Standardize config property names and remove legacy shims

* Ensures that all properties follow a consistent naming and format pattern.
* Removes shim for legacy `alpine.*` or unprefixed properties.
* Renames `VulnerabilityAnalysisTask` to `PortfolioAnalysisTask` as it better reflects what it does (i.e. schedule analyses for all projects in the portfolio).
* Adds validation during startup to catch misconfigurations early.

Not great to do this in the RC phase, but better now than post GA.

Signed-off-by: nscuro <nscuro@protonmail.com>

Author: nscuro

alpine/alpine-common/src/main/java/alpine/common/util/ProxyUtil.java

@@ -77,7 +77,7 @@ static ProxyConfig fromConfig(final Config config) {
             return null;
         }
 
-        final String host = config.getOptionalValue(AlpineConfigKeys.HTTP_PROXY_ADDRESS, String.class).orElse(null);
+        final String host = config.getOptionalValue(AlpineConfigKeys.HTTP_PROXY_HOST, String.class).orElse(null);
         if (host == null) {
             return null;
         }

alpine/alpine-common/src/main/java/alpine/config/AlpineConfigKeys.java

@@ -25,43 +25,43 @@ public final class AlpineConfigKeys {
 
     public static final String BCRYPT_ROUNDS = "dt.bcrypt.rounds";
     public static final String LDAP_ENABLED = "dt.ldap.enabled";
-    public static final String LDAP_SERVER_URL = "dt.ldap.server.url";
-    public static final String LDAP_BASEDN = "dt.ldap.basedn";
-    public static final String LDAP_SECURITY_AUTH = "dt.ldap.security.auth";
-    public static final String LDAP_BIND_USERNAME = "dt.ldap.bind.username";
-    public static final String LDAP_BIND_PASSWORD = "dt.ldap.bind.password";
-    public static final String LDAP_AUTH_USERNAME_FMT = "dt.ldap.auth.username.format";
-    public static final String LDAP_ATTRIBUTE_NAME = "dt.ldap.attribute.name";
-    public static final String LDAP_ATTRIBUTE_MAIL = "dt.ldap.attribute.mail";
-    public static final String LDAP_GROUPS_FILTER = "dt.ldap.groups.filter";
-    public static final String LDAP_USER_GROUPS_FILTER = "dt.ldap.user.groups.filter";
-    public static final String LDAP_GROUPS_SEARCH_FILTER = "dt.ldap.groups.search.filter";
-    public static final String LDAP_USERS_SEARCH_FILTER = "dt.ldap.users.search.filter";
-    public static final String LDAP_USER_PROVISIONING = "dt.ldap.user.provisioning";
-    public static final String LDAP_TEAM_SYNCHRONIZATION = "dt.ldap.team.synchronization";
+    public static final String LDAP_SERVER_URL = "dt.ldap.server-url";
+    public static final String LDAP_BASEDN = "dt.ldap.base-dn";
+    public static final String LDAP_SECURITY_AUTH = "dt.ldap.security-auth";
+    public static final String LDAP_BIND_USERNAME = "dt.ldap.bind-username";
+    public static final String LDAP_BIND_PASSWORD = "dt.ldap.bind-password";
+    public static final String LDAP_USERNAME_FORMAT = "dt.ldap.username-format";
+    public static final String LDAP_NAME_ATTRIBUTE = "dt.ldap.name-attribute";
+    public static final String LDAP_MAIL_ATTRIBUTE = "dt.ldap.mail-attribute";
+    public static final String LDAP_GROUP_FILTER = "dt.ldap.group-filter";
+    public static final String LDAP_USER_GROUPS_FILTER = "dt.ldap.user-groups-filter";
+    public static final String LDAP_GROUP_SEARCH_FILTER = "dt.ldap.group-search-filter";
+    public static final String LDAP_USER_SEARCH_FILTER = "dt.ldap.user-search-filter";
+    public static final String LDAP_USER_PROVISIONING = "dt.ldap.user-provisioning";
+    public static final String LDAP_TEAM_SYNCHRONIZATION = "dt.ldap.team-synchronization";
     public static final String OIDC_ENABLED = "dt.oidc.enabled";
