TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-04-22 17:31:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: updating projections.idp_templates6 to projections.idp_templates7 (#9517)

Browse Source 
# Which Problems Are Solved

This was left out as part of
https://github.com/zitadel/zitadel/pull/9292

- Closes https://github.com/zitadel/zitadel/issues/9514

---------

Co-authored-by: Iraq Jaber <IraqJaber@gmail.com>
This commit is contained in:
Iraq 2025-03-18 15:23:12 +00:00 committed by GitHub
parent f1f500d0e7
commit 11c9be3b8d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
11 changed files with 265 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
cmd/setup/51.go Normal file
View File

@ -0,0 +1,27 @@
package setup
import (
"context"
_ "embed"
"github.com/zitadel/zitadel/internal/database"
"github.com/zitadel/zitadel/internal/eventstore"
)
var (
//go:embed 51.sql
addRootCA string
)
type IDPTemplate6RootCA struct {
dbClient *database.DB
}
func (mig *IDPTemplate6RootCA) Execute(ctx context.Context, _ eventstore.Event) error {
_, err := mig.dbClient.ExecContext(ctx, addRootCA)
return err
}
func (mig *IDPTemplate6RootCA) String() string {
return "51_idp_templates6_add_root_ca"
}

1
cmd/setup/51.sql Normal file
View File

@ -0,0 +1 @@
ALTER TABLE IF EXISTS projections.idp_templates6_ldap2 ADD COLUMN IF NOT EXISTS root_ca BYTEA;

1
cmd/setup/config.go
View File

@ -139,6 +139,7 @@ type Steps struct {
s48Apps7SAMLConfigsLoginVersion *Apps7SAMLConfigsLoginVersion s48Apps7SAMLConfigsLoginVersion *Apps7SAMLConfigsLoginVersion
s49InitPermittedOrgsFunction *InitPermittedOrgsFunction s49InitPermittedOrgsFunction *InitPermittedOrgsFunction
s50IDPTemplate6UsePKCE *IDPTemplate6UsePKCE s50IDPTemplate6UsePKCE *IDPTemplate6UsePKCE
s51IDPTemplate6RootCA *IDPTemplate6RootCA
} }
func MustNewSteps(v *viper.Viper) *Steps { func MustNewSteps(v *viper.Viper) *Steps {

2
cmd/setup/setup.go
View File

@ -177,6 +177,7 @@ func Setup(ctx context.Context, config *Config, steps *Steps, masterKey string)
steps.s48Apps7SAMLConfigsLoginVersion = &Apps7SAMLConfigsLoginVersion{dbClient: dbClient} steps.s48Apps7SAMLConfigsLoginVersion = &Apps7SAMLConfigsLoginVersion{dbClient: dbClient}
steps.s49InitPermittedOrgsFunction = &InitPermittedOrgsFunction{eventstoreClient: dbClient} steps.s49InitPermittedOrgsFunction = &InitPermittedOrgsFunction{eventstoreClient: dbClient}
steps.s50IDPTemplate6UsePKCE = &IDPTemplate6UsePKCE{dbClient: dbClient} steps.s50IDPTemplate6UsePKCE = &IDPTemplate6UsePKCE{dbClient: dbClient}
steps.s51IDPTemplate6RootCA = &IDPTemplate6RootCA{dbClient: dbClient}
err = projection.Create(ctx, dbClient, eventstoreClient, config.Projections, nil, nil, nil) err = projection.Create(ctx, dbClient, eventstoreClient, config.Projections, nil, nil, nil)
logging.OnError(err).Fatal("unable to start projections") logging.OnError(err).Fatal("unable to start projections")
@ -216,6 +217,7 @@ func Setup(ctx context.Context, config *Config, steps *Steps, masterKey string)
steps.s47FillMembershipFields, steps.s47FillMembershipFields,
steps.s49InitPermittedOrgsFunction, steps.s49InitPermittedOrgsFunction,
steps.s50IDPTemplate6UsePKCE, steps.s50IDPTemplate6UsePKCE,
steps.s51IDPTemplate6RootCA,
} { } {
mustExecuteMigration(ctx, eventstoreClient, step, "migration failed") mustExecuteMigration(ctx, eventstoreClient, step, "migration failed")
} }

