feat: add schema user create and remove (#8494)

# Which Problems Are Solved

Added functionality that user with a userschema can be created and
removed.

# How the Problems Are Solved

Added logic and moved APIs so that everything is API v3 conform.

# Additional Changes

- move of user and userschema API to resources folder
- changed testing and parameters
- some renaming

# Additional Context

closes #7308

---------

Co-authored-by: Elio Bischof <elio@zitadel.com>

internal/api/grpc/user/schema/v3alpha/schema.go

@@ -1,386 +0,0 @@
-package schema
-
-import (
-	"context"
-
-	"google.golang.org/protobuf/types/known/structpb"
-
-	"github.com/zitadel/zitadel/internal/api/authz"
-	"github.com/zitadel/zitadel/internal/api/grpc/object/v2"
-	"github.com/zitadel/zitadel/internal/command"
-	"github.com/zitadel/zitadel/internal/domain"
-	"github.com/zitadel/zitadel/internal/query"
-	"github.com/zitadel/zitadel/internal/zerrors"
-	schema "github.com/zitadel/zitadel/pkg/grpc/user/schema/v3alpha"
-)
-
-func (s *Server) CreateUserSchema(ctx context.Context, req *schema.CreateUserSchemaRequest) (*schema.CreateUserSchemaResponse, error) {
-	if err := checkUserSchemaEnabled(ctx); err != nil {
-		return nil, err
-	}
-	userSchema, err := createUserSchemaToCommand(req, authz.GetInstance(ctx).InstanceID())
-	if err != nil {
-		return nil, err
-	}
-	id, details, err := s.command.CreateUserSchema(ctx, userSchema)
-	if err != nil {
-		return nil, err
-	}
-	return &schema.CreateUserSchemaResponse{
-		Id:      id,
-		Details: object.DomainToDetailsPb(details),
-	}, nil
-}
-
-func (s *Server) UpdateUserSchema(ctx context.Context, req *schema.UpdateUserSchemaRequest) (*schema.UpdateUserSchemaResponse, error) {
-	if err := checkUserSchemaEnabled(ctx); err != nil {
-		return nil, err
-	}
-	userSchema, err := updateUserSchemaToCommand(req, authz.GetInstance(ctx).InstanceID())
-	if err != nil {
-		return nil, err
-	}
-	details, err := s.command.UpdateUserSchema(ctx, userSchema)
-	if err != nil {
-		return nil, err
-	}
-	return &schema.UpdateUserSchemaResponse{
-		Details: object.DomainToDetailsPb(details),
-	}, nil
-}
-
-func (s *Server) DeactivateUserSchema(ctx context.Context, req *schema.DeactivateUserSchemaRequest) (*schema.DeactivateUserSchemaResponse, error) {
-	if err := checkUserSchemaEnabled(ctx); err != nil {
-		return nil, err
-	}
-	details, err := s.command.DeactivateUserSchema(ctx, req.GetId(), authz.GetInstance(ctx).InstanceID())
-	if err != nil {
-		return nil, err
-	}
-	return &schema.DeactivateUserSchemaResponse{
-		Details: object.DomainToDetailsPb(details),
-	}, nil
-}
-
-func (s *Server) ReactivateUserSchema(ctx context.Context, req *schema.ReactivateUserSchemaRequest) (*schema.ReactivateUserSchemaResponse, error) {
-	if err := checkUserSchemaEnabled(ctx); err != nil {
-		return nil, err
-	}
-	details, err := s.command.ReactivateUserSchema(ctx, req.GetId(), authz.GetInstance(ctx).InstanceID())
-	if err != nil {
-		return nil, err
-	}
-	return &schema.ReactivateUserSchemaResponse{
-		Details: object.DomainToDetailsPb(details),
-	}, nil
-}
-
-func (s *Server) DeleteUserSchema(ctx context.Context, req *schema.DeleteUserSchemaRequest) (*schema.DeleteUserSchemaResponse, error) {
-	if err := checkUserSchemaEnabled(ctx); err != nil {
-		return nil, err
-	}
-	details, err := s.command.DeleteUserSchema(ctx, req.GetId(), authz.GetInstance(ctx).InstanceID())
-	if err != nil {
-		return nil, err
-	}
-	return &schema.DeleteUserSchemaResponse{
-		Details: object.DomainToDetailsPb(details),
