TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 18:17:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore!: Introduce ZITADEL v3 (#9645)

Browse Source 
This PR summarizes multiple changes specifically only available with
ZITADEL v3:

- feat: Web Keys management
(https://github.com/zitadel/zitadel/pull/9526)
- fix(cmd): ensure proper working of mirror
(https://github.com/zitadel/zitadel/pull/9509)
- feat(Authz): system user support for permission check v2
(https://github.com/zitadel/zitadel/pull/9640)
- chore(license): change from Apache to AGPL
(https://github.com/zitadel/zitadel/pull/9597)
- feat(console): list v2 sessions
(https://github.com/zitadel/zitadel/pull/9539)
- fix(console): add loginV2 feature flag
(https://github.com/zitadel/zitadel/pull/9682)
- fix(feature flags): allow reading "own" flags
(https://github.com/zitadel/zitadel/pull/9649)
- feat(console): add Actions V2 UI
(https://github.com/zitadel/zitadel/pull/9591)

BREAKING CHANGE
- feat(webkey): migrate to v2beta API
(https://github.com/zitadel/zitadel/pull/9445)
- chore!: remove CockroachDB Support
(https://github.com/zitadel/zitadel/pull/9444)
- feat(actions): migrate to v2beta API
(https://github.com/zitadel/zitadel/pull/9489)

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com>
Co-authored-by: Ramon <mail@conblem.me>
Co-authored-by: Elio Bischof <elio@zitadel.com>
Co-authored-by: Kenta Yamaguchi <56732734+KEY60228@users.noreply.github.com>
Co-authored-by: Harsha Reddy <harsha.reddy@klaviyo.com>
Co-authored-by: Livio Spring <livio@zitadel.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Iraq <66622793+kkrime@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@zitadel.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Max Peintner <peintnerm@gmail.com>
This commit is contained in:
Fabienne Bühler
2025-04-02 16:53:06 +02:00
committed by GitHub
parent d14a23ae7e
commit 07ce3b6905
559 changed files with 14578 additions and 7622 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
internal/execution/ctx.go Normal file
View File

@@ -0,0 +1,19 @@
package execution
import (
"context"
"github.com/zitadel/zitadel/internal/api/authz"
"github.com/zitadel/zitadel/internal/eventstore"
)
const ExecutionUserID = "EXECUTION"
func HandlerContext(event *eventstore.Aggregate) context.Context {
ctx := authz.WithInstanceID(context.Background(), event.InstanceID)
return authz.SetCtxData(ctx, authz.CtxData{UserID: ExecutionUserID, OrgID: event.ResourceOwner})
}
func ContextWithExecuter(ctx context.Context, aggregate *eventstore.Aggregate) context.Context {
return authz.SetCtxData(ctx, authz.CtxData{UserID: ExecutionUserID, OrgID: aggregate.ResourceOwner})
}

2
internal/execution/execution_test.go
View File

@@ -61,7 +61,7 @@ func Test_Call(t *testing.T) {
args{
ctx: context.Background(),
timeout: time.Second,
sleep: time.Second,
sleep: 2 * time.Second,
method: http.MethodPost,
body: []byte("{\"request\": \"values\"}"),
respBody: []byte("{\"response\": \"values\"}"),

4
internal/execution/gen_mock.go Normal file
View File

@@ -0,0 +1,4 @@
package execution
//go:generate mockgen -package mock -destination ./mock/queries.mock.go github.com/zitadel/zitadel/internal/execution Queries
//go:generate mockgen -package mock -destination ./mock/queue.mock.go github.com/zitadel/zitadel/internal/execution Queue

