New eventstore policies (#1084)

* feat: login policy * feat: password complexity policy * feat: org iam policy * feat: label policy * feat: add and change policies * feat: second factors * feat: second and multi factors * feat: better naming * feat: better naming
2025-08-11 19:07:30 +00:00 · 2020-12-11 15:49:19 +01:00
parent 31ea9d1acd
commit 5b433dcaa3
85 changed files with 3477 additions and 1648 deletions
--- a/internal/iam/model/login_policy.go
+++ b/internal/iam/model/login_policy.go
@@ -22,7 +22,7 @@ type LoginPolicy struct {
 type IDPProvider struct {
 	models.ObjectRoot
 	Type        IDPProviderType
-	IdpConfigID string
+	IDPConfigID string
 }

 type PolicyState int32
@@ -66,12 +66,12 @@ func (p *LoginPolicy) IsValid() bool {
 }

 func (p *IDPProvider) IsValid() bool {
-	return p.ObjectRoot.AggregateID != "" && p.IdpConfigID != ""
+	return p.ObjectRoot.AggregateID != "" && p.IDPConfigID != ""
 }

 func (p *LoginPolicy) GetIdpProvider(id string) (int, *IDPProvider) {
 	for i, m := range p.IDPProviders {
-		if m.IdpConfigID == id {
+		if m.IDPConfigID == id {
 			return i, m
 		}
 	}
--- a/internal/iam/repository/eventsourcing/eventstore.go
+++ b/internal/iam/repository/eventsourcing/eventstore.go
@@ -554,7 +554,7 @@ func (es *IAMEventstore) AddIDPProviderToLoginPolicy(ctx context.Context, provid
 	if err != nil {
 		return nil, err
 	}
-	if _, m := iam.DefaultLoginPolicy.GetIdpProvider(provider.IdpConfigID); m != nil {
+	if _, m := iam.DefaultLoginPolicy.GetIdpProvider(provider.IDPConfigID); m != nil {
 		return nil, caos_errs.ThrowAlreadyExists(nil, "EVENT-idke6", "Errors.IAM.LoginPolicy.IdpProviderAlreadyExisting")
 	}
 	repoIam := model.IAMFromModel(iam)
@@ -566,7 +566,7 @@ func (es *IAMEventstore) AddIDPProviderToLoginPolicy(ctx context.Context, provid
 		return nil, err
 	}
 	es.iamCache.cacheIAM(repoIam)
-	if _, m := model.GetIDPProvider(repoIam.DefaultLoginPolicy.IDPProviders, provider.IdpConfigID); m != nil {
+	if _, m := model.GetIDPProvider(repoIam.DefaultLoginPolicy.IDPProviders, provider.IDPConfigID); m != nil {
 		return model.IDPProviderToModel(m), nil
 	}
 	return nil, caos_errs.ThrowInternal(nil, "EVENT-Slf9s", "Errors.Internal")
@@ -580,11 +580,11 @@ func (es *IAMEventstore) PrepareRemoveIDPProviderFromLoginPolicy(ctx context.Con
 	if err != nil {
 		return nil, nil, err
 	}
-	if _, m := iam.DefaultLoginPolicy.GetIdpProvider(provider.IdpConfigID); m == nil {
+	if _, m := iam.DefaultLoginPolicy.GetIdpProvider(provider.IDPConfigID); m == nil {
 		return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-29skr", "Errors.IAM.LoginPolicy.IdpProviderNotExisting")
 	}
 	repoIam := model.IAMFromModel(iam)
-	removeAgg, err := LoginPolicyIDPProviderRemovedAggregate(ctx, es.Eventstore.AggregateCreator(), repoIam, &model.IDPProviderID{provider.IdpConfigID})
+	removeAgg, err := LoginPolicyIDPProviderRemovedAggregate(ctx, es.Eventstore.AggregateCreator(), repoIam, &model.IDPProviderID{provider.IDPConfigID})
 	if err != nil {
 		return nil, nil, err
 	}
--- a/internal/iam/repository/eventsourcing/eventstore_test.go
+++ b/internal/iam/repository/eventsourcing/eventstore_test.go
@@ -1494,12 +1494,12 @@ func TestAddIdpProviderToLoginPolicy(t *testing.T) {
 				ctx: authz.NewMockContext("orgID", "userID"),
 				provider: &iam_model.IDPProvider{
 					ObjectRoot:  es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
-					IdpConfigID: "IdpConfigID2",
