fix: setup instance domain handling (#3529)

2025-08-11 21:27:42 +00:00 · 2022-04-28 10:30:41 +02:00
parent 70e98460ab
commit 00f7dbe875
16 changed files with 152 additions and 113 deletions
--- a/cmd/admin/setup/03.go
+++ b/cmd/admin/setup/03.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"database/sql"
 	"fmt"
+	"strings"

 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/command"
@@ -14,15 +15,18 @@ import (
 )

 type DefaultInstance struct {
-	InstanceSetup command.InstanceSetup
+	InstanceName string
+	CustomDomain string
+	Org          command.OrgSetup

+	instanceSetup     command.InstanceSetup
 	userEncryptionKey *crypto.KeyConfig
 	masterKey         string
 	db                *sql.DB
 	es                *eventstore.Eventstore
-	domain            string
 	defaults          systemdefaults.SystemDefaults
 	zitadelRoles      []authz.RoleMapping
+	externalDomain    string
 	externalSecure    bool
 	externalPort      uint16
 }
@@ -47,6 +51,7 @@ func (mig *DefaultInstance) Execute(ctx context.Context) error {
 		nil,
 		nil,
 		nil,
+		mig.externalDomain,
 		mig.externalSecure,
 		mig.externalPort,
 		nil,
@@ -60,9 +65,16 @@ func (mig *DefaultInstance) Execute(ctx context.Context) error {
 	if err != nil {
 		return err
 	}
-	ctx = authz.WithRequestedDomain(ctx, mig.domain)

-	_, _, err = cmd.SetUpInstance(ctx, &mig.InstanceSetup, mig.externalSecure)
+	mig.instanceSetup.InstanceName = mig.InstanceName
+	mig.instanceSetup.CustomDomain = mig.CustomDomain
+	mig.instanceSetup.Org = mig.Org
+	mig.instanceSetup.Org.Human.Email.Address = strings.TrimSpace(mig.instanceSetup.Org.Human.Email.Address)
+	if mig.instanceSetup.Org.Human.Email.Address == "" {
+		mig.instanceSetup.Org.Human.Email.Address = "admin@" + mig.instanceSetup.CustomDomain
+	}
+
+	_, _, err = cmd.SetUpInstance(ctx, &mig.instanceSetup)
 	return err
 }

--- a/cmd/admin/setup/config.go
+++ b/cmd/admin/setup/config.go
@@ -19,6 +19,7 @@ type Config struct {
 	Database        database.Config
 	SystemDefaults  systemdefaults.SystemDefaults
 	InternalAuthZ   authz.Config
+	ExternalDomain  string
 	ExternalPort    uint16
 	ExternalSecure  bool
 	Log             *logging.Config
--- a/cmd/admin/setup/setup.go
+++ b/cmd/admin/setup/setup.go
@@ -3,7 +3,6 @@ package setup
 import (
 	"context"
 	_ "embed"
-	"strings"

 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
@@ -60,24 +59,14 @@ func Setup(config *Config, steps *Steps, masterKey string) {
 	steps.s1ProjectionTable = &ProjectionTable{dbClient: dbClient}
 	steps.s2AssetsTable = &AssetTable{dbClient: dbClient}

-	instanceSetup := config.DefaultInstance
-	instanceSetup.InstanceName = steps.S3DefaultInstance.InstanceSetup.InstanceName
-	instanceSetup.CustomDomain = steps.S3DefaultInstance.InstanceSetup.CustomDomain
-	instanceSetup.Org = steps.S3DefaultInstance.InstanceSetup.Org
-	steps.S3DefaultInstance.InstanceSetup = instanceSetup
-
-	steps.S3DefaultInstance.InstanceSetup.Org.Human.Email.Address = strings.TrimSpace(steps.S3DefaultInstance.InstanceSetup.Org.Human.Email.Address)
-	if steps.S3DefaultInstance.InstanceSetup.Org.Human.Email.Address == "" {
-		steps.S3DefaultInstance.InstanceSetup.Org.Human.Email.Address = "admin@" + instanceSetup.CustomDomain
-	}
-
-	steps.S3DefaultInstance.es = eventstoreClient
-	steps.S3DefaultInstance.db = dbClient
-	steps.S3DefaultInstance.defaults = config.SystemDefaults
-	steps.S3DefaultInstance.masterKey = masterKey
-	steps.S3DefaultInstance.domain = instanceSetup.CustomDomain
-	steps.S3DefaultInstance.zitadelRoles = config.InternalAuthZ.RolePermissionMappings
+	steps.S3DefaultInstance.instanceSetup = config.DefaultInstance
 	steps.S3DefaultInstance.userEncryptionKey = config.EncryptionKeys.User
+	steps.S3DefaultInstance.masterKey = masterKey
+	steps.S3DefaultInstance.db = dbClient
+	steps.S3DefaultInstance.es = eventstoreClient
+	steps.S3DefaultInstance.defaults = config.SystemDefaults
+	steps.S3DefaultInstance.zitadelRoles = config.InternalAuthZ.RolePermissionMappings
+	steps.S3DefaultInstance.externalDomain = config.ExternalDomain
 	steps.S3DefaultInstance.externalSecure = config.ExternalSecure
 	steps.S3DefaultInstance.externalPort = config.ExternalPort