156
internal/execution/handlers.go Normal file
View File

@@ -0,0 +1,156 @@
package execution
import (
"context"
"encoding/json"
"slices"
"strings"
"github.com/riverqueue/river"
"github.com/zitadel/zitadel/internal/api/authz"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/eventstore/handler/v2"
"github.com/zitadel/zitadel/internal/query"
"github.com/zitadel/zitadel/internal/queue"
exec_repo "github.com/zitadel/zitadel/internal/repository/execution"
)
const (
HandlerTable = "projections.execution_handler"
)
type Queue interface {
Insert(ctx context.Context, args river.JobArgs, opts ...queue.InsertOpt) error
}
type Queries interface {
TargetsByExecutionID(ctx context.Context, ids []string) (execution []*query.ExecutionTarget, err error)
InstanceByID(ctx context.Context, id string) (instance authz.Instance, err error)
}
type eventHandler struct {
eventTypes []string
aggregateTypeFromEventType func(typ eventstore.EventType) eventstore.AggregateType
query Queries
queue Queue
}
func NewEventHandler(
ctx context.Context,
config handler.Config,
eventTypes []string,
aggregateTypeFromEventType func(typ eventstore.EventType) eventstore.AggregateType,
query Queries,
queue Queue,
) *handler.Handler {
return handler.NewHandler(ctx, &config, &eventHandler{
eventTypes: eventTypes,
aggregateTypeFromEventType: aggregateTypeFromEventType,
query: query,
queue: queue,
})
}
func (u *eventHandler) Name() string {
return HandlerTable
}
func (u *eventHandler) Reducers() []handler.AggregateReducer {
aggList := make(map[eventstore.AggregateType][]eventstore.EventType)
for _, eventType := range u.eventTypes {
aggType := u.aggregateTypeFromEventType(eventstore.EventType(eventType))
aggEventTypes := aggList[aggType]
if !slices.Contains(aggEventTypes, eventstore.EventType(eventType)) {
aggList[aggType] = append(aggList[aggType], eventstore.EventType(eventType))
}
}
aggReducers := make([]handler.AggregateReducer, 0, len(aggList))
for aggType, aggEventTypes := range aggList {
eventReducers := make([]handler.EventReducer, len(aggEventTypes))
for j, eventType := range aggEventTypes {
eventReducers[j] = handler.EventReducer{
Event: eventType,
Reduce: u.reduce,
}
}
aggReducers = append(aggReducers, handler.AggregateReducer{
Aggregate: aggType,
EventReducers: eventReducers,
})
}
return aggReducers
}
func groupsFromEventType(s string) []string {
parts := strings.Split(s, ".")
groups := make([]string, len(parts))
for i := range parts {
groups[i] = strings.Join(parts[:i+1], ".")
if i < len(parts)-1 {
groups[i] += ".*"
}
}
slices.Reverse(groups)
return groups
}
func idsForEventType(eventType string) []string {
ids := make([]string, 0)
for _, group := range groupsFromEventType(eventType) {
ids = append(ids,
exec_repo.ID(domain.ExecutionTypeEvent, group),
)
}
return append(ids,
exec_repo.IDAll(domain.ExecutionTypeEvent),
)
}
func (u *eventHandler) reduce(e eventstore.Event) (*handler.Statement, error) {
ctx := HandlerContext(e.Aggregate())
targets, err := u.query.TargetsByExecutionID(ctx, idsForEventType(string(e.Type())))
if err != nil {
return nil, err
}
// no execution from worker necessary
if len(targets) == 0 {
return handler.NewNoOpStatement(e), nil
}
return handler.NewStatement(e, func(ex handler.Executer, projectionName string) error {
ctx := HandlerContext(e.Aggregate())
req, err := NewRequest(e, targets)
if err != nil {
return err
}
return u.queue.Insert(ctx,
req,
queue.WithQueueName(exec_repo.QueueName),
)
}), nil
}
func NewRequest(e eventstore.Event, targets []*query.ExecutionTarget) (*exec_repo.Request, error) {
targetsData, err := json.Marshal(targets)
if err != nil {
return nil, err
}
eventData, err := json.Marshal(e)
if err != nil {
return nil, err
}
return &exec_repo.Request{
Aggregate: e.Aggregate(),
Sequence: e.Sequence(),
EventType: e.Type(),
CreatedAt: e.CreatedAt(),
UserID: e.Creator(),
EventData: eventData,
TargetsData: targetsData,
}, nil
}