+					IDPConfigID: "IdpConfigID2",
 					Type:        iam_model.IDPProviderTypeSystem,
 				},
 			},
 			res: res{
-				result: &iam_model.IDPProvider{IdpConfigID: "IdpConfigID2"},
+				result: &iam_model.IDPProvider{IDPConfigID: "IdpConfigID2"},
 			},
 		},
 		{
@@ -1509,7 +1509,7 @@ func TestAddIdpProviderToLoginPolicy(t *testing.T) {
 				ctx: authz.NewMockContext("orgID", "userID"),
 				provider: &iam_model.IDPProvider{
 					ObjectRoot:  es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
-					IdpConfigID: "IDPConfigID",
+					IDPConfigID: "IDPConfigID",
 					Type:        iam_model.IDPProviderTypeSystem,
 				},
 			},
@@ -1539,7 +1539,7 @@ func TestAddIdpProviderToLoginPolicy(t *testing.T) {
 				ctx: authz.NewMockContext("orgID", "userID"),
 				provider: &iam_model.IDPProvider{
 					ObjectRoot:  es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
-					IdpConfigID: "IdpConfigID2",
+					IDPConfigID: "IdpConfigID2",
 				},
 			},
 			res: res{
@@ -1558,8 +1558,8 @@ func TestAddIdpProviderToLoginPolicy(t *testing.T) {
 			if tt.res.wantErr && tt.res.errFunc(err) {
 				return
 			}
-			if result.IdpConfigID != tt.res.result.IdpConfigID {
-				t.Errorf("got wrong result IDPConfigID: expected: %v, actual: %v ", tt.res.result.IdpConfigID, result.IdpConfigID)
+			if result.IDPConfigID != tt.res.result.IDPConfigID {
+				t.Errorf("got wrong result IDPConfigID: expected: %v, actual: %v ", tt.res.result.IDPConfigID, result.IDPConfigID)
 			}
 			if result.Type != tt.res.result.Type {
 				t.Errorf("got wrong result Type: expected: %v, actual: %v ", tt.res.result.Type, result.Type)
@@ -1591,7 +1591,7 @@ func TestRemoveIdpProviderFromLoginPolicy(t *testing.T) {
 				ctx: authz.NewMockContext("orgID", "userID"),
 				provider: &iam_model.IDPProvider{
 					ObjectRoot:  es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
-					IdpConfigID: "IDPConfigID",
+					IDPConfigID: "IDPConfigID",
 					Type:        iam_model.IDPProviderTypeSystem,
 				},
 			},
@@ -1604,7 +1604,7 @@ func TestRemoveIdpProviderFromLoginPolicy(t *testing.T) {
 				ctx: authz.NewMockContext("orgID", "userID"),
 				provider: &iam_model.IDPProvider{
 					ObjectRoot:  es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
-					IdpConfigID: "IdpConfigID2",
+					IDPConfigID: "IdpConfigID2",
 					Type:        iam_model.IDPProviderTypeSystem,
 				},
 			},
@@ -1634,7 +1634,7 @@ func TestRemoveIdpProviderFromLoginPolicy(t *testing.T) {
 				ctx: authz.NewMockContext("orgID", "userID"),
 				provider: &iam_model.IDPProvider{
 					ObjectRoot:  es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
-					IdpConfigID: "IdpConfigID2",
+					IDPConfigID: "IdpConfigID2",
 				},
 			},
 			res: res{
--- a/internal/iam/repository/eventsourcing/model/login_policy.go
+++ b/internal/iam/repository/eventsourcing/model/login_policy.go
@@ -108,7 +108,7 @@ func IDPProviderToModel(provider *IDPProvider) *iam_model.IDPProvider {
 	return &iam_model.IDPProvider{
 		ObjectRoot:  provider.ObjectRoot,
 		Type:        iam_model.IDPProviderType(provider.Type),
-		IdpConfigID: provider.IDPConfigID,
+		IDPConfigID: provider.IDPConfigID,
 	}
 }

@@ -116,7 +116,7 @@ func IDPProviderFromModel(provider *iam_model.IDPProvider) *IDPProvider {
 	return &IDPProvider{
 		ObjectRoot:  provider.ObjectRoot,
 		Type:        int32(provider.Type),
-		IDPConfigID: provider.IdpConfigID,
+		IDPConfigID: provider.IDPConfigID,
 	}
 }