     public static final String OIDC_ISSUER = "dt.oidc.issuer";
-    public static final String OIDC_CLIENT_ID = "dt.oidc.client.id";
-    public static final String OIDC_USERNAME_CLAIM = "dt.oidc.username.claim";
-    public static final String OIDC_USER_PROVISIONING = "dt.oidc.user.provisioning";
-    public static final String OIDC_TEAM_SYNCHRONIZATION = "dt.oidc.team.synchronization";
-    public static final String OIDC_TEAMS_CLAIM = "dt.oidc.teams.claim";
-    public static final String OIDC_TEAMS_DEFAULT = "dt.oidc.teams.default";
-    public static final String OIDC_AUTH_CUSTOMIZER = "dt.oidc.auth.customizer";
-    public static final String HTTP_PROXY_ADDRESS = "dt.http.proxy.address";
+    public static final String OIDC_CLIENT_ID = "dt.oidc.client-id";
+    public static final String OIDC_USERNAME_CLAIM = "dt.oidc.username-claim";
+    public static final String OIDC_USER_PROVISIONING = "dt.oidc.user-provisioning";
+    public static final String OIDC_TEAM_SYNCHRONIZATION = "dt.oidc.team-synchronization";
+    public static final String OIDC_TEAMS_CLAIM = "dt.oidc.teams-claim";
+    public static final String OIDC_DEFAULT_TEAMS = "dt.oidc.default-teams";
+    public static final String OIDC_AUTH_CUSTOMIZER = "dt.oidc.auth-customizer";
+    public static final String HTTP_PROXY_HOST = "dt.http.proxy.host";
     public static final String HTTP_PROXY_PORT = "dt.http.proxy.port";
-    public static final String HTTP_PROXY_USERNAME = "dt.http.proxy.username";
-    public static final String HTTP_PROXY_PASSWORD = "dt.http.proxy.password";
-    public static final String NO_PROXY = "dt.no.proxy";
-    public static final String HTTP_TIMEOUT_CONNECTION = "dt.http.timeout.connection";
+    public static final String HTTP_PROXY_USERNAME = "dt.http.proxy.auth.username";
+    public static final String HTTP_PROXY_PASSWORD = "dt.http.proxy.auth.password";
+    public static final String NO_PROXY = "dt.http.proxy.exclusions";
+    public static final String HTTP_CONNECT_TIMEOUT_MS = "dt.http.connect-timeout-ms";
     public static final String CORS_ENABLED = "dt.cors.enabled";
-    public static final String CORS_ALLOW_ORIGIN = "dt.cors.allow.origin";
-    public static final String CORS_ALLOW_METHODS = "dt.cors.allow.methods";
-    public static final String CORS_ALLOW_HEADERS = "dt.cors.allow.headers";
-    public static final String CORS_EXPOSE_HEADERS = "dt.cors.expose.headers";
-    public static final String CORS_ALLOW_CREDENTIALS = "dt.cors.allow.credentials";
-    public static final String CORS_MAX_AGE = "dt.cors.max.age";
-    public static final String API_KEY_PREFIX = "dt.api.key.prefix";
+    public static final String CORS_ALLOW_ORIGIN = "dt.cors.allowed-origins";
+    public static final String CORS_ALLOW_METHODS = "dt.cors.allowed-methods";
+    public static final String CORS_ALLOW_HEADERS = "dt.cors.allowed-headers";
+    public static final String CORS_EXPOSE_HEADERS = "dt.cors.exposed-headers";
+    public static final String CORS_ALLOW_CREDENTIALS = "dt.cors.allow-credentials";
+    public static final String CORS_MAX_AGE = "dt.cors.max-age";
+    public static final String API_KEY_PREFIX = "dt.api-key.prefix";
 
     public static final String BUILD_INFO_APPLICATION_NAME = "alpine.build-info.application.name";
     public static final String BUILD_INFO_APPLICATION_VERSION = "alpine.build-info.application.version";

alpine/alpine-common/src/main/resources/META-INF/microprofile-config.properties

@@ -3,30 +3,28 @@ alpine.build-info.application.version=0.0.0
 alpine.build-info.application.timestamp=1970-01-01 00:00:00
 alpine.build-info.application.uuid=00000000-0000-0000-0000-000000000000
 
