# -*- mode: python -*-

Import("env")

env = env.Clone()

env.SConscript(
    dirs=[
        'external',
    ],
    exports=[
        'env',
    ],
)

env.Library(
    target='security_token',
    source=[
        'security_token_authentication_guard.cpp',
        'security_token.idl',
        'validated_tenancy_scope.cpp',
    ],
    LIBDEPS_PRIVATE=[
        '$BUILD_DIR/mongo/db/auth/auth',
        '$BUILD_DIR/mongo/db/server_base',
        '$BUILD_DIR/mongo/db/server_feature_flags',
        '$BUILD_DIR/mongo/db/service_context',
    ],
)

env.Library(
    target='authentication_restriction',
    source=[
        'restriction_environment.cpp',
    ],
    LIBDEPS=[
        '$BUILD_DIR/mongo/base',
        '$BUILD_DIR/mongo/util/net/network',
    ],
)

# The Auth library should consist only of the shimmed API for Auth usage and the implementations of
# the data structures used in that API.  No actual Auth subsystem implementation should exist in
# this library.
env.Library(
    target='auth',
    source=[
        'auth_name.cpp',
        'authorization_manager.cpp',
        'authorization_session.cpp',
        'auth_decorations.cpp',
        'role_name_or_string.cpp',
    ],
    LIBDEPS_PRIVATE=[
        '$BUILD_DIR/mongo/db/server_base',
        '$BUILD_DIR/mongo/db/service_context',
        'auth_options',
        'cluster_auth_mode',
        'sasl_options',
    ],
)

env.Library(
    target='authentication_session',
    source=[
        'authentication_session.cpp',
    ],
    LIBDEPS=[
        'auth',
        'saslauth',
    ],
    LIBDEPS_PRIVATE=[
        '$BUILD_DIR/mongo/db/audit',
        '$BUILD_DIR/mongo/db/connection_health_metrics_parameter',
        '$BUILD_DIR/mongo/db/service_context',
        '$BUILD_DIR/mongo/db/stats/counters',
    ],
)

env.Library(
    target='auth_op_observer',
    source=[
        'auth_op_observer.cpp',
    ],
    LIBDEPS_PRIVATE=[
        '$BUILD_DIR/mongo/base',
        '$BUILD_DIR/mongo/db/audit',
        '$BUILD_DIR/mongo/db/catalog/collection_options',
        '$BUILD_DIR/mongo/db/index/index_access_method',
        '$BUILD_DIR/mongo/db/op_observer/op_observer',
        '$BUILD_DIR/mongo/db/op_observer/op_observer_util',
        '$BUILD_DIR/mongo/db/repl/oplog_entry',
        'auth',
    ],
)

env.Library(
    target='user',
    source=[
        'user.cpp',
    ],
    LIBDEPS=[
        '$BUILD_DIR/mongo/base',
    ],
    LIBDEPS_PRIVATE=[
        '$BUILD_DIR/mongo/crypto/sha_block_${MONGO_CRYPTO}',
        'auth',
        'authentication_restriction',
        'authprivilege',
    ],
)

env.Library(
    target='auth_impl_internal_local',
    source=[
        'authz_manager_external_state_local.cpp',
    ],
    LIBDEPS=[
        'auth_impl_internal',
    ],
    LIBDEPS_PRIVATE=[
        '$BUILD_DIR/mongo/db/multitenancy',
        '$BUILD_DIR/mongo/db/shard_role',
        'auth_types',
    ],
)

# This needs to use its own env to tell scons to suppress scanning the .tpl.cpp input
# for #includes since they aren't directly preprocessed. Scons will still scan the generated files
# to produce the correct implicit dependencies when they are compiled.
env_for_builtin_roles = env.Clone()
env_for_builtin_roles['SCANNERS'] = []
generateBuiltinRoles = env_for_builtin_roles.Command(
    target=[
        'builtin_roles.cpp',
    ],
    source=[
        'builtin_roles_gen.py',
        'builtin_roles.yml',
        'builtin_roles.tpl.cpp',
    ],
    action=[
        '$PYTHON ${SOURCES[0]} ${SOURCES[1]} ${SOURCES[2]} ${TARGETS[0]}',
    ],
)

env.Alias('generated-sources', generateBuiltinRoles)

env.Library(
    target='builtin_roles',
    source=[
        'builtin_roles.cpp',
    ],
    LIBDEPS=[
        '$BUILD_DIR/mongo/db/server_base',
        'auth',
        'auth_options',
        'authprivilege',
    ],
)

env.Library(
    target='user_document_parser',
    source=[
        'user_document_parser.cpp',
    ],
    LIBDEPS=[
        '$BUILD_DIR/mongo/base',
        '$BUILD_DIR/mongo/bson/util/bson_extract',
        'auth',
        'user',
    ],
    LIBDEPS_PRIVATE=[
        'address_restriction',
        'authprivilege',
    ],
)

