zitadel/internal/query/oidc_settings.go

package query

import (
	"context"
	"database/sql"
	errs "errors"
	"time"

	sq "github.com/Masterminds/squirrel"

	"github.com/zitadel/zitadel/internal/api/authz"
	"github.com/zitadel/zitadel/internal/errors"
	"github.com/zitadel/zitadel/internal/query/projection"
	"github.com/zitadel/zitadel/internal/telemetry/tracing"
)

var (
	oidcSettingsTable = table{
		name:          projection.OIDCSettingsProjectionTable,
		instanceIDCol: projection.OIDCSettingsColumnInstanceID,
	}
	OIDCSettingsColumnAggregateID = Column{
		name:  projection.OIDCSettingsColumnAggregateID,
		table: oidcSettingsTable,
	}
	OIDCSettingsColumnCreationDate = Column{
		name:  projection.OIDCSettingsColumnCreationDate,
		table: oidcSettingsTable,
	}
	OIDCSettingsColumnChangeDate = Column{
		name:  projection.OIDCSettingsColumnChangeDate,
		table: oidcSettingsTable,
	}
	OIDCSettingsColumnResourceOwner = Column{
		name:  projection.OIDCSettingsColumnResourceOwner,
		table: oidcSettingsTable,
	}
	OIDCSettingsColumnInstanceID = Column{
		name:  projection.OIDCSettingsColumnInstanceID,
		table: oidcSettingsTable,
	}
	OIDCSettingsColumnSequence = Column{
		name:  projection.OIDCSettingsColumnSequence,
		table: oidcSettingsTable,
	}
	OIDCSettingsColumnAccessTokenLifetime = Column{
		name:  projection.OIDCSettingsColumnAccessTokenLifetime,
		table: oidcSettingsTable,
	}
	OIDCSettingsColumnIdTokenLifetime = Column{
		name:  projection.OIDCSettingsColumnIdTokenLifetime,
		table: oidcSettingsTable,
	}
	OIDCSettingsColumnRefreshTokenIdleExpiration = Column{
		name:  projection.OIDCSettingsColumnRefreshTokenIdleExpiration,
		table: oidcSettingsTable,
	}
	OIDCSettingsColumnRefreshTokenExpiration = Column{
		name:  projection.OIDCSettingsColumnRefreshTokenExpiration,
		table: oidcSettingsTable,
	}
)

type OIDCSettings struct {
	AggregateID   string
	CreationDate  time.Time
	ChangeDate    time.Time
	ResourceOwner string
	Sequence      uint64

	AccessTokenLifetime        time.Duration
	IdTokenLifetime            time.Duration
	RefreshTokenIdleExpiration time.Duration
	RefreshTokenExpiration     time.Duration
}

func (q *Queries) OIDCSettingsByAggID(ctx context.Context, aggregateID string) (_ *OIDCSettings, err error) {
	ctx, span := tracing.NewSpan(ctx)
	defer func() { span.EndWithError(err) }()

	stmt, scan := prepareOIDCSettingsQuery()
	query, args, err := stmt.Where(sq.Eq{
		OIDCSettingsColumnAggregateID.identifier(): aggregateID,
		OIDCSettingsColumnInstanceID.identifier():  authz.GetInstance(ctx).InstanceID(),
	}).ToSql()
	if err != nil {
		return nil, errors.ThrowInternal(err, "QUERY-s9nle", "Errors.Query.SQLStatment")
	}

