TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-01 12:22:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into new-eventstore

Browse Source 
# Conflicts:
#	go.mod
#	internal/admin/repository/eventsourcing/eventstore/iam.go
#	internal/authz/repository/eventsourcing/repository.go
#	internal/eventstore/eventstore.go
#	internal/setup/config.go
#	pkg/grpc/management/mock/management.proto.mock.go
This commit is contained in:
Livio Amstutz
2021-01-05 09:27:42 +01:00
parent 21ffe1b0cb 28c8274eab
commit 5b84c9b619
283 changed files with 7264 additions and 2500 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
internal/admin/repository/eventsourcing/eventstore/administrator.go
View File

@@ -2,10 +2,11 @@ package eventstore
import (
"context"
"time"
"github.com/caos/zitadel/internal/admin/repository/eventsourcing/view"
view_model "github.com/caos/zitadel/internal/view/model"
"github.com/caos/zitadel/internal/view/repository"
"time"
)
var dbList = []string{"management", "auth", "authz", "adminapi", "notification"}
@@ -47,7 +48,7 @@ func (repo *AdministratorRepo) GetViews() ([]*view_model.View, error) {
}
func (repo *AdministratorRepo) GetSpoolerDiv(database, view string) int64 {
sequence, err := repo.View.GetCurrentSequence(database, view)
sequence, err := repo.View.GetCurrentSequence(database, view, "")
if err != nil {
return 0

6
internal/admin/repository/eventsourcing/eventstore/iam.go
View File

@@ -69,7 +69,7 @@ func (repo *IAMRepository) RemoveIAMMember(ctx context.Context, userID string) e
func (repo *IAMRepository) SearchIAMMembers(ctx context.Context, request *iam_model.IAMMemberSearchRequest) (*iam_model.IAMMemberSearchResponse, error) {
request.EnsureLimit(repo.SearchLimit)
sequence, err := repo.View.GetLatestIAMMemberSequence()
sequence, err := repo.View.GetLatestIAMMemberSequence("")
logging.Log("EVENT-Slkci").OnError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Warn("could not read latest iam sequence")
members, count, err := repo.View.SearchIAMMembers(request)
if err != nil {
@@ -194,7 +194,7 @@ func (repo *IAMRepository) ChangeOidcIDPConfig(ctx context.Context, oidcConfig *
func (repo *IAMRepository) SearchIDPConfigs(ctx context.Context, request *iam_model.IDPConfigSearchRequest) (*iam_model.IDPConfigSearchResponse, error) {
request.EnsureLimit(repo.SearchLimit)
sequence, err := repo.View.GetLatestIDPConfigSequence()
sequence, err := repo.View.GetLatestIDPConfigSequence("")
logging.Log("EVENT-Dk8si").OnError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Warn("could not read latest idp config sequence")
idps, count, err := repo.View.SearchIDPConfigs(request)
if err != nil {
@@ -298,7 +298,7 @@ func (repo *IAMRepository) ChangeDefaultLoginPolicy(ctx context.Context, policy
func (repo *IAMRepository) SearchDefaultIDPProviders(ctx context.Context, request *iam_model.IDPProviderSearchRequest) (*iam_model.IDPProviderSearchResponse, error) {
request.EnsureLimit(repo.SearchLimit)
request.AppendAggregateIDQuery(repo.SystemDefaults.IamID)
sequence, err := repo.View.GetLatestIDPProviderSequence()
sequence, err := repo.View.GetLatestIDPProviderSequence("")
logging.Log("EVENT-Tuiks").OnError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Warn("could not read latest iam sequence")
providers, count, err := repo.View.SearchIDPProviders(request)
if err != nil {