env.Library(
    target='cluster_auth_mode',
    source=[
        'cluster_auth_mode.cpp',
    ],
    LIBDEPS=[
        '$BUILD_DIR/mongo/base',
    ],
)

env.Library(
    target='auth_options',
    source=[
        'auth_options.idl',
    ],
    LIBDEPS_PRIVATE=[
        '$BUILD_DIR/mongo/db/server_base',
    ],
)

env.Library(
    target='auth_impl_internal',
    source=[
        'authorization_manager_impl.cpp',
        'authorization_session_impl.cpp',
        'authz_manager_external_state.cpp',
        'authz_session_external_state.cpp',
        'authorization_manager_impl_parameters.idl',
    ],
    LIBDEPS=[
        '$BUILD_DIR/mongo/base/secure_allocator',
        '$BUILD_DIR/mongo/bson/util/bson_extract',
        '$BUILD_DIR/mongo/db/commands/authentication_commands',
        '$BUILD_DIR/mongo/db/common',
        '$BUILD_DIR/mongo/db/global_settings',
        '$BUILD_DIR/mongo/db/ldap/ldapmanager',
        '$BUILD_DIR/mongo/db/ldap_options',
        '$BUILD_DIR/mongo/db/query/query_stats/query_stats',
        '$BUILD_DIR/mongo/util/concurrency/thread_pool',
        '$BUILD_DIR/mongo/util/icu',
        '$BUILD_DIR/mongo/util/net/ssl_manager',
        '$BUILD_DIR/mongo/util/net/ssl_types',
        'address_restriction',
        'auth',
        'authorization_manager_global',
        'authprivilege',
        'builtin_roles',
        'sasl_options',
        'user',
        'user_acquisition_stats',
        'user_document_parser',
    ],
    LIBDEPS_PRIVATE=[
        '$BUILD_DIR/mongo/db/api_parameters',
        '$BUILD_DIR/mongo/db/audit',  # audit:logLogout in AuthZSession.
        '$BUILD_DIR/mongo/db/server_base',
        '$BUILD_DIR/mongo/db/stats/counters',
        '$BUILD_DIR/mongo/util/caching',
        'auth_types',
        'auth_umc',
    ],
)

env.Library(
    target='auth_checks',
    source=[
        'authorization_checks.cpp',
    ],
    LIBDEPS=[
        '$BUILD_DIR/mongo/db/catalog/document_validation',
        '$BUILD_DIR/mongo/db/common',
        '$BUILD_DIR/mongo/db/pipeline/lite_parsed_document_source',
        '$BUILD_DIR/mongo/db/update/update_driver',
        'auth',
        'authprivilege',
        'builtin_roles',
        'user',
        'user_document_parser',
    ],
    LIBDEPS_PRIVATE=[
        '$BUILD_DIR/mongo/db/audit',
        '$BUILD_DIR/mongo/db/server_base',
    ],
)

env.Library(
    target='authprivilege',
    source=[
        'access_checks.idl',
        'action_set.cpp',
        'action_type.cpp',
        'action_type.idl',
        'authorization_contract.cpp',
        'privilege.cpp',
        'privilege_parser.cpp',
        'resource_pattern.cpp',
    ],
    LIBDEPS_PRIVATE=[
        '$BUILD_DIR/mongo/base',
        '$BUILD_DIR/mongo/bson/mutable/mutable_bson',
        '$BUILD_DIR/mongo/db/common',
        '$BUILD_DIR/mongo/idl/idl_parser',
    ],
)

env.Library(
    target='auth_types',
    source=[
        'auth_types.idl',
    ],
    LIBDEPS=[
        '$BUILD_DIR/mongo/base',
        '$BUILD_DIR/mongo/idl/idl_parser',
        'auth',
        'authprivilege',
    ],
)

env.Library(
    target='auth_umc',
    source=[
        'impersonation_session.cpp',
        'user_management_commands_parser.cpp',
    ],
    LIBDEPS_PRIVATE=[
        '$BUILD_DIR/mongo/base',
        '$BUILD_DIR/mongo/bson/mutable/mutable_bson',
        '$BUILD_DIR/mongo/db/common',
        '$BUILD_DIR/mongo/rpc/metadata_impersonated_user',
        'address_restriction',
        'auth',
        'authprivilege',
    ],
)

env.Library(
    target='authorization_manager_global',
    source=[
        'authorization_manager_global.cpp',
        'authorization_manager_global_parameters.idl',
    ],
    LIBDEPS=[
        '$BUILD_DIR/mongo/db/ldap/ldapmanager',
        '$BUILD_DIR/mongo/db/ldap_options',
        'auth',
    ],
    LIBDEPS_PRIVATE=[
        '$BUILD_DIR/mongo/client/authentication',
        '$BUILD_DIR/mongo/db/server_base',
        '$BUILD_DIR/mongo/db/service_context',
        '$BUILD_DIR/mongo/util/net/ssl_manager',
        '$BUILD_DIR/mongo/util/net/ssl_parameters_auth',
        'cluster_auth_mode',
        'security_key',
    ],
)