487
internal/execution/handlers_test.go Normal file
View File

@@ -0,0 +1,487 @@
package execution
import (
"database/sql"
"encoding/json"
"errors"
"testing"
"time"
"github.com/stretchr/testify/assert"
"go.uber.org/mock/gomock"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/eventstore/repository"
"github.com/zitadel/zitadel/internal/execution/mock"
"github.com/zitadel/zitadel/internal/query"
"github.com/zitadel/zitadel/internal/repository/action"
execution_rp "github.com/zitadel/zitadel/internal/repository/execution"
"github.com/zitadel/zitadel/internal/repository/session"
"github.com/zitadel/zitadel/internal/repository/user"
"github.com/zitadel/zitadel/internal/zerrors"
)
func Test_EventExecution(t *testing.T) {
type args struct {
event eventstore.Event
targets []*query.ExecutionTarget
}
type res struct {
targets []Target
contextInfo *execution_rp.ContextInfoEvent
wantErr bool
}
tests := []struct {
name string
args args
res res
}{
{
"session added, ok",
args{
event: &eventstore.BaseEvent{
Agg: &eventstore.Aggregate{
ID: "aggID",
Type: session.AggregateType,
ResourceOwner: "resourceOwner",
InstanceID: "instanceID",
Version: session.AggregateVersion,
},
EventType: session.AddedType,
Seq: 1,
Creation: time.Date(2024, 1, 1, 1, 1, 1, 1, time.UTC),
User: userID,
Data: []byte(`{"ID":"","Seq":1,"Pos":0,"Creation":"2024-01-01T01:01:01.000000001Z"}`),
},
targets: []*query.ExecutionTarget{{
InstanceID: instanceID,
ExecutionID: "executionID",
TargetID: "targetID",
TargetType: domain.TargetTypeWebhook,
Endpoint: "endpoint",
Timeout: time.Minute,
InterruptOnError: true,
SigningKey: "key",
}},
},
res{
targets: []Target{
&query.ExecutionTarget{
InstanceID: instanceID,
ExecutionID: "executionID",
TargetID: "targetID",
TargetType: domain.TargetTypeWebhook,
Endpoint: "endpoint",
Timeout: time.Minute,
InterruptOnError: true,
SigningKey: "key",
},
},
contextInfo: &execution_rp.ContextInfoEvent{
AggregateID: "aggID",
AggregateType: "session",
ResourceOwner: "resourceOwner",
InstanceID: "instanceID",
Version: "v1",
Sequence: 1,
EventType: "session.added",
CreatedAt: time.Date(2024, 1, 1, 1, 1, 1, 1, time.UTC).Format(time.RFC3339Nano),
UserID: userID,
EventPayload: []byte(`{"ID":"","Seq":1,"Pos":0,"Creation":"2024-01-01T01:01:01.000000001Z"}`),
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
request, err := NewRequest(tt.args.event, tt.args.targets)
if tt.res.wantErr {
assert.Error(t, err)
assert.Nil(t, request)
return
}
assert.NoError(t, err)
targets, err := TargetsFromRequest(request)
assert.NoError(t, err)
assert.Equal(t, tt.res.targets, targets)
assert.Equal(t, tt.res.contextInfo, execution_rp.ContextInfoFromRequest(request))
})
}
}
func Test_groupsFromEventType(t *testing.T) {
type args struct {
eventType eventstore.EventType
}
type res struct {
groups []string
}
tests := []struct {
name string
args args
res res
}{
{
"user human mfa init skipped, ok",
args{
eventType: user.HumanMFAInitSkippedType,
},
res{
groups: []string{
"user.human.mfa.init.skipped",
"user.human.mfa.init.*",
"user.human.mfa.*",
"user.human.*",
"user.*",
},
},
},
{
"session added, ok",
args{
eventType: session.AddedType,
},
res{
groups: []string{
"session.added",
"session.*",
},
},
},
{
"user added, ok",
args{
eventType: user.HumanAddedType,
},
res{
groups: []string{
"user.human.added",
"user.human.*",
"user.*",
},
},
},
{
"execution set, ok",
args{
eventType: execution_rp.SetEventV2Type,
},
res{
groups: []string{
"execution.v2.set",
"execution.v2.*",
"execution.*",
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
assert.Equal(t, tt.res.groups, groupsFromEventType(string(tt.args.eventType)))
})
}
}
func Test_idsForEventType(t *testing.T) {
type args struct {
eventType eventstore.EventType
}
type res struct {
groups []string
}
tests := []struct {
name string
args args
res res
}{
{
"session added, ok",
args{
eventType: session.AddedType,
},
res{
groups: []string{
"event/session.added",
"event/session.*",
"event",
},
},
},
{
"user added, ok",
args{
eventType: user.HumanAddedType,
},
res{
groups: []string{
"event/user.human.added",
"event/user.human.*",
"event/user.*",
"event",
},
},
},
{
"execution set, ok",
args{
eventType: execution_rp.SetEventV2Type,
},
res{
groups: []string{
"event/execution.v2.set",
"event/execution.v2.*",
"event/execution.*",
"event",
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
assert.Equal(t, tt.res.groups, idsForEventType(string(tt.args.eventType)))
})
}
}
func TestActionProjection_reduces(t *testing.T) {
tests := []struct {
name string
test func(*gomock.Controller, *mock.MockQueries, *mock.MockQueue) (fields, args, want)
}{
{
name: "reduce, action, error",
test: func(ctrl *gomock.Controller, queries *mock.MockQueries, q *mock.MockQueue) (f fields, a args, w want) {
queries.EXPECT().TargetsByExecutionID(gomock.Any(), gomock.Any()).Return(nil, zerrors.ThrowInternal(nil, "QUERY-37ardr0pki", "Errors.Query.CloseRows"))
return fields{
queries: queries,
queue: q,
}, args{
event: &action.AddedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(&repository.Event{
InstanceID: instanceID,
AggregateID: eventID,
ResourceOwner: sql.NullString{String: orgID},
CreationDate: time.Now().UTC(),
Typ: action.AddedEventType,
Data: []byte(eventData),
EditorUser: userID,
Seq: 1,
AggregateType: action.AggregateType,
Version: action.AggregateVersion,
}),
Name: "name",
Script: "name(){}",
Timeout: 3 * time.Second,
AllowedToFail: true,
},
mapper: action.AddedEventMapper,
}, want{
err: func(tt assert.TestingT, err error, i ...interface{}) bool {
return errors.Is(err, zerrors.ThrowInternal(nil, "QUERY-37ardr0pki", "Errors.Query.CloseRows"))
},
}
},
},
{
name: "reduce, action, none",
test: func(ctrl *gomock.Controller, queries *mock.MockQueries, q *mock.MockQueue) (f fields, a args, w want) {
queries.EXPECT().TargetsByExecutionID(gomock.Any(), gomock.Any()).Return([]*query.ExecutionTarget{}, nil)
return fields{
queries: queries,
queue: q,
}, args{
event: &action.AddedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(&repository.Event{
InstanceID: instanceID,
AggregateID: eventID,
ResourceOwner: sql.NullString{String: orgID},
CreationDate: time.Now().UTC(),
Typ: action.AddedEventType,
Data: []byte(eventData),
EditorUser: userID,
Seq: 1,
AggregateType: action.AggregateType,
Version: action.AggregateVersion,
}),
Name: "name",
Script: "name(){}",
Timeout: 3 * time.Second,
AllowedToFail: true,
},
mapper: action.AddedEventMapper,
}, want{
noOperation: true,
}
},
},
{
name: "reduce, action, single",
test: func(ctrl *gomock.Controller, queries *mock.MockQueries, q *mock.MockQueue) (f fields, a args, w want) {
targets := mockTargets(1)
queries.EXPECT().TargetsByExecutionID(gomock.Any(), gomock.Any()).Return(targets, nil)
createdAt := time.Now().UTC()
q.EXPECT().Insert(
gomock.Any(),
&execution_rp.Request{
Aggregate: &eventstore.Aggregate{
InstanceID: instanceID,
Type: action.AggregateType,
Version: action.AggregateVersion,
ID: eventID,
ResourceOwner: orgID,
},
Sequence: 1,
CreatedAt: createdAt,
EventType: action.AddedEventType,
UserID: userID,
EventData: []byte(eventData),
TargetsData: mockTargetsToBytes(targets),
},
gomock.Any(),
).Return(nil)
return fields{
queries: queries,
queue: q,
}, args{
event: &action.AddedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(&repository.Event{
InstanceID: instanceID,
AggregateID: eventID,
ResourceOwner: sql.NullString{String: orgID},
CreationDate: createdAt,
Typ: action.AddedEventType,
Data: []byte(eventData),
EditorUser: userID,
Seq: 1,
AggregateType: action.AggregateType,
Version: action.AggregateVersion,
}),
Name: "name",
Script: "name(){}",
Timeout: 3 * time.Second,
AllowedToFail: true,
},
mapper: action.AddedEventMapper,
}, w
},
},
{
name: "reduce, action, multiple",
test: func(ctrl *gomock.Controller, queries *mock.MockQueries, q *mock.MockQueue) (f fields, a args, w want) {
targets := mockTargets(3)
queries.EXPECT().TargetsByExecutionID(gomock.Any(), gomock.Any()).Return(targets, nil)
createdAt := time.Now().UTC()
q.EXPECT().Insert(
gomock.Any(),
&execution_rp.Request{
Aggregate: &eventstore.Aggregate{
InstanceID: instanceID,
Type: action.AggregateType,
Version: action.AggregateVersion,
ID: eventID,
ResourceOwner: orgID,
},
Sequence: 1,
CreatedAt: createdAt,
EventType: action.AddedEventType,
UserID: userID,
EventData: []byte(eventData),
TargetsData: mockTargetsToBytes(targets),
},
gomock.Any(),
).Return(nil)
return fields{
queries: queries,
queue: q,
}, args{
event: &action.AddedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(&repository.Event{
InstanceID: instanceID,
AggregateID: eventID,
ResourceOwner: sql.NullString{String: orgID},
CreationDate: createdAt,
Typ: action.AddedEventType,
Data: []byte(eventData),
EditorUser: userID,
Seq: 1,
AggregateType: action.AggregateType,
Version: action.AggregateVersion,
}),
Name: "name",
Script: "name(){}",
Timeout: 3 * time.Second,
AllowedToFail: true,
},
mapper: action.AddedEventMapper,
}, w
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
ctrl := gomock.NewController(t)
queries := mock.NewMockQueries(ctrl)
queue := mock.NewMockQueue(ctrl)
f, a, w := tt.test(ctrl, queries, queue)
event, err := a.mapper(a.event)
assert.NoError(t, err)
stmt, err := newEventExecutionsHandler(queries, f).reduce(event)
if w.err != nil {
w.err(t, err)
return
}
assert.NoError(t, err)
if w.noOperation {
assert.Nil(t, stmt.Execute)
return
}
err = stmt.Execute(nil, "")
if w.stmtErr != nil {
w.stmtErr(t, err)
return
}
assert.NoError(t, err)
})
}
}
func mockTarget() *query.ExecutionTarget {
return &query.ExecutionTarget{
InstanceID: "instanceID",
ExecutionID: "executionID",
TargetID: "targetID",
TargetType: domain.TargetTypeWebhook,
Endpoint: "endpoint",
Timeout: time.Minute,
InterruptOnError: true,
SigningKey: "key",
}
}
func mockTargets(count int) []*query.ExecutionTarget {
var targets []*query.ExecutionTarget
if count > 0 {
targets = make([]*query.ExecutionTarget, count)
for i := range targets {
targets[i] = mockTarget()
}
}
return targets
}
func mockTargetsToBytes(targets []*query.ExecutionTarget) []byte {
data, _ := json.Marshal(targets)
return data
}
func newEventExecutionsHandler(queries *mock.MockQueries, f fields) *eventHandler {
return &eventHandler{
queue: f.queue,
query: queries,
}
}

