feat: impersonation roles (#7442)

* partial work done

* test IAM membership roles

* org membership tests

* console :(, translations and docs

* fix integration test

* fix tests

* add EnableImpersonation to security policy API

* fix integration test timestamp checking

* add security policy tests and fix projections

* add impersonation setting in console

* add security settings to the settings v2 API

* fix typo

* move impersonation to instance

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>

internal/query/projection/security_policy.go

@@ -11,13 +11,14 @@ import (
 )
 
 const (
-	SecurityPolicyProjectionTable      = "projections.security_policies"
-	SecurityPolicyColumnInstanceID     = "instance_id"
-	SecurityPolicyColumnCreationDate   = "creation_date"
-	SecurityPolicyColumnChangeDate     = "change_date"
-	SecurityPolicyColumnSequence       = "sequence"
-	SecurityPolicyColumnEnabled        = "enabled"
-	SecurityPolicyColumnAllowedOrigins = "origins"
+	SecurityPolicyProjectionTable             = "projections.security_policies2"
+	SecurityPolicyColumnInstanceID            = "instance_id"
+	SecurityPolicyColumnCreationDate          = "creation_date"
+	SecurityPolicyColumnChangeDate            = "change_date"
+	SecurityPolicyColumnSequence              = "sequence"
+	SecurityPolicyColumnEnableIframeEmbedding = "enable_iframe_embedding"
+	SecurityPolicyColumnAllowedOrigins        = "origins"
+	SecurityPolicyColumnEnableImpersonation   = "enable_impersonation"
 )
 
 type securityPolicyProjection struct{}
@@ -37,8 +38,9 @@ func (*securityPolicyProjection) Init() *old_handler.Check {
 			handler.NewColumn(SecurityPolicyColumnChangeDate, handler.ColumnTypeTimestamp),
 			handler.NewColumn(SecurityPolicyColumnInstanceID, handler.ColumnTypeText),
 			handler.NewColumn(SecurityPolicyColumnSequence, handler.ColumnTypeInt64),
-			handler.NewColumn(SecurityPolicyColumnEnabled, handler.ColumnTypeBool, handler.Default(false)),
+			handler.NewColumn(SecurityPolicyColumnEnableIframeEmbedding, handler.ColumnTypeBool, handler.Default(false)),
 			handler.NewColumn(SecurityPolicyColumnAllowedOrigins, handler.ColumnTypeTextArray, handler.Nullable()),
+			handler.NewColumn(SecurityPolicyColumnEnableImpersonation, handler.ColumnTypeBool, handler.Default(false)),
 		},
 			handler.NewPrimaryKey(SecurityPolicyColumnInstanceID),
 		),
@@ -74,12 +76,17 @@ func (p *securityPolicyProjection) reduceSecurityPolicySet(event eventstore.Even
 		handler.NewCol(SecurityPolicyColumnInstanceID, e.Aggregate().InstanceID),
 		handler.NewCol(SecurityPolicyColumnSequence, e.Sequence()),
 	}
-	if e.Enabled != nil {
-		changes = append(changes, handler.NewCol(SecurityPolicyColumnEnabled, *e.Enabled))
+	if e.EnableIframeEmbedding != nil {
+		changes = append(changes, handler.NewCol(SecurityPolicyColumnEnableIframeEmbedding, *e.EnableIframeEmbedding))
+	} else if e.Enabled != nil {
+		changes = append(changes, handler.NewCol(SecurityPolicyColumnEnableIframeEmbedding, *e.Enabled))
 	}
 	if e.AllowedOrigins != nil {
 		changes = append(changes, handler.NewCol(SecurityPolicyColumnAllowedOrigins, e.AllowedOrigins))
 	}
+	if e.EnableImpersonation != nil {
+		changes = append(changes, handler.NewCol(SecurityPolicyColumnEnableImpersonation, e.EnableImpersonation))
+	}
 	return handler.NewUpsertStatement(
 		e,
 		[]handler.Column{