env.Library(
    target='security_key',
    source=[
        'security_key.cpp',
    ],
    LIBDEPS=[
        '$BUILD_DIR/mongo/base',
    ],
    LIBDEPS_PRIVATE=[
        '$BUILD_DIR/mongo/base/secure_allocator',
        '$BUILD_DIR/mongo/client/authentication',
        '$BUILD_DIR/mongo/crypto/sha_block_${MONGO_CRYPTO}',
        '$BUILD_DIR/mongo/util/icu',
        '$BUILD_DIR/mongo/util/md5',
        'auth',
        'cluster_auth_mode',
        'sasl_options',
        'security_file',
        'user',
    ],
)

env.Library(
    target='sasl_commands',
    source=[
        'sasl_commands.cpp',
        'sasl_commands.idl',
        'sasl_payload.cpp',
    ],
    LIBDEPS_PRIVATE=[
        '$BUILD_DIR/mongo/client/sasl_client',
        '$BUILD_DIR/mongo/db/commands',
        '$BUILD_DIR/mongo/db/commands/test_commands_enabled',
        'auth',
        'auth_impl_internal',
        'authentication_session',
        'authorization_manager_global',
        'saslauth',
    ],
)

env.Library(
    target='authservercommon',
    source=[
        'authz_session_external_state_server_common.cpp',
        'enable_localhost_auth_bypass_parameter.idl',
    ],
    LIBDEPS=[
        '$BUILD_DIR/mongo/db/commands/authentication_commands',
        'auth',
        'auth_impl_internal',
        'authorization_manager_global',
        'external/externalsaslauth' if env['MONGO_BUILD_SASL_CLIENT'] else [],
        'sasl_commands',
        'saslauth',
    ],
    LIBDEPS_PRIVATE=[
        '$BUILD_DIR/mongo/db/ldap_options_init',
        'sasl_options_init',
    ],
)

yamlEnv = env.Clone()
yamlEnv.InjectThirdParty(libraries=['yaml'])
yamlEnv.Library(
    target='security_file',
    source=[
        'security_file.cpp',
    ],
    LIBDEPS=[
        '$BUILD_DIR/mongo/base',
    ],
    LIBDEPS_PRIVATE=[
        '$BUILD_DIR/mongo/db/server_base',
        '$BUILD_DIR/third_party/shim_yaml',
    ],
)

env.Library(
    target='sasl_options',
    source=[
        'sasl_options.cpp',
    ],
    LIBDEPS=[
        '$BUILD_DIR/mongo/db/server_base',
        '$BUILD_DIR/mongo/db/stats/counters',
    ],
)

env.Library(
    target='sasl_options_init',
    source=[
        'sasl_options_init.cpp',
        'sasl_options.idl',
    ],
    LIBDEPS=[
        'sasl_options',
    ],
    LIBDEPS_PRIVATE=[
        '$BUILD_DIR/mongo/util/net/network',
        '$BUILD_DIR/mongo/util/options_parser/options_parser',
    ],
)

env.Library(
    target='saslauth',
    source=[
        'sasl_mechanism_registry.cpp',
        'sasl_plain_server_conversation.cpp',
        'sasl_scram_server_conversation.cpp',
    ],
    LIBDEPS=[
        '$BUILD_DIR/mongo/base/secure_allocator',
        '$BUILD_DIR/mongo/crypto/sha_block_${MONGO_CRYPTO}',
        '$BUILD_DIR/mongo/db/commands/test_commands_enabled',
        '$BUILD_DIR/mongo/util/icu',
        '$BUILD_DIR/mongo/util/md5',
        '$BUILD_DIR/mongo/util/net/network',
        'auth',
        'authprivilege',
        'sasl_options',
        'user',
    ],
    LIBDEPS_PRIVATE=[
        '$BUILD_DIR/mongo/db/connection_health_metrics_parameter',
        '$BUILD_DIR/mongo/db/server_base',
        '$BUILD_DIR/mongo/db/service_context',
        'cluster_auth_mode',
    ],
)

env.Library(
    target='authmongod',
    source=[
        'authz_manager_external_state_d.cpp',
        'authz_session_external_state_d.cpp',
    ],
    LIBDEPS=[
        'auth_impl_internal_local',
        'authservercommon',
    ],
    LIBDEPS_PRIVATE=[
        '$BUILD_DIR/mongo/db/dbdirectclient',
        '$BUILD_DIR/mongo/db/dbhelpers',
        '$BUILD_DIR/mongo/db/repl/repl_coordinator_interface',
        '$BUILD_DIR/mongo/db/shard_role',
    ],
)