-	}, nil
-}
-
-func (s *Server) ListUserSchemas(ctx context.Context, req *schema.ListUserSchemasRequest) (*schema.ListUserSchemasResponse, error) {
-	if err := checkUserSchemaEnabled(ctx); err != nil {
-		return nil, err
-	}
-	queries, err := listUserSchemaToQuery(req)
-	if err != nil {
-		return nil, err
-	}
-	res, err := s.query.SearchUserSchema(ctx, queries)
-	if err != nil {
-		return nil, err
-	}
-	userSchemas, err := userSchemasToPb(res.UserSchemas)
-	if err != nil {
-		return nil, err
-	}
-	return &schema.ListUserSchemasResponse{
-		Details: object.ToListDetails(res.SearchResponse),
-		Result:  userSchemas,
-	}, nil
-}
-
-func (s *Server) GetUserSchemaByID(ctx context.Context, req *schema.GetUserSchemaByIDRequest) (*schema.GetUserSchemaByIDResponse, error) {
-	if err := checkUserSchemaEnabled(ctx); err != nil {
-		return nil, err
-	}
-	res, err := s.query.GetUserSchemaByID(ctx, req.GetId())
-	if err != nil {
-		return nil, err
-	}
-	userSchema, err := userSchemaToPb(res)
-	if err != nil {
-		return nil, err
-	}
-	return &schema.GetUserSchemaByIDResponse{
-		Schema: userSchema,
-	}, nil
-}
-
-func userSchemasToPb(schemas []*query.UserSchema) (_ []*schema.UserSchema, err error) {
-	userSchemas := make([]*schema.UserSchema, len(schemas))
-	for i, userSchema := range schemas {
-		userSchemas[i], err = userSchemaToPb(userSchema)
-		if err != nil {
-			return nil, err
-		}
-	}
-	return userSchemas, nil
-}
-
-func userSchemaToPb(userSchema *query.UserSchema) (*schema.UserSchema, error) {
-	s := new(structpb.Struct)
-	if err := s.UnmarshalJSON(userSchema.Schema); err != nil {
-		return nil, err
-	}
-	return &schema.UserSchema{
-		Id:                     userSchema.ID,
-		Details:                object.DomainToDetailsPb(&userSchema.ObjectDetails),
-		Type:                   userSchema.Type,
-		State:                  userSchemaStateToPb(userSchema.State),
-		Revision:               userSchema.Revision,
-		Schema:                 s,
-		PossibleAuthenticators: authenticatorTypesToPb(userSchema.PossibleAuthenticators),
-	}, nil
-}
-
-func authenticatorTypesToPb(authenticators []domain.AuthenticatorType) []schema.AuthenticatorType {
-	authTypes := make([]schema.AuthenticatorType, len(authenticators))
-	for i, authenticator := range authenticators {
-		authTypes[i] = authenticatorTypeToPb(authenticator)
-	}
-	return authTypes
-}
-
-func authenticatorTypeToPb(authenticator domain.AuthenticatorType) schema.AuthenticatorType {
-	switch authenticator {
-	case domain.AuthenticatorTypeUsername:
-		return schema.AuthenticatorType_AUTHENTICATOR_TYPE_USERNAME
-	case domain.AuthenticatorTypePassword:
-		return schema.AuthenticatorType_AUTHENTICATOR_TYPE_PASSWORD
-	case domain.AuthenticatorTypeWebAuthN:
-		return schema.AuthenticatorType_AUTHENTICATOR_TYPE_WEBAUTHN
-	case domain.AuthenticatorTypeTOTP:
-		return schema.AuthenticatorType_AUTHENTICATOR_TYPE_TOTP
-	case domain.AuthenticatorTypeOTPEmail:
-		return schema.AuthenticatorType_AUTHENTICATOR_TYPE_OTP_EMAIL
-	case domain.AuthenticatorTypeOTPSMS:
-		return schema.AuthenticatorType_AUTHENTICATOR_TYPE_OTP_SMS
-	case domain.AuthenticatorTypeAuthenticationKey:
-		return schema.AuthenticatorType_AUTHENTICATOR_TYPE_AUTHENTICATION_KEY
-	case domain.AuthenticatorTypeIdentityProvider:
-		return schema.AuthenticatorType_AUTHENTICATOR_TYPE_IDENTITY_PROVIDER
-	case domain.AuthenticatorTypeUnspecified:
-		return schema.AuthenticatorType_AUTHENTICATOR_TYPE_UNSPECIFIED
-	default:
-		return schema.AuthenticatorType_AUTHENTICATOR_TYPE_UNSPECIFIED
