TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-04-07 14:14:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: push events (#1262)

Browse Source 
* fix: push events instead of aggregates

* fix: tests

* try without aggregate methods and with aggregate methods

* fix: change push aggregate to push events

* fix: change push aggregate to push events

* fix: change push aggregate to push events

* fix: change push aggregate to push events

* fix: change push aggregate to push events

* fix: change push aggregate to push events

* fix: change push aggregate to push events

* fix: change push aggregate to push events

* fix: change push aggregate to push events

* fix: change push aggregate to push events

* fix: client secret

* fix: query eventtypes

* fix: query eventtypes

* fix: eventstore index

* fix: index

* fix: merge new eventstore

* fix: remove unnecessary todos

* fix: remove unnecessary todos

Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com>
This commit is contained in:
Silvan 2021-02-18 14:48:27 +01:00 committed by GitHub
parent 027a6386c0
commit 00fec8830a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
187 changed files with 3000 additions and 2161 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/zitadel/system-defaults.yaml
View File

@ -15,7 +15,7 @@ SystemDefaults:
IncludeLowerLetters: true IncludeLowerLetters: true
IncludeUpperLetters: true IncludeUpperLetters: true
IncludeDigits: true IncludeDigits: true
IncludeSymbols: true IncludeSymbols: false
InitializeUserCode: InitializeUserCode:
Length: 6 Length: 6
Expiry: '72h' Expiry: '72h'

2
internal/api/oidc/auth_request.go
View File

@ -89,7 +89,7 @@ func (o *OPStorage) CreateToken(ctx context.Context, req op.TokenRequest) (_ str
userAgentID = authReq.AgentID userAgentID = authReq.AgentID
applicationID = authReq.ApplicationID applicationID = authReq.ApplicationID
} }
resp, err := o.command.CreateUserToken(ctx, authReq.UserOrgID, userAgentID, applicationID, req.GetSubject(), req.GetAudience(), req.GetScopes(), o.defaultAccessTokenLifetime) //PLANNED: lifetime from client resp, err := o.command.AddUserToken(ctx, authReq.UserOrgID, userAgentID, applicationID, req.GetSubject(), req.GetAudience(), req.GetScopes(), o.defaultAccessTokenLifetime) //PLANNED: lifetime from client
if err != nil { if err != nil {
return "", time.Time{}, err return "", time.Time{}, err
} }

106
internal/eventstore/v2/aggregate.go
View File

@ -1,86 +1,66 @@
package eventstore package eventstore
type Aggregater interface { import (
//ID returns the aggreagte id "context"
ID() string
//KeyType returns the aggregate type
Type() AggregateType
//Events returns the events which will be pushed
Events() []EventPusher
//ResourceOwner returns the organisation id which manages this aggregate
// resource owner is only on the inital push needed
// afterwards the resource owner of the previous event is taken
ResourceOwner() string
//Version represents the semantic version of the aggregate
Version() Version
}
"github.com/caos/zitadel/internal/api/authz"
)
type aggregateOpt func(*Aggregate)
//NewAggregate is the default constructor of an aggregate
// opts overwrite values calculated by given parameters
func NewAggregate( func NewAggregate(
ctx context.Context,
id string, id string,
typ AggregateType, typ AggregateType,
resourceOwner string,
version Version, version Version,
opts ...aggregateOpt,
) *Aggregate { ) *Aggregate {
return &Aggregate{ a := &Aggregate{
id: id, ID: id,
typ: typ, Typ: typ,
resourceOwner: resourceOwner, ResourceOwner: authz.GetCtxData(ctx).OrgID,
version: version, Version: version,
events: []EventPusher{}, }
for _, opt := range opts {
opt(a)
}
return a
}
//WithResourceOwner overwrites the resource owner of the aggregate
// by default the resource owner is set by the context
func WithResourceOwner(resourceOwner string) aggregateOpt {
return func(aggregate *Aggregate) {
aggregate.ResourceOwner = resourceOwner
} }
} }
//AggregateFromWriteModel maps the given WriteModel to an Aggregate
func AggregateFromWriteModel( func AggregateFromWriteModel(
wm *WriteModel, wm *WriteModel,
typ AggregateType, typ AggregateType,
version Version, version Version,
) *Aggregate { ) *Aggregate {
return &Aggregate{ return &Aggregate{
id: wm.AggregateID, ID: wm.AggregateID,
typ: typ, Typ: typ,
resourceOwner: wm.ResourceOwner, ResourceOwner: wm.ResourceOwner,
version: version, Version: version,
events: []EventPusher{},
} }
} }
//Aggregate is the basic implementation of Aggregater //Aggregate is the basic implementation of Aggregater
type Aggregate struct { type Aggregate struct {
id string `json:"-"` //ID is the unique identitfier of this aggregate
typ AggregateType `json:"-"` ID string `json:"-"`
events []EventPusher `json:"-"` //Typ is the name of the aggregate.
resourceOwner string `json:"-"` Typ AggregateType `json:"-"`
version Version `json:"-"` //ResourceOwner is the org this aggregates belongs to
} ResourceOwner string `json:"-"`
//Version is the semver this aggregate represents
//PushEvents adds all the events to the aggregate. Version Version `json:"-"`
// The added events will be pushed to eventstore
func (a *Aggregate) PushEvents(events ...EventPusher) *Aggregate {
a.events = append(a.events, events...)
return a
}
//ID implements Aggregater
func (a *Aggregate) ID() string {
return a.id
}
//KeyType implements Aggregater
func (a *Aggregate) Type() AggregateType {
return a.typ
}
//Events implements Aggregater
func (a *Aggregate) Events() []EventPusher {
return a.events
}
//ResourceOwner implements Aggregater
func (a *Aggregate) ResourceOwner() string {
return a.resourceOwner
}
//Version implements Aggregater
func (a *Aggregate) Version() Version {
return a.version
} }

8
internal/eventstore/v2/event.go
View File

@ -5,6 +5,8 @@ import (
) )
type EventPusher interface { type EventPusher interface {
//Aggregate is the metadata of an aggregate
Aggregate() Aggregate
// EditorService is the service who wants to push the event // EditorService is the service who wants to push the event
EditorService() string EditorService() string
//EditorUser is the user who wants to push the event //EditorUser is the user who wants to push the event
@ -30,10 +32,8 @@ type EventReader interface {
//KeyType is the type of the event //KeyType is the type of the event
Type() EventType Type() EventType
AggregateID() string Aggregate() Aggregate
AggregateType() AggregateType
ResourceOwner() string
AggregateVersion() Version
Sequence() uint64 Sequence() uint64
CreationDate() time.Time CreationDate() time.Time
} }

75
internal/eventstore/v2/event_base.go
View File

@ -9,15 +9,14 @@ import (
"github.com/caos/zitadel/internal/eventstore/v2/repository" "github.com/caos/zitadel/internal/eventstore/v2/repository"
) )
//BaseEvent represents the minimum metadata of an event
type BaseEvent struct { type BaseEvent struct {
aggregateID string `json:"-"` EventType EventType
aggregateType AggregateType `json:"-"`
EventType EventType `json:"-"`
resourceOwner string `json:"-"` aggregate Aggregate
aggregateVersion Version `json:"-"`
sequence uint64 `json:"-"` sequence uint64
creationDate time.Time `json:"-"` creationDate time.Time
//User is the user who created the event //User is the user who created the event
User string `json:"-"` User string `json:"-"`
@ -35,59 +34,51 @@ func (e *BaseEvent) EditorUser() string {
return e.User return e.User
} }
//KeyType implements EventPusher //Type implements EventPusher
func (e *BaseEvent) Type() EventType { func (e *BaseEvent) Type() EventType {
return e.EventType return e.EventType
} }
func (e *BaseEvent) AggregateID() string { //Sequence is an upcounting unique number of the event
return e.aggregateID
}
func (e *BaseEvent) AggregateType() AggregateType {
return e.aggregateType
}
func (e *BaseEvent) ResourceOwner() string {
return e.resourceOwner
}
func (e *BaseEvent) AggregateVersion() Version {
return e.aggregateVersion
}
func (e *BaseEvent) Sequence() uint64 { func (e *BaseEvent) Sequence() uint64 {
return e.sequence return e.sequence
} }
//CreationDate is the the time, the event is inserted into the eventstore
func (e *BaseEvent) CreationDate() time.Time { func (e *BaseEvent) CreationDate() time.Time {
return e.creationDate return e.creationDate
} }
//Aggregate represents the metadata of the event's aggregate
func (e *BaseEvent) Aggregate() Aggregate {
return e.aggregate
}
//BaseEventFromRepo maps a stored event to a BaseEvent
func BaseEventFromRepo(event *repository.Event) *BaseEvent { func BaseEventFromRepo(event *repository.Event) *BaseEvent {
return &BaseEvent{ return &BaseEvent{
aggregateID: event.AggregateID, aggregate: Aggregate{
aggregateType: AggregateType(event.AggregateType), ID: event.AggregateID,
aggregateVersion: Version(event.Version), Typ: AggregateType(event.AggregateType),
EventType: EventType(event.Type), ResourceOwner: event.ResourceOwner,
creationDate: event.CreationDate, Version: Version(event.Version),
sequence: event.Sequence, },
resourceOwner: event.ResourceOwner, EventType: EventType(event.Type),
Service: event.EditorService, creationDate: event.CreationDate,
User: event.EditorUser, sequence: event.Sequence,
Service: event.EditorService,
User: event.EditorUser,
} }
} }
func NewBaseEventForPush(ctx context.Context, typ EventType) *BaseEvent { //NewBaseEventForPush is the constructor for event's which will be pushed into the eventstore
svcName := service.FromContext(ctx) // the resource owner of the aggregate is only used if it's the first event of this aggregateroot
// afterwards the resource owner of the first previous events is taken
func NewBaseEventForPush(ctx context.Context, aggregate *Aggregate, typ EventType) *BaseEvent {
return &BaseEvent{ return &BaseEvent{
aggregate: *aggregate,
User: authz.GetCtxData(ctx).UserID, User: authz.GetCtxData(ctx).UserID,
Service: svcName, Service: service.FromContext(ctx),
EventType: typ, EventType: typ,
} }
} }
func NewBaseEventForPushWithResourceOwner(ctx context.Context, typ EventType, resourceOwner string) *BaseEvent {
svcName := service.FromContext(ctx)
return &BaseEvent{
User: authz.GetCtxData(ctx).UserID,
Service: svcName,
EventType: typ,
resourceOwner: resourceOwner,
}
}

89
internal/eventstore/v2/eventstore.go
View File

@ -36,67 +36,56 @@ func (es *Eventstore) Health(ctx context.Context) error {
return es.repo.Health(ctx) return es.repo.Health(ctx)
} }
//PushAggregate pushes the aggregate and reduces the new events on the aggregate //PushEvents pushes the events in a single transaction
func (es *Eventstore) PushAggregate(ctx context.Context, writeModel queryReducer, aggregate Aggregater) error { // an event needs at least an aggregate
events, err := es.PushAggregates(ctx, aggregate) func (es *Eventstore) PushEvents(ctx context.Context, pushEvents ...EventPusher) ([]EventReader, error) {
if err != nil { events, constraints, err := eventsToRepository(pushEvents)
return err
}
writeModel.AppendEvents(events...)
return writeModel.Reduce()
}
//PushAggregates maps the events of all aggregates to an eventstore event
// based on the pushMapper
func (es *Eventstore) PushAggregates(ctx context.Context, aggregates ...Aggregater) ([]EventReader, error) {
events, uniqueConstraints, err := es.aggregatesToEvents(aggregates)
if err != nil { if err != nil {
return nil, err return nil, err
} }
err = es.repo.Push(ctx, events, constraints...)
err = es.repo.Push(ctx, events, uniqueConstraints...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return es.mapEvents(events) return es.mapEvents(events)
} }
func (es *Eventstore) aggregatesToEvents(aggregates []Aggregater) ([]*repository.Event, []*repository.UniqueConstraint, error) { func eventsToRepository(pushEvents []EventPusher) (events []*repository.Event, constraints []*repository.UniqueConstraint, err error) {
events := make([]*repository.Event, 0, len(aggregates)) events = make([]*repository.Event, len(pushEvents))
uniqueConstraints := make([]*repository.UniqueConstraint, 0) for i, event := range pushEvents {
for _, aggregate := range aggregates { data, err := eventData(event)
for _, event := range aggregate.Events() { if err != nil {
data, err := eventData(event) return nil, nil, err
if err != nil { }
return nil, nil, err events[i] = &repository.Event{
} AggregateID: event.Aggregate().ID,
events = append(events, &repository.Event{ AggregateType: repository.AggregateType(event.Aggregate().Typ),
AggregateID: aggregate.ID(), ResourceOwner: event.Aggregate().ResourceOwner,
AggregateType: repository.AggregateType(aggregate.Type()), EditorService: event.EditorService(),
ResourceOwner: aggregate.ResourceOwner(), EditorUser: event.EditorUser(),
EditorService: event.EditorService(), Type: repository.EventType(event.Type()),
EditorUser: event.EditorUser(), Version: repository.Version(event.Aggregate().Version),
Type: repository.EventType(event.Type()), Data: data,
Version: repository.Version(aggregate.Version()), }
Data: data, if len(event.UniqueConstraints()) > 0 {
}) constraints = append(constraints, uniqueConstraintsToRepository(event.UniqueConstraints())...)
if event.UniqueConstraints() != nil {
for _, constraint := range event.UniqueConstraints() {
uniqueConstraints = append(uniqueConstraints,
&repository.UniqueConstraint{
UniqueType: constraint.UniqueType,
UniqueField: constraint.UniqueField,
Action: uniqueConstraintActionToRepository(constraint.Action),
ErrorMessage: constraint.ErrorMessage,
},
)
}
}
} }
} }
return events, uniqueConstraints, nil
return events, constraints, nil
}
func uniqueConstraintsToRepository(constraints []*EventUniqueConstraint) (uniqueConstraints []*repository.UniqueConstraint) {
uniqueConstraints = make([]*repository.UniqueConstraint, len(constraints))
for i, constraint := range constraints {
uniqueConstraints[i] = &repository.UniqueConstraint{
UniqueType: constraint.UniqueType,
UniqueField: constraint.UniqueField,
Action: uniqueConstraintActionToRepository(constraint.Action),
ErrorMessage: constraint.ErrorMessage,
}
}
return uniqueConstraints
} }
//FilterEvents filters the stored events based on the searchQuery //FilterEvents filters the stored events based on the searchQuery

307
internal/eventstore/v2/eventstore_test.go
View File

@ -31,7 +31,7 @@ func (a *testAggregate) Events() []EventPusher {
} }
func (a *testAggregate) ResourceOwner() string { func (a *testAggregate) ResourceOwner() string {
return "ro" return "caos"
} }
func (a *testAggregate) Version() Version { func (a *testAggregate) Version() Version {
@ -47,13 +47,14 @@ type testEvent struct {
data func() interface{} data func() interface{}
} }
func newTestEvent(description string, data func() interface{}, checkPrevious bool) *testEvent { func newTestEvent(id, description string, data func() interface{}, checkPrevious bool) *testEvent {
return &testEvent{ return &testEvent{
description: description, description: description,
data: data, data: data,
shouldCheckPrevious: checkPrevious, shouldCheckPrevious: checkPrevious,
BaseEvent: *NewBaseEventForPush( BaseEvent: *NewBaseEventForPush(
service.WithService(authz.NewMockContext("resourceOwner", "editorUser"), "editorService"), service.WithService(authz.NewMockContext("resourceOwner", "editorUser"), "editorService"),
NewAggregate(authz.NewMockContext("caos", "adlerhurst"), id, "test.aggregate", "v1"),
"test.event", "test.event",
), ),
} }
@ -69,7 +70,7 @@ func (e *testEvent) UniqueConstraints() []*EventUniqueConstraint {
func testFilterMapper(event *repository.Event) (EventReader, error) { func testFilterMapper(event *repository.Event) (EventReader, error) {
if event == nil { if event == nil {
return newTestEvent("hodor", nil, false), nil return newTestEvent("testID", "hodor", nil, false), nil
} }
return &testEvent{description: "hodor", BaseEvent: *BaseEventFromRepo(event)}, nil return &testEvent{description: "hodor", BaseEvent: *BaseEventFromRepo(event)}, nil
} }
@ -129,7 +130,7 @@ func Test_eventstore_RegisterFilterEventMapper(t *testing.T) {
mapper: testFilterMapper, mapper: testFilterMapper,
}, },
res: res{ res: res{
event: newTestEvent("hodor", nil, false), event: newTestEvent("testID", "hodor", nil, false),
mapperCount: 1, mapperCount: 1,
}, },
}, },
@ -145,7 +146,7 @@ func Test_eventstore_RegisterFilterEventMapper(t *testing.T) {
mapper: testFilterMapper, mapper: testFilterMapper,
}, },
res: res{ res: res{
event: newTestEvent("hodor", nil, false), event: newTestEvent("testID", "hodor", nil, false),
mapperCount: 2, mapperCount: 2,
}, },
}, },
@ -165,7 +166,7 @@ func Test_eventstore_RegisterFilterEventMapper(t *testing.T) {
mapper: testFilterMapper, mapper: testFilterMapper,
}, },
res: res{ res: res{
event: newTestEvent("hodor", nil, false), event: newTestEvent("testID", "hodor", nil, false),
mapperCount: 2, mapperCount: 2,
}, },
}, },
@ -215,6 +216,7 @@ func Test_eventData(t *testing.T) {
name: "data as json bytes", name: "data as json bytes",
args: args{ args: args{
event: newTestEvent( event: newTestEvent(
"id",
"hodor", "hodor",
func() interface{} { func() interface{} {
return []byte(`{"piff":"paff"}`) return []byte(`{"piff":"paff"}`)
@ -230,6 +232,7 @@ func Test_eventData(t *testing.T) {
name: "data as invalid json bytes", name: "data as invalid json bytes",
args: args{ args: args{
event: newTestEvent( event: newTestEvent(
"id",
"hodor", "hodor",
func() interface{} { func() interface{} {
return []byte(`{"piffpaff"}`) return []byte(`{"piffpaff"}`)
@ -245,6 +248,7 @@ func Test_eventData(t *testing.T) {
name: "data as struct", name: "data as struct",
args: args{ args: args{
event: newTestEvent( event: newTestEvent(
"id",
"hodor", "hodor",
func() interface{} { func() interface{} {
return struct { return struct {
@ -262,6 +266,7 @@ func Test_eventData(t *testing.T) {
name: "data as ptr to struct", name: "data as ptr to struct",
args: args{ args: args{
event: newTestEvent( event: newTestEvent(
"id",
"hodor", "hodor",
func() interface{} { func() interface{} {
return &struct { return &struct {
@ -279,6 +284,7 @@ func Test_eventData(t *testing.T) {
name: "no data", name: "no data",
args: args{ args: args{
event: newTestEvent( event: newTestEvent(
"id",
"hodor", "hodor",
func() interface{} { func() interface{} {
return nil return nil
@ -294,6 +300,7 @@ func Test_eventData(t *testing.T) {
name: "invalid because primitive", name: "invalid because primitive",
args: args{ args: args{
event: newTestEvent( event: newTestEvent(
"id",
"hodor", "hodor",
func() interface{} { func() interface{} {
return "" return ""
@ -309,6 +316,7 @@ func Test_eventData(t *testing.T) {
name: "invalid because pointer to primitive", name: "invalid because pointer to primitive",
args: args{ args: args{
event: newTestEvent( event: newTestEvent(
"id",
"hodor", "hodor",
func() interface{} { func() interface{} {
var s string var s string
@ -325,6 +333,7 @@ func Test_eventData(t *testing.T) {
name: "invalid because invalid struct for json", name: "invalid because invalid struct for json",
args: args{ args: args{
event: newTestEvent( event: newTestEvent(
"id",
"hodor", "hodor",
func() interface{} { func() interface{} {
return struct { return struct {
@ -355,7 +364,8 @@ func Test_eventData(t *testing.T) {
func TestEventstore_aggregatesToEvents(t *testing.T) { func TestEventstore_aggregatesToEvents(t *testing.T) {
type args struct { type args struct {
aggregates []Aggregater aggregates []Aggregate
events []EventPusher
} }
type res struct { type res struct {
wantErr bool wantErr bool
@ -369,18 +379,14 @@ func TestEventstore_aggregatesToEvents(t *testing.T) {
{ {
name: "one aggregate one event", name: "one aggregate one event",
args: args{ args: args{
aggregates: []Aggregater{ events: []EventPusher{
&testAggregate{ newTestEvent(
id: "1", "1",
events: []EventPusher{ "",
newTestEvent( func() interface{} {
"", return nil
func() interface{} {
return nil
},
false),
}, },
}, false),
}, },
}, },
res: res{ res: res{
@ -392,7 +398,7 @@ func TestEventstore_aggregatesToEvents(t *testing.T) {
Data: []byte(nil), Data: []byte(nil),
EditorService: "editorService", EditorService: "editorService",
EditorUser: "editorUser", EditorUser: "editorUser",
ResourceOwner: "ro", ResourceOwner: "caos",
Type: "test.event", Type: "test.event",
Version: "v1", Version: "v1",
}, },
@ -402,24 +408,21 @@ func TestEventstore_aggregatesToEvents(t *testing.T) {
{ {
name: "one aggregate multiple events", name: "one aggregate multiple events",
args: args{ args: args{
aggregates: []Aggregater{ events: []EventPusher{
&testAggregate{ newTestEvent(
id: "1", "1",
events: []EventPusher{ "",
newTestEvent( func() interface{} {
"", return nil
func() interface{} {
return nil
},
false),
newTestEvent(
"",
func() interface{} {
return nil
},
false),
}, },
}, false),
newTestEvent(
"1",
"",
func() interface{} {
return nil
},
false),
}, },
}, },
res: res{ res: res{
@ -431,7 +434,7 @@ func TestEventstore_aggregatesToEvents(t *testing.T) {
Data: []byte(nil), Data: []byte(nil),
EditorService: "editorService", EditorService: "editorService",
EditorUser: "editorUser", EditorUser: "editorUser",
ResourceOwner: "ro", ResourceOwner: "caos",
Type: "test.event", Type: "test.event",
Version: "v1", Version: "v1",
}, },
@ -441,7 +444,7 @@ func TestEventstore_aggregatesToEvents(t *testing.T) {
Data: []byte(nil), Data: []byte(nil),
EditorService: "editorService", EditorService: "editorService",
EditorUser: "editorUser", EditorUser: "editorUser",
ResourceOwner: "ro", ResourceOwner: "caos",
Type: "test.event", Type: "test.event",
Version: "v1", Version: "v1",
}, },
@ -451,18 +454,14 @@ func TestEventstore_aggregatesToEvents(t *testing.T) {
{ {
name: "invalid data", name: "invalid data",
args: args{ args: args{
aggregates: []Aggregater{ events: []EventPusher{
&testAggregate{ newTestEvent(
id: "1", "1",
events: []EventPusher{ "",
newTestEvent( func() interface{} {
"", return `{"data":""`
func() interface{} {
return `{"data":""`
},
false),
}, },
}, false),
}, },
}, },
res: res{ res: res{
@ -472,35 +471,28 @@ func TestEventstore_aggregatesToEvents(t *testing.T) {
{ {
name: "multiple aggregates", name: "multiple aggregates",
args: args{ args: args{
aggregates: []Aggregater{ events: []EventPusher{
&testAggregate{ newTestEvent(
id: "1", "1",
events: []EventPusher{ "",
newTestEvent( func() interface{} {
"", return nil
func() interface{} {
return nil
},
false),
newTestEvent(
"",
func() interface{} {
return nil
},
false),
}, },
}, false),
&testAggregate{ newTestEvent(
id: "2", "1",
events: []EventPusher{ "",
newTestEvent( func() interface{} {
"", return nil
func() interface{} {
return nil
},
true),
}, },
}, false),
newTestEvent(
"2",
"",
func() interface{} {
return nil
},
true),
}, },
}, },
res: res{ res: res{
@ -513,7 +505,7 @@ func TestEventstore_aggregatesToEvents(t *testing.T) {
Data: []byte(nil), Data: []byte(nil),
EditorService: "editorService", EditorService: "editorService",
EditorUser: "editorUser", EditorUser: "editorUser",
ResourceOwner: "ro", ResourceOwner: "caos",
Type: "test.event", Type: "test.event",
Version: "v1", Version: "v1",
}, },
@ -523,7 +515,7 @@ func TestEventstore_aggregatesToEvents(t *testing.T) {
Data: []byte(nil), Data: []byte(nil),
EditorService: "editorService", EditorService: "editorService",
EditorUser: "editorUser", EditorUser: "editorUser",
ResourceOwner: "ro", ResourceOwner: "caos",
Type: "test.event", Type: "test.event",
Version: "v1", Version: "v1",
}, },
@ -535,7 +527,7 @@ func TestEventstore_aggregatesToEvents(t *testing.T) {
Data: []byte(nil), Data: []byte(nil),
EditorService: "editorService", EditorService: "editorService",
EditorUser: "editorUser", EditorUser: "editorUser",
ResourceOwner: "ro", ResourceOwner: "caos",
Type: "test.event", Type: "test.event",
Version: "v1", Version: "v1",
}, },
@ -546,8 +538,7 @@ func TestEventstore_aggregatesToEvents(t *testing.T) {
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
es := &Eventstore{} events, _, err := eventsToRepository(tt.args.events)
events, _, err := es.aggregatesToEvents(tt.args.aggregates)
if (err != nil) != tt.res.wantErr { if (err != nil) != tt.res.wantErr {
t.Errorf("Eventstore.aggregatesToEvents() error = %v, wantErr %v", err, tt.res.wantErr) t.Errorf("Eventstore.aggregatesToEvents() error = %v, wantErr %v", err, tt.res.wantErr)
return return
@ -613,7 +604,7 @@ func (repo *testRepo) LatestSequence(ctx context.Context, queryFactory *reposito
func TestEventstore_Push(t *testing.T) { func TestEventstore_Push(t *testing.T) {
type args struct { type args struct {
aggregates []Aggregater events []EventPusher
} }
type fields struct { type fields struct {
repo *testRepo repo *testRepo
@ -631,18 +622,14 @@ func TestEventstore_Push(t *testing.T) {
{ {
name: "one aggregate one event", name: "one aggregate one event",
args: args{ args: args{
aggregates: []Aggregater{ events: []EventPusher{
&testAggregate{ newTestEvent(
id: "1", "1",
events: []EventPusher{ "",
newTestEvent( func() interface{} {
"", return nil
func() interface{} {
return nil
},
false),
}, },
}, false),
}, },
}, },
fields: fields{ fields: fields{
@ -655,7 +642,7 @@ func TestEventstore_Push(t *testing.T) {
Data: []byte(nil), Data: []byte(nil),
EditorService: "editorService", EditorService: "editorService",
EditorUser: "editorUser", EditorUser: "editorUser",
ResourceOwner: "ro", ResourceOwner: "caos",
Type: "test.event", Type: "test.event",
Version: "v1", Version: "v1",
}, },
@ -671,24 +658,21 @@ func TestEventstore_Push(t *testing.T) {
{ {
name: "one aggregate multiple events", name: "one aggregate multiple events",
args: args{ args: args{
aggregates: []Aggregater{ events: []EventPusher{
&testAggregate{ newTestEvent(
id: "1", "1",
events: []EventPusher{ "",
newTestEvent( func() interface{} {
"", return nil
func() interface{} {
return nil
},
false),
newTestEvent(
"",
func() interface{} {
return nil
},
false),
}, },
}, false),
newTestEvent(
"1",
"",
func() interface{} {
return nil
},
false),
}, },
}, },
fields: fields{ fields: fields{
@ -701,7 +685,7 @@ func TestEventstore_Push(t *testing.T) {
Data: []byte(nil), Data: []byte(nil),
EditorService: "editorService", EditorService: "editorService",
EditorUser: "editorUser", EditorUser: "editorUser",
ResourceOwner: "ro", ResourceOwner: "caos",
Type: "test.event", Type: "test.event",
Version: "v1", Version: "v1",
}, },
@ -711,7 +695,7 @@ func TestEventstore_Push(t *testing.T) {
Data: []byte(nil), Data: []byte(nil),
EditorService: "editorService", EditorService: "editorService",
EditorUser: "editorUser", EditorUser: "editorUser",
ResourceOwner: "ro", ResourceOwner: "caos",
Type: "test.event", Type: "test.event",
Version: "v1", Version: "v1",
}, },
@ -730,35 +714,28 @@ func TestEventstore_Push(t *testing.T) {
{ {
name: "multiple aggregates", name: "multiple aggregates",
args: args{ args: args{
aggregates: []Aggregater{ events: []EventPusher{
&testAggregate{ newTestEvent(
id: "1", "1",
events: []EventPusher{ "",
newTestEvent( func() interface{} {
"", return nil
func() interface{} {
return nil
},
false),
newTestEvent(
"",
func() interface{} {
return nil
},
false),
}, },
}, false),
&testAggregate{ newTestEvent(
id: "2", "1",
events: []EventPusher{ "",
newTestEvent( func() interface{} {
"", return nil
func() interface{} {
return nil
},
true),
}, },
}, false),
newTestEvent(
"2",
"",
func() interface{} {
return nil
},
true),
}, },
}, },
fields: fields{ fields: fields{
@ -772,7 +749,7 @@ func TestEventstore_Push(t *testing.T) {
Data: []byte(nil), Data: []byte(nil),
EditorService: "editorService", EditorService: "editorService",
EditorUser: "editorUser", EditorUser: "editorUser",
ResourceOwner: "ro", ResourceOwner: "caos",
Type: "test.event", Type: "test.event",
Version: "v1", Version: "v1",
}, },
@ -782,7 +759,7 @@ func TestEventstore_Push(t *testing.T) {
Data: []byte(nil), Data: []byte(nil),
EditorService: "editorService", EditorService: "editorService",
EditorUser: "editorUser", EditorUser: "editorUser",
ResourceOwner: "ro", ResourceOwner: "caos",
Type: "test.event", Type: "test.event",
Version: "v1", Version: "v1",
}, },
@ -794,7 +771,7 @@ func TestEventstore_Push(t *testing.T) {
Data: []byte(nil), Data: []byte(nil),
EditorService: "editorService", EditorService: "editorService",
EditorUser: "editorUser", EditorUser: "editorUser",
ResourceOwner: "ro", ResourceOwner: "caos",
Type: "test.event", Type: "test.event",
Version: "v1", Version: "v1",
}, },
@ -814,18 +791,14 @@ func TestEventstore_Push(t *testing.T) {
{ {
name: "push fails", name: "push fails",
args: args{ args: args{
aggregates: []Aggregater{ events: []EventPusher{
&testAggregate{ newTestEvent(
id: "1", "1",
events: []EventPusher{ "",
newTestEvent( func() interface{} {
"", return nil
func() interface{} {
return nil
},
false),
}, },
}, false),
}, },
}, },
fields: fields{ fields: fields{
@ -841,18 +814,14 @@ func TestEventstore_Push(t *testing.T) {
{ {
name: "aggreagtes to events mapping fails", name: "aggreagtes to events mapping fails",
args: args{ args: args{
aggregates: []Aggregater{ events: []EventPusher{
&testAggregate{ newTestEvent(
id: "1", "1",
events: []EventPusher{ "",
newTestEvent( func() interface{} {
"", return `{"data":""`
func() interface{} {
return `{"data":""`
},
false),
}, },
}, false),
}, },
}, },
fields: fields{ fields: fields{
@ -881,7 +850,7 @@ func TestEventstore_Push(t *testing.T) {
t.FailNow() t.FailNow()
} }
_, err := es.PushAggregates(context.Background(), tt.args.aggregates...) _, err := es.PushEvents(context.Background(), tt.args.events...)
if (err != nil) != tt.res.wantErr { if (err != nil) != tt.res.wantErr {
t.Errorf("Eventstore.aggregatesToEvents() error = %v, wantErr %v", err, tt.res.wantErr) t.Errorf("Eventstore.aggregatesToEvents() error = %v, wantErr %v", err, tt.res.wantErr)
} }
@ -1313,13 +1282,13 @@ func compareEvents(t *testing.T, want, got *repository.Event) {
t.Helper() t.Helper()
if want.AggregateID != got.AggregateID { if want.AggregateID != got.AggregateID {
t.Errorf("wrong aggregateID got %q want %q", want.AggregateID, got.AggregateID) t.Errorf("wrong aggregateID got %q want %q", got.AggregateID, want.AggregateID)
} }
if want.AggregateType != got.AggregateType { if want.AggregateType != got.AggregateType {
t.Errorf("wrong aggregateType got %q want %q", want.AggregateType, got.AggregateType) t.Errorf("wrong aggregateType got %q want %q", got.AggregateType, want.AggregateType)
} }
if !reflect.DeepEqual(want.Data, got.Data) { if !reflect.DeepEqual(want.Data, got.Data) {
t.Errorf("wrong data got %s want %s", string(want.Data), string(got.Data)) t.Errorf("wrong data got %s want %s", string(got.Data), string(want.Data))
} }
if want.EditorService != got.EditorService { if want.EditorService != got.EditorService {
t.Errorf("wrong editor service got %q want %q", got.EditorService, want.EditorService) t.Errorf("wrong editor service got %q want %q", got.EditorService, want.EditorService)

99
internal/eventstore/v2/example_test.go
View File

@ -7,6 +7,7 @@ import (
"testing" "testing"
"time" "time"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/eventstore/v2" "github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/eventstore/v2/repository" "github.com/caos/zitadel/internal/eventstore/v2/repository"
"github.com/caos/zitadel/internal/eventstore/v2/repository/sql" "github.com/caos/zitadel/internal/eventstore/v2/repository/sql"
@ -15,34 +16,13 @@ import (
// ------------------------------------------------------------ // ------------------------------------------------------------
// User aggregate start // User aggregate start
// ------------------------------------------------------------ // ------------------------------------------------------------
func NewUserAggregate(id string) *eventstore.Aggregate {
type UserAggregate struct { return eventstore.NewAggregate(
eventstore.Aggregate authz.NewMockContext("caos", "adlerhurst"),
id,
FirstName string "test.user",
} "v1",
)
func NewUserAggregate(id string) *UserAggregate {
return &UserAggregate{
Aggregate: *eventstore.NewAggregate(
id,
"test.user",
"caos",
"v1",
),
}
}
func (rm *UserAggregate) Reduce() error {
for _, event := range rm.Aggregate.Events() {
switch e := event.(type) {
case *UserAddedEvent:
rm.FirstName = e.FirstName
case *UserFirstNameChangedEvent:
rm.FirstName = e.FirstName
}
}
return nil
} }
// ------------------------------------------------------------ // ------------------------------------------------------------
@ -55,14 +35,13 @@ type UserAddedEvent struct {
FirstName string `json:"firstName"` FirstName string `json:"firstName"`
} }
func NewUserAddedEvent(firstName string) *UserAddedEvent { func NewUserAddedEvent(id string, firstName string) *UserAddedEvent {
return &UserAddedEvent{ return &UserAddedEvent{
FirstName: firstName, FirstName: firstName,
BaseEvent: eventstore.BaseEvent{ BaseEvent: *eventstore.NewBaseEventForPush(
Service: "test.suite", context.Background(),
User: "adlerhurst", NewUserAggregate(id),
EventType: "user.added", "user.added"),
},
} }
} }
@ -97,14 +76,13 @@ type UserFirstNameChangedEvent struct {
FirstName string `json:"firstName"` FirstName string `json:"firstName"`
} }
func NewUserFirstNameChangedEvent(firstName string) *UserFirstNameChangedEvent { func NewUserFirstNameChangedEvent(id, firstName string) *UserFirstNameChangedEvent {
return &UserFirstNameChangedEvent{ return &UserFirstNameChangedEvent{
FirstName: firstName, FirstName: firstName,
BaseEvent: eventstore.BaseEvent{ BaseEvent: *eventstore.NewBaseEventForPush(
Service: "test.suite", context.Background(),
User: "adlerhurst", NewUserAggregate(id),
EventType: "user.firstName.changed", "user.firstname.changed"),
},
} }
} }
@ -137,13 +115,12 @@ type UserPasswordCheckedEvent struct {
eventstore.BaseEvent `json:"-"` eventstore.BaseEvent `json:"-"`
} }
func NewUserPasswordCheckedEvent() *UserPasswordCheckedEvent { func NewUserPasswordCheckedEvent(id string) *UserPasswordCheckedEvent {
return &UserPasswordCheckedEvent{ return &UserPasswordCheckedEvent{
BaseEvent: eventstore.BaseEvent{ BaseEvent: *eventstore.NewBaseEventForPush(
Service: "test.suite", context.Background(),
User: "adlerhurst", NewUserAggregate(id),
EventType: "user.password.checked", "user.password.checked"),
},
} }
} }
@ -171,13 +148,12 @@ type UserDeletedEvent struct {
eventstore.BaseEvent `json:"-"` eventstore.BaseEvent `json:"-"`
} }
func NewUserDeletedEvent() *UserDeletedEvent { func NewUserDeletedEvent(id string) *UserDeletedEvent {
return &UserDeletedEvent{ return &UserDeletedEvent{
BaseEvent: eventstore.BaseEvent{ BaseEvent: *eventstore.NewBaseEventForPush(
Service: "test.suite", context.Background(),
User: "adlerhurst", NewUserAggregate(id),
EventType: "user.deleted", "user.deleted"),
},
} }
} }
@ -213,18 +189,18 @@ func (rm *UsersReadModel) AppendEvents(events ...eventstore.EventReader) {
switch e := event.(type) { switch e := event.(type) {
case *UserAddedEvent: case *UserAddedEvent:
//insert //insert
user := NewUserReadModel(e.AggregateID()) user := NewUserReadModel(e.Aggregate().ID)
rm.Users = append(rm.Users, user) rm.Users = append(rm.Users, user)
user.AppendEvents(e) user.AppendEvents(e)
case *UserFirstNameChangedEvent, *UserPasswordCheckedEvent: case *UserFirstNameChangedEvent, *UserPasswordCheckedEvent:
//update //update
_, user := rm.userByID(e.AggregateID()) _, user := rm.userByID(e.Aggregate().ID)
if user == nil { if user == nil {
return return
} }
user.AppendEvents(e) user.AppendEvents(e)
case *UserDeletedEvent: case *UserDeletedEvent:
idx, _ := rm.userByID(e.AggregateID()) idx, _ := rm.userByID(e.Aggregate().ID)
if idx < 0 { if idx < 0 {
return return
} }
@ -302,11 +278,14 @@ func TestUserReadModel(t *testing.T) {
RegisterFilterEventMapper(UserPasswordCheckedMapper()). RegisterFilterEventMapper(UserPasswordCheckedMapper()).
RegisterFilterEventMapper(UserDeletedMapper()) RegisterFilterEventMapper(UserDeletedMapper())
events, err := es.PushAggregates(context.Background(), events, err := es.PushEvents(context.Background(),
NewUserAggregate("1").PushEvents(NewUserAddedEvent("hodor")), NewUserAddedEvent("1", "hodor"),
NewUserAggregate("2").PushEvents(NewUserAddedEvent("hodor"), NewUserPasswordCheckedEvent(), NewUserPasswordCheckedEvent(), NewUserFirstNameChangedEvent("ueli")), NewUserAddedEvent("2", "hodor"),
NewUserAggregate("2").PushEvents(NewUserDeletedEvent()), NewUserPasswordCheckedEvent("2"),
) NewUserPasswordCheckedEvent("2"),
NewUserFirstNameChangedEvent("2", "ueli"),
NewUserDeletedEvent("2"))
if err != nil { if err != nil {
t.Errorf("unexpected error on push aggregates: %v", err) t.Errorf("unexpected error on push aggregates: %v", err)
} }

6
internal/eventstore/v2/read_model.go
View File

@ -2,7 +2,7 @@ package eventstore
import "time" import "time"
//MemberReadModel is the minimum representation of a View model. //ReadModel is the minimum representation of a View model.
// It implements a basic reducer // It implements a basic reducer
// it might be saved in a database or in memory // it might be saved in a database or in memory
type ReadModel struct { type ReadModel struct {
@ -29,10 +29,10 @@ func (rm *ReadModel) Reduce() error {
} }
if rm.AggregateID == "" { if rm.AggregateID == "" {
rm.AggregateID = rm.Events[0].AggregateID() rm.AggregateID = rm.Events[0].Aggregate().ID
} }
if rm.ResourceOwner == "" { if rm.ResourceOwner == "" {
rm.ResourceOwner = rm.Events[0].ResourceOwner() rm.ResourceOwner = rm.Events[0].Aggregate().ResourceOwner
} }
if rm.CreationDate.IsZero() { if rm.CreationDate.IsZero() {

2
internal/eventstore/v2/search_query.go
View File

@ -93,7 +93,7 @@ func (factory *SearchQueryBuilder) build() (*repository.SearchQuery, error) {
if factory == nil || if factory == nil ||
len(factory.aggregateTypes) < 1 || len(factory.aggregateTypes) < 1 ||
factory.columns.Validate() != nil { factory.columns.Validate() != nil {
return nil, errors.ThrowPreconditionFailed(nil, "MODEL-tGAD3", "factory invalid") return nil, errors.ThrowPreconditionFailed(nil, "MODEL-4m9gs", "factory invalid")
} }
filters := []*repository.Filter{ filters := []*repository.Filter{
factory.aggregateTypeFilter(), factory.aggregateTypeFilter(),

2
internal/eventstore/v2/search_query_test.go
View File

@ -488,7 +488,7 @@ func TestSearchQueryFactoryBuild(t *testing.T) {
} }
if !reflect.DeepEqual(query, tt.res.query) { if !reflect.DeepEqual(query, tt.res.query) {
t.Errorf("NewSearchQueryFactory() = %+v, want %+v", factory, tt.res) t.Errorf("NewSearchQueryFactory() = %+v, want %+v", factory, tt.res.query)
} }
}) })
} }

7
internal/eventstore/v2/write_model.go
View File

@ -15,9 +15,8 @@ type WriteModel struct {
//AppendEvents adds all the events to the read model. //AppendEvents adds all the events to the read model.
// The function doesn't compute the new state of the read model // The function doesn't compute the new state of the read model
func (rm *WriteModel) AppendEvents(events ...EventReader) *WriteModel { func (rm *WriteModel) AppendEvents(events ...EventReader) {
rm.Events = append(rm.Events, events...) rm.Events = append(rm.Events, events...)
return rm
} }
//Reduce is the basic implementaion of reducer //Reduce is the basic implementaion of reducer
@ -28,10 +27,10 @@ func (wm *WriteModel) Reduce() error {
} }
if wm.AggregateID == "" { if wm.AggregateID == "" {
wm.AggregateID = wm.Events[0].AggregateID() wm.AggregateID = wm.Events[0].Aggregate().ID
} }
if wm.ResourceOwner == "" { if wm.ResourceOwner == "" {
wm.ResourceOwner = wm.Events[0].ResourceOwner() wm.ResourceOwner = wm.Events[0].Aggregate().ResourceOwner
} }
wm.ProcessedSequence = wm.Events[len(wm.Events)-1].Sequence() wm.ProcessedSequence = wm.Events[len(wm.Events)-1].Sequence()

8
internal/v2/command/command.go
View File

@ -131,3 +131,11 @@ func (r *CommandSide) getIAMWriteModel(ctx context.Context) (_ *IAMWriteModel, e
return writeModel, nil return writeModel, nil
} }
func AppendAndReduce(object interface {
AppendEvents(...eventstore.EventReader)
Reduce() error
}, events ...eventstore.EventReader) error {
object.AppendEvents(events...)
return object.Reduce()
}

19
internal/v2/command/iam.go
View File

@ -2,6 +2,7 @@ package command
import ( import (
"context" "context"
"github.com/caos/zitadel/internal/eventstore/v2"
caos_errs "github.com/caos/zitadel/internal/errors" caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
@ -18,26 +19,24 @@ func (r *CommandSide) GetIAM(ctx context.Context) (*domain.IAM, error) {
return writeModelToIAM(iamWriteModel), nil return writeModelToIAM(iamWriteModel), nil
} }
func (r *CommandSide) setGlobalOrg(ctx context.Context, iamAgg *iam.Aggregate, iamWriteModel *IAMWriteModel, orgID string) error { func (r *CommandSide) setGlobalOrg(ctx context.Context, iamAgg *eventstore.Aggregate, iamWriteModel *IAMWriteModel, orgID string) (eventstore.EventPusher, error) {
err := r.eventstore.FilterToQueryReducer(ctx, iamWriteModel) err := r.eventstore.FilterToQueryReducer(ctx, iamWriteModel)
if err != nil { if err != nil {
return err return nil, err
} }
if iamWriteModel.GlobalOrgID != "" { if iamWriteModel.GlobalOrgID != "" {
return caos_errs.ThrowPreconditionFailed(nil, "IAM-HGG24", "Errors.IAM.GlobalOrgAlreadySet") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-HGG24", "Errors.IAM.GlobalOrgAlreadySet")
} }
iamAgg.PushEvents(iam.NewGlobalOrgSetEventEvent(ctx, orgID)) return iam.NewGlobalOrgSetEventEvent(ctx, iamAgg, orgID), nil
return nil
} }
func (r *CommandSide) setIAMProject(ctx context.Context, iamAgg *iam.Aggregate, iamWriteModel *IAMWriteModel, projectID string) error { func (r *CommandSide) setIAMProject(ctx context.Context, iamAgg *eventstore.Aggregate, iamWriteModel *IAMWriteModel, projectID string) (eventstore.EventPusher, error) {
err := r.eventstore.FilterToQueryReducer(ctx, iamWriteModel) err := r.eventstore.FilterToQueryReducer(ctx, iamWriteModel)
if err != nil { if err != nil {
return err return nil, err
} }
if iamWriteModel.ProjectID != "" { if iamWriteModel.ProjectID != "" {
return caos_errs.ThrowPreconditionFailed(nil, "IAM-EGbw2", "Errors.IAM.IAMProjectAlreadySet") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-EGbw2", "Errors.IAM.IAMProjectAlreadySet")
} }
iamAgg.PushEvents(iam.NewIAMProjectSetEvent(ctx, projectID)) return iam.NewIAMProjectSetEvent(ctx, iamAgg, projectID), nil
return nil
} }

