common.go 4.51 KB
Newer Older
David Diederich's avatar
David Diederich committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
package common

import (
	"time"
)

// Feature flags
var (
	FeatureCreateTokenApi bool
	FeatureGroupsByEmail  bool
)

// Entitlement clients config
var (
	// EntitlementBucket bucket
	EntitlementBucket string

	// EntitlementServiceAccountFile service account file
	EntitlementServiceAccountFile string

	// GoogleCloudIdentityAdminEmail identity email
	GoogleCloudIdentityAdminEmail string
)

// Domain Google Group Domain
var Domain string

// GCloudProject google cloud project
var GCloudProject string

var GroupDomainSuffix string

//Redis
var (
	// RedisHost redis host
	RedisHost string
)

var AllowHttp bool

// Constants
const (
	// CorrelationID is the header key for the correlation id
	CorrelationID = "Correlation-Id"

	// RedisPort redis port
	RedisPort = "6379"

	// UsersGroup accountid user group name
	UsersGroup = "users"

	// DataGroupPrefix Data group prefix
	DataGroupPrefix = "data"

	// EntitlementAdminsGroup group name
	EntitlementAdminsGroup = "service.entitlements.admin"

	// EntitlementUsersGroup owners group name
	EntitlementUsersGroup = "service.entitlements.user"

	// RootUsersGroup managers group name
	RootUsersGroup = "users.data.root"

	// StorageClientFile storage client file
	StorageClientFile = "entitlements-bucket-access.json"

	// DataPartitionID is the header key for the data partition id
	DataPartitionID = "Data-Partition-Id"

	// Error message if Data-Partition-Id is missing
	MissingAccountIDError = "Data-Partition-Id is required"

	// Trace cloud trace context
	Trace = "X-Cloud-Trace-Context"

	Authorization = "Authorization"

	AuthUserID = "userId"

	AuditInfo = "auditInfo"

	Request = "request"

	Response = "response"

	Error = "error"

	// OwnerRole is the Owner role string
	OwnerRole  = "OWNER"
	MemberRole = "MEMBER"

	// SuperAdminUsersCount is the number of super admin accounts used for gsuite client
	SuperAdminUsersCount = 10

	// PartialDirectGroupKey is the partial hash name used for the keys
	PartialDirectGroupKey = "-direct"

	// PartialDirectMemberKey is the partial hash name used for the keys
	PartialDirectMemberKey = "-directMember"

	// PartialKey is the partial hash name used for the keys
	PartialFlatGroupKey = "-flat"

	// The error message returned from redigo if the key is not present in the redis
	KeyNotFoundErrorMessage = "redigo: nil returned"

	// TraceIDKey trace id key
	TraceIDKey = "TraceIDKey"

	// AppEngineTraceID app engine trace id
	AppEngineTraceID = "appengine_googleapis_com_trace_id"

	Email = "email"

115
116
	GoogleOpenIdHost = "https://accounts.google.com"

David Diederich's avatar
David Diederich committed
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
	GoogleJWKUri = "https://www.googleapis.com/oauth2/v3/certs"

	PrefixJWKCacheKey = "jwk-"

	JWKCacheExpirationTimeInDays = 1

	UnauthorizedErrorMessage = "user is unauthorized."

	RefreshTimeAccountCache = 60

	DataStoreKind = "TenantInfo"

	DataStoreNamespace = "datalake"

	Type = "type"

	RequestInfoKey = "requestInfo"

	AuthTokenGoogleDomainUser = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImVtYWlsIjoiZG9tYWluX21lbWJlckBxdWliaXRhaS5jb20iLCJ1c2VyaWQiOiJkb21haW5fbWVtYmVyQHF1aWJpdGFpLmNvbSIsImlzcyI6ImFjY291bnRzLmdvb2dsZS5jb20ifQ.YivL9EEjorHk8jcGEKUQ8Ipg6wfLNDWN3G3Wxi8_lBA"
	//{
	//"sub": "1234567890",
	//"name": "John Doe",
	//"admin": true,
	//"email": "domain_member@quibitai.com",
	//"userid": "domain_member@quibitai.com",
	//"iss": "accounts.google.com"
	//}
144

145
	AccessTokenGoogleDomainUser = "ya29.auth_token.for.tests"
David Diederich's avatar
David Diederich committed
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
)

// logging package const
const (
	// Request logger name
	LogName = "entitlements.req"

	// Application logger name
	ChildLogName = "entitlements.app"

	// Audit logger name
	AuditLogName = "entitlements.audit"

	// Module ID
	AuditModuleId = "entitlements"

	// The destination of application-log, request-log and audit-log
	GaeApplication = "gae_app"

	// Context key for audit-log usage
	RequestContextInfo = "requestContextInfo"
)

var FilterTypes = map[string]string{
	"data":    "data.",
	"user":    "user.",
	"service": "service.",
}

// Settings
var (
	// Timeout settings for new connections
	ConnectTimeout = 15 * time.Second
	ReadTimeout    = 7 * time.Second
	WriteTimeout   = 7 * time.Second
	IdleTimeout    = 25 * time.Second

	// How many connections should stay ready for requests, at a maximum?
	// When an idle connection is used, new idle connections are created.
	MaxIdleConnections = 10

	// How many active connections should stay ready for requests, at a maximum
	MaxActiveConnections = 1000

	// GroupDbIndex redis db number for users and groups cache
	GroupDbIndex = 1

	// CredentialDbIndex redis db number for token and jwk cache
	CredentialDbIndex = 2
)