feat: Instance create (#4502)

* feat(instance): implement create instance with direct machine user and credentials * fix: deprecated add endpoint and variable declaration * fix(instance): update logic for pats and machinekeys * fix(instance): unit test corrections and additional unit test for pats and machinekeys * fix(instance-create): include review changes * fix(instance-create): linter fixes * move iframe usage to solution scenarios configurations * Revert "move iframe usage to solution scenarios configurations" This reverts commit 9db31f3808. * fix merge * fix: add review suggestions Co-authored-by: Livio Spring <livio.a@gmail.com> * fix: add review changes * fix: add review changes for default definitions * fix: add review changes for machinekey details * fix: add machinekey output when setup with machineuser * fix: add changes from review * fix instance converter for machine and allow overwriting of further machine fields Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-11 19:07:30 +00:00 · 2022-12-09 13:04:33 +00:00
parent c5ebeea590
commit 47ffa52f0f
27 changed files with 1403 additions and 354 deletions
--- a/internal/command/user_machine_key_test.go
+++ b/internal/command/user_machine_key_test.go
@@ -0,0 +1,253 @@
+package command
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	"github.com/golang/mock/gomock"
+	"github.com/stretchr/testify/assert"
+
+	"github.com/zitadel/zitadel/internal/crypto"
+	"github.com/zitadel/zitadel/internal/domain"
+	caos_errs "github.com/zitadel/zitadel/internal/errors"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/eventstore/repository"
+	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
+	"github.com/zitadel/zitadel/internal/id"
+	id_mock "github.com/zitadel/zitadel/internal/id/mock"
+	"github.com/zitadel/zitadel/internal/repository/user"
+)
+
+func TestCommands_AddMachineKey(t *testing.T) {
+	type fields struct {
+		eventstore   *eventstore.Eventstore
+		idGenerator  id.Generator
+		keyAlgorithm crypto.EncryptionAlgorithm
+	}
+	type args struct {
+		ctx context.Context
+		key *MachineKey
+	}
+	type res struct {
+		want *domain.ObjectDetails
+		key  bool
+		err  func(error) bool
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		args   args
+		res    res
+	}{
+		{
+			"user does not exist, error",
+			fields{
+				eventstore: eventstoreExpect(t,
+					expectFilter(),
+				),
+				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "token1"),
+			},
+			args{
+				ctx: context.Background(),
+				key: &MachineKey{
+					ObjectRoot: models.ObjectRoot{
+						AggregateID:   "user1",
+						ResourceOwner: "org1",
+					},
+					Type:           domain.AuthNKeyTypeJSON,
+					ExpirationDate: time.Time{},
+				},
+			},
+			res{
+				err: caos_errs.IsPreconditionFailed,
+			},
+		},
+		{
+			"invalid expiration date, error",
+			fields{
+				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "token1"),
+			},
+			args{
+				ctx: context.Background(),
+				key: &MachineKey{
+					ObjectRoot: models.ObjectRoot{
+						AggregateID:   "user1",
+						ResourceOwner: "org1",
+					},
+					Type:           domain.AuthNKeyTypeJSON,
+					ExpirationDate: time.Now().Add(-24 * time.Hour),
+				},
+			},
+			res{
+				err: caos_errs.IsErrorInvalidArgument,
+			},
+		},
+		{
+			"no userID, error",
+			fields{
+				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "token1"),
+			},
+			args{
+				ctx: context.Background(),
+				key: &MachineKey{
+					ObjectRoot: models.ObjectRoot{
+						AggregateID:   "",
+						ResourceOwner: "org1",
+					},
+					Type:           domain.AuthNKeyTypeJSON,
+					ExpirationDate: time.Time{},
+				},
+			},
+			res{
+				err: caos_errs.IsErrorInvalidArgument,