-dt.api.key.prefix=alpine_
+dt.api-key.prefix=alpine_
 dt.bcrypt.rounds=14
-dt.cors.allow.credentials=true
-dt.cors.allow.headers=Origin,Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Api-Key,X-Total-Count,*
-dt.cors.allow.methods=GET,POST,PUT,PATCH,DELETE,OPTIONS
-dt.cors.allow.origin=*
+dt.cors.allow-credentials=true
+dt.cors.allowed-headers=Origin,Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Api-Key,X-Total-Count,*
+dt.cors.allowed-methods=GET,POST,PUT,PATCH,DELETE,OPTIONS
+dt.cors.allowed-origins=*
 dt.cors.enabled=true
-dt.cors.expose.headers=Origin,Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Api-Key,X-Total-Count
-dt.cors.max.age=3600
-dt.data.directory=~/.alpine
+dt.cors.exposed-headers=Origin,Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Api-Key,X-Total-Count
+dt.cors.max-age=3600
+dt.data-directory=~/.alpine
 dt.database.password=
 dt.database.url=jdbc:h2:mem:alpine
 dt.database.username=sa
-dt.http.timeout.connection=30
-dt.http.timeout.pool=60
-dt.http.timeout.socket=30
-dt.ldap.attribute.mail=mail
-dt.ldap.attribute.name=userPrincipalName
+dt.http.connect-timeout-ms=30000
+dt.ldap.mail-attribute=mail
+dt.ldap.name-attribute=userPrincipalName
 dt.ldap.enabled=false
-dt.ldap.team.synchronization=false
-dt.ldap.user.provisioning=false
-dt.oidc.auth.customizer=alpine.server.auth.DefaultOidcAuthenticationCustomizer
+dt.ldap.team-synchronization=false
+dt.ldap.user-provisioning=false
+dt.oidc.auth-customizer=alpine.server.auth.DefaultOidcAuthenticationCustomizer
 dt.oidc.enabled=false
-dt.oidc.team.synchronization=false
-dt.oidc.teams.claim=groups
-dt.oidc.user.provisioning=false
-dt.oidc.username.claim=sub
+dt.oidc.team-synchronization=false
+dt.oidc.teams-claim=groups
+dt.oidc.user-provisioning=false
+dt.oidc.username-claim=sub

alpine/alpine-common/src/test/java/alpine/common/util/ProxyUtilTest.java

@@ -37,7 +37,7 @@ public void fromConfigTest() {
 
         final Config config = new SmallRyeConfigBuilder()
                 .withDefaultValues(Map.of(
-                        AlpineConfigKeys.HTTP_PROXY_ADDRESS, "proxy.http.example.com",
+                        AlpineConfigKeys.HTTP_PROXY_HOST, "proxy.http.example.com",
                         AlpineConfigKeys.HTTP_PROXY_PORT, "6666",
                         AlpineConfigKeys.HTTP_PROXY_USERNAME, "domain\\username",
                         AlpineConfigKeys.HTTP_PROXY_PASSWORD, "pa$%word",

alpine/alpine-server/src/main/java/alpine/server/auth/LdapAuthenticationService.java

@@ -135,7 +135,7 @@ private LdapUser autoProvision(final LdapConnectionWrapper ldap, final AlpineQue
                     user = qm.synchronizeTeamMembership(user, groupDNs);
                 }
             } else {
-                LOGGER.warn("Could not find '{}' in the directory while provisioning the user. Ensure '{}' is defined correctly", username, AlpineConfigKeys.LDAP_ATTRIBUTE_NAME);
+                LOGGER.warn("Could not find '{}' in the directory while provisioning the user. Ensure '{}' is defined correctly", username, AlpineConfigKeys.LDAP_NAME_ATTRIBUTE);
                 throw new AlpineAuthenticationException(AlpineAuthenticationException.CauseType.UNMAPPED_ACCOUNT);
             }
         } catch (NamingException e) {