2
internal/admin/repository/eventsourcing/eventstore/org.go
View File

@@ -87,7 +87,7 @@ func (repo *OrgRepo) OrgByID(ctx context.Context, id string) (*org_model.Org, er
func (repo *OrgRepo) SearchOrgs(ctx context.Context, query *org_model.OrgSearchRequest) (*org_model.OrgSearchResult, error) {
query.EnsureLimit(repo.SearchLimit)
sequence, err := repo.View.GetLatestOrgSequence()
sequence, err := repo.View.GetLatestOrgSequence("")
logging.Log("EVENT-LXo9w").OnError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Warn("could not read latest iam sequence")
orgs, count, err := repo.View.SearchOrgs(query)
if err != nil {

69
internal/admin/repository/eventsourcing/handler/handler.go
View File

@@ -3,13 +3,12 @@ package handler
import (
"time"
"github.com/caos/zitadel/internal/config/systemdefaults"
iam_event "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
"github.com/caos/zitadel/internal/admin/repository/eventsourcing/view"
"github.com/caos/zitadel/internal/config/systemdefaults"
"github.com/caos/zitadel/internal/config/types"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/query"
iam_event "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
org_event "github.com/caos/zitadel/internal/org/repository/eventsourcing"
usr_event "github.com/caos/zitadel/internal/user/repository/eventsourcing"
)
@@ -25,6 +24,12 @@ type handler struct {
bulkLimit uint64
cycleDuration time.Duration
errorCountUntilSkip uint64
es eventstore.Eventstore
}
func (h *handler) Eventstore() eventstore.Eventstore {
return h.es
}
type EventstoreRepos struct {
@@ -33,31 +38,49 @@ type EventstoreRepos struct {
OrgEvents *org_event.OrgEventstore
}
func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, eventstore eventstore.Eventstore, repos EventstoreRepos, defaults systemdefaults.SystemDefaults) []query.Handler {
func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, es eventstore.Eventstore, repos EventstoreRepos, defaults systemdefaults.SystemDefaults) []query.Handler {
return []query.Handler{
&Org{handler: handler{view, bulkLimit, configs.cycleDuration("Org"), errorCount}},
&IamMember{handler: handler{view, bulkLimit, configs.cycleDuration("IamMember"), errorCount},
userEvents: repos.UserEvents},
&IDPConfig{handler: handler{view, bulkLimit, configs.cycleDuration("IDPConfig"), errorCount}},
&LabelPolicy{handler: handler{view, bulkLimit, configs.cycleDuration("LabelPolicy"), errorCount}},
&LoginPolicy{handler: handler{view, bulkLimit, configs.cycleDuration("LoginPolicy"), errorCount}},
&IDPProvider{handler: handler{view, bulkLimit, configs.cycleDuration("IDPProvider"), errorCount},
