TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 01:47:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: migrate external idp to other types (#5984)

Browse Source 
* feat: migrate instance oidc to azureAD

* feat: migrate instance oidc to azureAD

* feat: migrate org oidc to azureAD

* feat: migrate oidc to google

* fix: correct idp writemodels

* fix: review changes
This commit is contained in:
Stefan Benz
2023-06-08 00:50:53 +02:00
committed by GitHub
parent 0b1738dc5d
commit 5562ee94a6
19 changed files with 1968 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
internal/query/projection/idp_template.go
View File

@@ -347,6 +347,10 @@ func (p *idpTemplateProjection) reducers() []handler.AggregateReducer {
Event: instance.OIDCIDPChangedEventType,
Reduce: p.reduceOIDCIDPChanged,
},
{
Event: instance.OIDCIDPMigratedAzureADEventType,
Reduce: p.reduceOIDCIDPMigratedAzureAD,
},
{
Event: instance.JWTIDPAddedEventType,
Reduce: p.reduceJWTIDPAdded,
@@ -755,6 +759,106 @@ func (p *idpTemplateProjection) reduceOIDCIDPChanged(event eventstore.Event) (*h
), nil
}
func (p *idpTemplateProjection) reduceOIDCIDPMigratedAzureAD(event eventstore.Event) (*handler.Statement, error) {
var idpEvent idp.OIDCIDPMigratedAzureADEvent
switch e := event.(type) {
case *org.OIDCIDPMigratedAzureADEvent:
idpEvent = e.OIDCIDPMigratedAzureADEvent
case *instance.OIDCIDPMigratedAzureADEvent:
idpEvent = e.OIDCIDPMigratedAzureADEvent
default:
return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.OIDCIDPMigratedAzureADEventType, instance.OIDCIDPMigratedAzureADEventType})
}
return crdb.NewMultiStatement(
&idpEvent,
crdb.AddUpdateStatement(
[]handler.Column{
handler.NewCol(IDPTemplateChangeDateCol, idpEvent.CreationDate()),
handler.NewCol(IDPTemplateSequenceCol, idpEvent.Sequence()),
handler.NewCol(IDPTemplateNameCol, idpEvent.Name),
handler.NewCol(IDPTemplateTypeCol, domain.IDPTypeAzureAD),
handler.NewCol(IDPTemplateIsCreationAllowedCol, idpEvent.IsCreationAllowed),
handler.NewCol(IDPTemplateIsLinkingAllowedCol, idpEvent.IsLinkingAllowed),
handler.NewCol(IDPTemplateIsAutoCreationCol, idpEvent.IsAutoCreation),
handler.NewCol(IDPTemplateIsAutoUpdateCol, idpEvent.IsAutoUpdate),
},
[]handler.Condition{
handler.NewCond(IDPTemplateIDCol, idpEvent.ID),
handler.NewCond(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID),
},
),
crdb.AddDeleteStatement(
[]handler.Condition{
handler.NewCond(OIDCIDCol, idpEvent.ID),
handler.NewCond(OIDCInstanceIDCol, idpEvent.Aggregate().InstanceID),
},
crdb.WithTableSuffix(IDPTemplateOIDCSuffix),
),
crdb.AddCreateStatement(
[]handler.Column{
handler.NewCol(AzureADIDCol, idpEvent.ID),
handler.NewCol(AzureADInstanceIDCol, idpEvent.Aggregate().InstanceID),
handler.NewCol(AzureADClientIDCol, idpEvent.ClientID),
handler.NewCol(AzureADClientSecretCol, idpEvent.ClientSecret),
handler.NewCol(AzureADScopesCol, database.StringArray(idpEvent.Scopes)),
handler.NewCol(AzureADTenantCol, idpEvent.Tenant),
handler.NewCol(AzureADIsEmailVerified, idpEvent.IsEmailVerified),
},
crdb.WithTableSuffix(IDPTemplateAzureADSuffix),
),
), nil
}
func (p *idpTemplateProjection) reduceOIDCIDPMigratedGoogle(event eventstore.Event) (*handler.Statement, error) {
var idpEvent idp.OIDCIDPMigratedGoogleEvent
switch e := event.(type) {
case *org.OIDCIDPMigratedGoogleEvent:
idpEvent = e.OIDCIDPMigratedGoogleEvent
case *instance.OIDCIDPMigratedGoogleEvent:
idpEvent = e.OIDCIDPMigratedGoogleEvent
default:
return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.OIDCIDPMigratedGoogleEventType, instance.OIDCIDPMigratedGoogleEventType})
}
return crdb.NewMultiStatement(
&idpEvent,
crdb.AddUpdateStatement(
[]handler.Column{
handler.NewCol(IDPTemplateChangeDateCol, idpEvent.CreationDate()),
handler.NewCol(IDPTemplateSequenceCol, idpEvent.Sequence()),
handler.NewCol(IDPTemplateNameCol, idpEvent.Name),
handler.NewCol(IDPTemplateTypeCol, domain.IDPTypeGoogle),
handler.NewCol(IDPTemplateIsCreationAllowedCol, idpEvent.IsCreationAllowed),
handler.NewCol(IDPTemplateIsLinkingAllowedCol, idpEvent.IsLinkingAllowed),
handler.NewCol(IDPTemplateIsAutoCreationCol, idpEvent.IsAutoCreation),
handler.NewCol(IDPTemplateIsAutoUpdateCol, idpEvent.IsAutoUpdate),
},
[]handler.Condition{
handler.NewCond(IDPTemplateIDCol, idpEvent.ID),
handler.NewCond(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID),
},
),
crdb.AddDeleteStatement(
[]handler.Condition{
handler.NewCond(OIDCIDCol, idpEvent.ID),
handler.NewCond(OIDCInstanceIDCol, idpEvent.Aggregate().InstanceID),
},
crdb.WithTableSuffix(IDPTemplateOIDCSuffix),
),
crdb.AddCreateStatement(
[]handler.Column{
handler.NewCol(GoogleIDCol, idpEvent.ID),
handler.NewCol(GoogleInstanceIDCol, idpEvent.Aggregate().InstanceID),
handler.NewCol(GoogleClientIDCol, idpEvent.ClientID),
handler.NewCol(GoogleClientSecretCol, idpEvent.ClientSecret),
handler.NewCol(GoogleScopesCol, database.StringArray(idpEvent.Scopes)),
},
crdb.WithTableSuffix(IDPTemplateGoogleSuffix),
),
), nil
}
func (p *idpTemplateProjection) reduceJWTIDPAdded(event eventstore.Event) (*handler.Statement, error) {
var idpEvent idp.JWTIDPAddedEvent
var idpOwnerType domain.IdentityProviderType