alpine/alpine-server/src/main/java/alpine/server/auth/LdapConnectionWrapper.java

@@ -76,14 +76,14 @@ public LdapConnectionWrapper(Config config) {
         this.bindUsername = config.getOptionalValue(AlpineConfigKeys.LDAP_BIND_USERNAME, String.class).orElse(null);
         this.bindPassword = config.getOptionalValue(AlpineConfigKeys.LDAP_BIND_PASSWORD, String.class).orElse(null);
         this.securityAuth = config.getOptionalValue(AlpineConfigKeys.LDAP_SECURITY_AUTH, String.class).orElse(null);
-        this.authUsernameFmt = config.getOptionalValue(AlpineConfigKeys.LDAP_AUTH_USERNAME_FMT, String.class).orElse(null);
+        this.authUsernameFmt = config.getOptionalValue(AlpineConfigKeys.LDAP_USERNAME_FORMAT, String.class).orElse(null);
         this.userGroupsFilter = config.getOptionalValue(AlpineConfigKeys.LDAP_USER_GROUPS_FILTER, String.class).orElse(null);
-        this.groupsSearchFilter = config.getOptionalValue(AlpineConfigKeys.LDAP_GROUPS_SEARCH_FILTER, String.class).orElse(null);
+        this.groupsSearchFilter = config.getOptionalValue(AlpineConfigKeys.LDAP_GROUP_SEARCH_FILTER, String.class).orElse(null);
         this.ldapEnabled = config.getValue(AlpineConfigKeys.LDAP_ENABLED, Boolean.class);
         this.ldapUrl = config.getOptionalValue(AlpineConfigKeys.LDAP_SERVER_URL, String.class).orElse(null);
         this.baseDn = config.getOptionalValue(AlpineConfigKeys.LDAP_BASEDN, String.class).orElse(null);
-        this.attributeMail = config.getValue(AlpineConfigKeys.LDAP_ATTRIBUTE_MAIL, String.class);
-        this.attributeName = config.getValue(AlpineConfigKeys.LDAP_ATTRIBUTE_NAME, String.class);
+        this.attributeMail = config.getValue(AlpineConfigKeys.LDAP_MAIL_ATTRIBUTE, String.class);
+        this.attributeName = config.getValue(AlpineConfigKeys.LDAP_NAME_ATTRIBUTE, String.class);
         this.userProvisioning = config.getValue(AlpineConfigKeys.LDAP_USER_PROVISIONING, Boolean.class);
         this.teamSynchronization = config.getValue(AlpineConfigKeys.LDAP_TEAM_SYNCHRONIZATION, Boolean.class);
         this.ldapSslTls = this.ldapUrl != null && !this.ldapUrl.isBlank() && this.ldapUrl.startsWith("ldaps:");
@@ -229,7 +229,7 @@ public List<String> search(final DirContext dirContext, final String filter, fin
 
     /**
      * Performs a search for the specified username. Internally, this method queries on
-     * the attribute defined by {@link AlpineConfigKeys#LDAP_ATTRIBUTE_NAME}.
+     * the attribute defined by {@link AlpineConfigKeys#LDAP_NAME_ATTRIBUTE}.
      *
      * @param ctx      the DirContext to use
      * @param username the username to query on
@@ -248,7 +248,7 @@ public List<SearchResult> searchForUsername(final DirContext ctx, final String u
 
     /**
      * Performs a search for the specified username. Internally, this method queries on
-     * the attribute defined by {@link AlpineConfigKeys#LDAP_ATTRIBUTE_NAME}.
+     * the attribute defined by {@link AlpineConfigKeys#LDAP_NAME_ATTRIBUTE}.
      *
      * @param ctx      the DirContext to use
      * @param username the username to query on
@@ -323,7 +323,7 @@ public String getAttribute(final Attributes attributes, final String attributeNa
 
     /**
      * Formats the principal in username@domain format or in a custom format if is specified in the config file.
-     * If LDAP_AUTH_USERNAME_FMT is configured to a non-empty value, the substring %s in this value will be replaced with the entered username.
+     * If LDAP_USERNAME_FORMAT is configured to a non-empty value, the substring %s in this value will be replaced with the entered username.
      * The recommended format of this value depends on your LDAP server(Active Directory, OpenLDAP, etc.).
      * Examples:
      * alpine.ldap.auth.username.format=%s

alpine/alpine-server/src/main/java/alpine/server/auth/OidcAuthenticationService.java