systemDefaults: defaults, iamEvents: repos.IamEvents, orgEvents: repos.OrgEvents},
&User{handler: handler{view, bulkLimit, configs.cycleDuration("User"), errorCount},
eventstore: eventstore, orgEvents: repos.OrgEvents, iamEvents: repos.IamEvents, systemDefaults: defaults},
&PasswordComplexityPolicy{handler: handler{view, bulkLimit, configs.cycleDuration("PasswordComplexityPolicy"), errorCount}},
&PasswordAgePolicy{handler: handler{view, bulkLimit, configs.cycleDuration("PasswordAgePolicy"), errorCount}},
&PasswordLockoutPolicy{handler: handler{view, bulkLimit, configs.cycleDuration("PasswordLockoutPolicy"), errorCount}},
&OrgIAMPolicy{handler: handler{view, bulkLimit, configs.cycleDuration("OrgIAMPolicy"), errorCount}},
&ExternalIDP{handler: handler{view, bulkLimit, configs.cycleDuration("ExternalIDP"), errorCount},
orgEvents: repos.OrgEvents, iamEvents: repos.IamEvents, systemDefaults: defaults},
newOrg(
handler{view, bulkLimit, configs.cycleDuration("Org"), errorCount, es}),
newIAMMember(
handler{view, bulkLimit, configs.cycleDuration("IamMember"), errorCount, es},
repos.UserEvents),
newIDPConfig(
handler{view, bulkLimit, configs.cycleDuration("IDPConfig"), errorCount, es}),
newLabelPolicy(
handler{view, bulkLimit, configs.cycleDuration("LabelPolicy"), errorCount, es}),
newLoginPolicy(
handler{view, bulkLimit, configs.cycleDuration("LoginPolicy"), errorCount, es}),
newIDPProvider(
handler{view, bulkLimit, configs.cycleDuration("IDPProvider"), errorCount, es},
defaults,
repos.IamEvents,
repos.OrgEvents),
newUser(
handler{view, bulkLimit, configs.cycleDuration("User"), errorCount, es},
repos.OrgEvents,
repos.IamEvents,
defaults),
newPasswordComplexityPolicy(
handler{view, bulkLimit, configs.cycleDuration("PasswordComplexityPolicy"), errorCount, es}),
newPasswordAgePolicy(
handler{view, bulkLimit, configs.cycleDuration("PasswordAgePolicy"), errorCount, es}),
newPasswordLockoutPolicy(
handler{view, bulkLimit, configs.cycleDuration("PasswordLockoutPolicy"), errorCount, es}),
newOrgIAMPolicy(
handler{view, bulkLimit, configs.cycleDuration("OrgIAMPolicy"), errorCount, es}),
newExternalIDP(
handler{view, bulkLimit, configs.cycleDuration("ExternalIDP"), errorCount, es},
defaults,
repos.IamEvents,
repos.OrgEvents),
}
}
func (configs Configs) cycleDuration(viewModel string) time.Duration {
c, ok := configs[viewModel]
if !ok {
return 1 * time.Second
return 3 * time.Minute
}
return c.MinimumCycleDuration.Duration
}
@@ -66,6 +89,10 @@ func (h *handler) MinimumCycleDuration() time.Duration {
return h.cycleDuration
}
func (h *handler) LockDuration() time.Duration {
return h.cycleDuration / 3
}
func (h *handler) QueryLimit() uint64 {
return h.bulkLimit
}