69
internal/v2/command/iam_idp_config.go
View File

@ -2,9 +2,8 @@ package command
import ( import (
"context" "context"
"github.com/caos/zitadel/internal/eventstore/v2"
caos_errs "github.com/caos/zitadel/internal/errors" caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
@ -30,18 +29,19 @@ func (r *CommandSide) AddDefaultIDPConfig(ctx context.Context, config *domain.ID
} }
iamAgg := IAMAggregateFromWriteModel(&addedConfig.WriteModel) iamAgg := IAMAggregateFromWriteModel(&addedConfig.WriteModel)
iamAgg.PushEvents( events := []eventstore.EventPusher{
iam_repo.NewIDPConfigAddedEvent( iam_repo.NewIDPConfigAddedEvent(
ctx, ctx,
iamAgg,
idpConfigID, idpConfigID,
config.Name, config.Name,
config.Type, config.Type,
config.StylingType, config.StylingType,
), ),
)
iamAgg.PushEvents(
iam_repo.NewIDPOIDCConfigAddedEvent( iam_repo.NewIDPOIDCConfigAddedEvent(
ctx, config.OIDCConfig.ClientID, ctx,
iamAgg,
config.OIDCConfig.ClientID,
idpConfigID, idpConfigID,
config.OIDCConfig.Issuer, config.OIDCConfig.Issuer,
clientSecret, clientSecret,
@ -49,8 +49,13 @@ func (r *CommandSide) AddDefaultIDPConfig(ctx context.Context, config *domain.ID
config.OIDCConfig.UsernameMapping, config.OIDCConfig.UsernameMapping,
config.OIDCConfig.Scopes..., config.OIDCConfig.Scopes...,
), ),
) }
err = r.eventstore.PushAggregate(ctx, addedConfig, iamAgg)
pushedEvents, err := r.eventstore.PushEvents(ctx, events...)
if err != nil {
return nil, err
}
err = AppendAndReduce(addedConfig, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -66,14 +71,16 @@ func (r *CommandSide) ChangeDefaultIDPConfig(ctx context.Context, config *domain
return nil, caos_errs.ThrowNotFound(nil, "IAM-4M9so", "Errors.IAM.IDPConfig.NotExisting") return nil, caos_errs.ThrowNotFound(nil, "IAM-4M9so", "Errors.IAM.IDPConfig.NotExisting")
} }
changedEvent, hasChanged := existingIDP.NewChangedEvent(ctx, existingIDP.ResourceOwner, config.IDPConfigID, config.Name, config.StylingType) iamAgg := IAMAggregateFromWriteModel(&existingIDP.WriteModel)
changedEvent, hasChanged := existingIDP.NewChangedEvent(ctx, iamAgg, config.IDPConfigID, config.Name, config.StylingType)
if !hasChanged { if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9vs", "Errors.IAM.LabelPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9vs", "Errors.IAM.LabelPolicy.NotChanged")
} }
iamAgg := IAMAggregateFromWriteModel(&existingIDP.WriteModel) pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent)
iamAgg.PushEvents(changedEvent) if err != nil {
return nil, err
err = r.eventstore.PushAggregate(ctx, existingIDP, iamAgg) }
err = AppendAndReduce(existingIDP, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -89,9 +96,8 @@ func (r *CommandSide) DeactivateDefaultIDPConfig(ctx context.Context, idpID stri
return caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9so", "Errors.IAM.IDPConfig.NotActive") return caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9so", "Errors.IAM.IDPConfig.NotActive")
} }
iamAgg := IAMAggregateFromWriteModel(&existingIDP.WriteModel) iamAgg := IAMAggregateFromWriteModel(&existingIDP.WriteModel)
iamAgg.PushEvents(iam_repo.NewIDPConfigDeactivatedEvent(ctx, idpID)) _, err = r.eventstore.PushEvents(ctx, iam_repo.NewIDPConfigDeactivatedEvent(ctx, iamAgg, idpID))
return err
return r.eventstore.PushAggregate(ctx, existingIDP, iamAgg)
} }
func (r *CommandSide) ReactivateDefaultIDPConfig(ctx context.Context, idpID string) error { func (r *CommandSide) ReactivateDefaultIDPConfig(ctx context.Context, idpID string) error {
@ -103,9 +109,8 @@ func (r *CommandSide) ReactivateDefaultIDPConfig(ctx context.Context, idpID stri
return caos_errs.ThrowPreconditionFailed(nil, "IAM-5Mo0d", "Errors.IAM.IDPConfig.NotInactive") return caos_errs.ThrowPreconditionFailed(nil, "IAM-5Mo0d", "Errors.IAM.IDPConfig.NotInactive")
} }
iamAgg := IAMAggregateFromWriteModel(&existingIDP.WriteModel) iamAgg := IAMAggregateFromWriteModel(&existingIDP.WriteModel)
iamAgg.PushEvents(iam_repo.NewIDPConfigReactivatedEvent(ctx, idpID)) _, err = r.eventstore.PushEvents(ctx, iam_repo.NewIDPConfigReactivatedEvent(ctx, iamAgg, idpID))
return err
return r.eventstore.PushAggregate(ctx, existingIDP, iamAgg)
} }
func (r *CommandSide) RemoveDefaultIDPConfig(ctx context.Context, idpID string, idpProviders []*domain.IDPProvider, externalIDPs ...*domain.ExternalIDP) error { func (r *CommandSide) RemoveDefaultIDPConfig(ctx context.Context, idpID string, idpProviders []*domain.IDPProvider, externalIDPs ...*domain.ExternalIDP) error {
@ -117,22 +122,22 @@ func (r *CommandSide) RemoveDefaultIDPConfig(ctx context.Context, idpID string,
return caos_errs.ThrowNotFound(nil, "IAM-4M0xy", "Errors.IAM.IDPConfig.NotExisting") return caos_errs.ThrowNotFound(nil, "IAM-4M0xy", "Errors.IAM.IDPConfig.NotExisting")
} }
aggregates := make([]eventstore.Aggregater, 0)
iamAgg := IAMAggregateFromWriteModel(&existingIDP.WriteModel) iamAgg := IAMAggregateFromWriteModel(&existingIDP.WriteModel)
iamAgg.PushEvents(iam_repo.NewIDPConfigRemovedEvent(ctx, existingIDP.ResourceOwner, idpID, existingIDP.Name)) events := []eventstore.EventPusher{
iam_repo.NewIDPConfigRemovedEvent(ctx, iamAgg, idpID, existingIDP.Name),
userAggregates := make([]eventstore.Aggregater, 0)
for _, idpProvider := range idpProviders {
if idpProvider.AggregateID == domain.IAMID {
userAggregates = r.removeIDPProviderFromDefaultLoginPolicy(ctx, iamAgg, idpProvider, true, externalIDPs...)
}
orgAgg := OrgAggregateFromWriteModel(&NewOrgIdentityProviderWriteModel(idpProvider.AggregateID, idpID).WriteModel)
r.removeIDPProviderFromLoginPolicy(ctx, orgAgg, idpID, true)
} }
aggregates = append(aggregates, iamAgg) for _, idpProvider := range idpProviders {
aggregates = append(aggregates, userAggregates...) if idpProvider.AggregateID == domain.IAMID {
_, err = r.eventstore.PushAggregates(ctx, aggregates...) userEvents := r.removeIDPProviderFromDefaultLoginPolicy(ctx, iamAgg, idpProvider, true, externalIDPs...)
events = append(events, userEvents...)
}
orgAgg := OrgAggregateFromWriteModel(&NewOrgIdentityProviderWriteModel(idpProvider.AggregateID, idpID).WriteModel)
orgEvents := r.removeIDPProviderFromLoginPolicy(ctx, orgAgg, idpID, true)
events = append(events, orgEvents...)
}
_, err = r.eventstore.PushEvents(ctx, events...)
return err return err
} }

15
internal/v2/command/iam_idp_config_model.go
View File

@ -28,7 +28,16 @@ func NewIAMIDPConfigWriteModel(configID string) *IAMIDPConfigWriteModel {
func (wm *IAMIDPConfigWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *IAMIDPConfigWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType).
AggregateIDs(wm.AggregateID). AggregateIDs(wm.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(
iam.IDPConfigAddedEventType,
iam.IDPConfigChangedEventType,
iam.IDPConfigDeactivatedEventType,
iam.IDPConfigReactivatedEventType,
iam.IDPConfigRemovedEventType,
iam.IDPOIDCConfigAddedEventType,
iam.IDPOIDCConfigChangedEventType,
)
} }
func (wm *IAMIDPConfigWriteModel) AppendEvents(events ...eventstore.EventReader) { func (wm *IAMIDPConfigWriteModel) AppendEvents(events ...eventstore.EventReader) {
@ -84,7 +93,7 @@ func (wm *IAMIDPConfigWriteModel) AppendAndReduce(events ...eventstore.EventRead
func (wm *IAMIDPConfigWriteModel) NewChangedEvent( func (wm *IAMIDPConfigWriteModel) NewChangedEvent(
ctx context.Context, ctx context.Context,
resourceOwner, aggregate *eventstore.Aggregate,
configID, configID,
name string, name string,
stylingType domain.IDPConfigStylingType, stylingType domain.IDPConfigStylingType,
@ -102,7 +111,7 @@ func (wm *IAMIDPConfigWriteModel) NewChangedEvent(
if len(changes) == 0 { if len(changes) == 0 {
return nil, false return nil, false
} }
changeEvent, err := iam.NewIDPConfigChangedEvent(ctx, resourceOwner, configID, oldName, changes) changeEvent, err := iam.NewIDPConfigChangedEvent(ctx, aggregate, configID, oldName, changes)
if err != nil { if err != nil {
return nil, false return nil, false
} }

12
internal/v2/command/iam_idp_oidc_config.go
View File

@ -17,8 +17,10 @@ func (r *CommandSide) ChangeDefaultIDPOIDCConfig(ctx context.Context, config *do
return nil, caos_errs.ThrowAlreadyExists(nil, "IAM-67J9d", "Errors.IAM.IDPConfig.AlreadyExists") return nil, caos_errs.ThrowAlreadyExists(nil, "IAM-67J9d", "Errors.IAM.IDPConfig.AlreadyExists")
} }
iamAgg := IAMAggregateFromWriteModel(&existingConfig.WriteModel)
changedEvent, hasChanged, err := existingConfig.NewChangedEvent( changedEvent, hasChanged, err := existingConfig.NewChangedEvent(
ctx, ctx,
iamAgg,
config.IDPConfigID, config.IDPConfigID,
config.ClientID, config.ClientID,
config.Issuer, config.Issuer,
@ -34,13 +36,13 @@ func (r *CommandSide) ChangeDefaultIDPOIDCConfig(ctx context.Context, config *do
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9vs", "Errors.IAM.LabelPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9vs", "Errors.IAM.LabelPolicy.NotChanged")
} }
iamAgg := IAMAggregateFromWriteModel(&existingConfig.WriteModel) pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent)
iamAgg.PushEvents(changedEvent) if err != nil {
return nil, err
err = r.eventstore.PushAggregate(ctx, existingConfig, iamAgg) }
err = AppendAndReduce(existingConfig, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return writeModelToIDPOIDCConfig(&existingConfig.OIDCConfigWriteModel), nil return writeModelToIDPOIDCConfig(&existingConfig.OIDCConfigWriteModel), nil
} }

11
internal/v2/command/iam_idp_oidc_config_model.go
View File

@ -71,11 +71,18 @@ func (wm *IAMIDPOIDCConfigWriteModel) Reduce() error {
func (wm *IAMIDPOIDCConfigWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *IAMIDPOIDCConfigWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType).
AggregateIDs(wm.AggregateID). AggregateIDs(wm.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(
iam.IDPOIDCConfigAddedEventType,
iam.IDPOIDCConfigChangedEventType,
iam.IDPConfigReactivatedEventType,
iam.IDPConfigDeactivatedEventType,
iam.IDPConfigRemovedEventType)
} }
func (wm *IAMIDPOIDCConfigWriteModel) NewChangedEvent( func (wm *IAMIDPOIDCConfigWriteModel) NewChangedEvent(
ctx context.Context, ctx context.Context,
aggregate *eventstore.Aggregate,
idpConfigID, idpConfigID,
clientID, clientID,
issuer, issuer,
@ -114,7 +121,7 @@ func (wm *IAMIDPOIDCConfigWriteModel) NewChangedEvent(
if len(changes) == 0 { if len(changes) == 0 {
return nil, false, nil return nil, false, nil
} }
changeEvent, err := iam.NewIDPOIDCConfigChangedEvent(ctx, idpConfigID, changes) changeEvent, err := iam.NewIDPOIDCConfigChangedEvent(ctx, aggregate, idpConfigID, changes)
if err != nil { if err != nil {
return nil, false, err return nil, false, err
} }

36
internal/v2/command/iam_member.go
View File

@ -2,6 +2,7 @@ package command
import ( import (
"context" "context"
"github.com/caos/zitadel/internal/eventstore/v2"
"reflect" "reflect"
"github.com/caos/zitadel/internal/errors" "github.com/caos/zitadel/internal/errors"
@ -14,37 +15,38 @@ import (
func (r *CommandSide) AddIAMMember(ctx context.Context, member *domain.Member) (*domain.Member, error) { func (r *CommandSide) AddIAMMember(ctx context.Context, member *domain.Member) (*domain.Member, error) {
addedMember := NewIAMMemberWriteModel(member.UserID) addedMember := NewIAMMemberWriteModel(member.UserID)
iamAgg := IAMAggregateFromWriteModel(&addedMember.MemberWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&addedMember.MemberWriteModel.WriteModel)
err := r.addIAMMember(ctx, iamAgg, addedMember, member) event, err := r.addIAMMember(ctx, iamAgg, addedMember, member)
if err != nil { if err != nil {
return nil, err return nil, err
} }
err = r.eventstore.PushAggregate(ctx, addedMember, iamAgg) pushedEvents, err := r.eventstore.PushEvents(ctx, event)
if err != nil {
return nil, err
}
err = AppendAndReduce(addedMember, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return memberWriteModelToMember(&addedMember.MemberWriteModel), nil return memberWriteModelToMember(&addedMember.MemberWriteModel), nil
} }
func (r *CommandSide) addIAMMember(ctx context.Context, iamAgg *iam_repo.Aggregate, addedMember *IAMMemberWriteModel, member *domain.Member) error { func (r *CommandSide) addIAMMember(ctx context.Context, iamAgg *eventstore.Aggregate, addedMember *IAMMemberWriteModel, member *domain.Member) (eventstore.EventPusher, error) {
//TODO: check if roles valid //TODO: check if roles valid
if !member.IsValid() { if !member.IsValid() {
return caos_errs.ThrowPreconditionFailed(nil, "IAM-GR34U", "Errors.IAM.MemberInvalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-GR34U", "Errors.IAM.MemberInvalid")
} }
err := r.eventstore.FilterToQueryReducer(ctx, addedMember) err := r.eventstore.FilterToQueryReducer(ctx, addedMember)
if err != nil { if err != nil {
return err return nil, err
} }
if addedMember.State == domain.MemberStateActive { if addedMember.State == domain.MemberStateActive {
return errors.ThrowAlreadyExists(nil, "IAM-sdgQ4", "Errors.IAM.Member.AlreadyExists") return nil, errors.ThrowAlreadyExists(nil, "IAM-sdgQ4", "Errors.IAM.Member.AlreadyExists")
} }
iamAgg.PushEvents(iam_repo.NewMemberAddedEvent(ctx, iamAgg.ID(), member.UserID, member.Roles...)) return iam_repo.NewMemberAddedEvent(ctx, iamAgg, member.UserID, member.Roles...), nil
return nil
} }
//ChangeIAMMember updates an existing member //ChangeIAMMember updates an existing member
@ -64,15 +66,12 @@ func (r *CommandSide) ChangeIAMMember(ctx context.Context, member *domain.Member
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-LiaZi", "Errors.IAM.Member.RolesNotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-LiaZi", "Errors.IAM.Member.RolesNotChanged")
} }
iamAgg := IAMAggregateFromWriteModel(&existingMember.MemberWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&existingMember.MemberWriteModel.WriteModel)
iamAgg.PushEvents(iam_repo.NewMemberChangedEvent(ctx, member.UserID, member.Roles...)) pushedEvents, err := r.eventstore.PushEvents(ctx, iam_repo.NewMemberChangedEvent(ctx, iamAgg, member.UserID, member.Roles...))
events, err := r.eventstore.PushAggregates(ctx, iamAgg)
if err != nil { if err != nil {
return nil, err return nil, err
} }
err = AppendAndReduce(existingMember, pushedEvents...)
existingMember.AppendEvents(events...) if err != nil {
if err = existingMember.Reduce(); err != nil {
return nil, err return nil, err
} }
@ -89,9 +88,8 @@ func (r *CommandSide) RemoveIAMMember(ctx context.Context, userID string) error
} }
iamAgg := IAMAggregateFromWriteModel(&m.MemberWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&m.MemberWriteModel.WriteModel)
iamAgg.PushEvents(iam_repo.NewMemberRemovedEvent(ctx, iamAgg.ID(), userID)) _, err = r.eventstore.PushEvents(ctx, iam_repo.NewMemberRemovedEvent(ctx, iamAgg, userID))
return err
return r.eventstore.PushAggregate(ctx, m, iamAgg)
} }
func (r *CommandSide) iamMemberWriteModelByID(ctx context.Context, userID string) (member *IAMMemberWriteModel, err error) { func (r *CommandSide) iamMemberWriteModelByID(ctx context.Context, userID string) (member *IAMMemberWriteModel, err error) {

7
internal/v2/command/iam_member_model.go
View File

@ -50,5 +50,10 @@ func (wm *IAMMemberWriteModel) Reduce() error {
func (wm *IAMMemberWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *IAMMemberWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType).
AggregateIDs(wm.MemberWriteModel.AggregateID).ResourceOwner(wm.ResourceOwner) AggregateIDs(wm.MemberWriteModel.AggregateID).
ResourceOwner(wm.ResourceOwner).
EventTypes(
iam.MemberAddedEventType,
iam.MemberChangedEventType,
iam.MemberRemovedEventType)
} }

17
internal/v2/command/iam_model.go
View File

@ -25,10 +25,6 @@ func NewIAMWriteModel() *IAMWriteModel {
} }
} }
func (wm *IAMWriteModel) AppendEvents(events ...eventstore.EventReader) {
wm.WriteModel.AppendEvents(events...)
}
func (wm *IAMWriteModel) Reduce() error { func (wm *IAMWriteModel) Reduce() error {
for _, event := range wm.Events { for _, event := range wm.Events {
switch e := event.(type) { switch e := event.(type) {
@ -50,11 +46,14 @@ func (wm *IAMWriteModel) Reduce() error {
func (wm *IAMWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *IAMWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType).
AggregateIDs(wm.AggregateID). AggregateIDs(wm.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(
iam.ProjectSetEventType,
iam.GlobalOrgSetEventType,
iam.SetupStartedEventType,
iam.SetupDoneEventType)
} }
func IAMAggregateFromWriteModel(wm *eventstore.WriteModel) *iam.Aggregate { func IAMAggregateFromWriteModel(wm *eventstore.WriteModel) *eventstore.Aggregate {
return &iam.Aggregate{ return eventstore.AggregateFromWriteModel(wm, iam.AggregateType, iam.AggregateVersion)
Aggregate: *eventstore.AggregateFromWriteModel(wm, iam.AggregateType, iam.AggregateVersion),
}
} }

33
internal/v2/command/iam_policy_label.go
View File

@ -3,6 +3,7 @@ package command
import ( import (
"context" "context"
caos_errs "github.com/caos/zitadel/internal/errors" caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
iam_repo "github.com/caos/zitadel/internal/v2/repository/iam" iam_repo "github.com/caos/zitadel/internal/v2/repository/iam"
@ -11,31 +12,33 @@ import (
func (r *CommandSide) AddDefaultLabelPolicy(ctx context.Context, policy *domain.LabelPolicy) (*domain.LabelPolicy, error) { func (r *CommandSide) AddDefaultLabelPolicy(ctx context.Context, policy *domain.LabelPolicy) (*domain.LabelPolicy, error) {
addedPolicy := NewIAMLabelPolicyWriteModel() addedPolicy := NewIAMLabelPolicyWriteModel()
iamAgg := IAMAggregateFromWriteModel(&addedPolicy.LabelPolicyWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&addedPolicy.LabelPolicyWriteModel.WriteModel)
err := r.addDefaultLabelPolicy(ctx, nil, addedPolicy, policy) event, err := r.addDefaultLabelPolicy(ctx, iamAgg, addedPolicy, policy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
err = r.eventstore.PushAggregate(ctx, addedPolicy, iamAgg) pushedEvents, err := r.eventstore.PushEvents(ctx, event)
if err != nil {
return nil, err
}
err = AppendAndReduce(addedPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return writeModelToLabelPolicy(&addedPolicy.LabelPolicyWriteModel), nil return writeModelToLabelPolicy(&addedPolicy.LabelPolicyWriteModel), nil
} }
func (r *CommandSide) addDefaultLabelPolicy(ctx context.Context, iamAgg *iam_repo.Aggregate, addedPolicy *IAMLabelPolicyWriteModel, policy *domain.LabelPolicy) error { func (r *CommandSide) addDefaultLabelPolicy(ctx context.Context, iamAgg *eventstore.Aggregate, addedPolicy *IAMLabelPolicyWriteModel, policy *domain.LabelPolicy) (eventstore.EventPusher, error) {
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil { if err != nil {
return err return nil, err
} }
if addedPolicy.State == domain.PolicyStateActive { if addedPolicy.State == domain.PolicyStateActive {
return caos_errs.ThrowAlreadyExists(nil, "IAM-2B0ps", "Errors.IAM.LabelPolicy.AlreadyExists") return nil, caos_errs.ThrowAlreadyExists(nil, "IAM-2B0ps", "Errors.IAM.LabelPolicy.AlreadyExists")
} }
iamAgg.PushEvents(iam_repo.NewLabelPolicyAddedEvent(ctx, policy.PrimaryColor, policy.SecondaryColor)) return iam_repo.NewLabelPolicyAddedEvent(ctx, iamAgg, policy.PrimaryColor, policy.SecondaryColor), nil
return nil
} }
func (r *CommandSide) ChangeDefaultLabelPolicy(ctx context.Context, policy *domain.LabelPolicy) (*domain.LabelPolicy, error) { func (r *CommandSide) ChangeDefaultLabelPolicy(ctx context.Context, policy *domain.LabelPolicy) (*domain.LabelPolicy, error) {
@ -47,20 +50,20 @@ func (r *CommandSide) ChangeDefaultLabelPolicy(ctx context.Context, policy *doma
if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved {
return nil, caos_errs.ThrowNotFound(nil, "IAM-0K9dq", "Errors.IAM.LabelPolicy.NotFound") return nil, caos_errs.ThrowNotFound(nil, "IAM-0K9dq", "Errors.IAM.LabelPolicy.NotFound")
} }
iamAgg := IAMAggregateFromWriteModel(&existingPolicy.LabelPolicyWriteModel.WriteModel)
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, policy.PrimaryColor, policy.SecondaryColor) changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, iamAgg, policy.PrimaryColor, policy.SecondaryColor)
if !hasChanged { if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9vs", "Errors.IAM.LabelPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9vs", "Errors.IAM.LabelPolicy.NotChanged")
} }
iamAgg := IAMAggregateFromWriteModel(&existingPolicy.LabelPolicyWriteModel.WriteModel) pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent)
iamAgg.PushEvents(changedEvent) if err != nil {
return nil, err
err = r.eventstore.PushAggregate(ctx, existingPolicy, iamAgg) }
err = AppendAndReduce(existingPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return writeModelToLabelPolicy(&existingPolicy.LabelPolicyWriteModel), nil return writeModelToLabelPolicy(&existingPolicy.LabelPolicyWriteModel), nil
} }

8
internal/v2/command/iam_policy_label_model.go
View File

@ -42,11 +42,15 @@ func (wm *IAMLabelPolicyWriteModel) Reduce() error {
func (wm *IAMLabelPolicyWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *IAMLabelPolicyWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType).
AggregateIDs(wm.LabelPolicyWriteModel.AggregateID). AggregateIDs(wm.LabelPolicyWriteModel.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(
iam.LabelPolicyAddedEventType,
iam.LabelPolicyChangedEventType)
} }
func (wm *IAMLabelPolicyWriteModel) NewChangedEvent( func (wm *IAMLabelPolicyWriteModel) NewChangedEvent(
ctx context.Context, ctx context.Context,
aggregate *eventstore.Aggregate,
primaryColor, primaryColor,
secondaryColor string, secondaryColor string,
) (*iam.LabelPolicyChangedEvent, bool) { ) (*iam.LabelPolicyChangedEvent, bool) {
@ -60,7 +64,7 @@ func (wm *IAMLabelPolicyWriteModel) NewChangedEvent(
if len(changes) == 0 { if len(changes) == 0 {
return nil, false return nil, false
} }
changedEvent, err := iam.NewLabelPolicyChangedEvent(ctx, changes) changedEvent, err := iam.NewLabelPolicyChangedEvent(ctx, aggregate, changes)
if err != nil { if err != nil {
return nil, false return nil, false
} }

116
internal/v2/command/iam_policy_login.go
View File

@ -25,11 +25,11 @@ func (r *CommandSide) getDefaultLoginPolicy(ctx context.Context) (*domain.LoginP
func (r *CommandSide) AddDefaultLoginPolicy(ctx context.Context, policy *domain.LoginPolicy) (*domain.LoginPolicy, error) { func (r *CommandSide) AddDefaultLoginPolicy(ctx context.Context, policy *domain.LoginPolicy) (*domain.LoginPolicy, error) {
addedPolicy := NewIAMLoginPolicyWriteModel() addedPolicy := NewIAMLoginPolicyWriteModel()
iamAgg := IAMAggregateFromWriteModel(&addedPolicy.WriteModel) iamAgg := IAMAggregateFromWriteModel(&addedPolicy.WriteModel)
err := r.addDefaultLoginPolicy(ctx, nil, addedPolicy, policy) event, err := r.addDefaultLoginPolicy(ctx, iamAgg, addedPolicy, policy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
err = r.eventstore.PushAggregate(ctx, addedPolicy, iamAgg) _, err = r.eventstore.PushEvents(ctx, event)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -37,50 +37,49 @@ func (r *CommandSide) AddDefaultLoginPolicy(ctx context.Context, policy *domain.
return writeModelToLoginPolicy(&addedPolicy.LoginPolicyWriteModel), nil return writeModelToLoginPolicy(&addedPolicy.LoginPolicyWriteModel), nil
} }
func (r *CommandSide) addDefaultLoginPolicy(ctx context.Context, iamAgg *iam_repo.Aggregate, addedPolicy *IAMLoginPolicyWriteModel, policy *domain.LoginPolicy) error { func (r *CommandSide) addDefaultLoginPolicy(ctx context.Context, iamAgg *eventstore.Aggregate, addedPolicy *IAMLoginPolicyWriteModel, policy *domain.LoginPolicy) (eventstore.EventPusher, error) {
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil { if err != nil {
return err return nil, err
} }
if addedPolicy.State == domain.PolicyStateActive { if addedPolicy.State == domain.PolicyStateActive {
return caos_errs.ThrowAlreadyExists(nil, "IAM-2B0ps", "Errors.IAM.LoginPolicy.AlreadyExists") return nil, caos_errs.ThrowAlreadyExists(nil, "IAM-2B0ps", "Errors.IAM.LoginPolicy.AlreadyExists")
} }
iamAgg.PushEvents(iam_repo.NewLoginPolicyAddedEvent(ctx, policy.AllowUsernamePassword, policy.AllowRegister, policy.AllowExternalIDP, policy.ForceMFA, policy.PasswordlessType)) return iam_repo.NewLoginPolicyAddedEvent(ctx, iamAgg, policy.AllowUsernamePassword, policy.AllowRegister, policy.AllowExternalIDP, policy.ForceMFA, policy.PasswordlessType), nil
return nil
} }
func (r *CommandSide) ChangeDefaultLoginPolicy(ctx context.Context, policy *domain.LoginPolicy) (*domain.LoginPolicy, error) { func (r *CommandSide) ChangeDefaultLoginPolicy(ctx context.Context, policy *domain.LoginPolicy) (*domain.LoginPolicy, error) {
existingPolicy := NewIAMLoginPolicyWriteModel() existingPolicy := NewIAMLoginPolicyWriteModel()
iamAgg := IAMAggregateFromWriteModel(&existingPolicy.LoginPolicyWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&existingPolicy.LoginPolicyWriteModel.WriteModel)
err := r.changeDefaultLoginPolicy(ctx, iamAgg, existingPolicy, policy) event, err := r.changeDefaultLoginPolicy(ctx, iamAgg, existingPolicy, policy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
err = r.eventstore.PushAggregate(ctx, existingPolicy, iamAgg) pushedEvents, err := r.eventstore.PushEvents(ctx, event)
if err != nil {
return nil, err
}
err = AppendAndReduce(existingPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return writeModelToLoginPolicy(&existingPolicy.LoginPolicyWriteModel), nil return writeModelToLoginPolicy(&existingPolicy.LoginPolicyWriteModel), nil
} }
func (r *CommandSide) changeDefaultLoginPolicy(ctx context.Context, iamAgg *iam_repo.Aggregate, existingPolicy *IAMLoginPolicyWriteModel, policy *domain.LoginPolicy) error { func (r *CommandSide) changeDefaultLoginPolicy(ctx context.Context, iamAgg *eventstore.Aggregate, existingPolicy *IAMLoginPolicyWriteModel, policy *domain.LoginPolicy) (eventstore.EventPusher, error) {
err := r.defaultLoginPolicyWriteModelByID(ctx, existingPolicy) err := r.defaultLoginPolicyWriteModelByID(ctx, existingPolicy)
if err != nil { if err != nil {
return err return nil, err
} }
if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved {
return caos_errs.ThrowNotFound(nil, "IAM-M0sif", "Errors.IAM.LoginPolicy.NotFound") return nil, caos_errs.ThrowNotFound(nil, "IAM-M0sif", "Errors.IAM.LoginPolicy.NotFound")
} }
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, policy.AllowUsernamePassword, policy.AllowRegister, policy.AllowExternalIDP, policy.ForceMFA, policy.PasswordlessType) changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, iamAgg, policy.AllowUsernamePassword, policy.AllowRegister, policy.AllowExternalIDP, policy.ForceMFA, policy.PasswordlessType)
if !hasChanged { if !hasChanged {
return caos_errs.ThrowPreconditionFailed(nil, "IAM-5M9vdd", "Errors.IAM.LoginPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-5M9vdd", "Errors.IAM.LoginPolicy.NotChanged")
} }
iamAgg.PushEvents(changedEvent) return changedEvent, nil
return nil
} }
func (r *CommandSide) AddIDPProviderToDefaultLoginPolicy(ctx context.Context, idpProvider *domain.IDPProvider) (*domain.IDPProvider, error) { func (r *CommandSide) AddIDPProviderToDefaultLoginPolicy(ctx context.Context, idpProvider *domain.IDPProvider) (*domain.IDPProvider, error) {
@ -94,12 +93,14 @@ func (r *CommandSide) AddIDPProviderToDefaultLoginPolicy(ctx context.Context, id
} }
iamAgg := IAMAggregateFromWriteModel(&idpModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&idpModel.WriteModel)
iamAgg.PushEvents(iam_repo.NewIdentityProviderAddedEvent(ctx, idpProvider.IDPConfigID, domain.IdentityProviderType(idpProvider.Type))) pushedEvents, err := r.eventstore.PushEvents(ctx, iam_repo.NewIdentityProviderAddedEvent(ctx, iamAgg, idpProvider.IDPConfigID, idpProvider.Type))
if err != nil {
if err = r.eventstore.PushAggregate(ctx, idpModel, iamAgg); err != nil { return nil, err
}
err = AppendAndReduce(idpModel, pushedEvents...)
if err != nil {
return nil, err return nil, err
} }
return writeModelToIDPProvider(&idpModel.IdentityProviderWriteModel), nil return writeModelToIDPProvider(&idpModel.IdentityProviderWriteModel), nil
} }
@ -113,64 +114,61 @@ func (r *CommandSide) RemoveIDPProviderFromDefaultLoginPolicy(ctx context.Contex
return caos_errs.ThrowNotFound(nil, "IAM-39fjs", "Errors.IAM.LoginPolicy.IDP.NotExisting") return caos_errs.ThrowNotFound(nil, "IAM-39fjs", "Errors.IAM.LoginPolicy.IDP.NotExisting")
} }
aggregates := make([]eventstore.Aggregater, 0)
iamAgg := IAMAggregateFromWriteModel(&idpModel.IdentityProviderWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&idpModel.IdentityProviderWriteModel.WriteModel)
iamAgg.PushEvents(iam_repo.NewIdentityProviderRemovedEvent(ctx, idpProvider.IDPConfigID)) events := []eventstore.EventPusher{
iam_repo.NewIdentityProviderRemovedEvent(ctx, iamAgg, idpProvider.IDPConfigID),
}
userAggregates := r.removeIDPProviderFromDefaultLoginPolicy(ctx, iamAgg, idpProvider, false, cascadeExternalIDPs...) userEvents := r.removeIDPProviderFromDefaultLoginPolicy(ctx, iamAgg, idpProvider, false, cascadeExternalIDPs...)
aggregates = append(aggregates, iamAgg) events = append(events, userEvents...)
aggregates = append(aggregates, userAggregates...) _, err = r.eventstore.PushEvents(ctx, events...)
_, err = r.eventstore.PushAggregates(ctx, aggregates...)
return err return err
} }
func (r *CommandSide) removeIDPProviderFromDefaultLoginPolicy(ctx context.Context, iamAgg *iam_repo.Aggregate, idpProvider *domain.IDPProvider, cascade bool, cascadeExternalIDPs ...*domain.ExternalIDP) []eventstore.Aggregater { func (r *CommandSide) removeIDPProviderFromDefaultLoginPolicy(ctx context.Context, iamAgg *eventstore.Aggregate, idpProvider *domain.IDPProvider, cascade bool, cascadeExternalIDPs ...*domain.ExternalIDP) []eventstore.EventPusher {
var events []eventstore.EventPusher
if cascade { if cascade {
iamAgg.PushEvents(iam_repo.NewIdentityProviderCascadeRemovedEvent(ctx, idpProvider.IDPConfigID)) events = append(events, iam_repo.NewIdentityProviderCascadeRemovedEvent(ctx, iamAgg, idpProvider.IDPConfigID))
return nil } else {
events = append(events, iam_repo.NewIdentityProviderRemovedEvent(ctx, iamAgg, idpProvider.IDPConfigID))
} }
iamAgg.PushEvents(iam_repo.NewIdentityProviderRemovedEvent(ctx, idpProvider.IDPConfigID))
userAggregates := make([]eventstore.Aggregater, 0)
for _, idp := range cascadeExternalIDPs { for _, idp := range cascadeExternalIDPs {
userAgg, _, err := r.removeHumanExternalIDP(ctx, idp, true) userEvent, err := r.removeHumanExternalIDP(ctx, idp, true)
if err != nil { if err != nil {
logging.LogWithFields("COMMAND-4nfsf", "userid", idp.AggregateID, "idp-id", idp.IDPConfigID).WithError(err).Warn("could not cascade remove externalidp in remove provider from policy") logging.LogWithFields("COMMAND-4nfsf", "userid", idp.AggregateID, "idp-id", idp.IDPConfigID).WithError(err).Warn("could not cascade remove externalidp in remove provider from policy")
continue continue
} }
userAggregates = append(userAggregates, userAgg) events = append(events, userEvent)
} }
return userAggregates return events
} }
func (r *CommandSide) AddSecondFactorToDefaultLoginPolicy(ctx context.Context, secondFactor domain.SecondFactorType) (domain.SecondFactorType, error) { func (r *CommandSide) AddSecondFactorToDefaultLoginPolicy(ctx context.Context, secondFactor domain.SecondFactorType) (domain.SecondFactorType, error) {
secondFactorModel := NewIAMSecondFactorWriteModel() secondFactorModel := NewIAMSecondFactorWriteModel()
iamAgg := IAMAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel)
err := r.addSecondFactorToDefaultLoginPolicy(ctx, nil, secondFactorModel, secondFactor) event, err := r.addSecondFactorToDefaultLoginPolicy(ctx, iamAgg, secondFactorModel, secondFactor)
if err != nil { if err != nil {
return domain.SecondFactorTypeUnspecified, err return domain.SecondFactorTypeUnspecified, err
} }
if err = r.eventstore.PushAggregate(ctx, secondFactorModel, iamAgg); err != nil { if _, err = r.eventstore.PushEvents(ctx, event); err != nil {
return domain.SecondFactorTypeUnspecified, err return domain.SecondFactorTypeUnspecified, err
} }
return secondFactorModel.MFAType, nil return secondFactorModel.MFAType, nil
} }
func (r *CommandSide) addSecondFactorToDefaultLoginPolicy(ctx context.Context, iamAgg *iam_repo.Aggregate, secondFactorModel *IAMSecondFactorWriteModel, secondFactor domain.SecondFactorType) error { func (r *CommandSide) addSecondFactorToDefaultLoginPolicy(ctx context.Context, iamAgg *eventstore.Aggregate, secondFactorModel *IAMSecondFactorWriteModel, secondFactor domain.SecondFactorType) (eventstore.EventPusher, error) {
err := r.eventstore.FilterToQueryReducer(ctx, secondFactorModel) err := r.eventstore.FilterToQueryReducer(ctx, secondFactorModel)
if err != nil { if err != nil {
return err return nil, err
} }
if secondFactorModel.State == domain.FactorStateActive { if secondFactorModel.State == domain.FactorStateActive {
return caos_errs.ThrowAlreadyExists(nil, "IAM-2B0ps", "Errors.IAM.LoginPolicy.MFA.AlreadyExists") return nil, caos_errs.ThrowAlreadyExists(nil, "IAM-2B0ps", "Errors.IAM.LoginPolicy.MFA.AlreadyExists")
} }
return iam_repo.NewLoginPolicySecondFactorAddedEvent(ctx, iamAgg, secondFactor), nil
iamAgg.PushEvents(iam_repo.NewLoginPolicySecondFactorAddedEvent(ctx, domain.SecondFactorType(secondFactor)))
return nil
} }
func (r *CommandSide) RemoveSecondFactorFromDefaultLoginPolicy(ctx context.Context, secondFactor domain.SecondFactorType) error { func (r *CommandSide) RemoveSecondFactorFromDefaultLoginPolicy(ctx context.Context, secondFactor domain.SecondFactorType) error {
@ -183,38 +181,35 @@ func (r *CommandSide) RemoveSecondFactorFromDefaultLoginPolicy(ctx context.Conte
return caos_errs.ThrowNotFound(nil, "IAM-3M9od", "Errors.IAM.LoginPolicy.MFA.NotExisting") return caos_errs.ThrowNotFound(nil, "IAM-3M9od", "Errors.IAM.LoginPolicy.MFA.NotExisting")
} }
iamAgg := IAMAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel)
iamAgg.PushEvents(iam_repo.NewLoginPolicySecondFactorRemovedEvent(ctx, domain.SecondFactorType(secondFactor))) _, err = r.eventstore.PushEvents(ctx, iam_repo.NewLoginPolicySecondFactorRemovedEvent(ctx, iamAgg, secondFactor))
return err
return r.eventstore.PushAggregate(ctx, secondFactorModel, iamAgg)
} }
func (r *CommandSide) AddMultiFactorToDefaultLoginPolicy(ctx context.Context, multiFactor domain.MultiFactorType) (domain.MultiFactorType, error) { func (r *CommandSide) AddMultiFactorToDefaultLoginPolicy(ctx context.Context, multiFactor domain.MultiFactorType) (domain.MultiFactorType, error) {
multiFactorModel := NewIAMMultiFactorWriteModel() multiFactorModel := NewIAMMultiFactorWriteModel()
iamAgg := IAMAggregateFromWriteModel(&multiFactorModel.MultiFactoryWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&multiFactorModel.MultiFactoryWriteModel.WriteModel)
err := r.addMultiFactorToDefaultLoginPolicy(ctx, iamAgg, multiFactorModel, multiFactor) event, err := r.addMultiFactorToDefaultLoginPolicy(ctx, iamAgg, multiFactorModel, multiFactor)
if err != nil { if err != nil {
return domain.MultiFactorTypeUnspecified, err return domain.MultiFactorTypeUnspecified, err
} }
if err = r.eventstore.PushAggregate(ctx, multiFactorModel, iamAgg); err != nil { if _, err = r.eventstore.PushEvents(ctx, event); err != nil {
return domain.MultiFactorTypeUnspecified, err return domain.MultiFactorTypeUnspecified, err
} }
return domain.MultiFactorType(multiFactorModel.MultiFactoryWriteModel.MFAType), nil return multiFactorModel.MultiFactoryWriteModel.MFAType, nil
} }
func (r *CommandSide) addMultiFactorToDefaultLoginPolicy(ctx context.Context, iamAgg *iam_repo.Aggregate, multiFactorModel *IAMMultiFactorWriteModel, multiFactor domain.MultiFactorType) error { func (r *CommandSide) addMultiFactorToDefaultLoginPolicy(ctx context.Context, iamAgg *eventstore.Aggregate, multiFactorModel *IAMMultiFactorWriteModel, multiFactor domain.MultiFactorType) (eventstore.EventPusher, error) {
err := r.eventstore.FilterToQueryReducer(ctx, multiFactorModel) err := r.eventstore.FilterToQueryReducer(ctx, multiFactorModel)
if err != nil { if err != nil {
return err return nil, err
} }
if multiFactorModel.State == domain.FactorStateActive { if multiFactorModel.State == domain.FactorStateActive {
return caos_errs.ThrowAlreadyExists(nil, "IAM-3M9od", "Errors.IAM.LoginPolicy.MFA.AlreadyExists") return nil, caos_errs.ThrowAlreadyExists(nil, "IAM-3M9od", "Errors.IAM.LoginPolicy.MFA.AlreadyExists")
} }
iamAgg.PushEvents(iam_repo.NewLoginPolicyMultiFactorAddedEvent(ctx, domain.MultiFactorType(multiFactor))) return iam_repo.NewLoginPolicyMultiFactorAddedEvent(ctx, iamAgg, multiFactor), nil
return nil
} }
func (r *CommandSide) RemoveMultiFactorFromDefaultLoginPolicy(ctx context.Context, multiFactor domain.MultiFactorType) error { func (r *CommandSide) RemoveMultiFactorFromDefaultLoginPolicy(ctx context.Context, multiFactor domain.MultiFactorType) error {
@ -227,9 +222,8 @@ func (r *CommandSide) RemoveMultiFactorFromDefaultLoginPolicy(ctx context.Contex
return caos_errs.ThrowNotFound(nil, "IAM-3M9df", "Errors.IAM.LoginPolicy.MFA.NotExisting") return caos_errs.ThrowNotFound(nil, "IAM-3M9df", "Errors.IAM.LoginPolicy.MFA.NotExisting")
} }
iamAgg := IAMAggregateFromWriteModel(&multiFactorModel.MultiFactoryWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&multiFactorModel.MultiFactoryWriteModel.WriteModel)
iamAgg.PushEvents(iam_repo.NewLoginPolicyMultiFactorRemovedEvent(ctx, domain.MultiFactorType(multiFactor))) _, err = r.eventstore.PushEvents(ctx, iam_repo.NewLoginPolicyMultiFactorRemovedEvent(ctx, iamAgg, multiFactor))
return err
return r.eventstore.PushAggregate(ctx, multiFactorModel, iamAgg)
} }
func (r *CommandSide) defaultLoginPolicyWriteModelByID(ctx context.Context, writeModel *IAMLoginPolicyWriteModel) (err error) { func (r *CommandSide) defaultLoginPolicyWriteModelByID(ctx context.Context, writeModel *IAMLoginPolicyWriteModel) (err error) {

10
internal/v2/command/iam_policy_login_factors_model.go
View File

@ -39,7 +39,10 @@ func (wm *IAMSecondFactorWriteModel) Reduce() error {
func (wm *IAMSecondFactorWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *IAMSecondFactorWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType).
AggregateIDs(wm.WriteModel.AggregateID). AggregateIDs(wm.WriteModel.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(
iam.LoginPolicySecondFactorAddedEventType,
iam.LoginPolicySecondFactorRemovedEventType)
} }
type IAMMultiFactorWriteModel struct { type IAMMultiFactorWriteModel struct {
@ -75,5 +78,8 @@ func (wm *IAMMultiFactorWriteModel) Reduce() error {
func (wm *IAMMultiFactorWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *IAMMultiFactorWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType).
AggregateIDs(wm.WriteModel.AggregateID). AggregateIDs(wm.WriteModel.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(
iam.LoginPolicyMultiFactorAddedEventType,
iam.LoginPolicyMultiFactorRemovedEventType)
} }

8
internal/v2/command/iam_policy_login_model.go
View File

@ -46,11 +46,15 @@ func (wm *IAMLoginPolicyWriteModel) Reduce() error {
func (wm *IAMLoginPolicyWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *IAMLoginPolicyWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType).
AggregateIDs(wm.LoginPolicyWriteModel.AggregateID). AggregateIDs(wm.LoginPolicyWriteModel.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(
iam.LoginPolicyAddedEventType,
iam.LoginPolicyChangedEventType)
} }
func (wm *IAMLoginPolicyWriteModel) NewChangedEvent( func (wm *IAMLoginPolicyWriteModel) NewChangedEvent(
ctx context.Context, ctx context.Context,
aggregate *eventstore.Aggregate,
allowUsernamePassword, allowUsernamePassword,
allowRegister, allowRegister,
allowExternalIDP, allowExternalIDP,
@ -77,7 +81,7 @@ func (wm *IAMLoginPolicyWriteModel) NewChangedEvent(
if len(changes) == 0 { if len(changes) == 0 {
return nil, false return nil, false
} }
changedEvent, err := iam.NewLoginPolicyChangedEvent(ctx, changes) changedEvent, err := iam.NewLoginPolicyChangedEvent(ctx, aggregate, changes)
if err != nil { if err != nil {
return nil, false return nil, false
} }

35
internal/v2/command/iam_policy_mail_template.go
View File

@ -3,6 +3,7 @@ package command
import ( import (
"context" "context"
caos_errs "github.com/caos/zitadel/internal/errors" caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
iam_repo "github.com/caos/zitadel/internal/v2/repository/iam" iam_repo "github.com/caos/zitadel/internal/v2/repository/iam"
@ -11,34 +12,35 @@ import (
func (r *CommandSide) AddDefaultMailTemplate(ctx context.Context, policy *domain.MailTemplate) (*domain.MailTemplate, error) { func (r *CommandSide) AddDefaultMailTemplate(ctx context.Context, policy *domain.MailTemplate) (*domain.MailTemplate, error) {
addedPolicy := NewIAMMailTemplateWriteModel() addedPolicy := NewIAMMailTemplateWriteModel()
iamAgg := IAMAggregateFromWriteModel(&addedPolicy.MailTemplateWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&addedPolicy.MailTemplateWriteModel.WriteModel)
err := r.addDefaultMailTemplate(ctx, nil, addedPolicy, policy) event, err := r.addDefaultMailTemplate(ctx, iamAgg, addedPolicy, policy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
err = r.eventstore.PushAggregate(ctx, addedPolicy, iamAgg) pushedEvents, err := r.eventstore.PushEvents(ctx, event)
if err != nil {
return nil, err
}
err = AppendAndReduce(addedPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return writeModelToMailTemplatePolicy(&addedPolicy.MailTemplateWriteModel), nil return writeModelToMailTemplatePolicy(&addedPolicy.MailTemplateWriteModel), nil
} }
func (r *CommandSide) addDefaultMailTemplate(ctx context.Context, iamAgg *iam_repo.Aggregate, addedPolicy *IAMMailTemplateWriteModel, policy *domain.MailTemplate) error { func (r *CommandSide) addDefaultMailTemplate(ctx context.Context, iamAgg *eventstore.Aggregate, addedPolicy *IAMMailTemplateWriteModel, policy *domain.MailTemplate) (eventstore.EventPusher, error) {
if !policy.IsValid() { if !policy.IsValid() {
return caos_errs.ThrowPreconditionFailed(nil, "IAM-fm9sd", "Errors.IAM.MailTemplate.Invalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-fm9sd", "Errors.IAM.MailTemplate.Invalid")
} }
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil { if err != nil {
return err return nil, err
} }
if addedPolicy.State == domain.PolicyStateActive { if addedPolicy.State == domain.PolicyStateActive {
return caos_errs.ThrowAlreadyExists(nil, "IAM-5n8fs", "Errors.IAM.MailTemplate.AlreadyExists") return nil, caos_errs.ThrowAlreadyExists(nil, "IAM-5n8fs", "Errors.IAM.MailTemplate.AlreadyExists")
} }
iamAgg.PushEvents(iam_repo.NewMailTemplateAddedEvent(ctx, policy.Template)) return iam_repo.NewMailTemplateAddedEvent(ctx, iamAgg, policy.Template), nil
return nil
} }
func (r *CommandSide) ChangeDefaultMailTemplate(ctx context.Context, policy *domain.MailTemplate) (*domain.MailTemplate, error) { func (r *CommandSide) ChangeDefaultMailTemplate(ctx context.Context, policy *domain.MailTemplate) (*domain.MailTemplate, error) {
@ -54,19 +56,20 @@ func (r *CommandSide) ChangeDefaultMailTemplate(ctx context.Context, policy *dom
return nil, caos_errs.ThrowNotFound(nil, "IAM-2N8fs", "Errors.IAM.MailTemplate.NotFound") return nil, caos_errs.ThrowNotFound(nil, "IAM-2N8fs", "Errors.IAM.MailTemplate.NotFound")
} }
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, policy.Template) iamAgg := IAMAggregateFromWriteModel(&existingPolicy.MailTemplateWriteModel.WriteModel)
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, iamAgg, policy.Template)
if !hasChanged { if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-3nfsG", "Errors.IAM.MailTemplate.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-3nfsG", "Errors.IAM.MailTemplate.NotChanged")
} }
iamAgg := IAMAggregateFromWriteModel(&existingPolicy.MailTemplateWriteModel.WriteModel) pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent)
iamAgg.PushEvents(changedEvent) if err != nil {
return nil, err
err = r.eventstore.PushAggregate(ctx, existingPolicy, iamAgg) }
err = AppendAndReduce(existingPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return writeModelToMailTemplatePolicy(&existingPolicy.MailTemplateWriteModel), nil return writeModelToMailTemplatePolicy(&existingPolicy.MailTemplateWriteModel), nil
} }