env.Library(
    target='authmongos',
    source=[
        'authz_manager_external_state_s.cpp',
        'authz_session_external_state_s.cpp',
        'user_cache_invalidator_job.cpp',
        'user_cache_invalidator_job_parameters.idl',
    ],
    LIBDEPS_PRIVATE=[
        '$BUILD_DIR/mongo/db/multitenancy',
        '$BUILD_DIR/mongo/db/server_base',
        '$BUILD_DIR/mongo/s/grid',
        'authservercommon',
    ],
)

env.Library(
    target='authmocks',
    source=[
        'authz_manager_external_state_mock.cpp',
        'authz_session_external_state_mock.cpp',
    ],
    LIBDEPS=[
        '$BUILD_DIR/mongo/db/query_expressions',
        '$BUILD_DIR/mongo/db/service_context',
        '$BUILD_DIR/mongo/db/update/update_driver',
        'auth',
        'auth_impl_internal',
        'auth_impl_internal_local',
    ],
)

env.Library(
    target='address_restriction',
    source=[
        'address_restriction.cpp',
        'address_restriction.idl',
    ],
    LIBDEPS_PRIVATE=[
        '$BUILD_DIR/mongo/base',
        '$BUILD_DIR/mongo/idl/idl_parser',
        '$BUILD_DIR/mongo/util/net/network',
        'authentication_restriction',
    ],
)

env.Library(
    target='user_acquisition_stats',
    source=[
        'ldap_operation_stats.cpp',
        'ldap_cumulative_operation_stats.cpp',
        'user_cache_acquisition_stats.cpp',
    ],
    LIBDEPS_PRIVATE=[
        '$BUILD_DIR/mongo/db/server_base',
        '$BUILD_DIR/mongo/db/service_context',
        'auth',
    ],
)

env.Library(
    target='oidc_protocol',
    source=[
        "oauth_authorization_server_metadata.idl",
        "oauth_discovery_factory.cpp",
        'oidc_protocol.idl',
    ],
    LIBDEPS_PRIVATE=[
        '$BUILD_DIR/mongo/base',
        '$BUILD_DIR/mongo/idl/idl_parser',
        '$BUILD_DIR/mongo/util/net/http_client',
    ],
)

env.Library(
    target='authorization_session_test_fixture',
    source=[
        'authorization_session_for_test.cpp',
        'authorization_session_test_fixture.cpp',
    ],
    LIBDEPS=[
        '$BUILD_DIR/mongo/db/service_context_d_test_fixture',
        '$BUILD_DIR/mongo/transport/transport_layer_mock',
        'auth',
        'auth_impl_internal',
        'authentication_restriction',
        'authmocks',
    ],
)

env.CppUnitTest(
    target='db_auth_test',
    source=[
        'action_set_test.cpp',
        'address_restriction_test.cpp',
        'auth_identifier_test.cpp',
        'authorization_contract_test.cpp',
        'auth_op_observer_test.cpp',
        "authentication_session_test.cpp",
        'authorization_manager_test.cpp',
        'authorization_session_test.cpp',
        'builtin_roles_test.cpp',
        'oauth_discovery_factory_test.cpp',
        'privilege_parser_test.cpp',
        'restriction_test.cpp',
        'sasl_authentication_session_test.cpp',
        'sasl_mechanism_registry_test.cpp',
        'sasl_scram_test.cpp',
        'security_key_test.cpp',
        'user_document_parser_test.cpp',
        'validated_tenancy_scope_test.cpp',
    ],
    LIBDEPS=[
        '$BUILD_DIR/mongo/base',
        '$BUILD_DIR/mongo/client/sasl_client',
        '$BUILD_DIR/mongo/db/common',
        '$BUILD_DIR/mongo/db/concurrency/exception_util',
        '$BUILD_DIR/mongo/db/pipeline/pipeline',
        '$BUILD_DIR/mongo/db/repl/oplog',
        '$BUILD_DIR/mongo/db/repl/oplog_interface_local',
        '$BUILD_DIR/mongo/db/repl/replmocks',
        '$BUILD_DIR/mongo/db/service_context_d_test_fixture',
        '$BUILD_DIR/mongo/db/service_context_test_fixture',
        '$BUILD_DIR/mongo/transport/transport_layer_common',
        '$BUILD_DIR/mongo/util/net/mock_http_client',
        '$BUILD_DIR/mongo/util/net/network',
        'address_restriction',
        'auth_op_observer',
        'authentication_session',
        'authorization_session_test_fixture',
        'oidc_protocol',
        'saslauth',
        'security_file',
        'security_key',
        'user',
    ],
)