272
internal/query/projection/idp_template_test.go
View File

@@ -2686,6 +2686,278 @@ func TestIDPTemplateProjection_reducesOIDC(t *testing.T) {
},
},
},
{
name: "instance reduceOIDCIDPMigratedAzureAD",
args: args{
event: getEvent(testEvent(
repository.EventType(instance.OIDCIDPMigratedAzureADEventType),
instance.AggregateType,
[]byte(`{
"id": "idp-id",
"name": "name",
"client_id": "client_id",
"client_secret": {
"cryptoType": 0,
"algorithm": "RSA-265",
"keyId": "key-id"
},
"tenant": "tenant",
"isEmailVerified": true,
"scopes": ["profile"],
"isCreationAllowed": true,
"isLinkingAllowed": true,
"isAutoCreation": true,
"isAutoUpdate": true
}`),
), instance.OIDCIDPMigratedAzureADEventMapper),
},
reduce: (&idpTemplateProjection{}).reduceOIDCIDPMigratedAzureAD,
want: wantReduce{
aggregateType: eventstore.AggregateType("instance"),
sequence: 15,
previousSequence: 10,
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.idp_templates5 SET (change_date, sequence, name, type, is_creation_allowed, is_linking_allowed, is_auto_creation, is_auto_update) = ($1, $2, $3, $4, $5, $6, $7, $8) WHERE (id = $9) AND (instance_id = $10)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
"name",
domain.IDPTypeAzureAD,
true,
true,
true,
true,
"idp-id",
"instance-id",
},
},
{
expectedStmt: "DELETE FROM projections.idp_templates5_oidc WHERE (idp_id = $1) AND (instance_id = $2)",
expectedArgs: []interface{}{
"idp-id",
"instance-id",
},
},
{
expectedStmt: "INSERT INTO projections.idp_templates5_azure (idp_id, instance_id, client_id, client_secret, scopes, tenant, is_email_verified) VALUES ($1, $2, $3, $4, $5, $6, $7)",
expectedArgs: []interface{}{
"idp-id",
"instance-id",
"client_id",
anyArg{},
database.StringArray{"profile"},
"tenant",
true,
},
},
},
},
},
},
{
name: "org reduceOIDCIDPMigratedAzureAD",
args: args{
event: getEvent(testEvent(
repository.EventType(org.OIDCIDPMigratedAzureADEventType),
org.AggregateType,
[]byte(`{
"id": "idp-id",
"name": "name",
"client_id": "client_id",
"client_secret": {
"cryptoType": 0,
"algorithm": "RSA-265",
"keyId": "key-id"
},
"tenant": "tenant",
"isEmailVerified": true,
"scopes": ["profile"],
"isCreationAllowed": true,
"isLinkingAllowed": true,
"isAutoCreation": true,
"isAutoUpdate": true
}`),
), org.OIDCIDPMigratedAzureADEventMapper),
},
reduce: (&idpTemplateProjection{}).reduceOIDCIDPMigratedAzureAD,
want: wantReduce{
aggregateType: eventstore.AggregateType("org"),
sequence: 15,
previousSequence: 10,
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.idp_templates5 SET (change_date, sequence, name, type, is_creation_allowed, is_linking_allowed, is_auto_creation, is_auto_update) = ($1, $2, $3, $4, $5, $6, $7, $8) WHERE (id = $9) AND (instance_id = $10)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
"name",
domain.IDPTypeAzureAD,
true,
true,
true,
true,
"idp-id",
"instance-id",
},
},
{
expectedStmt: "DELETE FROM projections.idp_templates5_oidc WHERE (idp_id = $1) AND (instance_id = $2)",
expectedArgs: []interface{}{
"idp-id",
"instance-id",
},
},
{
expectedStmt: "INSERT INTO projections.idp_templates5_azure (idp_id, instance_id, client_id, client_secret, scopes, tenant, is_email_verified) VALUES ($1, $2, $3, $4, $5, $6, $7)",