8
internal/v2/command/iam_policy_mail_template_model.go
View File

@ -43,11 +43,15 @@ func (wm *IAMMailTemplateWriteModel) Reduce() error {
func (wm *IAMMailTemplateWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *IAMMailTemplateWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType).
AggregateIDs(wm.MailTemplateWriteModel.AggregateID). AggregateIDs(wm.MailTemplateWriteModel.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(
iam.MailTemplateAddedEventType,
iam.MailTemplateChangedEventType)
} }
func (wm *IAMMailTemplateWriteModel) NewChangedEvent( func (wm *IAMMailTemplateWriteModel) NewChangedEvent(
ctx context.Context, ctx context.Context,
aggregate *eventstore.Aggregate,
template []byte, template []byte,
) (*iam.MailTemplateChangedEvent, bool) { ) (*iam.MailTemplateChangedEvent, bool) {
changes := make([]policy.MailTemplateChanges, 0) changes := make([]policy.MailTemplateChanges, 0)
@ -57,7 +61,7 @@ func (wm *IAMMailTemplateWriteModel) NewChangedEvent(
if len(changes) == 0 { if len(changes) == 0 {
return nil, false return nil, false
} }
changedEvent, err := iam.NewMailTemplateChangedEvent(ctx, changes) changedEvent, err := iam.NewMailTemplateChangedEvent(ctx, aggregate, changes)
if err != nil { if err != nil {
return nil, false return nil, false
} }

55
internal/v2/command/iam_policy_mail_text.go
View File

@ -3,6 +3,7 @@ package command
import ( import (
"context" "context"
caos_errs "github.com/caos/zitadel/internal/errors" caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
iam_repo "github.com/caos/zitadel/internal/v2/repository/iam" iam_repo "github.com/caos/zitadel/internal/v2/repository/iam"
@ -11,45 +12,45 @@ import (
func (r *CommandSide) AddDefaultMailText(ctx context.Context, policy *domain.MailText) (*domain.MailText, error) { func (r *CommandSide) AddDefaultMailText(ctx context.Context, policy *domain.MailText) (*domain.MailText, error) {
addedPolicy := NewIAMMailTextWriteModel(policy.MailTextType, policy.Language) addedPolicy := NewIAMMailTextWriteModel(policy.MailTextType, policy.Language)
iamAgg := IAMAggregateFromWriteModel(&addedPolicy.MailTextWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&addedPolicy.MailTextWriteModel.WriteModel)
err := r.addDefaultMailText(ctx, nil, addedPolicy, policy) event, err := r.addDefaultMailText(ctx, iamAgg, addedPolicy, policy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
err = r.eventstore.PushAggregate(ctx, addedPolicy, iamAgg) pushedEvents, err := r.eventstore.PushEvents(ctx, event)
if err != nil {
return nil, err
}
err = AppendAndReduce(addedPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return writeModelToMailTextPolicy(&addedPolicy.MailTextWriteModel), nil return writeModelToMailTextPolicy(&addedPolicy.MailTextWriteModel), nil
} }
func (r *CommandSide) addDefaultMailText(ctx context.Context, iamAgg *iam_repo.Aggregate, addedPolicy *IAMMailTextWriteModel, mailText *domain.MailText) error { func (r *CommandSide) addDefaultMailText(ctx context.Context, iamAgg *eventstore.Aggregate, addedPolicy *IAMMailTextWriteModel, mailText *domain.MailText) (eventstore.EventPusher, error) {
if !mailText.IsValid() { if !mailText.IsValid() {
return caos_errs.ThrowPreconditionFailed(nil, "IAM-3n8fs", "Errors.IAM.MailText.Invalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-3n8fs", "Errors.IAM.MailText.Invalid")
} }
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil { if err != nil {
return err return nil, err
} }
if addedPolicy.State == domain.PolicyStateActive { if addedPolicy.State == domain.PolicyStateActive {
return caos_errs.ThrowAlreadyExists(nil, "IAM-9o0pM", "Errors.IAM.MailText.AlreadyExists") return nil, caos_errs.ThrowAlreadyExists(nil, "IAM-9o0pM", "Errors.IAM.MailText.AlreadyExists")
} }
iamAgg.PushEvents( return iam_repo.NewMailTextAddedEvent(
iam_repo.NewMailTextAddedEvent( ctx,
ctx, iamAgg,
mailText.MailTextType, mailText.MailTextType,
mailText.Language, mailText.Language,
mailText.Title, mailText.Title,
mailText.PreHeader, mailText.PreHeader,
mailText.Subject, mailText.Subject,
mailText.Greeting, mailText.Greeting,
mailText.Text, mailText.Text,
mailText.ButtonText), mailText.ButtonText), nil
)
return nil
} }
func (r *CommandSide) ChangeDefaultMailText(ctx context.Context, mailText *domain.MailText) (*domain.MailText, error) { func (r *CommandSide) ChangeDefaultMailText(ctx context.Context, mailText *domain.MailText) (*domain.MailText, error) {
@ -65,8 +66,10 @@ func (r *CommandSide) ChangeDefaultMailText(ctx context.Context, mailText *domai
return nil, caos_errs.ThrowNotFound(nil, "IAM-2N8fs", "Errors.IAM.MailText.NotFound") return nil, caos_errs.ThrowNotFound(nil, "IAM-2N8fs", "Errors.IAM.MailText.NotFound")
} }
iamAgg := IAMAggregateFromWriteModel(&existingPolicy.MailTextWriteModel.WriteModel)
changedEvent, hasChanged := existingPolicy.NewChangedEvent( changedEvent, hasChanged := existingPolicy.NewChangedEvent(
ctx, ctx,
iamAgg,
mailText.MailTextType, mailText.MailTextType,
mailText.Language, mailText.Language,
mailText.Title, mailText.Title,
@ -79,14 +82,14 @@ func (r *CommandSide) ChangeDefaultMailText(ctx context.Context, mailText *domai
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-m9L0s", "Errors.IAM.MailText.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-m9L0s", "Errors.IAM.MailText.NotChanged")
} }
iamAgg := IAMAggregateFromWriteModel(&existingPolicy.MailTextWriteModel.WriteModel) pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent)
iamAgg.PushEvents(changedEvent) if err != nil {
return nil, err
err = r.eventstore.PushAggregate(ctx, existingPolicy, iamAgg) }
err = AppendAndReduce(existingPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return writeModelToMailTextPolicy(&existingPolicy.MailTextWriteModel), nil return writeModelToMailTextPolicy(&existingPolicy.MailTextWriteModel), nil
} }

8
internal/v2/command/iam_policy_mail_text_model.go
View File

@ -43,11 +43,15 @@ func (wm *IAMMailTextWriteModel) Reduce() error {
func (wm *IAMMailTextWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *IAMMailTextWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType).
AggregateIDs(wm.MailTextWriteModel.AggregateID). AggregateIDs(wm.MailTextWriteModel.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(
iam.MailTextAddedEventType,
iam.MailTextChangedEventType)
} }
func (wm *IAMMailTextWriteModel) NewChangedEvent( func (wm *IAMMailTextWriteModel) NewChangedEvent(
ctx context.Context, ctx context.Context,
aggregate *eventstore.Aggregate,
mailTextType, mailTextType,
language, language,
title, title,
@ -79,7 +83,7 @@ func (wm *IAMMailTextWriteModel) NewChangedEvent(
if len(changes) == 0 { if len(changes) == 0 {
return nil, false return nil, false
} }
changedEvent, err := iam.NewMailTextChangedEvent(ctx, mailTextType, language, changes) changedEvent, err := iam.NewMailTextChangedEvent(ctx, aggregate, mailTextType, language, changes)
if err != nil { if err != nil {
return nil, false return nil, false
} }

33
internal/v2/command/iam_policy_org_iam.go
View File

@ -3,6 +3,7 @@ package command
import ( import (
"context" "context"
caos_errs "github.com/caos/zitadel/internal/errors" caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
iam_repo "github.com/caos/zitadel/internal/v2/repository/iam" iam_repo "github.com/caos/zitadel/internal/v2/repository/iam"
@ -11,30 +12,31 @@ import (
func (r *CommandSide) AddDefaultOrgIAMPolicy(ctx context.Context, policy *domain.OrgIAMPolicy) (*domain.OrgIAMPolicy, error) { func (r *CommandSide) AddDefaultOrgIAMPolicy(ctx context.Context, policy *domain.OrgIAMPolicy) (*domain.OrgIAMPolicy, error) {
addedPolicy := NewIAMOrgIAMPolicyWriteModel() addedPolicy := NewIAMOrgIAMPolicyWriteModel()
iamAgg := IAMAggregateFromWriteModel(&addedPolicy.WriteModel) iamAgg := IAMAggregateFromWriteModel(&addedPolicy.WriteModel)
err := r.addDefaultOrgIAMPolicy(ctx, nil, addedPolicy, policy) event, err := r.addDefaultOrgIAMPolicy(ctx, iamAgg, addedPolicy, policy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
err = r.eventstore.PushAggregate(ctx, addedPolicy, iamAgg) pushedEvents, err := r.eventstore.PushEvents(ctx, event)
if err != nil {
return nil, err
}
err = AppendAndReduce(addedPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return writeModelToOrgIAMPolicy(addedPolicy), nil return writeModelToOrgIAMPolicy(addedPolicy), nil
} }
func (r *CommandSide) addDefaultOrgIAMPolicy(ctx context.Context, iamAgg *iam_repo.Aggregate, addedPolicy *IAMOrgIAMPolicyWriteModel, policy *domain.OrgIAMPolicy) error { func (r *CommandSide) addDefaultOrgIAMPolicy(ctx context.Context, iamAgg *eventstore.Aggregate, addedPolicy *IAMOrgIAMPolicyWriteModel, policy *domain.OrgIAMPolicy) (eventstore.EventPusher, error) {
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil { if err != nil {
return err return nil, err
} }
if addedPolicy.State == domain.PolicyStateActive { if addedPolicy.State == domain.PolicyStateActive {
return caos_errs.ThrowAlreadyExists(nil, "IAM-Lk0dS", "Errors.IAM.OrgIAMPolicy.AlreadyExists") return nil, caos_errs.ThrowAlreadyExists(nil, "IAM-Lk0dS", "Errors.IAM.OrgIAMPolicy.AlreadyExists")
} }
iamAgg.PushEvents(iam_repo.NewOrgIAMPolicyAddedEvent(ctx, policy.UserLoginMustBeDomain)) return iam_repo.NewOrgIAMPolicyAddedEvent(ctx, iamAgg, policy.UserLoginMustBeDomain), nil
return nil
} }
func (r *CommandSide) ChangeDefaultOrgIAMPolicy(ctx context.Context, policy *domain.OrgIAMPolicy) (*domain.OrgIAMPolicy, error) { func (r *CommandSide) ChangeDefaultOrgIAMPolicy(ctx context.Context, policy *domain.OrgIAMPolicy) (*domain.OrgIAMPolicy, error) {
@ -46,19 +48,20 @@ func (r *CommandSide) ChangeDefaultOrgIAMPolicy(ctx context.Context, policy *dom
return nil, caos_errs.ThrowNotFound(nil, "IAM-0Pl0d", "Errors.IAM.OrgIAMPolicy.NotFound") return nil, caos_errs.ThrowNotFound(nil, "IAM-0Pl0d", "Errors.IAM.OrgIAMPolicy.NotFound")
} }
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, policy.UserLoginMustBeDomain) iamAgg := IAMAggregateFromWriteModel(&existingPolicy.PolicyOrgIAMWriteModel.WriteModel)
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, iamAgg, policy.UserLoginMustBeDomain)
if !hasChanged { if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9vs", "Errors.IAM.LabelPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9vs", "Errors.IAM.LabelPolicy.NotChanged")
} }
iamAgg := IAMAggregateFromWriteModel(&existingPolicy.PolicyOrgIAMWriteModel.WriteModel) pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent)
iamAgg.PushEvents(changedEvent) if err != nil {
return nil, err
err = r.eventstore.PushAggregate(ctx, existingPolicy, iamAgg) }
err = AppendAndReduce(existingPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return writeModelToOrgIAMPolicy(existingPolicy), nil return writeModelToOrgIAMPolicy(existingPolicy), nil
} }

12
internal/v2/command/iam_policy_org_iam_model.go
View File

@ -42,10 +42,16 @@ func (wm *IAMOrgIAMPolicyWriteModel) Reduce() error {
func (wm *IAMOrgIAMPolicyWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *IAMOrgIAMPolicyWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType).
AggregateIDs(wm.PolicyOrgIAMWriteModel.AggregateID). AggregateIDs(wm.PolicyOrgIAMWriteModel.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(
iam.OrgIAMPolicyAddedEventType,
iam.OrgIAMPolicyChangedEventType)
} }
func (wm *IAMOrgIAMPolicyWriteModel) NewChangedEvent(ctx context.Context, userLoginMustBeDomain bool) (*iam.OrgIAMPolicyChangedEvent, bool) { func (wm *IAMOrgIAMPolicyWriteModel) NewChangedEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
userLoginMustBeDomain bool) (*iam.OrgIAMPolicyChangedEvent, bool) {
changes := make([]policy.OrgIAMPolicyChanges, 0) changes := make([]policy.OrgIAMPolicyChanges, 0)
if wm.UserLoginMustBeDomain != userLoginMustBeDomain { if wm.UserLoginMustBeDomain != userLoginMustBeDomain {
changes = append(changes, policy.ChangeUserLoginMustBeDomain(userLoginMustBeDomain)) changes = append(changes, policy.ChangeUserLoginMustBeDomain(userLoginMustBeDomain))
@ -53,7 +59,7 @@ func (wm *IAMOrgIAMPolicyWriteModel) NewChangedEvent(ctx context.Context, userLo
if len(changes) == 0 { if len(changes) == 0 {
return nil, false return nil, false
} }
changedEvent, err := iam.NewOrgIAMPolicyChangedEvent(ctx, changes) changedEvent, err := iam.NewOrgIAMPolicyChangedEvent(ctx, aggregate, changes)
if err != nil { if err != nil {
return nil, false return nil, false
} }

31
internal/v2/command/iam_policy_password_age.go
View File

@ -3,6 +3,7 @@ package command
import ( import (
"context" "context"
caos_errs "github.com/caos/zitadel/internal/errors" caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
iam_repo "github.com/caos/zitadel/internal/v2/repository/iam" iam_repo "github.com/caos/zitadel/internal/v2/repository/iam"
@ -11,31 +12,33 @@ import (
func (r *CommandSide) AddDefaultPasswordAgePolicy(ctx context.Context, policy *domain.PasswordAgePolicy) (*domain.PasswordAgePolicy, error) { func (r *CommandSide) AddDefaultPasswordAgePolicy(ctx context.Context, policy *domain.PasswordAgePolicy) (*domain.PasswordAgePolicy, error) {
addedPolicy := NewIAMPasswordAgePolicyWriteModel() addedPolicy := NewIAMPasswordAgePolicyWriteModel()
iamAgg := IAMAggregateFromWriteModel(&addedPolicy.WriteModel) iamAgg := IAMAggregateFromWriteModel(&addedPolicy.WriteModel)
err := r.addDefaultPasswordAgePolicy(ctx, nil, addedPolicy, policy) event, err := r.addDefaultPasswordAgePolicy(ctx, iamAgg, addedPolicy, policy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
err = r.eventstore.PushAggregate(ctx, addedPolicy, iamAgg) pushedEvents, err := r.eventstore.PushEvents(ctx, event)
if err != nil {
return nil, err
}
err = AppendAndReduce(addedPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return writeModelToPasswordAgePolicy(&addedPolicy.PasswordAgePolicyWriteModel), nil return writeModelToPasswordAgePolicy(&addedPolicy.PasswordAgePolicyWriteModel), nil
} }
func (r *CommandSide) addDefaultPasswordAgePolicy(ctx context.Context, iamAgg *iam_repo.Aggregate, addedPolicy *IAMPasswordAgePolicyWriteModel, policy *domain.PasswordAgePolicy) error { func (r *CommandSide) addDefaultPasswordAgePolicy(ctx context.Context, iamAgg *eventstore.Aggregate, addedPolicy *IAMPasswordAgePolicyWriteModel, policy *domain.PasswordAgePolicy) (eventstore.EventPusher, error) {
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil { if err != nil {
return err return nil, err
} }
if addedPolicy.State == domain.PolicyStateActive { if addedPolicy.State == domain.PolicyStateActive {
return caos_errs.ThrowAlreadyExists(nil, "IAM-Lk0dS", "Errors.IAM.PasswordAgePolicy.AlreadyExists") return nil, caos_errs.ThrowAlreadyExists(nil, "IAM-Lk0dS", "Errors.IAM.PasswordAgePolicy.AlreadyExists")
} }
iamAgg.PushEvents(iam_repo.NewPasswordAgePolicyAddedEvent(ctx, policy.ExpireWarnDays, policy.MaxAgeDays)) return iam_repo.NewPasswordAgePolicyAddedEvent(ctx, iamAgg, policy.ExpireWarnDays, policy.MaxAgeDays), nil
return nil
} }
func (r *CommandSide) ChangeDefaultPasswordAgePolicy(ctx context.Context, policy *domain.PasswordAgePolicy) (*domain.PasswordAgePolicy, error) { func (r *CommandSide) ChangeDefaultPasswordAgePolicy(ctx context.Context, policy *domain.PasswordAgePolicy) (*domain.PasswordAgePolicy, error) {
@ -47,15 +50,17 @@ func (r *CommandSide) ChangeDefaultPasswordAgePolicy(ctx context.Context, policy
return nil, caos_errs.ThrowNotFound(nil, "IAM-0oPew", "Errors.IAM.PasswordAgePolicy.NotFound") return nil, caos_errs.ThrowNotFound(nil, "IAM-0oPew", "Errors.IAM.PasswordAgePolicy.NotFound")
} }
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, policy.ExpireWarnDays, policy.MaxAgeDays) iamAgg := IAMAggregateFromWriteModel(&existingPolicy.PasswordAgePolicyWriteModel.WriteModel)
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, iamAgg, policy.ExpireWarnDays, policy.MaxAgeDays)
if !hasChanged { if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9vs", "Errors.IAM.LabelPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9vs", "Errors.IAM.LabelPolicy.NotChanged")
} }
iamAgg := IAMAggregateFromWriteModel(&existingPolicy.PasswordAgePolicyWriteModel.WriteModel) pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent)
iamAgg.PushEvents(changedEvent) if err != nil {
return nil, err
err = r.eventstore.PushAggregate(ctx, existingPolicy, iamAgg) }
err = AppendAndReduce(existingPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }

13
internal/v2/command/iam_policy_password_age_model.go
View File

@ -42,10 +42,17 @@ func (wm *IAMPasswordAgePolicyWriteModel) Reduce() error {
func (wm *IAMPasswordAgePolicyWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *IAMPasswordAgePolicyWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType).
AggregateIDs(wm.PasswordAgePolicyWriteModel.AggregateID). AggregateIDs(wm.PasswordAgePolicyWriteModel.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(
iam.PasswordAgePolicyAddedEventType,
iam.PasswordAgePolicyChangedEventType)
} }
func (wm *IAMPasswordAgePolicyWriteModel) NewChangedEvent(ctx context.Context, expireWarnDays, maxAgeDays uint64) (*iam.PasswordAgePolicyChangedEvent, bool) { func (wm *IAMPasswordAgePolicyWriteModel) NewChangedEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
expireWarnDays,
maxAgeDays uint64) (*iam.PasswordAgePolicyChangedEvent, bool) {
changes := make([]policy.PasswordAgePolicyChanges, 0) changes := make([]policy.PasswordAgePolicyChanges, 0)
if wm.ExpireWarnDays != expireWarnDays { if wm.ExpireWarnDays != expireWarnDays {
changes = append(changes, policy.ChangeExpireWarnDays(expireWarnDays)) changes = append(changes, policy.ChangeExpireWarnDays(expireWarnDays))
@ -56,7 +63,7 @@ func (wm *IAMPasswordAgePolicyWriteModel) NewChangedEvent(ctx context.Context, e
if len(changes) == 0 { if len(changes) == 0 {
return nil, false return nil, false
} }
changedEvent, err := iam.NewPasswordAgePolicyChangedEvent(ctx, changes) changedEvent, err := iam.NewPasswordAgePolicyChangedEvent(ctx, aggregate, changes)
if err != nil { if err != nil {
return nil, false return nil, false
} }

35
internal/v2/command/iam_policy_password_complexity.go
View File

@ -3,6 +3,7 @@ package command
import ( import (
"context" "context"
caos_errs "github.com/caos/zitadel/internal/errors" caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
iam_repo "github.com/caos/zitadel/internal/v2/repository/iam" iam_repo "github.com/caos/zitadel/internal/v2/repository/iam"
@ -22,35 +23,36 @@ func (r *CommandSide) getDefaultPasswordComplexityPolicy(ctx context.Context) (*
func (r *CommandSide) AddDefaultPasswordComplexityPolicy(ctx context.Context, policy *domain.PasswordComplexityPolicy) (*domain.PasswordComplexityPolicy, error) { func (r *CommandSide) AddDefaultPasswordComplexityPolicy(ctx context.Context, policy *domain.PasswordComplexityPolicy) (*domain.PasswordComplexityPolicy, error) {
addedPolicy := NewIAMPasswordComplexityPolicyWriteModel() addedPolicy := NewIAMPasswordComplexityPolicyWriteModel()
iamAgg := IAMAggregateFromWriteModel(&addedPolicy.WriteModel) iamAgg := IAMAggregateFromWriteModel(&addedPolicy.WriteModel)
err := r.addDefaultPasswordComplexityPolicy(ctx, iamAgg, addedPolicy, policy) events, err := r.addDefaultPasswordComplexityPolicy(ctx, iamAgg, addedPolicy, policy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
err = r.eventstore.PushAggregate(ctx, addedPolicy, iamAgg) pushedEvents, err := r.eventstore.PushEvents(ctx, events)
if err != nil {
return nil, err
}
err = AppendAndReduce(addedPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return writeModelToPasswordComplexityPolicy(&addedPolicy.PasswordComplexityPolicyWriteModel), nil return writeModelToPasswordComplexityPolicy(&addedPolicy.PasswordComplexityPolicyWriteModel), nil
} }
func (r *CommandSide) addDefaultPasswordComplexityPolicy(ctx context.Context, iamAgg *iam_repo.Aggregate, addedPolicy *IAMPasswordComplexityPolicyWriteModel, policy *domain.PasswordComplexityPolicy) error { func (r *CommandSide) addDefaultPasswordComplexityPolicy(ctx context.Context, iamAgg *eventstore.Aggregate, addedPolicy *IAMPasswordComplexityPolicyWriteModel, policy *domain.PasswordComplexityPolicy) (eventstore.EventPusher, error) {
if err := policy.IsValid(); err != nil { if err := policy.IsValid(); err != nil {
return err return nil, err
} }
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil { if err != nil {
return err return nil, err
} }
if addedPolicy.State == domain.PolicyStateActive { if addedPolicy.State == domain.PolicyStateActive {
return caos_errs.ThrowAlreadyExists(nil, "IAM-Lk0dS", "Errors.IAM.PasswordComplexityPolicy.AlreadyExists") return nil, caos_errs.ThrowAlreadyExists(nil, "IAM-Lk0dS", "Errors.IAM.PasswordComplexityPolicy.AlreadyExists")
} }
iamAgg.PushEvents(iam_repo.NewPasswordComplexityPolicyAddedEvent(ctx, policy.MinLength, policy.HasLowercase, policy.HasUppercase, policy.HasNumber, policy.HasSymbol)) return iam_repo.NewPasswordComplexityPolicyAddedEvent(ctx, iamAgg, policy.MinLength, policy.HasLowercase, policy.HasUppercase, policy.HasNumber, policy.HasSymbol), nil
return nil
} }
func (r *CommandSide) ChangeDefaultPasswordComplexityPolicy(ctx context.Context, policy *domain.PasswordComplexityPolicy) (*domain.PasswordComplexityPolicy, error) { func (r *CommandSide) ChangeDefaultPasswordComplexityPolicy(ctx context.Context, policy *domain.PasswordComplexityPolicy) (*domain.PasswordComplexityPolicy, error) {
@ -66,18 +68,19 @@ func (r *CommandSide) ChangeDefaultPasswordComplexityPolicy(ctx context.Context,
return nil, caos_errs.ThrowNotFound(nil, "IAM-0oPew", "Errors.IAM.PasswordAgePolicy.NotFound") return nil, caos_errs.ThrowNotFound(nil, "IAM-0oPew", "Errors.IAM.PasswordAgePolicy.NotFound")
} }
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, policy.MinLength, policy.HasLowercase, policy.HasUppercase, policy.HasNumber, policy.HasSymbol) iamAgg := IAMAggregateFromWriteModel(&existingPolicy.PasswordComplexityPolicyWriteModel.WriteModel)
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, iamAgg, policy.MinLength, policy.HasLowercase, policy.HasUppercase, policy.HasNumber, policy.HasSymbol)
if !hasChanged { if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9vs", "Errors.IAM.LabelPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9vs", "Errors.IAM.LabelPolicy.NotChanged")
} }
iamAgg := IAMAggregateFromWriteModel(&existingPolicy.PasswordComplexityPolicyWriteModel.WriteModel) pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent)
iamAgg.PushEvents(changedEvent) if err != nil {
return nil, err
err = r.eventstore.PushAggregate(ctx, existingPolicy, iamAgg) }
err = AppendAndReduce(existingPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return writeModelToPasswordComplexityPolicy(&existingPolicy.PasswordComplexityPolicyWriteModel), nil return writeModelToPasswordComplexityPolicy(&existingPolicy.PasswordComplexityPolicyWriteModel), nil
} }

8
internal/v2/command/iam_policy_password_complexity_model.go
View File

@ -42,11 +42,15 @@ func (wm *IAMPasswordComplexityPolicyWriteModel) Reduce() error {
func (wm *IAMPasswordComplexityPolicyWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *IAMPasswordComplexityPolicyWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType).
AggregateIDs(wm.PasswordComplexityPolicyWriteModel.AggregateID). AggregateIDs(wm.PasswordComplexityPolicyWriteModel.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(
iam.PasswordComplexityPolicyAddedEventType,
iam.PasswordComplexityPolicyChangedEventType)
} }
func (wm *IAMPasswordComplexityPolicyWriteModel) NewChangedEvent( func (wm *IAMPasswordComplexityPolicyWriteModel) NewChangedEvent(
ctx context.Context, ctx context.Context,
aggregate *eventstore.Aggregate,
minLength uint64, minLength uint64,
hasLowercase, hasLowercase,
hasUppercase, hasUppercase,
@ -73,7 +77,7 @@ func (wm *IAMPasswordComplexityPolicyWriteModel) NewChangedEvent(
if len(changes) == 0 { if len(changes) == 0 {
return nil, false return nil, false
} }
changedEvent, err := iam.NewPasswordComplexityPolicyChangedEvent(ctx, changes) changedEvent, err := iam.NewPasswordComplexityPolicyChangedEvent(ctx, aggregate, changes)
if err != nil { if err != nil {
return nil, false return nil, false
} }

33
internal/v2/command/iam_policy_password_lockout.go
View File

@ -3,6 +3,7 @@ package command
import ( import (
"context" "context"
caos_errs "github.com/caos/zitadel/internal/errors" caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
iam_repo "github.com/caos/zitadel/internal/v2/repository/iam" iam_repo "github.com/caos/zitadel/internal/v2/repository/iam"
@ -11,12 +12,15 @@ import (
func (r *CommandSide) AddDefaultPasswordLockoutPolicy(ctx context.Context, policy *domain.PasswordLockoutPolicy) (*domain.PasswordLockoutPolicy, error) { func (r *CommandSide) AddDefaultPasswordLockoutPolicy(ctx context.Context, policy *domain.PasswordLockoutPolicy) (*domain.PasswordLockoutPolicy, error) {
addedPolicy := NewIAMPasswordLockoutPolicyWriteModel() addedPolicy := NewIAMPasswordLockoutPolicyWriteModel()
iamAgg := IAMAggregateFromWriteModel(&addedPolicy.WriteModel) iamAgg := IAMAggregateFromWriteModel(&addedPolicy.WriteModel)
err := r.addDefaultPasswordLockoutPolicy(ctx, nil, addedPolicy, policy) event, err := r.addDefaultPasswordLockoutPolicy(ctx, iamAgg, addedPolicy, policy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, event)
err = r.eventstore.PushAggregate(ctx, addedPolicy, iamAgg) if err != nil {
return nil, err
}
err = AppendAndReduce(addedPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -24,18 +28,16 @@ func (r *CommandSide) AddDefaultPasswordLockoutPolicy(ctx context.Context, polic
return writeModelToPasswordLockoutPolicy(&addedPolicy.PasswordLockoutPolicyWriteModel), nil return writeModelToPasswordLockoutPolicy(&addedPolicy.PasswordLockoutPolicyWriteModel), nil
} }
func (r *CommandSide) addDefaultPasswordLockoutPolicy(ctx context.Context, iamAgg *iam_repo.Aggregate, addedPolicy *IAMPasswordLockoutPolicyWriteModel, policy *domain.PasswordLockoutPolicy) error { func (r *CommandSide) addDefaultPasswordLockoutPolicy(ctx context.Context, iamAgg *eventstore.Aggregate, addedPolicy *IAMPasswordLockoutPolicyWriteModel, policy *domain.PasswordLockoutPolicy) (eventstore.EventPusher, error) {
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil { if err != nil {
return err return nil, err
} }
if addedPolicy.State == domain.PolicyStateActive { if addedPolicy.State == domain.PolicyStateActive {
return caos_errs.ThrowAlreadyExists(nil, "IAM-0olDf", "Errors.IAM.PasswordLockoutPolicy.AlreadyExists") return nil, caos_errs.ThrowAlreadyExists(nil, "IAM-0olDf", "Errors.IAM.PasswordLockoutPolicy.AlreadyExists")
} }
iamAgg.PushEvents(iam_repo.NewPasswordLockoutPolicyAddedEvent(ctx, policy.MaxAttempts, policy.ShowLockOutFailures)) return iam_repo.NewPasswordLockoutPolicyAddedEvent(ctx, iamAgg, policy.MaxAttempts, policy.ShowLockOutFailures), nil
return nil
} }
func (r *CommandSide) ChangeDefaultPasswordLockoutPolicy(ctx context.Context, policy *domain.PasswordLockoutPolicy) (*domain.PasswordLockoutPolicy, error) { func (r *CommandSide) ChangeDefaultPasswordLockoutPolicy(ctx context.Context, policy *domain.PasswordLockoutPolicy) (*domain.PasswordLockoutPolicy, error) {
@ -47,19 +49,20 @@ func (r *CommandSide) ChangeDefaultPasswordLockoutPolicy(ctx context.Context, po
return nil, caos_errs.ThrowNotFound(nil, "IAM-0oPew", "Errors.IAM.PasswordLockoutPolicy.NotFound") return nil, caos_errs.ThrowNotFound(nil, "IAM-0oPew", "Errors.IAM.PasswordLockoutPolicy.NotFound")
} }
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, policy.MaxAttempts, policy.ShowLockOutFailures) iamAgg := IAMAggregateFromWriteModel(&existingPolicy.PasswordLockoutPolicyWriteModel.WriteModel)
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, iamAgg, policy.MaxAttempts, policy.ShowLockOutFailures)
if !hasChanged { if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9vs", "Errors.IAM.PasswordLockoutPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9vs", "Errors.IAM.PasswordLockoutPolicy.NotChanged")
} }
iamAgg := IAMAggregateFromWriteModel(&existingPolicy.PasswordLockoutPolicyWriteModel.WriteModel) pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent)
iamAgg.PushEvents(changedEvent) if err != nil {
return nil, err
err = r.eventstore.PushAggregate(ctx, existingPolicy, iamAgg) }
err = AppendAndReduce(existingPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return writeModelToPasswordLockoutPolicy(&existingPolicy.PasswordLockoutPolicyWriteModel), nil return writeModelToPasswordLockoutPolicy(&existingPolicy.PasswordLockoutPolicyWriteModel), nil
} }

13
internal/v2/command/iam_policy_password_lockout_model.go
View File

@ -42,10 +42,17 @@ func (wm *IAMPasswordLockoutPolicyWriteModel) Reduce() error {
func (wm *IAMPasswordLockoutPolicyWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *IAMPasswordLockoutPolicyWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType).
AggregateIDs(wm.PasswordLockoutPolicyWriteModel.AggregateID). AggregateIDs(wm.PasswordLockoutPolicyWriteModel.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(
iam.PasswordLockoutPolicyAddedEventType,
iam.PasswordLockoutPolicyChangedEventType)
} }
func (wm *IAMPasswordLockoutPolicyWriteModel) NewChangedEvent(ctx context.Context, maxAttempts uint64, showLockoutFailure bool) (*iam.PasswordLockoutPolicyChangedEvent, bool) { func (wm *IAMPasswordLockoutPolicyWriteModel) NewChangedEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
maxAttempts uint64,
showLockoutFailure bool) (*iam.PasswordLockoutPolicyChangedEvent, bool) {
changes := make([]policy.PasswordLockoutPolicyChanges, 0) changes := make([]policy.PasswordLockoutPolicyChanges, 0)
if wm.MaxAttempts != maxAttempts { if wm.MaxAttempts != maxAttempts {
changes = append(changes, policy.ChangeMaxAttempts(maxAttempts)) changes = append(changes, policy.ChangeMaxAttempts(maxAttempts))
@ -56,7 +63,7 @@ func (wm *IAMPasswordLockoutPolicyWriteModel) NewChangedEvent(ctx context.Contex
if len(changes) == 0 { if len(changes) == 0 {
return nil, false return nil, false
} }
changedEvent, err := iam.NewPasswordLockoutPolicyChangedEvent(ctx, changes) changedEvent, err := iam.NewPasswordLockoutPolicyChangedEvent(ctx, aggregate, changes)
if err != nil { if err != nil {
return nil, false return nil, false
} }

1
internal/v2/command/idp_config_model.go
View File

@ -15,6 +15,7 @@ type IDPConfigWriteModel struct {
Name string Name string
StylingType domain.IDPConfigStylingType StylingType domain.IDPConfigStylingType
//TODO: sub writemodels not used anymore?
OIDCConfig *OIDCConfigWriteModel OIDCConfig *OIDCConfigWriteModel
} }

17
internal/v2/command/key_pair.go
View File

@ -29,15 +29,14 @@ func (r *CommandSide) GenerateSigningKeyPair(ctx context.Context, algorithm stri
keyPairWriteModel := NewKeyPairWriteModel(keyID, domain.IAMID) keyPairWriteModel := NewKeyPairWriteModel(keyID, domain.IAMID)
keyAgg := KeyPairAggregateFromWriteModel(&keyPairWriteModel.WriteModel) keyAgg := KeyPairAggregateFromWriteModel(&keyPairWriteModel.WriteModel)
keyAgg.PushEvents( _, err = r.eventstore.PushEvents(ctx, keypair.NewAddedEvent(
keypair.NewAddedEvent( ctx,
ctx, keyAgg,
domain.KeyUsageSigning, domain.KeyUsageSigning,
algorithm, algorithm,
privateCrypto, publicCrypto, privateCrypto, publicCrypto,
privateKeyExp, publicKeyExp), privateKeyExp, publicKeyExp))
) return err
return r.eventstore.PushAggregate(ctx, keyPairWriteModel, keyAgg)
} }
func setOIDCCtx(ctx context.Context) context.Context { func setOIDCCtx(ctx context.Context) context.Context {

10
internal/v2/command/key_pair_model.go
View File

@ -51,11 +51,11 @@ func (wm *KeyPairWriteModel) Reduce() error {
func (wm *KeyPairWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *KeyPairWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, project.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, project.AggregateType).
AggregateIDs(wm.AggregateID). AggregateIDs(wm.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(keypair.AddedEventType)
} }
func KeyPairAggregateFromWriteModel(wm *eventstore.WriteModel) *keypair.Aggregate { func KeyPairAggregateFromWriteModel(wm *eventstore.WriteModel) *eventstore.Aggregate {
return &keypair.Aggregate{ return eventstore.AggregateFromWriteModel(wm, keypair.AggregateType, keypair.AggregateVersion)
Aggregate: *eventstore.AggregateFromWriteModel(wm, keypair.AggregateType, keypair.AggregateVersion),
}
} }

60
internal/v2/command/org.go
View File

@ -7,7 +7,6 @@ import (
caos_errs "github.com/caos/zitadel/internal/errors" caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
"github.com/caos/zitadel/internal/v2/repository/org" "github.com/caos/zitadel/internal/v2/repository/org"
"github.com/caos/zitadel/internal/v2/repository/user"
) )
func (r *CommandSide) getOrg(ctx context.Context, orgID string) (*domain.Org, error) { func (r *CommandSide) getOrg(ctx context.Context, orgID string) (*domain.Org, error) {
@ -33,19 +32,16 @@ func (r *CommandSide) checkOrgExists(ctx context.Context, orgID string) error {
} }
func (r *CommandSide) SetUpOrg(ctx context.Context, organisation *domain.Org, admin *domain.Human) error { func (r *CommandSide) SetUpOrg(ctx context.Context, organisation *domain.Org, admin *domain.Human) error {
orgAgg, userAgg, orgMemberAgg, claimedUsers, err := r.setUpOrg(ctx, organisation, admin) _, _, _, events, err := r.setUpOrg(ctx, organisation, admin)
if err != nil { if err != nil {
return err return err
} }
aggregates := make([]eventstore.Aggregater, 0) _, err = r.eventstore.PushEvents(ctx, events...)
aggregates = append(aggregates, orgAgg, userAgg, orgMemberAgg)
aggregates = append(aggregates, claimedUsers...)
_, err = r.eventstore.PushAggregates(ctx, aggregates...)
return err return err
} }
func (r *CommandSide) AddOrg(ctx context.Context, name, userID, resourceOwner string) (*domain.Org, error) { func (r *CommandSide) AddOrg(ctx context.Context, name, userID, resourceOwner string) (*domain.Org, error) {
orgAgg, addedOrg, claimedUsers, err := r.addOrg(ctx, &domain.Org{Name: name}) orgAgg, addedOrg, events, err := r.addOrg(ctx, &domain.Org{Name: name})
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -54,20 +50,17 @@ func (r *CommandSide) AddOrg(ctx context.Context, name, userID, resourceOwner st
if err != nil { if err != nil {
return nil, err return nil, err
} }
addedMember := NewOrgMemberWriteModel(orgAgg.ID(), userID) addedMember := NewOrgMemberWriteModel(addedOrg.AggregateID, userID)
err = r.addOrgMember(ctx, orgAgg, addedMember, domain.NewMember(orgAgg.ID(), userID, domain.RoleOrgOwner)) orgMemberEvent, err := r.addOrgMember(ctx, orgAgg, addedMember, domain.NewMember(orgAgg.ID, userID, domain.RoleOrgOwner))
if err != nil { if err != nil {
return nil, err return nil, err
} }
aggregates := make([]eventstore.Aggregater, 0) events = append(events, orgMemberEvent)
aggregates = append(aggregates, orgAgg) pushedEvents, err := r.eventstore.PushEvents(ctx, events...)
aggregates = append(aggregates, claimedUsers...)
resEvents, err := r.eventstore.PushAggregates(ctx, aggregates...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
addedOrg.AppendEvents(resEvents...) err = AppendAndReduce(addedOrg, pushedEvents...)
err = addedOrg.Reduce()
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -86,9 +79,8 @@ func (r *CommandSide) DeactivateOrg(ctx context.Context, orgID string) error {
return caos_errs.ThrowInvalidArgument(nil, "EVENT-Dbs2g", "Errors.Org.AlreadyDeactivated") return caos_errs.ThrowInvalidArgument(nil, "EVENT-Dbs2g", "Errors.Org.AlreadyDeactivated")
} }
orgAgg := OrgAggregateFromWriteModel(&orgWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&orgWriteModel.WriteModel)
orgAgg.PushEvents(org.NewOrgDeactivatedEvent(ctx)) _, err = r.eventstore.PushEvents(ctx, org.NewOrgDeactivatedEvent(ctx, orgAgg))
return err
return r.eventstore.PushAggregate(ctx, orgWriteModel, orgAgg)
} }
func (r *CommandSide) ReactivateOrg(ctx context.Context, orgID string) error { func (r *CommandSide) ReactivateOrg(ctx context.Context, orgID string) error {
@ -103,32 +95,33 @@ func (r *CommandSide) ReactivateOrg(ctx context.Context, orgID string) error {
return caos_errs.ThrowInvalidArgument(nil, "EVENT-bfnrh", "Errors.Org.AlreadyActive") return caos_errs.ThrowInvalidArgument(nil, "EVENT-bfnrh", "Errors.Org.AlreadyActive")
} }
orgAgg := OrgAggregateFromWriteModel(&orgWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&orgWriteModel.WriteModel)
orgAgg.PushEvents(org.NewOrgReactivatedEvent(ctx)) _, err = r.eventstore.PushEvents(ctx, org.NewOrgReactivatedEvent(ctx, orgAgg))
return err
return r.eventstore.PushAggregate(ctx, orgWriteModel, orgAgg)
} }
func (r *CommandSide) setUpOrg(ctx context.Context, organisation *domain.Org, admin *domain.Human) (*org.Aggregate, *user.Aggregate, *org.Aggregate, []eventstore.Aggregater, error) { func (r *CommandSide) setUpOrg(ctx context.Context, organisation *domain.Org, admin *domain.Human) (orgAgg *eventstore.Aggregate, human *HumanWriteModel, orgMember *OrgMemberWriteModel, events []eventstore.EventPusher, err error) {
orgAgg, _, claimedUserAggregates, err := r.addOrg(ctx, organisation) orgAgg, _, addOrgEvents, err := r.addOrg(ctx, organisation)
if err != nil { if err != nil {
return nil, nil, nil, nil, err return nil, nil, nil, nil, err
} }
userAgg, _, err := r.addHuman(ctx, orgAgg.ID(), admin) userEvents, human, err := r.addHuman(ctx, orgAgg.ID, admin)
if err != nil { if err != nil {
return nil, nil, nil, nil, err return nil, nil, nil, nil, err
} }
addOrgEvents = append(addOrgEvents, userEvents...)
addedMember := NewOrgMemberWriteModel(orgAgg.ID(), userAgg.ID()) addedMember := NewOrgMemberWriteModel(orgAgg.ID, human.AggregateID)
orgMemberAgg := OrgAggregateFromWriteModel(&addedMember.WriteModel) orgMemberAgg := OrgAggregateFromWriteModel(&addedMember.WriteModel)
err = r.addOrgMember(ctx, orgMemberAgg, addedMember, domain.NewMember(orgMemberAgg.ID(), userAgg.ID(), domain.RoleOrgOwner)) orgMemberEvent, err := r.addOrgMember(ctx, orgMemberAgg, addedMember, domain.NewMember(orgMemberAgg.ID, human.AggregateID, domain.RoleOrgOwner))
if err != nil { if err != nil {
return nil, nil, nil, nil, err return nil, nil, nil, nil, err
} }
return orgAgg, userAgg, orgMemberAgg, claimedUserAggregates, nil addOrgEvents = append(addOrgEvents, orgMemberEvent)
return orgAgg, human, addedMember, addOrgEvents, nil
} }
func (r *CommandSide) addOrg(ctx context.Context, organisation *domain.Org, claimedUserIDs ...string) (_ *org.Aggregate, _ *OrgWriteModel, _ []eventstore.Aggregater, err error) { func (r *CommandSide) addOrg(ctx context.Context, organisation *domain.Org, claimedUserIDs ...string) (_ *eventstore.Aggregate, _ *OrgWriteModel, _ []eventstore.EventPusher, err error) {
if organisation == nil || !organisation.IsValid() { if organisation == nil || !organisation.IsValid() {
return nil, nil, nil, caos_errs.ThrowInvalidArgument(nil, "COMM-deLSk", "Errors.Org.Invalid") return nil, nil, nil, caos_errs.ThrowInvalidArgument(nil, "COMM-deLSk", "Errors.Org.Invalid")
} }
@ -141,17 +134,18 @@ func (r *CommandSide) addOrg(ctx context.Context, organisation *domain.Org, clai
addedOrg := NewOrgWriteModel(organisation.AggregateID) addedOrg := NewOrgWriteModel(organisation.AggregateID)
orgAgg := OrgAggregateFromWriteModel(&addedOrg.WriteModel) orgAgg := OrgAggregateFromWriteModel(&addedOrg.WriteModel)
orgAgg.PushEvents(org.NewOrgAddedEvent(ctx, organisation.Name)) events := []eventstore.EventPusher{
claimedUserAggregates := make([]eventstore.Aggregater, 0) org.NewOrgAddedEvent(ctx, orgAgg, organisation.Name),
}
for _, orgDomain := range organisation.Domains { for _, orgDomain := range organisation.Domains {
aggregates, err := r.addOrgDomain(ctx, orgAgg, NewOrgDomainWriteModel(orgAgg.ID(), orgDomain.Domain), orgDomain, claimedUserIDs...) orgDomainEvents, err := r.addOrgDomain(ctx, orgAgg, NewOrgDomainWriteModel(orgAgg.ID, orgDomain.Domain), orgDomain, claimedUserIDs...)
if err != nil { if err != nil {
return nil, nil, nil, err return nil, nil, nil, err
} else { } else {
claimedUserAggregates = append(claimedUserAggregates, aggregates...) events = append(events, orgDomainEvents...)
} }
} }
return orgAgg, addedOrg, claimedUserAggregates, nil return orgAgg, addedOrg, events, nil
} }
func (r *CommandSide) getOrgWriteModelByID(ctx context.Context, orgID string) (*OrgWriteModel, error) { func (r *CommandSide) getOrgWriteModelByID(ctx context.Context, orgID string) (*OrgWriteModel, error) {