20
internal/command/instance_idp.go
View File

@ -2,6 +2,7 @@ package command
import ( import (
"context" "context"
"crypto/x509"
"strings" "strings"
"github.com/zitadel/saml/pkg/provider/xml" "github.com/zitadel/saml/pkg/provider/xml"
@ -1532,6 +1533,12 @@ func (c *Commands) prepareAddInstanceLDAPProvider(a *instance.Aggregate, writeMo
if len(provider.UserFilters) == 0 { if len(provider.UserFilters) == 0 {
return nil, zerrors.ThrowInvalidArgument(nil, "INST-aAx905n", "Errors.Invalid.Argument") return nil, zerrors.ThrowInvalidArgument(nil, "INST-aAx905n", "Errors.Invalid.Argument")
} }
if len(provider.RootCA) > 0 {
if err := validateRootCA(provider.RootCA); err != nil {
return nil, err
}
}
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
events, err := filter(ctx, writeModel.Query()) events, err := filter(ctx, writeModel.Query())
if err != nil { if err != nil {
@ -1569,6 +1576,14 @@ func (c *Commands) prepareAddInstanceLDAPProvider(a *instance.Aggregate, writeMo
} }
} }
func validateRootCA(pemCerts []byte) error {
rootCAs := x509.NewCertPool()
if ok := rootCAs.AppendCertsFromPEM(pemCerts); !ok {
return zerrors.ThrowInvalidArgument(nil, "INST-cwqVVdBwKt", "Errors.Invalid.Argument")
}
return nil
}
func (c *Commands) prepareUpdateInstanceLDAPProvider(a *instance.Aggregate, writeModel *InstanceLDAPIDPWriteModel, provider LDAPProvider) preparation.Validation { func (c *Commands) prepareUpdateInstanceLDAPProvider(a *instance.Aggregate, writeModel *InstanceLDAPIDPWriteModel, provider LDAPProvider) preparation.Validation {
return func() (preparation.CreateCommands, error) { return func() (preparation.CreateCommands, error) {
if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" { if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" {
@ -1595,6 +1610,11 @@ func (c *Commands) prepareUpdateInstanceLDAPProvider(a *instance.Aggregate, writ
if len(provider.UserFilters) == 0 { if len(provider.UserFilters) == 0 {
return nil, zerrors.ThrowInvalidArgument(nil, "INST-aAx901n", "Errors.Invalid.Argument") return nil, zerrors.ThrowInvalidArgument(nil, "INST-aAx901n", "Errors.Invalid.Argument")
} }
if len(provider.RootCA) > 0 {
if err := validateRootCA(provider.RootCA); err != nil {
return nil, err
}
}
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
events, err := filter(ctx, writeModel.Query()) events, err := filter(ctx, writeModel.Query())
if err != nil { if err != nil {