-	}
-}
-
-func userSchemaStateToPb(state domain.UserSchemaState) schema.State {
-	switch state {
-	case domain.UserSchemaStateActive:
-		return schema.State_STATE_ACTIVE
-	case domain.UserSchemaStateInactive:
-		return schema.State_STATE_INACTIVE
-	case domain.UserSchemaStateUnspecified,
-		domain.UserSchemaStateDeleted:
-		return schema.State_STATE_UNSPECIFIED
-	default:
-		return schema.State_STATE_UNSPECIFIED
-	}
-}
-
-func listUserSchemaToQuery(req *schema.ListUserSchemasRequest) (*query.UserSchemaSearchQueries, error) {
-	offset, limit, asc := object.ListQueryToQuery(req.Query)
-	queries, err := userSchemaQueriesToQuery(req.Queries, 0) // start at level 0
-	if err != nil {
-		return nil, err
-	}
-	return &query.UserSchemaSearchQueries{
-		SearchRequest: query.SearchRequest{
-			Offset:        offset,
-			Limit:         limit,
-			Asc:           asc,
-			SortingColumn: userSchemaFieldNameToSortingColumn(req.SortingColumn),
-		},
-		Queries: queries,
-	}, nil
-}
-
-func userSchemaFieldNameToSortingColumn(column schema.FieldName) query.Column {
-	switch column {
-	case schema.FieldName_FIELD_NAME_TYPE:
-		return query.UserSchemaTypeCol
-	case schema.FieldName_FIELD_NAME_STATE:
-		return query.UserSchemaStateCol
-	case schema.FieldName_FIELD_NAME_REVISION:
-		return query.UserSchemaRevisionCol
-	case schema.FieldName_FIELD_NAME_CHANGE_DATE:
-		return query.UserSchemaChangeDateCol
-	case schema.FieldName_FIELD_NAME_UNSPECIFIED:
-		return query.UserSchemaIDCol
-	default:
-		return query.UserSchemaIDCol
-	}
-}
-
-func checkUserSchemaEnabled(ctx context.Context) error {
-	if authz.GetInstance(ctx).Features().UserSchema {
-		return nil
-	}
-	return zerrors.ThrowPreconditionFailed(nil, "SCHEMA-SFjk3", "Errors.UserSchema.NotEnabled")
-}
-
-func createUserSchemaToCommand(req *schema.CreateUserSchemaRequest, resourceOwner string) (*command.CreateUserSchema, error) {
-	schema, err := req.GetSchema().MarshalJSON()
-	if err != nil {
-		return nil, err
-	}
-	return &command.CreateUserSchema{
-		ResourceOwner:          resourceOwner,
-		Type:                   req.GetType(),
-		Schema:                 schema,
-		PossibleAuthenticators: authenticatorsToDomain(req.GetPossibleAuthenticators()),
-	}, nil
-}
-
-func updateUserSchemaToCommand(req *schema.UpdateUserSchemaRequest, resourceOwner string) (*command.UpdateUserSchema, error) {
-	schema, err := req.GetSchema().MarshalJSON()
-	if err != nil {
-		return nil, err
-	}
-	return &command.UpdateUserSchema{
-		ID:                     req.GetId(),
-		ResourceOwner:          resourceOwner,
-		Type:                   req.Type,
-		Schema:                 schema,
-		PossibleAuthenticators: authenticatorsToDomain(req.GetPossibleAuthenticators()),
-	}, nil
-}
-
-func authenticatorsToDomain(authenticators []schema.AuthenticatorType) []domain.AuthenticatorType {
-	types := make([]domain.AuthenticatorType, len(authenticators))
-	for i, authenticator := range authenticators {
-		types[i] = authenticatorTypeToDomain(authenticator)
-	}
-	return types
-}
-
-func authenticatorTypeToDomain(authenticator schema.AuthenticatorType) domain.AuthenticatorType {
-	switch authenticator {
-	case schema.AuthenticatorType_AUTHENTICATOR_TYPE_UNSPECIFIED:
-		return domain.AuthenticatorTypeUnspecified
-	case schema.AuthenticatorType_AUTHENTICATOR_TYPE_USERNAME:
-		return domain.AuthenticatorTypeUsername
-	case schema.AuthenticatorType_AUTHENTICATOR_TYPE_PASSWORD:
-		return domain.AuthenticatorTypePassword
-	case schema.AuthenticatorType_AUTHENTICATOR_TYPE_WEBAUTHN:
-		return domain.AuthenticatorTypeWebAuthN
-	case schema.AuthenticatorType_AUTHENTICATOR_TYPE_TOTP:
-		return domain.AuthenticatorTypeTOTP
-	case schema.AuthenticatorType_AUTHENTICATOR_TYPE_OTP_EMAIL:
-		return domain.AuthenticatorTypeOTPEmail
-	case schema.AuthenticatorType_AUTHENTICATOR_TYPE_OTP_SMS:
-		return domain.AuthenticatorTypeOTPSMS
-	case schema.AuthenticatorType_AUTHENTICATOR_TYPE_AUTHENTICATION_KEY:
-		return domain.AuthenticatorTypeAuthenticationKey
-	case schema.AuthenticatorType_AUTHENTICATOR_TYPE_IDENTITY_PROVIDER:
-		return domain.AuthenticatorTypeIdentityProvider
-	default:
-		return domain.AuthenticatorTypeUnspecified
-	}
-}
-
-func userSchemaStateToDomain(state schema.State) domain.UserSchemaState {
-	switch state {
-	case schema.State_STATE_ACTIVE:
-		return domain.UserSchemaStateActive
-	case schema.State_STATE_INACTIVE:
-		return domain.UserSchemaStateInactive
-	case schema.State_STATE_UNSPECIFIED:
-		return domain.UserSchemaStateUnspecified
-	default:
-		return domain.UserSchemaStateUnspecified
-	}
-}
-
-func userSchemaQueriesToQuery(queries []*schema.SearchQuery, level uint8) (_ []query.SearchQuery, err error) {
-	q := make([]query.SearchQuery, len(queries))
-	for i, query := range queries {
-		q[i], err = userSchemaQueryToQuery(query, level)
-		if err != nil {
-			return nil, err
-		}
-	}
-	return q, nil
-}
-
-func userSchemaQueryToQuery(query *schema.SearchQuery, level uint8) (query.SearchQuery, error) {
-	if level > 20 {
-		// can't go deeper than 20 levels of nesting.
-		return nil, zerrors.ThrowInvalidArgument(nil, "SCHEMA-zsQ97", "Errors.Query.TooManyNestingLevels")
-	}
-	switch q := query.Query.(type) {
-	case *schema.SearchQuery_StateQuery:
-		return stateQueryToQuery(q.StateQuery)
-	case *schema.SearchQuery_TypeQuery:
-		return typeQueryToQuery(q.TypeQuery)
-	case *schema.SearchQuery_IdQuery:
-		return idQueryToQuery(q.IdQuery)
-	case *schema.SearchQuery_OrQuery:
-		return orQueryToQuery(q.OrQuery, level)
-	case *schema.SearchQuery_AndQuery:
-		return andQueryToQuery(q.AndQuery, level)
-	case *schema.SearchQuery_NotQuery:
-		return notQueryToQuery(q.NotQuery, level)
-	default:
-		return nil, zerrors.ThrowInvalidArgument(nil, "SCHEMA-vR9nC", "List.Query.Invalid")
-	}
-}
-
-func stateQueryToQuery(q *schema.StateQuery) (query.SearchQuery, error) {
-	return query.NewUserSchemaStateSearchQuery(userSchemaStateToDomain(q.GetState()))
-}
-
-func typeQueryToQuery(q *schema.TypeQuery) (query.SearchQuery, error) {
-	return query.NewUserSchemaTypeSearchQuery(q.GetType(), object.TextMethodToQuery(q.GetMethod()))
-}
-
-func idQueryToQuery(q *schema.IDQuery) (query.SearchQuery, error) {
-	return query.NewUserSchemaIDSearchQuery(q.GetId(), object.TextMethodToQuery(q.GetMethod()))
-}
-
-func orQueryToQuery(q *schema.OrQuery, level uint8) (query.SearchQuery, error) {
-	mappedQueries, err := userSchemaQueriesToQuery(q.GetQueries(), level+1)
-	if err != nil {
-		return nil, err
-	}
-	return query.NewUserOrSearchQuery(mappedQueries)
-}
-
-func andQueryToQuery(q *schema.AndQuery, level uint8) (query.SearchQuery, error) {
-	mappedQueries, err := userSchemaQueriesToQuery(q.GetQueries(), level+1)
-	if err != nil {
-		return nil, err
-	}
-	return query.NewUserAndSearchQuery(mappedQueries)
-}
-
-func notQueryToQuery(q *schema.NotQuery, level uint8) (query.SearchQuery, error) {
-	mappedQuery, err := userSchemaQueryToQuery(q.GetQuery(), level+1)
-	if err != nil {
-		return nil, err
-	}
-	return query.NewUserNotSearchQuery(mappedQuery)
-}