68
internal/v2/command/org_domain.go
View File

@ -16,27 +16,18 @@ import (
func (r *CommandSide) AddOrgDomain(ctx context.Context, orgDomain *domain.OrgDomain) (*domain.OrgDomain, error) { func (r *CommandSide) AddOrgDomain(ctx context.Context, orgDomain *domain.OrgDomain) (*domain.OrgDomain, error) {
domainWriteModel := NewOrgDomainWriteModel(orgDomain.AggregateID, orgDomain.Domain) domainWriteModel := NewOrgDomainWriteModel(orgDomain.AggregateID, orgDomain.Domain)
orgAgg := OrgAggregateFromWriteModel(&domainWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&domainWriteModel.WriteModel)
userAggregates, err := r.addOrgDomain(ctx, orgAgg, domainWriteModel, orgDomain) events, err := r.addOrgDomain(ctx, orgAgg, domainWriteModel, orgDomain)
if err != nil { if err != nil {
return nil, err return nil, err
} }
if len(userAggregates) == 0 { pushedEvents, err := r.eventstore.PushEvents(ctx, events...)
err = r.eventstore.PushAggregate(ctx, domainWriteModel, orgAgg) if err != nil {
if err != nil { return nil, err
return nil, err }
} err = AppendAndReduce(domainWriteModel, pushedEvents...)
return orgDomainWriteModelToOrgDomain(domainWriteModel), nil
}
aggregates := make([]eventstore.Aggregater, 0)
aggregates = append(aggregates, orgAgg)
aggregates = append(aggregates, userAggregates...)
resultEvents, err := r.eventstore.PushAggregates(ctx, aggregates...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
domainWriteModel.AppendEvents(resultEvents...)
domainWriteModel.Reduce()
return orgDomainWriteModelToOrgDomain(domainWriteModel), nil return orgDomainWriteModelToOrgDomain(domainWriteModel), nil
} }
@ -68,9 +59,10 @@ func (r *CommandSide) GenerateOrgDomainValidation(ctx context.Context, orgDomain
} }
orgAgg := OrgAggregateFromWriteModel(&domainWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&domainWriteModel.WriteModel)
orgAgg.PushEvents(org.NewDomainVerificationAddedEvent(ctx, orgDomain.Domain, orgDomain.ValidationType, orgDomain.ValidationCode))
err = r.eventstore.PushAggregate(ctx, domainWriteModel, orgAgg) _, err = r.eventstore.PushEvents(
ctx,
org.NewDomainVerificationAddedEvent(ctx, orgAgg, orgDomain.Domain, orgDomain.ValidationType, orgDomain.ValidationCode))
if err != nil { if err != nil {
return "", "", err return "", "", err
} }
@ -102,25 +94,24 @@ func (r *CommandSide) ValidateOrgDomain(ctx context.Context, orgDomain *domain.O
checkType, _ := domainWriteModel.ValidationType.CheckType() checkType, _ := domainWriteModel.ValidationType.CheckType()
err = r.domainVerificationValidator(domainWriteModel.Domain, validationCode, validationCode, checkType) err = r.domainVerificationValidator(domainWriteModel.Domain, validationCode, validationCode, checkType)
orgAgg := OrgAggregateFromWriteModel(&domainWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&domainWriteModel.WriteModel)
var events []eventstore.EventPusher
if err == nil { if err == nil {
aggregates := make([]eventstore.Aggregater, 0) events = append(events, org.NewDomainVerifiedEvent(ctx, orgAgg, orgDomain.Domain))
orgAgg.PushEvents(org.NewDomainVerifiedEvent(ctx, orgDomain.Domain))
aggregates = append(aggregates, orgAgg)
for _, userID := range claimedUserIDs { for _, userID := range claimedUserIDs {
userAgg, _, err := r.userDomainClaimed(ctx, userID) userEvents, _, err := r.userDomainClaimed(ctx, userID)
if err != nil { if err != nil {
logging.LogWithFields("COMMAND-5m8fs", "userid", userID).WithError(err).Warn("could not claim user") logging.LogWithFields("COMMAND-5m8fs", "userid", userID).WithError(err).Warn("could not claim user")
continue continue
} }
aggregates = append(aggregates, userAgg) events = append(events, userEvents...)
} }
_, err = r.eventstore.PushAggregates(ctx, aggregates...) _, err = r.eventstore.PushEvents(ctx, events...)
return err return err
} }
orgAgg.PushEvents(org.NewDomainVerificationFailedEvent(ctx, orgDomain.Domain)) events = append(events, org.NewDomainVerificationFailedEvent(ctx, orgAgg, orgDomain.Domain))
err = r.eventstore.PushAggregate(ctx, domainWriteModel, orgAgg) _, err = r.eventstore.PushEvents(ctx, events...)
logging.LogWithFields("ORG-dhTE", "orgID", orgAgg.ID(), "domain", orgDomain.Domain).OnError(err).Error("NewDomainVerificationFailedEvent push failed") logging.LogWithFields("ORG-dhTE", "orgID", orgAgg.ID, "domain", orgDomain.Domain).OnError(err).Error("NewDomainVerificationFailedEvent push failed")
return caos_errs.ThrowInvalidArgument(err, "ORG-GH3s", "Errors.Org.DomainVerificationFailed") return caos_errs.ThrowInvalidArgument(err, "ORG-GH3s", "Errors.Org.DomainVerificationFailed")
} }
@ -139,8 +130,8 @@ func (r *CommandSide) SetPrimaryOrgDomain(ctx context.Context, orgDomain *domain
return caos_errs.ThrowPreconditionFailed(nil, "ORG-Ggd32", "Errors.Org.DomainNotVerified") return caos_errs.ThrowPreconditionFailed(nil, "ORG-Ggd32", "Errors.Org.DomainNotVerified")
} }
orgAgg := OrgAggregateFromWriteModel(&domainWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&domainWriteModel.WriteModel)
orgAgg.PushEvents(org.NewDomainPrimarySetEvent(ctx, orgDomain.Domain)) _, err = r.eventstore.PushEvents(ctx, org.NewDomainPrimarySetEvent(ctx, orgAgg, orgDomain.Domain))
return r.eventstore.PushAggregate(ctx, domainWriteModel, orgAgg) return err
} }
func (r *CommandSide) RemoveOrgDomain(ctx context.Context, orgDomain *domain.OrgDomain) error { func (r *CommandSide) RemoveOrgDomain(ctx context.Context, orgDomain *domain.OrgDomain) error {
@ -158,11 +149,11 @@ func (r *CommandSide) RemoveOrgDomain(ctx context.Context, orgDomain *domain.Org
return caos_errs.ThrowPreconditionFailed(nil, "ORG-Sjdi3", "Errors.Org.PrimaryDomainNotDeletable") return caos_errs.ThrowPreconditionFailed(nil, "ORG-Sjdi3", "Errors.Org.PrimaryDomainNotDeletable")
} }
orgAgg := OrgAggregateFromWriteModel(&domainWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&domainWriteModel.WriteModel)
orgAgg.PushEvents(org.NewDomainRemovedEvent(ctx, orgDomain.Domain)) _, err = r.eventstore.PushEvents(ctx, org.NewDomainRemovedEvent(ctx, orgAgg, orgDomain.Domain))
return r.eventstore.PushAggregate(ctx, domainWriteModel, orgAgg) return err
} }
func (r *CommandSide) addOrgDomain(ctx context.Context, orgAgg *org.Aggregate, addedDomain *OrgDomainWriteModel, orgDomain *domain.OrgDomain, claimedUserIDs ...string) ([]eventstore.Aggregater, error) { func (r *CommandSide) addOrgDomain(ctx context.Context, orgAgg *eventstore.Aggregate, addedDomain *OrgDomainWriteModel, orgDomain *domain.OrgDomain, claimedUserIDs ...string) ([]eventstore.EventPusher, error) {
err := r.eventstore.FilterToQueryReducer(ctx, addedDomain) err := r.eventstore.FilterToQueryReducer(ctx, addedDomain)
if err != nil { if err != nil {
return nil, err return nil, err
@ -171,24 +162,25 @@ func (r *CommandSide) addOrgDomain(ctx context.Context, orgAgg *org.Aggregate, a
return nil, caos_errs.ThrowAlreadyExists(nil, "COMMA-Bd2jj", "Errors.Org.Domain.AlreadyExists") return nil, caos_errs.ThrowAlreadyExists(nil, "COMMA-Bd2jj", "Errors.Org.Domain.AlreadyExists")
} }
orgAgg.PushEvents(org.NewDomainAddedEvent(ctx, orgDomain.Domain)) events := []eventstore.EventPusher{
org.NewDomainAddedEvent(ctx, orgAgg, orgDomain.Domain),
}
userAggregates := make([]eventstore.Aggregater, 0)
if orgDomain.Verified { if orgDomain.Verified {
orgAgg.PushEvents(org.NewDomainVerifiedEvent(ctx, orgDomain.Domain)) events = append(events, org.NewDomainVerifiedEvent(ctx, orgAgg, orgDomain.Domain))
for _, userID := range claimedUserIDs { for _, userID := range claimedUserIDs {
userAgg, _, err := r.userDomainClaimed(ctx, userID) userEvents, _, err := r.userDomainClaimed(ctx, userID)
if err != nil { if err != nil {
logging.LogWithFields("COMMAND-nn8Jf", "userid", userID).WithError(err).Warn("could not claim user") logging.LogWithFields("COMMAND-nn8Jf", "userid", userID).WithError(err).Warn("could not claim user")
continue continue
} }
userAggregates = append(userAggregates, userAgg) events = append(events, userEvents...)
} }
} }
if orgDomain.Primary { if orgDomain.Primary {
orgAgg.PushEvents(org.NewDomainPrimarySetEvent(ctx, orgDomain.Domain)) events = append(events, org.NewDomainPrimarySetEvent(ctx, orgAgg, orgDomain.Domain))
} }
return userAggregates, nil return events, nil
} }
func (r *CommandSide) getOrgDomainWriteModel(ctx context.Context, orgID, domain string) (*OrgDomainWriteModel, error) { func (r *CommandSide) getOrgDomainWriteModel(ctx context.Context, orgID, domain string) (*OrgDomainWriteModel, error) {

9
internal/v2/command/org_domain_model.go
View File

@ -88,5 +88,12 @@ func (wm *OrgDomainWriteModel) Reduce() error {
func (wm *OrgDomainWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *OrgDomainWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType).
AggregateIDs(wm.AggregateID). AggregateIDs(wm.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(
org.OrgDomainAddedEventType,
org.OrgDomainVerifiedEventType,
org.OrgDomainVerificationAddedEventType,
org.OrgDomainVerifiedEventType,
org.OrgDomainPrimarySetEventType,
org.OrgDomainRemovedEventType)
} }

59
internal/v2/command/org_idp_config.go
View File

@ -30,28 +30,31 @@ func (r *CommandSide) AddIDPConfig(ctx context.Context, config *domain.IDPConfig
} }
orgAgg := OrgAggregateFromWriteModel(&addedConfig.WriteModel) orgAgg := OrgAggregateFromWriteModel(&addedConfig.WriteModel)
orgAgg.PushEvents( events := []eventstore.EventPusher{
org_repo.NewIDPConfigAddedEvent( org_repo.NewIDPConfigAddedEvent(
ctx, ctx,
orgAgg.ResourceOwner(), orgAgg,
idpConfigID, idpConfigID,
config.Name, config.Name,
config.Type, config.Type,
config.StylingType, config.StylingType,
), ),
)
orgAgg.PushEvents(
org_repo.NewIDPOIDCConfigAddedEvent( org_repo.NewIDPOIDCConfigAddedEvent(
ctx, config.OIDCConfig.ClientID, ctx,
orgAgg,
config.OIDCConfig.ClientID,
idpConfigID, idpConfigID,
config.OIDCConfig.Issuer, config.OIDCConfig.Issuer,
clientSecret, clientSecret,
config.OIDCConfig.IDPDisplayNameMapping, config.OIDCConfig.IDPDisplayNameMapping,
config.OIDCConfig.UsernameMapping, config.OIDCConfig.UsernameMapping,
config.OIDCConfig.Scopes..., config.OIDCConfig.Scopes...),
), }
) pushedEvents, err := r.eventstore.PushEvents(ctx, events...)
err = r.eventstore.PushAggregate(ctx, addedConfig, orgAgg) if err != nil {
return nil, err
}
err = AppendAndReduce(addedConfig, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -67,9 +70,10 @@ func (r *CommandSide) ChangeIDPConfig(ctx context.Context, config *domain.IDPCon
return nil, caos_errs.ThrowNotFound(nil, "Org-4M9so", "Errors.Org.IDPConfig.NotExisting") return nil, caos_errs.ThrowNotFound(nil, "Org-4M9so", "Errors.Org.IDPConfig.NotExisting")
} }
orgAgg := OrgAggregateFromWriteModel(&existingIDP.WriteModel)
changedEvent, hasChanged := existingIDP.NewChangedEvent( changedEvent, hasChanged := existingIDP.NewChangedEvent(
ctx, ctx,
existingIDP.ResourceOwner, orgAgg,
config.IDPConfigID, config.IDPConfigID,
config.Name, config.Name,
config.StylingType) config.StylingType)
@ -77,10 +81,11 @@ func (r *CommandSide) ChangeIDPConfig(ctx context.Context, config *domain.IDPCon
if !hasChanged { if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-4M9vs", "Errors.Org.LabelPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-4M9vs", "Errors.Org.LabelPolicy.NotChanged")
} }
orgAgg := OrgAggregateFromWriteModel(&existingIDP.WriteModel) pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent)
orgAgg.PushEvents(changedEvent) if err != nil {
return nil, err
err = r.eventstore.PushAggregate(ctx, existingIDP, orgAgg) }
err = AppendAndReduce(existingIDP, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -96,9 +101,8 @@ func (r *CommandSide) DeactivateIDPConfig(ctx context.Context, idpID, orgID stri
return caos_errs.ThrowPreconditionFailed(nil, "Org-4M9so", "Errors.Org.IDPConfig.NotActive") return caos_errs.ThrowPreconditionFailed(nil, "Org-4M9so", "Errors.Org.IDPConfig.NotActive")
} }
orgAgg := OrgAggregateFromWriteModel(&existingIDP.WriteModel) orgAgg := OrgAggregateFromWriteModel(&existingIDP.WriteModel)
orgAgg.PushEvents(org_repo.NewIDPConfigDeactivatedEvent(ctx, idpID)) _, err = r.eventstore.PushEvents(ctx, org_repo.NewIDPConfigDeactivatedEvent(ctx, orgAgg, idpID))
return err
return r.eventstore.PushAggregate(ctx, existingIDP, orgAgg)
} }
func (r *CommandSide) ReactivateIDPConfig(ctx context.Context, idpID, orgID string) error { func (r *CommandSide) ReactivateIDPConfig(ctx context.Context, idpID, orgID string) error {
@ -110,9 +114,8 @@ func (r *CommandSide) ReactivateIDPConfig(ctx context.Context, idpID, orgID stri
return caos_errs.ThrowPreconditionFailed(nil, "Org-5Mo0d", "Errors.Org.IDPConfig.NotInactive") return caos_errs.ThrowPreconditionFailed(nil, "Org-5Mo0d", "Errors.Org.IDPConfig.NotInactive")
} }
orgAgg := OrgAggregateFromWriteModel(&existingIDP.WriteModel) orgAgg := OrgAggregateFromWriteModel(&existingIDP.WriteModel)
orgAgg.PushEvents(org_repo.NewIDPConfigReactivatedEvent(ctx, idpID)) _, err = r.eventstore.PushEvents(ctx, org_repo.NewIDPConfigReactivatedEvent(ctx, orgAgg, idpID))
return err
return r.eventstore.PushAggregate(ctx, existingIDP, orgAgg)
} }
func (r *CommandSide) RemoveIDPConfig(ctx context.Context, idpID, orgID string, cascadeRemoveProvider bool, cascadeExternalIDPs ...*domain.ExternalIDP) error { func (r *CommandSide) RemoveIDPConfig(ctx context.Context, idpID, orgID string, cascadeRemoveProvider bool, cascadeExternalIDPs ...*domain.ExternalIDP) error {
@ -128,18 +131,16 @@ func (r *CommandSide) RemoveIDPConfig(ctx context.Context, idpID, orgID string,
return caos_errs.ThrowPreconditionFailed(nil, "Org-5Mo0d", "Errors.Org.IDPConfig.NotInactive") return caos_errs.ThrowPreconditionFailed(nil, "Org-5Mo0d", "Errors.Org.IDPConfig.NotInactive")
} }
aggregates := make([]eventstore.Aggregater, 0)
orgAgg := OrgAggregateFromWriteModel(&existingIDP.WriteModel) orgAgg := OrgAggregateFromWriteModel(&existingIDP.WriteModel)
orgAgg.PushEvents(org_repo.NewIDPConfigRemovedEvent(ctx, existingIDP.ResourceOwner, idpID, existingIDP.Name)) events := []eventstore.EventPusher{
org_repo.NewIDPConfigRemovedEvent(ctx, orgAgg, idpID, existingIDP.Name),
userAggregates := make([]eventstore.Aggregater, 0)
if cascadeRemoveProvider {
userAggregates = r.removeIDPProviderFromLoginPolicy(ctx, orgAgg, idpID, true, cascadeExternalIDPs...)
} }
aggregates = append(aggregates, orgAgg)
aggregates = append(aggregates, userAggregates...)
_, err = r.eventstore.PushAggregates(ctx, aggregates...) if cascadeRemoveProvider {
removeIDPEvents := r.removeIDPProviderFromLoginPolicy(ctx, orgAgg, idpID, true, cascadeExternalIDPs...)
events = append(events, removeIDPEvents...)
}
_, err = r.eventstore.PushEvents(ctx, events...)
return err return err
} }

14
internal/v2/command/org_idp_config_model.go
View File

@ -28,7 +28,15 @@ func NewOrgIDPConfigWriteModel(configID, orgID string) *OrgIDPConfigWriteModel {
func (wm *OrgIDPConfigWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *OrgIDPConfigWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType).
AggregateIDs(wm.AggregateID). AggregateIDs(wm.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(
org.IDPConfigAddedEventType,
org.IDPConfigChangedEventType,
org.IDPConfigDeactivatedEventType,
org.IDPConfigReactivatedEventType,
org.IDPConfigRemovedEventType,
org.IDPOIDCConfigAddedEventType,
org.IDPOIDCConfigChangedEventType)
} }
func (wm *OrgIDPConfigWriteModel) AppendEvents(events ...eventstore.EventReader) { func (wm *OrgIDPConfigWriteModel) AppendEvents(events ...eventstore.EventReader) {
@ -84,7 +92,7 @@ func (wm *OrgIDPConfigWriteModel) AppendAndReduce(events ...eventstore.EventRead
func (wm *OrgIDPConfigWriteModel) NewChangedEvent( func (wm *OrgIDPConfigWriteModel) NewChangedEvent(
ctx context.Context, ctx context.Context,
resourceOwner, aggregate *eventstore.Aggregate,
configID, configID,
name string, name string,
stylingType domain.IDPConfigStylingType, stylingType domain.IDPConfigStylingType,
@ -102,7 +110,7 @@ func (wm *OrgIDPConfigWriteModel) NewChangedEvent(
if len(changes) == 0 { if len(changes) == 0 {
return nil, false return nil, false
} }
changeEvent, err := org.NewIDPConfigChangedEvent(ctx, resourceOwner, configID, oldName, changes) changeEvent, err := org.NewIDPConfigChangedEvent(ctx, aggregate, configID, oldName, changes)
if err != nil { if err != nil {
return nil, false return nil, false
} }

11
internal/v2/command/org_idp_oidc_config.go
View File

@ -17,8 +17,10 @@ func (r *CommandSide) ChangeIDPOIDCConfig(ctx context.Context, config *domain.OI
return nil, caos_errs.ThrowAlreadyExists(nil, "Org-67J9d", "Errors.Org.IDPConfig.AlreadyExists") return nil, caos_errs.ThrowAlreadyExists(nil, "Org-67J9d", "Errors.Org.IDPConfig.AlreadyExists")
} }
orgAgg := OrgAggregateFromWriteModel(&existingConfig.WriteModel)
changedEvent, hasChanged, err := existingConfig.NewChangedEvent( changedEvent, hasChanged, err := existingConfig.NewChangedEvent(
ctx, ctx,
orgAgg,
config.IDPConfigID, config.IDPConfigID,
config.ClientID, config.ClientID,
config.Issuer, config.Issuer,
@ -34,10 +36,11 @@ func (r *CommandSide) ChangeIDPOIDCConfig(ctx context.Context, config *domain.OI
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-4M9vs", "Errors.Org.LabelPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-4M9vs", "Errors.Org.LabelPolicy.NotChanged")
} }
orgAgg := OrgAggregateFromWriteModel(&existingConfig.WriteModel) pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent)
orgAgg.PushEvents(changedEvent) if err != nil {
return nil, err
err = r.eventstore.PushAggregate(ctx, existingConfig, orgAgg) }
err = AppendAndReduce(existingConfig, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }

11
internal/v2/command/org_idp_oidc_config_model.go
View File

@ -71,11 +71,18 @@ func (wm *IDPOIDCConfigWriteModel) Reduce() error {
func (wm *IDPOIDCConfigWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *IDPOIDCConfigWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType).
AggregateIDs(wm.AggregateID). AggregateIDs(wm.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(
org.IDPOIDCConfigAddedEventType,
org.IDPOIDCConfigChangedEventType,
org.IDPConfigReactivatedEventType,
org.IDPConfigDeactivatedEventType,
org.IDPConfigRemovedEventType)
} }
func (wm *IDPOIDCConfigWriteModel) NewChangedEvent( func (wm *IDPOIDCConfigWriteModel) NewChangedEvent(
ctx context.Context, ctx context.Context,
aggregate *eventstore.Aggregate,
idpConfigID, idpConfigID,
clientID, clientID,
issuer, issuer,
@ -114,7 +121,7 @@ func (wm *IDPOIDCConfigWriteModel) NewChangedEvent(
if len(changes) == 0 { if len(changes) == 0 {
return nil, false, nil return nil, false, nil
} }
changeEvent, err := org.NewIDPOIDCConfigChangedEvent(ctx, idpConfigID, changes) changeEvent, err := org.NewIDPOIDCConfigChangedEvent(ctx, aggregate, idpConfigID, changes)
if err != nil { if err != nil {
return nil, false, err return nil, false, err
} }

37
internal/v2/command/org_member.go
View File

@ -6,6 +6,7 @@ import (
"github.com/caos/zitadel/internal/errors" "github.com/caos/zitadel/internal/errors"
caos_errs "github.com/caos/zitadel/internal/errors" caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
"github.com/caos/zitadel/internal/v2/repository/org" "github.com/caos/zitadel/internal/v2/repository/org"
@ -14,37 +15,38 @@ import (
func (r *CommandSide) AddOrgMember(ctx context.Context, member *domain.Member) (*domain.Member, error) { func (r *CommandSide) AddOrgMember(ctx context.Context, member *domain.Member) (*domain.Member, error) {
addedMember := NewOrgMemberWriteModel(member.AggregateID, member.UserID) addedMember := NewOrgMemberWriteModel(member.AggregateID, member.UserID)
orgAgg := OrgAggregateFromWriteModel(&addedMember.WriteModel) orgAgg := OrgAggregateFromWriteModel(&addedMember.WriteModel)
err := r.addOrgMember(ctx, orgAgg, addedMember, member) event, err := r.addOrgMember(ctx, orgAgg, addedMember, member)
if err != nil { if err != nil {
return nil, err return nil, err
} }
err = r.eventstore.PushAggregate(ctx, addedMember, orgAgg) pushedEvents, err := r.eventstore.PushEvents(ctx, event)
if err != nil {
return nil, err
}
err = AppendAndReduce(addedMember, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return memberWriteModelToMember(&addedMember.MemberWriteModel), nil return memberWriteModelToMember(&addedMember.MemberWriteModel), nil
} }
func (r *CommandSide) addOrgMember(ctx context.Context, orgAgg *org.Aggregate, addedMember *OrgMemberWriteModel, member *domain.Member) error { func (r *CommandSide) addOrgMember(ctx context.Context, orgAgg *eventstore.Aggregate, addedMember *OrgMemberWriteModel, member *domain.Member) (eventstore.EventPusher, error) {
//TODO: check if roles valid //TODO: check if roles valid
if !member.IsValid() { if !member.IsValid() {
return caos_errs.ThrowPreconditionFailed(nil, "Org-W8m4l", "Errors.Org.MemberInvalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-W8m4l", "Errors.Org.MemberInvalid")
} }
err := r.eventstore.FilterToQueryReducer(ctx, addedMember) err := r.eventstore.FilterToQueryReducer(ctx, addedMember)
if err != nil { if err != nil {
return err return nil, err
} }
if addedMember.State == domain.MemberStateActive { if addedMember.State == domain.MemberStateActive {
return errors.ThrowAlreadyExists(nil, "Org-PtXi1", "Errors.Org.Member.AlreadyExists") return nil, errors.ThrowAlreadyExists(nil, "Org-PtXi1", "Errors.Org.Member.AlreadyExists")
} }
orgAgg.PushEvents(org.NewMemberAddedEvent(ctx, orgAgg.ID(), member.UserID, member.Roles...)) return org.NewMemberAddedEvent(ctx, orgAgg, member.UserID, member.Roles...), nil
return nil
} }
//ChangeOrgMember updates an existing member //ChangeOrgMember updates an existing member
@ -64,18 +66,12 @@ func (r *CommandSide) ChangeOrgMember(ctx context.Context, member *domain.Member
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-LiaZi", "Errors.Org.Member.RolesNotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-LiaZi", "Errors.Org.Member.RolesNotChanged")
} }
orgAgg := OrgAggregateFromWriteModel(&existingMember.MemberWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&existingMember.MemberWriteModel.WriteModel)
orgAgg.PushEvents(org.NewMemberChangedEvent(ctx, member.UserID, member.Roles...)) pushedEvents, err := r.eventstore.PushEvents(ctx, org.NewMemberChangedEvent(ctx, orgAgg, member.UserID, member.Roles...))
err = AppendAndReduce(existingMember, pushedEvents...)
events, err := r.eventstore.PushAggregates(ctx, orgAgg)
if err != nil { if err != nil {
return nil, err return nil, err
} }
existingMember.AppendEvents(events...)
if err = existingMember.Reduce(); err != nil {
return nil, err
}
return memberWriteModelToMember(&existingMember.MemberWriteModel), nil return memberWriteModelToMember(&existingMember.MemberWriteModel), nil
} }
@ -89,9 +85,8 @@ func (r *CommandSide) RemoveOrgMember(ctx context.Context, orgID, userID string)
} }
orgAgg := OrgAggregateFromWriteModel(&m.MemberWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&m.MemberWriteModel.WriteModel)
orgAgg.PushEvents(org.NewMemberRemovedEvent(ctx, orgAgg.ID(), userID)) _, err = r.eventstore.PushEvents(ctx, org.NewMemberRemovedEvent(ctx, orgAgg, userID))
return err
return r.eventstore.PushAggregate(ctx, m, orgAgg)
} }
func (r *CommandSide) orgMemberWriteModelByID(ctx context.Context, orgID, userID string) (member *OrgMemberWriteModel, err error) { func (r *CommandSide) orgMemberWriteModelByID(ctx context.Context, orgID, userID string) (member *OrgMemberWriteModel, err error) {

6
internal/v2/command/org_member_model.go
View File

@ -50,5 +50,9 @@ func (wm *OrgMemberWriteModel) Reduce() error {
func (wm *OrgMemberWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *OrgMemberWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType).
AggregateIDs(wm.MemberWriteModel.AggregateID). AggregateIDs(wm.MemberWriteModel.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(
org.MemberAddedEventType,
org.MemberChangedEventType,
org.MemberRemovedEventType)
} }

26
internal/v2/command/org_model.go
View File

@ -3,7 +3,6 @@ package command
import ( import (
"github.com/caos/zitadel/internal/eventstore/v2" "github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
"github.com/caos/zitadel/internal/v2/repository/iam"
"github.com/caos/zitadel/internal/v2/repository/org" "github.com/caos/zitadel/internal/v2/repository/org"
) )
@ -24,19 +23,6 @@ func NewOrgWriteModel(orgID string) *OrgWriteModel {
} }
} }
func (wm *OrgWriteModel) AppendEvents(events ...eventstore.EventReader) {
wm.WriteModel.AppendEvents(events...)
for _, event := range events {
switch e := event.(type) {
case *org.OrgAddedEvent,
*iam.LabelPolicyChangedEvent:
wm.WriteModel.AppendEvents(e)
case *org.DomainPrimarySetEvent:
wm.WriteModel.AppendEvents(e)
}
}
}
func (wm *OrgWriteModel) Reduce() error { func (wm *OrgWriteModel) Reduce() error {
for _, event := range wm.Events { for _, event := range wm.Events {
switch e := event.(type) { switch e := event.(type) {
@ -55,11 +41,13 @@ func (wm *OrgWriteModel) Reduce() error {
func (wm *OrgWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *OrgWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType).
AggregateIDs(wm.AggregateID). AggregateIDs(wm.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(
org.OrgAddedEventType,
org.OrgChangedEventType,
org.OrgDomainPrimarySetEventType)
} }
func OrgAggregateFromWriteModel(wm *eventstore.WriteModel) *org.Aggregate { func OrgAggregateFromWriteModel(wm *eventstore.WriteModel) *eventstore.Aggregate {
return &org.Aggregate{ return eventstore.AggregateFromWriteModel(wm, org.AggregateType, org.AggregateVersion)
Aggregate: *eventstore.AggregateFromWriteModel(wm, org.AggregateType, org.AggregateVersion),
}
} }

27
internal/v2/command/org_policy_label.go
View File

@ -19,13 +19,14 @@ func (r *CommandSide) AddLabelPolicy(ctx context.Context, resourceOwner string,
} }
orgAgg := OrgAggregateFromWriteModel(&addedPolicy.LabelPolicyWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&addedPolicy.LabelPolicyWriteModel.WriteModel)
orgAgg.PushEvents(org.NewLabelPolicyAddedEvent(ctx, policy.PrimaryColor, policy.SecondaryColor)) pushedEvents, err := r.eventstore.PushEvents(ctx, org.NewLabelPolicyAddedEvent(ctx, orgAgg, policy.PrimaryColor, policy.SecondaryColor))
if err != nil {
err = r.eventstore.PushAggregate(ctx, addedPolicy, orgAgg) return nil, err
}
err = AppendAndReduce(addedPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return writeModelToLabelPolicy(&addedPolicy.LabelPolicyWriteModel), nil return writeModelToLabelPolicy(&addedPolicy.LabelPolicyWriteModel), nil
} }
@ -39,19 +40,20 @@ func (r *CommandSide) ChangeLabelPolicy(ctx context.Context, resourceOwner strin
return nil, caos_errs.ThrowNotFound(nil, "Org-0K9dq", "Errors.Org.LabelPolicy.NotFound") return nil, caos_errs.ThrowNotFound(nil, "Org-0K9dq", "Errors.Org.LabelPolicy.NotFound")
} }
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, policy.PrimaryColor, policy.SecondaryColor) orgAgg := OrgAggregateFromWriteModel(&existingPolicy.LabelPolicyWriteModel.WriteModel)
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, orgAgg, policy.PrimaryColor, policy.SecondaryColor)
if !hasChanged { if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-4M9vs", "Errors.Org.LabelPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-4M9vs", "Errors.Org.LabelPolicy.NotChanged")
} }
orgAgg := OrgAggregateFromWriteModel(&existingPolicy.LabelPolicyWriteModel.WriteModel) pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent)
orgAgg.PushEvents(changedEvent) if err != nil {
return nil, err
err = r.eventstore.PushAggregate(ctx, existingPolicy, orgAgg) }
err = AppendAndReduce(existingPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return writeModelToLabelPolicy(&existingPolicy.LabelPolicyWriteModel), nil return writeModelToLabelPolicy(&existingPolicy.LabelPolicyWriteModel), nil
} }
@ -65,7 +67,6 @@ func (r *CommandSide) RemoveLabelPolicy(ctx context.Context, orgID string) error
return caos_errs.ThrowNotFound(nil, "Org-3M9df", "Errors.Org.LabelPolicy.NotFound") return caos_errs.ThrowNotFound(nil, "Org-3M9df", "Errors.Org.LabelPolicy.NotFound")
} }
orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel) orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel)
orgAgg.PushEvents(org.NewLabelPolicyRemovedEvent(ctx)) _, err = r.eventstore.PushEvents(ctx, org.NewLabelPolicyRemovedEvent(ctx, orgAgg))
return err
return r.eventstore.PushAggregate(ctx, existingPolicy, orgAgg)
} }

8
internal/v2/command/org_policy_label_model.go
View File

@ -41,11 +41,15 @@ func (wm *OrgLabelPolicyWriteModel) Reduce() error {
func (wm *OrgLabelPolicyWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *OrgLabelPolicyWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType).
AggregateIDs(wm.LabelPolicyWriteModel.AggregateID). AggregateIDs(wm.LabelPolicyWriteModel.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(
org.LabelPolicyAddedEventType,
org.LabelPolicyChangedEventType)
} }
func (wm *OrgLabelPolicyWriteModel) NewChangedEvent( func (wm *OrgLabelPolicyWriteModel) NewChangedEvent(
ctx context.Context, ctx context.Context,
aggregate *eventstore.Aggregate,
primaryColor, primaryColor,
secondaryColor string, secondaryColor string,
) (*org.LabelPolicyChangedEvent, bool) { ) (*org.LabelPolicyChangedEvent, bool) {
@ -59,7 +63,7 @@ func (wm *OrgLabelPolicyWriteModel) NewChangedEvent(
if len(changes) == 0 { if len(changes) == 0 {
return nil, false return nil, false
} }
changedEvent, err := org.NewLabelPolicyChangedEvent(ctx, changes) changedEvent, err := org.NewLabelPolicyChangedEvent(ctx, aggregate, changes)
if err != nil { if err != nil {
return nil, false return nil, false
} }

86
internal/v2/command/org_policy_login.go
View File

@ -3,9 +3,8 @@ package command
import ( import (
"context" "context"
"github.com/caos/logging" "github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore/v2"
caos_errs "github.com/caos/zitadel/internal/errors" caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
"github.com/caos/zitadel/internal/v2/repository/org" "github.com/caos/zitadel/internal/v2/repository/org"
) )
@ -21,13 +20,23 @@ func (r *CommandSide) AddLoginPolicy(ctx context.Context, resourceOwner string,
} }
orgAgg := OrgAggregateFromWriteModel(&addedPolicy.WriteModel) orgAgg := OrgAggregateFromWriteModel(&addedPolicy.WriteModel)
orgAgg.PushEvents(org.NewLoginPolicyAddedEvent(ctx, policy.AllowUsernamePassword, policy.AllowRegister, policy.AllowExternalIDP, policy.ForceMFA, policy.PasswordlessType)) pushedEvents, err := r.eventstore.PushEvents(
ctx,
err = r.eventstore.PushAggregate(ctx, addedPolicy, orgAgg) org.NewLoginPolicyAddedEvent(
ctx,
orgAgg,
policy.AllowUsernamePassword,
policy.AllowRegister,
policy.AllowExternalIDP,
policy.ForceMFA,
policy.PasswordlessType))
if err != nil {
return nil, err
}
err = AppendAndReduce(addedPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return writeModelToLoginPolicy(&addedPolicy.LoginPolicyWriteModel), nil return writeModelToLoginPolicy(&addedPolicy.LoginPolicyWriteModel), nil
} }
@ -40,19 +49,20 @@ func (r *CommandSide) ChangeLoginPolicy(ctx context.Context, resourceOwner strin
if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved { if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved {
return nil, caos_errs.ThrowNotFound(nil, "Org-M0sif", "Errors.Org.LoginPolicy.NotFound") return nil, caos_errs.ThrowNotFound(nil, "Org-M0sif", "Errors.Org.LoginPolicy.NotFound")
} }
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, policy.AllowUsernamePassword, policy.AllowRegister, policy.AllowExternalIDP, policy.ForceMFA, policy.PasswordlessType) orgAgg := OrgAggregateFromWriteModel(&existingPolicy.LoginPolicyWriteModel.WriteModel)
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, orgAgg, policy.AllowUsernamePassword, policy.AllowRegister, policy.AllowExternalIDP, policy.ForceMFA, policy.PasswordlessType)
if !hasChanged { if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-5M9vdd", "Errors.Org.LoginPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-5M9vdd", "Errors.Org.LoginPolicy.NotChanged")
} }
orgAgg := OrgAggregateFromWriteModel(&existingPolicy.LoginPolicyWriteModel.WriteModel) pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent)
orgAgg.PushEvents(changedEvent) if err != nil {
return nil, err
err = r.eventstore.PushAggregate(ctx, existingPolicy, orgAgg) }
err = AppendAndReduce(existingPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return writeModelToLoginPolicy(&existingPolicy.LoginPolicyWriteModel), nil return writeModelToLoginPolicy(&existingPolicy.LoginPolicyWriteModel), nil
} }
@ -66,9 +76,8 @@ func (r *CommandSide) RemoveLoginPolicy(ctx context.Context, orgID string) error
return caos_errs.ThrowNotFound(nil, "Org-GHB37", "Errors.Org.LoginPolicy.NotFound") return caos_errs.ThrowNotFound(nil, "Org-GHB37", "Errors.Org.LoginPolicy.NotFound")
} }
orgAgg := OrgAggregateFromWriteModel(&existingPolicy.LoginPolicyWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&existingPolicy.LoginPolicyWriteModel.WriteModel)
orgAgg.PushEvents(org.NewLoginPolicyRemovedEvent(ctx)) _, err = r.eventstore.PushEvents(ctx, org.NewLoginPolicyRemovedEvent(ctx, orgAgg))
return err
return r.eventstore.PushAggregate(ctx, existingPolicy, orgAgg)
} }
func (r *CommandSide) AddIDPProviderToLoginPolicy(ctx context.Context, resourceOwner string, idpProvider *domain.IDPProvider) (*domain.IDPProvider, error) { func (r *CommandSide) AddIDPProviderToLoginPolicy(ctx context.Context, resourceOwner string, idpProvider *domain.IDPProvider) (*domain.IDPProvider, error) {
@ -82,12 +91,14 @@ func (r *CommandSide) AddIDPProviderToLoginPolicy(ctx context.Context, resourceO
} }
orgAgg := OrgAggregateFromWriteModel(&idpModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&idpModel.WriteModel)
orgAgg.PushEvents(org.NewIdentityProviderAddedEvent(ctx, idpProvider.IDPConfigID, idpProvider.Type)) pushedEvents, err := r.eventstore.PushEvents(ctx, org.NewIdentityProviderAddedEvent(ctx, orgAgg, idpProvider.IDPConfigID, idpProvider.Type))
if err != nil {
if err = r.eventstore.PushAggregate(ctx, idpModel, orgAgg); err != nil { return nil, err
}
err = AppendAndReduce(idpModel, pushedEvents...)
if err != nil {
return nil, err return nil, err
} }
return writeModelToIDPProvider(&idpModel.IdentityProviderWriteModel), nil return writeModelToIDPProvider(&idpModel.IdentityProviderWriteModel), nil
} }
@ -101,35 +112,30 @@ func (r *CommandSide) RemoveIDPProviderFromLoginPolicy(ctx context.Context, reso
return caos_errs.ThrowNotFound(nil, "Org-39fjs", "Errors.Org.LoginPolicy.IDP.NotExisting") return caos_errs.ThrowNotFound(nil, "Org-39fjs", "Errors.Org.LoginPolicy.IDP.NotExisting")
} }
aggregates := make([]eventstore.Aggregater, 0)
orgAgg := OrgAggregateFromWriteModel(&idpModel.IdentityProviderWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&idpModel.IdentityProviderWriteModel.WriteModel)
userAggregates := r.removeIDPProviderFromLoginPolicy(ctx, orgAgg, idpProvider.IDPConfigID, false, cascadeExternalIDPs...) events := r.removeIDPProviderFromLoginPolicy(ctx, orgAgg, idpProvider.IDPConfigID, false, cascadeExternalIDPs...)
aggregates = append(aggregates, orgAgg) _, err = r.eventstore.PushEvents(ctx, events...)
aggregates = append(aggregates, userAggregates...)
_, err = r.eventstore.PushAggregates(ctx, aggregates...)
return err return err
} }
func (r *CommandSide) removeIDPProviderFromLoginPolicy(ctx context.Context, orgAgg *org.Aggregate, idpConfigID string, cascade bool, cascadeExternalIDPs ...*domain.ExternalIDP) []eventstore.Aggregater { func (r *CommandSide) removeIDPProviderFromLoginPolicy(ctx context.Context, orgAgg *eventstore.Aggregate, idpConfigID string, cascade bool, cascadeExternalIDPs ...*domain.ExternalIDP) []eventstore.EventPusher {
var events []eventstore.EventPusher
if cascade { if cascade {
orgAgg.PushEvents(org.NewIdentityProviderCascadeRemovedEvent(ctx, idpConfigID)) events = append(events, org.NewIdentityProviderCascadeRemovedEvent(ctx, orgAgg, idpConfigID))
} else { } else {
orgAgg.PushEvents(org.NewIdentityProviderRemovedEvent(ctx, idpConfigID)) events = append(events, org.NewIdentityProviderRemovedEvent(ctx, orgAgg, idpConfigID))
} }
userAggregates := make([]eventstore.Aggregater, 0)
for _, idp := range cascadeExternalIDPs { for _, idp := range cascadeExternalIDPs {
userAgg, _, err := r.removeHumanExternalIDP(ctx, idp, true) event, err := r.removeHumanExternalIDP(ctx, idp, true)
if err != nil { if err != nil {
logging.LogWithFields("COMMAND-n8RRf", "userid", idp.AggregateID, "idpconfigid", idp.IDPConfigID).WithError(err).Warn("could not cascade remove external idp") logging.LogWithFields("COMMAND-n8RRf", "userid", idp.AggregateID, "idpconfigid", idp.IDPConfigID).WithError(err).Warn("could not cascade remove external idp")
continue continue
} }
userAggregates = append(userAggregates, userAgg) events = append(events, event)
} }
return userAggregates return events
} }
func (r *CommandSide) AddSecondFactorToLoginPolicy(ctx context.Context, secondFactor domain.SecondFactorType, orgID string) (domain.SecondFactorType, error) { func (r *CommandSide) AddSecondFactorToLoginPolicy(ctx context.Context, secondFactor domain.SecondFactorType, orgID string) (domain.SecondFactorType, error) {
@ -144,9 +150,8 @@ func (r *CommandSide) AddSecondFactorToLoginPolicy(ctx context.Context, secondFa
} }
orgAgg := OrgAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel)
orgAgg.PushEvents(org.NewLoginPolicySecondFactorAddedEvent(ctx, secondFactor))
if err = r.eventstore.PushAggregate(ctx, secondFactorModel, orgAgg); err != nil { if _, err = r.eventstore.PushEvents(ctx, org.NewLoginPolicySecondFactorAddedEvent(ctx, orgAgg, secondFactor)); err != nil {
return domain.SecondFactorTypeUnspecified, err return domain.SecondFactorTypeUnspecified, err
} }
@ -163,9 +168,9 @@ func (r *CommandSide) RemoveSecondFactorFromLoginPolicy(ctx context.Context, sec
return caos_errs.ThrowNotFound(nil, "Org-3M9od", "Errors.Org.LoginPolicy.MFA.NotExisting") return caos_errs.ThrowNotFound(nil, "Org-3M9od", "Errors.Org.LoginPolicy.MFA.NotExisting")
} }
orgAgg := OrgAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel)
orgAgg.PushEvents(org.NewLoginPolicySecondFactorRemovedEvent(ctx, domain.SecondFactorType(secondFactor)))
return r.eventstore.PushAggregate(ctx, secondFactorModel, orgAgg) _, err = r.eventstore.PushEvents(ctx, org.NewLoginPolicySecondFactorRemovedEvent(ctx, orgAgg, secondFactor))
return err
} }
func (r *CommandSide) AddMultiFactorToLoginPolicy(ctx context.Context, multiFactor domain.MultiFactorType, orgID string) (domain.MultiFactorType, error) { func (r *CommandSide) AddMultiFactorToLoginPolicy(ctx context.Context, multiFactor domain.MultiFactorType, orgID string) (domain.MultiFactorType, error) {
@ -179,9 +184,8 @@ func (r *CommandSide) AddMultiFactorToLoginPolicy(ctx context.Context, multiFact
} }
orgAgg := OrgAggregateFromWriteModel(&multiFactorModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&multiFactorModel.WriteModel)
orgAgg.PushEvents(org.NewLoginPolicyMultiFactorAddedEvent(ctx, multiFactor))
if err = r.eventstore.PushAggregate(ctx, multiFactorModel, orgAgg); err != nil { if _, err = r.eventstore.PushEvents(ctx, org.NewLoginPolicyMultiFactorAddedEvent(ctx, orgAgg, multiFactor)); err != nil {
return domain.MultiFactorTypeUnspecified, err return domain.MultiFactorTypeUnspecified, err
} }
@ -198,7 +202,7 @@ func (r *CommandSide) RemoveMultiFactorFromLoginPolicy(ctx context.Context, mult
return caos_errs.ThrowNotFound(nil, "Org-3M9df", "Errors.Org.LoginPolicy.MFA.NotExisting") return caos_errs.ThrowNotFound(nil, "Org-3M9df", "Errors.Org.LoginPolicy.MFA.NotExisting")
} }
orgAgg := OrgAggregateFromWriteModel(&multiFactorModel.MultiFactoryWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&multiFactorModel.MultiFactoryWriteModel.WriteModel)
orgAgg.PushEvents(org.NewLoginPolicyMultiFactorRemovedEvent(ctx, domain.MultiFactorType(multiFactor)))
return r.eventstore.PushAggregate(ctx, multiFactorModel, orgAgg) _, err = r.eventstore.PushEvents(ctx, org.NewLoginPolicyMultiFactorRemovedEvent(ctx, orgAgg, multiFactor))
return err
} }

24
internal/v2/command/org_policy_login_factors_model.go
View File

@ -2,7 +2,7 @@ package command
import ( import (
"github.com/caos/zitadel/internal/eventstore/v2" "github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/repository/iam" "github.com/caos/zitadel/internal/v2/repository/org"
) )
type OrgSecondFactorWriteModel struct { type OrgSecondFactorWriteModel struct {
@ -23,8 +23,10 @@ func NewOrgSecondFactorWriteModel(orgID string) *OrgSecondFactorWriteModel {
func (wm *OrgSecondFactorWriteModel) AppendEvents(events ...eventstore.EventReader) { func (wm *OrgSecondFactorWriteModel) AppendEvents(events ...eventstore.EventReader) {
for _, event := range events { for _, event := range events {
switch e := event.(type) { switch e := event.(type) {
case *iam.LoginPolicySecondFactorAddedEvent: case *org.LoginPolicySecondFactorAddedEvent:
wm.WriteModel.AppendEvents(&e.SecondFactorAddedEvent) wm.WriteModel.AppendEvents(&e.SecondFactorAddedEvent)
case *org.LoginPolicySecondFactorRemovedEvent:
wm.WriteModel.AppendEvents(&e.SecondFactorRemovedEvent)
} }
} }
} }
@ -34,9 +36,12 @@ func (wm *OrgSecondFactorWriteModel) Reduce() error {
} }
func (wm *OrgSecondFactorWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *OrgSecondFactorWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType).
AggregateIDs(wm.WriteModel.AggregateID). AggregateIDs(wm.WriteModel.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(
org.LoginPolicySecondFactorAddedEventType,
org.LoginPolicySecondFactorRemovedEventType)
} }
type OrgMultiFactorWriteModel struct { type OrgMultiFactorWriteModel struct {
@ -57,8 +62,10 @@ func NewOrgMultiFactorWriteModel(orgID string) *OrgMultiFactorWriteModel {
func (wm *OrgMultiFactorWriteModel) AppendEvents(events ...eventstore.EventReader) { func (wm *OrgMultiFactorWriteModel) AppendEvents(events ...eventstore.EventReader) {
for _, event := range events { for _, event := range events {
switch e := event.(type) { switch e := event.(type) {
case *iam.LoginPolicyMultiFactorAddedEvent: case *org.LoginPolicyMultiFactorAddedEvent:
wm.WriteModel.AppendEvents(&e.MultiFactorAddedEvent) wm.WriteModel.AppendEvents(&e.MultiFactorAddedEvent)
case *org.LoginPolicyMultiFactorRemovedEvent:
wm.WriteModel.AppendEvents(&e.MultiFactorRemovedEvent)
} }
} }
} }
@ -68,7 +75,10 @@ func (wm *OrgMultiFactorWriteModel) Reduce() error {
} }
func (wm *OrgMultiFactorWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *OrgMultiFactorWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType).
AggregateIDs(wm.WriteModel.AggregateID). AggregateIDs(wm.WriteModel.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(
org.LoginPolicyMultiFactorAddedEventType,
org.LoginPolicyMultiFactorRemovedEventType)
} }

9
internal/v2/command/org_policy_login_model.go
View File

@ -48,11 +48,16 @@ func (wm *OrgLoginPolicyWriteModel) Reduce() error {
func (wm *OrgLoginPolicyWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *OrgLoginPolicyWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType).
AggregateIDs(wm.LoginPolicyWriteModel.AggregateID). AggregateIDs(wm.LoginPolicyWriteModel.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(
org.LoginPolicyAddedEventType,
org.LoginPolicyChangedEventType,
org.LoginPolicyRemovedEventType)
} }
func (wm *OrgLoginPolicyWriteModel) NewChangedEvent( func (wm *OrgLoginPolicyWriteModel) NewChangedEvent(
ctx context.Context, ctx context.Context,
aggregate *eventstore.Aggregate,
allowUsernamePassword, allowUsernamePassword,
allowRegister, allowRegister,
allowExternalIDP, allowExternalIDP,
@ -79,7 +84,7 @@ func (wm *OrgLoginPolicyWriteModel) NewChangedEvent(
if len(changes) == 0 { if len(changes) == 0 {
return nil, false return nil, false
} }
changedEvent, err := org.NewLoginPolicyChangedEvent(ctx, changes) changedEvent, err := org.NewLoginPolicyChangedEvent(ctx, aggregate, changes)
if err != nil { if err != nil {
return nil, false return nil, false
} }

26
internal/v2/command/org_policy_mail_template.go
View File

@ -22,13 +22,14 @@ func (r *CommandSide) AddMailTemplate(ctx context.Context, resourceOwner string,
} }
orgAgg := OrgAggregateFromWriteModel(&addedPolicy.MailTemplateWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&addedPolicy.MailTemplateWriteModel.WriteModel)
orgAgg.PushEvents(org.NewMailTemplateAddedEvent(ctx, policy.Template)) pushedEvents, err := r.eventstore.PushEvents(ctx, org.NewMailTemplateAddedEvent(ctx, orgAgg, policy.Template))
if err != nil {
err = r.eventstore.PushAggregate(ctx, addedPolicy, orgAgg) return nil, err
}
err = AppendAndReduce(addedPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return writeModelToMailTemplate(&addedPolicy.MailTemplateWriteModel), nil return writeModelToMailTemplate(&addedPolicy.MailTemplateWriteModel), nil
} }
@ -45,19 +46,20 @@ func (r *CommandSide) ChangeMailTemplate(ctx context.Context, resourceOwner stri
return nil, caos_errs.ThrowNotFound(nil, "Org-5m9ie", "Errors.Org.MailTemplate.NotFound") return nil, caos_errs.ThrowNotFound(nil, "Org-5m9ie", "Errors.Org.MailTemplate.NotFound")
} }
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, policy.Template) orgAgg := OrgAggregateFromWriteModel(&existingPolicy.MailTemplateWriteModel.WriteModel)
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, orgAgg, policy.Template)
if !hasChanged { if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-4M9vs", "Errors.Org.MailTemplate.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-4M9vs", "Errors.Org.MailTemplate.NotChanged")
} }
orgAgg := OrgAggregateFromWriteModel(&existingPolicy.MailTemplateWriteModel.WriteModel) pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent)
orgAgg.PushEvents(changedEvent) if err != nil {
return nil, err
err = r.eventstore.PushAggregate(ctx, existingPolicy, orgAgg) }
err = AppendAndReduce(existingPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return writeModelToMailTemplate(&existingPolicy.MailTemplateWriteModel), nil return writeModelToMailTemplate(&existingPolicy.MailTemplateWriteModel), nil
} }
@ -71,7 +73,7 @@ func (r *CommandSide) RemoveMailTemplate(ctx context.Context, orgID string) erro
return caos_errs.ThrowNotFound(nil, "Org-3b8Jf", "Errors.Org.MailTemplate.NotFound") return caos_errs.ThrowNotFound(nil, "Org-3b8Jf", "Errors.Org.MailTemplate.NotFound")
} }
orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel) orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel)
orgAgg.PushEvents(org.NewMailTemplateRemovedEvent(ctx))
return r.eventstore.PushAggregate(ctx, existingPolicy, orgAgg) _, err = r.eventstore.PushEvents(ctx, org.NewMailTemplateRemovedEvent(ctx, orgAgg))
return err
} }

12
internal/v2/command/org_policy_mail_template_model.go
View File

@ -31,6 +31,8 @@ func (wm *OrgMailTemplateWriteModel) AppendEvents(events ...eventstore.EventRead
wm.MailTemplateWriteModel.AppendEvents(&e.MailTemplateAddedEvent) wm.MailTemplateWriteModel.AppendEvents(&e.MailTemplateAddedEvent)
case *org.MailTemplateChangedEvent: case *org.MailTemplateChangedEvent:
wm.MailTemplateWriteModel.AppendEvents(&e.MailTemplateChangedEvent) wm.MailTemplateWriteModel.AppendEvents(&e.MailTemplateChangedEvent)
case *org.MailTemplateRemovedEvent:
wm.MailTemplateWriteModel.AppendEvents(&e.MailTemplateRemovedEvent)
} }
} }
} }
@ -41,7 +43,12 @@ func (wm *OrgMailTemplateWriteModel) Reduce() error {
func (wm *OrgMailTemplateWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *OrgMailTemplateWriteModel) Query() *eventstore.SearchQueryBuilder {
query := eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType). query := eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType).
AggregateIDs(wm.MailTemplateWriteModel.AggregateID) AggregateIDs(wm.MailTemplateWriteModel.AggregateID).
EventTypes(
org.MailTemplateAddedEventType,
org.MailTemplateChangedEventType,
org.MailTemplateRemovedEventType)
if wm.ResourceOwner != "" { if wm.ResourceOwner != "" {
query.ResourceOwner(wm.ResourceOwner) query.ResourceOwner(wm.ResourceOwner)
} }
@ -50,6 +57,7 @@ func (wm *OrgMailTemplateWriteModel) Query() *eventstore.SearchQueryBuilder {
func (wm *OrgMailTemplateWriteModel) NewChangedEvent( func (wm *OrgMailTemplateWriteModel) NewChangedEvent(
ctx context.Context, ctx context.Context,
aggregate *eventstore.Aggregate,
template []byte, template []byte,
) (*org.MailTemplateChangedEvent, bool) { ) (*org.MailTemplateChangedEvent, bool) {
changes := make([]policy.MailTemplateChanges, 0) changes := make([]policy.MailTemplateChanges, 0)
@ -59,7 +67,7 @@ func (wm *OrgMailTemplateWriteModel) NewChangedEvent(
if len(changes) == 0 { if len(changes) == 0 {
return nil, false return nil, false
} }
changedEvent, err := org.NewMailTemplateChangedEvent(ctx, changes) changedEvent, err := org.NewMailTemplateChangedEvent(ctx, aggregate, changes)
if err != nil { if err != nil {
return nil, false return nil, false
} }

27
internal/v2/command/org_policy_mail_text.go
View File

@ -22,10 +22,11 @@ func (r *CommandSide) AddMailText(ctx context.Context, resourceOwner string, mai
} }
orgAgg := OrgAggregateFromWriteModel(&addedPolicy.MailTextWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&addedPolicy.MailTextWriteModel.WriteModel)
orgAgg.PushEvents( pushedEvents, err := r.eventstore.PushEvents(
ctx,
org.NewMailTextAddedEvent( org.NewMailTextAddedEvent(
ctx, ctx,
resourceOwner, orgAgg,
mailText.MailTextType, mailText.MailTextType,
mailText.Language, mailText.Language,
mailText.Title, mailText.Title,
@ -34,8 +35,10 @@ func (r *CommandSide) AddMailText(ctx context.Context, resourceOwner string, mai
mailText.Greeting, mailText.Greeting,
mailText.Text, mailText.Text,
mailText.ButtonText)) mailText.ButtonText))
if err != nil {
err = r.eventstore.PushAggregate(ctx, addedPolicy, orgAgg) return nil, err
}
err = AppendAndReduce(addedPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -56,8 +59,10 @@ func (r *CommandSide) ChangeMailText(ctx context.Context, resourceOwner string,
return nil, caos_errs.ThrowNotFound(nil, "Org-3n8fM", "Errors.Org.MailText.NotFound") return nil, caos_errs.ThrowNotFound(nil, "Org-3n8fM", "Errors.Org.MailText.NotFound")
} }
orgAgg := OrgAggregateFromWriteModel(&existingPolicy.MailTextWriteModel.WriteModel)
changedEvent, hasChanged := existingPolicy.NewChangedEvent( changedEvent, hasChanged := existingPolicy.NewChangedEvent(
ctx, ctx,
orgAgg,
mailText.MailTextType, mailText.MailTextType,
mailText.Language, mailText.Language,
mailText.Title, mailText.Title,
@ -70,10 +75,11 @@ func (r *CommandSide) ChangeMailText(ctx context.Context, resourceOwner string,
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-2n9fs", "Errors.Org.MailText.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-2n9fs", "Errors.Org.MailText.NotChanged")
} }
orgAgg := OrgAggregateFromWriteModel(&existingPolicy.MailTextWriteModel.WriteModel) pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent)
orgAgg.PushEvents(changedEvent) if err != nil {
return nil, err
err = r.eventstore.PushAggregate(ctx, existingPolicy, orgAgg) }
err = AppendAndReduce(existingPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -91,7 +97,6 @@ func (r *CommandSide) RemoveMailText(ctx context.Context, resourceOwner, mailTex
return caos_errs.ThrowNotFound(nil, "Org-3b8Jf", "Errors.Org.MailText.NotFound") return caos_errs.ThrowNotFound(nil, "Org-3b8Jf", "Errors.Org.MailText.NotFound")
} }
orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel) orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel)
orgAgg.PushEvents(org.NewMailTextRemovedEvent(ctx, mailTextType, language, resourceOwner)) _, err = r.eventstore.PushEvents(ctx, org.NewMailTextRemovedEvent(ctx, orgAgg, mailTextType, language))
return err
return r.eventstore.PushAggregate(ctx, existingPolicy, orgAgg)
} }

10
internal/v2/command/org_policy_mail_text_model.go
View File

@ -31,6 +31,8 @@ func (wm *OrgMailTextWriteModel) AppendEvents(events ...eventstore.EventReader)
wm.MailTextWriteModel.AppendEvents(&e.MailTextAddedEvent) wm.MailTextWriteModel.AppendEvents(&e.MailTextAddedEvent)
case *org.MailTextChangedEvent: case *org.MailTextChangedEvent:
wm.MailTextWriteModel.AppendEvents(&e.MailTextChangedEvent) wm.MailTextWriteModel.AppendEvents(&e.MailTextChangedEvent)
case *org.MailTextRemovedEvent:
wm.MailTextWriteModel.AppendEvents(&e.MailTextRemovedEvent)
} }
} }
} }
@ -41,7 +43,10 @@ func (wm *OrgMailTextWriteModel) Reduce() error {
func (wm *OrgMailTextWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *OrgMailTextWriteModel) Query() *eventstore.SearchQueryBuilder {
query := eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType). query := eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType).
AggregateIDs(wm.MailTextWriteModel.AggregateID) AggregateIDs(wm.MailTextWriteModel.AggregateID).
EventTypes(org.MailTextAddedEventType,
org.MailTextChangedEventType,
org.MailTextRemovedEventType)
if wm.ResourceOwner != "" { if wm.ResourceOwner != "" {
query.ResourceOwner(wm.ResourceOwner) query.ResourceOwner(wm.ResourceOwner)
} }
@ -50,6 +55,7 @@ func (wm *OrgMailTextWriteModel) Query() *eventstore.SearchQueryBuilder {
func (wm *OrgMailTextWriteModel) NewChangedEvent( func (wm *OrgMailTextWriteModel) NewChangedEvent(
ctx context.Context, ctx context.Context,
aggregate *eventstore.Aggregate,
mailTextType, mailTextType,
language, language,
title, title,
@ -81,7 +87,7 @@ func (wm *OrgMailTextWriteModel) NewChangedEvent(
if len(changes) == 0 { if len(changes) == 0 {
return nil, false return nil, false
} }
changedEvent, err := org.NewMailTextChangedEvent(ctx, mailTextType, language, changes) changedEvent, err := org.NewMailTextChangedEvent(ctx, aggregate, mailTextType, language, changes)
if err != nil { if err != nil {
return nil, false return nil, false
} }

42
internal/v2/command/org_policy_org_iam.go
View File

@ -3,6 +3,7 @@ package command
import ( import (
"context" "context"
caos_errs "github.com/caos/zitadel/internal/errors" caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
"github.com/caos/zitadel/internal/v2/repository/org" "github.com/caos/zitadel/internal/v2/repository/org"
@ -11,33 +12,30 @@ import (
func (r *CommandSide) AddOrgIAMPolicy(ctx context.Context, resourceOwner string, policy *domain.OrgIAMPolicy) (*domain.OrgIAMPolicy, error) { func (r *CommandSide) AddOrgIAMPolicy(ctx context.Context, resourceOwner string, policy *domain.OrgIAMPolicy) (*domain.OrgIAMPolicy, error) {
addedPolicy := NewORGOrgIAMPolicyWriteModel(resourceOwner) addedPolicy := NewORGOrgIAMPolicyWriteModel(resourceOwner)
orgAgg := OrgAggregateFromWriteModel(&addedPolicy.PolicyOrgIAMWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&addedPolicy.PolicyOrgIAMWriteModel.WriteModel)
err := r.addOrgIAMPolicy(ctx, orgAgg, addedPolicy, policy) event, err := r.addOrgIAMPolicy(ctx, orgAgg, addedPolicy, policy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
if addedPolicy.State == domain.PolicyStateActive { pushedEvents, err := r.eventstore.PushEvents(ctx, event)
return nil, caos_errs.ThrowAlreadyExists(nil, "ORG-5M0ds", "Errors.Org.OrgIAMPolicy.AlreadyExists") if err != nil {
} return nil, err
orgAgg.PushEvents(org.NewOrgIAMPolicyAddedEvent(ctx, policy.UserLoginMustBeDomain)) }
err = AppendAndReduce(addedPolicy, pushedEvents...)
err = r.eventstore.PushAggregate(ctx, addedPolicy, orgAgg)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return orgWriteModelToOrgIAMPolicy(addedPolicy), nil return orgWriteModelToOrgIAMPolicy(addedPolicy), nil
} }
func (r *CommandSide) addOrgIAMPolicy(ctx context.Context, orgAgg *org.Aggregate, addedPolicy *ORGOrgIAMPolicyWriteModel, policy *domain.OrgIAMPolicy) error { func (r *CommandSide) addOrgIAMPolicy(ctx context.Context, orgAgg *eventstore.Aggregate, addedPolicy *ORGOrgIAMPolicyWriteModel, policy *domain.OrgIAMPolicy) (eventstore.EventPusher, error) {
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil { if err != nil {
return err return nil, err
} }
if addedPolicy.State == domain.PolicyStateActive { if addedPolicy.State == domain.PolicyStateActive {
return caos_errs.ThrowAlreadyExists(nil, "ORG-1M8ds", "Errors.Org.OrgIAMPolicy.AlreadyExists") return nil, caos_errs.ThrowAlreadyExists(nil, "ORG-1M8ds", "Errors.Org.OrgIAMPolicy.AlreadyExists")
} }
orgAgg.PushEvents(org.NewOrgIAMPolicyAddedEvent(ctx, policy.UserLoginMustBeDomain)) return org.NewOrgIAMPolicyAddedEvent(ctx, orgAgg, policy.UserLoginMustBeDomain), nil
return nil
} }
func (r *CommandSide) ChangeOrgIAMPolicy(ctx context.Context, resourceOwner string, policy *domain.OrgIAMPolicy) (*domain.OrgIAMPolicy, error) { func (r *CommandSide) ChangeOrgIAMPolicy(ctx context.Context, resourceOwner string, policy *domain.OrgIAMPolicy) (*domain.OrgIAMPolicy, error) {
@ -49,19 +47,20 @@ func (r *CommandSide) ChangeOrgIAMPolicy(ctx context.Context, resourceOwner stri
return nil, caos_errs.ThrowNotFound(nil, "ORG-2N9sd", "Errors.Org.OrgIAMPolicy.NotFound") return nil, caos_errs.ThrowNotFound(nil, "ORG-2N9sd", "Errors.Org.OrgIAMPolicy.NotFound")
} }
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, policy.UserLoginMustBeDomain) orgAgg := OrgAggregateFromWriteModel(&existingPolicy.PolicyOrgIAMWriteModel.WriteModel)
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, orgAgg, policy.UserLoginMustBeDomain)
if !hasChanged { if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "ORG-3M9ds", "Errors.Org.LabelPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "ORG-3M9ds", "Errors.Org.LabelPolicy.NotChanged")
} }
orgAgg := OrgAggregateFromWriteModel(&existingPolicy.PolicyOrgIAMWriteModel.WriteModel) pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent)
orgAgg.PushEvents(changedEvent) if err != nil {
return nil, err
err = r.eventstore.PushAggregate(ctx, existingPolicy, orgAgg) }
err = AppendAndReduce(existingPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return orgWriteModelToOrgIAMPolicy(existingPolicy), nil return orgWriteModelToOrgIAMPolicy(existingPolicy), nil
} }
@ -75,9 +74,8 @@ func (r *CommandSide) RemoveOrgIAMPolicy(ctx context.Context, orgID string) erro
} }
orgAgg := OrgAggregateFromWriteModel(&existingPolicy.PolicyOrgIAMWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&existingPolicy.PolicyOrgIAMWriteModel.WriteModel)
orgAgg.PushEvents(org.NewOrgIAMPolicyRemovedEvent(ctx)) _, err = r.eventstore.PushEvents(ctx, org.NewOrgIAMPolicyRemovedEvent(ctx, orgAgg))
return err
return r.eventstore.PushAggregate(ctx, existingPolicy, orgAgg)
} }
func (r *CommandSide) getOrgIAMPolicy(ctx context.Context, orgID string) (*domain.OrgIAMPolicy, error) { func (r *CommandSide) getOrgIAMPolicy(ctx context.Context, orgID string) (*domain.OrgIAMPolicy, error) {

14
internal/v2/command/org_policy_org_iam_model.go
View File

@ -30,6 +30,8 @@ func (wm *ORGOrgIAMPolicyWriteModel) AppendEvents(events ...eventstore.EventRead
wm.PolicyOrgIAMWriteModel.AppendEvents(&e.OrgIAMPolicyAddedEvent) wm.PolicyOrgIAMWriteModel.AppendEvents(&e.OrgIAMPolicyAddedEvent)
case *org.OrgIAMPolicyChangedEvent: case *org.OrgIAMPolicyChangedEvent:
wm.PolicyOrgIAMWriteModel.AppendEvents(&e.OrgIAMPolicyChangedEvent) wm.PolicyOrgIAMWriteModel.AppendEvents(&e.OrgIAMPolicyChangedEvent)
case *org.OrgIAMPolicyRemovedEvent:
wm.PolicyOrgIAMWriteModel.AppendEvents(&e.OrgIAMPolicyRemovedEvent)
} }
} }
} }
@ -41,10 +43,16 @@ func (wm *ORGOrgIAMPolicyWriteModel) Reduce() error {
func (wm *ORGOrgIAMPolicyWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *ORGOrgIAMPolicyWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType).
AggregateIDs(wm.PolicyOrgIAMWriteModel.AggregateID). AggregateIDs(wm.PolicyOrgIAMWriteModel.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(org.OrgIAMPolicyAddedEventType,
org.OrgIAMPolicyChangedEventType,
org.OrgIAMPolicyRemovedEventType)
} }
func (wm *ORGOrgIAMPolicyWriteModel) NewChangedEvent(ctx context.Context, userLoginMustBeDomain bool) (*org.OrgIAMPolicyChangedEvent, bool) { func (wm *ORGOrgIAMPolicyWriteModel) NewChangedEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
userLoginMustBeDomain bool) (*org.OrgIAMPolicyChangedEvent, bool) {
changes := make([]policy.OrgIAMPolicyChanges, 0) changes := make([]policy.OrgIAMPolicyChanges, 0)
if wm.UserLoginMustBeDomain != userLoginMustBeDomain { if wm.UserLoginMustBeDomain != userLoginMustBeDomain {
changes = append(changes, policy.ChangeUserLoginMustBeDomain(userLoginMustBeDomain)) changes = append(changes, policy.ChangeUserLoginMustBeDomain(userLoginMustBeDomain))
@ -52,7 +60,7 @@ func (wm *ORGOrgIAMPolicyWriteModel) NewChangedEvent(ctx context.Context, userLo
if len(changes) == 0 { if len(changes) == 0 {
return nil, false return nil, false
} }
changedEvent, err := org.NewOrgIAMPolicyChangedEvent(ctx, changes) changedEvent, err := org.NewOrgIAMPolicyChangedEvent(ctx, aggregate, changes)
if err != nil { if err != nil {
return nil, false return nil, false
} }

26
internal/v2/command/org_policy_password_age.go
View File

@ -19,13 +19,14 @@ func (r *CommandSide) AddPasswordAgePolicy(ctx context.Context, resourceOwner st
} }
orgAgg := OrgAggregateFromWriteModel(&addedPolicy.WriteModel) orgAgg := OrgAggregateFromWriteModel(&addedPolicy.WriteModel)
orgAgg.PushEvents(org.NewPasswordAgePolicyAddedEvent(ctx, policy.ExpireWarnDays, policy.MaxAgeDays)) pushedEvents, err := r.eventstore.PushEvents(ctx, org.NewPasswordAgePolicyAddedEvent(ctx, orgAgg, policy.ExpireWarnDays, policy.MaxAgeDays))
if err != nil {
err = r.eventstore.PushAggregate(ctx, addedPolicy, orgAgg) return nil, err
}
err = AppendAndReduce(addedPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return writeModelToPasswordAgePolicy(&addedPolicy.PasswordAgePolicyWriteModel), nil return writeModelToPasswordAgePolicy(&addedPolicy.PasswordAgePolicyWriteModel), nil
} }
@ -39,19 +40,20 @@ func (r *CommandSide) ChangePasswordAgePolicy(ctx context.Context, resourceOwner
return nil, caos_errs.ThrowNotFound(nil, "ORG-0oPew", "Errors.Org.PasswordAgePolicy.NotFound") return nil, caos_errs.ThrowNotFound(nil, "ORG-0oPew", "Errors.Org.PasswordAgePolicy.NotFound")
} }
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, policy.ExpireWarnDays, policy.MaxAgeDays) orgAgg := OrgAggregateFromWriteModel(&existingPolicy.PasswordAgePolicyWriteModel.WriteModel)
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, orgAgg, policy.ExpireWarnDays, policy.MaxAgeDays)
if !hasChanged { if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-dsgjR", "Errors.ORg.LabelPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-dsgjR", "Errors.ORg.LabelPolicy.NotChanged")
} }
orgAgg := OrgAggregateFromWriteModel(&existingPolicy.PasswordAgePolicyWriteModel.WriteModel) pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent)
orgAgg.PushEvents(changedEvent) if err != nil {
return nil, err
err = r.eventstore.PushAggregate(ctx, existingPolicy, orgAgg) }
err = AppendAndReduce(existingPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return writeModelToPasswordAgePolicy(&existingPolicy.PasswordAgePolicyWriteModel), nil return writeModelToPasswordAgePolicy(&existingPolicy.PasswordAgePolicyWriteModel), nil
} }
@ -65,6 +67,6 @@ func (r *CommandSide) RemovePasswordAgePolicy(ctx context.Context, orgID string)
return caos_errs.ThrowNotFound(nil, "ORG-Dgs1g", "Errors.Org.PasswordAgePolicy.NotFound") return caos_errs.ThrowNotFound(nil, "ORG-Dgs1g", "Errors.Org.PasswordAgePolicy.NotFound")
} }
orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel) orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel)
orgAgg.PushEvents(org.NewPasswordAgePolicyRemovedEvent(ctx)) _, err = r.eventstore.PushEvents(ctx, org.NewPasswordAgePolicyRemovedEvent(ctx, orgAgg))
return r.eventstore.PushAggregate(ctx, existingPolicy, orgAgg) return err
} }

14
internal/v2/command/org_policy_password_age_model.go
View File

@ -43,10 +43,18 @@ func (wm *OrgPasswordAgePolicyWriteModel) Reduce() error {
func (wm *OrgPasswordAgePolicyWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *OrgPasswordAgePolicyWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType).
AggregateIDs(wm.PasswordAgePolicyWriteModel.AggregateID). AggregateIDs(wm.PasswordAgePolicyWriteModel.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(
org.PasswordAgePolicyAddedEventType,
org.PasswordAgePolicyChangedEventType,
org.PasswordAgePolicyRemovedEventType)
} }
func (wm *OrgPasswordAgePolicyWriteModel) NewChangedEvent(ctx context.Context, expireWarnDays, maxAgeDays uint64) (*org.PasswordAgePolicyChangedEvent, bool) { func (wm *OrgPasswordAgePolicyWriteModel) NewChangedEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
expireWarnDays,
maxAgeDays uint64) (*org.PasswordAgePolicyChangedEvent, bool) {
changes := make([]policy.PasswordAgePolicyChanges, 0) changes := make([]policy.PasswordAgePolicyChanges, 0)
if wm.ExpireWarnDays != expireWarnDays { if wm.ExpireWarnDays != expireWarnDays {
changes = append(changes, policy.ChangeExpireWarnDays(expireWarnDays)) changes = append(changes, policy.ChangeExpireWarnDays(expireWarnDays))
@ -57,7 +65,7 @@ func (wm *OrgPasswordAgePolicyWriteModel) NewChangedEvent(ctx context.Context, e
if len(changes) == 0 { if len(changes) == 0 {
return nil, false return nil, false
} }
changedEvent, err := org.NewPasswordAgePolicyChangedEvent(ctx, changes) changedEvent, err := org.NewPasswordAgePolicyChangedEvent(ctx, aggregate, changes)
if err != nil { if err != nil {
return nil, false return nil, false
} }

34
internal/v2/command/org_policy_password_complexity.go
View File

@ -34,13 +34,23 @@ func (r *CommandSide) AddPasswordComplexityPolicy(ctx context.Context, resourceO
} }
orgAgg := OrgAggregateFromWriteModel(&addedPolicy.WriteModel) orgAgg := OrgAggregateFromWriteModel(&addedPolicy.WriteModel)
orgAgg.PushEvents(org.NewPasswordComplexityPolicyAddedEvent(ctx, policy.MinLength, policy.HasLowercase, policy.HasUppercase, policy.HasNumber, policy.HasSymbol)) pushedEvents, err := r.eventstore.PushEvents(
ctx,
err = r.eventstore.PushAggregate(ctx, addedPolicy, orgAgg) org.NewPasswordComplexityPolicyAddedEvent(
ctx,
orgAgg,
policy.MinLength,
policy.HasLowercase,
policy.HasUppercase,
policy.HasNumber,
policy.HasSymbol))
if err != nil {
return nil, err
}
err = AppendAndReduce(addedPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return writeModelToPasswordComplexityPolicy(&addedPolicy.PasswordComplexityPolicyWriteModel), nil return writeModelToPasswordComplexityPolicy(&addedPolicy.PasswordComplexityPolicyWriteModel), nil
} }
@ -58,18 +68,20 @@ func (r *CommandSide) ChangePasswordComplexityPolicy(ctx context.Context, resour
return nil, caos_errs.ThrowNotFound(nil, "ORG-Dgs3g", "Errors.Org.PasswordComplexityPolicy.NotFound") return nil, caos_errs.ThrowNotFound(nil, "ORG-Dgs3g", "Errors.Org.PasswordComplexityPolicy.NotFound")
} }
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, policy.MinLength, policy.HasLowercase, policy.HasUppercase, policy.HasNumber, policy.HasSymbol) orgAgg := OrgAggregateFromWriteModel(&existingPolicy.PasswordComplexityPolicyWriteModel.WriteModel)
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, orgAgg, policy.MinLength, policy.HasLowercase, policy.HasUppercase, policy.HasNumber, policy.HasSymbol)
if !hasChanged { if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-DAs21", "Errors.Org.PasswordComplexityPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-DAs21", "Errors.Org.PasswordComplexityPolicy.NotChanged")
} }
orgAgg := OrgAggregateFromWriteModel(&existingPolicy.PasswordComplexityPolicyWriteModel.WriteModel)
orgAgg.PushEvents(changedEvent)
err = r.eventstore.PushAggregate(ctx, existingPolicy, orgAgg) pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent)
if err != nil {
return nil, err
}
err = AppendAndReduce(existingPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return writeModelToPasswordComplexityPolicy(&existingPolicy.PasswordComplexityPolicyWriteModel), nil return writeModelToPasswordComplexityPolicy(&existingPolicy.PasswordComplexityPolicyWriteModel), nil
} }
@ -83,6 +95,6 @@ func (r *CommandSide) RemovePasswordComplexityPolicy(ctx context.Context, orgID
return caos_errs.ThrowNotFound(nil, "ORG-ADgs2", "Errors.Org.PasswordComplexityPolicy.NotFound") return caos_errs.ThrowNotFound(nil, "ORG-ADgs2", "Errors.Org.PasswordComplexityPolicy.NotFound")
} }
orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel) orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel)
orgAgg.PushEvents(org.NewPasswordComplexityPolicyRemovedEvent(ctx)) _, err = r.eventstore.PushEvents(ctx, org.NewPasswordComplexityPolicyRemovedEvent(ctx, orgAgg))
return r.eventstore.PushAggregate(ctx, existingPolicy, orgAgg) return err
} }

8
internal/v2/command/org_policy_password_complexity_model.go
View File

@ -43,11 +43,15 @@ func (wm *OrgPasswordComplexityPolicyWriteModel) Reduce() error {
func (wm *OrgPasswordComplexityPolicyWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *OrgPasswordComplexityPolicyWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType).
AggregateIDs(wm.PasswordComplexityPolicyWriteModel.AggregateID). AggregateIDs(wm.PasswordComplexityPolicyWriteModel.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(org.PasswordComplexityPolicyAddedEventType,
org.PasswordComplexityPolicyChangedEventType,
org.PasswordComplexityPolicyRemovedEventType)
} }
func (wm *OrgPasswordComplexityPolicyWriteModel) NewChangedEvent( func (wm *OrgPasswordComplexityPolicyWriteModel) NewChangedEvent(
ctx context.Context, ctx context.Context,
aggregate *eventstore.Aggregate,
minLength uint64, minLength uint64,
hasLowercase, hasLowercase,
hasUppercase, hasUppercase,
@ -74,7 +78,7 @@ func (wm *OrgPasswordComplexityPolicyWriteModel) NewChangedEvent(
if len(changes) == 0 { if len(changes) == 0 {
return nil, false return nil, false
} }
changedEvent, err := org.NewPasswordComplexityPolicyChangedEvent(ctx, changes) changedEvent, err := org.NewPasswordComplexityPolicyChangedEvent(ctx, aggregate, changes)
if err != nil { if err != nil {
return nil, false return nil, false
} }

28
internal/v2/command/org_policy_password_lockout.go
View File

@ -2,7 +2,6 @@ package command
import ( import (
"context" "context"
caos_errs "github.com/caos/zitadel/internal/errors" caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
"github.com/caos/zitadel/internal/v2/repository/org" "github.com/caos/zitadel/internal/v2/repository/org"
@ -19,13 +18,14 @@ func (r *CommandSide) AddPasswordLockoutPolicy(ctx context.Context, resourceOwne
} }
orgAgg := OrgAggregateFromWriteModel(&addedPolicy.WriteModel) orgAgg := OrgAggregateFromWriteModel(&addedPolicy.WriteModel)
orgAgg.PushEvents(org.NewPasswordLockoutPolicyAddedEvent(ctx, policy.MaxAttempts, policy.ShowLockOutFailures)) pushedEvents, err := r.eventstore.PushEvents(ctx, org.NewPasswordLockoutPolicyAddedEvent(ctx, orgAgg, policy.MaxAttempts, policy.ShowLockOutFailures))
if err != nil {
err = r.eventstore.PushAggregate(ctx, addedPolicy, orgAgg) return nil, err
}
err = AppendAndReduce(addedPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return writeModelToPasswordLockoutPolicy(&addedPolicy.PasswordLockoutPolicyWriteModel), nil return writeModelToPasswordLockoutPolicy(&addedPolicy.PasswordLockoutPolicyWriteModel), nil
} }
@ -39,19 +39,20 @@ func (r *CommandSide) ChangePasswordLockoutPolicy(ctx context.Context, resourceO
return nil, caos_errs.ThrowNotFound(nil, "ORG-ADfs1", "Errors.Org.PasswordLockoutPolicy.NotFound") return nil, caos_errs.ThrowNotFound(nil, "ORG-ADfs1", "Errors.Org.PasswordLockoutPolicy.NotFound")
} }
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, policy.MaxAttempts, policy.ShowLockOutFailures) orgAgg := OrgAggregateFromWriteModel(&existingPolicy.PasswordLockoutPolicyWriteModel.WriteModel)
changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, orgAgg, policy.MaxAttempts, policy.ShowLockOutFailures)
if !hasChanged { if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "ORG-4M9vs", "Errors.Org.PasswordLockoutPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "ORG-4M9vs", "Errors.Org.PasswordLockoutPolicy.NotChanged")
} }
orgAgg := OrgAggregateFromWriteModel(&existingPolicy.PasswordLockoutPolicyWriteModel.WriteModel) pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent)
orgAgg.PushEvents(changedEvent) if err != nil {
return nil, err
err = r.eventstore.PushAggregate(ctx, existingPolicy, orgAgg) }
err = AppendAndReduce(existingPolicy, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return writeModelToPasswordLockoutPolicy(&existingPolicy.PasswordLockoutPolicyWriteModel), nil return writeModelToPasswordLockoutPolicy(&existingPolicy.PasswordLockoutPolicyWriteModel), nil
} }
@ -65,6 +66,7 @@ func (r *CommandSide) RemovePasswordLockoutPolicy(ctx context.Context, orgID str
return caos_errs.ThrowNotFound(nil, "ORG-D4zuz", "Errors.Org.PasswordLockoutPolicy.NotFound") return caos_errs.ThrowNotFound(nil, "ORG-D4zuz", "Errors.Org.PasswordLockoutPolicy.NotFound")
} }
orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel) orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel)
orgAgg.PushEvents(org.NewPasswordLockoutPolicyRemovedEvent(ctx))
return r.eventstore.PushAggregate(ctx, existingPolicy, orgAgg) _, err = r.eventstore.PushEvents(ctx, org.NewPasswordLockoutPolicyRemovedEvent(ctx, orgAgg))
return err
} }

17
internal/v2/command/org_policy_password_lockout_model.go
View File

@ -30,8 +30,8 @@ func (wm *OrgPasswordLockoutPolicyWriteModel) AppendEvents(events ...eventstore.
wm.PasswordLockoutPolicyWriteModel.AppendEvents(&e.PasswordLockoutPolicyAddedEvent) wm.PasswordLockoutPolicyWriteModel.AppendEvents(&e.PasswordLockoutPolicyAddedEvent)
case *org.PasswordLockoutPolicyChangedEvent: case *org.PasswordLockoutPolicyChangedEvent:
wm.PasswordLockoutPolicyWriteModel.AppendEvents(&e.PasswordLockoutPolicyChangedEvent) wm.PasswordLockoutPolicyWriteModel.AppendEvents(&e.PasswordLockoutPolicyChangedEvent)
case *org.PasswordComplexityPolicyRemovedEvent: case *org.PasswordLockoutPolicyRemovedEvent:
wm.PasswordLockoutPolicyWriteModel.AppendEvents(&e.PasswordComplexityPolicyRemovedEvent) wm.PasswordLockoutPolicyWriteModel.AppendEvents(&e.PasswordLockoutPolicyRemovedEvent)
} }
} }
} }
@ -43,10 +43,17 @@ func (wm *OrgPasswordLockoutPolicyWriteModel) Reduce() error {
func (wm *OrgPasswordLockoutPolicyWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *OrgPasswordLockoutPolicyWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType).
AggregateIDs(wm.PasswordLockoutPolicyWriteModel.AggregateID). AggregateIDs(wm.PasswordLockoutPolicyWriteModel.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(org.PasswordLockoutPolicyAddedEventType,
org.PasswordLockoutPolicyChangedEventType,
org.PasswordLockoutPolicyRemovedEventType)
} }
func (wm *OrgPasswordLockoutPolicyWriteModel) NewChangedEvent(ctx context.Context, maxAttempts uint64, showLockoutFailure bool) (*org.PasswordLockoutPolicyChangedEvent, bool) { func (wm *OrgPasswordLockoutPolicyWriteModel) NewChangedEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
maxAttempts uint64,
showLockoutFailure bool) (*org.PasswordLockoutPolicyChangedEvent, bool) {
changes := make([]policy.PasswordLockoutPolicyChanges, 0) changes := make([]policy.PasswordLockoutPolicyChanges, 0)
if wm.MaxAttempts != maxAttempts { if wm.MaxAttempts != maxAttempts {
changes = append(changes, policy.ChangeMaxAttempts(maxAttempts)) changes = append(changes, policy.ChangeMaxAttempts(maxAttempts))
@ -57,7 +64,7 @@ func (wm *OrgPasswordLockoutPolicyWriteModel) NewChangedEvent(ctx context.Contex
if len(changes) == 0 { if len(changes) == 0 {
return nil, false return nil, false
} }
changedEvent, err := org.NewPasswordLockoutPolicyChangedEvent(ctx, changes) changedEvent, err := org.NewPasswordLockoutPolicyChangedEvent(ctx, aggregate, changes)
if err != nil { if err != nil {
return nil, false return nil, false
} }

60
internal/v2/command/project.go
View File

@ -3,27 +3,29 @@ package command
import ( import (
"context" "context"
"github.com/caos/logging" "github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore/v2"
caos_errs "github.com/caos/zitadel/internal/errors" caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
"github.com/caos/zitadel/internal/v2/repository/project" "github.com/caos/zitadel/internal/v2/repository/project"
) )
func (r *CommandSide) AddProject(ctx context.Context, project *domain.Project, resourceOwner, ownerUserID string) (_ *domain.Project, err error) { func (r *CommandSide) AddProject(ctx context.Context, project *domain.Project, resourceOwner, ownerUserID string) (_ *domain.Project, err error) {
projectAgg, addedProject, err := r.addProject(ctx, project, resourceOwner, ownerUserID) events, addedProject, err := r.addProject(ctx, project, resourceOwner, ownerUserID)
if err != nil { if err != nil {
return nil, err return nil, err
} }
err = r.eventstore.PushAggregate(ctx, addedProject, projectAgg) pushedEvents, err := r.eventstore.PushEvents(ctx, events...)
if err != nil {
return nil, err
}
err = AppendAndReduce(addedProject, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return projectWriteModelToProject(addedProject), nil return projectWriteModelToProject(addedProject), nil
} }
func (r *CommandSide) addProject(ctx context.Context, projectAdd *domain.Project, resourceOwner, ownerUserID string) (_ *project.Aggregate, _ *ProjectWriteModel, err error) { func (r *CommandSide) addProject(ctx context.Context, projectAdd *domain.Project, resourceOwner, ownerUserID string) (_ []eventstore.EventPusher, _ *ProjectWriteModel, err error) {
if !projectAdd.IsValid() { if !projectAdd.IsValid() {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-IOVCC", "Errors.Project.Invalid") return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-IOVCC", "Errors.Project.Invalid")
} }
@ -42,11 +44,11 @@ func (r *CommandSide) addProject(ctx context.Context, projectAdd *domain.Project
if iam.GlobalOrgID == resourceOwner { if iam.GlobalOrgID == resourceOwner {
projectRole = domain.RoleProjectOwnerGlobal projectRole = domain.RoleProjectOwnerGlobal
} }
projectAgg.PushEvents( events := []eventstore.EventPusher{
project.NewProjectAddedEvent(ctx, projectAdd.Name, resourceOwner), project.NewProjectAddedEvent(ctx, projectAgg, projectAdd.Name),
project.NewProjectMemberAddedEvent(ctx, ownerUserID, projectRole), project.NewProjectMemberAddedEvent(ctx, projectAgg, ownerUserID, projectRole),
) }
return projectAgg, addedProject, nil return events, addedProject, nil
} }
func (r *CommandSide) getProjectByID(ctx context.Context, projectID, resourceOwner string) (*domain.Project, error) { func (r *CommandSide) getProjectByID(ctx context.Context, projectID, resourceOwner string) (*domain.Project, error) {
@ -84,21 +86,22 @@ func (r *CommandSide) ChangeProject(ctx context.Context, projectChange *domain.P
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.Project.NotFound") return nil, caos_errs.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.Project.NotFound")
} }
changedEvent, hasChanged, err := existingProject.NewChangedEvent(ctx, existingProject.ResourceOwner, projectChange.Name, projectChange.ProjectRoleAssertion, projectChange.ProjectRoleCheck) projectAgg := ProjectAggregateFromWriteModel(&existingProject.WriteModel)
changedEvent, hasChanged, err := existingProject.NewChangedEvent(ctx, projectAgg, projectChange.Name, projectChange.ProjectRoleAssertion, projectChange.ProjectRoleCheck)
if err != nil { if err != nil {
return nil, err return nil, err
} }
if !hasChanged { if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M0fs", "Errors.NoChangesFound") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M0fs", "Errors.NoChangesFound")
} }
projectAgg := ProjectAggregateFromWriteModel(&existingProject.WriteModel) pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent)
projectAgg.PushEvents(changedEvent) if err != nil {
return nil, err
err = r.eventstore.PushAggregate(ctx, existingProject, projectAgg) }
err = AppendAndReduce(existingProject, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return projectWriteModelToProject(existingProject), nil return projectWriteModelToProject(existingProject), nil
} }
@ -119,9 +122,8 @@ func (r *CommandSide) DeactivateProject(ctx context.Context, projectID string, r
} }
projectAgg := ProjectAggregateFromWriteModel(&existingProject.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&existingProject.WriteModel)
projectAgg.PushEvents(project.NewProjectDeactivatedEvent(ctx)) _, err = r.eventstore.PushEvents(ctx, project.NewProjectDeactivatedEvent(ctx, projectAgg))
return err
return r.eventstore.PushAggregate(ctx, existingProject, projectAgg)
} }
func (r *CommandSide) ReactivateProject(ctx context.Context, projectID string, resourceOwner string) error { func (r *CommandSide) ReactivateProject(ctx context.Context, projectID string, resourceOwner string) error {
@ -141,9 +143,8 @@ func (r *CommandSide) ReactivateProject(ctx context.Context, projectID string, r
} }
projectAgg := ProjectAggregateFromWriteModel(&existingProject.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&existingProject.WriteModel)
projectAgg.PushEvents(project.NewProjectReactivatedEvent(ctx)) _, err = r.eventstore.PushEvents(ctx, project.NewProjectReactivatedEvent(ctx, projectAgg))
return err
return r.eventstore.PushAggregate(ctx, existingProject, projectAgg)
} }
func (r *CommandSide) RemoveProject(ctx context.Context, projectID, resourceOwner string, cascadingUserGrantIDs ...string) error { func (r *CommandSide) RemoveProject(ctx context.Context, projectID, resourceOwner string, cascadingUserGrantIDs ...string) error {
@ -158,22 +159,21 @@ func (r *CommandSide) RemoveProject(ctx context.Context, projectID, resourceOwne
if existingProject.State == domain.ProjectStateUnspecified || existingProject.State == domain.ProjectStateRemoved { if existingProject.State == domain.ProjectStateUnspecified || existingProject.State == domain.ProjectStateRemoved {
return caos_errs.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.Project.NotFound") return caos_errs.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.Project.NotFound")
} }
aggregates := make([]eventstore.Aggregater, 0)
projectAgg := ProjectAggregateFromWriteModel(&existingProject.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&existingProject.WriteModel)
projectAgg.PushEvents(project.NewProjectRemovedEvent(ctx, existingProject.Name, existingProject.ResourceOwner)) events := []eventstore.EventPusher{
aggregates = append(aggregates, projectAgg) project.NewProjectRemovedEvent(ctx, projectAgg, existingProject.Name),
}
for _, grantID := range cascadingUserGrantIDs { for _, grantID := range cascadingUserGrantIDs {
grantAgg, _, err := r.removeUserGrant(ctx, grantID, "", true) event, err := r.removeUserGrant(ctx, grantID, "", true)
if err != nil { if err != nil {
logging.LogWithFields("COMMAND-b8Djf", "usergrantid", grantID).WithError(err).Warn("could not cascade remove user grant") logging.LogWithFields("COMMAND-b8Djf", "usergrantid", grantID).WithError(err).Warn("could not cascade remove user grant")
continue continue
} }
aggregates = append(aggregates, grantAgg) events = append(events, event)
} }
_, err = r.eventstore.PushAggregates(ctx, aggregates...) _, err = r.eventstore.PushEvents(ctx, events...)
return err return err
} }

27
internal/v2/command/project_application.go
View File

@ -2,7 +2,6 @@ package command
import ( import (
"context" "context"
caos_errs "github.com/caos/zitadel/internal/errors" caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
"github.com/caos/zitadel/internal/v2/repository/project" "github.com/caos/zitadel/internal/v2/repository/project"
@ -24,15 +23,16 @@ func (r *CommandSide) ChangeApplication(ctx context.Context, projectID string, a
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2m8vx", "Errors.NoChangesFound") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2m8vx", "Errors.NoChangesFound")
} }
projectAgg := ProjectAggregateFromWriteModel(&existingApp.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&existingApp.WriteModel)
projectAgg.PushEvents( pushedEvents, err := r.eventstore.PushEvents(
project.NewApplicationChangedEvent(ctx, appChange.GetAppID(), existingApp.Name, appChange.GetApplicationName(), projectID), ctx,
) project.NewApplicationChangedEvent(ctx, projectAgg, appChange.GetAppID(), existingApp.Name, appChange.GetApplicationName(), projectID))
if err != nil {
err = r.eventstore.PushAggregate(ctx, existingApp, projectAgg) return nil, err
}
err = AppendAndReduce(existingApp, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return applicationWriteModelToApplication(existingApp), nil return applicationWriteModelToApplication(existingApp), nil
} }
@ -52,9 +52,8 @@ func (r *CommandSide) DeactivateApplication(ctx context.Context, projectID, appI
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-dsh35", "Errors.Project.App.NotActive") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-dsh35", "Errors.Project.App.NotActive")
} }
projectAgg := ProjectAggregateFromWriteModel(&existingApp.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&existingApp.WriteModel)
projectAgg.PushEvents(project.NewApplicationDeactivatedEvent(ctx, appID)) _, err = r.eventstore.PushEvents(ctx, project.NewApplicationDeactivatedEvent(ctx, projectAgg, appID))
return err
return r.eventstore.PushAggregate(ctx, existingApp, projectAgg)
} }
func (r *CommandSide) ReactivateApplication(ctx context.Context, projectID, appID, resourceOwner string) error { func (r *CommandSide) ReactivateApplication(ctx context.Context, projectID, appID, resourceOwner string) error {
@ -73,9 +72,9 @@ func (r *CommandSide) ReactivateApplication(ctx context.Context, projectID, appI
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-1n8cM", "Errors.Project.App.NotInactive") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-1n8cM", "Errors.Project.App.NotInactive")
} }
projectAgg := ProjectAggregateFromWriteModel(&existingApp.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&existingApp.WriteModel)
projectAgg.PushEvents(project.NewApplicationReactivatedEvent(ctx, appID))
return r.eventstore.PushAggregate(ctx, existingApp, projectAgg) _, err = r.eventstore.PushEvents(ctx, project.NewApplicationReactivatedEvent(ctx, projectAgg, appID))
return err
} }
func (r *CommandSide) RemoveApplication(ctx context.Context, projectID, appID, resourceOwner string) error { func (r *CommandSide) RemoveApplication(ctx context.Context, projectID, appID, resourceOwner string) error {
@ -91,9 +90,9 @@ func (r *CommandSide) RemoveApplication(ctx context.Context, projectID, appID, r
return caos_errs.ThrowNotFound(nil, "COMMAND-0po9s", "Errors.Project.App.NotExisting") return caos_errs.ThrowNotFound(nil, "COMMAND-0po9s", "Errors.Project.App.NotExisting")
} }
projectAgg := ProjectAggregateFromWriteModel(&existingApp.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&existingApp.WriteModel)
projectAgg.PushEvents(project.NewApplicationRemovedEvent(ctx, appID, existingApp.Name, projectID))
return r.eventstore.PushAggregate(ctx, existingApp, projectAgg) _, err = r.eventstore.PushEvents(ctx, project.NewApplicationRemovedEvent(ctx, projectAgg, appID, existingApp.Name, projectID))
return err
} }
func (r *CommandSide) getApplicationWriteModel(ctx context.Context, projectID, appID, resourceOwner string) (*ApplicationWriteModel, error) { func (r *CommandSide) getApplicationWriteModel(ctx context.Context, projectID, appID, resourceOwner string) (*ApplicationWriteModel, error) {