90
internal/command/instance_idp_test.go
View File

@ -87,6 +87,26 @@ var (
</KeyDescriptor> </KeyDescriptor>
</AttributeAuthorityDescriptor> </AttributeAuthorityDescriptor>
</EntityDescriptor>`) </EntityDescriptor>`)
validLDAPRootCA = []byte(`-----BEGIN CERTIFICATE-----
MIIDITCCAgmgAwIBAgIUKjAUmxsHO44X+/TKBNciPgNl1GEwDQYJKoZIhvcNAQEL
BQAwIDEeMBwGA1UEAwwVbXlzZXJ2aWNlLmV4YW1wbGUuY29tMB4XDTI0MTIxOTEz
Mzc1MVoXDTI1MTIxOTEzMzc1MVowIDEeMBwGA1UEAwwVbXlzZXJ2aWNlLmV4YW1w
bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0QYuJsayILRI
hVT7G1DlitVSXnt1iw3gEXJZfe81Egz06fUbvXF6Yo1LJmwYpqe/rm+hf4FNUb8e
2O+LH2FieA9FkVe4P2gKOzw87A/KxvpV8stgNgl4LlqRCokbc1AzeE/NiLr5TcTD
RXm3DUcYxXxinprtDu2jftFysaOZmNAukvE/iL6qS3X6ggVEDDM7tY9n5FV2eJ4E
p0ImKfypi2aZYROxOK+v5x9ryFRMl4y07lMDvmtcV45uXYmfGNCgG9PNf91Kk/mh
JxEQbxycJwFoSi9XWljR8ahPdO11LXG7Dsj/RVbY8k2LdKNstl6Ae3aCpbe9u2Pj
vxYs1bVJuQIDAQABo1MwUTAdBgNVHQ4EFgQU+mRVN5HYJWgnpopReaLhf2cMcoYw
HwYDVR0jBBgwFoAU+mRVN5HYJWgnpopReaLhf2cMcoYwDwYDVR0TAQH/BAUwAwEB
/zANBgkqhkiG9w0BAQsFAAOCAQEABJpHVuc9tGhD04infRVlofvqXIUizTlOrjZX
vozW9pIhSWEHX8o+sJP8AMZLnrsdq+bm0HE0HvgYrw7Lb8pd4FpR46TkFHjeukoj
izqfgckjIBl2nwPGlynbKA0/U/rTCSxVt7XiAn+lgYUGIpOzNdk06/hRMitrMNB7
t2C97NseVC4b1ZgyFrozsefCfUmD8IJF0+XJ4Wzmsh0jRrI8koCtVmPYnKn6vw1b
cZprg/97CWHYrsavd406wOB60CMtYl83Q16ucOF1dretDFqJC5kY+aFLvuqfag2+
kIaoPV1MnGsxveQyyHdOsEatS5XOv/1OWcmnvePDPxcvb9jCcw==
-----END CERTIFICATE-----
`)
) )
func TestCommandSide_AddInstanceGenericOAuthIDP(t *testing.T) { func TestCommandSide_AddInstanceGenericOAuthIDP(t *testing.T) {
@ -4258,6 +4278,34 @@ func TestCommandSide_AddInstanceLDAPIDP(t *testing.T) {
}, },
}, },
}, },
{
"invalid rootCA",
fields{
eventstore: expectEventstore(),
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "id1"),
},
args{
ctx: authz.WithInstanceID(context.Background(), "instance1"),
provider: LDAPProvider{
Name: "name",
Servers: []string{"server"},
StartTLS: false,
BaseDN: "baseDN",
BindDN: "dn",
BindPassword: "password",
UserBase: "user",
UserObjectClasses: []string{"object"},
UserFilters: []string{"filter"},
Timeout: time.Second * 30,
RootCA: []byte("certificate"),
},
},
res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-cwqVVdBwKt", "Errors.Invalid.Argument"))
},
},
},
{ {
name: "ok", name: "ok",
fields: fields{ fields: fields{
@ -4281,7 +4329,7 @@ func TestCommandSide_AddInstanceLDAPIDP(t *testing.T) {
[]string{"object"}, []string{"object"},
[]string{"filter"}, []string{"filter"},
time.Second*30, time.Second*30,
[]byte("certificate"), nil,
idp.LDAPAttributes{}, idp.LDAPAttributes{},
idp.Options{}, idp.Options{},
), ),
@ -4303,7 +4351,6 @@ func TestCommandSide_AddInstanceLDAPIDP(t *testing.T) {
UserObjectClasses: []string{"object"}, UserObjectClasses: []string{"object"},
UserFilters: []string{"filter"}, UserFilters: []string{"filter"},
Timeout: time.Second * 30, Timeout: time.Second * 30,
RootCA: []byte("certificate"),
}, },
}, },
res: res{ res: res{
@ -4334,7 +4381,7 @@ func TestCommandSide_AddInstanceLDAPIDP(t *testing.T) {
[]string{"object"}, []string{"object"},
[]string{"filter"}, []string{"filter"},
time.Second*30, time.Second*30,
[]byte("certificate"), validLDAPRootCA,
idp.LDAPAttributes{ idp.LDAPAttributes{
IDAttribute: "id", IDAttribute: "id",
FirstNameAttribute: "firstName", FirstNameAttribute: "firstName",
@ -4375,7 +4422,7 @@ func TestCommandSide_AddInstanceLDAPIDP(t *testing.T) {
UserObjectClasses: []string{"object"}, UserObjectClasses: []string{"object"},
UserFilters: []string{"filter"}, UserFilters: []string{"filter"},
Timeout: time.Second * 30, Timeout: time.Second * 30,
RootCA: []byte("certificate"), RootCA: validLDAPRootCA,
LDAPAttributes: idp.LDAPAttributes{ LDAPAttributes: idp.LDAPAttributes{
IDAttribute: "id", IDAttribute: "id",
FirstNameAttribute: "firstName", FirstNameAttribute: "firstName",
@ -4601,6 +4648,32 @@ func TestCommandSide_UpdateInstanceLDAPIDP(t *testing.T) {
}, },
}, },
}, },
{
"invalid rootCA",
fields{
eventstore: expectEventstore(),
},
args{
ctx: authz.WithInstanceID(context.Background(), "instance1"),
id: "id1",
provider: LDAPProvider{
Name: "name",
Servers: []string{"server"},
BaseDN: "baseDN",
BindDN: "binddn",
BindPassword: "password",
UserBase: "user",
UserObjectClasses: []string{"object"},
UserFilters: []string{"filter"},
RootCA: []byte("certificate"),
},
},
res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-cwqVVdBwKt", "Errors.Invalid.Argument"))
},
},
},
{ {
name: "not found", name: "not found",
fields: fields{ fields: fields{
@ -4651,7 +4724,7 @@ func TestCommandSide_UpdateInstanceLDAPIDP(t *testing.T) {
[]string{"object"}, []string{"object"},
[]string{"filter"}, []string{"filter"},
time.Second*30, time.Second*30,
[]byte("certificate"), validLDAPRootCA,
idp.LDAPAttributes{}, idp.LDAPAttributes{},
idp.Options{}, idp.Options{},
)), )),
@ -4671,7 +4744,7 @@ func TestCommandSide_UpdateInstanceLDAPIDP(t *testing.T) {
UserObjectClasses: []string{"object"}, UserObjectClasses: []string{"object"},
UserFilters: []string{"filter"}, UserFilters: []string{"filter"},
Timeout: time.Second * 30, Timeout: time.Second * 30,
RootCA: []byte("certificate"), RootCA: validLDAPRootCA,
}, },
}, },
res: res{ res: res{
@ -4701,7 +4774,7 @@ func TestCommandSide_UpdateInstanceLDAPIDP(t *testing.T) {
[]string{"object"}, []string{"object"},
[]string{"filter"}, []string{"filter"},
time.Second*30, time.Second*30,
[]byte("certificate"), nil,
idp.LDAPAttributes{}, idp.LDAPAttributes{},
idp.Options{}, idp.Options{},
)), )),
@ -4748,6 +4821,7 @@ func TestCommandSide_UpdateInstanceLDAPIDP(t *testing.T) {
IsAutoCreation: &t, IsAutoCreation: &t,
IsAutoUpdate: &t, IsAutoUpdate: &t,
}), }),
idp.ChangeLDAPRootCA(validLDAPRootCA),
}, },
) )
return event return event
@ -4770,7 +4844,7 @@ func TestCommandSide_UpdateInstanceLDAPIDP(t *testing.T) {
UserObjectClasses: []string{"new object"}, UserObjectClasses: []string{"new object"},
UserFilters: []string{"new filter"}, UserFilters: []string{"new filter"},
Timeout: time.Second * 20, Timeout: time.Second * 20,
RootCA: []byte("certificate"), RootCA: validLDAPRootCA,
LDAPAttributes: idp.LDAPAttributes{ LDAPAttributes: idp.LDAPAttributes{
IDAttribute: "new id", IDAttribute: "new id",
FirstNameAttribute: "new firstName", FirstNameAttribute: "new firstName",

