   search-timeout: "_env:LDAPSEARCHTIME:5"
-    #   pool:
-    #     stripes:      "_env:LDAPSTRIPES:1"
-    #     timeout:      "_env:LDAPTIMEOUT:20"
-    #     limit:        "_env:LDAPLIMIT:10"
 
-userdb-retest-failover: 60
+ldap-pool:
+  stripes: "_env:LDAPSTRIPES:1"
+  timeout: "_env:LDAPTIMEOUT:20"
+  limit:   "_env:LDAPLIMIT:10"
+
+# userdb-retest-failover: 60
 userdb-sync-within:   "_env:USERDB_SYNC_WITHIN:1209600" # 14 Tage in Sekunden
 userdb-sync-interval: "_env:USERDB_SYNC_INTERVAL:3600"  # jede Stunde
 

src/Settings.hs

@@ -142,7 +142,7 @@ instance FromJSON PWHashConf where
     return PWHashConf{..}
 
 
-data UserDbConf' = UserDbLdap LdapConf | UserDbOAuth2 OAuth2Conf
+data UserDbConf' = UserDbLdap LdapConf | UserDbAzureAdV2 AzureConf
   deriving (Show)
 
 data UserDbConf =
@@ -517,10 +517,12 @@ data AppSettings = AppSettings
     , appHealthCheckHTTPReachableTimeout :: NominalDiffTime
     , appHealthCheckMatchingClusterConfigTimeout :: NominalDiffTime
 
-    , appUserdbRetestFailover :: DiffTime
+    -- , appUserdbRetestFailover :: DiffTime
     , appUserdbSyncWithin     :: Maybe NominalDiffTime
     , appUserdbSyncInterval   :: NominalDiffTime
 
+    , appLdapPoolConf :: Maybe ResourcePoolConf
+
     , appSynchroniseAvsUsersWithin   :: Maybe NominalDiffTime
     , appSynchroniseAvsUsersInterval :: NominalDiffTime
 
@@ -628,6 +630,7 @@ instance FromJSON AppSettings where
         --     nonEmptyHost (UserDbOAuth2 OAuth2Conf{..}) = not $ or [ null oauth2TenantId, null oauth2ClientId, null oauth2ClientSecret ]
         appUserDbConf             <- o .: "user-database"
         -- P.fromList . mapMaybe (assertM nonEmptyHost) <$> o .:? "user-database" .!= []
+        appLdapPoolConf           <- o .:? "ldap-pool"
         appLmsConf                <- o .: "lms-direct"
         appAvsConf                <- assertM (not . null . avsPass)  <$> o .:? "avs"
         appLprConf                <- o .: "lpr"
@@ -692,7 +695,7 @@ instance FromJSON AppSettings where
 
         appSessionTimeout         <- o .: "session-timeout"
 
-        appUserdbRetestFailover     <- o .:  "userdb-retest-failover"
+        -- appUserdbRetestFailover     <- o .:  "userdb-retest-failover"
         appUserdbSyncWithin   <- o .:? "userdb-sync-within"
         appUserdbSyncInterval <- o .:  "userdb-sync-interval"
 

src/Settings/Ldap.hs

@@ -6,12 +6,11 @@
 
 module Settings.Ldap
   ( LdapConf(..)
-  , _ldapHost, _ldapDn, _ldapBase, _ldapScope, _ldapTimeout, _ldapSearchTimeout, _ldapPool
+  , _ldapHost, _ldapDn, _ldapBase, _ldapScope, _ldapTimeout, _ldapSearchTimeout
   ) where
 
 import ClassyPrelude
 
-import Settings.ResourcePool
 import Utils.Lens.TH
 
 import Control.Monad.Fail (fail)
@@ -33,7 +32,6 @@ data LdapConf = LdapConf
   , ldapScope    :: Ldap.Scope
   , ldapTimeout  :: NominalDiffTime
   , ldapSearchTimeout :: Int32
-  , ldapPool     :: ResourcePoolConf
   } deriving (Show)
 
 makeLenses_ ''LdapConf
@@ -60,5 +58,4 @@ instance FromJSON LdapConf where
     ldapScope <- o .: "scope"
     ldapTimeout <- o .: "timeout"
     ldapSearchTimeout <- o .: "search-timeout"
-    ldapPool <- o .: "pool"
     return LdapConf{..}

src/Settings/OAuth2.hs

@@ -3,32 +3,30 @@
 -- SPDX-License-Identifier: AGPL-3.0-or-later
 
 module Settings.OAuth2
-  ( OAuth2Conf(..)
-  , _oauth2ClientId, _oauth2ClientSecret, _oauth2TenantId, _oauth2Scopes
+  ( AzureConf(..)
+  , _azureClientId, _azureClientSecret, _azureTenantId, _azureScopes
   ) where
 
 import ClassyPrelude
 
-import Utils.Lens.TH
-
 import Data.Aeson
-import qualified Data.Set as Set
+import Data.Aeson.TH
+import Data.UUID
+
+import Utils.Lens.TH
+import Utils.PathPiece (camelToPathPiece')
 
 
 -- TODO: use better types
-data OAuth2Conf = OAuth2Conf
-  { oauth2ClientId     :: Text
-  , oauth2ClientSecret :: Text
-  , oauth2TenantId     :: Text
-  , oauth2Scopes       :: Set Text
+data AzureConf = AzureConf
+  { azureClientId     :: UUID
+  , azureClientSecret :: Text
+  , azureTenantId     :: UUID
+  , azureScopes       :: Set Text -- TODO: use better type
   } deriving (Show)
 
-makeLenses_ ''OAuth2Conf
+makeLenses_ ''AzureConf
 
-instance FromJSON OAuth2Conf where
-  parseJSON = withObject "OAuth2Conf" $ \o -> do
-    oauth2ClientId <- o .:? "client-id" .!= ""
-    oauth2ClientSecret <- o .:? "client-secret" .!= ""
-    oauth2TenantId <- o .:? "tenant-id" .!= ""
-    oauth2Scopes <- o .:? "scopes" .!= Set.empty
-    return OAuth2Conf{..}
+deriveFromJSON defaultOptions
+  { fieldLabelModifier = camelToPathPiece' 1
+  } ''AzureConf