18
internal/v2/command/project_application_model.go
View File

@ -96,13 +96,13 @@ func (wm *ApplicationWriteModel) Reduce() error {
func (wm *ApplicationWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *ApplicationWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, project.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, project.AggregateType).
AggregateIDs(wm.AggregateID). AggregateIDs(wm.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
//EventTypes( EventTypes(
// project.ApplicationAddedType, project.ApplicationAddedType,
// project.ApplicationChangedType, project.ApplicationChangedType,
// project.ApplicationDeactivatedType, project.ApplicationDeactivatedType,
// project.ApplicationReactivatedType, project.ApplicationReactivatedType,
// project.ApplicationRemovedType, project.ApplicationRemovedType,
// project.ProjectRemovedType, project.ProjectRemovedType,
//) )
} }

47
internal/v2/command/project_application_oidc.go
View File

@ -3,6 +3,7 @@ package command
import ( import (
"context" "context"
caos_errs "github.com/caos/zitadel/internal/errors" caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
"github.com/caos/zitadel/internal/v2/repository/project" "github.com/caos/zitadel/internal/v2/repository/project"
) )
@ -14,43 +15,49 @@ func (r *CommandSide) AddOIDCApplication(ctx context.Context, application *domai
} }
addedApplication := NewOIDCApplicationWriteModel(application.AggregateID, resourceOwner) addedApplication := NewOIDCApplicationWriteModel(application.AggregateID, resourceOwner)
projectAgg := ProjectAggregateFromWriteModel(&addedApplication.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&addedApplication.WriteModel)
stringPw, err := r.addOIDCApplication(ctx, projectAgg, project, application, resourceOwner) events, stringPw, err := r.addOIDCApplication(ctx, projectAgg, project, application, resourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
addedApplication.AppID = application.AppID addedApplication.AppID = application.AppID
err = r.eventstore.PushAggregate(ctx, addedApplication, projectAgg) pushedEvents, err := r.eventstore.PushEvents(ctx, events...)
if err != nil {
return nil, err
}
err = AppendAndReduce(addedApplication, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
result := oidcWriteModelToOIDCConfig(addedApplication) result := oidcWriteModelToOIDCConfig(addedApplication)
result.ClientSecretString = stringPw result.ClientSecretString = stringPw
result.FillCompliance() result.FillCompliance()
return result, nil return result, nil
} }
func (r *CommandSide) addOIDCApplication(ctx context.Context, projectAgg *project.Aggregate, proj *domain.Project, oidcApp *domain.OIDCApp, resourceOwner string) (stringPW string, err error) { func (r *CommandSide) addOIDCApplication(ctx context.Context, projectAgg *eventstore.Aggregate, proj *domain.Project, oidcApp *domain.OIDCApp, resourceOwner string) (events []eventstore.EventPusher, stringPW string, err error) {
if !oidcApp.IsValid() { if !oidcApp.IsValid() {
return "", caos_errs.ThrowPreconditionFailed(nil, "PROJECT-Bff2g", "Errors.Application.Invalid") return nil, "", caos_errs.ThrowPreconditionFailed(nil, "PROJECT-Bff2g", "Errors.Application.Invalid")
} }
oidcApp.AppID, err = r.idGenerator.Next() oidcApp.AppID, err = r.idGenerator.Next()
if err != nil { if err != nil {
return "", err return nil, "", err
} }
projectAgg.PushEvents(project.NewApplicationAddedEvent(ctx, oidcApp.AppID, oidcApp.AppName, resourceOwner)) events = []eventstore.EventPusher{
project.NewApplicationAddedEvent(ctx, projectAgg, oidcApp.AppID, oidcApp.AppName, resourceOwner),
}
var stringPw string var stringPw string
err = oidcApp.GenerateNewClientID(r.idGenerator, proj) err = oidcApp.GenerateNewClientID(r.idGenerator, proj)
if err != nil { if err != nil {
return "", err return nil, "", err
} }
stringPw, err = oidcApp.GenerateClientSecretIfNeeded(r.applicationSecretGenerator) stringPw, err = oidcApp.GenerateClientSecretIfNeeded(r.applicationSecretGenerator)
if err != nil { if err != nil {
return "", err return nil, "", err
} }
projectAgg.PushEvents(project.NewOIDCConfigAddedEvent(ctx, events = append(events, project.NewOIDCConfigAddedEvent(ctx,
projectAgg,
oidcApp.OIDCVersion, oidcApp.OIDCVersion,
oidcApp.AppID, oidcApp.AppID,
oidcApp.ClientID, oidcApp.ClientID,
@ -68,7 +75,7 @@ func (r *CommandSide) addOIDCApplication(ctx context.Context, projectAgg *projec
oidcApp.IDTokenUserinfoAssertion, oidcApp.IDTokenUserinfoAssertion,
oidcApp.ClockSkew)) oidcApp.ClockSkew))
return stringPw, nil return events, stringPw, nil
} }
func (r *CommandSide) ChangeOIDCApplication(ctx context.Context, oidc *domain.OIDCApp, resourceOwner string) (*domain.OIDCApp, error) { func (r *CommandSide) ChangeOIDCApplication(ctx context.Context, oidc *domain.OIDCApp, resourceOwner string) (*domain.OIDCApp, error) {
@ -83,8 +90,10 @@ func (r *CommandSide) ChangeOIDCApplication(ctx context.Context, oidc *domain.OI
if existingOIDC.State == domain.AppStateUnspecified || existingOIDC.State == domain.AppStateRemoved { if existingOIDC.State == domain.AppStateUnspecified || existingOIDC.State == domain.AppStateRemoved {
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-2n8uU", "Errors.Project.App.NotExisting") return nil, caos_errs.ThrowNotFound(nil, "COMMAND-2n8uU", "Errors.Project.App.NotExisting")
} }
projectAgg := ProjectAggregateFromWriteModel(&existingOIDC.WriteModel)
changedEvent, hasChanged, err := existingOIDC.NewChangedEvent( changedEvent, hasChanged, err := existingOIDC.NewChangedEvent(
ctx, ctx,
projectAgg,
oidc.AppID, oidc.AppID,
oidc.ClientID, oidc.ClientID,
oidc.RedirectUris, oidc.RedirectUris,
@ -106,13 +115,16 @@ func (r *CommandSide) ChangeOIDCApplication(ctx context.Context, oidc *domain.OI
if !hasChanged { if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-1m88i", "Errors.NoChangesFound") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-1m88i", "Errors.NoChangesFound")
} }
projectAgg := ProjectAggregateFromWriteModel(&existingOIDC.WriteModel)
projectAgg.PushEvents(changedEvent)
err = r.eventstore.PushAggregate(ctx, existingOIDC, projectAgg) pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent)
if err != nil { if err != nil {
return nil, err return nil, err
} }
err = AppendAndReduce(existingOIDC, pushedEvents...)
if err != nil {
return nil, err
}
result := oidcWriteModelToOIDCConfig(existingOIDC) result := oidcWriteModelToOIDCConfig(existingOIDC)
result.FillCompliance() result.FillCompliance()
return result, nil return result, nil
@ -136,9 +148,12 @@ func (r *CommandSide) ChangeOIDCApplicationSecret(ctx context.Context, projectID
} }
projectAgg := ProjectAggregateFromWriteModel(&existingOIDC.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&existingOIDC.WriteModel)
projectAgg.PushEvents(project.NewOIDCConfigSecretChangedEvent(ctx, appID, cryptoSecret))
err = r.eventstore.PushAggregate(ctx, existingOIDC, projectAgg) pushedEvents, err := r.eventstore.PushEvents(ctx, project.NewOIDCConfigSecretChangedEvent(ctx, projectAgg, appID, cryptoSecret))
if err != nil {
return nil, err
}
err = AppendAndReduce(existingOIDC, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }

27
internal/v2/command/project_application_oidc_model.go
View File

@ -201,22 +201,23 @@ func (wm *OIDCApplicationWriteModel) appendChangeOIDCEvent(e *project.OIDCConfig
func (wm *OIDCApplicationWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *OIDCApplicationWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, project.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, project.AggregateType).
AggregateIDs(wm.AggregateID). AggregateIDs(wm.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
//EventTypes( EventTypes(
// project.ApplicationAddedType, project.ApplicationAddedType,
// project.ApplicationChangedType, project.ApplicationChangedType,
// project.ApplicationDeactivatedType, project.ApplicationDeactivatedType,
// project.ApplicationReactivatedType, project.ApplicationReactivatedType,
// project.ApplicationRemovedType, project.ApplicationRemovedType,
// project.OIDCConfigAddedType, project.OIDCConfigAddedType,
// project.OIDCConfigChangedType, project.OIDCConfigChangedType,
// project.OIDCConfigSecretChangedType, project.OIDCConfigSecretChangedType,
// project.ProjectRemovedType, project.ProjectRemovedType,
//) )
} }
func (wm *OIDCApplicationWriteModel) NewChangedEvent( func (wm *OIDCApplicationWriteModel) NewChangedEvent(
ctx context.Context, ctx context.Context,
aggregate *eventstore.Aggregate,
appID, appID,
clientID string, clientID string,
redirectURIS, redirectURIS,
@ -281,7 +282,7 @@ func (wm *OIDCApplicationWriteModel) NewChangedEvent(
if len(changes) == 0 { if len(changes) == 0 {
return nil, false, nil return nil, false, nil
} }
changeEvent, err := project.NewOIDCConfigChangedEvent(ctx, appID, changes) changeEvent, err := project.NewOIDCConfigChangedEvent(ctx, aggregate, appID, changes)
if err != nil { if err != nil {
return nil, false, err return nil, false, err
} }

69
internal/v2/command/project_grant.go
View File

@ -29,17 +29,16 @@ func (r *CommandSide) AddProjectGrant(ctx context.Context, grant *domain.Project
} }
addedGrant := NewProjectGrantWriteModel(grant.GrantID, grant.AggregateID, resourceOwner) addedGrant := NewProjectGrantWriteModel(grant.GrantID, grant.AggregateID, resourceOwner)
projectAgg := ProjectAggregateFromWriteModel(&addedGrant.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&addedGrant.WriteModel)
pushedEvents, err := r.eventstore.PushEvents(
projectAgg.PushEvents(project.NewGrantAddedEvent(ctx, grant.GrantID, grant.GrantedOrgID, grant.AggregateID, grant.RoleKeys)) ctx,
project.NewGrantAddedEvent(ctx, projectAgg, grant.GrantID, grant.GrantedOrgID, grant.AggregateID, grant.RoleKeys))
if err != nil { if err != nil {
return nil, err return nil, err
} }
err = r.eventstore.PushAggregate(ctx, addedGrant, projectAgg) err = AppendAndReduce(addedGrant, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return projectGrantWriteModelToProjectGrant(addedGrant), nil return projectGrantWriteModelToProjectGrant(addedGrant), nil
} }
@ -61,45 +60,48 @@ func (r *CommandSide) ChangeProjectGrant(ctx context.Context, grant *domain.Proj
return nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-0o0pL", "Errors.NoChangesFoundc") return nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-0o0pL", "Errors.NoChangesFoundc")
} }
projectAgg.PushEvents(project.NewGrantChangedEvent(ctx, grant.GrantID, grant.RoleKeys)) events := []eventstore.EventPusher{
project.NewGrantChangedEvent(ctx, projectAgg, grant.GrantID, grant.RoleKeys),
}
removedRoles := domain.GetRemovedRoles(existingGrant.RoleKeys, grant.RoleKeys) removedRoles := domain.GetRemovedRoles(existingGrant.RoleKeys, grant.RoleKeys)
if len(removedRoles) == 0 { if len(removedRoles) == 0 {
err = r.eventstore.PushAggregate(ctx, existingGrant, projectAgg) pushedEvents, err := r.eventstore.PushEvents(ctx, events...)
if err != nil {
return nil, err
}
err = AppendAndReduce(existingGrant, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return projectGrantWriteModelToProjectGrant(existingGrant), nil return projectGrantWriteModelToProjectGrant(existingGrant), nil
} }
aggregates := make([]eventstore.Aggregater, 0)
aggregates = append(aggregates, projectAgg)
for _, userGrantID := range cascadeUserGrantIDs { for _, userGrantID := range cascadeUserGrantIDs {
grantAgg, _, err := r.removeRoleFromUserGrant(ctx, userGrantID, removedRoles, true) event, err := r.removeRoleFromUserGrant(ctx, userGrantID, removedRoles, true)
if err != nil { if err != nil {
continue continue
} }
aggregates = append(aggregates, grantAgg) events = append(events, event)
} }
resultEvents, err := r.eventstore.PushAggregates(ctx, aggregates...) pushedEvents, err := r.eventstore.PushEvents(ctx, events...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
existingGrant.AppendEvents(resultEvents...) err = AppendAndReduce(existingGrant, pushedEvents...)
err = existingGrant.Reduce()
if err != nil { if err != nil {
return nil, err return nil, err
} }
return projectGrantWriteModelToProjectGrant(existingGrant), nil return projectGrantWriteModelToProjectGrant(existingGrant), nil
} }
func (r *CommandSide) removeRoleFromProjectGrant(ctx context.Context, projectAgg *project.Aggregate, projectID, projectGrantID, roleKey string, cascade bool) (_ *ProjectGrantWriteModel, err error) { func (r *CommandSide) removeRoleFromProjectGrant(ctx context.Context, projectAgg *eventstore.Aggregate, projectID, projectGrantID, roleKey string, cascade bool) (_ eventstore.EventPusher, _ *ProjectGrantWriteModel, err error) {
existingProjectGrant, err := r.projectGrantWriteModelByID(ctx, projectID, projectGrantID, "") existingProjectGrant, err := r.projectGrantWriteModelByID(ctx, projectID, projectGrantID, "")
if err != nil { if err != nil {
return nil, err return nil, nil, err
} }
if existingProjectGrant.State == domain.ProjectGrantStateUnspecified || existingProjectGrant.State == domain.ProjectGrantStateRemoved { if existingProjectGrant.State == domain.ProjectGrantStateUnspecified || existingProjectGrant.State == domain.ProjectGrantStateRemoved {
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.Project.Grant.NotFound") return nil, nil, caos_errs.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.Project.Grant.NotFound")
} }
keyExists := false keyExists := false
for i, key := range existingProjectGrant.RoleKeys { for i, key := range existingProjectGrant.RoleKeys {
@ -112,21 +114,15 @@ func (r *CommandSide) removeRoleFromProjectGrant(ctx context.Context, projectAgg
} }
} }
if !keyExists { if !keyExists {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-5m8g9", "Errors.Project.Grant.RoleKeyNotFound") return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-5m8g9", "Errors.Project.Grant.RoleKeyNotFound")
} }
changedProjectGrant := NewProjectGrantWriteModel(projectGrantID, projectID, existingProjectGrant.ResourceOwner) changedProjectGrant := NewProjectGrantWriteModel(projectGrantID, projectID, existingProjectGrant.ResourceOwner)
if !cascade { if cascade {
projectAgg.PushEvents( return project.NewGrantCascadeChangedEvent(ctx, projectAgg, projectGrantID, existingProjectGrant.RoleKeys), changedProjectGrant, nil
project.NewGrantChangedEvent(ctx, projectGrantID, existingProjectGrant.RoleKeys),
)
} else {
projectAgg.PushEvents(
project.NewGrantCascadeChangedEvent(ctx, projectGrantID, existingProjectGrant.RoleKeys),
)
} }
return changedProjectGrant, nil return project.NewGrantChangedEvent(ctx, projectAgg, projectGrantID, existingProjectGrant.RoleKeys), changedProjectGrant, nil
} }
func (r *CommandSide) DeactivateProjectGrant(ctx context.Context, projectID, grantID, resourceOwner string) (err error) { func (r *CommandSide) DeactivateProjectGrant(ctx context.Context, projectID, grantID, resourceOwner string) (err error) {
@ -146,8 +142,8 @@ func (r *CommandSide) DeactivateProjectGrant(ctx context.Context, projectID, gra
} }
projectAgg := ProjectAggregateFromWriteModel(&existingGrant.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&existingGrant.WriteModel)
projectAgg.PushEvents(project.NewGrantDeactivateEvent(ctx, grantID)) _, err = r.eventstore.PushEvents(ctx, project.NewGrantDeactivateEvent(ctx, projectAgg, grantID))
return r.eventstore.PushAggregate(ctx, existingGrant, projectAgg) return err
} }
func (r *CommandSide) ReactivateProjectGrant(ctx context.Context, projectID, grantID, resourceOwner string) (err error) { func (r *CommandSide) ReactivateProjectGrant(ctx context.Context, projectID, grantID, resourceOwner string) (err error) {
@ -166,8 +162,8 @@ func (r *CommandSide) ReactivateProjectGrant(ctx context.Context, projectID, gra
return caos_errs.ThrowPreconditionFailed(nil, "PROJECT-47fu8", "Errors.Project.Grant.NotInactive") return caos_errs.ThrowPreconditionFailed(nil, "PROJECT-47fu8", "Errors.Project.Grant.NotInactive")
} }
projectAgg := ProjectAggregateFromWriteModel(&existingGrant.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&existingGrant.WriteModel)
projectAgg.PushEvents(project.NewGrantReactivatedEvent(ctx, grantID)) _, err = r.eventstore.PushEvents(ctx, project.NewGrantReactivatedEvent(ctx, projectAgg, grantID))
return r.eventstore.PushAggregate(ctx, existingGrant, projectAgg) return err
} }
func (r *CommandSide) RemoveProjectGrant(ctx context.Context, projectID, grantID, resourceOwner string, cascadeUserGrantIDs ...string) (err error) { func (r *CommandSide) RemoveProjectGrant(ctx context.Context, projectID, grantID, resourceOwner string, cascadeUserGrantIDs ...string) (err error) {
@ -182,20 +178,19 @@ func (r *CommandSide) RemoveProjectGrant(ctx context.Context, projectID, grantID
if err != nil { if err != nil {
return err return err
} }
aggregates := make([]eventstore.Aggregater, 0) events := make([]eventstore.EventPusher, 0)
projectAgg := ProjectAggregateFromWriteModel(&existingGrant.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&existingGrant.WriteModel)
projectAgg.PushEvents(project.NewGrantRemovedEvent(ctx, grantID, existingGrant.GrantedOrgID, projectID)) events = append(events, project.NewGrantRemovedEvent(ctx, projectAgg, grantID, existingGrant.GrantedOrgID, projectID))
aggregates = append(aggregates, projectAgg)
for _, userGrantID := range cascadeUserGrantIDs { for _, userGrantID := range cascadeUserGrantIDs {
grantAgg, _, err := r.removeUserGrant(ctx, userGrantID, "", true) event, err := r.removeUserGrant(ctx, userGrantID, "", true)
if err != nil { if err != nil {
logging.LogWithFields("COMMAND-3m8sG", "usergrantid", grantID).WithError(err).Warn("could not cascade remove user grant") logging.LogWithFields("COMMAND-3m8sG", "usergrantid", grantID).WithError(err).Warn("could not cascade remove user grant")
continue continue
} }
aggregates = append(aggregates, grantAgg) events = append(events, event)
} }
_, err = r.eventstore.PushAggregates(ctx, aggregates...) _, err = r.eventstore.PushEvents(ctx, events...)
return err return err
} }

26
internal/v2/command/project_grant_member.go
View File

@ -28,9 +28,13 @@ func (r *CommandSide) AddProjectGrantMember(ctx context.Context, member *domain.
return nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-16dVN", "Errors.Project.Member.AlreadyExists") return nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-16dVN", "Errors.Project.Member.AlreadyExists")
} }
projectAgg := ProjectAggregateFromWriteModel(&addedMember.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&addedMember.WriteModel)
projectAgg.PushEvents(project.NewProjectGrantMemberAddedEvent(ctx, member.AggregateID, member.UserID, member.GrantID, member.Roles...)) pushedEvents, err := r.eventstore.PushEvents(
ctx,
err = r.eventstore.PushAggregate(ctx, addedMember, projectAgg) project.NewProjectGrantMemberAddedEvent(ctx, projectAgg, member.AggregateID, member.UserID, member.GrantID, member.Roles...))
if err != nil {
return nil, err
}
err = AppendAndReduce(addedMember, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -55,15 +59,14 @@ func (r *CommandSide) ChangeProjectGrantMember(ctx context.Context, member *doma
return nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-2n8vx", "Errors.Project.Member.RolesNotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-2n8vx", "Errors.Project.Member.RolesNotChanged")
} }
projectAgg := ProjectAggregateFromWriteModel(&existingMember.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&existingMember.WriteModel)
projectAgg.PushEvents(project.NewProjectGrantMemberChangedEvent(ctx, member.UserID, member.GrantID, member.Roles...)) pushedEvents, err := r.eventstore.PushEvents(
ctx,
events, err := r.eventstore.PushAggregates(ctx, projectAgg) project.NewProjectGrantMemberChangedEvent(ctx, projectAgg, member.UserID, member.GrantID, member.Roles...))
if err != nil { if err != nil {
return nil, err return nil, err
} }
err = AppendAndReduce(existingMember, pushedEvents...)
existingMember.AppendEvents(events...) if err != nil {
if err = existingMember.Reduce(); err != nil {
return nil, err return nil, err
} }
@ -77,9 +80,8 @@ func (r *CommandSide) RemoveProjectGrantMember(ctx context.Context, projectID, u
} }
projectAgg := ProjectAggregateFromWriteModel(&m.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&m.WriteModel)
projectAgg.PushEvents(project.NewProjectGrantMemberRemovedEvent(ctx, projectID, userID, grantID)) _, err = r.eventstore.PushEvents(ctx, project.NewProjectGrantMemberRemovedEvent(ctx, projectAgg, projectID, userID, grantID))
return err
return r.eventstore.PushAggregate(ctx, m, projectAgg)
} }
func (r *CommandSide) projectGrantMemberWriteModelByID(ctx context.Context, projectID, userID, grantID string) (member *ProjectGrantMemberWriteModel, err error) { func (r *CommandSide) projectGrantMemberWriteModelByID(ctx context.Context, projectID, userID, grantID string) (member *ProjectGrantMemberWriteModel, err error) {

16
internal/v2/command/project_grant_member_model.go
View File

@ -49,6 +49,8 @@ func (wm *ProjectGrantMemberWriteModel) AppendEvents(events ...eventstore.EventR
continue continue
} }
wm.WriteModel.AppendEvents(e) wm.WriteModel.AppendEvents(e)
case *project.ProjectRemovedEvent:
wm.WriteModel.AppendEvents(e)
} }
} }
} }
@ -72,11 +74,11 @@ func (wm *ProjectGrantMemberWriteModel) Reduce() error {
func (wm *ProjectGrantMemberWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *ProjectGrantMemberWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, project.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, project.AggregateType).
AggregateIDs(wm.AggregateID) AggregateIDs(wm.AggregateID).
//EventTypes( EventTypes(
// project.GrantMemberAddedType, project.GrantMemberAddedType,
// project.GrantMemberChangedType, project.GrantMemberChangedType,
// project.GrantMemberRemovedType, project.GrantMemberRemovedType,
// project.GrantRemovedType, project.GrantRemovedType,
// project.ProjectRemovedType) project.ProjectRemovedType)
} }

36
internal/v2/command/project_member.go
View File

@ -2,6 +2,7 @@ package command
import ( import (
"context" "context"
"github.com/caos/zitadel/internal/eventstore/v2"
"reflect" "reflect"
"github.com/caos/zitadel/internal/errors" "github.com/caos/zitadel/internal/errors"
@ -14,12 +15,16 @@ import (
func (r *CommandSide) AddProjectMember(ctx context.Context, member *domain.Member, resourceOwner string) (*domain.Member, error) { func (r *CommandSide) AddProjectMember(ctx context.Context, member *domain.Member, resourceOwner string) (*domain.Member, error) {
addedMember := NewProjectMemberWriteModel(member.AggregateID, member.UserID, resourceOwner) addedMember := NewProjectMemberWriteModel(member.AggregateID, member.UserID, resourceOwner)
projectAgg := ProjectAggregateFromWriteModel(&addedMember.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&addedMember.WriteModel)
err := r.addProjectMember(ctx, projectAgg, addedMember, member) event, err := r.addProjectMember(ctx, projectAgg, addedMember, member)
if err != nil { if err != nil {
return nil, err return nil, err
} }
err = r.eventstore.PushAggregate(ctx, addedMember, projectAgg) pushedEvents, err := r.eventstore.PushEvents(ctx, event)
if err != nil {
return nil, err
}
err = AppendAndReduce(addedMember, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -27,28 +32,26 @@ func (r *CommandSide) AddProjectMember(ctx context.Context, member *domain.Membe
return memberWriteModelToMember(&addedMember.MemberWriteModel), nil return memberWriteModelToMember(&addedMember.MemberWriteModel), nil
} }
func (r *CommandSide) addProjectMember(ctx context.Context, projectAgg *project.Aggregate, addedMember *ProjectMemberWriteModel, member *domain.Member) error { func (r *CommandSide) addProjectMember(ctx context.Context, projectAgg *eventstore.Aggregate, addedMember *ProjectMemberWriteModel, member *domain.Member) (eventstore.EventPusher, error) {
//TODO: check if roles valid //TODO: check if roles valid
if !member.IsValid() { if !member.IsValid() {
return caos_errs.ThrowPreconditionFailed(nil, "PROJECT-W8m4l", "Errors.Project.Member.Invalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-W8m4l", "Errors.Project.Member.Invalid")
} }
err := r.checkUserExists(ctx, addedMember.UserID, "") err := r.checkUserExists(ctx, addedMember.UserID, "")
if err != nil { if err != nil {
return err return nil, err
} }
err = r.eventstore.FilterToQueryReducer(ctx, addedMember) err = r.eventstore.FilterToQueryReducer(ctx, addedMember)
if err != nil { if err != nil {
return err return nil, err
} }
if addedMember.State == domain.MemberStateActive { if addedMember.State == domain.MemberStateActive {
return errors.ThrowAlreadyExists(nil, "PROJECT-PtXi1", "Errors.Project.Member.AlreadyExists") return nil, errors.ThrowAlreadyExists(nil, "PROJECT-PtXi1", "Errors.Project.Member.AlreadyExists")
} }
projectAgg.PushEvents(project.NewProjectMemberAddedEvent(ctx, projectAgg.ID(), member.UserID, member.Roles...)) return project.NewProjectMemberAddedEvent(ctx, projectAgg, member.UserID, member.Roles...), nil
return nil
} }
//ChangeProjectMember updates an existing member //ChangeProjectMember updates an existing member
@ -68,15 +71,13 @@ func (r *CommandSide) ChangeProjectMember(ctx context.Context, member *domain.Me
return nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-LiaZi", "Errors.Project.Member.RolesNotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-LiaZi", "Errors.Project.Member.RolesNotChanged")
} }
projectAgg := ProjectAggregateFromWriteModel(&existingMember.MemberWriteModel.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&existingMember.MemberWriteModel.WriteModel)
projectAgg.PushEvents(project.NewProjectMemberChangedEvent(ctx, member.UserID, member.Roles...)) pushedEvents, err := r.eventstore.PushEvents(ctx, project.NewProjectMemberChangedEvent(ctx, projectAgg, member.UserID, member.Roles...))
events, err := r.eventstore.PushAggregates(ctx, projectAgg)
if err != nil { if err != nil {
return nil, err return nil, err
} }
existingMember.AppendEvents(events...) err = AppendAndReduce(existingMember, pushedEvents...)
if err = existingMember.Reduce(); err != nil { if err != nil {
return nil, err return nil, err
} }
@ -93,9 +94,8 @@ func (r *CommandSide) RemoveProjectMember(ctx context.Context, projectID, userID
} }
projectAgg := ProjectAggregateFromWriteModel(&m.MemberWriteModel.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&m.MemberWriteModel.WriteModel)
projectAgg.PushEvents(project.NewProjectMemberRemovedEvent(ctx, projectAgg.ID(), userID)) _, err = r.eventstore.PushEvents(ctx, project.NewProjectMemberRemovedEvent(ctx, projectAgg, userID))
return err
return r.eventstore.PushAggregate(ctx, m, projectAgg)
} }
func (r *CommandSide) projectMemberWriteModelByID(ctx context.Context, projectID, userID, resourceOwner string) (member *ProjectMemberWriteModel, err error) { func (r *CommandSide) projectMemberWriteModelByID(ctx context.Context, projectID, userID, resourceOwner string) (member *ProjectMemberWriteModel, err error) {

5
internal/v2/command/project_member_model.go
View File

@ -50,5 +50,8 @@ func (wm *ProjectMemberWriteModel) Reduce() error {
func (wm *ProjectMemberWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *ProjectMemberWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, project.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, project.AggregateType).
AggregateIDs(wm.MemberWriteModel.AggregateID). AggregateIDs(wm.MemberWriteModel.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(project.MemberAddedType,
project.MemberChangedType,
project.MemberRemovedType)
} }

21
internal/v2/command/project_model.go
View File

@ -25,10 +25,6 @@ func NewProjectWriteModel(projectID string, resourceOwner string) *ProjectWriteM
} }
} }
func (wm *ProjectWriteModel) AppendEvents(events ...eventstore.EventReader) {
wm.WriteModel.AppendEvents(events...)
}
func (wm *ProjectWriteModel) Reduce() error { func (wm *ProjectWriteModel) Reduce() error {
for _, event := range wm.Events { for _, event := range wm.Events {
switch e := event.(type) { switch e := event.(type) {
@ -67,12 +63,17 @@ func (wm *ProjectWriteModel) Reduce() error {
func (wm *ProjectWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *ProjectWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, project.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, project.AggregateType).
AggregateIDs(wm.AggregateID). AggregateIDs(wm.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(project.ProjectAddedType,
project.ProjectChangedType,
project.ProjectDeactivatedType,
project.ProjectReactivatedType,
project.ProjectRemovedType)
} }
func (wm *ProjectWriteModel) NewChangedEvent( func (wm *ProjectWriteModel) NewChangedEvent(
ctx context.Context, ctx context.Context,
resourceOwner, aggregate *eventstore.Aggregate,
name string, name string,
projectRoleAssertion, projectRoleAssertion,
projectRoleCheck bool, projectRoleCheck bool,
@ -94,15 +95,13 @@ func (wm *ProjectWriteModel) NewChangedEvent(
if len(changes) == 0 { if len(changes) == 0 {
return nil, false, nil return nil, false, nil
} }
changeEvent, err := project.NewProjectChangeEvent(ctx, resourceOwner, oldName, changes) changeEvent, err := project.NewProjectChangeEvent(ctx, aggregate, oldName, changes)
if err != nil { if err != nil {
return nil, false, err return nil, false, err
} }
return changeEvent, true, nil return changeEvent, true, nil
} }
func ProjectAggregateFromWriteModel(wm *eventstore.WriteModel) *project.Aggregate { func ProjectAggregateFromWriteModel(wm *eventstore.WriteModel) *eventstore.Aggregate {
return &project.Aggregate{ return eventstore.AggregateFromWriteModel(wm, project.AggregateType, project.AggregateVersion)
Aggregate: *eventstore.AggregateFromWriteModel(wm, project.AggregateType, project.AggregateVersion),
}
} }

81
internal/v2/command/project_role.go
View File

@ -17,9 +17,15 @@ func (r *CommandSide) AddProjectRole(ctx context.Context, projectRole *domain.Pr
roleWriteModel := NewProjectRoleWriteModelWithKey(projectRole.Key, projectRole.AggregateID, resourceOwner) roleWriteModel := NewProjectRoleWriteModelWithKey(projectRole.Key, projectRole.AggregateID, resourceOwner)
projectAgg := ProjectAggregateFromWriteModel(&roleWriteModel.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&roleWriteModel.WriteModel)
r.addProjectRoles(ctx, projectAgg, projectRole.AggregateID, resourceOwner, projectRole) events, err := r.addProjectRoles(ctx, projectAgg, projectRole.AggregateID, projectRole)
if err != nil {
err = r.eventstore.PushAggregate(ctx, roleWriteModel, projectAgg) return nil, err
}
pushedEvents, err := r.eventstore.PushEvents(ctx, events...)
if err != nil {
return nil, err
}
err = AppendAndReduce(roleWriteModel, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -34,28 +40,32 @@ func (r *CommandSide) BulkAddProjectRole(ctx context.Context, projectID, resourc
roleWriteModel := NewProjectRoleWriteModel(projectID, resourceOwner) roleWriteModel := NewProjectRoleWriteModel(projectID, resourceOwner)
projectAgg := ProjectAggregateFromWriteModel(&roleWriteModel.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&roleWriteModel.WriteModel)
r.addProjectRoles(ctx, projectAgg, projectID, resourceOwner, projectRoles...) events, err := r.addProjectRoles(ctx, projectAgg, projectID, projectRoles...)
if err != nil {
return r.eventstore.PushAggregate(ctx, roleWriteModel, projectAgg) return err
}
func (r *CommandSide) addProjectRoles(ctx context.Context, projectAgg *project.Aggregate, projectID, resourceOwner string, projectRoles ...*domain.ProjectRole) error {
for _, projectRole := range projectRoles {
if !projectRole.IsValid() {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4m9vS", "Errors.Project.Invalid")
}
projectAgg.PushEvents(
project.NewRoleAddedEvent(
ctx,
projectRole.Key,
projectRole.DisplayName,
projectRole.Group,
projectID,
),
)
} }
return nil _, err = r.eventstore.PushEvents(ctx, events...)
return err
}
func (r *CommandSide) addProjectRoles(ctx context.Context, projectAgg *eventstore.Aggregate, projectID string, projectRoles ...*domain.ProjectRole) ([]eventstore.EventPusher, error) {
var events []eventstore.EventPusher
for _, projectRole := range projectRoles {
if !projectRole.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4m9vS", "Errors.Project.Invalid")
}
events = append(events, project.NewRoleAddedEvent(
ctx,
projectAgg,
projectRole.Key,
projectRole.DisplayName,
projectRole.Group,
projectID,
))
}
return events, nil
} }
func (r *CommandSide) ChangeProjectRole(ctx context.Context, projectRole *domain.ProjectRole, resourceOwner string) (_ *domain.ProjectRole, err error) { func (r *CommandSide) ChangeProjectRole(ctx context.Context, projectRole *domain.ProjectRole, resourceOwner string) (_ *domain.ProjectRole, err error) {
@ -77,16 +87,19 @@ func (r *CommandSide) ChangeProjectRole(ctx context.Context, projectRole *domain
projectAgg := ProjectAggregateFromWriteModel(&existingRole.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&existingRole.WriteModel)
changeEvent, changed, err := existingRole.NewProjectRoleChangedEvent(ctx, projectRole.Key, projectRole.DisplayName, projectRole.Group) changeEvent, changed, err := existingRole.NewProjectRoleChangedEvent(ctx, projectAgg, projectRole.Key, projectRole.DisplayName, projectRole.Group)
if err != nil { if err != nil {
return nil, err return nil, err
} }
if !changed { if !changed {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-5M0cs", "Errors.NoChangesFound") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-5M0cs", "Errors.NoChangesFound")
} }
projectAgg.PushEvents(changeEvent)
err = r.eventstore.PushAggregate(ctx, existingRole, projectAgg) pushedEvents, err := r.eventstore.PushEvents(ctx, changeEvent)
if err != nil {
return nil, err
}
err = AppendAndReduce(existingRole, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -104,28 +117,30 @@ func (r *CommandSide) RemoveProjectRole(ctx context.Context, projectID, key, res
if existingRole.State == domain.ProjectRoleStateUnspecified || existingRole.State == domain.ProjectRoleStateRemoved { if existingRole.State == domain.ProjectRoleStateUnspecified || existingRole.State == domain.ProjectRoleStateRemoved {
return caos_errs.ThrowNotFound(nil, "COMMAND-m9vMf", "Errors.Project.Role.NotExisting") return caos_errs.ThrowNotFound(nil, "COMMAND-m9vMf", "Errors.Project.Role.NotExisting")
} }
aggregates := make([]eventstore.Aggregater, 0)
projectAgg := ProjectAggregateFromWriteModel(&existingRole.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&existingRole.WriteModel)
projectAgg.PushEvents(project.NewRoleRemovedEvent(ctx, key, projectID)) events := []eventstore.EventPusher{
project.NewRoleRemovedEvent(ctx, projectAgg, key, projectID),
}
for _, projectGrantID := range cascadingProjectGrantIds { for _, projectGrantID := range cascadingProjectGrantIds {
_, err = r.removeRoleFromProjectGrant(ctx, projectAgg, projectID, projectGrantID, key, true) event, _, err := r.removeRoleFromProjectGrant(ctx, projectAgg, projectID, projectGrantID, key, true)
if err != nil { if err != nil {
logging.LogWithFields("COMMAND-6n77g", "projectgrantid", projectGrantID).WithError(err).Warn("could not cascade remove role from project grant") logging.LogWithFields("COMMAND-6n77g", "projectgrantid", projectGrantID).WithError(err).Warn("could not cascade remove role from project grant")
continue continue
} }
events = append(events, event)
} }
aggregates = append(aggregates, projectAgg)
for _, grantID := range cascadeUserGrantIDs { for _, grantID := range cascadeUserGrantIDs {
grantAgg, _, err := r.removeRoleFromUserGrant(ctx, grantID, []string{key}, true) event, err := r.removeRoleFromUserGrant(ctx, grantID, []string{key}, true)
if err != nil { if err != nil {
logging.LogWithFields("COMMAND-mK0of", "usergrantid", grantID).WithError(err).Warn("could not cascade remove role on user grant") logging.LogWithFields("COMMAND-mK0of", "usergrantid", grantID).WithError(err).Warn("could not cascade remove role on user grant")
continue continue
} }
aggregates = append(aggregates, grantAgg) events = append(events, event)
} }
_, err = r.eventstore.PushAggregates(ctx, aggregates...) _, err = r.eventstore.PushEvents(ctx, events...)
return err return err
} }

17
internal/v2/command/project_role_model.go
View File

@ -82,20 +82,19 @@ func (wm *ProjectRoleWriteModel) Reduce() error {
} }
func (wm *ProjectRoleWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *ProjectRoleWriteModel) Query() *eventstore.SearchQueryBuilder {
//types := []eventstore.EventType{
// project.RoleAddedType,
// project.RoleChangedType,
// project.RoleRemovedType,
// project.ProjectRemovedType,
//}
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, project.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, project.AggregateType).
AggregateIDs(wm.AggregateID). AggregateIDs(wm.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
//EventTypes(types...) EventTypes(
project.RoleAddedType,
project.RoleChangedType,
project.RoleRemovedType,
project.ProjectRemovedType)
} }
func (wm *ProjectRoleWriteModel) NewProjectRoleChangedEvent( func (wm *ProjectRoleWriteModel) NewProjectRoleChangedEvent(
ctx context.Context, ctx context.Context,
aggregate *eventstore.Aggregate,
key, key,
displayName, displayName,
group string, group string,
@ -113,7 +112,7 @@ func (wm *ProjectRoleWriteModel) NewProjectRoleChangedEvent(
if len(changes) == 0 { if len(changes) == 0 {
return nil, false, nil return nil, false, nil
} }
changeEvent, err := project.NewRoleChangedEvent(ctx, changes) changeEvent, err := project.NewRoleChangedEvent(ctx, aggregate, changes)
if err != nil { if err != nil {
return nil, false, err return nil, false, err
} }

18
internal/v2/command/setup.go
View File

@ -2,6 +2,7 @@ package command
import ( import (
"context" "context"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/logging" "github.com/caos/logging"
@ -63,16 +64,20 @@ func (r *CommandSide) StartSetup(ctx context.Context, step domain.Step) (*domain
if iamWriteModel.SetUpStarted >= step || iamWriteModel.SetUpStarted != iamWriteModel.SetUpDone { if iamWriteModel.SetUpStarted >= step || iamWriteModel.SetUpStarted != iamWriteModel.SetUpDone {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-9so34", "setup error") return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-9so34", "setup error")
} }
aggregate := IAMAggregateFromWriteModel(&iamWriteModel.WriteModel).PushEvents(iam_repo.NewSetupStepStartedEvent(ctx, step)) aggregate := IAMAggregateFromWriteModel(&iamWriteModel.WriteModel)
err = r.eventstore.PushAggregate(ctx, iamWriteModel, aggregate) pushedEvents, err := r.eventstore.PushEvents(ctx, iam_repo.NewSetupStepStartedEvent(ctx, aggregate, step))
if err != nil { if err != nil {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Grgh1", "Setup start failed") return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Grgh1", "Setup start failed")
} }
err = AppendAndReduce(iamWriteModel, pushedEvents...)
if err != nil {
return nil, err
}
logging.LogWithFields("SETUP-fhh21", "step", step).Info("setup step started") logging.LogWithFields("SETUP-fhh21", "step", step).Info("setup step started")
return writeModelToIAM(iamWriteModel), nil return writeModelToIAM(iamWriteModel), nil
} }
func (r *CommandSide) setup(ctx context.Context, step Step, iamAggregateProvider func(*IAMWriteModel) (*iam_repo.Aggregate, error)) error { func (r *CommandSide) setup(ctx context.Context, step Step, iamAggregateProvider func(*IAMWriteModel) ([]eventstore.EventPusher, error)) error {
iam, err := r.getIAMWriteModel(ctx) iam, err := r.getIAMWriteModel(ctx)
if err != nil && !caos_errs.IsNotFound(err) { if err != nil && !caos_errs.IsNotFound(err) {
return err return err
@ -80,13 +85,14 @@ func (r *CommandSide) setup(ctx context.Context, step Step, iamAggregateProvider
if iam.SetUpStarted != step.Step() && iam.SetUpDone+1 != step.Step() { if iam.SetUpStarted != step.Step() && iam.SetUpDone+1 != step.Step() {
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-Dge32", "wrong step") return caos_errs.ThrowPreconditionFailed(nil, "EVENT-Dge32", "wrong step")
} }
iamAgg, err := iamAggregateProvider(iam) events, err := iamAggregateProvider(iam)
if err != nil { if err != nil {
return err return err
} }
iamAgg.PushEvents(iam_repo.NewSetupStepDoneEvent(ctx, step.Step())) iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel)
events = append(events, iam_repo.NewSetupStepDoneEvent(ctx, iamAgg, step.Step()))
_, err = r.eventstore.PushAggregates(ctx, iamAgg) _, err = r.eventstore.PushEvents(ctx, events...)
if err != nil { if err != nil {
return caos_errs.ThrowPreconditionFailedf(nil, "EVENT-dbG31", "Setup %v failed", step.Step()) return caos_errs.ThrowPreconditionFailedf(nil, "EVENT-dbG31", "Setup %v failed", step.Step())
} }

48
internal/v2/command/setup_step1.go
View File

@ -2,6 +2,7 @@ package command
import ( import (
"context" "context"
"github.com/caos/zitadel/internal/eventstore/models" "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/logging" "github.com/caos/logging"
@ -10,7 +11,6 @@ import (
"github.com/caos/zitadel/internal/eventstore/v2" "github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
iam_repo "github.com/caos/zitadel/internal/v2/repository/iam" iam_repo "github.com/caos/zitadel/internal/v2/repository/iam"
"github.com/caos/zitadel/internal/v2/repository/project"
) )
const ( const (
@ -84,10 +84,11 @@ type OIDCApp struct {
} }
func (r *CommandSide) SetupStep1(ctx context.Context, step1 *Step1) error { func (r *CommandSide) SetupStep1(ctx context.Context, step1 *Step1) error {
var events []eventstore.EventPusher
iamWriteModel := NewIAMWriteModel() iamWriteModel := NewIAMWriteModel()
iamAgg := IAMAggregateFromWriteModel(&iamWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&iamWriteModel.WriteModel)
//create default login policy //create default login policy
err := r.addDefaultLoginPolicy(ctx, iamAgg, NewIAMLoginPolicyWriteModel(), loginPolicyEvent, err := r.addDefaultLoginPolicy(ctx, iamAgg, NewIAMLoginPolicyWriteModel(),
&domain.LoginPolicy{ &domain.LoginPolicy{
AllowUsernamePassword: step1.DefaultLoginPolicy.AllowUsernamePassword, AllowUsernamePassword: step1.DefaultLoginPolicy.AllowUsernamePassword,
AllowRegister: step1.DefaultLoginPolicy.AllowRegister, AllowRegister: step1.DefaultLoginPolicy.AllowRegister,
@ -96,11 +97,11 @@ func (r *CommandSide) SetupStep1(ctx context.Context, step1 *Step1) error {
if err != nil { if err != nil {
return err return err
} }
events = append(events, loginPolicyEvent)
logging.Log("SETUP-sd2hj").Info("default login policy set up") logging.Log("SETUP-sd2hj").Info("default login policy set up")
//create orgs //create orgs
aggregates := make([]eventstore.Aggregater, 0)
for _, organisation := range step1.Orgs { for _, organisation := range step1.Orgs {
orgAgg, userAgg, orgMemberAgg, claimedUsers, err := r.setUpOrg(ctx, orgAgg, humanWriteModel, _, setUpOrgEvents, err := r.setUpOrg(ctx,
&domain.Org{ &domain.Org{
Name: organisation.Name, Name: organisation.Name,
Domains: []*domain.OrgDomain{{Domain: organisation.Domain}}, Domains: []*domain.OrgDomain{{Domain: organisation.Domain}},
@ -122,66 +123,70 @@ func (r *CommandSide) SetupStep1(ctx context.Context, step1 *Step1) error {
if err != nil { if err != nil {
return err return err
} }
logging.LogWithFields("SETUP-Gdsfg", "id", orgAgg.ID(), "name", organisation.Name).Info("org set up") events = append(events, setUpOrgEvents...)
logging.LogWithFields("SETUP-Gdsfg", "id", orgAgg.ID, "name", organisation.Name).Info("org set up")
if organisation.OrgIamPolicy { if organisation.OrgIamPolicy {
err = r.addOrgIAMPolicy(ctx, orgAgg, NewORGOrgIAMPolicyWriteModel(orgAgg.ID()), &domain.OrgIAMPolicy{UserLoginMustBeDomain: false}) orgIAMPolicyEvent, err := r.addOrgIAMPolicy(ctx, orgAgg, NewORGOrgIAMPolicyWriteModel(orgAgg.ID), &domain.OrgIAMPolicy{UserLoginMustBeDomain: false})
if err != nil { if err != nil {
return err return err
} }
events = append(events, orgIAMPolicyEvent)
} }
aggregates = append(aggregates, orgAgg, userAgg, orgMemberAgg)
aggregates = append(aggregates, claimedUsers...)
if organisation.Name == step1.GlobalOrg { if organisation.Name == step1.GlobalOrg {
err = r.setGlobalOrg(ctx, iamAgg, iamWriteModel, orgAgg.ID()) globalOrgEvent, err := r.setGlobalOrg(ctx, iamAgg, iamWriteModel, orgAgg.ID)
if err != nil { if err != nil {
return err return err
} }
events = append(events, globalOrgEvent)
logging.Log("SETUP-BDn52").Info("global org set") logging.Log("SETUP-BDn52").Info("global org set")
} }
//projects //projects
for _, proj := range organisation.Projects { for _, proj := range organisation.Projects {
project := &domain.Project{Name: proj.Name} project := &domain.Project{Name: proj.Name}
projectAgg, _, err := r.addProject(ctx, project, orgAgg.ID(), userAgg.ID()) projectEvents, projectWriteModel, err := r.addProject(ctx, project, orgAgg.ID, humanWriteModel.AggregateID)
if err != nil { if err != nil {
return err return err
} }
events = append(events, projectEvents...)
if project.Name == step1.IAMProject { if project.Name == step1.IAMProject {
err = r.setIAMProject(ctx, iamAgg, iamWriteModel, projectAgg.ID()) iamProjectEvent, err := r.setIAMProject(ctx, iamAgg, iamWriteModel, projectWriteModel.AggregateID)
if err != nil { if err != nil {
return err return err
} }
events = append(events, iamProjectEvent)
logging.Log("SETUP-Bdfs1").Info("IAM project set") logging.Log("SETUP-Bdfs1").Info("IAM project set")
err = r.addIAMMember(ctx, iamAgg, NewIAMMemberWriteModel(userAgg.ID()), domain.NewMember(iamAgg.ID(), userAgg.ID(), domain.RoleIAMOwner)) iamEvent, err := r.addIAMMember(ctx, iamAgg, NewIAMMemberWriteModel(humanWriteModel.AggregateID), domain.NewMember(iamAgg.ID, humanWriteModel.AggregateID, domain.RoleIAMOwner))
if err != nil { if err != nil {
return err return err
} }
events = append(events, iamEvent)
logging.Log("SETUP-BSf2h").Info("IAM owner set") logging.Log("SETUP-BSf2h").Info("IAM owner set")
} }
//create applications //create applications
for _, app := range proj.OIDCApps { for _, app := range proj.OIDCApps {
err = setUpApplication(ctx, r, projectAgg, project, app, orgAgg.ID()) applicationEvents, err := setUpApplication(ctx, r, projectWriteModel, project, app, orgAgg.ID)
if err != nil { if err != nil {
return err return err
} }
events = append(events, applicationEvents...)
} }
aggregates = append(aggregates, projectAgg)
} }
} }
iamAgg.PushEvents(iam_repo.NewSetupStepDoneEvent(ctx, domain.Step1)) events = append(events, iam_repo.NewSetupStepDoneEvent(ctx, iamAgg, domain.Step1))
_, err = r.eventstore.PushAggregates(ctx, append(aggregates, iamAgg)...) _, err = r.eventstore.PushEvents(ctx, events...)
if err != nil { if err != nil {
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-Gr2hh", "Setup Step1 failed") return caos_errs.ThrowPreconditionFailed(nil, "EVENT-Gr2hh", "Setup Step1 failed")
} }
return nil return nil
} }
func setUpApplication(ctx context.Context, r *CommandSide, projectAgg *project.Aggregate, project *domain.Project, oidcApp OIDCApp, resourceOwner string) error { func setUpApplication(ctx context.Context, r *CommandSide, projectWriteModel *ProjectWriteModel, project *domain.Project, oidcApp OIDCApp, resourceOwner string) ([]eventstore.EventPusher, error) {
app := &domain.OIDCApp{ app := &domain.OIDCApp{
ObjectRoot: models.ObjectRoot{ ObjectRoot: models.ObjectRoot{
AggregateID: projectAgg.ID(), AggregateID: projectWriteModel.AggregateID,
}, },
AppName: oidcApp.Name, AppName: oidcApp.Name,
RedirectUris: oidcApp.RedirectUris, RedirectUris: oidcApp.RedirectUris,
@ -192,12 +197,13 @@ func setUpApplication(ctx context.Context, r *CommandSide, projectAgg *project.A
DevMode: oidcApp.DevMode, DevMode: oidcApp.DevMode,
} }
_, err := r.addOIDCApplication(ctx, projectAgg, project, app, resourceOwner) projectAgg := ProjectAggregateFromWriteModel(&projectWriteModel.WriteModel)
events, _, err := r.addOIDCApplication(ctx, projectAgg, project, app, resourceOwner)
if err != nil { if err != nil {
return err return nil, err
} }
logging.LogWithFields("SETUP-Edgw4", "name", app.AppName, "clientID", app.ClientID).Info("application set up") logging.LogWithFields("SETUP-Edgw4", "name", app.AppName, "clientID", app.ClientID).Info("application set up")
return nil return events, nil
} }
func getOIDCResponseTypes(responseTypes []string) []domain.OIDCResponseType { func getOIDCResponseTypes(responseTypes []string) []domain.OIDCResponseType {

14
internal/v2/command/setup_step10.go
View File

@ -3,8 +3,8 @@ package command
import ( import (
"context" "context"
"github.com/caos/logging" "github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
iam_repo "github.com/caos/zitadel/internal/v2/repository/iam"
) )
type Step10 struct { type Step10 struct {
@ -21,20 +21,24 @@ func (s *Step10) execute(ctx context.Context, commandSide *CommandSide) error {
} }
func (r *CommandSide) SetupStep10(ctx context.Context, step *Step10) error { func (r *CommandSide) SetupStep10(ctx context.Context, step *Step10) error {
fn := func(iam *IAMWriteModel) (*iam_repo.Aggregate, error) { fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) {
iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel) iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel)
err := r.addDefaultMailTemplate(ctx, iamAgg, NewIAMMailTemplateWriteModel(), &step.DefaultMailTemplate) mailTemplateEvent, err := r.addDefaultMailTemplate(ctx, iamAgg, NewIAMMailTemplateWriteModel(), &step.DefaultMailTemplate)
if err != nil { if err != nil {
return nil, err return nil, err
} }
events := []eventstore.EventPusher{
mailTemplateEvent,
}
for _, text := range step.DefaultMailTexts { for _, text := range step.DefaultMailTexts {
r.addDefaultMailText(ctx, iamAgg, NewIAMMailTextWriteModel(text.MailTextType, text.Language), &text) defaultTextEvent, err := r.addDefaultMailText(ctx, iamAgg, NewIAMMailTextWriteModel(text.MailTextType, text.Language), &text)
if err != nil { if err != nil {
return nil, err return nil, err
} }
events = append(events, defaultTextEvent)
} }
logging.Log("SETUP-3N9fs").Info("default mail template/text set up") logging.Log("SETUP-3N9fs").Info("default mail template/text set up")
return iamAgg, nil return events, nil
} }
return r.setup(ctx, step, fn) return r.setup(ctx, step, fn)
} }

6
internal/v2/command/setup_step11.go
View File

@ -3,6 +3,7 @@ package command
import ( import (
"context" "context"
"github.com/caos/logging" "github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
iam_repo "github.com/caos/zitadel/internal/v2/repository/iam" iam_repo "github.com/caos/zitadel/internal/v2/repository/iam"
) )
@ -20,7 +21,7 @@ func (s *Step11) execute(ctx context.Context, commandSide *CommandSide) error {
} }
func (r *CommandSide) SetupStep11(ctx context.Context, step *Step11) error { func (r *CommandSide) SetupStep11(ctx context.Context, step *Step11) error {
fn := func(iam *IAMWriteModel) (*iam_repo.Aggregate, error) { fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) {
iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel) iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel)
var uniqueContraintMigrations []*domain.UniqueConstraintMigration var uniqueContraintMigrations []*domain.UniqueConstraintMigration
if step.MigrateV1EventstoreToV2 { if step.MigrateV1EventstoreToV2 {
@ -31,9 +32,8 @@ func (r *CommandSide) SetupStep11(ctx context.Context, step *Step11) error {
} }
uniqueContraintMigrations = uniqueConstraints.UniqueConstraints uniqueContraintMigrations = uniqueConstraints.UniqueConstraints
} }
iamAgg.PushEvents(iam_repo.NewMigrateUniqueConstraintEvent(ctx, uniqueContraintMigrations))
logging.Log("SETUP-M9fsd").Info("migrate v1 eventstore to v2") logging.Log("SETUP-M9fsd").Info("migrate v1 eventstore to v2")
return iamAgg, nil return []eventstore.EventPusher{iam_repo.NewMigrateUniqueConstraintEvent(ctx, iamAgg, uniqueContraintMigrations)}, nil
} }
return r.setup(ctx, step, fn) return r.setup(ctx, step, fn)
} }

8
internal/v2/command/setup_step2.go
View File

@ -2,12 +2,12 @@ package command
import ( import (
"context" "context"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/logging" "github.com/caos/logging"
iam_model "github.com/caos/zitadel/internal/iam/model" iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
iam_repo "github.com/caos/zitadel/internal/v2/repository/iam"
) )
type Step2 struct { type Step2 struct {
@ -23,9 +23,9 @@ func (s *Step2) execute(ctx context.Context, commandSide *CommandSide) error {
} }
func (r *CommandSide) SetupStep2(ctx context.Context, step *Step2) error { func (r *CommandSide) SetupStep2(ctx context.Context, step *Step2) error {
fn := func(iam *IAMWriteModel) (*iam_repo.Aggregate, error) { fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) {
iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel) iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel)
err := r.addDefaultPasswordComplexityPolicy(ctx, iamAgg, NewIAMPasswordComplexityPolicyWriteModel(), &domain.PasswordComplexityPolicy{ event, err := r.addDefaultPasswordComplexityPolicy(ctx, iamAgg, NewIAMPasswordComplexityPolicyWriteModel(), &domain.PasswordComplexityPolicy{
MinLength: step.DefaultPasswordComplexityPolicy.MinLength, MinLength: step.DefaultPasswordComplexityPolicy.MinLength,
HasLowercase: step.DefaultPasswordComplexityPolicy.HasLowercase, HasLowercase: step.DefaultPasswordComplexityPolicy.HasLowercase,
HasUppercase: step.DefaultPasswordComplexityPolicy.HasUppercase, HasUppercase: step.DefaultPasswordComplexityPolicy.HasUppercase,
@ -36,7 +36,7 @@ func (r *CommandSide) SetupStep2(ctx context.Context, step *Step2) error {
return nil, err return nil, err
} }
logging.Log("SETUP-ADgd2").Info("default password complexity policy set up") logging.Log("SETUP-ADgd2").Info("default password complexity policy set up")
return iamAgg, nil return []eventstore.EventPusher{event}, nil
} }
return r.setup(ctx, step, fn) return r.setup(ctx, step, fn)
} }

8
internal/v2/command/setup_step3.go
View File

@ -2,12 +2,12 @@ package command
import ( import (
"context" "context"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/logging" "github.com/caos/logging"
iam_model "github.com/caos/zitadel/internal/iam/model" iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
iam_repo "github.com/caos/zitadel/internal/v2/repository/iam"
) )
type Step3 struct { type Step3 struct {
@ -23,9 +23,9 @@ func (s *Step3) execute(ctx context.Context, commandSide *CommandSide) error {
} }
func (r *CommandSide) SetupStep3(ctx context.Context, step *Step3) error { func (r *CommandSide) SetupStep3(ctx context.Context, step *Step3) error {
fn := func(iam *IAMWriteModel) (*iam_repo.Aggregate, error) { fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) {
iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel) iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel)
err := r.addDefaultPasswordAgePolicy(ctx, iamAgg, NewIAMPasswordAgePolicyWriteModel(), &domain.PasswordAgePolicy{ event, err := r.addDefaultPasswordAgePolicy(ctx, iamAgg, NewIAMPasswordAgePolicyWriteModel(), &domain.PasswordAgePolicy{
MaxAgeDays: step.DefaultPasswordAgePolicy.MaxAgeDays, MaxAgeDays: step.DefaultPasswordAgePolicy.MaxAgeDays,
ExpireWarnDays: step.DefaultPasswordAgePolicy.ExpireWarnDays, ExpireWarnDays: step.DefaultPasswordAgePolicy.ExpireWarnDays,
}) })
@ -33,7 +33,7 @@ func (r *CommandSide) SetupStep3(ctx context.Context, step *Step3) error {
return nil, err return nil, err
} }
logging.Log("SETUP-DBqgq").Info("default password age policy set up") logging.Log("SETUP-DBqgq").Info("default password age policy set up")
return iamAgg, nil return []eventstore.EventPusher{event}, nil
} }
return r.setup(ctx, step, fn) return r.setup(ctx, step, fn)
} }

8
internal/v2/command/setup_step4.go
View File

@ -2,12 +2,12 @@ package command
import ( import (
"context" "context"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/logging" "github.com/caos/logging"
iam_model "github.com/caos/zitadel/internal/iam/model" iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
iam_repo "github.com/caos/zitadel/internal/v2/repository/iam"
) )
type Step4 struct { type Step4 struct {
@ -23,9 +23,9 @@ func (s *Step4) execute(ctx context.Context, commandSide *CommandSide) error {
} }
func (r *CommandSide) SetupStep4(ctx context.Context, step *Step4) error { func (r *CommandSide) SetupStep4(ctx context.Context, step *Step4) error {
fn := func(iam *IAMWriteModel) (*iam_repo.Aggregate, error) { fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) {
iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel) iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel)
err := r.addDefaultPasswordLockoutPolicy(ctx, iamAgg, NewIAMPasswordLockoutPolicyWriteModel(), &domain.PasswordLockoutPolicy{ event, err := r.addDefaultPasswordLockoutPolicy(ctx, iamAgg, NewIAMPasswordLockoutPolicyWriteModel(), &domain.PasswordLockoutPolicy{
MaxAttempts: step.DefaultPasswordLockoutPolicy.MaxAttempts, MaxAttempts: step.DefaultPasswordLockoutPolicy.MaxAttempts,
ShowLockOutFailures: step.DefaultPasswordLockoutPolicy.ShowLockOutFailures, ShowLockOutFailures: step.DefaultPasswordLockoutPolicy.ShowLockOutFailures,
}) })
@ -33,7 +33,7 @@ func (r *CommandSide) SetupStep4(ctx context.Context, step *Step4) error {
return nil, err return nil, err
} }
logging.Log("SETUP-Bfnge").Info("default password lockout policy set up") logging.Log("SETUP-Bfnge").Info("default password lockout policy set up")
return iamAgg, nil return []eventstore.EventPusher{event}, nil
} }
return r.setup(ctx, step, fn) return r.setup(ctx, step, fn)
} }

8
internal/v2/command/setup_step5.go
View File

@ -2,12 +2,12 @@ package command
import ( import (
"context" "context"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/logging" "github.com/caos/logging"
iam_model "github.com/caos/zitadel/internal/iam/model" iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
iam_repo "github.com/caos/zitadel/internal/v2/repository/iam"
) )
type Step5 struct { type Step5 struct {
@ -23,16 +23,16 @@ func (s *Step5) execute(ctx context.Context, commandSide *CommandSide) error {
} }
func (r *CommandSide) SetupStep5(ctx context.Context, step *Step5) error { func (r *CommandSide) SetupStep5(ctx context.Context, step *Step5) error {
fn := func(iam *IAMWriteModel) (*iam_repo.Aggregate, error) { fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) {
iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel) iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel)
err := r.addDefaultOrgIAMPolicy(ctx, iamAgg, NewIAMOrgIAMPolicyWriteModel(), &domain.OrgIAMPolicy{ event, err := r.addDefaultOrgIAMPolicy(ctx, iamAgg, NewIAMOrgIAMPolicyWriteModel(), &domain.OrgIAMPolicy{
UserLoginMustBeDomain: step.DefaultOrgIAMPolicy.UserLoginMustBeDomain, UserLoginMustBeDomain: step.DefaultOrgIAMPolicy.UserLoginMustBeDomain,
}) })
if err != nil { if err != nil {
return nil, err return nil, err
} }
logging.Log("SETUP-ADgd2").Info("default org iam policy set up") logging.Log("SETUP-ADgd2").Info("default org iam policy set up")
return iamAgg, nil return []eventstore.EventPusher{event}, nil
} }
return r.setup(ctx, step, fn) return r.setup(ctx, step, fn)
} }

8
internal/v2/command/setup_step6.go
View File

@ -2,12 +2,12 @@ package command
import ( import (
"context" "context"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/logging" "github.com/caos/logging"
iam_model "github.com/caos/zitadel/internal/iam/model" iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
iam_repo "github.com/caos/zitadel/internal/v2/repository/iam"
) )
type Step6 struct { type Step6 struct {
@ -23,9 +23,9 @@ func (s *Step6) execute(ctx context.Context, commandSide *CommandSide) error {
} }
func (r *CommandSide) SetupStep6(ctx context.Context, step *Step6) error { func (r *CommandSide) SetupStep6(ctx context.Context, step *Step6) error {
fn := func(iam *IAMWriteModel) (*iam_repo.Aggregate, error) { fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) {
iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel) iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel)
err := r.addDefaultLabelPolicy(ctx, iamAgg, NewIAMLabelPolicyWriteModel(), &domain.LabelPolicy{ event, err := r.addDefaultLabelPolicy(ctx, iamAgg, NewIAMLabelPolicyWriteModel(), &domain.LabelPolicy{
PrimaryColor: step.DefaultLabelPolicy.PrimaryColor, PrimaryColor: step.DefaultLabelPolicy.PrimaryColor,
SecondaryColor: step.DefaultLabelPolicy.SecondaryColor, SecondaryColor: step.DefaultLabelPolicy.SecondaryColor,
}) })
@ -33,7 +33,7 @@ func (r *CommandSide) SetupStep6(ctx context.Context, step *Step6) error {
return nil, err return nil, err
} }
logging.Log("SETUP-ADgd2").Info("default label policy set up") logging.Log("SETUP-ADgd2").Info("default label policy set up")
return iamAgg, nil return []eventstore.EventPusher{event}, nil
} }
return r.setup(ctx, step, fn) return r.setup(ctx, step, fn)
} }

10
internal/v2/command/setup_step7.go
View File

@ -2,11 +2,11 @@ package command
import ( import (
"context" "context"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/logging" "github.com/caos/logging"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
iam_repo "github.com/caos/zitadel/internal/v2/repository/iam"
) )
type Step7 struct { type Step7 struct {
@ -22,18 +22,18 @@ func (s *Step7) execute(ctx context.Context, commandSide *CommandSide) error {
} }
func (r *CommandSide) SetupStep7(ctx context.Context, step *Step7) error { func (r *CommandSide) SetupStep7(ctx context.Context, step *Step7) error {
fn := func(iam *IAMWriteModel) (*iam_repo.Aggregate, error) { fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) {
secondFactorModel := NewIAMSecondFactorWriteModel() secondFactorModel := NewIAMSecondFactorWriteModel()
iamAgg := IAMAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel)
if !step.OTP { if !step.OTP {
return iamAgg, nil return []eventstore.EventPusher{}, nil
} }
err := r.addSecondFactorToDefaultLoginPolicy(ctx, iamAgg, secondFactorModel, domain.SecondFactorTypeOTP) event, err := r.addSecondFactorToDefaultLoginPolicy(ctx, iamAgg, secondFactorModel, domain.SecondFactorTypeOTP)
if err != nil { if err != nil {
return nil, err return nil, err
} }
logging.Log("SETUP-Dggsg").Info("added OTP to 2FA login policy") logging.Log("SETUP-Dggsg").Info("added OTP to 2FA login policy")
return iamAgg, nil return []eventstore.EventPusher{event}, nil
} }
return r.setup(ctx, step, fn) return r.setup(ctx, step, fn)
} }

10
internal/v2/command/setup_step8.go
View File

@ -2,11 +2,11 @@ package command
import ( import (
"context" "context"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/logging" "github.com/caos/logging"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
iam_repo "github.com/caos/zitadel/internal/v2/repository/iam"
) )
type Step8 struct { type Step8 struct {
@ -22,18 +22,18 @@ func (s *Step8) execute(ctx context.Context, commandSide *CommandSide) error {
} }
func (r *CommandSide) SetupStep8(ctx context.Context, step *Step8) error { func (r *CommandSide) SetupStep8(ctx context.Context, step *Step8) error {
fn := func(iam *IAMWriteModel) (*iam_repo.Aggregate, error) { fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) {
secondFactorModel := NewIAMSecondFactorWriteModel() secondFactorModel := NewIAMSecondFactorWriteModel()
iamAgg := IAMAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel)
if !step.U2F { if !step.U2F {
return iamAgg, nil return []eventstore.EventPusher{}, nil
} }
err := r.addSecondFactorToDefaultLoginPolicy(ctx, iamAgg, secondFactorModel, domain.SecondFactorTypeU2F) event, err := r.addSecondFactorToDefaultLoginPolicy(ctx, iamAgg, secondFactorModel, domain.SecondFactorTypeU2F)
if err != nil { if err != nil {
return nil, err return nil, err
} }
logging.Log("SETUP-BDhne").Info("added U2F to 2FA login policy") logging.Log("SETUP-BDhne").Info("added U2F to 2FA login policy")
return iamAgg, nil return []eventstore.EventPusher{event}, nil
} }
return r.setup(ctx, step, fn) return r.setup(ctx, step, fn)
} }

16
internal/v2/command/setup_step9.go
View File

@ -2,11 +2,11 @@ package command
import ( import (
"context" "context"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/logging" "github.com/caos/logging"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
iam_repo "github.com/caos/zitadel/internal/v2/repository/iam"
) )
type Step9 struct { type Step9 struct {
@ -22,31 +22,31 @@ func (s *Step9) execute(ctx context.Context, commandSide *CommandSide) error {
} }
func (r *CommandSide) SetupStep9(ctx context.Context, step *Step9) error { func (r *CommandSide) SetupStep9(ctx context.Context, step *Step9) error {
fn := func(iam *IAMWriteModel) (*iam_repo.Aggregate, error) { fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) {
multiFactorModel := NewIAMMultiFactorWriteModel() multiFactorModel := NewIAMMultiFactorWriteModel()
iamAgg := IAMAggregateFromWriteModel(&multiFactorModel.MultiFactoryWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&multiFactorModel.MultiFactoryWriteModel.WriteModel)
if !step.Passwordless { if !step.Passwordless {
return iamAgg, nil return []eventstore.EventPusher{}, nil
} }
err := setPasswordlessAllowedInPolicy(ctx, r, iamAgg) passwordlessEvent, err := setPasswordlessAllowedInPolicy(ctx, r, iamAgg)
if err != nil { if err != nil {
return nil, err return nil, err
} }
logging.Log("SETUP-AEG2t").Info("allowed passwordless in login policy") logging.Log("SETUP-AEG2t").Info("allowed passwordless in login policy")
err = r.addMultiFactorToDefaultLoginPolicy(ctx, iamAgg, multiFactorModel, domain.MultiFactorTypeU2FWithPIN) multifactorEvent, err := r.addMultiFactorToDefaultLoginPolicy(ctx, iamAgg, multiFactorModel, domain.MultiFactorTypeU2FWithPIN)
if err != nil { if err != nil {
return nil, err return nil, err
} }
logging.Log("SETUP-ADfng").Info("added passwordless to MFA login policy") logging.Log("SETUP-ADfng").Info("added passwordless to MFA login policy")
return iamAgg, err return []eventstore.EventPusher{passwordlessEvent, multifactorEvent}, nil
} }
return r.setup(ctx, step, fn) return r.setup(ctx, step, fn)
} }
func setPasswordlessAllowedInPolicy(ctx context.Context, c *CommandSide, iamAgg *iam_repo.Aggregate) error { func setPasswordlessAllowedInPolicy(ctx context.Context, c *CommandSide, iamAgg *eventstore.Aggregate) (eventstore.EventPusher, error) {
policy, err := c.getDefaultLoginPolicy(ctx) policy, err := c.getDefaultLoginPolicy(ctx)
if err != nil { if err != nil {
return err return nil, err
} }
policy.PasswordlessType = domain.PasswordlessTypeAllowed policy.PasswordlessType = domain.PasswordlessTypeAllowed
return c.changeDefaultLoginPolicy(ctx, iamAgg, NewIAMLoginPolicyWriteModel(), policy) return c.changeDefaultLoginPolicy(ctx, iamAgg, NewIAMLoginPolicyWriteModel(), policy)

104
internal/v2/command/unique_constraints_model.go
View File

@ -42,123 +42,129 @@ func (rm *UniqueConstraintReadModel) Reduce() error {
for _, event := range rm.Events { for _, event := range rm.Events {
switch e := event.(type) { switch e := event.(type) {
case *org.OrgAddedEvent: case *org.OrgAddedEvent:
rm.addUniqueConstraint(e.AggregateID(), e.AggregateID(), org.NewAddOrgNameUniqueConstraint(e.Name)) rm.addUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, org.NewAddOrgNameUniqueConstraint(e.Name))
case *org.OrgChangedEvent: case *org.OrgChangedEvent:
rm.changeUniqueConstraint(e.AggregateID(), e.AggregateID(), org.NewAddOrgNameUniqueConstraint(e.Name)) rm.changeUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, org.NewAddOrgNameUniqueConstraint(e.Name))
case *org.DomainVerifiedEvent: case *org.DomainVerifiedEvent:
rm.addUniqueConstraint(e.AggregateID(), e.AggregateID(), org.NewAddOrgNameUniqueConstraint(e.Domain)) rm.addUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, org.NewAddOrgNameUniqueConstraint(e.Domain))
case *org.DomainRemovedEvent: case *org.DomainRemovedEvent:
rm.removeUniqueConstraint(e.AggregateID(), e.AggregateID(), org.UniqueOrgDomain) rm.removeUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, org.UniqueOrgDomain)
case *iam.IDPConfigAddedEvent: case *iam.IDPConfigAddedEvent:
rm.addUniqueConstraint(e.AggregateID(), e.ConfigID, idpconfig.NewAddIDPConfigNameUniqueConstraint(e.Name, e.ResourceOwner())) rm.addUniqueConstraint(e.Aggregate().ID, e.ConfigID, idpconfig.NewAddIDPConfigNameUniqueConstraint(e.Name, e.Aggregate().ResourceOwner))
case *iam.IDPConfigChangedEvent: case *iam.IDPConfigChangedEvent:
rm.changeUniqueConstraint(e.AggregateID(), e.ConfigID, idpconfig.NewAddIDPConfigNameUniqueConstraint(*e.Name, e.ResourceOwner())) rm.changeUniqueConstraint(e.Aggregate().ID, e.ConfigID, idpconfig.NewAddIDPConfigNameUniqueConstraint(*e.Name, e.Aggregate().ResourceOwner))
case *iam.IDPConfigRemovedEvent: case *iam.IDPConfigRemovedEvent:
rm.removeUniqueConstraint(e.AggregateID(), e.ConfigID, idpconfig.UniqueIDPConfigNameType) rm.removeUniqueConstraint(e.Aggregate().ID, e.ConfigID, idpconfig.UniqueIDPConfigNameType)
case *org.IDPConfigAddedEvent: case *org.IDPConfigAddedEvent:
rm.addUniqueConstraint(e.AggregateID(), e.ConfigID, idpconfig.NewAddIDPConfigNameUniqueConstraint(e.Name, e.ResourceOwner())) rm.addUniqueConstraint(e.Aggregate().ID, e.ConfigID, idpconfig.NewAddIDPConfigNameUniqueConstraint(e.Name, e.Aggregate().ResourceOwner))
case *org.IDPConfigChangedEvent: case *org.IDPConfigChangedEvent:
rm.changeUniqueConstraint(e.AggregateID(), e.ConfigID, idpconfig.NewAddIDPConfigNameUniqueConstraint(*e.Name, e.ResourceOwner())) rm.changeUniqueConstraint(e.Aggregate().ID, e.ConfigID, idpconfig.NewAddIDPConfigNameUniqueConstraint(*e.Name, e.Aggregate().ResourceOwner))
case *org.IDPConfigRemovedEvent: case *org.IDPConfigRemovedEvent:
rm.removeUniqueConstraint(e.AggregateID(), e.ConfigID, idpconfig.UniqueIDPConfigNameType) rm.removeUniqueConstraint(e.Aggregate().ID, e.ConfigID, idpconfig.UniqueIDPConfigNameType)
case *iam.MailTextAddedEvent: case *iam.MailTextAddedEvent:
rm.addUniqueConstraint(e.AggregateID(), e.MailTextType+e.Language, policy.NewAddMailTextUniqueConstraint(e.AggregateID(), e.MailTextType, e.Language)) rm.addUniqueConstraint(e.Aggregate().ID, e.MailTextType+e.Language, policy.NewAddMailTextUniqueConstraint(e.Aggregate().ID, e.MailTextType, e.Language))
case *org.MailTextAddedEvent: case *org.MailTextAddedEvent:
rm.addUniqueConstraint(e.AggregateID(), e.MailTextType+e.Language, policy.NewAddMailTextUniqueConstraint(e.AggregateID(), e.MailTextType, e.Language)) rm.addUniqueConstraint(e.Aggregate().ID, e.MailTextType+e.Language, policy.NewAddMailTextUniqueConstraint(e.Aggregate().ID, e.MailTextType, e.Language))
case *org.MailTextRemovedEvent: case *org.MailTextRemovedEvent:
rm.removeUniqueConstraint(e.AggregateID(), e.MailTextType+e.Language, policy.UniqueMailText) rm.removeUniqueConstraint(e.Aggregate().ID, e.MailTextType+e.Language, policy.UniqueMailText)
case *project.ProjectAddedEvent: case *project.ProjectAddedEvent:
rm.addUniqueConstraint(e.AggregateID(), e.AggregateID(), project.NewAddProjectNameUniqueConstraint(e.Name, e.ResourceOwner())) rm.addUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, project.NewAddProjectNameUniqueConstraint(e.Name, e.Aggregate().ResourceOwner))
case *project.ProjectChangeEvent: case *project.ProjectChangeEvent:
rm.changeUniqueConstraint(e.AggregateID(), e.AggregateID(), project.NewAddProjectNameUniqueConstraint(*e.Name, e.ResourceOwner())) rm.changeUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, project.NewAddProjectNameUniqueConstraint(*e.Name, e.Aggregate().ResourceOwner))
case *project.ProjectRemovedEvent: case *project.ProjectRemovedEvent:
rm.removeUniqueConstraint(e.AggregateID(), e.AggregateID(), project.UniqueProjectnameType) rm.removeUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, project.UniqueProjectnameType)
case *project.ApplicationAddedEvent: case *project.ApplicationAddedEvent:
rm.addUniqueConstraint(e.AggregateID(), e.AppID, project.NewAddApplicationUniqueConstraint(e.Name, e.AggregateID())) rm.addUniqueConstraint(e.Aggregate().ID, e.AppID, project.NewAddApplicationUniqueConstraint(e.Name, e.Aggregate().ID))
case *project.ApplicationChangedEvent: case *project.ApplicationChangedEvent:
rm.changeUniqueConstraint(e.AggregateID(), e.AppID, project.NewAddApplicationUniqueConstraint(e.Name, e.AggregateID())) rm.changeUniqueConstraint(e.Aggregate().ID, e.AppID, project.NewAddApplicationUniqueConstraint(e.Name, e.Aggregate().ID))
case *project.ApplicationRemovedEvent: case *project.ApplicationRemovedEvent:
rm.removeUniqueConstraint(e.AggregateID(), e.AppID, project.UniqueAppNameType) rm.removeUniqueConstraint(e.Aggregate().ID, e.AppID, project.UniqueAppNameType)
case *project.GrantAddedEvent: case *project.GrantAddedEvent:
rm.addUniqueConstraint(e.AggregateID(), e.GrantID, project.NewAddProjectGrantUniqueConstraint(e.GrantedOrgID, e.AggregateID())) rm.addUniqueConstraint(e.Aggregate().ID, e.GrantID, project.NewAddProjectGrantUniqueConstraint(e.GrantedOrgID, e.Aggregate().ID))
case *project.GrantRemovedEvent: case *project.GrantRemovedEvent:
rm.removeUniqueConstraint(e.AggregateID(), e.GrantID, project.UniqueGrantType) rm.removeUniqueConstraint(e.Aggregate().ID, e.GrantID, project.UniqueGrantType)
case *project.GrantMemberAddedEvent: case *project.GrantMemberAddedEvent:
rm.addUniqueConstraint(e.AggregateID(), e.GrantID+e.UserID, project.NewAddProjectGrantMemberUniqueConstraint(e.AggregateID(), e.UserID, e.GrantID)) rm.addUniqueConstraint(e.Aggregate().ID, e.GrantID+e.UserID, project.NewAddProjectGrantMemberUniqueConstraint(e.Aggregate().ID, e.UserID, e.GrantID))
case *project.GrantMemberRemovedEvent: case *project.GrantMemberRemovedEvent:
rm.removeUniqueConstraint(e.AggregateID(), e.GrantID+e.UserID, project.UniqueProjectGrantMemberType) rm.removeUniqueConstraint(e.Aggregate().ID, e.GrantID+e.UserID, project.UniqueProjectGrantMemberType)
case *project.RoleAddedEvent: case *project.RoleAddedEvent:
rm.addUniqueConstraint(e.AggregateID(), e.Key, project.NewAddProjectRoleUniqueConstraint(e.Key, e.AggregateID())) rm.addUniqueConstraint(e.Aggregate().ID, e.Key, project.NewAddProjectRoleUniqueConstraint(e.Key, e.Aggregate().ID))
case *project.RoleRemovedEvent: case *project.RoleRemovedEvent:
rm.removeUniqueConstraint(e.AggregateID(), e.Key, project.UniqueRoleType) rm.removeUniqueConstraint(e.Aggregate().ID, e.Key, project.UniqueRoleType)
case *user.HumanAddedEvent: case *user.HumanAddedEvent:
policy, err := rm.commandProvider.getOrgIAMPolicy(rm.ctx, e.ResourceOwner()) policy, err := rm.commandProvider.getOrgIAMPolicy(rm.ctx, e.Aggregate().ResourceOwner)
if err != nil { if err != nil {
logging.Log("COMMAND-0k9Gs").WithError(err).Error("could not read policy for human added event unique constraint") logging.Log("COMMAND-0k9Gs").WithError(err).Error("could not read policy for human added event unique constraint")
continue continue
} }
rm.addUniqueConstraint(e.AggregateID(), e.AggregateID(), user.NewAddUsernameUniqueConstraint(e.UserName, e.ResourceOwner(), policy.UserLoginMustBeDomain)) rm.addUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, user.NewAddUsernameUniqueConstraint(e.UserName, e.Aggregate().ResourceOwner, policy.UserLoginMustBeDomain))
case *user.HumanRegisteredEvent: case *user.HumanRegisteredEvent:
policy, err := rm.commandProvider.getOrgIAMPolicy(rm.ctx, e.ResourceOwner()) policy, err := rm.commandProvider.getOrgIAMPolicy(rm.ctx, e.Aggregate().ResourceOwner)
if err != nil { if err != nil {
logging.Log("COMMAND-m9fod").WithError(err).Error("could not read policy for human registered event unique constraint") logging.Log("COMMAND-m9fod").WithError(err).Error("could not read policy for human registered event unique constraint")
continue continue
} }
rm.addUniqueConstraint(e.AggregateID(), e.AggregateID(), user.NewAddUsernameUniqueConstraint(e.UserName, e.ResourceOwner(), policy.UserLoginMustBeDomain)) rm.addUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, user.NewAddUsernameUniqueConstraint(e.UserName, e.Aggregate().ResourceOwner, policy.UserLoginMustBeDomain))
case *user.MachineAddedEvent: case *user.MachineAddedEvent:
policy, err := rm.commandProvider.getOrgIAMPolicy(rm.ctx, e.ResourceOwner()) policy, err := rm.commandProvider.getOrgIAMPolicy(rm.ctx, e.Aggregate().ResourceOwner)
if err != nil { if err != nil {
logging.Log("COMMAND-2n8vs").WithError(err).Error("could not read policy for machine added event unique constraint") logging.Log("COMMAND-2n8vs").WithError(err).Error("could not read policy for machine added event unique constraint")
continue continue
} }
rm.addUniqueConstraint(e.AggregateID(), e.AggregateID(), user.NewAddUsernameUniqueConstraint(e.UserName, e.ResourceOwner(), policy.UserLoginMustBeDomain)) rm.addUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, user.NewAddUsernameUniqueConstraint(e.UserName, e.Aggregate().ResourceOwner, policy.UserLoginMustBeDomain))
case *user.UserRemovedEvent: case *user.UserRemovedEvent:
rm.removeUniqueConstraint(e.AggregateID(), e.AggregateID(), user.UniqueUsername) rm.removeUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, user.UniqueUsername)
case *user.UsernameChangedEvent: case *user.UsernameChangedEvent:
policy, err := rm.commandProvider.getOrgIAMPolicy(rm.ctx, e.ResourceOwner()) policy, err := rm.commandProvider.getOrgIAMPolicy(rm.ctx, e.Aggregate().ResourceOwner)
if err != nil { if err != nil {
logging.Log("COMMAND-5n8gk").WithError(err).Error("could not read policy for username changed event unique constraint") logging.Log("COMMAND-5n8gk").WithError(err).Error("could not read policy for username changed event unique constraint")
continue continue
} }
rm.changeUniqueConstraint(e.AggregateID(), e.AggregateID(), user.NewAddUsernameUniqueConstraint(e.UserName, e.ResourceOwner(), policy.UserLoginMustBeDomain)) rm.changeUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, user.NewAddUsernameUniqueConstraint(e.UserName, e.Aggregate().ResourceOwner, policy.UserLoginMustBeDomain))
case *user.DomainClaimedEvent: case *user.DomainClaimedEvent:
policy, err := rm.commandProvider.getOrgIAMPolicy(rm.ctx, e.ResourceOwner()) policy, err := rm.commandProvider.getOrgIAMPolicy(rm.ctx, e.Aggregate().ResourceOwner)
if err != nil { if err != nil {
logging.Log("COMMAND-xb8uf").WithError(err).Error("could not read policy for domain claimed event unique constraint") logging.Log("COMMAND-xb8uf").WithError(err).Error("could not read policy for domain claimed event unique constraint")
continue continue
} }
rm.changeUniqueConstraint(e.AggregateID(), e.AggregateID(), user.NewAddUsernameUniqueConstraint(e.UserName, e.ResourceOwner(), policy.UserLoginMustBeDomain)) rm.changeUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, user.NewAddUsernameUniqueConstraint(e.UserName, e.Aggregate().ResourceOwner, policy.UserLoginMustBeDomain))
case *user.HumanExternalIDPAddedEvent: case *user.HumanExternalIDPAddedEvent:
rm.addUniqueConstraint(e.AggregateID(), e.IDPConfigID+e.ExternalUserID, user.NewAddExternalIDPUniqueConstraint(e.IDPConfigID, e.ExternalUserID)) rm.addUniqueConstraint(e.Aggregate().ID, e.IDPConfigID+e.ExternalUserID, user.NewAddExternalIDPUniqueConstraint(e.IDPConfigID, e.ExternalUserID))
case *user.HumanExternalIDPRemovedEvent: case *user.HumanExternalIDPRemovedEvent:
rm.removeUniqueConstraint(e.AggregateID(), e.IDPConfigID+e.ExternalUserID, user.UniqueExternalIDPType) rm.removeUniqueConstraint(e.Aggregate().ID, e.IDPConfigID+e.ExternalUserID, user.UniqueExternalIDPType)
case *user.HumanExternalIDPCascadeRemovedEvent: case *user.HumanExternalIDPCascadeRemovedEvent:
rm.removeUniqueConstraint(e.AggregateID(), e.IDPConfigID+e.ExternalUserID, user.UniqueExternalIDPType) rm.removeUniqueConstraint(e.Aggregate().ID, e.IDPConfigID+e.ExternalUserID, user.UniqueExternalIDPType)
case *usergrant.UserGrantAddedEvent: case *usergrant.UserGrantAddedEvent:
rm.addUniqueConstraint(e.AggregateID(), e.AggregateID(), usergrant.NewAddUserGrantUniqueConstraint(e.ResourceOwner(), e.UserID, e.ProjectID, e.ProjectGrantID)) rm.addUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, usergrant.NewAddUserGrantUniqueConstraint(e.Aggregate().ResourceOwner, e.UserID, e.ProjectID, e.ProjectGrantID))
case *usergrant.UserGrantRemovedEvent: case *usergrant.UserGrantRemovedEvent:
rm.removeUniqueConstraint(e.AggregateID(), e.AggregateID(), usergrant.UniqueUserGrant) rm.removeUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, usergrant.UniqueUserGrant)
case *usergrant.UserGrantCascadeRemovedEvent: case *usergrant.UserGrantCascadeRemovedEvent:
rm.removeUniqueConstraint(e.AggregateID(), e.AggregateID(), usergrant.UniqueUserGrant) rm.removeUniqueConstraint(e.Aggregate().ID, e.Aggregate().ID, usergrant.UniqueUserGrant)
case *iam.MemberAddedEvent: case *iam.MemberAddedEvent:
rm.addUniqueConstraint(e.AggregateID(), e.UserID, member.NewAddMemberUniqueConstraint(e.AggregateID(), e.UserID)) rm.addUniqueConstraint(e.Aggregate().ID, e.UserID, member.NewAddMemberUniqueConstraint(e.Aggregate().ID, e.UserID))
case *iam.MemberRemovedEvent: case *iam.MemberRemovedEvent:
rm.removeUniqueConstraint(e.AggregateID(), e.UserID, member.UniqueMember) rm.removeUniqueConstraint(e.Aggregate().ID, e.UserID, member.UniqueMember)
case *org.MemberAddedEvent: case *org.MemberAddedEvent:
rm.addUniqueConstraint(e.AggregateID(), e.UserID, member.NewAddMemberUniqueConstraint(e.AggregateID(), e.UserID)) rm.addUniqueConstraint(e.Aggregate().ID, e.UserID, member.NewAddMemberUniqueConstraint(e.Aggregate().ID, e.UserID))
case *org.MemberRemovedEvent: case *org.MemberRemovedEvent:
rm.removeUniqueConstraint(e.AggregateID(), e.UserID, member.UniqueMember) rm.removeUniqueConstraint(e.Aggregate().ID, e.UserID, member.UniqueMember)
case *project.MemberAddedEvent: case *project.MemberAddedEvent:
rm.addUniqueConstraint(e.AggregateID(), e.UserID, member.NewAddMemberUniqueConstraint(e.AggregateID(), e.UserID)) rm.addUniqueConstraint(e.Aggregate().ID, e.UserID, member.NewAddMemberUniqueConstraint(e.Aggregate().ID, e.UserID))
case *project.MemberRemovedEvent: case *project.MemberRemovedEvent:
rm.removeUniqueConstraint(e.AggregateID(), e.UserID, member.UniqueMember) rm.removeUniqueConstraint(e.Aggregate().ID, e.UserID, member.UniqueMember)
} }
} }
return nil return nil
} }
func (rm *UniqueConstraintReadModel) Query() *eventstore.SearchQueryBuilder { func (rm *UniqueConstraintReadModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType, org.AggregateType, project.AggregateType, user.AggregateType, usergrant.AggregateType). return eventstore.NewSearchQueryBuilder(
eventstore.ColumnsEvent,
iam.AggregateType,
org.AggregateType,
project.AggregateType,
user.AggregateType,
usergrant.AggregateType).
EventTypes( EventTypes(
org.OrgAddedEventType, org.OrgAddedEventType,
org.OrgChangedEventType, org.OrgChangedEventType,

