zitadel/cmd/setup/59.go

package setup

import (
	"context"
	"fmt"

	"github.com/zitadel/logging"

	"github.com/zitadel/zitadel/internal/api/authz"
	"github.com/zitadel/zitadel/internal/command"
	"github.com/zitadel/zitadel/internal/crypto"
	"github.com/zitadel/zitadel/internal/eventstore"
	"github.com/zitadel/zitadel/internal/repository/instance"
)

type SetupWebkeys struct {
	eventstore *eventstore.Eventstore
	commands   *command.Commands
}

func (mig *SetupWebkeys) Execute(ctx context.Context, _ eventstore.Event) error {
	instances, err := mig.eventstore.InstanceIDs(
		ctx,
		eventstore.NewSearchQueryBuilder(eventstore.ColumnsInstanceIDs).
			OrderDesc().
			AddQuery().
			AggregateTypes(instance.AggregateType).
			EventTypes(instance.InstanceAddedEventType).
			Builder().ExcludeAggregateIDs().
			AggregateTypes(instance.AggregateType).
			EventTypes(instance.InstanceRemovedEventType).
			Builder(),
	)
	if err != nil {
		return fmt.Errorf("%s get instance IDs: %w", mig, err)
	}
	conf := &crypto.WebKeyRSAConfig{
		Bits:   crypto.RSABits2048,
		Hasher: crypto.RSAHasherSHA256,
	}

	for _, instance := range instances {
		ctx := authz.WithInstanceID(ctx, instance)
		logging.Info("prepare initial webkeys for instance", "instance_id", instance, "migration", mig)
		if err := mig.commands.GenerateInitialWebKeys(ctx, conf); err != nil {
			return fmt.Errorf("%s generate initial webkeys: %w", mig, err)
		}
	}
	return nil
}

func (mig *SetupWebkeys) String() string {
	return "59_setup_webkeys"
}
feat: generate webkeys setup step (#10105) # Which Problems Are Solved We are preparing to roll-out and stabilize webkeys in the next version of Zitadel. Before removing legacy signing-key code, we must ensure all existing instances have their webkeys generated. # How the Problems Are Solved Add a setup step which generate 2 webkeys for each existing instance that didn't have webkeys yet. # Additional Changes Return an error from the config type-switch, when the type is unknown. # Additional Context - Part 1/2 of https://github.com/zitadel/zitadel/issues/10029 - Should be back-ported to v3 2025-06-24 12:41:41 +03:00			`package setup`

			`import (`
			`"context"`
			`"fmt"`

			`"github.com/zitadel/logging"`

			`"github.com/zitadel/zitadel/internal/api/authz"`
			`"github.com/zitadel/zitadel/internal/command"`
			`"github.com/zitadel/zitadel/internal/crypto"`
			`"github.com/zitadel/zitadel/internal/eventstore"`
			`"github.com/zitadel/zitadel/internal/repository/instance"`
			`)`

			`type SetupWebkeys struct {`
			`eventstore *eventstore.Eventstore`
			`commands *command.Commands`
			`}`

			`func (mig *SetupWebkeys) Execute(ctx context.Context, _ eventstore.Event) error {`
			`instances, err := mig.eventstore.InstanceIDs(`
			`ctx,`
			`eventstore.NewSearchQueryBuilder(eventstore.ColumnsInstanceIDs).`
			`OrderDesc().`
			`AddQuery().`
			`AggregateTypes(instance.AggregateType).`
			`EventTypes(instance.InstanceAddedEventType).`
			`Builder().ExcludeAggregateIDs().`
			`AggregateTypes(instance.AggregateType).`
			`EventTypes(instance.InstanceRemovedEventType).`
			`Builder(),`
			`)`
			`if err != nil {`
			`return fmt.Errorf("%s get instance IDs: %w", mig, err)`
			`}`
			`conf := &crypto.WebKeyRSAConfig{`
			`Bits: crypto.RSABits2048,`
			`Hasher: crypto.RSAHasherSHA256,`
			`}`

			`for _, instance := range instances {`
			`ctx := authz.WithInstanceID(ctx, instance)`
			`logging.Info("prepare initial webkeys for instance", "instance_id", instance, "migration", mig)`
			`if err := mig.commands.GenerateInitialWebKeys(ctx, conf); err != nil {`
			`return fmt.Errorf("%s generate initial webkeys: %w", mig, err)`
			`}`
			`}`
			`return nil`
			`}`

			`func (mig *SetupWebkeys) String() string {`
			`return "59_setup_webkeys"`
			`}`