fix: enable env vars in setup steps (and deprecate admin subcommand) (#3871)

* fix: enable env vars in setup steps (and deprecate admin subcommand) * fix tests and error text
2025-08-11 21:17:32 +00:00 · 2022-06-27 12:32:34 +02:00
parent 30f553dea1
commit 12d4d3ea0b
53 changed files with 44 additions and 31 deletions
--- a/cmd/setup/03.go
+++ b/cmd/setup/03.go
@@ -0,0 +1,106 @@
+package setup
+
+import (
+	"context"
+	"database/sql"
+	"fmt"
+	"strings"
+
+	"golang.org/x/text/language"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/command"
+	"github.com/zitadel/zitadel/internal/config/systemdefaults"
+	"github.com/zitadel/zitadel/internal/crypto"
+	crypto_db "github.com/zitadel/zitadel/internal/crypto/database"
+	"github.com/zitadel/zitadel/internal/eventstore"
+)
+
+type DefaultInstance struct {
+	InstanceName    string
+	CustomDomain    string
+	DefaultLanguage language.Tag
+	Org             command.OrgSetup
+
+	instanceSetup     command.InstanceSetup
+	userEncryptionKey *crypto.KeyConfig
+	smtpEncryptionKey *crypto.KeyConfig
+	masterKey         string
+	db                *sql.DB
+	es                *eventstore.Eventstore
+	defaults          systemdefaults.SystemDefaults
+	zitadelRoles      []authz.RoleMapping
+	externalDomain    string
+	externalSecure    bool
+	externalPort      uint16
+}
+
+func (mig *DefaultInstance) Execute(ctx context.Context) error {
+	keyStorage, err := crypto_db.NewKeyStorage(mig.db, mig.masterKey)
+	if err != nil {
+		return fmt.Errorf("cannot start key storage: %w", err)
+	}
+	if err = verifyKey(mig.userEncryptionKey, keyStorage); err != nil {
+		return err
+	}
+	userAlg, err := crypto.NewAESCrypto(mig.userEncryptionKey, keyStorage)
+	if err != nil {
+		return err
+	}
+
+	if err = verifyKey(mig.smtpEncryptionKey, keyStorage); err != nil {
+		return err
+	}
+	smtpEncryption, err := crypto.NewAESCrypto(mig.smtpEncryptionKey, keyStorage)
+	if err != nil {
+		return err
+	}
+
+	cmd, err := command.StartCommands(mig.es,
+		mig.defaults,
+		mig.zitadelRoles,
+		nil,
+		nil,
+		mig.externalDomain,
+		mig.externalSecure,
+		mig.externalPort,
+		nil,
+		nil,
+		smtpEncryption,
+		nil,
+		userAlg,
+		nil,
+		nil)
+
+	if err != nil {
+		return err
+	}
+
+	mig.instanceSetup.InstanceName = mig.InstanceName
+	mig.instanceSetup.CustomDomain = mig.CustomDomain
+	mig.instanceSetup.DefaultLanguage = mig.DefaultLanguage
+	mig.instanceSetup.Org = mig.Org
+	mig.instanceSetup.Org.Human.Email.Address = strings.TrimSpace(mig.instanceSetup.Org.Human.Email.Address)
+	if mig.instanceSetup.Org.Human.Email.Address == "" {
+		mig.instanceSetup.Org.Human.Email.Address = "admin@" + mig.instanceSetup.CustomDomain
+	}
+
+	_, _, err = cmd.SetUpInstance(ctx, &mig.instanceSetup)
+	return err
+}
+
+func (mig *DefaultInstance) String() string {
+	return "03_default_instance"
+}
+
+func verifyKey(key *crypto.KeyConfig, storage crypto.KeyStorage) (err error) {
+	_, err = crypto.LoadKey(key.EncryptionKeyID, storage)
+	if err == nil {
+		return nil
+	}
+	k, err := crypto.NewKey(key.EncryptionKeyID)
+	if err != nil {
+		return err
+	}
+	return storage.CreateKeys(k)
+}