10
internal/command/org_idp.go
View File

@ -1516,6 +1516,11 @@ func (c *Commands) prepareAddOrgLDAPProvider(a *org.Aggregate, writeModel *OrgLD
if len(provider.UserFilters) == 0 { if len(provider.UserFilters) == 0 {
return nil, zerrors.ThrowInvalidArgument(nil, "ORG-aAx9x1n", "Errors.Invalid.Argument") return nil, zerrors.ThrowInvalidArgument(nil, "ORG-aAx9x1n", "Errors.Invalid.Argument")
} }
if len(provider.RootCA) > 0 {
if err := validateRootCA(provider.RootCA); err != nil {
return nil, err
}
}
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
events, err := filter(ctx, writeModel.Query()) events, err := filter(ctx, writeModel.Query())
if err != nil { if err != nil {
@ -1579,6 +1584,11 @@ func (c *Commands) prepareUpdateOrgLDAPProvider(a *org.Aggregate, writeModel *Or
if len(provider.UserFilters) == 0 { if len(provider.UserFilters) == 0 {
return nil, zerrors.ThrowInvalidArgument(nil, "ORG-aBx901n", "Errors.Invalid.Argument") return nil, zerrors.ThrowInvalidArgument(nil, "ORG-aBx901n", "Errors.Invalid.Argument")
} }
if len(provider.RootCA) > 0 {
if err := validateRootCA(provider.RootCA); err != nil {
return nil, err
}
}
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
events, err := filter(ctx, writeModel.Query()) events, err := filter(ctx, writeModel.Query())
if err != nil { if err != nil {

67
internal/command/org_idp_test.go
View File

@ -4324,6 +4324,35 @@ func TestCommandSide_AddOrgLDAPIDP(t *testing.T) {
}, },
}, },
}, },
{
"invalid rootCA",
fields{
eventstore: expectEventstore(),
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "id1"),
},
args{
ctx: context.Background(),
resourceOwner: "org1",
provider: LDAPProvider{
Name: "name",
Servers: []string{"server"},
StartTLS: false,
BaseDN: "baseDN",
BindDN: "dn",
BindPassword: "password",
UserBase: "user",
UserObjectClasses: []string{"object"},
UserFilters: []string{"filter"},
Timeout: time.Second * 30,
RootCA: []byte("certificate"),
},
},
res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "INST-cwqVVdBwKt", "Errors.Invalid.Argument"))
},
},
},
{ {
name: "ok", name: "ok",
fields: fields{ fields: fields{
@ -4400,7 +4429,7 @@ func TestCommandSide_AddOrgLDAPIDP(t *testing.T) {
[]string{"object"}, []string{"object"},
[]string{"filter"}, []string{"filter"},
time.Second*30, time.Second*30,
[]byte("certificate"), validLDAPRootCA,
idp.LDAPAttributes{ idp.LDAPAttributes{
IDAttribute: "id", IDAttribute: "id",
FirstNameAttribute: "firstName", FirstNameAttribute: "firstName",
@ -4442,7 +4471,7 @@ func TestCommandSide_AddOrgLDAPIDP(t *testing.T) {
UserObjectClasses: []string{"object"}, UserObjectClasses: []string{"object"},
UserFilters: []string{"filter"}, UserFilters: []string{"filter"},
Timeout: time.Second * 30, Timeout: time.Second * 30,
RootCA: []byte("certificate"), RootCA: validLDAPRootCA,
LDAPAttributes: idp.LDAPAttributes{ LDAPAttributes: idp.LDAPAttributes{
IDAttribute: "id", IDAttribute: "id",
FirstNameAttribute: "firstName", FirstNameAttribute: "firstName",
@ -4677,6 +4706,31 @@ func TestCommandSide_UpdateOrgLDAPIDP(t *testing.T) {
}, },
}, },
}, },
{
"invalid rootCA",
fields{
eventstore: expectEventstore(),
},
args{
ctx: context.Background(),
resourceOwner: "org1",
id: "id1",
provider: LDAPProvider{
Name: "name",
Servers: []string{"server"},
BaseDN: "baseDN",
BindDN: "bindDN",
UserBase: "user",
UserObjectClasses: []string{"object"},
RootCA: []byte("certificate"),
},
},
res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "ORG-aBx901n", ""))
},
},
},
{ {
name: "not found", name: "not found",
fields: fields{ fields: fields{
@ -4728,7 +4782,7 @@ func TestCommandSide_UpdateOrgLDAPIDP(t *testing.T) {
[]string{"object"}, []string{"object"},
[]string{"filter"}, []string{"filter"},
time.Second*30, time.Second*30,
[]byte("certificate"), validLDAPRootCA,
idp.LDAPAttributes{}, idp.LDAPAttributes{},
idp.Options{}, idp.Options{},
)), )),
@ -4748,7 +4802,7 @@ func TestCommandSide_UpdateOrgLDAPIDP(t *testing.T) {
UserFilters: []string{"filter"}, UserFilters: []string{"filter"},
UserBase: "user", UserBase: "user",
Timeout: time.Second * 30, Timeout: time.Second * 30,
RootCA: []byte("certificate"), RootCA: validLDAPRootCA,
}, },
}, },
res: res{ res: res{
@ -4778,7 +4832,7 @@ func TestCommandSide_UpdateOrgLDAPIDP(t *testing.T) {
[]string{"object"}, []string{"object"},
[]string{"filter"}, []string{"filter"},
time.Second*30, time.Second*30,
[]byte("certificate"), nil,
idp.LDAPAttributes{}, idp.LDAPAttributes{},
idp.Options{}, idp.Options{},
)), )),
@ -4825,6 +4879,7 @@ func TestCommandSide_UpdateOrgLDAPIDP(t *testing.T) {
IsAutoCreation: &t, IsAutoCreation: &t,
IsAutoUpdate: &t, IsAutoUpdate: &t,
}), }),
idp.ChangeLDAPRootCA(validLDAPRootCA),
}, },
) )
return event return event
@ -4848,7 +4903,7 @@ func TestCommandSide_UpdateOrgLDAPIDP(t *testing.T) {
UserObjectClasses: []string{"new object"}, UserObjectClasses: []string{"new object"},
UserFilters: []string{"new filter"}, UserFilters: []string{"new filter"},
Timeout: time.Second * 20, Timeout: time.Second * 20,
RootCA: []byte("certificate"), RootCA: validLDAPRootCA,
LDAPAttributes: idp.LDAPAttributes{ LDAPAttributes: idp.LDAPAttributes{
IDAttribute: "new id", IDAttribute: "new id",
FirstNameAttribute: "new firstName", FirstNameAttribute: "new firstName",

