feat: http provider signing key addition (#10641)

# Which Problems Are Solved HTTP Request to HTTP providers for Email or SMS are not signed. # How the Problems Are Solved Add a Signing Key to the HTTP Provider resources, which is then used to generate a header to sign the payload. # Additional Changes Additional tests for query side of the SMTP provider. # Additional Context Closes #10067 --------- Co-authored-by: Marco A. <marco@zitadel.com> (cherry picked from commit 8909b9a2a6)
2025-12-06 17:52:14 +00:00 · 2025-09-08 13:00:04 +02:00
parent d2d94ea088
commit 1a7cd6e1af
36 changed files with 2113 additions and 132 deletions
--- a/internal/query/projection/sms_test.go
+++ b/internal/query/projection/sms_test.go
@@ -302,7 +302,8 @@ func TestSMSProjection_reduces(t *testing.T) {
 						[]byte(`{
 						"id": "id",
 						"description": "description",
-						"endpoint": "endpoint"
+						"endpoint": "endpoint",
+						"signingKey": { "cryptoType": 0, "algorithm": "RSA-265", "keyId": "key-id" }
 					}`),
 					), eventstore.GenericEventMapper[instance.SMSConfigHTTPAddedEvent]),
 			},
@@ -327,11 +328,12 @@ func TestSMSProjection_reduces(t *testing.T) {
 							},
 						},
 						{
-							expectedStmt: "INSERT INTO projections.sms_configs3_http (sms_id, instance_id, endpoint) VALUES ($1, $2, $3)",
+							expectedStmt: "INSERT INTO projections.sms_configs3_http (sms_id, instance_id, endpoint, signing_key) VALUES ($1, $2, $3, $4)",
 							expectedArgs: []interface{}{
 								"id",
 								"instance-id",
 								"endpoint",
+								anyArg{},
 							},
 						},
 					},
@@ -348,7 +350,8 @@ func TestSMSProjection_reduces(t *testing.T) {
 						[]byte(`{
 						"id": "id",
 						"endpoint": "endpoint",
-						"description": "description"
+						"description": "description",
+						"signingKey": { "cryptoType": 0, "algorithm": "RSA-265", "keyId": "key-id" }
 					}`),
 					), eventstore.GenericEventMapper[instance.SMSConfigHTTPChangedEvent]),
 			},
@@ -369,8 +372,9 @@ func TestSMSProjection_reduces(t *testing.T) {
 							},
 						},
 						{
-							expectedStmt: "UPDATE projections.sms_configs3_http SET endpoint = $1 WHERE (sms_id = $2) AND (instance_id = $3)",
+							expectedStmt: "UPDATE projections.sms_configs3_http SET (signing_key, endpoint) = ($1, $2) WHERE (sms_id = $3) AND (instance_id = $4)",
 							expectedArgs: []interface{}{
+								anyArg{},
 								"endpoint",
 								"id",
 								"instance-id",
@@ -452,6 +456,46 @@ func TestSMSProjection_reduces(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "instance reduceSMSConfigHTTPChanged, only signing key",
+			args: args{
+				event: getEvent(
+					testEvent(
+						instance.SMSConfigHTTPChangedEventType,
+						instance.AggregateType,
+						[]byte(`{
+						"id": "id",
+						"signingKey": { "cryptoType": 0, "algorithm": "RSA-265", "keyId": "key-id" }
+					}`),
+					), eventstore.GenericEventMapper[instance.SMSConfigHTTPChangedEvent]),
+			},
+			reduce: (&smsConfigProjection{}).reduceSMSConfigHTTPChanged,
+			want: wantReduce{
+				aggregateType: eventstore.AggregateType("instance"),
+				sequence:      15,
+				executer: &testExecuter{
+					executions: []execution{
+						{
+							expectedStmt: "UPDATE projections.sms_configs3 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
+							expectedArgs: []interface{}{
+								anyArg{},
+								uint64(15),
+								"id",
+								"instance-id",
+							},
+						},
+						{
+							expectedStmt: "UPDATE projections.sms_configs3_http SET signing_key = $1 WHERE (sms_id = $2) AND (instance_id = $3)",
+							expectedArgs: []interface{}{
+								anyArg{},
+								"id",
+								"instance-id",
+							},
+						},
+					},
+				},
+			},
+		},
 		{
 			name: "instance reduceSMSConfigTwilioActivated",
 			args: args{