86
internal/admin/repository/eventsourcing/handler/iam_member.go
View File

@@ -4,9 +4,9 @@ import (
"context"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
@@ -15,40 +15,73 @@ import (
usr_es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
)
type IamMember struct {
handler
userEvents *usr_event.UserEventstore
}
const (
iamMemberTable = "adminapi.iam_members"
)
func (m *IamMember) ViewModel() string {
type IAMMember struct {
handler
userEvents *usr_event.UserEventstore
subscription *eventstore.Subscription
}
func newIAMMember(handler handler, userEvents *usr_event.UserEventstore) *IAMMember {
iamMember := &IAMMember{
handler: handler,
userEvents: userEvents,
}
iamMember.subscribe()
return iamMember
}
func (m *IAMMember) subscribe() {
m.subscription = m.es.Subscribe(m.AggregateTypes()...)
go func() {
for event := range m.subscription.Events {
query.ReduceEvent(m, event)
}
}()
}
func (m *IAMMember) CurrentSequence(event *es_models.Event) (uint64, error) {
sequence, err := m.view.GetLatestIAMMemberSequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (m *IAMMember) ViewModel() string {
return iamMemberTable
}
func (m *IamMember) EventQuery() (*models.SearchQuery, error) {
sequence, err := m.view.GetLatestIAMMemberSequence()
func (m *IAMMember) AggregateTypes() []es_models.AggregateType {
return []es_models.AggregateType{model.IAMAggregate, usr_es_model.UserAggregate}
}
func (m *IAMMember) EventQuery() (*es_models.SearchQuery, error) {
sequence, err := m.view.GetLatestIAMMemberSequence("")
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate, usr_es_model.UserAggregate).
AggregateTypeFilter(m.AggregateTypes()...).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
func (m *IamMember) Reduce(event *models.Event) (err error) {
func (m *IAMMember) Reduce(event *es_models.Event) (err error) {
switch event.AggregateType {
case model.IAMAggregate:
err = m.processIamMember(event)
err = m.processIAMMember(event)
case usr_es_model.UserAggregate:
err = m.processUser(event)
}
return err
}
func (m *IamMember) processIamMember(event *models.Event) (err error) {
func (m *IAMMember) processIAMMember(event *es_models.Event) (err error) {
member := new(iam_model.IAMMemberView)
switch event.Type {
case model.IAMMemberAdded:
@@ -72,17 +105,17 @@ func (m *IamMember) processIamMember(event *models.Event) (err error) {
if err != nil {
return err
}
return m.view.DeleteIAMMember(event.AggregateID, member.UserID, event.Sequence, event.CreationDate)
return m.view.DeleteIAMMember(event.AggregateID, member.UserID, event)
default:
return m.view.ProcessedIAMMemberSequence(event.Sequence, event.CreationDate)
return m.view.ProcessedIAMMemberSequence(event)
}
if err != nil {
return err
}
return m.view.PutIAMMember(member, member.Sequence, event.CreationDate)
return m.view.PutIAMMember(member, event)
}
func (m *IamMember) processUser(event *models.Event) (err error) {
func (m *IAMMember) processUser(event *es_models.Event) (err error) {
switch event.Type {
case usr_es_model.UserProfileChanged,
usr_es_model.UserEmailChanged,
@@ -94,7 +127,7 @@ func (m *IamMember) processUser(event *models.Event) (err error) {
return err
}
if len(members) == 0 {
return m.view.ProcessedIAMMemberSequence(event.Sequence, event.CreationDate)
return m.view.ProcessedIAMMemberSequence(event)
}
user, err := m.userEvents.UserByID(context.Background(), event.AggregateID)
if err != nil {
@@ -103,16 +136,15 @@ func (m *IamMember) processUser(event *models.Event) (err error) {
for _, member := range members {
m.fillUserData(member, user)
}
return m.view.PutIAMMembers(members, event.Sequence, event.CreationDate)
return m.view.PutIAMMembers(members, event)
case usr_es_model.UserRemoved:
return m.view.DeleteIAMMembersByUserID(event.AggregateID, event.Sequence, event.CreationDate)
return m.view.DeleteIAMMembersByUserID(event.AggregateID, event)
default:
return m.view.ProcessedIAMMemberSequence(event.Sequence, event.CreationDate)
return m.view.ProcessedIAMMemberSequence(event)
}
return nil
}
func (m *IamMember) fillData(member *iam_model.IAMMemberView) (err error) {
func (m *IAMMember) fillData(member *iam_model.IAMMemberView) (err error) {
user, err := m.userEvents.UserByID(context.Background(), member.UserID)
if err != nil {
return err
@@ -121,7 +153,7 @@ func (m *IamMember) fillData(member *iam_model.IAMMemberView) (err error) {
return nil
}
func (m *IamMember) fillUserData(member *iam_model.IAMMemberView, user *usr_model.User) {
func (m *IAMMember) fillUserData(member *iam_model.IAMMemberView, user *usr_model.User) {
member.UserName = user.UserName
if user.Human != nil {
member.FirstName = user.FirstName
@@ -133,11 +165,11 @@ func (m *IamMember) fillUserData(member *iam_model.IAMMemberView, user *usr_mode
member.DisplayName = user.Machine.Name
}
}
func (m *IamMember) OnError(event *models.Event, err error) error {
func (m *IAMMember) OnError(event *es_models.Event, err error) error {
logging.LogWithFields("SPOOL-Ld9ow", "id", event.AggregateID).WithError(err).Warn("something went wrong in iammember handler")
return spooler.HandleError(event, err, m.view.GetLatestIAMMemberFailedEvent, m.view.ProcessedIAMMemberFailedEvent, m.view.ProcessedIAMMemberSequence, m.errorCountUntilSkip)
}
func (m *IamMember) OnSuccess() error {
func (m *IAMMember) OnSuccess() error {
return spooler.HandleSuccess(m.view.UpdateIAMMemberSpoolerRunTimestamp)
}