104
internal/query/idp_template_test.go
View File

@ -100,30 +100,30 @@ var (
` projections.idp_templates6_saml.name_id_format,` + ` projections.idp_templates6_saml.name_id_format,` +
` projections.idp_templates6_saml.transient_mapping_attribute_name,` + ` projections.idp_templates6_saml.transient_mapping_attribute_name,` +
// ldap // ldap
` projections.idp_templates6_ldap3.idp_id,` + ` projections.idp_templates6_ldap2.idp_id,` +
` projections.idp_templates6_ldap3.servers,` + ` projections.idp_templates6_ldap2.servers,` +
` projections.idp_templates6_ldap3.start_tls,` + ` projections.idp_templates6_ldap2.start_tls,` +
` projections.idp_templates6_ldap3.base_dn,` + ` projections.idp_templates6_ldap2.base_dn,` +
` projections.idp_templates6_ldap3.bind_dn,` + ` projections.idp_templates6_ldap2.bind_dn,` +
` projections.idp_templates6_ldap3.bind_password,` + ` projections.idp_templates6_ldap2.bind_password,` +
` projections.idp_templates6_ldap3.user_base,` + ` projections.idp_templates6_ldap2.user_base,` +
` projections.idp_templates6_ldap3.user_object_classes,` + ` projections.idp_templates6_ldap2.user_object_classes,` +
` projections.idp_templates6_ldap3.user_filters,` + ` projections.idp_templates6_ldap2.user_filters,` +
` projections.idp_templates6_ldap3.timeout,` + ` projections.idp_templates6_ldap2.timeout,` +
` projections.idp_templates6_ldap3.rootCA,` + ` projections.idp_templates6_ldap2.root_ca,` +
` projections.idp_templates6_ldap3.id_attribute,` + ` projections.idp_templates6_ldap2.id_attribute,` +
` projections.idp_templates6_ldap3.first_name_attribute,` + ` projections.idp_templates6_ldap2.first_name_attribute,` +
` projections.idp_templates6_ldap3.last_name_attribute,` + ` projections.idp_templates6_ldap2.last_name_attribute,` +
` projections.idp_templates6_ldap3.display_name_attribute,` + ` projections.idp_templates6_ldap2.display_name_attribute,` +
` projections.idp_templates6_ldap3.nick_name_attribute,` + ` projections.idp_templates6_ldap2.nick_name_attribute,` +
` projections.idp_templates6_ldap3.preferred_username_attribute,` + ` projections.idp_templates6_ldap2.preferred_username_attribute,` +
` projections.idp_templates6_ldap3.email_attribute,` + ` projections.idp_templates6_ldap2.email_attribute,` +
` projections.idp_templates6_ldap3.email_verified,` + ` projections.idp_templates6_ldap2.email_verified,` +
` projections.idp_templates6_ldap3.phone_attribute,` + ` projections.idp_templates6_ldap2.phone_attribute,` +
` projections.idp_templates6_ldap3.phone_verified_attribute,` + ` projections.idp_templates6_ldap2.phone_verified_attribute,` +
` projections.idp_templates6_ldap3.preferred_language_attribute,` + ` projections.idp_templates6_ldap2.preferred_language_attribute,` +
` projections.idp_templates6_ldap3.avatar_url_attribute,` + ` projections.idp_templates6_ldap2.avatar_url_attribute,` +
` projections.idp_templates6_ldap3.profile_attribute,` + ` projections.idp_templates6_ldap2.profile_attribute,` +
// apple // apple
` projections.idp_templates6_apple.idp_id,` + ` projections.idp_templates6_apple.idp_id,` +
` projections.idp_templates6_apple.client_id,` + ` projections.idp_templates6_apple.client_id,` +
@ -142,7 +142,7 @@ var (
` LEFT JOIN projections.idp_templates6_gitlab_self_hosted ON projections.idp_templates6.id = projections.idp_templates6_gitlab_self_hosted.idp_id AND projections.idp_templates6.instance_id = projections.idp_templates6_gitlab_self_hosted.instance_id` + ` LEFT JOIN projections.idp_templates6_gitlab_self_hosted ON projections.idp_templates6.id = projections.idp_templates6_gitlab_self_hosted.idp_id AND projections.idp_templates6.instance_id = projections.idp_templates6_gitlab_self_hosted.instance_id` +
` LEFT JOIN projections.idp_templates6_google ON projections.idp_templates6.id = projections.idp_templates6_google.idp_id AND projections.idp_templates6.instance_id = projections.idp_templates6_google.instance_id` + ` LEFT JOIN projections.idp_templates6_google ON projections.idp_templates6.id = projections.idp_templates6_google.idp_id AND projections.idp_templates6.instance_id = projections.idp_templates6_google.instance_id` +
` LEFT JOIN projections.idp_templates6_saml ON projections.idp_templates6.id = projections.idp_templates6_saml.idp_id AND projections.idp_templates6.instance_id = projections.idp_templates6_saml.instance_id` + ` LEFT JOIN projections.idp_templates6_saml ON projections.idp_templates6.id = projections.idp_templates6_saml.idp_id AND projections.idp_templates6.instance_id = projections.idp_templates6_saml.instance_id` +
` LEFT JOIN projections.idp_templates6_ldap3 ON projections.idp_templates6.id = projections.idp_templates6_ldap3.idp_id AND projections.idp_templates6.instance_id = projections.idp_templates6_ldap3.instance_id` + ` LEFT JOIN projections.idp_templates6_ldap2 ON projections.idp_templates6.id = projections.idp_templates6_ldap2.idp_id AND projections.idp_templates6.instance_id = projections.idp_templates6_ldap2.instance_id` +
` LEFT JOIN projections.idp_templates6_apple ON projections.idp_templates6.id = projections.idp_templates6_apple.idp_id AND projections.idp_templates6.instance_id = projections.idp_templates6_apple.instance_id` + ` LEFT JOIN projections.idp_templates6_apple ON projections.idp_templates6.id = projections.idp_templates6_apple.idp_id AND projections.idp_templates6.instance_id = projections.idp_templates6_apple.instance_id` +
` AS OF SYSTEM TIME '-1 ms'` ` AS OF SYSTEM TIME '-1 ms'`
idpTemplateCols = []string{ idpTemplateCols = []string{
@ -240,7 +240,7 @@ var (
"user_object_classes", "user_object_classes",
"user_filters", "user_filters",
"timeout", "timeout",
"rootCA", "root_ca",
"id_attribute", "id_attribute",
"first_name_attribute", "first_name_attribute",