expectedArgs: []interface{}{
"idp-id",
"instance-id",
"client_id",
anyArg{},
database.StringArray{"profile"},
"tenant",
true,
},
},
},
},
},
},
{
name: "instance reduceOIDCIDPMigratedGoogle",
args: args{
event: getEvent(testEvent(
repository.EventType(instance.OIDCIDPMigratedGoogleEventType),
instance.AggregateType,
[]byte(`{
"id": "idp-id",
"name": "name",
"clientId": "client_id",
"clientSecret": {
"cryptoType": 0,
"algorithm": "RSA-265",
"keyId": "key-id"
},
"scopes": ["profile"],
"isCreationAllowed": true,
"isLinkingAllowed": true,
"isAutoCreation": true,
"isAutoUpdate": true
}`),
), instance.OIDCIDPMigratedGoogleEventMapper),
},
reduce: (&idpTemplateProjection{}).reduceOIDCIDPMigratedGoogle,
want: wantReduce{
aggregateType: eventstore.AggregateType("instance"),
sequence: 15,
previousSequence: 10,
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.idp_templates5 SET (change_date, sequence, name, type, is_creation_allowed, is_linking_allowed, is_auto_creation, is_auto_update) = ($1, $2, $3, $4, $5, $6, $7, $8) WHERE (id = $9) AND (instance_id = $10)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
"name",
domain.IDPTypeGoogle,
true,
true,
true,
true,
"idp-id",
"instance-id",
},
},
{
expectedStmt: "DELETE FROM projections.idp_templates5_oidc WHERE (idp_id = $1) AND (instance_id = $2)",
expectedArgs: []interface{}{
"idp-id",
"instance-id",
},
},
{
expectedStmt: "INSERT INTO projections.idp_templates5_google (idp_id, instance_id, client_id, client_secret, scopes) VALUES ($1, $2, $3, $4, $5)",
expectedArgs: []interface{}{
"idp-id",
"instance-id",
"client_id",
anyArg{},
database.StringArray{"profile"},
},
},
},
},
},
},
{
name: "org reduceOIDCIDPMigratedGoogle",
args: args{
event: getEvent(testEvent(
repository.EventType(org.OIDCIDPMigratedGoogleEventType),
org.AggregateType,
[]byte(`{
"id": "idp-id",
"name": "name",
"clientId": "client_id",
"clientSecret": {
"cryptoType": 0,
"algorithm": "RSA-265",
"keyId": "key-id"
},
"scopes": ["profile"],
"isCreationAllowed": true,
"isLinkingAllowed": true,
"isAutoCreation": true,
"isAutoUpdate": true
}`),
), org.OIDCIDPMigratedGoogleEventMapper),
},
reduce: (&idpTemplateProjection{}).reduceOIDCIDPMigratedGoogle,
want: wantReduce{
aggregateType: eventstore.AggregateType("org"),
sequence: 15,
previousSequence: 10,
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.idp_templates5 SET (change_date, sequence, name, type, is_creation_allowed, is_linking_allowed, is_auto_creation, is_auto_update) = ($1, $2, $3, $4, $5, $6, $7, $8) WHERE (id = $9) AND (instance_id = $10)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
"name",
domain.IDPTypeGoogle,
true,
true,
true,
true,
"idp-id",
"instance-id",
},
},
{
expectedStmt: "DELETE FROM projections.idp_templates5_oidc WHERE (idp_id = $1) AND (instance_id = $2)",
expectedArgs: []interface{}{
"idp-id",
"instance-id",
},
},
{
expectedStmt: "INSERT INTO projections.idp_templates5_google (idp_id, instance_id, client_id, client_secret, scopes) VALUES ($1, $2, $3, $4, $5)",
expectedArgs: []interface{}{
"idp-id",
"instance-id",
"client_id",
anyArg{},
database.StringArray{"profile"},
},
},
},
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {