feat: http provider signing key addition (#10641)

# Which Problems Are Solved HTTP Request to HTTP providers for Email or SMS are not signed. # How the Problems Are Solved Add a Signing Key to the HTTP Provider resources, which is then used to generate a header to sign the payload. # Additional Changes Additional tests for query side of the SMTP provider. # Additional Context Closes #10067 --------- Co-authored-by: Marco A. <marco@zitadel.com> (cherry picked from commit 8909b9a2a6)
2025-12-06 08:42:18 +00:00 · 2025-09-08 13:00:04 +02:00
parent d2d94ea088
commit 1a7cd6e1af
36 changed files with 2113 additions and 132 deletions
--- a/internal/query/projection/smtp_test.go
+++ b/internal/query/projection/smtp_test.go
@@ -225,7 +225,8 @@ func TestSMTPConfigProjection_reduces(t *testing.T) {
 						"aggregate_id": "agg-id",
 						"id": "config-id",		
 						"description": "test",
-						"endpoint": "endpoint"
+						"endpoint": "endpoint",
+						"signingKey": { "cryptoType": 0, "algorithm": "RSA-265", "keyId": "key-id" }
 					}`,
 						),
 					), eventstore.GenericEventMapper[instance.SMTPConfigHTTPChangedEvent]),
@@ -247,9 +248,10 @@ func TestSMTPConfigProjection_reduces(t *testing.T) {
 							},
 						},
 						{
-							expectedStmt: "UPDATE projections.smtp_configs5_http SET endpoint = $1 WHERE (id = $2) AND (instance_id = $3)",
+							expectedStmt: "UPDATE projections.smtp_configs5_http SET (endpoint, signing_key) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
 							expectedArgs: []interface{}{
 								"endpoint",
+								anyArg{},
 								"config-id",
 								"instance-id",
 							},
@@ -338,6 +340,49 @@ func TestSMTPConfigProjection_reduces(t *testing.T) {
 					},
 				},
 			},
+		}, {
+			name: "reduceSMTPConfigHTTPChanged, signing key",
+			args: args{
+				event: getEvent(
+					testEvent(
+						instance.SMTPConfigHTTPChangedEventType,
+						instance.AggregateType,
+						[]byte(`{
+						"instance_id": "instance-id",	
+						"resource_owner": "ro-id",	
+						"aggregate_id": "agg-id",
+						"id": "config-id",	
+						"signingKey": { "cryptoType": 0, "algorithm": "RSA-265", "keyId": "key-id" }
+					}`,
+						),
+					), eventstore.GenericEventMapper[instance.SMTPConfigHTTPChangedEvent]),
+			},
+			reduce: (&smtpConfigProjection{}).reduceSMTPConfigHTTPChanged,
+			want: wantReduce{
+				aggregateType: eventstore.AggregateType("instance"),
+				sequence:      15,
+				executer: &testExecuter{
+					executions: []execution{
+						{
+							expectedStmt: "UPDATE projections.smtp_configs5 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
+							expectedArgs: []interface{}{
+								anyArg{},
+								uint64(15),
+								"config-id",
+								"instance-id",
+							},
+						},
+						{
+							expectedStmt: "UPDATE projections.smtp_configs5_http SET signing_key = $1 WHERE (id = $2) AND (instance_id = $3)",
+							expectedArgs: []interface{}{
+								anyArg{},
+								"config-id",
+								"instance-id",
+							},
+						},
+					},
+				},
+			},
 		},
 		{
 			name: "reduceSMTPConfigAdded (no id)",
@@ -481,7 +526,8 @@ func TestSMTPConfigProjection_reduces(t *testing.T) {
 						"id": "config-id",		
 						"description": "test",
 						"senderAddress": "sender",
-						"endpoint": "endpoint"
+						"endpoint": "endpoint",
+						"signingKey": { "cryptoType": 0, "algorithm": "RSA-265", "keyId": "key-id" }
 					}`),
 					), eventstore.GenericEventMapper[instance.SMTPConfigHTTPAddedEvent]),
 			},
@@ -506,11 +552,12 @@ func TestSMTPConfigProjection_reduces(t *testing.T) {
 							},
 						},
 						{
-							expectedStmt: "INSERT INTO projections.smtp_configs5_http (instance_id, id, endpoint) VALUES ($1, $2, $3)",
+							expectedStmt: "INSERT INTO projections.smtp_configs5_http (instance_id, id, endpoint, signing_key) VALUES ($1, $2, $3, $4)",
 							expectedArgs: []interface{}{
 								"instance-id",
 								"config-id",
 								"endpoint",
+								anyArg{},
 							},
 						},
 					},