From 3616b6b02888ef5c076d10b7c71e53735bca9580 Mon Sep 17 00:00:00 2001
From: Stefan Benz <46600784+stebenz@users.noreply.github.com>
Date: Wed, 8 Feb 2023 09:06:34 +0100
Subject: [PATCH] feat(api): allow specifying access_token type (opaque/JWT)
for service users (#5150)
Add functionality to configure the access token type on the service accounts to provide the oidc library with the necessary information to create the right type of access token.
---
docs/docs/apis/proto/management.md | 2 +
docs/docs/apis/proto/user.md | 12 +
go.mod | 2 +-
go.sum | 2 +
.../api/grpc/management/user_converter.go | 12 +-
internal/api/grpc/user/converter.go | 29 +-
internal/api/oidc/client.go | 9 +-
internal/api/oidc/client_credentials.go | 15 +-
internal/api/oidc/jwt-profile.go | 33 +++
internal/command/org_member_test.go | 2 +
internal/command/org_test.go | 1 +
internal/command/user_machine.go | 11 +-
internal/command/user_machine_key_test.go | 2 +
internal/command/user_machine_model.go | 15 +-
internal/command/user_machine_secret_test.go | 6 +
internal/command/user_machine_test.go | 3 +
.../user_personal_access_token_test.go | 3 +
internal/command/user_test.go | 2 +
internal/domain/token.go | 11 +-
internal/query/iam_member_test.go | 20 +-
internal/query/org_member_test.go | 24 +-
internal/query/project_grant_member_test.go | 24 +-
internal/query/project_member_test.go | 24 +-
internal/query/projection/user.go | 20 +-
internal/query/projection/user_test.go | 168 +++++------
internal/query/user.go | 31 +-
internal/query/user_grant_test.go | 40 +--
internal/query/user_test.go | 279 +++++++++---------
internal/repository/user/machine.go | 21 +-
proto/zitadel/management.proto | 2 +
proto/zitadel/user.proto | 10 +
31 files changed, 504 insertions(+), 331 deletions(-)
create mode 100644 internal/api/oidc/jwt-profile.go
diff --git a/docs/docs/apis/proto/management.md b/docs/docs/apis/proto/management.md
index e237cbfb43..af6f65be69 100644
--- a/docs/docs/apis/proto/management.md
+++ b/docs/docs/apis/proto/management.md
@@ -3586,6 +3586,7 @@ This is an empty request
| user_name | string | - | string.min_len: 1
string.max_len: 200
|
| name | string | - | string.min_len: 1
string.max_len: 200
|
| description | string | - | string.max_len: 500
|
+| access_token_type | zitadel.user.v1.AccessTokenType | - | enum.defined_only: true
|
@@ -8768,6 +8769,7 @@ This is an empty request
| user_id | string | - | string.min_len: 1
string.max_len: 200
|
| description | string | - | string.max_len: 500
|
| name | string | - | string.min_len: 1
string.max_len: 200
|
+| access_token_type | zitadel.user.v1.AccessTokenType | - | enum.defined_only: true
|
diff --git a/docs/docs/apis/proto/user.md b/docs/docs/apis/proto/user.md
index b4e15c0841..82b663bc3a 100644
--- a/docs/docs/apis/proto/user.md
+++ b/docs/docs/apis/proto/user.md
@@ -134,6 +134,7 @@ title: zitadel/user.proto
| name | string | - | |
| description | string | - | |
| has_secret | bool | - | |
+| access_token_typ | AccessTokenType | - | |
@@ -633,6 +634,17 @@ UserTypeQuery is always equals
## Enums
+### AccessTokenType {#accesstokentype}
+
+
+| Name | Number | Description |
+| ---- | ------ | ----------- |
+| ACCESS_TOKEN_TYPE_BEARER | 0 | - |
+| ACCESS_TOKEN_TYPE_JWT | 1 | - |
+
+
+
+
### AuthFactorState {#authfactorstate}
diff --git a/go.mod b/go.mod
index ef22f60470..a58ce9672c 100644
--- a/go.mod
+++ b/go.mod
@@ -55,7 +55,7 @@ require (
github.com/superseriousbusiness/exifremove v0.0.0-20210330092427-6acd27eac203
github.com/ttacon/libphonenumber v1.2.1
github.com/zitadel/logging v0.3.4
- github.com/zitadel/oidc/v2 v2.0.0-dynamic-issuer.7
+ github.com/zitadel/oidc/v2 v2.0.0-dynamic-issuer.8
github.com/zitadel/saml v0.0.9
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.27.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.27.0
diff --git a/go.sum b/go.sum
index 9a3b391ade..0d82253bcc 100644
--- a/go.sum
+++ b/go.sum
@@ -908,6 +908,8 @@ github.com/zitadel/logging v0.3.4 h1:9hZsTjMMTE3X2LUi0xcF9Q9EdLo+FAezeu52ireBbHM
github.com/zitadel/logging v0.3.4/go.mod h1:aPpLQhE+v6ocNK0TWrBrd363hZ95KcI17Q1ixAQwZF0=
github.com/zitadel/oidc/v2 v2.0.0-dynamic-issuer.7 h1:CGs4gdoSrZZyZM5pGeXCf8FH12r4r8hpJL/wUR3PxRA=
github.com/zitadel/oidc/v2 v2.0.0-dynamic-issuer.7/go.mod h1:2jHMP6o/WK0EmcNJkz+FSpjeqcCuQG9YqqqzKZkfgIE=
+github.com/zitadel/oidc/v2 v2.0.0-dynamic-issuer.8 h1:e6sRhY3Lijku8XBzazLoWpJcjO/EniEA7C5UEgiApRY=
+github.com/zitadel/oidc/v2 v2.0.0-dynamic-issuer.8/go.mod h1:2jHMP6o/WK0EmcNJkz+FSpjeqcCuQG9YqqqzKZkfgIE=
github.com/zitadel/saml v0.0.9 h1:q7FRu52Wm2S5rsSGuzR2nYhEClvexga8bwnGrBL7Bbw=
github.com/zitadel/saml v0.0.9/go.mod h1:DIy/ln32rNYv/bIBA8uOB6Y2JmxjZldDYBeMNn7YyeQ=
go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
diff --git a/internal/api/grpc/management/user_converter.go b/internal/api/grpc/management/user_converter.go
index 525eba9d89..090ec1e37d 100644
--- a/internal/api/grpc/management/user_converter.go
+++ b/internal/api/grpc/management/user_converter.go
@@ -170,9 +170,10 @@ func AddMachineUserRequestToCommand(req *mgmt_pb.AddMachineUserRequest, resource
ObjectRoot: models.ObjectRoot{
ResourceOwner: resourceowner,
},
- Username: req.UserName,
- Name: req.Name,
- Description: req.Description,
+ Username: req.UserName,
+ Name: req.Name,
+ Description: req.Description,
+ AccessTokenType: user_grpc.AccessTokenTypeToDomain(req.AccessTokenType),
}
}
@@ -226,8 +227,9 @@ func UpdateMachineRequestToCommand(req *mgmt_pb.UpdateMachineRequest, orgID stri
AggregateID: req.UserId,
ResourceOwner: orgID,
},
- Name: req.Name,
- Description: req.Description,
+ Name: req.Name,
+ Description: req.Description,
+ AccessTokenType: user_grpc.AccessTokenTypeToDomain(req.AccessTokenType),
}
}
diff --git a/internal/api/grpc/user/converter.go b/internal/api/grpc/user/converter.go
index 608e8c8c93..385c3e5e59 100644
--- a/internal/api/grpc/user/converter.go
+++ b/internal/api/grpc/user/converter.go
@@ -70,9 +70,10 @@ func HumanToPb(view *query.Human, assetPrefix, owner string) *user_pb.Human {
func MachineToPb(view *query.Machine) *user_pb.Machine {
return &user_pb.Machine{
- Name: view.Name,
- Description: view.Description,
- HasSecret: view.HasSecret,
+ Name: view.Name,
+ Description: view.Description,
+ HasSecret: view.HasSecret,
+ AccessTokenTyp: AccessTokenTypeToPb(view.AccessTokenType),
}
}
@@ -129,6 +130,17 @@ func GenderToDomain(gender user_pb.Gender) domain.Gender {
}
}
+func AccessTokenTypeToDomain(accessTokenType user_pb.AccessTokenType) domain.OIDCTokenType {
+ switch accessTokenType {
+ case user_pb.AccessTokenType_ACCESS_TOKEN_TYPE_BEARER:
+ return domain.OIDCTokenTypeBearer
+ case user_pb.AccessTokenType_ACCESS_TOKEN_TYPE_JWT:
+ return domain.OIDCTokenTypeJWT
+ default:
+ return -1
+ }
+}
+
func UserStateToPb(state domain.UserState) user_pb.UserState {
switch state {
case domain.UserStateActive:
@@ -161,6 +173,17 @@ func GenderToPb(gender domain.Gender) user_pb.Gender {
}
}
+func AccessTokenTypeToPb(accessTokenType domain.OIDCTokenType) user_pb.AccessTokenType {
+ switch accessTokenType {
+ case domain.OIDCTokenTypeBearer:
+ return user_pb.AccessTokenType_ACCESS_TOKEN_TYPE_BEARER
+ case domain.OIDCTokenTypeJWT:
+ return user_pb.AccessTokenType_ACCESS_TOKEN_TYPE_JWT
+ default:
+ return user_pb.AccessTokenType_ACCESS_TOKEN_TYPE_BEARER
+ }
+}
+
func AuthMethodsToPb(mfas *query.AuthMethods) []*user_pb.AuthFactor {
factors := make([]*user_pb.AuthFactor, len(mfas.AuthMethods))
for i, mfa := range mfas.AuthMethods {
diff --git a/internal/api/oidc/client.go b/internal/api/oidc/client.go
index 9d7499d993..a7f0e9b67e 100644
--- a/internal/api/oidc/client.go
+++ b/internal/api/oidc/client.go
@@ -200,9 +200,11 @@ func (o *OPStorage) ClientCredentialsTokenRequest(ctx context.Context, clientID
if err != nil {
return nil, err
}
+ audience := domain.AddAudScopeToAudience(ctx, nil, scope)
return &clientCredentialsRequest{
- sub: user.ID,
- scopes: scope,
+ sub: user.ID,
+ scopes: scope,
+ audience: audience,
}, nil
}
@@ -219,7 +221,8 @@ func (o *OPStorage) ClientCredentials(ctx context.Context, clientID, clientSecre
return nil, err
}
return &clientCredentialsClient{
- id: clientID,
+ id: clientID,
+ tokenType: accessTokenTypeToOIDC(user.Machine.AccessTokenType),
}, nil
}
diff --git a/internal/api/oidc/client_credentials.go b/internal/api/oidc/client_credentials.go
index f01407f94e..fda1f6c94a 100644
--- a/internal/api/oidc/client_credentials.go
+++ b/internal/api/oidc/client_credentials.go
@@ -8,18 +8,20 @@ import (
)
type clientCredentialsRequest struct {
- sub string
- scopes []string
+ sub string
+ audience []string
+ scopes []string
}
+// GetSubject returns the subject for token to be created because of the client credentials request
+// the subject will be the id of the service user
func (c *clientCredentialsRequest) GetSubject() string {
return c.sub
}
// GetAudience returns the audience for token to be created because of the client credentials request
-// return nil as the audience is set during the token creation in command.addUserToken
func (c *clientCredentialsRequest) GetAudience() []string {
- return nil
+ return c.audience
}
func (c *clientCredentialsRequest) GetScopes() []string {
@@ -27,13 +29,14 @@ func (c *clientCredentialsRequest) GetScopes() []string {
}
type clientCredentialsClient struct {
- id string
+ id string
+ tokenType op.AccessTokenType
}
// AccessTokenType returns the AccessTokenType for the token to be created because of the client credentials request