72
internal/execution/mock/queries.mock.go Normal file
View File

@@ -0,0 +1,72 @@
// Code generated by MockGen. DO NOT EDIT.
// Source: github.com/zitadel/zitadel/internal/execution (interfaces: Queries)
//
// Generated by this command:
//
// mockgen -package mock -destination ./mock/queries.mock.go github.com/zitadel/zitadel/internal/execution Queries
//
// Package mock is a generated GoMock package.
package mock
import (
context "context"
reflect "reflect"
authz "github.com/zitadel/zitadel/internal/api/authz"
query "github.com/zitadel/zitadel/internal/query"
gomock "go.uber.org/mock/gomock"
)
// MockQueries is a mock of Queries interface.
type MockQueries struct {
ctrl *gomock.Controller
recorder *MockQueriesMockRecorder
}
// MockQueriesMockRecorder is the mock recorder for MockQueries.
type MockQueriesMockRecorder struct {
mock *MockQueries
}
// NewMockQueries creates a new mock instance.
func NewMockQueries(ctrl *gomock.Controller) *MockQueries {
mock := &MockQueries{ctrl: ctrl}
mock.recorder = &MockQueriesMockRecorder{mock}
return mock
}
// EXPECT returns an object that allows the caller to indicate expected use.
func (m *MockQueries) EXPECT() *MockQueriesMockRecorder {
return m.recorder
}
// InstanceByID mocks base method.
func (m *MockQueries) InstanceByID(arg0 context.Context, arg1 string) (authz.Instance, error) {
m.ctrl.T.Helper()
ret := m.ctrl.Call(m, "InstanceByID", arg0, arg1)
ret0, _ := ret[0].(authz.Instance)
ret1, _ := ret[1].(error)
return ret0, ret1
}
// InstanceByID indicates an expected call of InstanceByID.
func (mr *MockQueriesMockRecorder) InstanceByID(arg0, arg1 any) *gomock.Call {
mr.mock.ctrl.T.Helper()
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "InstanceByID", reflect.TypeOf((*MockQueries)(nil).InstanceByID), arg0, arg1)
}
// TargetsByExecutionID mocks base method.
func (m *MockQueries) TargetsByExecutionID(arg0 context.Context, arg1 []string) ([]*query.ExecutionTarget, error) {
m.ctrl.T.Helper()
ret := m.ctrl.Call(m, "TargetsByExecutionID", arg0, arg1)
ret0, _ := ret[0].([]*query.ExecutionTarget)
ret1, _ := ret[1].(error)
return ret0, ret1
}
// TargetsByExecutionID indicates an expected call of TargetsByExecutionID.
func (mr *MockQueriesMockRecorder) TargetsByExecutionID(arg0, arg1 any) *gomock.Call {
mr.mock.ctrl.T.Helper()
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "TargetsByExecutionID", reflect.TypeOf((*MockQueries)(nil).TargetsByExecutionID), arg0, arg1)
}