64
internal/admin/repository/eventsourcing/handler/idp_config.go
View File

@@ -2,38 +2,70 @@ package handler
import (
"github.com/caos/logging"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
iam_view_model "github.com/caos/zitadel/internal/iam/repository/view/model"
)
type IDPConfig struct {
handler
}
const (
idpConfigTable = "adminapi.idp_configs"
)
type IDPConfig struct {
handler
subscription *eventstore.Subscription
}
func newIDPConfig(handler handler) *IDPConfig {
h := &IDPConfig{
handler: handler,
}
h.subscribe()
return h
}
func (i *IDPConfig) subscribe() {
i.subscription = i.es.Subscribe(i.AggregateTypes()...)
go func() {
for event := range i.subscription.Events {
query.ReduceEvent(i, event)
}
}()
}
func (i *IDPConfig) ViewModel() string {
return idpConfigTable
}
func (i *IDPConfig) EventQuery() (*models.SearchQuery, error) {
sequence, err := i.view.GetLatestIDPConfigSequence()
func (i *IDPConfig) AggregateTypes() []es_models.AggregateType {
return []es_models.AggregateType{model.IAMAggregate}
}
func (i *IDPConfig) CurrentSequence(event *es_models.Event) (uint64, error) {
sequence, err := i.view.GetLatestIDPConfigSequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (i *IDPConfig) EventQuery() (*es_models.SearchQuery, error) {
sequence, err := i.view.GetLatestIDPConfigSequence("")
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate).
AggregateTypeFilter(i.AggregateTypes()...).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
func (i *IDPConfig) Reduce(event *models.Event) (err error) {
func (i *IDPConfig) Reduce(event *es_models.Event) (err error) {
switch event.AggregateType {
case model.IAMAggregate:
err = i.processIDPConfig(event)
@@ -41,7 +73,7 @@ func (i *IDPConfig) Reduce(event *models.Event) (err error) {
return err
}
func (i *IDPConfig) processIDPConfig(event *models.Event) (err error) {
func (i *IDPConfig) processIDPConfig(event *es_models.Event) (err error) {
idp := new(iam_view_model.IDPConfigView)
switch event.Type {
case model.IDPConfigAdded:
@@ -63,17 +95,17 @@ func (i *IDPConfig) processIDPConfig(event *models.Event) (err error) {
if err != nil {
return err
}
return i.view.DeleteIDPConfig(idp.IDPConfigID, event.Sequence, event.CreationDate)
return i.view.DeleteIDPConfig(idp.IDPConfigID, event)
default:
return i.view.ProcessedIDPConfigSequence(event.Sequence, event.CreationDate)
return i.view.ProcessedIDPConfigSequence(event)
}
if err != nil {
return err
}
return i.view.PutIDPConfig(idp, idp.Sequence, event.CreationDate)
return i.view.PutIDPConfig(idp, event)
}
func (i *IDPConfig) OnError(event *models.Event, err error) error {
func (i *IDPConfig) OnError(event *es_models.Event, err error) error {
logging.LogWithFields("SPOOL-Mslo9", "id", event.AggregateID).WithError(err).Warn("something went wrong in idp config handler")
return spooler.HandleError(event, err, i.view.GetLatestIDPConfigFailedEvent, i.view.ProcessedIDPConfigFailedEvent, i.view.ProcessedIDPConfigSequence, i.errorCountUntilSkip)
}

