mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 00:27:31 +00:00
feat: limit audit trail (#6744)
* feat: enable limiting audit trail * support AddExclusiveQuery * fix invalid condition * register event mappers * fix NullDuration validity * test query side for limits * lint * acceptance test audit trail limit * fix acceptance test * translate limits not found * update tests * fix linting * add audit log retention to default instance * fix tests * update docs * remove todo * improve test name
This commit is contained in:
Elio Bischof
114
internal/query/projection/limits.go
Normal file
114
internal/query/projection/limits.go
Normal file
@@ -0,0 +1,114 @@
|
||||
package projection
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/eventstore"
|
||||
old_handler "github.com/zitadel/zitadel/internal/eventstore/handler"
|
||||
"github.com/zitadel/zitadel/internal/eventstore/handler/v2"
|
||||
"github.com/zitadel/zitadel/internal/repository/instance"
|
||||
"github.com/zitadel/zitadel/internal/repository/limits"
|
||||
)
|
||||
|
||||
const (
|
||||
LimitsProjectionTable = "projections.limits"
|
||||
|
||||
LimitsColumnAggregateID = "aggregate_id"
|
||||
LimitsColumnCreationDate = "creation_date"
|
||||
LimitsColumnChangeDate = "change_date"
|
||||
LimitsColumnResourceOwner = "resource_owner"
|
||||
LimitsColumnInstanceID = "instance_id"
|
||||
LimitsColumnSequence = "sequence"
|
||||
|
||||
LimitsColumnAuditLogRetention = "audit_log_retention"
|
||||
)
|
||||
|
||||
type limitsProjection struct{}
|
||||
|
||||
func newLimitsProjection(ctx context.Context, config handler.Config) *handler.Handler {
|
||||
return handler.NewHandler(ctx, &config, &limitsProjection{})
|
||||
}
|
||||
|
||||
func (*limitsProjection) Name() string {
|
||||
return LimitsProjectionTable
|
||||
}
|
||||
|
||||
func (*limitsProjection) Init() *old_handler.Check {
|
||||
return handler.NewTableCheck(
|
||||
handler.NewTable([]*handler.InitColumn{
|
||||
handler.NewColumn(LimitsColumnAggregateID, handler.ColumnTypeText),
|
||||
handler.NewColumn(LimitsColumnCreationDate, handler.ColumnTypeTimestamp),
|
||||
handler.NewColumn(LimitsColumnChangeDate, handler.ColumnTypeTimestamp),
|
||||
handler.NewColumn(LimitsColumnResourceOwner, handler.ColumnTypeText),
|
||||
handler.NewColumn(LimitsColumnInstanceID, handler.ColumnTypeText),
|
||||
handler.NewColumn(LimitsColumnSequence, handler.ColumnTypeInt64),
|
||||
handler.NewColumn(LimitsColumnAuditLogRetention, handler.ColumnTypeInterval, handler.Nullable()),
|
||||
},
|
||||
handler.NewPrimaryKey(LimitsColumnInstanceID, LimitsColumnResourceOwner),
|
||||
),
|
||||
)
|
||||
}
|
||||
|
||||
func (p *limitsProjection) Reducers() []handler.AggregateReducer {
|
||||
return []handler.AggregateReducer{
|
||||
{
|
||||
Aggregate: limits.AggregateType,
|
||||
EventReducers: []handler.EventReducer{
|
||||
{
|
||||
Event: limits.SetEventType,
|
||||
Reduce: p.reduceLimitsSet,
|
||||
},
|
||||
{
|
||||
Event: limits.ResetEventType,
|
||||
Reduce: p.reduceLimitsReset,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Aggregate: instance.AggregateType,
|
||||
EventReducers: []handler.EventReducer{
|
||||
{
|
||||
Event: instance.InstanceRemovedEventType,
|
||||
Reduce: reduceInstanceRemovedHelper(LimitsColumnInstanceID),
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func (p *limitsProjection) reduceLimitsSet(event eventstore.Event) (*handler.Statement, error) {
|
||||
e, err := assertEvent[*limits.SetEvent](event)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
conflictCols := []handler.Column{
|
||||
handler.NewCol(LimitsColumnInstanceID, e.Aggregate().InstanceID),
|
||||
handler.NewCol(LimitsColumnResourceOwner, e.Aggregate().ResourceOwner),
|
||||
}
|
||||
updateCols := []handler.Column{
|
||||
handler.NewCol(LimitsColumnInstanceID, e.Aggregate().InstanceID),
|
||||
handler.NewCol(LimitsColumnResourceOwner, e.Aggregate().ResourceOwner),
|
||||
handler.NewCol(LimitsColumnCreationDate, e.CreationDate()),
|
||||
handler.NewCol(LimitsColumnChangeDate, e.CreationDate()),
|
||||
handler.NewCol(LimitsColumnSequence, e.Sequence()),
|
||||
handler.NewCol(LimitsColumnAggregateID, e.Aggregate().ID),
|
||||
}
|
||||
if e.AuditLogRetention != nil {
|
||||
updateCols = append(updateCols, handler.NewCol(LimitsColumnAuditLogRetention, *e.AuditLogRetention))
|
||||
}
|
||||
return handler.NewUpsertStatement(e, conflictCols, updateCols), nil
|
||||
}
|
||||
|
||||
func (p *limitsProjection) reduceLimitsReset(event eventstore.Event) (*handler.Statement, error) {
|
||||
e, err := assertEvent[*limits.ResetEvent](event)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return handler.NewDeleteStatement(
|
||||
e,
|
||||
[]handler.Condition{
|
||||
handler.NewCond(LimitsColumnInstanceID, e.Aggregate().InstanceID),
|
||||
handler.NewCond(LimitsColumnResourceOwner, e.Aggregate().ResourceOwner),
|
||||
},
|
||||
), nil
|
||||
}
|
||||
Reference in New Issue
Block a user