	row := q.client.QueryRowContext(ctx, query, args...)
	return scan(row)
}

func prepareOIDCSettingsQuery() (sq.SelectBuilder, func(*sql.Row) (*OIDCSettings, error)) {
	return sq.Select(
			OIDCSettingsColumnAggregateID.identifier(),
			OIDCSettingsColumnCreationDate.identifier(),
			OIDCSettingsColumnChangeDate.identifier(),
			OIDCSettingsColumnResourceOwner.identifier(),
			OIDCSettingsColumnSequence.identifier(),
			OIDCSettingsColumnAccessTokenLifetime.identifier(),
			OIDCSettingsColumnIdTokenLifetime.identifier(),
			OIDCSettingsColumnRefreshTokenIdleExpiration.identifier(),
			OIDCSettingsColumnRefreshTokenExpiration.identifier()).
			From(oidcSettingsTable.identifier()).PlaceholderFormat(sq.Dollar),
		func(row *sql.Row) (*OIDCSettings, error) {
			oidcSettings := new(OIDCSettings)
			err := row.Scan(
				&oidcSettings.AggregateID,
				&oidcSettings.CreationDate,
				&oidcSettings.ChangeDate,
				&oidcSettings.ResourceOwner,
				&oidcSettings.Sequence,
				&oidcSettings.AccessTokenLifetime,
				&oidcSettings.IdTokenLifetime,
				&oidcSettings.RefreshTokenIdleExpiration,
				&oidcSettings.RefreshTokenExpiration,
			)
			if err != nil {
				if errs.Is(err, sql.ErrNoRows) {
					return nil, errors.ThrowNotFound(err, "QUERY-s9nlw", "Errors.OIDCSettings.NotFound")
				}
				return nil, errors.ThrowInternal(err, "QUERY-9bf8s", "Errors.Internal")
			}
			return oidcSettings, nil
		}
}
feat: OIDC setting (#3245) * feat: add oidc config struct * feat: oidc config command side * feat: oidc configuration query side * feat: add translations * feat: add tests * feat: add translations * feat: rename oidc config to oidc settings * feat: rename oidc config to oidc settings 2022-02-25 15:05:06 +00:00			`package query`

			`import (`
			`"context"`
			`"database/sql"`
			`errs "errors"`
			`"time"`

			`sq "github.com/Masterminds/squirrel"`
feat: projections auto create their tables (#3324) * begin init checks for projections * first projection checks * debug notification providers with query fixes * more projections and first index * more projections * more projections * finish projections * fix tests (remove db name) * create tables in setup * fix logging / error handling * add tenant to views * rename tenant to instance_id * add instance_id to all projections * add instance_id to all queries * correct instance_id on projections * add instance_id to failed_events * use separate context for instance * implement features projection * implement features projection * remove unique constraint from setup when migration failed * add error to failed setup event * add instance_id to primary keys * fix IAM projection * remove old migrations folder * fix keysFromYAML test 2022-03-23 08:02:39 +00:00
chore(v2): move to new org (#3499) * chore: move to new org * logging * fix: org rename caos -> zitadel Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2022-04-26 23:01:45 +00:00			`"github.com/zitadel/zitadel/internal/api/authz"`
			`"github.com/zitadel/zitadel/internal/errors"`
			`"github.com/zitadel/zitadel/internal/query/projection"`
fix(query): add tracing for each method (#4777) * fix(query): add tracing for each method 2022-12-01 08:18:53 +00:00			`"github.com/zitadel/zitadel/internal/telemetry/tracing"`
feat: OIDC setting (#3245) * feat: add oidc config struct * feat: oidc config command side * feat: oidc configuration query side * feat: add translations * feat: add tests * feat: add translations * feat: rename oidc config to oidc settings * feat: rename oidc config to oidc settings 2022-02-25 15:05:06 +00:00			`)`