@@ -85,9 +74,9 @@ func Setup(config *Config, steps *Steps, masterKey string) {
 	err = migration.Migrate(ctx, eventstoreClient, steps.s1ProjectionTable)
 	logging.OnError(err).Fatal("unable to migrate step 1")
 	err = migration.Migrate(ctx, eventstoreClient, steps.s2AssetsTable)
-	logging.OnError(err).Fatal("unable to migrate step 3")
+	logging.OnError(err).Fatal("unable to migrate step 2")
 	err = migration.Migrate(ctx, eventstoreClient, steps.S3DefaultInstance)
-	logging.OnError(err).Fatal("unable to migrate step 4")
+	logging.OnError(err).Fatal("unable to migrate step 3")
 }

 func initSteps(v *viper.Viper, files ...string) func() {
--- a/cmd/admin/setup/steps.yaml
+++ b/cmd/admin/setup/steps.yaml
@@ -1,21 +1,21 @@
 S3DefaultInstance:
-  InstanceSetup:
-    InstanceName: Localhost
-    CustomDomain: localhost
-    Org:
-      Name: ZITADEL
-      Human:
-        UserName: zitadel-admin
-        FirstName: ZITADEL
-        LastName: Admin
-        NickName:
-        DisplayName:
-        Email:
-          Address: #autogenerated if empty. uses domain from config and prefixes admin@. for example: admin@domain.tdl
-          Verified: true
-        PreferredLanguage:
-        Gender:
-        Phone:
-          Number:
-          Verified:
-        Password: Password1!
+  InstanceName: Localhost
+  CustomDomain: localhost
+  Org:
+    Name: ZITADEL
+    Human:
+      UserName: zitadel-admin
+      FirstName: ZITADEL
+      LastName: Admin
+      NickName:
+      DisplayName:
+      Email:
+        Address: #autogenerated if empty. uses domain from config and prefixes admin@. for example: admin@domain.tdl
+        Verified: true
+      PreferredLanguage: en
+      Gender:
+      Phone:
+        Number:
+        Verified:
+      Password: Password1!
+      PasswordChangeRequired: true
--- a/cmd/admin/start/config.go
+++ b/cmd/admin/start/config.go
@@ -28,6 +28,7 @@ type Config struct {
 	Log             *logging.Config
 	Port            uint16
 	ExternalPort    uint16
+	ExternalDomain  string
 	ExternalSecure  bool
 	HTTP2HostHeader string
 	HTTP1HostHeader string
--- a/cmd/admin/start/start.go
+++ b/cmd/admin/start/start.go
@@ -118,6 +118,7 @@ func startZitadel(config *Config, masterKey string) error {
 		storage,
 		authZRepo,
 		webAuthNConfig,
+		config.ExternalDomain,
 		config.ExternalSecure,
 		config.ExternalPort,
 		keys.IDPConfig,
@@ -161,7 +162,7 @@ func startAPIs(ctx context.Context, router *mux.Router, commands *command.Comman
 	if err != nil {
 		return fmt.Errorf("error starting admin repo: %w", err)
 	}
-	if err := authenticatedAPIs.RegisterServer(ctx, system.CreateServer(commands, queries, adminRepo, config.DefaultInstance, config.ExternalSecure)); err != nil {
+	if err := authenticatedAPIs.RegisterServer(ctx, system.CreateServer(commands, queries, adminRepo, config.DefaultInstance)); err != nil {
 		return err
 	}
 	if err := authenticatedAPIs.RegisterServer(ctx, admin.CreateServer(commands, queries, adminRepo, assets.HandlerPrefix, keys.User)); err != nil {
--- a/cmd/defaults.yaml
+++ b/cmd/defaults.yaml
@@ -5,6 +5,7 @@ Log:

 Port: 8080
 ExternalPort: 8080
+ExternalDomain:  #must be provided
 ExternalSecure: true
 HTTP2HostHeader: ":authority"
 HTTP1HostHeader: "host"
@@ -172,7 +173,7 @@ DefaultInstance:
      Email:
        Address:
        Verified: false
-      PreferredLanguage:
+      PreferredLanguage: en
      Gender:
      Phone:
        Number: