diff --git a/backend/v3/domain/id_provider.go b/backend/v3/domain/id_provider.go index 7941246702..777541ed39 100644 --- a/backend/v3/domain/id_provider.go +++ b/backend/v3/domain/id_provider.go @@ -178,6 +178,17 @@ type IDPGithubEnterprise struct { GithubEnterprise } +type Gitlab struct { + ClientID string `json:"clientId,omitempty"` + ClientSecret *crypto.CryptoValue `json:"clientSecret,omitempty"` + Scopes []string `json:"scopes,omitempty"` +} + +type IDPGitlab struct { + *IdentityProvider + Gitlab +} + // IDPIdentifierCondition is used to help specify a single identity_provider, // it will either be used as the identity_provider ID or identity_provider name, // as identity_provider can be identified either using (instanceID + OrgID + ID) OR (instanceID + OrgID + name) @@ -255,4 +266,5 @@ type IDProviderRepository interface { GetGoogle(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IDPGoogle, error) GetGithub(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IDPGithub, error) GetGithubEnterprise(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IDPGithubEnterprise, error) + GetGitlab(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IDPGitlab, error) } diff --git a/backend/v3/storage/database/dialect/postgres/migration/003_identity_providers_table/up.sql b/backend/v3/storage/database/dialect/postgres/migration/003_identity_providers_table/up.sql index c4fd52c886..3fb17cd8ec 100644 --- a/backend/v3/storage/database/dialect/postgres/migration/003_identity_providers_table/up.sql +++ b/backend/v3/storage/database/dialect/postgres/migration/003_identity_providers_table/up.sql @@ -11,6 +11,7 @@ CREATE TYPE zitadel.idp_type AS ENUM ( 'ldap', 'github', 'githubenterprise', + 'gitlab', 'azure', 'google', 'microsoft', diff --git a/backend/v3/storage/database/events_testing/id_provider_test.go b/backend/v3/storage/database/events_testing/id_provider_test.go index eb6db3e4ec..fc76ef7b23 100644 --- a/backend/v3/storage/database/events_testing/id_provider_test.go +++ b/backend/v3/storage/database/events_testing/id_provider_test.go @@ -1444,4 +1444,123 @@ func TestServer_TestIDProviderReduces(t *testing.T) { assert.WithinRange(t, updateGithubEnterprise.UpdatedAt, beforeCreate, afterCreate) }, retryDuration, tick) }) + + t.Run("test instance idp gitlab added reduces", func(t *testing.T) { + name := gofakeit.Name() + + // add gitlab + beforeCreate := time.Now() + addGithubEnterprise, err := AdminClient.AddGitLabProvider(CTX, &admin.AddGitLabProviderRequest{ + Name: name, + ClientId: "clientId", + ClientSecret: "clientSecret", + Scopes: []string{"scope"}, + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: false, + IsCreationAllowed: false, + IsAutoCreation: false, + IsAutoUpdate: false, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_EMAIL, + }, + }) + afterCreate := time.Now() + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + // check values for gitlab + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + githubEnterprise, err := idpRepo.GetGitlab(CTX, idpRepo.IDCondition(addGithubEnterprise.Id), instanceID, nil) + require.NoError(t, err) + + // event instance.idp.gitlab.added + // idp + assert.Equal(t, addGithubEnterprise.Id, githubEnterprise.ID) + assert.Equal(t, name, githubEnterprise.Name) + + assert.Equal(t, domain.IDPTypeGitlab.String(), githubEnterprise.Type) + assert.Equal(t, "clientId", githubEnterprise.ClientID) + assert.NotNil(t, githubEnterprise.ClientSecret) + assert.Equal(t, []string{"scope"}, githubEnterprise.Scopes) + assert.Equal(t, false, githubEnterprise.AllowLinking) + assert.Equal(t, false, githubEnterprise.AllowCreation) + assert.Equal(t, false, githubEnterprise.AllowAutoUpdate) + assert.Equal(t, domain.IDPAutoLinkingOptionEmail.String(), githubEnterprise.AllowAutoLinking) + assert.WithinRange(t, githubEnterprise.CreatedAt, beforeCreate, afterCreate) + assert.WithinRange(t, githubEnterprise.UpdatedAt, beforeCreate, afterCreate) + }, retryDuration, tick) + }) + + t.Run("test