			`var (`
			`oidcSettingsTable = table{`
fix: join on instanceIDs in queries (#4612) 2022-10-27 06:08:36 +00:00			`name: projection.OIDCSettingsProjectionTable,`
			`instanceIDCol: projection.OIDCSettingsColumnInstanceID,`
feat: OIDC setting (#3245) * feat: add oidc config struct * feat: oidc config command side * feat: oidc configuration query side * feat: add translations * feat: add tests * feat: add translations * feat: rename oidc config to oidc settings * feat: rename oidc config to oidc settings 2022-02-25 15:05:06 +00:00			`}`
			`OIDCSettingsColumnAggregateID = Column{`
			`name: projection.OIDCSettingsColumnAggregateID,`
			`table: oidcSettingsTable,`
			`}`
			`OIDCSettingsColumnCreationDate = Column{`
			`name: projection.OIDCSettingsColumnCreationDate,`
			`table: oidcSettingsTable,`
			`}`
			`OIDCSettingsColumnChangeDate = Column{`
			`name: projection.OIDCSettingsColumnChangeDate,`
			`table: oidcSettingsTable,`
			`}`
			`OIDCSettingsColumnResourceOwner = Column{`
			`name: projection.OIDCSettingsColumnResourceOwner,`
			`table: oidcSettingsTable,`
			`}`
feat: projections auto create their tables (#3324) * begin init checks for projections * first projection checks * debug notification providers with query fixes * more projections and first index * more projections * more projections * finish projections * fix tests (remove db name) * create tables in setup * fix logging / error handling * add tenant to views * rename tenant to instance_id * add instance_id to all projections * add instance_id to all queries * correct instance_id on projections * add instance_id to failed_events * use separate context for instance * implement features projection * implement features projection * remove unique constraint from setup when migration failed * add error to failed setup event * add instance_id to primary keys * fix IAM projection * remove old migrations folder * fix keysFromYAML test 2022-03-23 08:02:39 +00:00			`OIDCSettingsColumnInstanceID = Column{`
			`name: projection.OIDCSettingsColumnInstanceID,`
			`table: oidcSettingsTable,`
			`}`
feat: OIDC setting (#3245) * feat: add oidc config struct * feat: oidc config command side * feat: oidc configuration query side * feat: add translations * feat: add tests * feat: add translations * feat: rename oidc config to oidc settings * feat: rename oidc config to oidc settings 2022-02-25 15:05:06 +00:00			`OIDCSettingsColumnSequence = Column{`
			`name: projection.OIDCSettingsColumnSequence,`
			`table: oidcSettingsTable,`
			`}`
			`OIDCSettingsColumnAccessTokenLifetime = Column{`
			`name: projection.OIDCSettingsColumnAccessTokenLifetime,`
			`table: oidcSettingsTable,`
			`}`
			`OIDCSettingsColumnIdTokenLifetime = Column{`
			`name: projection.OIDCSettingsColumnIdTokenLifetime,`
			`table: oidcSettingsTable,`
			`}`
			`OIDCSettingsColumnRefreshTokenIdleExpiration = Column{`
			`name: projection.OIDCSettingsColumnRefreshTokenIdleExpiration,`
			`table: oidcSettingsTable,`
			`}`
			`OIDCSettingsColumnRefreshTokenExpiration = Column{`
			`name: projection.OIDCSettingsColumnRefreshTokenExpiration,`
			`table: oidcSettingsTable,`
			`}`
			`)`

			`type OIDCSettings struct {`
			`AggregateID string`
			`CreationDate time.Time`
			`ChangeDate time.Time`
			`ResourceOwner string`
			`Sequence uint64`

			`AccessTokenLifetime time.Duration`
			`IdTokenLifetime time.Duration`
			`RefreshTokenIdleExpiration time.Duration`
			`RefreshTokenExpiration time.Duration`
			`}`

fix(query): add tracing for each method (#4777) * fix(query): add tracing for each method 2022-12-01 08:18:53 +00:00			`func (q Queries) OIDCSettingsByAggID(ctx context.Context, aggregateID string) (_ OIDCSettings, err error) {`
			`ctx, span := tracing.NewSpan(ctx)`
			`defer func() { span.EndWithError(err) }()`