internal/api/grpc/user/schema/v3alpha/server.go

@@ -1,51 +0,0 @@
-package schema
-
-import (
-	"google.golang.org/grpc"
-
-	"github.com/zitadel/zitadel/internal/api/authz"
-	"github.com/zitadel/zitadel/internal/api/grpc/server"
-	"github.com/zitadel/zitadel/internal/command"
-	"github.com/zitadel/zitadel/internal/query"
-	schema "github.com/zitadel/zitadel/pkg/grpc/user/schema/v3alpha"
-)
-
-var _ schema.UserSchemaServiceServer = (*Server)(nil)
-
-type Server struct {
-	schema.UnimplementedUserSchemaServiceServer
-	command *command.Commands
-	query   *query.Queries
-}
-
-type Config struct{}
-
-func CreateServer(
-	command *command.Commands,
-	query *query.Queries,
-) *Server {
-	return &Server{
-		command: command,
-		query:   query,
-	}
-}
-
-func (s *Server) RegisterServer(grpcServer *grpc.Server) {
-	schema.RegisterUserSchemaServiceServer(grpcServer, s)
-}
-
-func (s *Server) AppName() string {
-	return schema.UserSchemaService_ServiceDesc.ServiceName
-}
-
-func (s *Server) MethodPrefix() string {
-	return schema.UserSchemaService_ServiceDesc.ServiceName
-}
-
-func (s *Server) AuthMethods() authz.MethodMapping {
-	return schema.UserSchemaService_AuthMethods
-}
-
-func (s *Server) RegisterGateway() server.RegisterGatewayFunc {
-	return schema.RegisterUserSchemaServiceHandler
-}