"last_name_attribute", "last_name_attribute",
@ -346,30 +346,30 @@ var (
` projections.idp_templates6_saml.name_id_format,` + ` projections.idp_templates6_saml.name_id_format,` +
` projections.idp_templates6_saml.transient_mapping_attribute_name,` + ` projections.idp_templates6_saml.transient_mapping_attribute_name,` +
// ldap // ldap
` projections.idp_templates6_ldap3.idp_id,` + ` projections.idp_templates6_ldap2.idp_id,` +
` projections.idp_templates6_ldap3.servers,` + ` projections.idp_templates6_ldap2.servers,` +
` projections.idp_templates6_ldap3.start_tls,` + ` projections.idp_templates6_ldap2.start_tls,` +
` projections.idp_templates6_ldap3.base_dn,` + ` projections.idp_templates6_ldap2.base_dn,` +
` projections.idp_templates6_ldap3.bind_dn,` + ` projections.idp_templates6_ldap2.bind_dn,` +
` projections.idp_templates6_ldap3.bind_password,` + ` projections.idp_templates6_ldap2.bind_password,` +
` projections.idp_templates6_ldap3.user_base,` + ` projections.idp_templates6_ldap2.user_base,` +
` projections.idp_templates6_ldap3.user_object_classes,` + ` projections.idp_templates6_ldap2.user_object_classes,` +
` projections.idp_templates6_ldap3.user_filters,` + ` projections.idp_templates6_ldap2.user_filters,` +
` projections.idp_templates6_ldap3.timeout,` + ` projections.idp_templates6_ldap2.timeout,` +
` projections.idp_templates6_ldap3.rootCA,` + ` projections.idp_templates6_ldap2.root_ca,` +
` projections.idp_templates6_ldap3.id_attribute,` + ` projections.idp_templates6_ldap2.id_attribute,` +
` projections.idp_templates6_ldap3.first_name_attribute,` + ` projections.idp_templates6_ldap2.first_name_attribute,` +
` projections.idp_templates6_ldap3.last_name_attribute,` + ` projections.idp_templates6_ldap2.last_name_attribute,` +
` projections.idp_templates6_ldap3.display_name_attribute,` + ` projections.idp_templates6_ldap2.display_name_attribute,` +
` projections.idp_templates6_ldap3.nick_name_attribute,` + ` projections.idp_templates6_ldap2.nick_name_attribute,` +
` projections.idp_templates6_ldap3.preferred_username_attribute,` + ` projections.idp_templates6_ldap2.preferred_username_attribute,` +
` projections.idp_templates6_ldap3.email_attribute,` + ` projections.idp_templates6_ldap2.email_attribute,` +
` projections.idp_templates6_ldap3.email_verified,` + ` projections.idp_templates6_ldap2.email_verified,` +
` projections.idp_templates6_ldap3.phone_attribute,` + ` projections.idp_templates6_ldap2.phone_attribute,` +
` projections.idp_templates6_ldap3.phone_verified_attribute,` + ` projections.idp_templates6_ldap2.phone_verified_attribute,` +
` projections.idp_templates6_ldap3.preferred_language_attribute,` + ` projections.idp_templates6_ldap2.preferred_language_attribute,` +
` projections.idp_templates6_ldap3.avatar_url_attribute,` + ` projections.idp_templates6_ldap2.avatar_url_attribute,` +
` projections.idp_templates6_ldap3.profile_attribute,` + ` projections.idp_templates6_ldap2.profile_attribute,` +
// apple // apple
` projections.idp_templates6_apple.idp_id,` + ` projections.idp_templates6_apple.idp_id,` +
` projections.idp_templates6_apple.client_id,` + ` projections.idp_templates6_apple.client_id,` +
@ -389,7 +389,7 @@ var (
` LEFT JOIN projections.idp_templates6_gitlab_self_hosted ON projections.idp_templates6.id = projections.idp_templates6_gitlab_self_hosted.idp_id AND projections.idp_templates6.instance_id = projections.idp_templates6_gitlab_self_hosted.instance_id` + ` LEFT JOIN projections.idp_templates6_gitlab_self_hosted ON projections.idp_templates6.id = projections.idp_templates6_gitlab_self_hosted.idp_id AND projections.idp_templates6.instance_id = projections.idp_templates6_gitlab_self_hosted.instance_id` +
` LEFT JOIN projections.idp_templates6_google ON projections.idp_templates6.id = projections.idp_templates6_google.idp_id AND projections.idp_templates6.instance_id = projections.idp_templates6_google.instance_id` + ` LEFT JOIN projections.idp_templates6_google ON projections.idp_templates6.id = projections.idp_templates6_google.idp_id AND projections.idp_templates6.instance_id = projections.idp_templates6_google.instance_id` +
` LEFT JOIN projections.idp_templates6_saml ON projections.idp_templates6.id = projections.idp_templates6_saml.idp_id AND projections.idp_templates6.instance_id = projections.idp_templates6_saml.instance_id` + ` LEFT JOIN projections.idp_templates6_saml ON projections.idp_templates6.id = projections.idp_templates6_saml.idp_id AND projections.idp_templates6.instance_id = projections.idp_templates6_saml.instance_id` +
` LEFT JOIN projections.idp_templates6_ldap3 ON projections.idp_templates6.id = projections.idp_templates6_ldap3.idp_id AND projections.idp_templates6.instance_id = projections.idp_templates6_ldap3.instance_id` + ` LEFT JOIN projections.idp_templates6_ldap2 ON projections.idp_templates6.id = projections.idp_templates6_ldap2.idp_id AND projections.idp_templates6.instance_id = projections.idp_templates6_ldap2.instance_id` +
` LEFT JOIN projections.idp_templates6_apple ON projections.idp_templates6.id = projections.idp_templates6_apple.idp_id AND projections.idp_templates6.instance_id = projections.idp_templates6_apple.instance_id` + ` LEFT JOIN projections.idp_templates6_apple ON projections.idp_templates6.id = projections.idp_templates6_apple.idp_id AND projections.idp_templates6.instance_id = projections.idp_templates6_apple.instance_id` +
` AS OF SYSTEM TIME '-1 ms'` ` AS OF SYSTEM TIME '-1 ms'`
idpTemplatesCols = []string{ idpTemplatesCols = []string{
@ -487,7 +487,7 @@ var (
"user_object_classes", "user_object_classes",
"user_filters", "user_filters",
"timeout", "timeout",
"rootCA", "root_ca",
"id_attribute", "id_attribute",
"first_name_attribute", "first_name_attribute",
"last_name_attribute", "last_name_attribute",