feat: OIDC setting (#3245) * feat: add oidc config struct * feat: oidc config command side * feat: oidc configuration query side * feat: add translations * feat: add tests * feat: add translations * feat: rename oidc config to oidc settings * feat: rename oidc config to oidc settings 2022-02-25 15:05:06 +00:00			`stmt, scan := prepareOIDCSettingsQuery()`
			`query, args, err := stmt.Where(sq.Eq{`
			`OIDCSettingsColumnAggregateID.identifier(): aggregateID,`
feat: handle instance from context (#3382) * commander * commander * selber! * move to packages * fix(errors): implement Is interface * test: command * test: commands * add init steps * setup tenant * add default step yaml * possibility to set password * merge v2 into v2-commander * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: search query builder can filter events in memory * fix: filters for add member * fix(setup): add `ExternalSecure` to config * chore: name iam to instance * fix: matching * remove unsued func * base url * base url * test(command): filter funcs * test: commands * fix: rename orgiampolicy to domain policy * start from init * commands * config * fix indexes and add constraints * fixes * fix: merge conflicts * fix: protos * fix: md files * setup * add deprecated org iam policy again * typo * fix search query * fix filter * Apply suggestions from code review * remove custom org from org setup * add todos for verification * change apps creation * simplify package structure * fix error * move preparation helper for tests * fix unique constraints * fix config mapping in setup * fix error handling in encryption_keys.go * fix projection config * fix query from old views to projection * fix setup of mgmt api * set iam project and fix instance projection * fix tokens view * fix steps.yaml and defaults.yaml * fix projections * change instance context to interface * instance interceptors and additional events in setup * cleanup * tests for interceptors * fix label policy * add todo * single api endpoint in environment.json Co-authored-by: adlerhurst <silvan.reusser@gmail.com> Co-authored-by: fabi <fabienne.gerschwiler@gmail.com> 2022-03-29 09:53:19 +00:00			`OIDCSettingsColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),`
feat: OIDC setting (#3245) * feat: add oidc config struct * feat: oidc config command side * feat: oidc configuration query side * feat: add translations * feat: add tests * feat: add translations * feat: rename oidc config to oidc settings * feat: rename oidc config to oidc settings 2022-02-25 15:05:06 +00:00			`}).ToSql()`
			`if err != nil {`
			`return nil, errors.ThrowInternal(err, "QUERY-s9nle", "Errors.Query.SQLStatment")`
			`}`

			`row := q.client.QueryRowContext(ctx, query, args...)`
			`return scan(row)`
			`}`

			`func prepareOIDCSettingsQuery() (sq.SelectBuilder, func(sql.Row) (OIDCSettings, error)) {`
			`return sq.Select(`
			`OIDCSettingsColumnAggregateID.identifier(),`
			`OIDCSettingsColumnCreationDate.identifier(),`
			`OIDCSettingsColumnChangeDate.identifier(),`
			`OIDCSettingsColumnResourceOwner.identifier(),`
			`OIDCSettingsColumnSequence.identifier(),`
			`OIDCSettingsColumnAccessTokenLifetime.identifier(),`
			`OIDCSettingsColumnIdTokenLifetime.identifier(),`
			`OIDCSettingsColumnRefreshTokenIdleExpiration.identifier(),`
			`OIDCSettingsColumnRefreshTokenExpiration.identifier()).`
			`From(oidcSettingsTable.identifier()).PlaceholderFormat(sq.Dollar),`
			`func(row sql.Row) (OIDCSettings, error) {`
			`oidcSettings := new(OIDCSettings)`
			`err := row.Scan(`
			`&oidcSettings.AggregateID,`
			`&oidcSettings.CreationDate,`
			`&oidcSettings.ChangeDate,`
			`&oidcSettings.ResourceOwner,`
			`&oidcSettings.Sequence,`
			`&oidcSettings.AccessTokenLifetime,`
			`&oidcSettings.IdTokenLifetime,`
			`&oidcSettings.RefreshTokenIdleExpiration,`
			`&oidcSettings.RefreshTokenExpiration,`
			`)`
			`if err != nil {`
			`if errs.Is(err, sql.ErrNoRows) {`
			`return nil, errors.ThrowNotFound(err, "QUERY-s9nlw", "Errors.OIDCSettings.NotFound")`
			`}`
			`return nil, errors.ThrowInternal(err, "QUERY-9bf8s", "Errors.Internal")`
			`}`
			`return oidcSettings, nil`
			`}`
			`}`