instance idp gitlab changed reduces", func(t *testing.T) { + name := gofakeit.Name() + + // add gitlab + addGithub, err := AdminClient.AddGitLabProvider(CTX, &admin.AddGitLabProviderRequest{ + Name: name, + ClientId: "clientId", + ClientSecret: "clientSecret", + Scopes: []string{"scope"}, + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: false, + IsCreationAllowed: false, + IsAutoCreation: false, + IsAutoUpdate: false, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME, + }, + }) + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + var githlab *domain.IDPGitlab + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + githlab, err = idpRepo.GetGitlab(CTX, idpRepo.IDCondition(addGithub.Id), instanceID, nil) + require.NoError(t, err) + assert.Equal(t, addGithub.Id, githlab.ID) + }, retryDuration, tick) + + name = "new_" + name + // change gitlab + beforeCreate := time.Now() + _, err = AdminClient.UpdateGitLabProvider(CTX, &admin.UpdateGitLabProviderRequest{ + Id: addGithub.Id, + Name: name, + ClientId: "new_clientId", + ClientSecret: "new_clientSecret", + Scopes: []string{"new_scope"}, + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: true, + IsCreationAllowed: true, + IsAutoCreation: true, + IsAutoUpdate: true, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME, + }, + }) + afterCreate := time.Now() + require.NoError(t, err) + + // check values for gitlab + retryDuration, tick = integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + updateGithlab, err := idpRepo.GetGitlab(CTX, idpRepo.IDCondition(addGithub.Id), instanceID, nil) + require.NoError(t, err) + + // event instance.idp.gitlab.changed + // idp + assert.Equal(t, addGithub.Id, updateGithlab.ID) + assert.Equal(t, name, updateGithlab.Name) + + assert.Equal(t, "new_clientId", updateGithlab.ClientID) + assert.NotEqual(t, githlab.ClientSecret, updateGithlab.ClientSecret) + assert.Equal(t, domain.IDPTypeGitlab.String(), updateGithlab.Type) + assert.Equal(t, []string{"new_scope"}, updateGithlab.Scopes) + assert.Equal(t, true, updateGithlab.AllowLinking) + assert.Equal(t, true, updateGithlab.AllowCreation) + assert.Equal(t, true, updateGithlab.AllowAutoUpdate) + assert.Equal(t, domain.IDPAutoLinkingOptionUserName.String(), updateGithlab.AllowAutoLinking) + assert.WithinRange(t, updateGithlab.UpdatedAt, beforeCreate, afterCreate) + }, retryDuration, tick) + }) } diff --git a/backend/v3/storage/database/repository/id_provider.go b/backend/v3/storage/database/repository/id_provider.go index 1b0bf33373..a283563a57 100644 --- a/backend/v3/storage/database/repository/id_provider.go +++ b/backend/v3/storage/database/repository/id_provider.go @@ -273,6 +273,28 @@ func (i *idProvider) GetGithubEnterprise(ctx context.Context, id domain.IDPIdent return idpGithubEnterprise, nil } +func (i *idProvider) GetGitlab(ctx context.Context, id domain.IDPIdentifierCondition, instnaceID string, orgID *string) (*domain.IDPGitlab, error) { + idpGitlab := &domain.IDPGitlab{} + var err error + + idpGitlab.IdentityProvider, err = i.Get(ctx, id, instnaceID, orgID) + if err != nil { + return nil, err + } + + if idpGitlab.Type != domain.IDPTypeGitlab.String() { + // TODO + return nil, errors.New("WRONG