61
internal/execution/mock/queue.mock.go Normal file
View File

@@ -0,0 +1,61 @@
// Code generated by MockGen. DO NOT EDIT.
// Source: github.com/zitadel/zitadel/internal/execution (interfaces: Queue)
//
// Generated by this command:
//
// mockgen -package mock -destination ./mock/queue.mock.go github.com/zitadel/zitadel/internal/execution Queue
//
// Package mock is a generated GoMock package.
package mock
import (
context "context"
reflect "reflect"
river "github.com/riverqueue/river"
queue "github.com/zitadel/zitadel/internal/queue"
gomock "go.uber.org/mock/gomock"
)
// MockQueue is a mock of Queue interface.
type MockQueue struct {
ctrl *gomock.Controller
recorder *MockQueueMockRecorder
}
// MockQueueMockRecorder is the mock recorder for MockQueue.
type MockQueueMockRecorder struct {
mock *MockQueue
}
// NewMockQueue creates a new mock instance.
func NewMockQueue(ctrl *gomock.Controller) *MockQueue {
mock := &MockQueue{ctrl: ctrl}
mock.recorder = &MockQueueMockRecorder{mock}
return mock
}
// EXPECT returns an object that allows the caller to indicate expected use.
func (m *MockQueue) EXPECT() *MockQueueMockRecorder {
return m.recorder
}
// Insert mocks base method.
func (m *MockQueue) Insert(arg0 context.Context, arg1 river.JobArgs, arg2 ...queue.InsertOpt) error {
m.ctrl.T.Helper()
varargs := []any{arg0, arg1}
for _, a := range arg2 {
varargs = append(varargs, a)
}
ret := m.ctrl.Call(m, "Insert", varargs...)
ret0, _ := ret[0].(error)
return ret0
}
// Insert indicates an expected call of Insert.
func (mr *MockQueueMockRecorder) Insert(arg0, arg1 any, arg2 ...any) *gomock.Call {
mr.mock.ctrl.T.Helper()
varargs := append([]any{arg0, arg1}, arg2...)
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Insert", reflect.TypeOf((*MockQueue)(nil).Insert), varargs...)
}

36
internal/execution/projections.go Normal file
View File

@@ -0,0 +1,36 @@
package execution
import (
"context"
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/eventstore/handler/v2"
"github.com/zitadel/zitadel/internal/query"
"github.com/zitadel/zitadel/internal/query/projection"
"github.com/zitadel/zitadel/internal/queue"
)
var (
projections []*handler.Handler
)
func Register(
ctx context.Context,
executionsCustomConfig projection.CustomConfig,
workerConfig WorkerConfig,
queries *query.Queries,
eventTypes []string,
queue *queue.Queue,
) {
queue.ShouldStart()
projections = []*handler.Handler{
NewEventHandler(ctx, projection.ApplyCustomConfig(executionsCustomConfig), eventTypes, eventstore.AggregateTypeFromEventType, queries, queue),
}
queue.AddWorkers(NewWorker(workerConfig))
}
func Start(ctx context.Context) {
for _, projection := range projections {
projection.Start(ctx)
}
}

85
internal/execution/target_test.go Normal file
View File

@@ -0,0 +1,85 @@
package execution
import (
"encoding/json"
"io"
"net/http"
"net/http/httptest"
"reflect"
"time"
)
type testServer struct {
server *httptest.Server
called bool
}
func (s *testServer) URL() string {
return s.server.URL
}
func (s *testServer) Close() {
s.server.Close()
}
func (s *testServer) Called() bool {
return s.called
}
func testServerCall(
reqBody interface{},
sleep time.Duration,
statusCode int,
respBody interface{},
) (string, func(), func() bool) {
server := &testServer{
called: false,
}
handler := func(w http.ResponseWriter, r *http.Request) {
server.called = true
if reqBody != nil {
data, err := json.Marshal(reqBody)
if err != nil {
http.Error(w, "error, marshall: "+err.Error(), http.StatusInternalServerError)
return
}
sentBody, err := io.ReadAll(r.Body)
if err != nil {
http.Error(w, "error, read body: "+err.Error(), http.StatusInternalServerError)
return
}
if !reflect.DeepEqual(data, sentBody) {
http.Error(w, "error, equal:\n"+string(data)+"\nsent:\n"+string(sentBody), http.StatusInternalServerError)
return
}
}
if statusCode != http.StatusOK {
http.Error(w, "error, statusCode", statusCode)
return
}
time.Sleep(sleep)
if respBody != nil {
w.Header().Set("Content-Type", "application/json")
resp, err := json.Marshal(respBody)
if err != nil {
http.Error(w, "error", http.StatusInternalServerError)
return
}
if _, err := w.Write(resp); err != nil {
http.Error(w, "error", http.StatusInternalServerError)
return
}
} else {
if _, err := io.WriteString(w, "finished successfully"); err != nil {
http.Error(w, "error", http.StatusInternalServerError)
return
}
}
}
server.server = httptest.NewServer(http.HandlerFunc(handler))
return server.URL(), server.Close, server.Called
}

