TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 19:17:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: check resourceowner not empty string (#2922)

Browse Source 
* fix: check resourceowner not empty string

* fix test

* fix tests

* fix tests of command pkg

* enable RoleSelfManagementGlobal as org member role

* fix tests of query pkg

* Update eventstore_test.go

* update docusaurus
This commit is contained in:
Livio Amstutz
2022-01-06 08:29:58 +01:00
committed by GitHub
parent 5f2b88be51
commit 19b095e6c2
10 changed files with 196 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/eventstore/event_base.go
View File

@@ -78,7 +78,7 @@ func BaseEventFromRepo(event *repository.Event) *BaseEvent {
aggregate: Aggregate{
ID: event.AggregateID,
Type: AggregateType(event.AggregateType),
ResourceOwner: event.ResourceOwner,
ResourceOwner: event.ResourceOwner.String,
Version: Version(event.Version),
},
EventType: EventType(event.Type),

3
internal/eventstore/eventstore.go
View File

@@ -2,6 +2,7 @@ package eventstore
import (
"context"
"database/sql"
"encoding/json"
"reflect"
"sync"
@@ -79,7 +80,7 @@ func commandsToRepository(cmds []Command) (events []*repository.Event, constrain
events[i] = &repository.Event{
AggregateID: cmd.Aggregate().ID,
AggregateType: repository.AggregateType(cmd.Aggregate().Type),
ResourceOwner: cmd.Aggregate().ResourceOwner,
ResourceOwner: sql.NullString{String: cmd.Aggregate().ResourceOwner, Valid: cmd.Aggregate().ResourceOwner != ""},
EditorService: cmd.EditorService(),
EditorUser: cmd.EditorUser(),
Type: repository.EventType(cmd.Type()),