TYPE") + } + + err = json.Unmarshal([]byte(*idpGitlab.Payload), idpGitlab) + if err != nil { + return nil, err + } + + return idpGitlab, nil +} + // ------------------------------------------------------------- // columns // ------------------------------------------------------------- diff --git a/internal/query/projection/idp_template_relational.go b/internal/query/projection/idp_template_relational.go index ea279ff0e0..c8de180592 100644 --- a/internal/query/projection/idp_template_relational.go +++ b/internal/query/projection/idp_template_relational.go @@ -131,14 +131,14 @@ func (p *idpTemplateRelationalProjection) Reducers() []handler.AggregateReducer Event: instance.GitHubEnterpriseIDPChangedEventType, Reduce: p.reduceGitHubEnterpriseIDPRelationalChanged, }, - // { - // Event: instance.GitLabIDPAddedEventType, - // Reduce: p.reduceGitLabIDPAdded, - // }, - // { - // Event: instance.GitLabIDPChangedEventType, - // Reduce: p.reduceGitLabIDPChanged, - // }, + { + Event: instance.GitLabIDPAddedEventType, + Reduce: p.reduceGitLabIDPRelationalAdded, + }, + { + Event: instance.GitLabIDPChangedEventType, + Reduce: p.reduceGitLabIDPRelationalChanged, + }, // { // Event: instance.GitLabSelfHostedIDPAddedEventType, // Reduce: p.reduceGitLabSelfHostedIDPAdded, @@ -1333,26 +1333,124 @@ func (p *idpTemplateRelationalProjection) reduceGitHubEnterpriseIDPRelationalCha }, ), ), nil +} + +func (p *idpTemplateRelationalProjection) reduceGitLabIDPRelationalAdded(event eventstore.Event) (*handler.Statement, error) { + // var idpEvent idp.GitLabIDPAddedEvent + // var idpOwnerType domain.IdentityProviderType + // switch e := event.(type) { + // case *org.GitLabIDPAddedEvent: + // idpEvent = e.GitLabIDPAddedEvent + // idpOwnerType = domain.IdentityProviderTypeOrg + // case *instance.GitLabIDPAddedEvent: + // idpEvent = e.GitLabIDPAddedEvent + // idpOwnerType = domain.IdentityProviderTypeSystem + // default: + // return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-x9a022b", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitLabIDPAddedEventType, instance.GitLabIDPAddedEventType}) + // } + + e, ok := event.(*instance.GitLabIDPAddedEvent) + if !ok { + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-x9a022b", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitLabIDPAddedEventType, instance.GitLabIDPAddedEventType}) + } + + gitlab := domain.Gitlab{ + ClientID: e.ClientID, + ClientSecret: e.ClientSecret, + Scopes: e.Scopes, + } + + payload, err := json.Marshal(gitlab) + if err != nil { + return nil, err + } + + return handler.NewMultiStatement( + e, + handler.AddCreateStatement( + []handler.Column{ + handler.NewCol(IDPTemplateIDCol, e.ID), + handler.NewCol(IDPTemplateInstanceIDCol, e.Aggregate().InstanceID), + handler.NewCol(IDPTemplateNameCol, e.Name), + handler.NewCol(IDPTemplateTypeCol, domain.IDPTypeGitlab.String()), + handler.NewCol(IDPTemplateStateCol, domain.IDPStateActive.String()), + handler.NewCol(IDPRelationalAllowCreationCol, e.IsCreationAllowed), + handler.NewCol(IDPRelationalAllowLinkingCol, e.IsLinkingAllowed), + handler.NewCol(IDPRelationalAllowAutoCreationCol, e.IsAutoCreation), + handler.NewCol(IDPRelationalAllowAutoUpdateCol, e.IsAutoUpdate), + handler.NewCol(IDPRelationalAllowAutoLinkingCol, domain.IDPAutoLinkingOption(e.AutoLinkingOption).String()), + handler.NewCol(CreatedAt, e.CreationDate()), + handler.NewCol(IDPRelationalPayloadCol, payload), + }, + ), + ), nil +} + +func (p *idpTemplateRelationalProjection) reduceGitLabIDPRelationalChanged(event eventstore.Event) (*handler.Statement, error) { + // var idpEvent idp.GitLabIDPChangedEvent + // switch e := event.