144
internal/v2/command/user.go
View File

@ -3,196 +3,203 @@ package command
import ( import (
"context" "context"
"fmt" "fmt"
"github.com/caos/logging"
auth_req_model "github.com/caos/zitadel/internal/auth_request/model"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/v2"
"strings"
"time" "time"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/logging"
caos_errs "github.com/caos/zitadel/internal/errors" caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
"github.com/caos/zitadel/internal/v2/repository/user" "github.com/caos/zitadel/internal/v2/repository/user"
) )
func (r *CommandSide) ChangeUsername(ctx context.Context, orgID, userID, userName string) error { func (cs *CommandSide) ChangeUsername(ctx context.Context, orgID, userID, userName string) error {
if orgID == "" || userID == "" || userName == "" { if orgID == "" || userID == "" || userName == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2N9fs", "Errors.IDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2N9fs", "Errors.IDMissing")
} }
existingUser, err := r.userWriteModelByID(ctx, userID, orgID)
existingUser, err := cs.userWriteModelByID(ctx, userID, orgID)
if err != nil { if err != nil {
return err return err
} }
if existingUser.UserState == domain.UserStateUnspecified || existingUser.UserState == domain.UserStateDeleted {
if !isUserStateExists(existingUser.UserState) {
return caos_errs.ThrowNotFound(nil, "COMMAND-5N9ds", "Errors.User.NotFound") return caos_errs.ThrowNotFound(nil, "COMMAND-5N9ds", "Errors.User.NotFound")
} }
if existingUser.UserName == userName { if existingUser.UserName == userName {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-6m9gs", "Errors.User.UsernameNotChanged") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-6m9gs", "Errors.User.UsernameNotChanged")
} }
orgIAMPolicy, err := r.getOrgIAMPolicy(ctx, orgID) orgIAMPolicy, err := cs.getOrgIAMPolicy(ctx, orgID)
if err != nil { if err != nil {
return err return err
} }
if err := CheckOrgIAMPolicyForUserName(userName, orgIAMPolicy); err != nil { if err := CheckOrgIAMPolicyForUserName(userName, orgIAMPolicy); err != nil {
return err return err
} }
userAgg := UserAggregateFromWriteModel(&existingUser.WriteModel) userAgg := UserAggregateFromWriteModel(&existingUser.WriteModel)
userAgg.PushEvents(user.NewUsernameChangedEvent(ctx, existingUser.UserName, userName, orgIAMPolicy.UserLoginMustBeDomain))
return r.eventstore.PushAggregate(ctx, existingUser, userAgg) _, err = cs.eventstore.PushEvents(ctx,
user.NewUsernameChangedEvent(ctx, userAgg, existingUser.UserName, userName, orgIAMPolicy.UserLoginMustBeDomain))
return err
} }
func (r *CommandSide) DeactivateUser(ctx context.Context, userID, resourceOwner string) error { func (r *CommandSide) DeactivateUser(ctx context.Context, userID, resourceOwner string) error {
if userID == "" { if userID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-m0gDf", "Errors.User.UserIDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-m0gDf", "Errors.User.UserIDMissing")
} }
existingUser, err := r.userWriteModelByID(ctx, userID, resourceOwner) existingUser, err := r.userWriteModelByID(ctx, userID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
if existingUser.UserState == domain.UserStateUnspecified || existingUser.UserState == domain.UserStateDeleted { if !isUserStateExists(existingUser.UserState) {
return caos_errs.ThrowNotFound(nil, "COMMAND-3M9ds", "Errors.User.NotFound") return caos_errs.ThrowNotFound(nil, "COMMAND-3M9ds", "Errors.User.NotFound")
} }
if existingUser.UserState == domain.UserStateInactive { if isUserStateInactive(existingUser.UserState) {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-5M0sf", "Errors.User.AlreadyInactive") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-5M0sf", "Errors.User.AlreadyInactive")
} }
userAgg := UserAggregateFromWriteModel(&existingUser.WriteModel)
userAgg.PushEvents(user.NewUserDeactivatedEvent(ctx))
return r.eventstore.PushAggregate(ctx, existingUser, userAgg) _, err = r.eventstore.PushEvents(ctx,
user.NewUserDeactivatedEvent(ctx, UserAggregateFromWriteModel(&existingUser.WriteModel)))
return err
} }
func (r *CommandSide) ReactivateUser(ctx context.Context, userID, resourceOwner string) error { func (r *CommandSide) ReactivateUser(ctx context.Context, userID, resourceOwner string) error {
if userID == "" { if userID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4M9ds", "Errors.User.UserIDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4M9ds", "Errors.User.UserIDMissing")
} }
existingUser, err := r.userWriteModelByID(ctx, userID, resourceOwner) existingUser, err := r.userWriteModelByID(ctx, userID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
if existingUser.UserState == domain.UserStateUnspecified || existingUser.UserState == domain.UserStateDeleted { if !isUserStateExists(existingUser.UserState) {
return caos_errs.ThrowNotFound(nil, "COMMAND-4M0sd", "Errors.User.NotFound") return caos_errs.ThrowNotFound(nil, "COMMAND-4M0sd", "Errors.User.NotFound")
} }
if existingUser.UserState != domain.UserStateInactive { if !isUserStateInactive(existingUser.UserState) {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-6M0sf", "Errors.User.NotInactive") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-6M0sf", "Errors.User.NotInactive")
} }
userAgg := UserAggregateFromWriteModel(&existingUser.WriteModel)
userAgg.PushEvents(user.NewUserReactivatedEvent(ctx))
return r.eventstore.PushAggregate(ctx, existingUser, userAgg) _, err = r.eventstore.PushEvents(ctx,
user.NewUserReactivatedEvent(ctx, UserAggregateFromWriteModel(&existingUser.WriteModel)))
return err
} }
func (r *CommandSide) LockUser(ctx context.Context, userID, resourceOwner string) error { func (r *CommandSide) LockUser(ctx context.Context, userID, resourceOwner string) error {
if userID == "" { if userID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M0sd", "Errors.User.UserIDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M0sd", "Errors.User.UserIDMissing")
} }
existingUser, err := r.userWriteModelByID(ctx, userID, resourceOwner) existingUser, err := r.userWriteModelByID(ctx, userID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
if existingUser.UserState == domain.UserStateUnspecified || existingUser.UserState == domain.UserStateDeleted { if !isUserStateExists(existingUser.UserState) {
return caos_errs.ThrowNotFound(nil, "COMMAND-5M9fs", "Errors.User.NotFound") return caos_errs.ThrowNotFound(nil, "COMMAND-5M9fs", "Errors.User.NotFound")
} }
if existingUser.UserState != domain.UserStateActive && existingUser.UserState != domain.UserStateInitial { if !hasUserState(existingUser.UserState, domain.UserStateActive, domain.UserStateInitial) {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3NN8v", "Errors.User.ShouldBeActiveOrInitial") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3NN8v", "Errors.User.ShouldBeActiveOrInitial")
} }
userAgg := UserAggregateFromWriteModel(&existingUser.WriteModel)
userAgg.PushEvents(user.NewUserLockedEvent(ctx))
return r.eventstore.PushAggregate(ctx, existingUser, userAgg) _, err = r.eventstore.PushEvents(ctx,
user.NewUserLockedEvent(ctx, UserAggregateFromWriteModel(&existingUser.WriteModel)))
return err
} }
func (r *CommandSide) UnlockUser(ctx context.Context, userID, resourceOwner string) error { func (r *CommandSide) UnlockUser(ctx context.Context, userID, resourceOwner string) error {
if userID == "" { if userID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-M0dse", "Errors.User.UserIDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-M0dse", "Errors.User.UserIDMissing")
} }
existingUser, err := r.userWriteModelByID(ctx, userID, resourceOwner) existingUser, err := r.userWriteModelByID(ctx, userID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
if existingUser.UserState == domain.UserStateUnspecified || existingUser.UserState == domain.UserStateDeleted { if !isUserStateExists(existingUser.UserState) {
return caos_errs.ThrowNotFound(nil, "COMMAND-M0dos", "Errors.User.NotFound") return caos_errs.ThrowNotFound(nil, "COMMAND-M0dos", "Errors.User.NotFound")
} }
if existingUser.UserState != domain.UserStateLocked { if !hasUserState(existingUser.UserState, domain.UserStateLocked) {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4M0ds", "Errors.User.NotLocked") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4M0ds", "Errors.User.NotLocked")
} }
userAgg := UserAggregateFromWriteModel(&existingUser.WriteModel)
userAgg.PushEvents(user.NewUserUnlockedEvent(ctx))
return r.eventstore.PushAggregate(ctx, existingUser, userAgg) _, err = r.eventstore.PushEvents(ctx,
user.NewUserUnlockedEvent(ctx, UserAggregateFromWriteModel(&existingUser.WriteModel)))
return err
} }
func (r *CommandSide) RemoveUser(ctx context.Context, userID, resourceOwner string, cascadingGrantIDs ...string) error { func (r *CommandSide) RemoveUser(ctx context.Context, userID, resourceOwner string, cascadingGrantIDs ...string) error {
if userID == "" { if userID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M0ds", "Errors.User.UserIDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M0ds", "Errors.User.UserIDMissing")
} }
existingUser, err := r.userWriteModelByID(ctx, userID, resourceOwner) existingUser, err := r.userWriteModelByID(ctx, userID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
if existingUser.UserState == domain.UserStateUnspecified || existingUser.UserState == domain.UserStateDeleted { if !isUserStateExists(existingUser.UserState) {
return caos_errs.ThrowNotFound(nil, "COMMAND-5M0od", "Errors.User.NotFound") return caos_errs.ThrowNotFound(nil, "COMMAND-5M0od", "Errors.User.NotFound")
} }
orgIAMPolicy, err := r.getOrgIAMPolicy(ctx, existingUser.ResourceOwner) orgIAMPolicy, err := r.getOrgIAMPolicy(ctx, existingUser.ResourceOwner)
if err != nil { if err != nil {
return err return err
} }
aggregates := make([]eventstore.Aggregater, 0) var events []eventstore.EventPusher
userAgg := UserAggregateFromWriteModel(&existingUser.WriteModel) userAgg := UserAggregateFromWriteModel(&existingUser.WriteModel)
userAgg.PushEvents(user.NewUserRemovedEvent(ctx, existingUser.ResourceOwner, existingUser.UserName, orgIAMPolicy.UserLoginMustBeDomain)) events = append(events, user.NewUserRemovedEvent(ctx, userAgg, existingUser.UserName, orgIAMPolicy.UserLoginMustBeDomain))
aggregates = append(aggregates, userAgg)
for _, grantID := range cascadingGrantIDs { for _, grantID := range cascadingGrantIDs {
grantAgg, _, err := r.removeUserGrant(ctx, grantID, "", true) removeEvent, err := r.removeUserGrant(ctx, grantID, "", true)
if err != nil { if err != nil {
logging.LogWithFields("COMMAND-5m9oL", "usergrantid", grantID).WithError(err).Warn("could not cascade remove role on user grant") logging.LogWithFields("COMMAND-5m9oL", "usergrantid", grantID).WithError(err).Warn("could not cascade remove role on user grant")
continue continue
} }
aggregates = append(aggregates, grantAgg) events = append(events, removeEvent)
} }
_, err = r.eventstore.PushAggregates(ctx, aggregates...) _, err = r.eventstore.PushEvents(ctx, events...)
return err return err
} }
func (r *CommandSide) CreateUserToken(ctx context.Context, orgID, agentID, clientID, userID string, audience, scopes []string, lifetime time.Duration) (*domain.Token, error) { func (r *CommandSide) AddUserToken(ctx context.Context, orgID, agentID, clientID, userID string, audience, scopes []string, lifetime time.Duration) (*domain.Token, error) {
if orgID == "" || userID == "" { if orgID == "" || userID == "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-55n8M", "Errors.IDMissing") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-55n8M", "Errors.IDMissing")
} }
existingUser, err := r.userWriteModelByID(ctx, userID, orgID) existingUser, err := r.userWriteModelByID(ctx, userID, orgID)
if err != nil { if err != nil {
return nil, err return nil, err
} }
if existingUser.UserState == domain.UserStateUnspecified || existingUser.UserState == domain.UserStateDeleted { if !isUserStateExists(existingUser.UserState) {
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-1d6Gg", "Errors.User.NotFound") return nil, caos_errs.ThrowNotFound(nil, "COMMAND-1d6Gg", "Errors.User.NotFound")
} }
for _, scope := range scopes { audience = domain.AddAudScopeToAudience(audience, scopes)
if strings.HasPrefix(scope, auth_req_model.ProjectIDScope) && strings.HasSuffix(scope, auth_req_model.AudSuffix) {
audience = append(audience, strings.TrimSuffix(strings.TrimPrefix(scope, auth_req_model.ProjectIDScope), auth_req_model.AudSuffix))
}
}
preferredLanguage := "" preferredLanguage := ""
existingHuman, err := r.getHumanWriteModelByID(ctx, userID, orgID) existingHuman, err := r.getHumanWriteModelByID(ctx, userID, orgID)
if existingHuman != nil { if existingHuman != nil {
preferredLanguage = existingHuman.PreferredLanguage.String() preferredLanguage = existingHuman.PreferredLanguage.String()
} }
now := time.Now().UTC() expiration := time.Now().UTC().Add(lifetime)
tokenID, err := r.idGenerator.Next() tokenID, err := r.idGenerator.Next()
if err != nil { if err != nil {
return nil, err return nil, err
} }
userAgg := UserAggregateFromWriteModel(&existingUser.WriteModel) userAgg := UserAggregateFromWriteModel(&existingUser.WriteModel)
userAgg.PushEvents(user.NewUserTokenAddedEvent(ctx, tokenID, clientID, agentID, preferredLanguage, audience, scopes, now.Add(lifetime))) _, err = r.eventstore.PushEvents(ctx,
user.NewUserTokenAddedEvent(ctx, userAgg, tokenID, clientID, agentID, preferredLanguage, audience, scopes, expiration))
err = r.eventstore.PushAggregate(ctx, existingUser, userAgg)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return &domain.Token{ return &domain.Token{
ObjectRoot: models.ObjectRoot{ ObjectRoot: models.ObjectRoot{
AggregateID: userID, AggregateID: userID,
@ -202,12 +209,12 @@ func (r *CommandSide) CreateUserToken(ctx context.Context, orgID, agentID, clien
ApplicationID: clientID, ApplicationID: clientID,
Audience: audience, Audience: audience,
Scopes: scopes, Scopes: scopes,
Expiration: now.Add(lifetime), Expiration: expiration,
PreferredLanguage: preferredLanguage, PreferredLanguage: preferredLanguage,
}, nil }, nil
} }
func (r *CommandSide) userDomainClaimed(ctx context.Context, userID string) (_ *user.Aggregate, _ *UserWriteModel, err error) { func (r *CommandSide) userDomainClaimed(ctx context.Context, userID string) (events []eventstore.EventPusher, _ *UserWriteModel, err error) {
existingUser, err := r.userWriteModelByID(ctx, userID, "") existingUser, err := r.userWriteModelByID(ctx, userID, "")
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
@ -227,8 +234,14 @@ func (r *CommandSide) userDomainClaimed(ctx context.Context, userID string) (_ *
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
userAgg.PushEvents(user.NewDomainClaimedEvent(ctx, fmt.Sprintf("%s@temporary.%s", id, r.iamDomain), existingUser.UserName, orgIAMPolicy.UserLoginMustBeDomain)) return []eventstore.EventPusher{
return userAgg, changedUserGrant, nil user.NewDomainClaimedEvent(
ctx,
userAgg,
fmt.Sprintf("%s@temporary.%s", id, r.iamDomain),
existingUser.UserName,
orgIAMPolicy.UserLoginMustBeDomain),
}, changedUserGrant, nil
} }
func (r *CommandSide) UserDomainClaimedSent(ctx context.Context, orgID, userID string) (err error) { func (r *CommandSide) UserDomainClaimedSent(ctx context.Context, orgID, userID string) (err error) {
@ -236,20 +249,21 @@ func (r *CommandSide) UserDomainClaimedSent(ctx context.Context, orgID, userID s
if err != nil { if err != nil {
return err return err
} }
if existingUser.UserState == domain.UserStateUnspecified || existingUser.UserState == domain.UserStateDeleted { if !isUserStateExists(existingUser.UserState) {
return caos_errs.ThrowNotFound(nil, "COMMAND-5m9gK", "Errors.User.NotFound") return caos_errs.ThrowNotFound(nil, "COMMAND-5m9gK", "Errors.User.NotFound")
} }
userAgg := UserAggregateFromWriteModel(&existingUser.WriteModel)
userAgg.PushEvents(user.NewDomainClaimedSentEvent(ctx)) _, err = r.eventstore.PushEvents(ctx,
return r.eventstore.PushAggregate(ctx, existingUser, userAgg) user.NewDomainClaimedSentEvent(ctx, UserAggregateFromWriteModel(&existingUser.WriteModel)))
return err
} }
func (r *CommandSide) checkUserExists(ctx context.Context, userID, resourceOwner string) error { func (r *CommandSide) checkUserExists(ctx context.Context, userID, resourceOwner string) error {
userWriteModel, err := r.userWriteModelByID(ctx, userID, resourceOwner) existingUser, err := r.userWriteModelByID(ctx, userID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
if userWriteModel.UserState == domain.UserStateUnspecified || userWriteModel.UserState == domain.UserStateDeleted { if !isUserStateExists(existingUser.UserState) {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4M0fs", "Errors.User.NotFound") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4M0fs", "Errors.User.NotFound")
} }
return nil return nil
@ -266,15 +280,3 @@ func (r *CommandSide) userWriteModelByID(ctx context.Context, userID, resourceOw
} }
return writeModel, nil return writeModel, nil
} }
func (r *CommandSide) userReadModelByID(ctx context.Context, userID, resourceOwner string) (writeModel *UserWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
writeModel = NewUserWriteModel(userID, resourceOwner)
err = r.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil {
return nil, err
}
return writeModel, nil
}

165
internal/v2/command/user_grant.go
View File

@ -2,28 +2,33 @@ package command
import ( import (
"context" "context"
"reflect"
caos_errs "github.com/caos/zitadel/internal/errors" caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v2" "github.com/caos/zitadel/internal/eventstore/v2"
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
"github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/domain"
"github.com/caos/zitadel/internal/v2/repository/usergrant" "github.com/caos/zitadel/internal/v2/repository/usergrant"
"reflect"
) )
func (r *CommandSide) AddUserGrant(ctx context.Context, usergrant *domain.UserGrant, resourceOwner string) (_ *domain.UserGrant, err error) { func (r *CommandSide) AddUserGrant(ctx context.Context, usergrant *domain.UserGrant, resourceOwner string) (_ *domain.UserGrant, err error) {
userGrantAgg, addedUserGrant, err := r.addUserGrant(ctx, usergrant, resourceOwner) event, addedUserGrant, err := r.addUserGrant(ctx, usergrant, resourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
err = r.eventstore.PushAggregate(ctx, addedUserGrant, userGrantAgg) pushedEvents, err := r.eventstore.PushEvents(ctx, event)
if err != nil { if err != nil {
return nil, err return nil, err
} }
err = AppendAndReduce(addedUserGrant, pushedEvents...)
if err != nil {
return nil, err
}
return userGrantWriteModelToUserGrant(addedUserGrant), nil return userGrantWriteModelToUserGrant(addedUserGrant), nil
} }
func (r *CommandSide) addUserGrant(ctx context.Context, userGrant *domain.UserGrant, resourceOwner string) (_ *usergrant.Aggregate, _ *UserGrantWriteModel, err error) { func (r *CommandSide) addUserGrant(ctx context.Context, userGrant *domain.UserGrant, resourceOwner string) (pusher eventstore.EventPusher, _ *UserGrantWriteModel, err error) {
err = checkExplicitProjectPermission(ctx, userGrant.ProjectGrantID, userGrant.ProjectID) err = checkExplicitProjectPermission(ctx, userGrant.ProjectGrantID, userGrant.ProjectID)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
@ -43,36 +48,37 @@ func (r *CommandSide) addUserGrant(ctx context.Context, userGrant *domain.UserGr
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
addedUserGrant := NewUserGrantWriteModel(userGrant.AggregateID, resourceOwner) addedUserGrant := NewUserGrantWriteModel(userGrant.AggregateID, resourceOwner)
userGrantAgg := UserGrantAggregateFromWriteModel(&addedUserGrant.WriteModel) userGrantAgg := UserGrantAggregateFromWriteModel(&addedUserGrant.WriteModel)
pusher = usergrant.NewUserGrantAddedEvent(
userGrantAgg.PushEvents( ctx,
usergrant.NewUserGrantAddedEvent( userGrantAgg,
ctx, userGrant.UserID,
resourceOwner, userGrant.ProjectID,
userGrant.UserID, userGrant.ProjectGrantID,
userGrant.ProjectID, userGrant.RoleKeys,
userGrant.ProjectGrantID,
userGrant.RoleKeys,
),
) )
return userGrantAgg, addedUserGrant, nil return pusher, addedUserGrant, nil
} }
func (r *CommandSide) ChangeUserGrant(ctx context.Context, userGrant *domain.UserGrant, resourceOwner string) (_ *domain.UserGrant, err error) { func (r *CommandSide) ChangeUserGrant(ctx context.Context, userGrant *domain.UserGrant, resourceOwner string) (_ *domain.UserGrant, err error) {
userGrantAgg, addedUserGrant, err := r.changeUserGrant(ctx, userGrant, resourceOwner, false) event, changedUserGrant, err := r.changeUserGrant(ctx, userGrant, resourceOwner, false)
if err != nil { if err != nil {
return nil, err return nil, err
} }
err = r.eventstore.PushAggregate(ctx, addedUserGrant, userGrantAgg) pushedEvents, err := r.eventstore.PushEvents(ctx, event)
if err != nil { if err != nil {
return nil, err return nil, err
} }
err = AppendAndReduce(changedUserGrant, pushedEvents...)
return userGrantWriteModelToUserGrant(addedUserGrant), nil if err != nil {
return nil, err
}
return userGrantWriteModelToUserGrant(changedUserGrant), nil
} }
func (r *CommandSide) changeUserGrant(ctx context.Context, userGrant *domain.UserGrant, resourceOwner string, cascade bool) (_ *usergrant.Aggregate, _ *UserGrantWriteModel, err error) { func (r *CommandSide) changeUserGrant(ctx context.Context, userGrant *domain.UserGrant, resourceOwner string, cascade bool) (_ eventstore.EventPusher, _ *UserGrantWriteModel, err error) {
err = checkExplicitProjectPermission(ctx, userGrant.ProjectGrantID, userGrant.ProjectID) err = checkExplicitProjectPermission(ctx, userGrant.ProjectGrantID, userGrant.ProjectID)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
@ -95,26 +101,19 @@ func (r *CommandSide) changeUserGrant(ctx context.Context, userGrant *domain.Use
changedUserGrant := NewUserGrantWriteModel(userGrant.AggregateID, resourceOwner) changedUserGrant := NewUserGrantWriteModel(userGrant.AggregateID, resourceOwner)
userGrantAgg := UserGrantAggregateFromWriteModel(&changedUserGrant.WriteModel) userGrantAgg := UserGrantAggregateFromWriteModel(&changedUserGrant.WriteModel)
if !cascade { if cascade {
userGrantAgg.PushEvents( return usergrant.NewUserGrantCascadeChangedEvent(ctx, userGrantAgg, userGrant.RoleKeys), existingUserGrant, nil
usergrant.NewUserGrantChangedEvent(ctx, userGrant.RoleKeys),
)
} else {
userGrantAgg.PushEvents(
usergrant.NewUserGrantCascadeChangedEvent(ctx, userGrant.RoleKeys),
)
} }
return usergrant.NewUserGrantChangedEvent(ctx, userGrantAgg, userGrant.RoleKeys), existingUserGrant, nil
return userGrantAgg, changedUserGrant, nil
} }
func (r *CommandSide) removeRoleFromUserGrant(ctx context.Context, userGrantID string, roleKeys []string, cascade bool) (_ *usergrant.Aggregate, _ *UserGrantWriteModel, err error) { func (r *CommandSide) removeRoleFromUserGrant(ctx context.Context, userGrantID string, roleKeys []string, cascade bool) (_ eventstore.EventPusher, err error) {
existingUserGrant, err := r.userGrantWriteModelByID(ctx, userGrantID, "") existingUserGrant, err := r.userGrantWriteModelByID(ctx, userGrantID, "")
if err != nil { if err != nil {
return nil, nil, err return nil, err
} }
if existingUserGrant.State == domain.UserGrantStateUnspecified || existingUserGrant.State == domain.UserGrantStateRemoved { if existingUserGrant.State == domain.UserGrantStateUnspecified || existingUserGrant.State == domain.UserGrantStateRemoved {
return nil, nil, caos_errs.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.UserGrant.NotFound") return nil, caos_errs.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.UserGrant.NotFound")
} }
keyExists := false keyExists := false
for i, key := range existingUserGrant.RoleKeys { for i, key := range existingUserGrant.RoleKeys {
@ -129,22 +128,16 @@ func (r *CommandSide) removeRoleFromUserGrant(ctx context.Context, userGrantID s
} }
} }
if !keyExists { if !keyExists {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-5m8g9", "Errors.UserGrant.RoleKeyNotFound") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-5m8g9", "Errors.UserGrant.RoleKeyNotFound")
} }
changedUserGrant := NewUserGrantWriteModel(userGrantID, "") changedUserGrant := NewUserGrantWriteModel(userGrantID, "")
userGrantAgg := UserGrantAggregateFromWriteModel(&changedUserGrant.WriteModel) userGrantAgg := UserGrantAggregateFromWriteModel(&changedUserGrant.WriteModel)
if !cascade { if cascade {
userGrantAgg.PushEvents( return usergrant.NewUserGrantCascadeChangedEvent(ctx, userGrantAgg, existingUserGrant.RoleKeys), nil
usergrant.NewUserGrantChangedEvent(ctx, existingUserGrant.RoleKeys),
)
} else {
userGrantAgg.PushEvents(
usergrant.NewUserGrantCascadeChangedEvent(ctx, existingUserGrant.RoleKeys),
)
} }
return userGrantAgg, changedUserGrant, nil return usergrant.NewUserGrantChangedEvent(ctx, userGrantAgg, existingUserGrant.RoleKeys), nil
} }
func (r *CommandSide) DeactivateUserGrant(ctx context.Context, grantID, resourceOwner string) (err error) { func (r *CommandSide) DeactivateUserGrant(ctx context.Context, grantID, resourceOwner string) (err error) {
@ -169,11 +162,8 @@ func (r *CommandSide) DeactivateUserGrant(ctx context.Context, grantID, resource
deactivateUserGrant := NewUserGrantWriteModel(grantID, resourceOwner) deactivateUserGrant := NewUserGrantWriteModel(grantID, resourceOwner)
userGrantAgg := UserGrantAggregateFromWriteModel(&deactivateUserGrant.WriteModel) userGrantAgg := UserGrantAggregateFromWriteModel(&deactivateUserGrant.WriteModel)
userGrantAgg.PushEvents( _, err = r.eventstore.PushEvents(ctx, usergrant.NewUserGrantDeactivatedEvent(ctx, userGrantAgg))
usergrant.NewUserGrantDeactivatedEvent(ctx), return err
)
return r.eventstore.PushAggregate(ctx, deactivateUserGrant, userGrantAgg)
} }
func (r *CommandSide) ReactivateUserGrant(ctx context.Context, grantID, resourceOwner string) (err error) { func (r *CommandSide) ReactivateUserGrant(ctx context.Context, grantID, resourceOwner string) (err error) {
@ -198,78 +188,69 @@ func (r *CommandSide) ReactivateUserGrant(ctx context.Context, grantID, resource
deactivateUserGrant := NewUserGrantWriteModel(grantID, resourceOwner) deactivateUserGrant := NewUserGrantWriteModel(grantID, resourceOwner)
userGrantAgg := UserGrantAggregateFromWriteModel(&deactivateUserGrant.WriteModel) userGrantAgg := UserGrantAggregateFromWriteModel(&deactivateUserGrant.WriteModel)
userGrantAgg.PushEvents( _, err = r.eventstore.PushEvents(ctx, usergrant.NewUserGrantReactivatedEvent(ctx, userGrantAgg))
usergrant.NewUserGrantReactivatedEvent(ctx), return err
)
return r.eventstore.PushAggregate(ctx, deactivateUserGrant, userGrantAgg)
} }
func (r *CommandSide) RemoveUserGrant(ctx context.Context, grantID, resourceOwner string) (err error) { func (r *CommandSide) RemoveUserGrant(ctx context.Context, grantID, resourceOwner string) (err error) {
userGrantAgg, removeUserGrant, err := r.removeUserGrant(ctx, grantID, resourceOwner, false) event, err := r.removeUserGrant(ctx, grantID, resourceOwner, false)
if err != nil { if err != nil {
return nil return nil
} }
return r.eventstore.PushAggregate(ctx, removeUserGrant, userGrantAgg) _, err = r.eventstore.PushEvents(ctx, event)
}
func (r *CommandSide) BulkRemoveUserGrant(ctx context.Context, grantIDs []string, resourceOwner string) (err error) {
aggregates := make([]eventstore.Aggregater, len(grantIDs))
for i, grantID := range grantIDs {
userGrantAgg, _, err := r.removeUserGrant(ctx, grantID, resourceOwner, false)
if err != nil {
return nil
}
aggregates[i] = userGrantAgg
}
_, err = r.eventstore.PushAggregates(ctx, aggregates...)
return err return err
} }
func (r *CommandSide) removeUserGrant(ctx context.Context, grantID, resourceOwner string, cascade bool) (_ *usergrant.Aggregate, _ *UserGrantWriteModel, err error) { func (r *CommandSide) BulkRemoveUserGrant(ctx context.Context, grantIDs []string, resourceOwner string) (err error) {
events := make([]eventstore.EventPusher, len(grantIDs))
for i, grantID := range grantIDs {
event, err := r.removeUserGrant(ctx, grantID, resourceOwner, false)
if err != nil {
return nil
}
events[i] = event
}
_, err = r.eventstore.PushEvents(ctx, events...)
return err
}
func (r *CommandSide) removeUserGrant(ctx context.Context, grantID, resourceOwner string, cascade bool) (_ eventstore.EventPusher, err error) {
if grantID == "" { if grantID == "" {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-J9sc5", "Errors.UserGrant.IDMissing") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-J9sc5", "Errors.UserGrant.IDMissing")
} }
existingUserGrant, err := r.userGrantWriteModelByID(ctx, grantID, resourceOwner) existingUserGrant, err := r.userGrantWriteModelByID(ctx, grantID, resourceOwner)
if err != nil { if err != nil {
return nil, nil, err return nil, err
} }
if !cascade { if !cascade {
err = checkExplicitProjectPermission(ctx, existingUserGrant.ProjectGrantID, existingUserGrant.ProjectID) err = checkExplicitProjectPermission(ctx, existingUserGrant.ProjectGrantID, existingUserGrant.ProjectID)
if err != nil { if err != nil {
return nil, nil, err return nil, err
} }
} }
if existingUserGrant.State == domain.UserGrantStateUnspecified || existingUserGrant.State == domain.UserGrantStateRemoved { if existingUserGrant.State == domain.UserGrantStateUnspecified || existingUserGrant.State == domain.UserGrantStateRemoved {
return nil, nil, caos_errs.ThrowNotFound(nil, "COMMAND-1My0t", "Errors.UserGrant.NotFound") return nil, caos_errs.ThrowNotFound(nil, "COMMAND-1My0t", "Errors.UserGrant.NotFound")
} }
removeUserGrant := NewUserGrantWriteModel(grantID, resourceOwner) removeUserGrant := NewUserGrantWriteModel(grantID, resourceOwner)
userGrantAgg := UserGrantAggregateFromWriteModel(&removeUserGrant.WriteModel) userGrantAgg := UserGrantAggregateFromWriteModel(&removeUserGrant.WriteModel)
if !cascade { if cascade {
userGrantAgg.PushEvents( return usergrant.NewUserGrantCascadeRemovedEvent(
usergrant.NewUserGrantRemovedEvent( ctx,
ctx, userGrantAgg,
existingUserGrant.ResourceOwner, existingUserGrant.UserID,
existingUserGrant.UserID, existingUserGrant.ProjectID,
existingUserGrant.ProjectID, existingUserGrant.ProjectGrantID), nil
existingUserGrant.ProjectGrantID),
)
} else {
userGrantAgg.PushEvents(
usergrant.NewUserGrantCascadeRemovedEvent(
ctx,
existingUserGrant.ResourceOwner,
existingUserGrant.UserID,
existingUserGrant.ProjectID,
existingUserGrant.ProjectGrantID),
)
} }
return usergrant.NewUserGrantRemovedEvent(
return userGrantAgg, removeUserGrant, nil ctx,
userGrantAgg,
existingUserGrant.UserID,
existingUserGrant.ProjectID,
existingUserGrant.ProjectGrantID), nil
} }
func (r *CommandSide) userGrantWriteModelByID(ctx context.Context, userGrantID, resourceOwner string) (writeModel *UserGrantWriteModel, err error) { func (r *CommandSide) userGrantWriteModelByID(ctx context.Context, userGrantID, resourceOwner string) (writeModel *UserGrantWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)

19
internal/v2/command/user_grant_model.go
View File

@ -25,10 +25,6 @@ func NewUserGrantWriteModel(userGrantID string, resourceOwner string) *UserGrant
} }
} }
func (wm *UserGrantWriteModel) AppendEvents(events ...eventstore.EventReader) {
wm.WriteModel.AppendEvents(events...)
}
func (wm *UserGrantWriteModel) Reduce() error { func (wm *UserGrantWriteModel) Reduce() error {
for _, event := range wm.Events { for _, event := range wm.Events {
switch e := event.(type) { switch e := event.(type) {
@ -63,15 +59,20 @@ func (wm *UserGrantWriteModel) Reduce() error {
func (wm *UserGrantWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *UserGrantWriteModel) Query() *eventstore.SearchQueryBuilder {
query := eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, usergrant.AggregateType). query := eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, usergrant.AggregateType).
AggregateIDs(wm.AggregateID) AggregateIDs(wm.AggregateID).
EventTypes(usergrant.UserGrantAddedType,
usergrant.UserGrantChangedType,
usergrant.UserGrantCascadeChangedType,
usergrant.UserGrantDeactivatedType,
usergrant.UserGrantReactivatedType,
usergrant.UserGrantRemovedType,
usergrant.UserGrantCascadeRemovedType)
if wm.ResourceOwner != "" { if wm.ResourceOwner != "" {
query.ResourceOwner(wm.ResourceOwner) query.ResourceOwner(wm.ResourceOwner)
} }
return query return query
} }
func UserGrantAggregateFromWriteModel(wm *eventstore.WriteModel) *usergrant.Aggregate { func UserGrantAggregateFromWriteModel(wm *eventstore.WriteModel) *eventstore.Aggregate {
return &usergrant.Aggregate{ return eventstore.AggregateFromWriteModel(wm, usergrant.AggregateType, usergrant.AggregateVersion)
Aggregate: *eventstore.AggregateFromWriteModel(wm, usergrant.AggregateType, usergrant.AggregateVersion),
}
} }

112
internal/v2/command/user_human.go
View File

@ -2,6 +2,7 @@ package command
import ( import (
"context" "context"
"github.com/caos/zitadel/internal/eventstore/models" "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/v2" "github.com/caos/zitadel/internal/eventstore/v2"
@ -11,22 +12,27 @@ import (
) )
func (r *CommandSide) getHuman(ctx context.Context, userID, resourceowner string) (*domain.Human, error) { func (r *CommandSide) getHuman(ctx context.Context, userID, resourceowner string) (*domain.Human, error) {
writeModel, err := r.getHumanWriteModelByID(ctx, userID, resourceowner) human, err := r.getHumanWriteModelByID(ctx, userID, resourceowner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
if writeModel.UserState == domain.UserStateUnspecified || writeModel.UserState == domain.UserStateDeleted { if !isUserStateExists(human.UserState) {
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-M9dsd", "Errors.User.NotFound") return nil, caos_errs.ThrowNotFound(nil, "COMMAND-M9dsd", "Errors.User.NotFound")
} }
return writeModelToHuman(writeModel), nil return writeModelToHuman(human), nil
} }
func (r *CommandSide) AddHuman(ctx context.Context, orgID string, human *domain.Human) (*domain.Human, error) { func (r *CommandSide) AddHuman(ctx context.Context, orgID string, human *domain.Human) (*domain.Human, error) {
userAgg, addedHuman, err := r.addHuman(ctx, orgID, human) events, addedHuman, err := r.addHuman(ctx, orgID, human)
if err != nil { if err != nil {
return nil, err return nil, err
} }
err = r.eventstore.PushAggregate(ctx, addedHuman, userAgg) pushedEvents, err := r.eventstore.PushEvents(ctx, events...)
if err != nil {
return nil, err
}
err = AppendAndReduce(addedHuman, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -34,7 +40,7 @@ func (r *CommandSide) AddHuman(ctx context.Context, orgID string, human *domain.
return writeModelToHuman(addedHuman), nil return writeModelToHuman(addedHuman), nil
} }
func (r *CommandSide) addHuman(ctx context.Context, orgID string, human *domain.Human) (*user.Aggregate, *HumanWriteModel, error) { func (r *CommandSide) addHuman(ctx context.Context, orgID string, human *domain.Human) ([]eventstore.EventPusher, *HumanWriteModel, error) {
if !human.IsValid() { if !human.IsValid() {
return nil, nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-4M90d", "Errors.User.Invalid") return nil, nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-4M90d", "Errors.User.Invalid")
} }
@ -42,46 +48,48 @@ func (r *CommandSide) addHuman(ctx context.Context, orgID string, human *domain.
} }
func (r *CommandSide) RegisterHuman(ctx context.Context, orgID string, human *domain.Human, externalIDP *domain.ExternalIDP, orgMemberRoles []string) (*domain.Human, error) { func (r *CommandSide) RegisterHuman(ctx context.Context, orgID string, human *domain.Human, externalIDP *domain.ExternalIDP, orgMemberRoles []string) (*domain.Human, error) {
aggregates := make([]eventstore.Aggregater, 2) userEvents, registeredHuman, err := r.registerHuman(ctx, orgID, human, externalIDP)
userAgg, addedHuman, err := r.registerHuman(ctx, orgID, human, externalIDP)
if err != nil { if err != nil {
return nil, err return nil, err
} }
aggregates[0] = userAgg
orgMemberWriteModel := NewOrgMemberWriteModel(orgID, addedHuman.AggregateID) orgMemberWriteModel := NewOrgMemberWriteModel(orgID, registeredHuman.AggregateID)
orgAgg := OrgAggregateFromWriteModel(&orgMemberWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&orgMemberWriteModel.WriteModel)
if orgMemberRoles != nil { if len(orgMemberRoles) > 0 {
orgMember := &domain.Member{ orgMember := &domain.Member{
ObjectRoot: models.ObjectRoot{ ObjectRoot: models.ObjectRoot{
AggregateID: orgID, AggregateID: orgID,
}, },
UserID: userAgg.ID(), UserID: human.AggregateID,
Roles: orgMemberRoles, Roles: orgMemberRoles,
} }
r.addOrgMember(ctx, orgAgg, orgMemberWriteModel, orgMember) memberEvent, err := r.addOrgMember(ctx, orgAgg, orgMemberWriteModel, orgMember)
if err != nil {
return nil, err
}
userEvents = append(userEvents, memberEvent)
} }
aggregates[1] = orgAgg pushedEvents, err := r.eventstore.PushEvents(ctx, userEvents...)
eventReader, err := r.eventstore.PushAggregates(ctx, aggregates...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
addedHuman.AppendEvents(eventReader...)
addedHuman.Reduce() err = AppendAndReduce(registeredHuman, pushedEvents...)
return writeModelToHuman(addedHuman), nil if err != nil {
return nil, err
}
return writeModelToHuman(registeredHuman), nil
} }
func (r *CommandSide) registerHuman(ctx context.Context, orgID string, human *domain.Human, externalIDP *domain.ExternalIDP) (*user.Aggregate, *HumanWriteModel, error) { func (r *CommandSide) registerHuman(ctx context.Context, orgID string, human *domain.Human, externalIDP *domain.ExternalIDP) ([]eventstore.EventPusher, *HumanWriteModel, error) {
if !human.IsValid() || externalIDP == nil && (human.Password == nil || human.SecretString == "") { if !human.IsValid() || externalIDP == nil && (human.Password == nil || human.SecretString == "") {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-9dk45", "Errors.User.Invalid") return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-9dk45", "Errors.User.Invalid")
} }
return r.createHuman(ctx, orgID, human, externalIDP, true) return r.createHuman(ctx, orgID, human, externalIDP, true)
} }
func (r *CommandSide) createHuman(ctx context.Context, orgID string, human *domain.Human, externalIDP *domain.ExternalIDP, selfregister bool) (*user.Aggregate, *HumanWriteModel, error) { func (r *CommandSide) createHuman(ctx context.Context, orgID string, human *domain.Human, externalIDP *domain.ExternalIDP, selfregister bool) ([]eventstore.EventPusher, *HumanWriteModel, error) {
userID, err := r.idGenerator.Next() userID, err := r.idGenerator.Next()
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
@ -95,8 +103,6 @@ func (r *CommandSide) createHuman(ctx context.Context, orgID string, human *doma
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
addedHuman := NewHumanWriteModel(human.AggregateID, orgID)
if err := human.CheckOrgIAMPolicy(orgIAMPolicy); err != nil { if err := human.CheckOrgIAMPolicy(orgIAMPolicy); err != nil {
return nil, nil, err return nil, nil, err
} }
@ -104,43 +110,48 @@ func (r *CommandSide) createHuman(ctx context.Context, orgID string, human *doma
if err := human.HashPasswordIfExisting(pwPolicy, r.userPasswordAlg, true); err != nil { if err := human.HashPasswordIfExisting(pwPolicy, r.userPasswordAlg, true); err != nil {
return nil, nil, err return nil, nil, err
} }
addedHuman := NewHumanWriteModel(human.AggregateID, orgID)
//TODO: adlerhurst maybe we could simplify the code below
userAgg := UserAggregateFromWriteModel(&addedHuman.WriteModel) userAgg := UserAggregateFromWriteModel(&addedHuman.WriteModel)
var createEvent eventstore.EventPusher var events []eventstore.EventPusher
if selfregister { if selfregister {
createEvent = createRegisterHumanEvent(ctx, orgID, human, orgIAMPolicy.UserLoginMustBeDomain) events = append(events, createRegisterHumanEvent(ctx, userAgg, human, orgIAMPolicy.UserLoginMustBeDomain))
} else { } else {
createEvent = createAddHumanEvent(ctx, orgID, human, orgIAMPolicy.UserLoginMustBeDomain) events = append(events, createAddHumanEvent(ctx, userAgg, human, orgIAMPolicy.UserLoginMustBeDomain))
} }
userAgg.PushEvents(createEvent)
if externalIDP != nil { if externalIDP != nil {
err = r.addHumanExternalIDP(ctx, userAgg, externalIDP) event, err := r.addHumanExternalIDP(ctx, userAgg, externalIDP)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
events = append(events, event)
} }
if human.IsInitialState() { if human.IsInitialState() {
initCode, err := domain.NewInitUserCode(r.initializeUserCode) initCode, err := domain.NewInitUserCode(r.initializeUserCode)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
userAgg.PushEvents(user.NewHumanInitialCodeAddedEvent(ctx, initCode.Code, initCode.Expiry)) events = append(events, user.NewHumanInitialCodeAddedEvent(ctx, userAgg, initCode.Code, initCode.Expiry))
} }
if human.Email != nil && human.EmailAddress != "" && human.IsEmailVerified { if human.Email != nil && human.EmailAddress != "" && human.IsEmailVerified {
userAgg.PushEvents(user.NewHumanEmailVerifiedEvent(ctx)) events = append(events, user.NewHumanEmailVerifiedEvent(ctx, userAgg))
} }
if human.Phone != nil && human.PhoneNumber != "" && !human.IsPhoneVerified { if human.Phone != nil && human.PhoneNumber != "" && !human.IsPhoneVerified {
phoneCode, err := domain.NewPhoneCode(r.phoneVerificationCode) phoneCode, err := domain.NewPhoneCode(r.phoneVerificationCode)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
userAgg.PushEvents(user.NewHumanPhoneCodeAddedEvent(ctx, phoneCode.Code, phoneCode.Expiry)) events = append(events, user.NewHumanPhoneCodeAddedEvent(ctx, userAgg, phoneCode.Code, phoneCode.Expiry))
} else if human.Phone != nil && human.PhoneNumber != "" && human.IsPhoneVerified { } else if human.Phone != nil && human.PhoneNumber != "" && human.IsPhoneVerified {
userAgg.PushEvents(user.NewHumanPhoneVerifiedEvent(ctx)) events = append(events, user.NewHumanPhoneVerifiedEvent(ctx, userAgg))
} }
return userAgg, addedHuman, nil return events, addedHuman, nil
} }
func (r *CommandSide) HumanSkipMFAInit(ctx context.Context, userID, resourceowner string) (err error) { func (r *CommandSide) HumanSkipMFAInit(ctx context.Context, userID, resourceowner string) (err error) {
@ -152,18 +163,20 @@ func (r *CommandSide) HumanSkipMFAInit(ctx context.Context, userID, resourceowne
if err != nil { if err != nil {
return err return err
} }
if existingHuman.UserState == domain.UserStateUnspecified || existingHuman.UserState == domain.UserStateDeleted { if !isUserStateExists(existingHuman.UserState) {
return caos_errs.ThrowNotFound(nil, "COMMAND-m9cV8", "Errors.User.NotFound") return caos_errs.ThrowNotFound(nil, "COMMAND-m9cV8", "Errors.User.NotFound")
} }
userAgg := UserAggregateFromWriteModel(&existingHuman.WriteModel)
userAgg.PushEvents(user.NewHumanMFAInitSkippedEvent(ctx)) _, err = r.eventstore.PushEvents(ctx,
return r.eventstore.PushAggregate(ctx, existingHuman, userAgg) user.NewHumanMFAInitSkippedEvent(ctx, UserAggregateFromWriteModel(&existingHuman.WriteModel)))
return err
} }
func createAddHumanEvent(ctx context.Context, orgID string, human *domain.Human, userLoginMustBeDomain bool) *user.HumanAddedEvent { ///TODO: adlerhurst maybe we can simplify createAddHumanEvent and createRegisterHumanEvent
func createAddHumanEvent(ctx context.Context, aggregate *eventstore.Aggregate, human *domain.Human, userLoginMustBeDomain bool) *user.HumanAddedEvent {
addEvent := user.NewHumanAddedEvent( addEvent := user.NewHumanAddedEvent(
ctx, ctx,
orgID, aggregate,
human.Username, human.Username,
human.FirstName, human.FirstName,
human.LastName, human.LastName,
@ -191,10 +204,10 @@ func createAddHumanEvent(ctx context.Context, orgID string, human *domain.Human,
return addEvent return addEvent
} }
func createRegisterHumanEvent(ctx context.Context, orgID string, human *domain.Human, userLoginMustBeDomain bool) *user.HumanRegisteredEvent { func createRegisterHumanEvent(ctx context.Context, aggregate *eventstore.Aggregate, human *domain.Human, userLoginMustBeDomain bool) *user.HumanRegisteredEvent {
addEvent := user.NewHumanRegisteredEvent( addEvent := user.NewHumanRegisteredEvent(
ctx, ctx,
orgID, aggregate,
human.Username, human.Username,
human.FirstName, human.FirstName,
human.LastName, human.LastName,
@ -226,21 +239,22 @@ func (r *CommandSide) HumansSignOut(ctx context.Context, agentID string, userIDs
if agentID == "" { if agentID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M0ds", "Errors.User.UserIDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M0ds", "Errors.User.UserIDMissing")
} }
aggregates := make([]eventstore.Aggregater, len(userIDs)) events := make([]eventstore.EventPusher, len(userIDs))
for i, userID := range userIDs { for i, userID := range userIDs {
existingUser, err := r.getHumanWriteModelByID(ctx, userID, "") existingUser, err := r.getHumanWriteModelByID(ctx, userID, "")
if err != nil { if err != nil {
return err return err
} }
if existingUser.UserState == domain.UserStateUnspecified || existingUser.UserState == domain.UserStateDeleted { if !isUserStateExists(existingUser.UserState) {
continue continue
} }
userAgg := UserAggregateFromWriteModel(&existingUser.WriteModel) events[i] = user.NewHumanSignedOutEvent(
userAgg.PushEvents(user.NewHumanSignedOutEvent(ctx, agentID)) ctx,
aggregates[i] = userAgg UserAggregateFromWriteModel(&existingUser.WriteModel),
agentID)
} }
_, err := r.eventstore.PushAggregates(ctx, aggregates...) _, err := r.eventstore.PushEvents(ctx, events...)
return err return err
} }

13
internal/v2/command/user_human_address.go
View File

@ -15,18 +15,19 @@ func (r *CommandSide) ChangeHumanAddress(ctx context.Context, address *domain.Ad
if existingAddress.State == domain.AddressStateUnspecified || existingAddress.State == domain.AddressStateRemoved { if existingAddress.State == domain.AddressStateUnspecified || existingAddress.State == domain.AddressStateRemoved {
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-0pLdo", "Errors.User.Address.NotFound") return nil, caos_errs.ThrowNotFound(nil, "COMMAND-0pLdo", "Errors.User.Address.NotFound")
} }
changedEvent, hasChanged := existingAddress.NewChangedEvent(ctx, address.Country, address.Locality, address.PostalCode, address.Region, address.StreetAddress) userAgg := UserAggregateFromWriteModel(&existingAddress.WriteModel)
changedEvent, hasChanged := existingAddress.NewChangedEvent(ctx, userAgg, address.Country, address.Locality, address.PostalCode, address.Region, address.StreetAddress)
if !hasChanged { if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3M0cs", "Errors.User.Address.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3M0cs", "Errors.User.Address.NotChanged")
} }
userAgg := UserAggregateFromWriteModel(&existingAddress.WriteModel) pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent)
userAgg.PushEvents(changedEvent) if err != nil {
return nil, err
err = r.eventstore.PushAggregate(ctx, existingAddress, userAgg) }
err = AppendAndReduce(existingAddress, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return writeModelToAddress(existingAddress), nil return writeModelToAddress(existingAddress), nil
} }

13
internal/v2/command/user_human_address_model.go
View File

@ -29,10 +29,6 @@ func NewHumanAddressWriteModel(userID, resourceOwner string) *HumanAddressWriteM
} }
} }
func (wm *HumanAddressWriteModel) AppendEvents(events ...eventstore.EventReader) {
wm.WriteModel.AppendEvents(events...)
}
func (wm *HumanAddressWriteModel) Reduce() error { func (wm *HumanAddressWriteModel) Reduce() error {
for _, event := range wm.Events { for _, event := range wm.Events {
switch e := event.(type) { switch e := event.(type) {
@ -76,11 +72,16 @@ func (wm *HumanAddressWriteModel) Reduce() error {
func (wm *HumanAddressWriteModel) Query() *eventstore.SearchQueryBuilder { func (wm *HumanAddressWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, user.AggregateType). return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, user.AggregateType).
AggregateIDs(wm.AggregateID). AggregateIDs(wm.AggregateID).
ResourceOwner(wm.ResourceOwner) ResourceOwner(wm.ResourceOwner).
EventTypes(user.HumanAddedType,
user.HumanRegisteredType,
user.HumanAddressChangedType,
user.UserRemovedType)
} }
func (wm *HumanAddressWriteModel) NewChangedEvent( func (wm *HumanAddressWriteModel) NewChangedEvent(
ctx context.Context, ctx context.Context,
aggregate *eventstore.Aggregate,
country, country,
locality, locality,
postalCode, postalCode,
@ -88,7 +89,7 @@ func (wm *HumanAddressWriteModel) NewChangedEvent(
streetAddress string, streetAddress string,
) (*user.HumanAddressChangedEvent, bool) { ) (*user.HumanAddressChangedEvent, bool) {
hasChanged := false hasChanged := false
changedEvent := user.NewHumanAddressChangedEvent(ctx) changedEvent := user.NewHumanAddressChangedEvent(ctx, aggregate)
if wm.Country != country { if wm.Country != country {
hasChanged = true hasChanged = true
changedEvent.Country = &country changedEvent.Country = &country

Some files were not shown because too many files have changed in this diff Show More