164
internal/eventstore/eventstore_test.go
View File

@@ -2,6 +2,7 @@ package eventstore
import (
"context"
"database/sql"
"fmt"
"reflect"
"sync"
@@ -376,7 +377,7 @@ func TestEventstore_aggregatesToEvents(t *testing.T) {
Data: []byte(nil),
EditorService: "editorService",
EditorUser: "editorUser",
ResourceOwner: "caos",
ResourceOwner: sql.NullString{String: "caos", Valid: true},
Type: "test.event",
Version: "v1",
},
@@ -412,7 +413,7 @@ func TestEventstore_aggregatesToEvents(t *testing.T) {
Data: []byte(nil),
EditorService: "editorService",
EditorUser: "editorUser",
ResourceOwner: "caos",
ResourceOwner: sql.NullString{String: "caos", Valid: true},
Type: "test.event",
Version: "v1",
},
@@ -422,7 +423,7 @@ func TestEventstore_aggregatesToEvents(t *testing.T) {
Data: []byte(nil),
EditorService: "editorService",
EditorUser: "editorUser",
ResourceOwner: "caos",
ResourceOwner: sql.NullString{String: "caos", Valid: true},
Type: "test.event",
Version: "v1",
},
@@ -446,6 +447,143 @@ func TestEventstore_aggregatesToEvents(t *testing.T) {
wantErr: true,
},
},
{
name: "no aggregate id",
args: args{
events: []Command{
&testEvent{
BaseEvent: *NewBaseEventForPush(
service.WithService(authz.NewMockContext("resourceOwner", "editorUser"), "editorService"),
NewAggregate(
authz.NewMockContext("caos", "adlerhurst"),
"",
"test.aggregate",
"v1",
),
"test.event",
),
data: func() interface{} {
return nil
},
},
},
},
res: res{
wantErr: true,
},
},
{
name: "no aggregate type",
args: args{
events: []Command{
&testEvent{
BaseEvent: *NewBaseEventForPush(
service.WithService(authz.NewMockContext("resourceOwner", "editorUser"), "editorService"),
NewAggregate(
authz.NewMockContext("caos", "adlerhurst"),
"id",
"",
"v1",
),
"test.event",
),
data: func() interface{} {
return nil
},
},
},
},
res: res{
wantErr: true,
},
},
{
name: "no aggregate version",
args: args{
events: []Command{
&testEvent{
BaseEvent: *NewBaseEventForPush(
service.WithService(authz.NewMockContext("resourceOwner", "editorUser"), "editorService"),
NewAggregate(
authz.NewMockContext("caos", "adlerhurst"),
"id",
"test.aggregate",
"",
),
"test.event",
),
data: func() interface{} {
return nil
},
},
},
},
res: res{
wantErr: true,
},
},
{
name: "no event type",
args: args{
events: []Command{
&testEvent{
BaseEvent: *NewBaseEventForPush(
service.WithService(authz.NewMockContext("resourceOwner", "editorUser"), "editorService"),
NewAggregate(
authz.NewMockContext("caos", "adlerhurst"),
"id",
"test.aggregate",
"v1",
),
"",
),
data: func() interface{} {
return nil
},
},
},
},
res: res{
wantErr: true,
},
},
{
name: "no resourceowner",
args: args{
events: []Command{
&testEvent{
BaseEvent: *NewBaseEventForPush(
service.WithService(authz.NewMockContext("", "editorUser"), "editorService"),
NewAggregate(
authz.NewMockContext("", "adlerhurst"),
"id",
"test.aggregate",
"v1",
),
"test.event",
),
data: func() interface{} {
return nil
},
},
},
},
res: res{
wantErr: false,
events: []*repository.Event{
{
AggregateID: "id",
AggregateType: "test.aggregate",
Data: []byte(nil),
EditorService: "editorService",
EditorUser: "editorUser",
ResourceOwner: sql.NullString{String: "", Valid: false},
Type: "test.event",
Version: "v1",
},
},
},
},
{
name: "multiple aggregates",
args: args{
@@ -483,7 +621,7 @@ func TestEventstore_aggregatesToEvents(t *testing.T) {
Data: []byte(nil),
EditorService: "editorService",
EditorUser: "editorUser",
ResourceOwner: "caos",
ResourceOwner: sql.NullString{String: "caos", Valid: true},
Type: "test.event",
Version: "v1",
},
@@ -493,7 +631,7 @@ func TestEventstore_aggregatesToEvents(t *testing.T) {
Data: []byte(nil),
EditorService: "editorService",
EditorUser: "editorUser",
ResourceOwner: "caos",
ResourceOwner: sql.NullString{String: "caos", Valid: true},
Type: "test.event",
Version: "v1",
},
@@ -505,7 +643,7 @@ func TestEventstore_aggregatesToEvents(t *testing.T) {
Data: []byte(nil),
EditorService: "editorService",
EditorUser: "editorUser",
ResourceOwner: "caos",
ResourceOwner: sql.NullString{String: "caos", Valid: true},
Type: "test.event",
Version: "v1",
},
@@ -622,7 +760,7 @@ func TestEventstore_Push(t *testing.T) {
Data: []byte(nil),
EditorService: "editorService",
EditorUser: "editorUser",
ResourceOwner: "caos",
ResourceOwner: sql.NullString{String: "caos", Valid: true},
Type: "test.event",
Version: "v1",
},
@@ -665,7 +803,7 @@ func TestEventstore_Push(t *testing.T) {
Data: []byte(nil),
EditorService: "editorService",
EditorUser: "editorUser",
ResourceOwner: "caos",
ResourceOwner: sql.NullString{String: "caos", Valid: true},
Type: "test.event",
Version: "v1",
},
@@ -675,7 +813,7 @@ func TestEventstore_Push(t *testing.T) {
Data: []byte(nil),
EditorService: "editorService",
EditorUser: "editorUser",
ResourceOwner: "caos",
ResourceOwner: sql.NullString{String: "caos", Valid: true},
Type: "test.event",
Version: "v1",
},
@@ -729,7 +867,7 @@ func TestEventstore_Push(t *testing.T) {
Data: []byte(nil),
EditorService: "editorService",
EditorUser: "editorUser",
ResourceOwner: "caos",
ResourceOwner: sql.NullString{String: "caos", Valid: true},
Type: "test.event",
Version: "v1",
},
@@ -739,7 +877,7 @@ func TestEventstore_Push(t *testing.T) {
Data: []byte(nil),
EditorService: "editorService",
EditorUser: "editorUser",
ResourceOwner: "caos",
ResourceOwner: sql.NullString{String: "caos", Valid: true},
Type: "test.event",
Version: "v1",
},
@@ -751,7 +889,7 @@ func TestEventstore_Push(t *testing.T) {
Data: []byte(nil),
EditorService: "editorService",
EditorUser: "editorUser",
ResourceOwner: "caos",
ResourceOwner: sql.NullString{String: "caos", Valid: true},
Type: "test.event",
Version: "v1",
},
@@ -1323,7 +1461,7 @@ func compareEvents(t *testing.T, want, got *repository.Event) {
t.Errorf("wrong editor user got %q want %q", got.EditorUser, want.EditorUser)
}
if want.ResourceOwner != got.ResourceOwner {
t.Errorf("wrong resource owner got %q want %q", got.ResourceOwner, want.ResourceOwner)
t.Errorf("wrong resource owner got %q want %q", got.ResourceOwner.String, want.ResourceOwner.String)
}
if want.Type != got.Type {
t.Errorf("wrong event type got %q want %q", got.Type, want.Type)

