2021-01-04 13:52:13 +00:00
|
|
|
package command
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
|
|
|
|
caos_errs "github.com/caos/zitadel/internal/errors"
|
2021-01-08 10:33:45 +00:00
|
|
|
"github.com/caos/zitadel/internal/eventstore/v2"
|
2021-01-04 13:52:13 +00:00
|
|
|
"github.com/caos/zitadel/internal/v2/domain"
|
|
|
|
iam_repo "github.com/caos/zitadel/internal/v2/repository/iam"
|
|
|
|
)
|
|
|
|
|
|
|
|
type Step1 struct {
|
|
|
|
GlobalOrg string
|
|
|
|
IAMProject string
|
|
|
|
DefaultLoginPolicy LoginPolicy //*iam_model.LoginPolicy
|
|
|
|
Orgs []Org
|
|
|
|
Owners []string
|
|
|
|
|
|
|
|
//setup *Setup
|
|
|
|
//createdUsers map[string]*usr_model.User
|
|
|
|
//createdOrgs map[string]*org_model.Org
|
|
|
|
//createdProjects map[string]*proj_model.Project
|
|
|
|
//pwComplexityPolicy *iam_model.PasswordComplexityPolicyView
|
|
|
|
}
|
|
|
|
|
2021-01-06 09:47:55 +00:00
|
|
|
func (s *Step1) Step() domain.Step {
|
|
|
|
return domain.Step1
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Step1) execute(ctx context.Context, commandSide *CommandSide) error {
|
|
|
|
return commandSide.SetupStep1(ctx, commandSide.iamID, s)
|
|
|
|
}
|
|
|
|
|
2021-01-04 13:52:13 +00:00
|
|
|
type LoginPolicy struct {
|
|
|
|
AllowRegister bool
|
|
|
|
AllowUsernamePassword bool
|
|
|
|
AllowExternalIdp bool
|
|
|
|
}
|
|
|
|
|
|
|
|
type User struct {
|
|
|
|
FirstName string
|
|
|
|
LastName string
|
|
|
|
UserName string
|
|
|
|
Email string
|
|
|
|
Password string
|
|
|
|
}
|
|
|
|
|
|
|
|
type Org struct {
|
|
|
|
Name string
|
|
|
|
Domain string
|
|
|
|
OrgIamPolicy bool
|
2021-01-08 10:33:45 +00:00
|
|
|
Owner User
|
2021-01-04 13:52:13 +00:00
|
|
|
Projects []Project
|
|
|
|
}
|
|
|
|
|
|
|
|
type Project struct {
|
|
|
|
Name string
|
|
|
|
Users []User
|
|
|
|
Members []string
|
|
|
|
OIDCApps []OIDCApp
|
|
|
|
}
|
|
|
|
|
|
|
|
type OIDCApp struct {
|
|
|
|
Name string
|
|
|
|
RedirectUris []string
|
|
|
|
ResponseTypes []string
|
|
|
|
GrantTypes []string
|
|
|
|
ApplicationType string
|
|
|
|
AuthMethodType string
|
|
|
|
PostLogoutRedirectUris []string
|
|
|
|
DevMode bool
|
|
|
|
}
|
|
|
|
|
2021-01-06 09:47:55 +00:00
|
|
|
func (r *CommandSide) SetupStep1(ctx context.Context, iamID string, step1 *Step1) error {
|
|
|
|
iamAgg := iam_repo.NewAggregate(r.iamID, "", 0)
|
2021-01-04 13:52:13 +00:00
|
|
|
//create default login policy
|
2021-01-06 09:47:55 +00:00
|
|
|
err := r.addDefaultLoginPolicy(ctx, iamAgg, NewIAMLoginPolicyWriteModel(iamAgg.ID()),
|
2021-01-05 08:33:45 +00:00
|
|
|
&domain.LoginPolicy{
|
2021-01-04 13:52:13 +00:00
|
|
|
AllowUsernamePassword: step1.DefaultLoginPolicy.AllowUsernamePassword,
|
|
|
|
AllowRegister: step1.DefaultLoginPolicy.AllowRegister,
|
|
|
|
AllowExternalIdp: step1.DefaultLoginPolicy.AllowExternalIdp,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
//create orgs
|
2021-01-08 10:33:45 +00:00
|
|
|
aggregates := make([]eventstore.Aggregater, 0)
|
|
|
|
for _, organisation := range step1.Orgs {
|
|
|
|
orgAgg, userAgg, orgMemberAgg, err := r.setUpOrg(ctx,
|
|
|
|
&domain.Org{
|
|
|
|
Name: organisation.Name,
|
|
|
|
Domains: []*domain.OrgDomain{{Domain: organisation.Domain}},
|
|
|
|
},
|
|
|
|
&domain.User{
|
|
|
|
UserName: organisation.Owner.UserName,
|
|
|
|
Human: &domain.Human{
|
|
|
|
Profile: &domain.Profile{
|
|
|
|
FirstName: organisation.Owner.FirstName,
|
|
|
|
LastName: organisation.Owner.LastName,
|
|
|
|
},
|
|
|
|
Password: &domain.Password{
|
|
|
|
SecretString: organisation.Owner.Password,
|
|
|
|
},
|
|
|
|
Email: &domain.Email{
|
|
|
|
EmailAddress: organisation.Owner.Email,
|
|
|
|
IsEmailVerified: true,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if organisation.OrgIamPolicy {
|
|
|
|
err = r.addOrgIAMPolicy(ctx, orgAgg, NewORGOrgIAMPolicyWriteModel(orgAgg.ID()), &domain.OrgIAMPolicy{UserLoginMustBeDomain: false})
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
aggregates = append(aggregates, orgAgg, userAgg, orgMemberAgg)
|
|
|
|
//projects
|
|
|
|
//create applications
|
|
|
|
}
|
|
|
|
|
2021-01-04 13:52:13 +00:00
|
|
|
//set iam owners
|
|
|
|
//set global org
|
|
|
|
//set iam project id
|
|
|
|
|
|
|
|
/*aggregates:
|
2021-01-08 10:33:45 +00:00
|
|
|
iam:
|
|
|
|
default login policy
|
|
|
|
iam owner
|
|
|
|
org:
|
|
|
|
default
|
|
|
|
caos
|
|
|
|
zitadel
|
2021-01-04 13:52:13 +00:00
|
|
|
|
|
|
|
*/
|
|
|
|
iamAgg.PushEvents(iam_repo.NewSetupStepDoneEvent(ctx, domain.Step1))
|
|
|
|
|
2021-01-08 10:33:45 +00:00
|
|
|
_, err = r.eventstore.PushAggregates(ctx, append(aggregates, iamAgg)...)
|
2021-01-04 13:52:13 +00:00
|
|
|
if err != nil {
|
|
|
|
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-Gr2hh", "Setup Step1 failed")
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|