chore!: Introduce ZITADEL v3 (#9645)

This PR summarizes multiple changes specifically only available with ZITADEL v3: - feat: Web Keys management (https://github.com/zitadel/zitadel/pull/9526) - fix(cmd): ensure proper working of mirror (https://github.com/zitadel/zitadel/pull/9509) - feat(Authz): system user support for permission check v2 (https://github.com/zitadel/zitadel/pull/9640) - chore(license): change from Apache to AGPL (https://github.com/zitadel/zitadel/pull/9597) - feat(console): list v2 sessions (https://github.com/zitadel/zitadel/pull/9539) - fix(console): add loginV2 feature flag (https://github.com/zitadel/zitadel/pull/9682) - fix(feature flags): allow reading "own" flags (https://github.com/zitadel/zitadel/pull/9649) - feat(console): add Actions V2 UI (https://github.com/zitadel/zitadel/pull/9591) BREAKING CHANGE - feat(webkey): migrate to v2beta API (https://github.com/zitadel/zitadel/pull/9445) - chore!: remove CockroachDB Support (https://github.com/zitadel/zitadel/pull/9444) - feat(actions): migrate to v2beta API (https://github.com/zitadel/zitadel/pull/9489) --------- Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com> Co-authored-by: Ramon <mail@conblem.me> Co-authored-by: Elio Bischof <elio@zitadel.com> Co-authored-by: Kenta Yamaguchi <56732734+KEY60228@users.noreply.github.com> Co-authored-by: Harsha Reddy <harsha.reddy@klaviyo.com> Co-authored-by: Livio Spring <livio@zitadel.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Iraq <66622793+kkrime@users.noreply.github.com> Co-authored-by: Florian Forster <florian@zitadel.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Max Peintner <peintnerm@gmail.com>
2025-08-11 21:37:32 +00:00 · 2025-04-02 16:53:06 +02:00
parent d14a23ae7e
commit 07ce3b6905
559 changed files with 14578 additions and 7622 deletions
--- a/internal/query/projection/eventstore_field.go
+++ b/internal/query/projection/eventstore_field.go
@@ -5,6 +5,7 @@ import (
 	"github.com/zitadel/zitadel/internal/eventstore/handler/v2"
 	"github.com/zitadel/zitadel/internal/repository/instance"
 	"github.com/zitadel/zitadel/internal/repository/org"
+	"github.com/zitadel/zitadel/internal/repository/permission"
 	"github.com/zitadel/zitadel/internal/repository/project"
 )

@@ -13,6 +14,7 @@ const (
 	fieldsOrgDomainVerified = "org_domain_verified_fields"
 	fieldsInstanceDomain    = "instance_domain_fields"
 	fieldsMemberships       = "membership_fields"
+	fieldsPermission        = "permission_fields"
 )

 func newFillProjectGrantFields(config handler.Config) *handler.FieldHandler {
@@ -83,3 +85,16 @@ func newFillMembershipFields(config handler.Config) *handler.FieldHandler {
 		},
 	)
 }
+
+func newFillPermissionFields(config handler.Config) *handler.FieldHandler {
+	return handler.NewFieldHandler(
+		&config,
+		permission.PermissionSearchField,
+		map[eventstore.AggregateType][]eventstore.EventType{
+			permission.AggregateType: {
+				permission.AddedType,
+				permission.RemovedType,
+			},
+		},
+	)
+}
--- a/internal/query/projection/projection.go
+++ b/internal/query/projection/projection.go
@@ -86,6 +86,7 @@ var (
 	OrgDomainVerifiedFields *handler.FieldHandler
 	InstanceDomainFields    *handler.FieldHandler
 	MembershipFields        *handler.FieldHandler
+	PermissionFields        *handler.FieldHandler
 )

 type projection interface {
@@ -97,6 +98,7 @@ type projection interface {

 var (
 	projections []projection
+	fields      []*handler.FieldHandler
 )

 func Create(ctx context.Context, sqlClient *database.DB, es handler.EventStore, config Config, keyEncryptionAlgorithm crypto.EncryptionAlgorithm, certEncryptionAlgorithm crypto.EncryptionAlgorithm, systemUsers map[string]*internal_authz.SystemAPIUser) error {
@@ -176,8 +178,11 @@ func Create(ctx context.Context, sqlClient *database.DB, es handler.EventStore,
 	OrgDomainVerifiedFields = newFillOrgDomainVerifiedFields(applyCustomConfig(projectionConfig, config.Customizations[fieldsOrgDomainVerified]))
 	InstanceDomainFields = newFillInstanceDomainFields(applyCustomConfig(projectionConfig, config.Customizations[fieldsInstanceDomain]))
 	MembershipFields = newFillMembershipFields(applyCustomConfig(projectionConfig, config.Customizations[fieldsMemberships]))
+	PermissionFields = newFillPermissionFields(applyCustomConfig(projectionConfig, config.Customizations[fieldsPermission]))
+	// Don't forget to add the new field handler to [ProjectInstanceFields]

 	newProjectionsList()
+	newFieldsList()
 	return nil
 }

@@ -210,6 +215,16 @@ func ProjectInstance(ctx context.Context) error {
 	return nil
 }

+func ProjectInstanceFields(ctx context.Context) error {
+	for _, fieldProjection := range fields {
+		err := fieldProjection.Trigger(ctx)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 func ApplyCustomConfig(customConfig CustomConfig) handler.Config {
 	return applyCustomConfig(projectionConfig, customConfig)
 }
@@ -234,6 +249,16 @@ func applyCustomConfig(config handler.Config, customConfig CustomConfig) handler
 	return config
 }

+func newFieldsList() {
+	fields = []*handler.FieldHandler{
+		ProjectGrantFields,
+		OrgDomainVerifiedFields,
+		InstanceDomainFields,
+		MembershipFields,
+		PermissionFields,
+	}
+}
+
 // we know this is ugly, but we need to have a singleton slice of all projections
 // and are only able to initialize it after all projections are created
 // as setup and start currently create them individually, we make sure we get the right one