// machine users currently only have opaque tokens ([op.AccessTokenTypeBearer])
func (c *clientCredentialsClient) AccessTokenType() op.AccessTokenType {
- return op.AccessTokenTypeBearer
+ return c.tokenType
}
// GetID returns the client_id (username of the machine user) for the token to be created because of the client credentials request
diff --git a/internal/api/oidc/jwt-profile.go b/internal/api/oidc/jwt-profile.go
new file mode 100644
index 0000000000..47805783c9
--- /dev/null
+++ b/internal/api/oidc/jwt-profile.go
@@ -0,0 +1,33 @@
+package oidc
+
+import (
+ "context"
+
+ "github.com/zitadel/oidc/v2/pkg/oidc"
+ "github.com/zitadel/oidc/v2/pkg/op"
+
+ "github.com/zitadel/zitadel/internal/domain"
+ "github.com/zitadel/zitadel/internal/errors"
+)
+
+func (o *OPStorage) JWTProfileTokenType(ctx context.Context, request op.TokenRequest) (op.AccessTokenType, error) {
+ mapJWTProfileScopesToAudience(ctx, request)
+ user, err := o.query.GetUserByID(ctx, false, request.GetSubject(), false)
+ if err != nil {
+ return 0, err
+ }
+ // the user should always be a machine, but let's just be sure
+ if user.Machine == nil {
+ return 0, errors.ThrowInvalidArgument(nil, "OIDC-jk26S", "invalid client type")
+ }
+ return accessTokenTypeToOIDC(user.Machine.AccessTokenType), nil
+}
+
+func mapJWTProfileScopesToAudience(ctx context.Context, request op.TokenRequest) {
+ // the request should always be a JWTTokenRequest, but let's make sure
+ jwt, ok := request.(*oidc.JWTTokenRequest)
+ if !ok {
+ return
+ }
+ jwt.Audience = domain.AddAudScopeToAudience(ctx, jwt.Audience, jwt.Scopes)
+}
diff --git a/internal/command/org_member_test.go b/internal/command/org_member_test.go
index e056d7bc16..309c6046a7 100644
--- a/internal/command/org_member_test.go
+++ b/internal/command/org_member_test.go
@@ -109,6 +109,7 @@ func TestAddMember(t *testing.T) {
"name",
"description",
true,
+ domain.OIDCTokenTypeBearer,
),
}, nil
}).
@@ -148,6 +149,7 @@ func TestAddMember(t *testing.T) {
"name",
"description",
true,
+ domain.OIDCTokenTypeBearer,
),
}, nil
}).
diff --git a/internal/command/org_test.go b/internal/command/org_test.go
index a107964129..031703d35c 100644
--- a/internal/command/org_test.go
+++ b/internal/command/org_test.go
@@ -1250,6 +1250,7 @@ func TestCommandSide_RemoveOrg(t *testing.T) {
"name",
"description",
true,
+ domain.OIDCTokenTypeBearer,
),
),
),
diff --git a/internal/command/user_machine.go b/internal/command/user_machine.go
index 5b75a3eb6f..4a6ebe89c1 100644
--- a/internal/command/user_machine.go
+++ b/internal/command/user_machine.go
@@ -20,9 +20,10 @@ type AddMachine struct {
type Machine struct {
models.ObjectRoot
- Username string
- Name string
- Description string
+ Username string
+ Name string
+ Description string
+ AccessTokenType domain.OIDCTokenType
}
func (m *Machine) IsZero() bool {
@@ -56,7 +57,7 @@ func AddMachineCommand(a *user.Aggregate, machine *Machine) preparation.Validati
return nil, caos_errs.ThrowPreconditionFailed(err, "COMMAND-3M9fs", "Errors.Org.DomainPolicy.NotFound")
}
return []eventstore.Command{
- user.NewMachineAddedEvent(ctx, &a.Aggregate, machine.Username, machine.Name, machine.Description, domainPolicy.UserLoginMustBeDomain),
+ user.NewMachineAddedEvent(ctx, &a.Aggregate, machine.Username, machine.Name, machine.Description, domainPolicy.UserLoginMustBeDomain, machine.AccessTokenType),
}, nil
}, nil
}
@@ -124,7 +125,7 @@ func changeMachineCommand(a *user.Aggregate, machine *Machine) preparation.Valid
if !isUserStateExists(writeModel.UserState) {
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-5M0od", "Errors.User.NotFound")
}
- changedEvent, hasChanged, err := writeModel.NewChangedEvent(ctx, &a.Aggregate, machine.Name, machine.Description)
+ changedEvent, hasChanged, err := writeModel.NewChangedEvent(ctx, &a.Aggregate, machine.Name, machine.Description, machine.AccessTokenType)
if err != nil {
return nil, err
}
diff --git a/internal/command/user_machine_key_test.go b/internal/command/user_machine_key_test.go
index b2def53fa3..b2611ad33d 100644
--- a/internal/command/user_machine_key_test.go
+++ b/internal/command/user_machine_key_test.go
@@ -135,6 +135,7 @@ func TestCommands_AddMachineKey(t *testing.T) {
"Machine",
"",
true,
+ domain.OIDCTokenTypeBearer,
),
),
),
@@ -187,6 +188,7 @@ func TestCommands_AddMachineKey(t *testing.T) {
"Machine",
"",
true,
+ domain.OIDCTokenTypeBearer,
),
),
),
diff --git a/internal/command/user_machine_model.go b/internal/command/user_machine_model.go
index 822b76b968..7fea305a5f 100644
--- a/internal/command/user_machine_model.go
+++ b/internal/command/user_machine_model.go
@@ -15,9 +15,10 @@ type MachineWriteModel struct {
UserName string
- Name string
- Description string
- UserState domain.UserState
+ Name string
+ Description string
+ UserState domain.UserState
+ AccessTokenType domain.OIDCTokenType
ClientSecret *crypto.CryptoValue
}
@@ -38,6 +39,7 @@ func (wm *MachineWriteModel) Reduce() error {
wm.UserName = e.UserName
wm.Name = e.Name
wm.Description = e.Description
+ wm.AccessTokenType = e.AccessTokenType
wm.UserState = domain.UserStateActive
case *user.UsernameChangedEvent:
wm.UserName = e.UserName
@@ -48,6 +50,9 @@ func (wm *MachineWriteModel) Reduce() error {
if e.Description != nil {
wm.Description = *e.Description
}
+ if e.AccessTokenType != nil {
+ wm.AccessTokenType = *e.AccessTokenType
+ }
case *user.UserLockedEvent:
if wm.UserState != domain.UserStateDeleted {
wm.UserState = domain.UserStateLocked
@@ -99,6 +104,7 @@ func (wm *MachineWriteModel) NewChangedEvent(
aggregate *eventstore.Aggregate,
name,
description string,
+ accessTokenType domain.OIDCTokenType,
) (*user.MachineChangedEvent, bool, error) {
changes := make([]user.MachineChanges, 0)
var err error
@@ -109,6 +115,9 @@ func (wm *MachineWriteModel) NewChangedEvent(
if wm.Description != description {
changes = append(changes, user.ChangeDescription(description))
}
+ if wm.AccessTokenType != accessTokenType {
+ changes = append(changes, user.ChangeAccessTokenType(accessTokenType))
+ }
if len(changes) == 0 {
return nil, false, nil
}
diff --git a/internal/command/user_machine_secret_test.go b/internal/command/user_machine_secret_test.go
index d0f93afd72..3965558e7a 100644
--- a/internal/command/user_machine_secret_test.go
+++ b/internal/command/user_machine_secret_test.go
@@ -104,6 +104,7 @@ func TestCommandSide_GenerateMachineSecret(t *testing.T) {
"username",
"user",
false,
+ domain.OIDCTokenTypeBearer,
),
),
),
@@ -244,6 +245,7 @@ func TestCommandSide_RemoveMachineSecret(t *testing.T) {
"username",
"user",
false,
+ domain.OIDCTokenTypeBearer,
),
),
),
@@ -271,6 +273,7 @@ func TestCommandSide_RemoveMachineSecret(t *testing.T) {
"username",
"user",
false,
+ domain.OIDCTokenTypeBearer,
),
),
eventFromEventPusher(
@@ -409,6 +412,7 @@ func TestCommandSide_VerifyMachineSecret(t *testing.T) {
"username",
"user",
false,
+ domain.OIDCTokenTypeBearer,
),
),
),
@@ -436,6 +440,7 @@ func TestCommandSide_VerifyMachineSecret(t *testing.T) {
"username",
"user",
false,
+ domain.OIDCTokenTypeBearer,
),
),
eventFromEventPusher(
@@ -486,6 +491,7 @@ func TestCommandSide_VerifyMachineSecret(t *testing.T) {
"username",
"user",
false,
+ domain.OIDCTokenTypeBearer,
),
),
eventFromEventPusher(
diff --git a/internal/command/user_machine_test.go b/internal/command/user_machine_test.go
index 90dc648f46..2960ab95b2 100644
--- a/internal/command/user_machine_test.go
+++ b/internal/command/user_machine_test.go
@@ -128,6 +128,7 @@ func TestCommandSide_AddMachine(t *testing.T) {
"name",
"description",
true,
+ domain.OIDCTokenTypeBearer,
),
),
},
@@ -268,6 +269,7 @@ func TestCommandSide_ChangeMachine(t *testing.T) {
"name",
"description",
true,
+ domain.OIDCTokenTypeBearer,
),
),
),
@@ -302,6 +304,7 @@ func TestCommandSide_ChangeMachine(t *testing.T) {
"name",
"description",
true,
+ domain.OIDCTokenTypeBearer,
),
),
),
diff --git a/internal/command/user_personal_access_token_test.go b/internal/command/user_personal_access_token_test.go
index 53a73e4dc8..93c2ef5767 100644
--- a/internal/command/user_personal_access_token_test.go
+++ b/internal/command/user_personal_access_token_test.go
@@ -81,6 +81,7 @@ func TestCommands_AddPersonalAccessToken(t *testing.T) {
"Machine",
"",
true,
+ domain.OIDCTokenTypeBearer,
),
),
),
@@ -175,6 +176,7 @@ func TestCommands_AddPersonalAccessToken(t *testing.T) {
"Machine",
"",
true,
+ domain.OIDCTokenTypeBearer,
),
),
),
@@ -226,6 +228,7 @@ func TestCommands_AddPersonalAccessToken(t *testing.T) {
"Machine",
"",
true,
+ domain.OIDCTokenTypeBearer,
),
),
),
diff --git a/internal/command/user_test.go b/internal/command/user_test.go
index 74e8f70ba4..23dae95062 100644
--- a/internal/command/user_test.go
+++ b/internal/command/user_test.go
@@ -1786,6 +1786,7 @@ func TestExistsUser(t *testing.T) {
"name",
"description",
true,
+ domain.OIDCTokenTypeBearer,
),
}, nil
},
@@ -1807,6 +1808,7 @@ func TestExistsUser(t *testing.T) {
"name",
"description",
true,
+ domain.OIDCTokenTypeBearer,
),
user.NewUserRemovedEvent(
context.Background(),
diff --git a/internal/domain/token.go b/internal/domain/token.go
index 7474ea2a32..66106504e1 100644
--- a/internal/domain/token.go
+++ b/internal/domain/token.go
@@ -31,7 +31,16 @@ func AddAudScopeToAudience(ctx context.Context, audience, scopes []string) []str
if projectID == ProjectIDScopeZITADEL {
projectID = authz.GetInstance(ctx).ProjectID()
}
- audience = append(audience, projectID)
+ audience = addProjectID(audience, projectID)
}
return audience
}
+
+func addProjectID(audience []string, projectID string) []string {
+ for _, a := range audience {
+ if a == projectID {
+ return audience
+ }
+ }
+ return append(audience, projectID)
+}
diff --git a/internal/query/iam_member_test.go b/internal/query/iam_member_test.go
index 6e8bbeba07..b8942c886c 100644
--- a/internal/query/iam_member_test.go
+++ b/internal/query/iam_member_test.go
@@ -20,18 +20,18 @@ var (
", members.user_id" +
", members.roles" +
", projections.login_names2.login_name" +
- ", projections.users7_humans.email" +
- ", projections.users7_humans.first_name" +
- ", projections.users7_humans.last_name" +
- ", projections.users7_humans.display_name" +
- ", projections.users7_machines.name" +
- ", projections.users7_humans.avatar_key" +
+ ", projections.users8_humans.email" +
+ ", projections.users8_humans.first_name" +
+ ", projections.users8_humans.last_name" +
+ ", projections.users8_humans.display_name" +
+ ", projections.users8_machines.name" +
+ ", projections.users8_humans.avatar_key" +
", COUNT(*) OVER () " +
"FROM projections.instance_members3 AS members " +
- "LEFT JOIN projections.users7_humans " +
- "ON members.user_id = projections.users7_humans.user_id AND members.instance_id = projections.users7_humans.instance_id " +
- "LEFT JOIN projections.users7_machines " +
- "ON members.user_id = projections.users7_machines.user_id AND members.instance_id = projections.users7_machines.instance_id " +
+ "LEFT JOIN projections.users8_humans " +
+ "ON members.user_id = projections.users8_humans.user_id AND members.instance_id = projections.users8_humans.instance_id " +
+ "LEFT JOIN projections.users8_machines " +
+ "ON members.user_id = projections.users8_machines.user_id AND members.instance_id = projections.users8_machines.instance_id " +
"LEFT JOIN projections.login_names2 " +
"ON members.user_id = projections.login_names2.user_id AND members.instance_id = projections.login_names2.instance_id " +
"WHERE projections.login_names2.is_primary = $1")
diff --git a/internal/query/org_member_test.go b/internal/query/org_member_test.go
index 62a9da645c..89b947fc80 100644
--- a/internal/query/org_member_test.go
+++ b/internal/query/org_member_test.go
@@ -20,20 +20,20 @@ var (
", members.user_id" +
", members.roles" +
", projections.login_names2.login_name" +
- ", projections.users7_humans.email" +
- ", projections.users7_humans.first_name" +
- ", projections.users7_humans.last_name" +
- ", projections.users7_humans.display_name" +
- ", projections.users7_machines.name" +
- ", projections.users7_humans.avatar_key" +
+ ", projections.users8_humans.email" +
+ ", projections.users8_humans.first_name" +
+ ", projections.users8_humans.last_name" +
+ ", projections.users8_humans.display_name" +
+ ", projections.users8_machines.name" +
+ ", projections.users8_humans.avatar_key" +
", COUNT(*) OVER () " +
"FROM projections.org_members3 AS members " +
- "LEFT JOIN projections.users7_humans " +
- "ON members.user_id = projections.users7_humans.user_id " +
- "AND members.instance_id = projections.users7_humans.instance_id " +
- "LEFT JOIN projections.users7_machines " +
- "ON members.user_id = projections.users7_machines.user_id " +
- "AND members.instance_id = projections.users7_machines.instance_id " +
+ "LEFT JOIN projections.users8_humans " +
+ "ON members.user_id = projections.users8_humans.user_id " +
+ "AND members.instance_id = projections.users8_humans.instance_id " +
+ "LEFT JOIN projections.users8_machines " +
+ "ON members.user_id = projections.users8_machines.user_id " +
+ "AND members.instance_id = projections.users8_machines.instance_id " +
"LEFT JOIN projections.login_names2 " +
"ON members.user_id = projections.login_names2.user_id " +
"AND members.instance_id = projections.login_names2.instance_id " +
diff --git a/internal/query/project_grant_member_test.go b/internal/query/project_grant_member_test.go
index 3b8abc0847..1c1bb51486 100644
--- a/internal/query/project_grant_member_test.go
+++ b/internal/query/project_grant_member_test.go
@@ -20,20 +20,20 @@ var (
", members.user_id" +
", members.roles" +
", projections.login_names2.login_name" +
- ", projections.users7_humans.email" +
- ", projections.users7_humans.first_name" +
- ", projections.users7_humans.last_name" +
- ", projections.users7_humans.display_name" +
- ", projections.users7_machines.name" +
- ", projections.users7_humans.avatar_key" +
+ ", projections.users8_humans.email" +
+ ", projections.users8_humans.first_name" +
+ ", projections.users8_humans.last_name" +
+ ", projections.users8_humans.display_name" +
+ ", projections.users8_machines.name" +
+ ", projections.users8_humans.avatar_key" +
", COUNT(*) OVER () " +
"FROM projections.project_grant_members3 AS members " +
- "LEFT JOIN projections.users7_humans " +
- "ON members.user_id = projections.users7_humans.user_id " +
- "AND members.instance_id = projections.users7_humans.instance_id " +
- "LEFT JOIN projections.users7_machines " +
- "ON members.user_id = projections.users7_machines.user_id " +
- "AND members.instance_id = projections.users7_machines.instance_id " +
+ "LEFT JOIN projections.users8_humans " +
+ "ON members.user_id = projections.users8_humans.user_id " +
+ "AND members.instance_id = projections.users8_humans.instance_id " +
+ "LEFT JOIN projections.users8_machines " +
+ "ON members.user_id = projections.users8_machines.user_id " +
+ "AND members.instance_id = projections.users8_machines.instance_id " +
"LEFT JOIN projections.login_names2 " +
"ON members.user_id = projections.login_names2.user_id " +
"AND members.instance_id = projections.login_names2.instance_id " +
diff --git a/internal/query/project_member_test.go b/internal/query/project_member_test.go
index e5bd80889b..d62688454b 100644
--- a/internal/query/project_member_test.go
+++ b/internal/query/project_member_test.go
@@ -20,20 +20,20 @@ var (
", members.user_id" +
", members.roles" +
", projections.login_names2.login_name" +
- ", projections.users7_humans.email" +
- ", projections.users7_humans.first_name" +
- ", projections.users7_humans.last_name" +
- ", projections.users7_humans.display_name" +
- ", projections.users7_machines.name" +
- ", projections.users7_humans.avatar_key" +
+ ", projections.users8_humans.email" +
+ ", projections.users8_humans.first_name" +
+ ", projections.users8_humans.last_name" +
+ ", projections.users8_humans.display_name" +
+ ", projections.users8_machines.name" +
+ ", projections.users8_humans.avatar_key" +
", COUNT(*) OVER () " +
"FROM projections.project_members3 AS members " +
- "LEFT JOIN projections.users7_humans " +
- "ON members.user_id = projections.users7_humans.user_id " +
- "AND members.instance_id = projections.users7_humans.instance_id " +
- "LEFT JOIN projections.users7_machines " +
- "ON members.user_id = projections.users7_machines.user_id " +
- "AND members.instance_id = projections.users7_machines.instance_id " +
+ "LEFT JOIN projections.users8_humans " +
+ "ON members.user_id = projections.users8_humans.user_id " +
+ "AND members.instance_id = projections.users8_humans.instance_id " +
+ "LEFT JOIN projections.users8_machines " +
+ "ON members.user_id = projections.users8_machines.user_id " +
+ "AND members.instance_id = projections.users8_machines.instance_id " +
"LEFT JOIN projections.login_names2 " +
"ON members.user_id = projections.login_names2.user_id " +
"AND members.instance_id = projections.login_names2.instance_id " +
diff --git a/internal/query/projection/user.go b/internal/query/projection/user.go
index 5104f9326a..4ef4014bff 100644
--- a/internal/query/projection/user.go
+++ b/internal/query/projection/user.go
@@ -19,7 +19,7 @@ type userProjection struct {
}
const (
- UserTable = "projections.users7"
+ UserTable = "projections.users8"
UserHumanTable = UserTable + "_" + UserHumanSuffix
UserMachineTable = UserTable + "_" + UserMachineSuffix
UserNotifyTable = UserTable + "_" + UserNotifySuffix
@@ -57,12 +57,13 @@ const (
HumanIsPhoneVerifiedCol = "is_phone_verified"
// machine
- UserMachineSuffix = "machines"
- MachineUserIDCol = "user_id"
- MachineUserInstanceIDCol = "instance_id"
- MachineNameCol = "name"
- MachineDescriptionCol = "description"
- MachineHasSecretCol = "has_secret"
+ UserMachineSuffix = "machines"
+ MachineUserIDCol = "user_id"
+ MachineUserInstanceIDCol = "instance_id"
+ MachineNameCol = "name"
+ MachineDescriptionCol = "description"
+ MachineHasSecretCol = "has_secret"
+ MachineAccessTokenTypeCol = "access_token_type"
// notify
UserNotifySuffix = "notifications"
@@ -122,6 +123,7 @@ func newUserProjection(ctx context.Context, config crdb.StatementHandlerConfig)
crdb.NewColumn(MachineNameCol, crdb.ColumnTypeText),
crdb.NewColumn(MachineDescriptionCol, crdb.ColumnTypeText, crdb.Nullable()),
crdb.NewColumn(MachineHasSecretCol, crdb.ColumnTypeBool, crdb.Default(false)),
+ crdb.NewColumn(MachineAccessTokenTypeCol, crdb.ColumnTypeEnum, crdb.Default(0)),
},
crdb.NewPrimaryKey(MachineUserInstanceIDCol, MachineUserIDCol),
UserMachineSuffix,
@@ -1005,6 +1007,7 @@ func (p *userProjection) reduceMachineAdded(event eventstore.Event) (*handler.St
handler.NewCol(MachineUserInstanceIDCol, e.Aggregate().InstanceID),
handler.NewCol(MachineNameCol, e.Name),
handler.NewCol(MachineDescriptionCol, &sql.NullString{String: e.Description, Valid: e.Description != ""}),
+ handler.NewCol(MachineAccessTokenTypeCol, e.AccessTokenType),
},
crdb.WithTableSuffix(UserMachineSuffix),
),
@@ -1024,6 +1027,9 @@ func (p *userProjection) reduceMachineChanged(event eventstore.Event) (*handler.
if e.Description != nil {
cols = append(cols, handler.NewCol(MachineDescriptionCol, *e.Description))
}
+ if e.AccessTokenType != nil {
+ cols = append(cols, handler.NewCol(MachineAccessTokenTypeCol, e.AccessTokenType))
+ }
if len(cols) == 0 {
return crdb.NewNoOpStatement(e), nil
}
diff --git a/internal/query/projection/user_test.go b/internal/query/projection/user_test.go
index 3acf6ea835..cddeca5734 100644
--- a/internal/query/projection/user_test.go
+++ b/internal/query/projection/user_test.go
@@ -51,7 +51,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "INSERT INTO projections.users7 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
+ expectedStmt: "INSERT INTO projections.users8 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
expectedArgs: []interface{}{
"agg-id",
anyArg{},
@@ -65,7 +65,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "INSERT INTO projections.users7_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)",
+ expectedStmt: "INSERT INTO projections.users8_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -80,7 +80,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "INSERT INTO projections.users7_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
+ expectedStmt: "INSERT INTO projections.users8_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -120,7 +120,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "INSERT INTO projections.users7 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
+ expectedStmt: "INSERT INTO projections.users8 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
expectedArgs: []interface{}{
"agg-id",
anyArg{},
@@ -134,7 +134,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "INSERT INTO projections.users7_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)",
+ expectedStmt: "INSERT INTO projections.users8_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -149,7 +149,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "INSERT INTO projections.users7_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
+ expectedStmt: "INSERT INTO projections.users8_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -184,7 +184,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "INSERT INTO projections.users7 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
+ expectedStmt: "INSERT INTO projections.users8 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
expectedArgs: []interface{}{
"agg-id",
anyArg{},
@@ -198,7 +198,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "INSERT INTO projections.users7_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)",
+ expectedStmt: "INSERT INTO projections.users8_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -213,7 +213,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "INSERT INTO projections.users7_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
+ expectedStmt: "INSERT INTO projections.users8_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -253,7 +253,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "INSERT INTO projections.users7 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
+ expectedStmt: "INSERT INTO projections.users8 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
expectedArgs: []interface{}{
"agg-id",
anyArg{},
@@ -267,7 +267,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "INSERT INTO projections.users7_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)",
+ expectedStmt: "INSERT INTO projections.users8_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -282,7 +282,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "INSERT INTO projections.users7_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
+ expectedStmt: "INSERT INTO projections.users8_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -322,7 +322,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "INSERT INTO projections.users7 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
+ expectedStmt: "INSERT INTO projections.users8 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
expectedArgs: []interface{}{
"agg-id",
anyArg{},
@@ -336,7 +336,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "INSERT INTO projections.users7_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)",
+ expectedStmt: "INSERT INTO projections.users8_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -351,7 +351,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "INSERT INTO projections.users7_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
+ expectedStmt: "INSERT INTO projections.users8_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -386,7 +386,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "INSERT INTO projections.users7 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
+ expectedStmt: "INSERT INTO projections.users8 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
expectedArgs: []interface{}{
"agg-id",
anyArg{},
@@ -400,7 +400,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "INSERT INTO projections.users7_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)",
+ expectedStmt: "INSERT INTO projections.users8_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -415,7 +415,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "INSERT INTO projections.users7_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
+ expectedStmt: "INSERT INTO projections.users8_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -445,7 +445,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
+ expectedStmt: "UPDATE projections.users8 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
domain.UserStateInitial,
"agg-id",
@@ -473,7 +473,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
+ expectedStmt: "UPDATE projections.users8 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
domain.UserStateInitial,
"agg-id",
@@ -501,7 +501,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
+ expectedStmt: "UPDATE projections.users8 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
domain.UserStateActive,
"agg-id",
@@ -529,7 +529,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
+ expectedStmt: "UPDATE projections.users8 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
domain.UserStateActive,
"agg-id",
@@ -557,7 +557,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
+ expectedStmt: "UPDATE projections.users8 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
expectedArgs: []interface{}{
anyArg{},
domain.UserStateLocked,
@@ -587,7 +587,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
+ expectedStmt: "UPDATE projections.users8 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
expectedArgs: []interface{}{
anyArg{},
domain.UserStateActive,
@@ -617,7 +617,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
+ expectedStmt: "UPDATE projections.users8 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
expectedArgs: []interface{}{
anyArg{},
domain.UserStateInactive,
@@ -647,7 +647,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
+ expectedStmt: "UPDATE projections.users8 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
expectedArgs: []interface{}{
anyArg{},
domain.UserStateActive,
@@ -677,7 +677,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "DELETE FROM projections.users7 WHERE (id = $1) AND (instance_id = $2)",
+ expectedStmt: "DELETE FROM projections.users8 WHERE (id = $1) AND (instance_id = $2)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -706,7 +706,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET (change_date, username, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
+ expectedStmt: "UPDATE projections.users8 SET (change_date, username, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
expectedArgs: []interface{}{
anyArg{},
"username",
@@ -738,7 +738,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET (change_date, username, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
+ expectedStmt: "UPDATE projections.users8 SET (change_date, username, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
expectedArgs: []interface{}{
anyArg{},
"id@temporary.domain",
@@ -775,7 +775,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
+ expectedStmt: "UPDATE projections.users8 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -784,7 +784,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "UPDATE projections.users7_humans SET (first_name, last_name, nick_name, display_name, preferred_language, gender) = ($1, $2, $3, $4, $5, $6) WHERE (user_id = $7) AND (instance_id = $8)",
+ expectedStmt: "UPDATE projections.users8_humans SET (first_name, last_name, nick_name, display_name, preferred_language, gender) = ($1, $2, $3, $4, $5, $6) WHERE (user_id = $7) AND (instance_id = $8)",
expectedArgs: []interface{}{
"first-name",
"last-name",
@@ -824,7 +824,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
+ expectedStmt: "UPDATE projections.users8 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -833,7 +833,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "UPDATE projections.users7_humans SET (first_name, last_name, nick_name, display_name, preferred_language, gender) = ($1, $2, $3, $4, $5, $6) WHERE (user_id = $7) AND (instance_id = $8)",
+ expectedStmt: "UPDATE projections.users8_humans SET (first_name, last_name, nick_name, display_name, preferred_language, gender) = ($1, $2, $3, $4, $5, $6) WHERE (user_id = $7) AND (instance_id = $8)",
expectedArgs: []interface{}{
"first-name",
"last-name",
@@ -868,7 +868,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
+ expectedStmt: "UPDATE projections.users8 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -877,7 +877,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "UPDATE projections.users7_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
+ expectedStmt: "UPDATE projections.users8_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
"+41 00 000 00 00",
false,
@@ -886,7 +886,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "UPDATE projections.users7_notifications SET last_phone = $1 WHERE (user_id = $2) AND (instance_id = $3)",
+ expectedStmt: "UPDATE projections.users8_notifications SET last_phone = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
&sql.NullString{String: "+41 00 000 00 00", Valid: true},
"agg-id",
@@ -916,7 +916,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
+ expectedStmt: "UPDATE projections.users8 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -925,7 +925,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "UPDATE projections.users7_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
+ expectedStmt: "UPDATE projections.users8_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
"+41 00 000 00 00",
false,
@@ -934,7 +934,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "UPDATE projections.users7_notifications SET last_phone = $1 WHERE (user_id = $2) AND (instance_id = $3)",
+ expectedStmt: "UPDATE projections.users8_notifications SET last_phone = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
&sql.NullString{String: "+41 00 000 00 00", Valid: true},
"agg-id",
@@ -962,7 +962,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
+ expectedStmt: "UPDATE projections.users8 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -971,7 +971,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "UPDATE projections.users7_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
+ expectedStmt: "UPDATE projections.users8_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
nil,
nil,
@@ -980,7 +980,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "UPDATE projections.users7_notifications SET (last_phone, verified_phone) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
+ expectedStmt: "UPDATE projections.users8_notifications SET (last_phone, verified_phone) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
nil,
nil,
@@ -1009,7 +1009,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
+ expectedStmt: "UPDATE projections.users8 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1018,7 +1018,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "UPDATE projections.users7_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