90
internal/execution/worker.go Normal file
View File

@@ -0,0 +1,90 @@
package execution
import (
"context"
"encoding/json"
"errors"
"fmt"
"time"
"github.com/riverqueue/river"
"github.com/zitadel/zitadel/internal/query"
exec_repo "github.com/zitadel/zitadel/internal/repository/execution"
)
type Worker struct {
river.WorkerDefaults[*exec_repo.Request]
config WorkerConfig
now nowFunc
}
// Timeout implements the Timeout-function of [river.Worker].
// Maximum time a job can run before the context gets cancelled.
// The time can be shorter than the sum of target timeouts, this is expected behavior to not block the request indefinitely.
func (w *Worker) Timeout(*river.Job[*exec_repo.Request]) time.Duration {
return w.config.TransactionDuration
}
// Work implements [river.Worker].
func (w *Worker) Work(ctx context.Context, job *river.Job[*exec_repo.Request]) error {
ctx = ContextWithExecuter(ctx, job.Args.Aggregate)
// if the event is too old, we can directly return as it will be removed anyway
if job.CreatedAt.Add(w.config.MaxTtl).Before(w.now()) {
return river.JobCancel(errors.New("event is too old"))
}
targets, err := TargetsFromRequest(job.Args)
if err != nil {
// If we are not able to get the targets from the request, we can cancel the job, as we have nothing to call
return river.JobCancel(fmt.Errorf("unable to unmarshal targets because %w", err))
}
_, err = CallTargets(ctx, targets, exec_repo.ContextInfoFromRequest(job.Args))
if err != nil {
// If there is an error returned from the targets, it means that the execution was interrupted
return river.JobCancel(fmt.Errorf("interruption during call of targets because %w", err))
}
return nil
}
// nowFunc makes [time.Now] mockable
type nowFunc func() time.Time
type WorkerConfig struct {
Workers uint8
TransactionDuration time.Duration
MaxTtl time.Duration
}
func NewWorker(
config WorkerConfig,
) *Worker {
return &Worker{
config: config,
now: time.Now,
}
}
var _ river.Worker[*exec_repo.Request] = (*Worker)(nil)
func (w *Worker) Register(workers *river.Workers, queues map[string]river.QueueConfig) {
river.AddWorker(workers, w)
queues[exec_repo.QueueName] = river.QueueConfig{
MaxWorkers: int(w.config.Workers),
}
}
func TargetsFromRequest(e *exec_repo.Request) ([]Target, error) {
var execTargets []*query.ExecutionTarget
if err := json.Unmarshal(e.TargetsData, &execTargets); err != nil {
return nil, err
}
targets := make([]Target, len(execTargets))
for i, target := range execTargets {
targets[i] = target
}
return targets, nil
}