@@ -234,7 +234,7 @@ private OidcUser autoProvision(final AlpineQueryManager qm, final OidcProfile pr
                     accessToken);
         }
 
-        final List<String> defaultTeams = config.getOptionalValues(AlpineConfigKeys.OIDC_TEAMS_DEFAULT, String.class)
+        final List<String> defaultTeams = config.getOptionalValues(AlpineConfigKeys.OIDC_DEFAULT_TEAMS, String.class)
                 .orElse(List.of()).stream()
                 .map(String::trim)
                 .filter(s -> !s.isEmpty())

alpine/alpine-server/src/test/java/alpine/server/auth/LdapAuthenticationServiceTest.java

@@ -206,12 +206,12 @@ private static Config configWith(Map<String, String> overrides) {
         values.put(AlpineConfigKeys.LDAP_BASEDN, LDAP.getBaseDn());
         values.put(AlpineConfigKeys.LDAP_BIND_USERNAME, LDAP.getUser());
         values.put(AlpineConfigKeys.LDAP_BIND_PASSWORD, LDAP.getPassword());
-        values.put(AlpineConfigKeys.LDAP_ATTRIBUTE_NAME, "uid");
-        values.put(AlpineConfigKeys.LDAP_ATTRIBUTE_MAIL, "mail");
+        values.put(AlpineConfigKeys.LDAP_NAME_ATTRIBUTE, "uid");
+        values.put(AlpineConfigKeys.LDAP_MAIL_ATTRIBUTE, "mail");
         values.put(AlpineConfigKeys.LDAP_USER_GROUPS_FILTER, "(member={USER_DN})");
-        values.put(AlpineConfigKeys.LDAP_GROUPS_FILTER, "(objectClass=groupOfUniqueNames)");
-        values.put(AlpineConfigKeys.LDAP_GROUPS_SEARCH_FILTER, "(&(objectClass=groupOfUniqueNames)(cn=*{SEARCH_TERM}*))");
-        values.put(AlpineConfigKeys.LDAP_USERS_SEARCH_FILTER, "(&(objectClass=inetOrgPerson)(cn=*{SEARCH_TERM}*))");
+        values.put(AlpineConfigKeys.LDAP_GROUP_FILTER, "(objectClass=groupOfUniqueNames)");
+        values.put(AlpineConfigKeys.LDAP_GROUP_SEARCH_FILTER, "(&(objectClass=groupOfUniqueNames)(cn=*{SEARCH_TERM}*))");
+        values.put(AlpineConfigKeys.LDAP_USER_SEARCH_FILTER, "(&(objectClass=inetOrgPerson)(cn=*{SEARCH_TERM}*))");
         values.put(AlpineConfigKeys.LDAP_USER_PROVISIONING, "true");
         values.put(AlpineConfigKeys.LDAP_TEAM_SYNCHRONIZATION, "false");
         values.putAll(overrides);

alpine/alpine-server/src/test/java/alpine/server/auth/OidcAuthenticationServiceTest.java

@@ -332,7 +332,7 @@ public void authenticateShouldProvisionAndReturnNewUserWhenUserDoesNotExistAndPr
     public void authenticateShouldProvisionAndApplyDefaultTeamsAndReturnNewUserWhenUserDoesNotExistAndProvisioningIsEnabled() throws Exception {
         final Config config = configWith(Map.of(
                 AlpineConfigKeys.OIDC_USER_PROVISIONING, "true",
-                AlpineConfigKeys.OIDC_TEAMS_DEFAULT, "teamName"));
+                AlpineConfigKeys.OIDC_DEFAULT_TEAMS, "teamName"));
 
         try (final var qm = new AlpineQueryManager()) {
             var teamToAssign = new Team();

apiserver/pom.xml

@@ -799,7 +799,7 @@
                                             <value>dev</value>
                                         </systemProperty>
                                         <systemProperty>
-                                            <key>dev.services.enabled</key>
+                                            <key>dt.dev-services.enabled</key>
                                             <value>true</value>
                                         </systemProperty>
                                     </systemProperties>