+ expectedStmt: "UPDATE projections.users8_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
nil,
nil,
@@ -1027,7 +1027,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "UPDATE projections.users7_notifications SET (last_phone, verified_phone) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
+ expectedStmt: "UPDATE projections.users8_notifications SET (last_phone, verified_phone) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
nil,
nil,
@@ -1056,7 +1056,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
+ expectedStmt: "UPDATE projections.users8 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1065,7 +1065,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "UPDATE projections.users7_humans SET is_phone_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
+ expectedStmt: "UPDATE projections.users8_humans SET is_phone_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
true,
"agg-id",
@@ -1073,7 +1073,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "UPDATE projections.users7_notifications SET verified_phone = last_phone WHERE (user_id = $1) AND (instance_id = $2)",
+ expectedStmt: "UPDATE projections.users8_notifications SET verified_phone = last_phone WHERE (user_id = $1) AND (instance_id = $2)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -1100,7 +1100,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
+ expectedStmt: "UPDATE projections.users8 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1109,7 +1109,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "UPDATE projections.users7_humans SET is_phone_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
+ expectedStmt: "UPDATE projections.users8_humans SET is_phone_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
true,
"agg-id",
@@ -1117,7 +1117,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "UPDATE projections.users7_notifications SET verified_phone = last_phone WHERE (user_id = $1) AND (instance_id = $2)",
+ expectedStmt: "UPDATE projections.users8_notifications SET verified_phone = last_phone WHERE (user_id = $1) AND (instance_id = $2)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -1146,7 +1146,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
+ expectedStmt: "UPDATE projections.users8 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1155,7 +1155,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "UPDATE projections.users7_humans SET (email, is_email_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
+ expectedStmt: "UPDATE projections.users8_humans SET (email, is_email_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
"email@zitadel.com",
false,
@@ -1164,7 +1164,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "UPDATE projections.users7_notifications SET last_email = $1 WHERE (user_id = $2) AND (instance_id = $3)",
+ expectedStmt: "UPDATE projections.users8_notifications SET last_email = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
&sql.NullString{String: "email@zitadel.com", Valid: true},
"agg-id",
@@ -1194,7 +1194,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
+ expectedStmt: "UPDATE projections.users8 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1203,7 +1203,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "UPDATE projections.users7_humans SET (email, is_email_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
+ expectedStmt: "UPDATE projections.users8_humans SET (email, is_email_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
"email@zitadel.com",
false,
@@ -1212,7 +1212,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "UPDATE projections.users7_notifications SET last_email = $1 WHERE (user_id = $2) AND (instance_id = $3)",
+ expectedStmt: "UPDATE projections.users8_notifications SET last_email = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
&sql.NullString{String: "email@zitadel.com", Valid: true},
"agg-id",
@@ -1240,7 +1240,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
+ expectedStmt: "UPDATE projections.users8 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1249,7 +1249,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "UPDATE projections.users7_humans SET is_email_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
+ expectedStmt: "UPDATE projections.users8_humans SET is_email_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
true,
"agg-id",
@@ -1257,7 +1257,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "UPDATE projections.users7_notifications SET verified_email = last_email WHERE (user_id = $1) AND (instance_id = $2)",
+ expectedStmt: "UPDATE projections.users8_notifications SET verified_email = last_email WHERE (user_id = $1) AND (instance_id = $2)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -1284,7 +1284,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
+ expectedStmt: "UPDATE projections.users8 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1293,7 +1293,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "UPDATE projections.users7_humans SET is_email_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
+ expectedStmt: "UPDATE projections.users8_humans SET is_email_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
true,
"agg-id",
@@ -1301,7 +1301,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "UPDATE projections.users7_notifications SET verified_email = last_email WHERE (user_id = $1) AND (instance_id = $2)",
+ expectedStmt: "UPDATE projections.users8_notifications SET verified_email = last_email WHERE (user_id = $1) AND (instance_id = $2)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
@@ -1330,7 +1330,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
+ expectedStmt: "UPDATE projections.users8 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1339,7 +1339,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "UPDATE projections.users7_humans SET avatar_key = $1 WHERE (user_id = $2) AND (instance_id = $3)",
+ expectedStmt: "UPDATE projections.users8_humans SET avatar_key = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
"users/agg-id/avatar",
"agg-id",
@@ -1367,7 +1367,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
+ expectedStmt: "UPDATE projections.users8 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1376,7 +1376,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "UPDATE projections.users7_humans SET avatar_key = $1 WHERE (user_id = $2) AND (instance_id = $3)",
+ expectedStmt: "UPDATE projections.users8_humans SET avatar_key = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
nil,
"agg-id",
@@ -1407,7 +1407,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "INSERT INTO projections.users7 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
+ expectedStmt: "INSERT INTO projections.users8 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
expectedArgs: []interface{}{
"agg-id",
anyArg{},
@@ -1421,12 +1421,13 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "INSERT INTO projections.users7_machines (user_id, instance_id, name, description) VALUES ($1, $2, $3, $4)",
+ expectedStmt: "INSERT INTO projections.users8_machines (user_id, instance_id, name, description, access_token_type) VALUES ($1, $2, $3, $4, $5)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
"machine-name",
&sql.NullString{},
+ domain.OIDCTokenTypeBearer,
},
},
},
@@ -1454,7 +1455,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "INSERT INTO projections.users7 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
+ expectedStmt: "INSERT INTO projections.users8 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
expectedArgs: []interface{}{
"agg-id",
anyArg{},
@@ -1468,12 +1469,13 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "INSERT INTO projections.users7_machines (user_id, instance_id, name, description) VALUES ($1, $2, $3, $4)",
+ expectedStmt: "INSERT INTO projections.users8_machines (user_id, instance_id, name, description, access_token_type) VALUES ($1, $2, $3, $4, $5)",
expectedArgs: []interface{}{
"agg-id",
"instance-id",
"machine-name",
&sql.NullString{String: "description", Valid: true},
+ domain.OIDCTokenTypeBearer,
},
},
},
@@ -1500,7 +1502,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
+ expectedStmt: "UPDATE projections.users8 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1509,7 +1511,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "UPDATE projections.users7_machines SET (name, description) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
+ expectedStmt: "UPDATE projections.users8_machines SET (name, description) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
"machine-name",
"description",
@@ -1540,7 +1542,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
+ expectedStmt: "UPDATE projections.users8 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1549,7 +1551,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "UPDATE projections.users7_machines SET name = $1 WHERE (user_id = $2) AND (instance_id = $3)",
+ expectedStmt: "UPDATE projections.users8_machines SET name = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
"machine-name",
"agg-id",
@@ -1579,7 +1581,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
+ expectedStmt: "UPDATE projections.users8 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1588,7 +1590,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "UPDATE projections.users7_machines SET description = $1 WHERE (user_id = $2) AND (instance_id = $3)",
+ expectedStmt: "UPDATE projections.users8_machines SET description = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
"description",
"agg-id",
@@ -1637,7 +1639,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
+ expectedStmt: "UPDATE projections.users8 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1646,7 +1648,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "UPDATE projections.users7_machines SET has_secret = $1 WHERE (user_id = $2) AND (instance_id = $3)",
+ expectedStmt: "UPDATE projections.users8_machines SET has_secret = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
true,
"agg-id",
@@ -1674,7 +1676,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
+ expectedStmt: "UPDATE projections.users8 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1683,7 +1685,7 @@ func TestUserProjection_reduces(t *testing.T) {
},
},
{
- expectedStmt: "UPDATE projections.users7_machines SET has_secret = $1 WHERE (user_id = $2) AND (instance_id = $3)",
+ expectedStmt: "UPDATE projections.users8_machines SET has_secret = $1 WHERE (user_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
false,
"agg-id",
@@ -1711,7 +1713,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "UPDATE projections.users7 SET (change_date, sequence, owner_removed) = ($1, $2, $3) WHERE (instance_id = $4) AND (resource_owner = $5)",
+ expectedStmt: "UPDATE projections.users8 SET (change_date, sequence, owner_removed) = ($1, $2, $3) WHERE (instance_id = $4) AND (resource_owner = $5)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
@@ -1741,7 +1743,7 @@ func TestUserProjection_reduces(t *testing.T) {
executer: &testExecuter{
executions: []execution{
{
- expectedStmt: "DELETE FROM projections.users7 WHERE (instance_id = $1)",
+ expectedStmt: "DELETE FROM projections.users8 WHERE (instance_id = $1)",
expectedArgs: []interface{}{
"agg-id",
},
diff --git a/internal/query/user.go b/internal/query/user.go
index aa8ac36bef..cfe86314e1 100644
--- a/internal/query/user.go
+++ b/internal/query/user.go
@@ -88,9 +88,10 @@ type Phone struct {
}
type Machine struct {
- Name string
- Description string
- HasSecret bool
+ Name string
+ Description string
+ HasSecret bool
+ AccessTokenType domain.OIDCTokenType
}
type NotifyUser struct {
@@ -282,6 +283,10 @@ var (
name: projection.MachineHasSecretCol,
table: machineTable,
}
+ MachineAccessTokenTypeCol = Column{
+ name: projection.MachineAccessTokenTypeCol,
+ table: machineTable,
+ }
)
var (
@@ -753,6 +758,7 @@ func prepareUserQuery() (sq.SelectBuilder, func(*sql.Row) (*User, error)) {
MachineNameCol.identifier(),
MachineDescriptionCol.identifier(),
MachineHasSecretCol.identifier(),
+ MachineAccessTokenTypeCol.identifier(),
countColumn.identifier(),
).
From(userTable.identifier()).
