feat: implement user schema management (#7416)

This PR adds the functionality to manage user schemas through the new user schema service. It includes the possibility to create a basic JSON schema and also provides a way on defining permissions (read, write) for owner and self context with an annotation. Further annotations for OIDC claims and SAML attribute mappings will follow. A guide on how to create a schema and assign permissions has been started. It will be extended though out the process of implementing the schema and users based on those. Note: This feature is in an early stage and therefore not enabled by default. To test it out, please enable the UserSchema feature flag on your instance / system though the feature service.
2025-08-11 21:27:42 +00:00 · 2024-03-12 14:50:13 +01:00
parent 2a39cc16f5
commit 0e181b218c
61 changed files with 3614 additions and 35 deletions
--- a/internal/api/grpc/feature/v2/converter.go
+++ b/internal/api/grpc/feature/v2/converter.go
@@ -13,6 +13,7 @@ func systemFeaturesToCommand(req *feature_pb.SetSystemFeaturesRequest) *command.
 		LoginDefaultOrg:                 req.LoginDefaultOrg,
 		TriggerIntrospectionProjections: req.OidcTriggerIntrospectionProjections,
 		LegacyIntrospection:             req.OidcLegacyIntrospection,
+		UserSchema:                      req.UserSchema,
 	}
 }

@@ -22,6 +23,7 @@ func systemFeaturesToPb(f *query.SystemFeatures) *feature_pb.GetSystemFeaturesRe
 		LoginDefaultOrg:                     featureSourceToFlagPb(&f.LoginDefaultOrg),
 		OidcTriggerIntrospectionProjections: featureSourceToFlagPb(&f.TriggerIntrospectionProjections),
 		OidcLegacyIntrospection:             featureSourceToFlagPb(&f.LegacyIntrospection),
+		UserSchema:                          featureSourceToFlagPb(&f.UserSchema),
 	}
 }

@@ -30,6 +32,7 @@ func instanceFeaturesToCommand(req *feature_pb.SetInstanceFeaturesRequest) *comm
 		LoginDefaultOrg:                 req.LoginDefaultOrg,
 		TriggerIntrospectionProjections: req.OidcTriggerIntrospectionProjections,
 		LegacyIntrospection:             req.OidcLegacyIntrospection,
+		UserSchema:                      req.UserSchema,
 	}
 }

@@ -39,6 +42,7 @@ func instanceFeaturesToPb(f *query.InstanceFeatures) *feature_pb.GetInstanceFeat
 		LoginDefaultOrg:                     featureSourceToFlagPb(&f.LoginDefaultOrg),
 		OidcTriggerIntrospectionProjections: featureSourceToFlagPb(&f.TriggerIntrospectionProjections),
 		OidcLegacyIntrospection:             featureSourceToFlagPb(&f.LegacyIntrospection),
+		UserSchema:                          featureSourceToFlagPb(&f.UserSchema),
 	}
 }