4
internal/query/projection/idp_template.go
View File

@ -40,7 +40,7 @@ const (
IDPTemplateGitLabSuffix = "gitlab" IDPTemplateGitLabSuffix = "gitlab"
IDPTemplateGitLabSelfHostedSuffix = "gitlab_self_hosted" IDPTemplateGitLabSelfHostedSuffix = "gitlab_self_hosted"
IDPTemplateGoogleSuffix = "google" IDPTemplateGoogleSuffix = "google"
IDPTemplateLDAPSuffix = "ldap3" IDPTemplateLDAPSuffix = "ldap2"
IDPTemplateAppleSuffix = "apple" IDPTemplateAppleSuffix = "apple"
IDPTemplateSAMLSuffix = "saml" IDPTemplateSAMLSuffix = "saml"
@ -141,7 +141,7 @@ const (
LDAPUserObjectClassesCol = "user_object_classes" LDAPUserObjectClassesCol = "user_object_classes"
LDAPUserFiltersCol = "user_filters" LDAPUserFiltersCol = "user_filters"
LDAPTimeoutCol = "timeout" LDAPTimeoutCol = "timeout"
LDAPRootCACol = "rootCA" LDAPRootCACol = "root_ca"
LDAPIDAttributeCol = "id_attribute" LDAPIDAttributeCol = "id_attribute"
LDAPFirstNameAttributeCol = "first_name_attribute" LDAPFirstNameAttributeCol = "first_name_attribute"
LDAPLastNameAttributeCol = "last_name_attribute" LDAPLastNameAttributeCol = "last_name_attribute"