@@ -789,6 +795,7 @@ func prepareUserQuery() (sq.SelectBuilder, func(*sql.Row) (*User, error)) {
name := sql.NullString{}
description := sql.NullString{}
hasSecret := sql.NullBool{}
+ accessTokenType := sql.NullInt32{}
err := row.Scan(
&u.ID,
@@ -817,6 +824,7 @@ func prepareUserQuery() (sq.SelectBuilder, func(*sql.Row) (*User, error)) {
&name,
&description,
&hasSecret,
+ &accessTokenType,
&count,
)
@@ -845,9 +853,10 @@ func prepareUserQuery() (sq.SelectBuilder, func(*sql.Row) (*User, error)) {
}
} else if machineID.Valid {
u.Machine = &Machine{
- Name: name.String,
- Description: description.String,
- HasSecret: hasSecret.Bool,
+ Name: name.String,
+ Description: description.String,
+ HasSecret: hasSecret.Bool,
+ AccessTokenType: domain.OIDCTokenType(accessTokenType.Int32),
}
}
return u, nil
@@ -1219,6 +1228,7 @@ func prepareUsersQuery() (sq.SelectBuilder, func(*sql.Rows) (*Users, error)) {
MachineNameCol.identifier(),
MachineDescriptionCol.identifier(),
MachineHasSecretCol.identifier(),
+ MachineAccessTokenTypeCol.identifier(),
countColumn.identifier()).
From(userTable.identifier()).
LeftJoin(join(HumanUserIDCol, UserIDCol)).
@@ -1257,6 +1267,7 @@ func prepareUsersQuery() (sq.SelectBuilder, func(*sql.Rows) (*Users, error)) {
name := sql.NullString{}
description := sql.NullString{}
hasSecret := sql.NullBool{}
+ accessTokenType := sql.NullInt32{}
err := rows.Scan(
&u.ID,
@@ -1285,6 +1296,7 @@ func prepareUsersQuery() (sq.SelectBuilder, func(*sql.Rows) (*Users, error)) {
&name,
&description,
&hasSecret,
+ &accessTokenType,
&count,
)
if err != nil {
@@ -1312,9 +1324,10 @@ func prepareUsersQuery() (sq.SelectBuilder, func(*sql.Rows) (*Users, error)) {
}
} else if machineID.Valid {
u.Machine = &Machine{
- Name: name.String,
- Description: description.String,
- HasSecret: hasSecret.Bool,
+ Name: name.String,
+ Description: description.String,
+ HasSecret: hasSecret.Bool,
+ AccessTokenType: domain.OIDCTokenType(accessTokenType.Int32),
}
}
diff --git a/internal/query/user_grant_test.go b/internal/query/user_grant_test.go
index a8fc3cda64..c486cbedda 100644
--- a/internal/query/user_grant_test.go
+++ b/internal/query/user_grant_test.go
@@ -23,14 +23,14 @@ var (
", projections.user_grants3.roles" +
", projections.user_grants3.state" +
", projections.user_grants3.user_id" +
- ", projections.users7.username" +
- ", projections.users7.type" +
- ", projections.users7.resource_owner" +
- ", projections.users7_humans.first_name" +
- ", projections.users7_humans.last_name" +
- ", projections.users7_humans.email" +
- ", projections.users7_humans.display_name" +
- ", projections.users7_humans.avatar_key" +
+ ", projections.users8.username" +
+ ", projections.users8.type" +
+ ", projections.users8.resource_owner" +
+ ", projections.users8_humans.first_name" +
+ ", projections.users8_humans.last_name" +
+ ", projections.users8_humans.email" +
+ ", projections.users8_humans.display_name" +
+ ", projections.users8_humans.avatar_key" +
", projections.login_names2.login_name" +
", projections.user_grants3.resource_owner" +
", projections.orgs.name" +
@@ -38,8 +38,8 @@ var (
", projections.user_grants3.project_id" +
", projections.projects3.name" +
" FROM projections.user_grants3" +
- " LEFT JOIN projections.users7 ON projections.user_grants3.user_id = projections.users7.id AND projections.user_grants3.instance_id = projections.users7.instance_id" +
- " LEFT JOIN projections.users7_humans ON projections.user_grants3.user_id = projections.users7_humans.user_id AND projections.user_grants3.instance_id = projections.users7_humans.instance_id" +
+ " LEFT JOIN projections.users8 ON projections.user_grants3.user_id = projections.users8.id AND projections.user_grants3.instance_id = projections.users8.instance_id" +
+ " LEFT JOIN projections.users8_humans ON projections.user_grants3.user_id = projections.users8_humans.user_id AND projections.user_grants3.instance_id = projections.users8_humans.instance_id" +
" LEFT JOIN projections.orgs ON projections.user_grants3.resource_owner = projections.orgs.id AND projections.user_grants3.instance_id = projections.orgs.instance_id" +
" LEFT JOIN projections.projects3 ON projections.user_grants3.project_id = projections.projects3.id AND projections.user_grants3.instance_id = projections.projects3.instance_id" +
" LEFT JOIN projections.login_names2 ON projections.user_grants3.user_id = projections.login_names2.user_id AND projections.user_grants3.instance_id = projections.login_names2.instance_id" +
@@ -77,14 +77,14 @@ var (
", projections.user_grants3.roles" +
", projections.user_grants3.state" +
", projections.user_grants3.user_id" +
- ", projections.users7.username" +
- ", projections.users7.type" +
- ", projections.users7.resource_owner" +
- ", projections.users7_humans.first_name" +
- ", projections.users7_humans.last_name" +
- ", projections.users7_humans.email" +
- ", projections.users7_humans.display_name" +
- ", projections.users7_humans.avatar_key" +
+ ", projections.users8.username" +
+ ", projections.users8.type" +
+ ", projections.users8.resource_owner" +
+ ", projections.users8_humans.first_name" +
+ ", projections.users8_humans.last_name" +
+ ", projections.users8_humans.email" +
+ ", projections.users8_humans.display_name" +
+ ", projections.users8_humans.avatar_key" +
", projections.login_names2.login_name" +
", projections.user_grants3.resource_owner" +
", projections.orgs.name" +
@@ -93,8 +93,8 @@ var (
", projections.projects3.name" +
", COUNT(*) OVER ()" +
" FROM projections.user_grants3" +
- " LEFT JOIN projections.users7 ON projections.user_grants3.user_id = projections.users7.id AND projections.user_grants3.instance_id = projections.users7.instance_id" +
- " LEFT JOIN projections.users7_humans ON projections.user_grants3.user_id = projections.users7_humans.user_id AND projections.user_grants3.instance_id = projections.users7_humans.instance_id" +
+ " LEFT JOIN projections.users8 ON projections.user_grants3.user_id = projections.users8.id AND projections.user_grants3.instance_id = projections.users8.instance_id" +
+ " LEFT JOIN projections.users8_humans ON projections.user_grants3.user_id = projections.users8_humans.user_id AND projections.user_grants3.instance_id = projections.users8_humans.instance_id" +
" LEFT JOIN projections.orgs ON projections.user_grants3.resource_owner = projections.orgs.id AND projections.user_grants3.instance_id = projections.orgs.instance_id" +
" LEFT JOIN projections.projects3 ON projections.user_grants3.project_id = projections.projects3.id AND projections.user_grants3.instance_id = projections.projects3.instance_id" +
" LEFT JOIN projections.login_names2 ON projections.user_grants3.user_id = projections.login_names2.user_id AND projections.user_grants3.instance_id = projections.login_names2.instance_id" +
diff --git a/internal/query/user_test.go b/internal/query/user_test.go
index af376b340e..7a753e1307 100644
--- a/internal/query/user_test.go
+++ b/internal/query/user_test.go
@@ -23,42 +23,43 @@ var (
preferredLoginNameQuery = `SELECT preferred_login_name.user_id, preferred_login_name.login_name, preferred_login_name.instance_id, preferred_login_name.user_owner_removed, preferred_login_name.policy_owner_removed, preferred_login_name.domain_owner_removed` +
` FROM projections.login_names2 AS preferred_login_name` +
` WHERE preferred_login_name.is_primary = $1`
- userQuery = `SELECT projections.users7.id,` +
- ` projections.users7.creation_date,` +
- ` projections.users7.change_date,` +
- ` projections.users7.resource_owner,` +
- ` projections.users7.sequence,` +
- ` projections.users7.state,` +
- ` projections.users7.type,` +
- ` projections.users7.username,` +
+ userQuery = `SELECT projections.users8.id,` +
+ ` projections.users8.creation_date,` +
+ ` projections.users8.change_date,` +
+ ` projections.users8.resource_owner,` +
+ ` projections.users8.sequence,` +
+ ` projections.users8.state,` +
+ ` projections.users8.type,` +
+ ` projections.users8.username,` +
` login_names.loginnames,` +
` preferred_login_name.login_name,` +
- ` projections.users7_humans.user_id,` +
- ` projections.users7_humans.first_name,` +
- ` projections.users7_humans.last_name,` +
- ` projections.users7_humans.nick_name,` +
- ` projections.users7_humans.display_name,` +
- ` projections.users7_humans.preferred_language,` +
- ` projections.users7_humans.gender,` +
- ` projections.users7_humans.avatar_key,` +
- ` projections.users7_humans.email,` +
- ` projections.users7_humans.is_email_verified,` +
- ` projections.users7_humans.phone,` +
- ` projections.users7_humans.is_phone_verified,` +
- ` projections.users7_machines.user_id,` +
- ` projections.users7_machines.name,` +
- ` projections.users7_machines.description,` +
- ` projections.users7_machines.has_secret,` +
+ ` projections.users8_humans.user_id,` +
+ ` projections.users8_humans.first_name,` +
+ ` projections.users8_humans.last_name,` +
+ ` projections.users8_humans.nick_name,` +
+ ` projections.users8_humans.display_name,` +
+ ` projections.users8_humans.preferred_language,` +
+ ` projections.users8_humans.gender,` +
+ ` projections.users8_humans.avatar_key,` +
+ ` projections.users8_humans.email,` +
+ ` projections.users8_humans.is_email_verified,` +
+ ` projections.users8_humans.phone,` +
+ ` projections.users8_humans.is_phone_verified,` +
+ ` projections.users8_machines.user_id,` +
+ ` projections.users8_machines.name,` +
+ ` projections.users8_machines.description,` +
+ ` projections.users8_machines.has_secret,` +
+ ` projections.users8_machines.access_token_type,` +
