2022-12-14 07:17:36 +01:00
|
|
|
package instance
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
|
|
|
|
"github.com/zitadel/zitadel/internal/eventstore"
|
2023-12-08 16:30:55 +02:00
|
|
|
"github.com/zitadel/zitadel/internal/zerrors"
|
2022-12-14 07:17:36 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
securityPolicyPrefix = "policy.security."
|
|
|
|
SecurityPolicySetEventType = instanceEventTypePrefix + securityPolicyPrefix + "set"
|
|
|
|
)
|
|
|
|
|
|
|
|
type SecurityPolicySetEvent struct {
|
|
|
|
eventstore.BaseEvent `json:"-"`
|
|
|
|
|
2024-02-28 12:21:11 +02:00
|
|
|
// Enabled is a legacy field which was used before for Iframe Embedding.
|
|
|
|
// It is kept so older events can still be reduced.
|
|
|
|
Enabled *bool `json:"enabled,omitempty"`
|
|
|
|
EnableIframeEmbedding *bool `json:"enable_iframe_embedding,omitempty"`
|
|
|
|
AllowedOrigins *[]string `json:"allowedOrigins,omitempty"`
|
|
|
|
EnableImpersonation *bool `json:"enable_impersonation,omitempty"`
|
2022-12-14 07:17:36 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
func NewSecurityPolicySetEvent(
|
|
|
|
ctx context.Context,
|
|
|
|
aggregate *eventstore.Aggregate,
|
|
|
|
changes []SecurityPolicyChanges,
|
|
|
|
) (*SecurityPolicySetEvent, error) {
|
|
|
|
if len(changes) == 0 {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowPreconditionFailed(nil, "POLICY-EWsf3", "Errors.NoChangesFound")
|
2022-12-14 07:17:36 +01:00
|
|
|
}
|
|
|
|
event := &SecurityPolicySetEvent{
|
|
|
|
BaseEvent: *eventstore.NewBaseEventForPush(
|
|
|
|
ctx,
|
|
|
|
aggregate,
|
|
|
|
SecurityPolicySetEventType,
|
|
|
|
),
|
|
|
|
}
|
|
|
|
for _, change := range changes {
|
|
|
|
change(event)
|
|
|
|
}
|
|
|
|
return event, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
type SecurityPolicyChanges func(event *SecurityPolicySetEvent)
|
|
|
|
|
2024-02-28 12:21:11 +02:00
|
|
|
func ChangeSecurityPolicyEnableIframeEmbedding(enabled bool) func(event *SecurityPolicySetEvent) {
|
2022-12-14 07:17:36 +01:00
|
|
|
return func(e *SecurityPolicySetEvent) {
|
2024-02-28 12:21:11 +02:00
|
|
|
e.EnableIframeEmbedding = &enabled
|
2022-12-14 07:17:36 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func ChangeSecurityPolicyAllowedOrigins(allowedOrigins []string) func(event *SecurityPolicySetEvent) {
|
|
|
|
return func(e *SecurityPolicySetEvent) {
|
|
|
|
if len(allowedOrigins) == 0 {
|
|
|
|
allowedOrigins = []string{}
|
|
|
|
}
|
|
|
|
e.AllowedOrigins = &allowedOrigins
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-02-28 12:21:11 +02:00
|
|
|
func ChangeSecurityPolicyEnableImpersonation(enabled bool) func(event *SecurityPolicySetEvent) {
|
|
|
|
return func(e *SecurityPolicySetEvent) {
|
|
|
|
e.EnableImpersonation = &enabled
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-10-19 12:19:10 +02:00
|
|
|
func (e *SecurityPolicySetEvent) Payload() interface{} {
|
2022-12-14 07:17:36 +01:00
|
|
|
return e
|
|
|
|
}
|
|
|
|
|
2023-10-19 12:19:10 +02:00
|
|
|
func (e *SecurityPolicySetEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
|
2022-12-14 07:17:36 +01:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2023-10-19 12:19:10 +02:00
|
|
|
func SecurityPolicySetEventMapper(event eventstore.Event) (eventstore.Event, error) {
|
2022-12-14 07:17:36 +01:00
|
|
|
securityPolicyAdded := &SecurityPolicySetEvent{
|
|
|
|
BaseEvent: *eventstore.BaseEventFromRepo(event),
|
|
|
|
}
|
2023-10-19 12:19:10 +02:00
|
|
|
err := event.Unmarshal(securityPolicyAdded)
|
2022-12-14 07:17:36 +01:00
|
|
|
if err != nil {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInternal(err, "IAM-soiwj", "unable to unmarshal oidc config added")
|
2022-12-14 07:17:36 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
return securityPolicyAdded, nil
|
|
|
|
}
|