3
internal/eventstore/repository/event.go
View File

@@ -1,6 +1,7 @@
package repository
import (
"database/sql"
"time"
)
@@ -54,7 +55,7 @@ type Event struct {
//ResourceOwner is the organisation which owns this aggregate
// an aggregate can only be managed by one organisation
// use the ID of the org
ResourceOwner string
ResourceOwner sql.NullString
}
//EventType is the description of the change

46
internal/eventstore/repository/sql/crdb_test.go
View File

@@ -2,11 +2,13 @@ package sql
import (
"context"
"database/sql"
"sync"
"testing"
"github.com/caos/zitadel/internal/eventstore/repository"
"github.com/lib/pq"
"github.com/caos/zitadel/internal/eventstore/repository"
)
func TestCRDB_placeholder(t *testing.T) {
@@ -928,8 +930,8 @@ func TestCRDB_Push_ResourceOwner(t *testing.T) {
name: "two events of same aggregate same resource owner",
args: args{
events: []*repository.Event{
generateEvent(t, "500", func(e *repository.Event) { e.ResourceOwner = "caos" }),
generateEvent(t, "500", func(e *repository.Event) { e.ResourceOwner = "caos" }),
generateEvent(t, "500", func(e *repository.Event) { e.ResourceOwner = sql.NullString{String: "caos", Valid: true} }),
generateEvent(t, "500", func(e *repository.Event) { e.ResourceOwner = sql.NullString{String: "caos", Valid: true} }),
},
},
fields: fields{
@@ -944,8 +946,8 @@ func TestCRDB_Push_ResourceOwner(t *testing.T) {
name: "two events of different aggregate same resource owner",
args: args{
events: []*repository.Event{
generateEvent(t, "501", func(e *repository.Event) { e.ResourceOwner = "caos" }),
generateEvent(t, "502", func(e *repository.Event) { e.ResourceOwner = "caos" }),
generateEvent(t, "501", func(e *repository.Event) { e.ResourceOwner = sql.NullString{String: "caos", Valid: true} }),
generateEvent(t, "502", func(e *repository.Event) { e.ResourceOwner = sql.NullString{String: "caos", Valid: true} }),
},
},
fields: fields{
@@ -960,8 +962,8 @@ func TestCRDB_Push_ResourceOwner(t *testing.T) {
name: "two events of different aggregate different resource owner",
args: args{
events: []*repository.Event{
generateEvent(t, "503", func(e *repository.Event) { e.ResourceOwner = "caos" }),
generateEvent(t, "504", func(e *repository.Event) { e.ResourceOwner = "zitadel" }),
generateEvent(t, "503", func(e *repository.Event) { e.ResourceOwner = sql.NullString{String: "caos", Valid: true} }),
generateEvent(t, "504", func(e *repository.Event) { e.ResourceOwner = sql.NullString{String: "zitadel", Valid: true} }),
},
},
fields: fields{
@@ -976,10 +978,10 @@ func TestCRDB_Push_ResourceOwner(t *testing.T) {
name: "events of different aggregate different resource owner",
args: args{
events: []*repository.Event{
generateEvent(t, "505", func(e *repository.Event) { e.ResourceOwner = "caos" }),
generateEvent(t, "505", func(e *repository.Event) { e.ResourceOwner = "caos" }),
generateEvent(t, "506", func(e *repository.Event) { e.ResourceOwner = "zitadel" }),
generateEvent(t, "506", func(e *repository.Event) { e.ResourceOwner = "zitadel" }),
generateEvent(t, "505", func(e *repository.Event) { e.ResourceOwner = sql.NullString{String: "caos", Valid: true} }),
generateEvent(t, "505", func(e *repository.Event) { e.ResourceOwner = sql.NullString{String: "caos", Valid: true} }),
generateEvent(t, "506", func(e *repository.Event) { e.ResourceOwner = sql.NullString{String: "zitadel", Valid: true} }),
generateEvent(t, "506", func(e *repository.Event) { e.ResourceOwner = sql.NullString{String: "zitadel", Valid: true} }),
},
},
fields: fields{
@@ -994,10 +996,10 @@ func TestCRDB_Push_ResourceOwner(t *testing.T) {
name: "events of different aggregate different resource owner per event",
args: args{
events: []*repository.Event{
generateEvent(t, "507", func(e *repository.Event) { e.ResourceOwner = "caos" }),
generateEvent(t, "507", func(e *repository.Event) { e.ResourceOwner = "ignored" }),
generateEvent(t, "508", func(e *repository.Event) { e.ResourceOwner = "zitadel" }),
generateEvent(t, "508", func(e *repository.Event) { e.ResourceOwner = "ignored" }),
generateEvent(t, "507", func(e *repository.Event) { e.ResourceOwner = sql.NullString{String: "caos", Valid: true} }),
generateEvent(t, "507", func(e *repository.Event) { e.ResourceOwner = sql.NullString{String: "ignored", Valid: true} }),
generateEvent(t, "508", func(e *repository.Event) { e.ResourceOwner = sql.NullString{String: "zitadel", Valid: true} }),
generateEvent(t, "508", func(e *repository.Event) { e.ResourceOwner = sql.NullString{String: "ignored", Valid: true} }),
},
},
fields: fields{
@@ -1012,10 +1014,10 @@ func TestCRDB_Push_ResourceOwner(t *testing.T) {
name: "events of one aggregate different resource owner per event",
args: args{
events: []*repository.Event{
generateEvent(t, "509", func(e *repository.Event) { e.ResourceOwner = "caos" }),
generateEvent(t, "509", func(e *repository.Event) { e.ResourceOwner = "ignored" }),
generateEvent(t, "509", func(e *repository.Event) { e.ResourceOwner = "ignored" }),
generateEvent(t, "509", func(e *repository.Event) { e.ResourceOwner = "ignored" }),
generateEvent(t, "509", func(e *repository.Event) { e.ResourceOwner = sql.NullString{String: "caos", Valid: true} }),
generateEvent(t, "509", func(e *repository.Event) { e.ResourceOwner = sql.NullString{String: "ignored", Valid: true} }),
generateEvent(t, "509", func(e *repository.Event) { e.ResourceOwner = sql.NullString{String: "ignored", Valid: true} }),
generateEvent(t, "509", func(e *repository.Event) { e.ResourceOwner = sql.NullString{String: "ignored", Valid: true} }),
},
},
fields: fields{
@@ -1042,8 +1044,8 @@ func TestCRDB_Push_ResourceOwner(t *testing.T) {
}
for i, event := range tt.args.events {
if event.ResourceOwner != tt.res.resourceOwners[i] {
t.Errorf("resource owner not expected want: %q got: %q", tt.res.resourceOwners[i], event.ResourceOwner)
if event.ResourceOwner.String != tt.res.resourceOwners[i] {
t.Errorf("resource owner not expected want: %q got: %q", tt.res.resourceOwners[i], event.ResourceOwner.String)
}
}
@@ -1087,7 +1089,7 @@ func generateEvent(t *testing.T, aggregateID string, opts ...func(*repository.Ev
AggregateType: repository.AggregateType(t.Name()),
EditorService: "svc",
EditorUser: "user",
ResourceOwner: "ro",
ResourceOwner: sql.NullString{String: "ro", Valid: true},
Type: "test.created",
Version: "v1",
}