` COUNT(*) OVER ()` +
- ` FROM projections.users7` +
- ` LEFT JOIN projections.users7_humans ON projections.users7.id = projections.users7_humans.user_id AND projections.users7.instance_id = projections.users7_humans.instance_id` +
- ` LEFT JOIN projections.users7_machines ON projections.users7.id = projections.users7_machines.user_id AND projections.users7.instance_id = projections.users7_machines.instance_id` +
+ ` FROM projections.users8` +
+ ` LEFT JOIN projections.users8_humans ON projections.users8.id = projections.users8_humans.user_id AND projections.users8.instance_id = projections.users8_humans.instance_id` +
+ ` LEFT JOIN projections.users8_machines ON projections.users8.id = projections.users8_machines.user_id AND projections.users8.instance_id = projections.users8_machines.instance_id` +
` LEFT JOIN` +
` (` + loginNamesQuery + `) AS login_names` +
- ` ON login_names.user_id = projections.users7.id AND login_names.instance_id = projections.users7.instance_id` +
+ ` ON login_names.user_id = projections.users8.id AND login_names.instance_id = projections.users8.instance_id` +
` LEFT JOIN` +
` (` + preferredLoginNameQuery + `) AS preferred_login_name` +
- ` ON preferred_login_name.user_id = projections.users7.id AND preferred_login_name.instance_id = projections.users7.instance_id`
+ ` ON preferred_login_name.user_id = projections.users8.id AND preferred_login_name.instance_id = projections.users8.instance_id`
userCols = []string{
"id",
"creation_date",
@@ -88,23 +89,24 @@ var (
"name",
"description",
"has_secret",
+ "access_token_type",
"count",
}
- profileQuery = `SELECT projections.users7.id,` +
- ` projections.users7.creation_date,` +
- ` projections.users7.change_date,` +
- ` projections.users7.resource_owner,` +
- ` projections.users7.sequence,` +
- ` projections.users7_humans.user_id,` +
- ` projections.users7_humans.first_name,` +
- ` projections.users7_humans.last_name,` +
- ` projections.users7_humans.nick_name,` +
- ` projections.users7_humans.display_name,` +
- ` projections.users7_humans.preferred_language,` +
- ` projections.users7_humans.gender,` +
- ` projections.users7_humans.avatar_key` +
- ` FROM projections.users7` +
- ` LEFT JOIN projections.users7_humans ON projections.users7.id = projections.users7_humans.user_id AND projections.users7.instance_id = projections.users7_humans.instance_id`
+ profileQuery = `SELECT projections.users8.id,` +
+ ` projections.users8.creation_date,` +
+ ` projections.users8.change_date,` +
+ ` projections.users8.resource_owner,` +
+ ` projections.users8.sequence,` +
+ ` projections.users8_humans.user_id,` +
+ ` projections.users8_humans.first_name,` +
+ ` projections.users8_humans.last_name,` +
+ ` projections.users8_humans.nick_name,` +
+ ` projections.users8_humans.display_name,` +
+ ` projections.users8_humans.preferred_language,` +
+ ` projections.users8_humans.gender,` +
+ ` projections.users8_humans.avatar_key` +
+ ` FROM projections.users8` +
+ ` LEFT JOIN projections.users8_humans ON projections.users8.id = projections.users8_humans.user_id AND projections.users8.instance_id = projections.users8_humans.instance_id`
profileCols = []string{
"id",
"creation_date",
@@ -120,16 +122,16 @@ var (
"gender",
"avatar_key",
}
- emailQuery = `SELECT projections.users7.id,` +
- ` projections.users7.creation_date,` +
- ` projections.users7.change_date,` +
- ` projections.users7.resource_owner,` +
- ` projections.users7.sequence,` +
- ` projections.users7_humans.user_id,` +
- ` projections.users7_humans.email,` +
- ` projections.users7_humans.is_email_verified` +
- ` FROM projections.users7` +
- ` LEFT JOIN projections.users7_humans ON projections.users7.id = projections.users7_humans.user_id AND projections.users7.instance_id = projections.users7_humans.instance_id`
+ emailQuery = `SELECT projections.users8.id,` +
+ ` projections.users8.creation_date,` +
+ ` projections.users8.change_date,` +
+ ` projections.users8.resource_owner,` +
+ ` projections.users8.sequence,` +
+ ` projections.users8_humans.user_id,` +
+ ` projections.users8_humans.email,` +
+ ` projections.users8_humans.is_email_verified` +
+ ` FROM projections.users8` +
+ ` LEFT JOIN projections.users8_humans ON projections.users8.id = projections.users8_humans.user_id AND projections.users8.instance_id = projections.users8_humans.instance_id`
emailCols = []string{
"id",
"creation_date",
@@ -140,16 +142,16 @@ var (
"email",
"is_email_verified",
}
- phoneQuery = `SELECT projections.users7.id,` +
- ` projections.users7.creation_date,` +
- ` projections.users7.change_date,` +
- ` projections.users7.resource_owner,` +
- ` projections.users7.sequence,` +
- ` projections.users7_humans.user_id,` +
- ` projections.users7_humans.phone,` +
- ` projections.users7_humans.is_phone_verified` +
- ` FROM projections.users7` +
- ` LEFT JOIN projections.users7_humans ON projections.users7.id = projections.users7_humans.user_id AND projections.users7.instance_id = projections.users7_humans.instance_id`
+ phoneQuery = `SELECT projections.users8.id,` +
+ ` projections.users8.creation_date,` +
+ ` projections.users8.change_date,` +
+ ` projections.users8.resource_owner,` +
+ ` projections.users8.sequence,` +
+ ` projections.users8_humans.user_id,` +
+ ` projections.users8_humans.phone,` +
+ ` projections.users8_humans.is_phone_verified` +
+ ` FROM projections.users8` +
+ ` LEFT JOIN projections.users8_humans ON projections.users8.id = projections.users8_humans.user_id AND projections.users8.instance_id = projections.users8_humans.instance_id`
phoneCols = []string{
"id",
"creation_date",
@@ -160,14 +162,14 @@ var (
"phone",
"is_phone_verified",
}
- userUniqueQuery = `SELECT projections.users7.id,` +
- ` projections.users7.state,` +
- ` projections.users7.username,` +
- ` projections.users7_humans.user_id,` +
- ` projections.users7_humans.email,` +
- ` projections.users7_humans.is_email_verified` +
- ` FROM projections.users7` +
- ` LEFT JOIN projections.users7_humans ON projections.users7.id = projections.users7_humans.user_id AND projections.users7.instance_id = projections.users7_humans.instance_id`
+ userUniqueQuery = `SELECT projections.users8.id,` +
+ ` projections.users8.state,` +
+ ` projections.users8.username,` +
+ ` projections.users8_humans.user_id,` +
+ ` projections.users8_humans.email,` +
+ ` projections.users8_humans.is_email_verified` +
+ ` FROM projections.users8` +
+ ` LEFT JOIN projections.users8_humans ON projections.users8.id = projections.users8_humans.user_id AND projections.users8.instance_id = projections.users8_humans.instance_id`
userUniqueCols = []string{
"id",
"state",
@@ -176,40 +178,40 @@ var (
"email",
"is_email_verified",
}
- notifyUserQuery = `SELECT projections.users7.id,` +
- ` projections.users7.creation_date,` +
- ` projections.users7.change_date,` +
- ` projections.users7.resource_owner,` +
- ` projections.users7.sequence,` +
- ` projections.users7.state,` +
- ` projections.users7.type,` +
- ` projections.users7.username,` +
+ notifyUserQuery = `SELECT projections.users8.id,` +
+ ` projections.users8.creation_date,` +
+ ` projections.users8.change_date,` +
+ ` projections.users8.resource_owner,` +
+ ` projections.users8.sequence,` +
+ ` projections.users8.state,` +
+ ` projections.users8.type,` +
+ ` projections.users8.username,` +
` login_names.loginnames,` +
` preferred_login_name.login_name,` +
- ` projections.users7_humans.user_id,` +
- ` projections.users7_humans.first_name,` +
- ` projections.users7_humans.last_name,` +
- ` projections.users7_humans.nick_name,` +
- ` projections.users7_humans.display_name,` +
- ` projections.users7_humans.preferred_language,` +
- ` projections.users7_humans.gender,` +
- ` projections.users7_humans.avatar_key,` +
- ` projections.users7_notifications.user_id,` +
- ` projections.users7_notifications.last_email,` +
- ` projections.users7_notifications.verified_email,` +
- ` projections.users7_notifications.last_phone,` +
- ` projections.users7_notifications.verified_phone,` +
- ` projections.users7_notifications.password_set,` +
+ ` projections.users8_humans.user_id,` +
+ ` projections.users8_humans.first_name,` +
+ ` projections.users8_humans.last_name,` +
+ ` projections.users8_humans.nick_name,` +
+ ` projections.users8_humans.display_name,` +
+ ` projections.users8_humans.preferred_language,` +
+ ` projections.users8_humans.gender,` +
+ ` projections.users8_humans.avatar_key,` +
+ ` projections.users8_notifications.user_id,` +
+ ` projections.users8_notifications.last_email,` +
+ ` projections.users8_notifications.verified_email,` +
+ ` projections.users8_notifications.last_phone,` +
+ ` projections.users8_notifications.verified_phone,` +
+ ` projections.users8_notifications.password_set,` +
` COUNT(*) OVER ()` +
- ` FROM projections.users7` +
- ` LEFT JOIN projections.users7_humans ON projections.users7.id = projections.users7_humans.user_id AND projections.users7.instance_id = projections.users7_humans.instance_id` +
- ` LEFT JOIN projections.users7_notifications ON projections.users7.id = projections.users7_notifications.user_id AND projections.users7.instance_id = projections.users7_notifications.instance_id` +
+ ` FROM projections.users8` +
+ ` LEFT JOIN projections.users8_humans ON projections.users8.id = projections.users8_humans.user_id AND projections.users8.instance_id = projections.users8_humans.instance_id` +
+ ` LEFT JOIN projections.users8_notifications ON projections.users8.id = projections.users8_notifications.user_id AND projections.users8.instance_id = projections.users8_notifications.instance_id` +
` LEFT JOIN` +
` (` + loginNamesQuery + `) AS login_names` +
- ` ON login_names.user_id = projections.users7.id AND login_names.instance_id = projections.users7.instance_id` +
+ ` ON login_names.user_id = projections.users8.id AND login_names.instance_id = projections.users8.instance_id` +
` LEFT JOIN` +
` (` + preferredLoginNameQuery + `) AS preferred_login_name` +
- ` ON preferred_login_name.user_id = projections.users7.id AND preferred_login_name.instance_id = projections.users7.instance_id`
+ ` ON preferred_login_name.user_id = projections.users8.id AND preferred_login_name.instance_id = projections.users8.instance_id`
notifyUserCols = []string{
"id",
"creation_date",
@@ -239,42 +241,43 @@ var (
"password_set",
"count",
}
- usersQuery = `SELECT projections.users7.id,` +
- ` projections.users7.creation_date,` +
- ` projections.users7.change_date,` +
- ` projections.users7.resource_owner,` +
- ` projections.users7.sequence,` +
- ` projections.users7.state,` +
- ` projections.users7.type,` +
- ` projections.users7.username,` +
+ usersQuery = `SELECT projections.users8.id,` +
+ ` projections.users8.creation_date,` +
+ ` projections.users8.change_date,` +
+ ` projections.users8.resource_owner,` +
+ ` projections.users8.sequence,` +
+ ` projections.users8.state,` +
+ ` projections.users8.type,` +
+ ` projections.users8.username,` +
` login_names.loginnames,` +
` preferred_login_name.login_name,` +
- ` projections.users7_humans.user_id,` +
- ` projections.users7_humans.first_name,` +
- ` projections.users7_humans.last_name,` +
- ` projections.users7_humans.nick_name,` +
- ` projections.users7_humans.display_name,` +
- ` projections.users7_humans.preferred_language,` +
- ` projections.users7_humans.gender,` +
- ` projections.users7_humans.avatar_key,` +
- ` projections.users7_humans.email,` +
- ` projections.users7_humans.is_email_verified,` +
- ` projections.users7_humans.phone,` +
- ` projections.users7_humans.is_phone_verified,` +
- ` projections.users7_machines.user_id,` +
- ` projections.users7_machines.name,` +
- ` projections.users7_machines.description,` +
- ` projections.users7_machines.has_secret,` +
+ ` projections.users8_humans.user_id,` +
+ ` projections.users8_humans.first_name,` +
+ ` projections.users8_humans.last_name,` +
+ ` projections.users8_humans.nick_name,` +
+ ` projections.users8_humans.display_name,` +
+ ` projections.users8_humans.preferred_language,` +
+ ` projections.users8_humans.gender,` +
+ ` projections.users8_humans.avatar_key,` +
+ ` projections.users8_humans.email,` +
+ ` projections.users8_humans.is_email_verified,` +
+ ` projections.users8_humans.phone,` +
+ ` projections.users8_humans.is_phone_verified,` +
+ ` projections.users8_machines.user_id,` +
+ ` projections.users8_machines.name,` +
+ ` projections.users8_machines.description,` +
+ ` projections.users8_machines.has_secret,` +
+ ` projections.users8_machines.access_token_type,` +
` COUNT(*) OVER ()` +
- ` FROM projections.users7` +
- ` LEFT JOIN projections.users7_humans ON projections.users7.id = projections.users7_humans.user_id AND projections.users7.instance_id = projections.users7_humans.instance_id` +
- ` LEFT JOIN projections.users7_machines ON projections.users7.id = projections.users7_machines.user_id AND projections.users7.instance_id = projections.users7_machines.instance_id` +
+ ` FROM projections.users8` +
+ ` LEFT JOIN projections.users8_humans ON projections.users8.id = projections.users8_humans.user_id AND projections.users8.instance_id = projections.users8_humans.instance_id` +
+ ` LEFT JOIN projections.users8_machines ON projections.users8.id = projections.users8_machines.user_id AND projections.users8.instance_id = projections.users8_machines.instance_id` +
` LEFT JOIN` +
` (` + loginNamesQuery + `) AS login_names` +
- ` ON login_names.user_id = projections.users7.id AND login_names.instance_id = projections.users7.instance_id` +
+ ` ON login_names.user_id = projections.users8.id AND login_names.instance_id = projections.users8.instance_id` +
` LEFT JOIN` +
` (` + preferredLoginNameQuery + `) AS preferred_login_name` +
- ` ON preferred_login_name.user_id = projections.users7.id AND preferred_login_name.instance_id = projections.users7.instance_id`
+ ` ON preferred_login_name.user_id = projections.users8.id AND preferred_login_name.instance_id = projections.users8.instance_id`
usersCols = []string{
"id",
"creation_date",
@@ -304,6 +307,7 @@ var (
"name",
"description",
"has_secret",
+ "access_token_type",
"count",
}
)
@@ -377,6 +381,7 @@ func Test_UserPrepares(t *testing.T) {
nil,
nil,
nil,
+ nil,
1,
},
),
@@ -445,6 +450,7 @@ func Test_UserPrepares(t *testing.T) {
"name",
"description",
true,
+ domain.OIDCTokenTypeBearer,
1,
},
),
@@ -461,9 +467,10 @@ func Test_UserPrepares(t *testing.T) {
LoginNames: database.StringArray{"login_name1", "login_name2"},
PreferredLoginName: "login_name1",
Machine: &Machine{
- Name: "name",
- Description: "description",
- HasSecret: true,
+ Name: "name",
+ Description: "description",
+ HasSecret: true,
+ AccessTokenType: domain.OIDCTokenTypeBearer,
},
},
},
@@ -1044,6 +1051,7 @@ func Test_UserPrepares(t *testing.T) {
nil,
nil,
nil,
+ nil,
},
},
),
@@ -1120,6 +1128,7 @@ func Test_UserPrepares(t *testing.T) {
nil,
nil,
nil,
+ nil,
},
{
"id",
@@ -1150,6 +1159,7 @@ func Test_UserPrepares(t *testing.T) {
"name",
"description",
true,
+ domain.OIDCTokenTypeBearer,
},
},
),
@@ -1196,9 +1206,10 @@ func Test_UserPrepares(t *testing.T) {
LoginNames: database.StringArray{"login_name1", "login_name2"},
PreferredLoginName: "login_name1",
Machine: &Machine{
- Name: "name",
- Description: "description",
- HasSecret: true,
+ Name: "name",
+ Description: "description",
+ HasSecret: true,
+ AccessTokenType: domain.OIDCTokenTypeBearer,
},
},
},
diff --git a/internal/repository/user/machine.go b/internal/repository/user/machine.go
index 470346e9b8..87cb57ed1b 100644
--- a/internal/repository/user/machine.go
+++ b/internal/repository/user/machine.go
@@ -4,6 +4,7 @@ import (
"context"
"encoding/json"
+ "github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/errors"
@@ -20,10 +21,11 @@ type MachineAddedEvent struct {
eventstore.BaseEvent `json:"-"`
UserName string `json:"userName"`
- userLoginMustBeDomain bool `json:"-"`
+ userLoginMustBeDomain bool
- Name string `json:"name,omitempty"`
- Description string `json:"description,omitempty"`
+ Name string `json:"name,omitempty"`
+ Description string `json:"description,omitempty"`
+ AccessTokenType domain.OIDCTokenType `json:"accessTokenType,omitempty"`
}
func (e *MachineAddedEvent) Data() interface{} {
@@ -41,6 +43,7 @@ func NewMachineAddedEvent(
name,
description string,
userLoginMustBeDomain bool,
+ accessTokenType domain.OIDCTokenType,
) *MachineAddedEvent {
return &MachineAddedEvent{
BaseEvent: *eventstore.NewBaseEventForPush(
@@ -52,6 +55,7 @@ func NewMachineAddedEvent(
Name: name,
Description: description,
userLoginMustBeDomain: userLoginMustBeDomain,
+ AccessTokenType: accessTokenType,
}
}
@@ -70,8 +74,9 @@ func MachineAddedEventMapper(event *repository.Event) (eventstore.Event, error)
type MachineChangedEvent struct {
eventstore.BaseEvent `json:"-"`
- Name *string `json:"name,omitempty"`
- Description *string `json:"description,omitempty"`
+ Name *string `json:"name,omitempty"`
+ Description *string `json:"description,omitempty"`
+ AccessTokenType *domain.OIDCTokenType `json:"accessTokenType,omitempty"`
}
func (e *MachineChangedEvent) Data() interface{} {
@@ -117,6 +122,12 @@ func ChangeDescription(description string) func(event *MachineChangedEvent) {
}
}
+func ChangeAccessTokenType(accessTokenType domain.OIDCTokenType) func(event *MachineChangedEvent) {
+ return func(e *MachineChangedEvent) {
+ e.AccessTokenType = &accessTokenType
+ }
+}
+
func MachineChangedEventMapper(event *repository.Event) (eventstore.Event, error) {
machineChanged := &MachineChangedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
diff --git a/proto/zitadel/management.proto b/proto/zitadel/management.proto
index a13994b88b..b5fadf52f2 100644
--- a/proto/zitadel/management.proto
+++ b/proto/zitadel/management.proto
@@ -3313,6 +3313,7 @@ message AddMachineUserRequest {
string name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
string description = 3 [(validate.rules).string = {max_len: 500}];
+ zitadel.user.v1.AccessTokenType access_token_type = 4 [(validate.rules).enum = {defined_only: true}];
}
message AddMachineUserResponse {
@@ -3633,6 +3634,7 @@ message UpdateMachineRequest {
string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string description = 2 [(validate.rules).string.max_len = 500];
string name = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
+ zitadel.user.v1.AccessTokenType access_token_type = 4 [(validate.rules).enum = {defined_only: true}];
}
message UpdateMachineResponse {
diff --git a/proto/zitadel/user.proto b/proto/zitadel/user.proto
index 67ebe45c0b..241ca7b4c1 100644
--- a/proto/zitadel/user.proto
+++ b/proto/zitadel/user.proto
@@ -83,6 +83,11 @@ message Machine {
example: "\"true\"";
}
];
+ AccessTokenType access_token_typ = 4 [
+ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+ description: "Type of access token to receive";
+ }
+ ];
}
message Profile {
@@ -161,6 +166,11 @@ enum Gender {
GENDER_DIVERSE = 3;
}
+enum AccessTokenType {
+ ACCESS_TOKEN_TYPE_BEARER = 0;
+ ACCESS_TOKEN_TYPE_JWT = 1;
+}
+
message SearchQuery {
oneof query {
option (validate.required) = true;