288
internal/execution/worker_test.go Normal file
View File

@@ -0,0 +1,288 @@
package execution
import (
"context"
"encoding/json"
"errors"
"net/http"
"testing"
"time"
"github.com/riverqueue/river"
"github.com/riverqueue/river/rivertype"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/zitadel/zitadel/internal/api/authz"
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/execution/mock"
"github.com/zitadel/zitadel/internal/query"
"github.com/zitadel/zitadel/internal/repository/action"
exec_repo "github.com/zitadel/zitadel/internal/repository/execution"
"github.com/zitadel/zitadel/internal/repository/user"
"github.com/zitadel/zitadel/internal/zerrors"
)
type fields struct {
queries *mock.MockQueries
queue *mock.MockQueue
}
type fieldsWorker struct {
now nowFunc
}
type args struct {
event eventstore.Event
mapper func(event eventstore.Event) (eventstore.Event, error)
}
type argsWorker struct {
job *river.Job[*exec_repo.Request]
}
type want struct {
noOperation bool
err assert.ErrorAssertionFunc
stmtErr assert.ErrorAssertionFunc
}
type wantWorker struct {
targets []*query.ExecutionTarget
sendStatusCode int
err assert.ErrorAssertionFunc
}
func newExecutionWorker(f fieldsWorker) *Worker {
return &Worker{
config: WorkerConfig{
Workers: 1,
TransactionDuration: 5 * time.Second,
MaxTtl: 5 * time.Minute,
},
now: f.now,
}
}
const (
userID = "user1"
orgID = "orgID"
instanceID = "instanceID"
eventID = "eventID"
eventData = `{"name":"name","script":"name(){}","timeout":3000000000,"allowedToFail":true}`
)
func Test_handleEventExecution(t *testing.T) {
testNow := time.Now
tests := []struct {
name string
test func() (fieldsWorker, argsWorker, wantWorker)
}{
{
"max TTL",
func() (fieldsWorker, argsWorker, wantWorker) {
return fieldsWorker{
now: testNow,
},
argsWorker{
job: &river.Job[*exec_repo.Request]{
JobRow: &rivertype.JobRow{
CreatedAt: time.Now().Add(-1 * time.Hour),
},
Args: &exec_repo.Request{
Aggregate: &eventstore.Aggregate{
InstanceID: instanceID,
ID: eventID,
ResourceOwner: instanceID,
},
Sequence: 1,
CreatedAt: time.Now().Add(-1 * time.Hour),
EventType: user.HumanInviteCodeAddedType,
UserID: userID,
EventData: []byte(eventData),
},
},
},
wantWorker{
targets: mockTargets(1),
sendStatusCode: http.StatusOK,
err: func(tt assert.TestingT, err error, i ...interface{}) bool {
return errors.Is(err, new(river.JobCancelError))
},
}
},
},
{
"none",
func() (fieldsWorker, argsWorker, wantWorker) {
return fieldsWorker{
now: testNow,
},
argsWorker{
job: &river.Job[*exec_repo.Request]{
JobRow: &rivertype.JobRow{
CreatedAt: time.Now(),
},
Args: &exec_repo.Request{
Aggregate: &eventstore.Aggregate{
InstanceID: instanceID,
ID: eventID,
ResourceOwner: instanceID,
},
Sequence: 1,
CreatedAt: time.Now(),
EventType: user.HumanInviteCodeAddedType,
UserID: userID,
EventData: []byte(eventData),
},
},
},
wantWorker{
targets: mockTargets(0),
sendStatusCode: http.StatusOK,
err: nil,
}
},
},
{
"single",
func() (fieldsWorker, argsWorker, wantWorker) {
return fieldsWorker{
now: testNow,
},
argsWorker{
job: &river.Job[*exec_repo.Request]{
JobRow: &rivertype.JobRow{
CreatedAt: time.Now(),
},
Args: &exec_repo.Request{
Aggregate: &eventstore.Aggregate{
InstanceID: instanceID,
Type: action.AggregateType,
Version: action.AggregateVersion,
ID: eventID,
ResourceOwner: orgID,
},
Sequence: 1,
CreatedAt: time.Now().UTC(),
EventType: action.AddedEventType,
UserID: userID,
EventData: []byte(eventData),
},
},
},
wantWorker{
targets: mockTargets(1),
sendStatusCode: http.StatusOK,
err: nil,
}
},
},
{
"single, failed 400",
func() (fieldsWorker, argsWorker, wantWorker) {
return fieldsWorker{
now: testNow,
},
argsWorker{
job: &river.Job[*exec_repo.Request]{
JobRow: &rivertype.JobRow{
CreatedAt: time.Now(),
},
Args: &exec_repo.Request{
Aggregate: &eventstore.Aggregate{
InstanceID: instanceID,
Type: action.AggregateType,
Version: action.AggregateVersion,
ID: eventID,
ResourceOwner: orgID,
},
Sequence: 1,
CreatedAt: time.Now().UTC(),
EventType: action.AddedEventType,
UserID: userID,
EventData: []byte(eventData),
},
},
},
wantWorker{
targets: mockTargets(1),
sendStatusCode: http.StatusBadRequest,
err: func(tt assert.TestingT, err error, i ...interface{}) bool {
return errors.Is(err, zerrors.ThrowPreconditionFailed(nil, "EXEC-dra6yamk98", "Errors.Execution.Failed"))
},
}
},
},
{
"multiple",
func() (fieldsWorker, argsWorker, wantWorker) {
return fieldsWorker{
now: testNow,
},
argsWorker{
job: &river.Job[*exec_repo.Request]{
JobRow: &rivertype.JobRow{
CreatedAt: time.Now(),
},
Args: &exec_repo.Request{
Aggregate: &eventstore.Aggregate{
InstanceID: instanceID,
Type: action.AggregateType,
Version: action.AggregateVersion,
ID: eventID,
ResourceOwner: orgID,
},
Sequence: 1,
CreatedAt: time.Now().UTC(),
EventType: action.AddedEventType,
UserID: userID,
EventData: []byte(eventData),
},
},
},
wantWorker{
targets: mockTargets(3),
sendStatusCode: http.StatusOK,
err: nil,
}
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
f, a, w := tt.test()
closeFuncs := make([]func(), len(w.targets))
calledFuncs := make([]func() bool, len(w.targets))
for i := range w.targets {
url, closeF, calledF := testServerCall(
exec_repo.ContextInfoFromRequest(a.job.Args),
time.Second,
w.sendStatusCode,
nil,
)
w.targets[i].Endpoint = url
closeFuncs[i] = closeF
calledFuncs[i] = calledF
}
data, err := json.Marshal(w.targets)
require.NoError(t, err)
a.job.Args.TargetsData = data
err = newExecutionWorker(f).Work(
authz.WithInstanceID(context.Background(), instanceID),
a.job,
)
if w.err != nil {
assert.Error(t, err)
return
}
assert.NoError(t, err)
for _, closeF := range closeFuncs {
closeF()
}
for _, calledF := range calledFuncs {
assert.True(t, calledF())
}
})
}
}