15
internal/eventstore/repository/sql/query_test.go
View File

@@ -9,9 +9,10 @@ import (
"time"
"github.com/DATA-DOG/go-sqlmock"
"github.com/lib/pq"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/repository"
"github.com/lib/pq"
)
func Test_getCondition(t *testing.T) {
@@ -135,7 +136,7 @@ func Test_prepareColumns(t *testing.T) {
},
},
fields: fields{
dbRow: []interface{}{time.Time{}, repository.EventType(""), uint64(5), Sequence(0), Sequence(0), Data(nil), "", "", "", repository.AggregateType("user"), "hodor", repository.Version("")},
dbRow: []interface{}{time.Time{}, repository.EventType(""), uint64(5), Sequence(0), Sequence(0), Data(nil), "", "", sql.NullString{String: ""}, repository.AggregateType("user"), "hodor", repository.Version("")},
},
},
{
@@ -416,11 +417,11 @@ func Test_query_events_with_crdb(t *testing.T) {
fields: fields{
client: testCRDBClient,
existingEvents: []*repository.Event{
generateEvent(t, "306", func(e *repository.Event) { e.ResourceOwner = "caos" }),
generateEvent(t, "307", func(e *repository.Event) { e.ResourceOwner = "caos" }),
generateEvent(t, "308", func(e *repository.Event) { e.ResourceOwner = "caos" }),
generateEvent(t, "309", func(e *repository.Event) { e.ResourceOwner = "orgID" }),
generateEvent(t, "309", func(e *repository.Event) { e.ResourceOwner = "orgID" }),
generateEvent(t, "306", func(e *repository.Event) { e.ResourceOwner = sql.NullString{String: "caos", Valid: true} }),
generateEvent(t, "307", func(e *repository.Event) { e.ResourceOwner = sql.NullString{String: "caos", Valid: true} }),
generateEvent(t, "308", func(e *repository.Event) { e.ResourceOwner = sql.NullString{String: "caos", Valid: true} }),
generateEvent(t, "309", func(e *repository.Event) { e.ResourceOwner = sql.NullString{String: "orgID", Valid: true} }),
generateEvent(t, "309", func(e *repository.Event) { e.ResourceOwner = sql.NullString{String: "orgID", Valid: true} }),
},
},
res: res{