14
internal/query/projection/idp_template_test.go
View File

@ -2123,7 +2123,7 @@ func TestIDPTemplateProjection_reducesLDAP(t *testing.T) {
"userObjectClasses": ["object"], "userObjectClasses": ["object"],
"userFilters": ["filter"], "userFilters": ["filter"],
"timeout": 30000000000, "timeout": 30000000000,
"rootcA": `+stringToJSONByte("certificate")+`, "rootCA": `+stringToJSONByte("certificate")+`,
"idAttribute": "id", "idAttribute": "id",
"firstNameAttribute": "first", "firstNameAttribute": "first",
"lastNameAttribute": "last", "lastNameAttribute": "last",
@ -2172,7 +2172,7 @@ func TestIDPTemplateProjection_reducesLDAP(t *testing.T) {
}, },
}, },
{ {
expectedStmt: "INSERT INTO projections.idp_templates6_ldap3 (idp_id, instance_id, servers, start_tls, base_dn, bind_dn, bind_password, user_base, user_object_classes, user_filters, timeout, rootCA, id_attribute, first_name_attribute, last_name_attribute, display_name_attribute, nick_name_attribute, preferred_username_attribute, email_attribute, email_verified, phone_attribute, phone_verified_attribute, preferred_language_attribute, avatar_url_attribute, profile_attribute) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20, $21, $22, $23, $24, $25)", expectedStmt: "INSERT INTO projections.idp_templates6_ldap2 (idp_id, instance_id, servers, start_tls, base_dn, bind_dn, bind_password, user_base, user_object_classes, user_filters, timeout, root_ca, id_attribute, first_name_attribute, last_name_attribute, display_name_attribute, nick_name_attribute, preferred_username_attribute, email_attribute, email_verified, phone_attribute, phone_verified_attribute, preferred_language_attribute, avatar_url_attribute, profile_attribute) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20, $21, $22, $23, $24, $25)",
expectedArgs: []interface{}{ expectedArgs: []interface{}{
"idp-id", "idp-id",
"instance-id", "instance-id",
@ -2228,7 +2228,7 @@ func TestIDPTemplateProjection_reducesLDAP(t *testing.T) {
"userObjectClasses": ["object"], "userObjectClasses": ["object"],
"userFilters": ["filter"], "userFilters": ["filter"],
"timeout": 30000000000, "timeout": 30000000000,
"rootcA": `+stringToJSONByte("certificate")+`, "rootCA": `+stringToJSONByte("certificate")+`,
"idAttribute": "id", "idAttribute": "id",
"firstNameAttribute": "first", "firstNameAttribute": "first",
"lastNameAttribute": "last", "lastNameAttribute": "last",
@ -2277,7 +2277,7 @@ func TestIDPTemplateProjection_reducesLDAP(t *testing.T) {
}, },
}, },
{ {
expectedStmt: "INSERT INTO projections.idp_templates6_ldap3 (idp_id, instance_id, servers, start_tls, base_dn, bind_dn, bind_password, user_base, user_object_classes, user_filters, timeout, rootCA, id_attribute, first_name_attribute, last_name_attribute, display_name_attribute, nick_name_attribute, preferred_username_attribute, email_attribute, email_verified, phone_attribute, phone_verified_attribute, preferred_language_attribute, avatar_url_attribute, profile_attribute) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20, $21, $22, $23, $24, $25)", expectedStmt: "INSERT INTO projections.idp_templates6_ldap2 (idp_id, instance_id, servers, start_tls, base_dn, bind_dn, bind_password, user_base, user_object_classes, user_filters, timeout, root_ca, id_attribute, first_name_attribute, last_name_attribute, display_name_attribute, nick_name_attribute, preferred_username_attribute, email_attribute, email_verified, phone_attribute, phone_verified_attribute, preferred_language_attribute, avatar_url_attribute, profile_attribute) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20, $21, $22, $23, $24, $25)",
expectedArgs: []interface{}{ expectedArgs: []interface{}{
"idp-id", "idp-id",
"instance-id", "instance-id",
@ -2341,7 +2341,7 @@ func TestIDPTemplateProjection_reducesLDAP(t *testing.T) {
}, },
}, },
{ {
expectedStmt: "UPDATE projections.idp_templates6_ldap3 SET base_dn = $1 WHERE (idp_id = $2) AND (instance_id = $3)", expectedStmt: "UPDATE projections.idp_templates6_ldap2 SET base_dn = $1 WHERE (idp_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{ expectedArgs: []interface{}{
"basedn", "basedn",
"idp-id", "idp-id",
@ -2375,7 +2375,7 @@ func TestIDPTemplateProjection_reducesLDAP(t *testing.T) {
"userObjectClasses": ["object"], "userObjectClasses": ["object"],
"userFilters": ["filter"], "userFilters": ["filter"],
"timeout": 30000000000, "timeout": 30000000000,
"rootcA": `+stringToJSONByte("certificate")+`, "rootCA": `+stringToJSONByte("certificate")+`,
"idAttribute": "id", "idAttribute": "id",
"firstNameAttribute": "first", "firstNameAttribute": "first",
"lastNameAttribute": "last", "lastNameAttribute": "last",
@ -2419,7 +2419,7 @@ func TestIDPTemplateProjection_reducesLDAP(t *testing.T) {
}, },
}, },
{ {
expectedStmt: "UPDATE projections.idp_templates6_ldap3 SET (servers, start_tls, base_dn, bind_dn, bind_password, user_base, user_object_classes, user_filters, timeout, rootCA, id_attribute, first_name_attribute, last_name_attribute, display_name_attribute, nick_name_attribute, preferred_username_attribute, email_attribute, email_verified, phone_attribute, phone_verified_attribute, preferred_language_attribute, avatar_url_attribute, profile_attribute) = ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20, $21, $22, $23) WHERE (idp_id = $24) AND (instance_id = $25)", expectedStmt: "UPDATE projections.idp_templates6_ldap2 SET (servers, start_tls, base_dn, bind_dn, bind_password, user_base, user_object_classes, user_filters, timeout, root_ca, id_attribute, first_name_attribute, last_name_attribute, display_name_attribute, nick_name_attribute, preferred_username_attribute, email_attribute, email_verified, phone_attribute, phone_verified_attribute, preferred_language_attribute, avatar_url_attribute, profile_attribute) = ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20, $21, $22, $23) WHERE (idp_id = $24) AND (instance_id = $25)",
expectedArgs: []interface{}{ expectedArgs: []interface{}{
database.TextArray[string]{"server"}, database.TextArray[string]{"server"},
false, false,