feat: impersonation roles (#7442)

* partial work done * test IAM membership roles * org membership tests * console :(, translations and docs * fix integration test * fix tests * add EnableImpersonation to security policy API * fix integration test timestamp checking * add security policy tests and fix projections * add impersonation setting in console * add security settings to the settings v2 API * fix typo * move impersonation to instance --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-11 20:27:32 +00:00 · 2024-02-28 12:21:11 +02:00
parent 68af4f59c9
commit 062d153cfe
60 changed files with 1624 additions and 144 deletions
--- a/internal/integration/assert.go
+++ b/internal/integration/assert.go
@@ -5,12 +5,22 @@ import (
 	"time"

 	"github.com/stretchr/testify/assert"
+	"google.golang.org/protobuf/types/known/timestamppb"

 	object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"
 )

-type DetailsMsg interface {
-	GetDetails() *object.Details
+// Details is the interface that covers both v1 and v2 proto generated object details.
+type Details interface {
+	comparable
+	GetSequence() uint64
+	GetChangeDate() *timestamppb.Timestamp
+	GetResourceOwner() string
+}
+
+// DetailsMsg is the interface that covers all proto messages which contain v1 or v2 object details.
+type DetailsMsg[D Details] interface {
+	GetDetails() D
 }

 type ListDetailsMsg interface {
@@ -24,22 +34,24 @@ type ListDetailsMsg interface {
 // Dynamically generated values are not compared with expected.
 // Instead a sanity check is performed.
 // For the sequence a non-zero value is expected.
-// The change date has to be now, with a tollerance of 1 second.
+// If the change date is populated, it is checked with a tolerance of 1 minute around Now.
 //
-// The resource owner is compared with expected and is
-// therefore the only value that has to be set.
-func AssertDetails[D DetailsMsg](t testing.TB, expected, actual D) {
+// The resource owner is compared with expected.
+func AssertDetails[D Details, M DetailsMsg[D]](t testing.TB, expected, actual M) {
 	wantDetails, gotDetails := expected.GetDetails(), actual.GetDetails()
-	if wantDetails == nil {
+	var nilDetails D
+	if wantDetails == nilDetails {
 		assert.Nil(t, gotDetails)
 		return
 	}

 	assert.NotZero(t, gotDetails.GetSequence())

-	gotCD := gotDetails.GetChangeDate().AsTime()
-	now := time.Now()
-	assert.WithinRange(t, gotCD, now.Add(-time.Minute), now.Add(time.Minute))
+	if wantDetails.GetChangeDate() != nil {
+		wantChangeDate := time.Now()
+		gotChangeDate := gotDetails.GetChangeDate().AsTime()
+		assert.WithinRange(t, gotChangeDate, wantChangeDate.Add(-time.Minute), wantChangeDate.Add(time.Minute))
+	}

 	assert.Equal(t, wantDetails.GetResourceOwner(), gotDetails.GetResourceOwner())
 }