(type) { + // case *org.GitLabIDPChangedEvent: + // idpEvent = e.GitLabIDPChangedEvent + // case *instance.GitLabIDPChangedEvent: + // idpEvent = e.GitLabIDPChangedEvent + // default: + // return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitLabIDPChangedEventType, instance.GitLabIDPChangedEventType}) + // } + + e, ok := event.(*instance.GitLabIDPChangedEvent) + if !ok { + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitLabIDPChangedEventType, instance.GitLabIDPChangedEventType}) + } + + oauth, err := p.idpRepo.GetGitlab(context.Background(), p.idpRepo.IDCondition(e.ID), e.Agg.InstanceID, nil) + if err != nil { + return nil, err + } + + columns := make([]handler.Column, 0, 7) + reduceIDPRelationalChangedTemplateColumns(e.Name, e.OptionChanges, &columns) + + payload := &oauth.Gitlab + payloadChanged := reduceGitLabIDPRelationalChangedColumns(payload, &e.GitLabIDPChangedEvent) + if payloadChanged { + payload, err := json.Marshal(payload) + if err != nil { + return nil, err + } + columns = append(columns, handler.NewCol(IDPRelationalPayloadCol, payload)) + } + + return handler.NewMultiStatement( + e, + handler.AddUpdateStatement( + columns, + []handler.Condition{ + handler.NewCond(IDPTemplateIDCol, e.ID), + handler.NewCond(IDPTemplateInstanceIDCol, e.Aggregate().InstanceID), + }, + ), + ), nil // ops := make([]func(eventstore.Event) handler.Exec, 0, 2) // ops = append(ops, // handler.AddUpdateStatement( - // reduceIDPChangedTemplateColumns(idpEvent.Name, idpEvent.CreationDate(), idpEvent.Sequence(), idpEvent.OptionChanges), + // reduceIDPChangedTemplateColumns(idpEvent.Name, idpEvent.CreationDate(), idpEvent.Sequence(), idpEvent.OptionChanges), // []handler.Condition{ // handler.NewCond(IDPTemplateIDCol, idpEvent.ID), // handler.NewCond(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID), // }, // ), // ) - // if len(githubCols) > 0 { + // gitlabCols := reduceGitLabIDPChangedColumns(idpEvent) + // if len(gitlabCols) > 0 { // ops = append(ops, // handler.AddUpdateStatement( - // githubCols, + // gitlabCols, // []handler.Condition{ - // handler.NewCond(GitHubEnterpriseIDCol, idpEvent.ID), - // handler.NewCond(GitHubEnterpriseInstanceIDCol, idpEvent.Aggregate().InstanceID), + // handler.NewCond(GitLabIDCol, idpEvent.ID), + // handler.NewCond(GitLabInstanceIDCol, idpEvent.Aggregate().InstanceID), // }, - // handler.WithTableSuffix(IDPTemplateGitHubEnterpriseSuffix), + // handler.WithTableSuffix(IDPTemplateGitLabSuffix), // ), // ) // } @@ -1363,95 +1461,6 @@ func (p *idpTemplateRelationalProjection) reduceGitHubEnterpriseIDPRelationalCha // ), nil } -// func (p *idpTemplateProjection) reduceGitLabIDPAdded(event eventstore.Event) (*handler.Statement, error) { -// var idpEvent idp.GitLabIDPAddedEvent -// var idpOwnerType domain.IdentityProviderType -// switch e := event.(type) { -// case *org.GitLabIDPAddedEvent: -// idpEvent = e.GitLabIDPAddedEvent -// idpOwnerType = domain.IdentityProviderTypeOrg -// case *instance.GitLabIDPAddedEvent: -// idpEvent = e.GitLabIDPAddedEvent -// idpOwnerType = domain.IdentityProviderTypeSystem -// default: -// return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-x9a022b", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitLabIDPAddedEventType, instance.GitLabIDPAddedEventType}) -// } - -// return handler.NewMultiStatement( -// &idpEvent, -// handler.AddCreateStatement( -// []handler.Column{ -// handler.NewCol(IDPTemplateIDCol, idpEvent.ID), -// handler.NewCol(IDPTemplateCreationDateCol, idpEvent.CreationDate()), -// handler.NewCol(IDPTemplateChangeDateCol, idpEvent.CreationDate()), -// handler.NewCol(IDPTemplateSequenceCol, idpEvent.Sequence()), -// handler.NewCol(IDPTemplateResourceOwnerCol, idpEvent.Aggregate().ResourceOwner), -// handler.NewCol(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID), -// handler.NewCol(IDPTemplateStateCol, domain.IDPStateActive), -// handler.NewCol(IDPTemplateNameCol, idpEvent.Name), -// handler.NewCol(IDPTemplateOwnerTypeCol, idpOwnerType), -// handler.NewCol(IDPTemplateTypeCol, domain.IDPTypeGitLab), -// handler.NewCol(IDPTemplateIsCreationAllowedCol, idpEvent.IsCreationAllowed), -// handler.NewCol(IDPTemplateIsLinkingAllowedCol, idpEvent.IsLinkingAllowed), -// handler.NewCol(IDPTemplateIsAutoCreationCol, idpEvent.IsAutoCreation), -// handler.NewCol(IDPTemplateIsAutoUpdateCol, idpEvent.IsAutoUpdate), -// handler.NewCol(IDPTemplateAutoLinkingCol, idpEvent.AutoLinkingOption), -// }, -// ), -// handler.AddCreateStatement( -// []handler.Column{ -// handler.NewCol(GitLabIDCol, idpEvent.ID), -// handler.NewCol(GitLabInstanceIDCol, idpEvent.Aggregate().InstanceID), -// handler.NewCol(GitLabClientIDCol, idpEvent.ClientID), -// handler.NewCol(GitLabClientSecretCol, idpEvent.ClientSecret), -// handler.NewCol(GitLabScopesCol, database.TextArray[string](idpEvent.Scopes)), -// }, -// handler.WithTableSuffix(IDPTemplateGitLabSuffix), -// ), -// ), nil -// } - -// func (p *idpTemplateProjection) reduceGitLabIDPChanged(event eventstore.Event) (*handler.Statement, error) { -// var idpEvent idp.GitLabIDPChangedEvent -// switch e := event.(type) { -// case *org.GitLabIDPChangedEvent: -// idpEvent = e.GitLabIDPChangedEvent -// case *instance.GitLabIDPChangedEvent: -// idpEvent = e.GitLabIDPChangedEvent -// default: -// return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitLabIDPChangedEventType, instance.GitLabIDPChangedEventType}) -// } - -// ops := make([]func(eventstore.Event) handler.Exec, 0, 2) -// ops = append(ops, -// handler.AddUpdateStatement( -// reduceIDPChangedTemplateColumns(idpEvent.Name, idpEvent.CreationDate(), idpEvent.Sequence(), idpEvent.OptionChanges), -// []handler.Condition{ -// handler.NewCond(IDPTemplateIDCol, idpEvent.ID), -// handler.NewCond(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID), -// }, -// ), -// ) -// gitlabCols := reduceGitLabIDPChangedColumns(idpEvent) -// if len(gitlabCols) > 0 { -// ops = append(ops, -// handler.AddUpdateStatement( -// gitlabCols, -// []handler.Condition{ -// handler.NewCond(GitLabIDCol, idpEvent.ID), -// handler.NewCond(GitLabInstanceIDCol, idpEvent.Aggregate().InstanceID), -// }, -// handler.WithTableSuffix(IDPTemplateGitLabSuffix), -// ), -// ) -// } - -// return handler.NewMultiStatement( -// &idpEvent, -// ops..., -// ), nil -// } - // func (p *idpTemplateProjection) reduceGitLabSelfHostedIDPAdded(event eventstore.Event) (*handler.Statement, error) { // var idpEvent idp.GitLabSelfHostedIDPAddedEvent // var idpOwnerType domain.IdentityProviderType @@ -2484,3 +2493,20 @@ func reduceGitHubEnterpriseIDPRelationalChangedColumns(payload *domain.GithubEnt } return payloadChange } + +func reduceGitLabIDPRelationalChangedColumns(payload *domain.Gitlab, idpEvent *idp.GitLabIDPChangedEvent) bool { + payloadChange := false + if idpEvent.ClientID != nil { + payloadChange = true + payload.ClientID = *idpEvent.ClientID + } + if idpEvent.ClientSecret != nil { + payloadChange = true + payload.ClientSecret = idpEvent.ClientSecret + } + if idpEvent.Scopes != nil { + payloadChange = true + payload.Scopes = idpEvent.Scopes + } + return payloadChange +}