--- a/internal/api/grpc/feature/v2/converter_test.go
+++ b/internal/api/grpc/feature/v2/converter_test.go
@@ -21,11 +21,13 @@ func Test_systemFeaturesToCommand(t *testing.T) {
 		LoginDefaultOrg:                     gu.Ptr(true),
 		OidcTriggerIntrospectionProjections: gu.Ptr(false),
 		OidcLegacyIntrospection:             nil,
+		UserSchema:                          gu.Ptr(true),
 	}
 	want := &command.SystemFeatures{
 		LoginDefaultOrg:                 gu.Ptr(true),
 		TriggerIntrospectionProjections: gu.Ptr(false),
 		LegacyIntrospection:             nil,
+		UserSchema:                      gu.Ptr(true),
 	}
 	got := systemFeaturesToCommand(arg)
 	assert.Equal(t, want, got)
@@ -50,6 +52,10 @@ func Test_systemFeaturesToPb(t *testing.T) {
 			Level: feature.LevelSystem,
 			Value: true,
 		},
+		UserSchema: query.FeatureSource[bool]{
+			Level: feature.LevelSystem,
+			Value: true,
+		},
 	}
 	want := &feature_pb.GetSystemFeaturesResponse{
 		Details: &object.Details{
@@ -69,6 +75,10 @@ func Test_systemFeaturesToPb(t *testing.T) {
 			Enabled: true,
 			Source:  feature_pb.Source_SOURCE_SYSTEM,
 		},
+		UserSchema: &feature_pb.FeatureFlag{
+			Enabled: true,
+			Source:  feature_pb.Source_SOURCE_SYSTEM,
+		},
 	}
 	got := systemFeaturesToPb(arg)
 	assert.Equal(t, want, got)
@@ -79,11 +89,13 @@ func Test_instanceFeaturesToCommand(t *testing.T) {
 		LoginDefaultOrg:                     gu.Ptr(true),
 		OidcTriggerIntrospectionProjections: gu.Ptr(false),
 		OidcLegacyIntrospection:             nil,
+		UserSchema:                          gu.Ptr(true),
 	}
 	want := &command.InstanceFeatures{
 		LoginDefaultOrg:                 gu.Ptr(true),
 		TriggerIntrospectionProjections: gu.Ptr(false),
 		LegacyIntrospection:             nil,
+		UserSchema:                      gu.Ptr(true),
 	}
 	got := instanceFeaturesToCommand(arg)
 	assert.Equal(t, want, got)
@@ -108,6 +120,10 @@ func Test_instanceFeaturesToPb(t *testing.T) {
 			Level: feature.LevelInstance,
 			Value: true,
 		},
+		UserSchema: query.FeatureSource[bool]{
+			Level: feature.LevelInstance,
+			Value: true,
+		},
 	}
 	want := &feature_pb.GetInstanceFeaturesResponse{
 		Details: &object.Details{
@@ -127,6 +143,10 @@ func Test_instanceFeaturesToPb(t *testing.T) {
 			Enabled: true,
 			Source:  feature_pb.Source_SOURCE_INSTANCE,
 		},
+		UserSchema: &feature_pb.FeatureFlag{
+			Enabled: true,
+			Source:  feature_pb.Source_SOURCE_INSTANCE,
+		},
 	}
 	got := instanceFeaturesToPb(arg)
 	assert.Equal(t, want, got)
--- a/internal/api/grpc/feature/v2/feature_integration_test.go
+++ b/internal/api/grpc/feature/v2/feature_integration_test.go
@@ -218,6 +218,7 @@ func TestServer_GetSystemFeatures(t *testing.T) {
 			assertFeatureFlag(t, tt.want.LoginDefaultOrg, got.LoginDefaultOrg)
 			assertFeatureFlag(t, tt.want.OidcTriggerIntrospectionProjections, got.OidcTriggerIntrospectionProjections)
 			assertFeatureFlag(t, tt.want.OidcLegacyIntrospection, got.OidcLegacyIntrospection)
+			assertFeatureFlag(t, tt.want.UserSchema, got.UserSchema)
 		})
 	}
 }
@@ -384,6 +385,10 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 					Enabled: true,
 					Source:  feature.Source_SOURCE_SYSTEM,
 				},
+				UserSchema: &feature.FeatureFlag{
+					Enabled: false,
+					Source:  feature.Source_SOURCE_UNSPECIFIED,
+				},
 			},
 		},
 		{
@@ -392,6 +397,7 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 				_, err := Client.SetInstanceFeatures(IamCTX, &feature.SetInstanceFeaturesRequest{
 					LoginDefaultOrg:                     gu.Ptr(true),
 					OidcTriggerIntrospectionProjections: gu.Ptr(false),
+					UserSchema:                          gu.Ptr(true),
 				})
 				require.NoError(t, err)
 			},
@@ -408,6 +414,10 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 					Enabled: false,
 					Source:  feature.Source_SOURCE_INSTANCE,
 				},
+				UserSchema: &feature.FeatureFlag{
+					Enabled: true,
+					Source:  feature.Source_SOURCE_INSTANCE,
+				},
 			},
 		},
 		{
@@ -437,6 +447,10 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 					Enabled: true,
 					Source:  feature.Source_SOURCE_SYSTEM,
 				},
+				UserSchema: &feature.FeatureFlag{
+					Enabled: false,
+					Source:  feature.Source_SOURCE_UNSPECIFIED,
+				},
 			},
 		},
 	}
@@ -459,6 +473,7 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 			assertFeatureFlag(t, tt.want.LoginDefaultOrg, got.LoginDefaultOrg)
 			assertFeatureFlag(t, tt.want.OidcTriggerIntrospectionProjections, got.OidcTriggerIntrospectionProjections)
 			assertFeatureFlag(t, tt.want.OidcLegacyIntrospection, got.OidcLegacyIntrospection)
+			assertFeatureFlag(t, tt.want.UserSchema, got.UserSchema)
 		})
 	}
 }