feat: http provider signing key addition (#10641)

# Which Problems Are Solved HTTP Request to HTTP providers for Email or SMS are not signed. # How the Problems Are Solved Add a Signing Key to the HTTP Provider resources, which is then used to generate a header to sign the payload. # Additional Changes Additional tests for query side of the SMTP provider. # Additional Context Closes #10067 --------- Co-authored-by: Marco A. <marco@zitadel.com> (cherry picked from commit 8909b9a2a6)
2025-12-06 08:52:19 +00:00 · 2025-09-08 13:00:04 +02:00
parent d2d94ea088
commit 1a7cd6e1af
36 changed files with 2113 additions and 132 deletions
--- a/internal/command/sms_config_model.go
+++ b/internal/command/sms_config_model.go
@@ -27,7 +27,8 @@ type TwilioConfig struct {
 }

 type HTTPConfig struct {
-	Endpoint string
+	Endpoint   string
+	SigningKey *crypto.CryptoValue
 }

 func NewIAMSMSConfigWriteModel(instanceID, id string) *IAMSMSConfigWriteModel {
@@ -82,7 +83,8 @@ func (wm *IAMSMSConfigWriteModel) Reduce() error {
 				continue
 			}
 			wm.HTTP = &HTTPConfig{
-				Endpoint: e.Endpoint,
+				Endpoint:   e.Endpoint,
+				SigningKey: e.SigningKey,
 			}
 			wm.Description = e.Description
 			wm.State = domain.SMSConfigStateInactive
@@ -96,6 +98,9 @@ func (wm *IAMSMSConfigWriteModel) Reduce() error {
 			if e.Endpoint != nil {
 				wm.HTTP.Endpoint = *e.Endpoint
 			}
+			if e.SigningKey != nil {
+				wm.HTTP.SigningKey = e.SigningKey
+			}
 		case *instance.SMSConfigTwilioActivatedEvent:
 			if wm.ID != e.ID {
 				wm.State = domain.SMSConfigStateInactive
@@ -189,7 +194,13 @@ func (wm *IAMSMSConfigWriteModel) NewTwilioChangedEvent(ctx context.Context, agg
 	return changeEvent, true, nil
 }

-func (wm *IAMSMSConfigWriteModel) NewHTTPChangedEvent(ctx context.Context, aggregate *eventstore.Aggregate, id string, description, endpoint *string) (*instance.SMSConfigHTTPChangedEvent, bool, error) {
+func (wm *IAMSMSConfigWriteModel) NewHTTPChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	id string,
+	description, endpoint *string,
+	signingKey *crypto.CryptoValue,
+) (*instance.SMSConfigHTTPChangedEvent, bool, error) {
 	changes := make([]instance.SMSConfigHTTPChanges, 0)
 	var err error

@@ -203,6 +214,10 @@ func (wm *IAMSMSConfigWriteModel) NewHTTPChangedEvent(ctx context.Context, aggre
 	if endpoint != nil && wm.HTTP.Endpoint != *endpoint {
 		changes = append(changes, instance.ChangeSMSConfigHTTPEndpoint(*endpoint))
 	}
+	// if signingkey is set, update it as it is encrypted
+	if signingKey != nil {
+		changes = append(changes, instance.ChangeSMSConfigHTTPSigningKey(signingKey))
+	}

 	if len(changes) == 0 {
 		return nil, false, nil