+			},
+		},
+		{
+			"no resourceowner, error",
+			fields{
+				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "token1"),
+			},
+			args{
+				ctx: context.Background(),
+				key: &MachineKey{
+					ObjectRoot: models.ObjectRoot{
+						AggregateID:   "user1",
+						ResourceOwner: "",
+					},
+					Type:           domain.AuthNKeyTypeJSON,
+					ExpirationDate: time.Time{},
+				},
+			},
+			res{
+				err: caos_errs.IsErrorInvalidArgument,
+			},
+		},
+		{
+			"key added with public key",
+			fields{
+				eventstore: eventstoreExpect(t,
+					expectFilter(
+						eventFromEventPusher(
+							user.NewMachineAddedEvent(context.Background(),
+								&user.NewAggregate("user1", "org1").Aggregate,
+								"machine",
+								"Machine",
+								"",
+								true,
+							),
+						),
+					),
+					expectFilter(),
+					expectPush(
+						[]*repository.Event{
+							eventFromEventPusher(
+								user.NewMachineKeyAddedEvent(context.Background(),
+									&user.NewAggregate("user1", "org1").Aggregate,
+									"key1",
+									domain.AuthNKeyTypeJSON,
+									time.Date(9999, 12, 31, 23, 59, 59, 0, time.UTC),
+									[]byte("public"),
+								),
+							),
+						},
+					),
+				),
+				idGenerator:  id_mock.NewIDGeneratorExpectIDs(t, "key1"),
+				keyAlgorithm: crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
+			},
+			args{
+				ctx: context.Background(),
+				key: &MachineKey{
+					ObjectRoot: models.ObjectRoot{
+						AggregateID:   "user1",
+						ResourceOwner: "org1",
+					},
+					Type:           domain.AuthNKeyTypeJSON,
+					ExpirationDate: time.Date(9999, 12, 31, 23, 59, 59, 0, time.UTC),
+					PublicKey:      []byte("public"),
+				},
+			},
+			res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
+				key: true,
+			},
+		},
+		{
+			"key added with ID and public key",
+			fields{
+				eventstore: eventstoreExpect(t,
+					expectFilter(
+						eventFromEventPusher(
+							user.NewMachineAddedEvent(context.Background(),
+								&user.NewAggregate("user1", "org1").Aggregate,
+								"machine",
+								"Machine",
+								"",
+								true,
+							),
+						),
+					),
+					expectFilter(),
+					expectPush(
+						[]*repository.Event{
+							eventFromEventPusher(
+								user.NewMachineKeyAddedEvent(context.Background(),
+									&user.NewAggregate("user1", "org1").Aggregate,
+									"key1",
+									domain.AuthNKeyTypeJSON,
+									time.Date(9999, 12, 31, 23, 59, 59, 0, time.UTC),
+									[]byte("public"),
+								),
+							),
+						},
+					),
+				),
+				keyAlgorithm: crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
+			},
+			args{
+				ctx: context.Background(),
+				key: &MachineKey{
+					ObjectRoot: models.ObjectRoot{
+						AggregateID:   "user1",
+						ResourceOwner: "org1",
+					},
+					KeyID:          "key1",
+					Type:           domain.AuthNKeyTypeJSON,
+					ExpirationDate: time.Date(9999, 12, 31, 23, 59, 59, 0, time.UTC),
+					PublicKey:      []byte("public"),
+				},
+			},
+			res{
+				want: &domain.ObjectDetails{
+					ResourceOwner: "org1",
+				},
+				key: true,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			c := &Commands{
+				eventstore:   tt.fields.eventstore,
+				idGenerator:  tt.fields.idGenerator,
+				keyAlgorithm: tt.fields.keyAlgorithm,
+			}
+			got, err := c.AddUserMachineKey(tt.args.ctx, tt.args.key)
+			if tt.res.err == nil {
+				assert.NoError(t, err)
+			}
+			if tt.res.err != nil && !tt.res.err(err) {
+				t.Errorf("got wrong err: %v ", err)
+			}
+			if tt.res.err == nil {
+				assert.Equal(t, tt.res.want, got)
+				if tt.res.key {
+					assert.NotEqual(t, "", tt.args.key.PrivateKey)
+				}
+			}
+		})
+	}
+}