feat: implement user schema management (#7416)

This PR adds the functionality to manage user schemas through the new user schema service.
It includes the possibility to create a basic JSON schema and also provides a way on defining permissions (read, write) for owner and self context with an annotation.

Further annotations for OIDC claims and SAML attribute mappings will follow.

A guide on how to create a schema and assign permissions has been started. It will be extended though out the process of implementing the schema and users based on those.

Note:
This feature is in an early stage and therefore not enabled by default. To test it out, please enable the UserSchema feature flag on your instance / system though the feature service.

internal/command/user_schema_model.go

@@ -0,0 +1,112 @@
+package command
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+
+	"golang.org/x/exp/slices"
+
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/repository/user/schema"
+)
+
+type UserSchemaWriteModel struct {
+	eventstore.WriteModel
+
+	SchemaType             string
+	Schema                 json.RawMessage
+	PossibleAuthenticators []domain.AuthenticatorType
+	State                  domain.UserSchemaState
+}
+
+func NewUserSchemaWriteModel(schemaID, resourceOwner string) *UserSchemaWriteModel {
+	return &UserSchemaWriteModel{
+		WriteModel: eventstore.WriteModel{
+			AggregateID:   schemaID,
+			ResourceOwner: resourceOwner,
+		},
+	}
+}
+
+func (wm *UserSchemaWriteModel) Reduce() error {
+	for _, event := range wm.Events {
+		switch e := event.(type) {
+		case *schema.CreatedEvent:
+			wm.SchemaType = e.SchemaType
+			wm.Schema = e.Schema
+			wm.PossibleAuthenticators = e.PossibleAuthenticators
+			wm.State = domain.UserSchemaStateActive
+		case *schema.UpdatedEvent:
+			if e.SchemaType != nil {
+				wm.SchemaType = *e.SchemaType
+			}
+			if len(e.Schema) > 0 {
+				wm.Schema = e.Schema
+			}
+			if len(e.PossibleAuthenticators) > 0 {
+				wm.PossibleAuthenticators = e.PossibleAuthenticators
+			}
+		case *schema.DeactivatedEvent:
+			wm.State = domain.UserSchemaStateInactive
+		case *schema.ReactivatedEvent:
+			wm.State = domain.UserSchemaStateActive
+		case *schema.DeletedEvent:
+			wm.State = domain.UserSchemaStateDeleted
+		}
+	}
+	return wm.WriteModel.Reduce()
+}
+
+func (wm *UserSchemaWriteModel) Query() *eventstore.SearchQueryBuilder {
+	return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
+		ResourceOwner(wm.ResourceOwner).
+		AddQuery().
+		AggregateTypes(schema.AggregateType).
+		AggregateIDs(wm.AggregateID).
+		EventTypes(
+			schema.CreatedType,
+			schema.UpdatedType,
+			schema.DeactivatedType,
+			schema.ReactivatedType,
+			schema.DeletedType,
+		).
+		Builder()
+}
+func (wm *UserSchemaWriteModel) NewUpdatedEvent(
+	ctx context.Context,
+	agg *eventstore.Aggregate,
+	schemaType *string,
+	userSchema json.RawMessage,
+	possibleAuthenticators []domain.AuthenticatorType,
+) *schema.UpdatedEvent {
+	changes := make([]schema.Changes, 0)
+	if schemaType != nil && wm.SchemaType != *schemaType {
+		changes = append(changes, schema.ChangeSchemaType(wm.SchemaType, *schemaType))
+	}
+	if !bytes.Equal(wm.Schema, userSchema) {
+		changes = append(changes, schema.ChangeSchema(userSchema))
+	}
+	if len(possibleAuthenticators) > 0 && slices.Compare(wm.PossibleAuthenticators, possibleAuthenticators) != 0 {
+		changes = append(changes, schema.ChangePossibleAuthenticators(possibleAuthenticators))
+	}
+	if len(changes) == 0 {
+		return nil
+	}
+	return schema.NewUpdatedEvent(ctx, agg, changes)
+}
+
+func UserSchemaAggregateFromWriteModel(wm *eventstore.WriteModel) *eventstore.Aggregate {
+	return &eventstore.Aggregate{
+		ID:            wm.AggregateID,
+		Type:          schema.AggregateType,
+		ResourceOwner: wm.ResourceOwner,
+		InstanceID:    wm.InstanceID,
+		Version:       schema.AggregateVersion,
+	}
+}
+
+func (wm *UserSchemaWriteModel) Exists() bool {
+	return wm.State != domain.UserSchemaStateUnspecified && wm.State != domain.UserSchemaStateDeleted
+}