77
internal/admin/repository/eventsourcing/handler/idp_providers.go
View File

@@ -2,18 +2,23 @@ package handler
import (
"context"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/config/systemdefaults"
"github.com/caos/zitadel/internal/iam/repository/eventsourcing"
org_events "github.com/caos/zitadel/internal/org/repository/eventsourcing"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/iam/repository/eventsourcing"
"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
iam_view_model "github.com/caos/zitadel/internal/iam/repository/view/model"
org_events "github.com/caos/zitadel/internal/org/repository/eventsourcing"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
const (
idpProviderTable = "adminapi.idp_providers"
)
type IDPProvider struct {
@@ -21,27 +26,63 @@ type IDPProvider struct {
systemDefaults systemdefaults.SystemDefaults
iamEvents *eventsourcing.IAMEventstore
orgEvents *org_events.OrgEventstore
subscription *eventstore.Subscription
}
const (
idpProviderTable = "adminapi.idp_providers"
)
func newIDPProvider(
handler handler,
systemDefaults systemdefaults.SystemDefaults,
iamEvents *eventsourcing.IAMEventstore,
orgEvents *org_events.OrgEventstore,
) *IDPProvider {
h := &IDPProvider{
handler: handler,
systemDefaults: systemDefaults,
iamEvents: iamEvents,
orgEvents: orgEvents,
}
h.subscribe()
return h
}
func (i *IDPProvider) subscribe() {
i.subscription = i.es.Subscribe(i.AggregateTypes()...)
go func() {
for event := range i.subscription.Events {
query.ReduceEvent(i, event)
}
}()
}
func (i *IDPProvider) ViewModel() string {
return idpProviderTable
}
func (i *IDPProvider) EventQuery() (*models.SearchQuery, error) {
sequence, err := i.view.GetLatestIDPProviderSequence()
func (i *IDPProvider) AggregateTypes() []es_models.AggregateType {
return []es_models.AggregateType{model.IAMAggregate, org_es_model.OrgAggregate}
}
func (i *IDPProvider) CurrentSequence(event *es_models.Event) (uint64, error) {
sequence, err := i.view.GetLatestIDPProviderSequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (i *IDPProvider) EventQuery() (*es_models.SearchQuery, error) {
sequence, err := i.view.GetLatestIDPProviderSequence("")
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate, org_es_model.OrgAggregate).
AggregateTypeFilter(i.AggregateTypes()...).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
func (i *IDPProvider) Reduce(event *models.Event) (err error) {
func (i *IDPProvider) Reduce(event *es_models.Event) (err error) {
switch event.AggregateType {
case model.IAMAggregate, org_es_model.OrgAggregate:
err = i.processIdpProvider(event)
@@ -49,7 +90,7 @@ func (i *IDPProvider) Reduce(event *models.Event) (err error) {
return err
}
func (i *IDPProvider) processIdpProvider(event *models.Event) (err error) {
func (i *IDPProvider) processIdpProvider(event *es_models.Event) (err error) {
provider := new(iam_view_model.IDPProviderView)
switch event.Type {
case model.LoginPolicyIDPProviderAdded, org_es_model.LoginPolicyIDPProviderAdded:
@@ -64,7 +105,7 @@ func (i *IDPProvider) processIdpProvider(event *models.Event) (err error) {
if err != nil {
return err
}
return i.view.DeleteIDPProvider(event.AggregateID, provider.IDPConfigID, event.Sequence, event.CreationDate)
return i.view.DeleteIDPProvider(event.AggregateID, provider.IDPConfigID, event)
case model.IDPConfigChanged, org_es_model.IDPConfigChanged:
esConfig := new(iam_view_model.IDPConfigView)
providerType := iam_model.IDPProviderTypeSystem
@@ -83,14 +124,14 @@ func (i *IDPProvider) processIdpProvider(event *models.Event) (err error) {
for _, provider := range providers {
i.fillConfigData(provider, config)
}
return i.view.PutIDPProviders(event.Sequence, event.CreationDate, providers...)
return i.view.PutIDPProviders(event, providers...)
default:
return i.view.ProcessedIDPProviderSequence(event.Sequence, event.CreationDate)
return i.view.ProcessedIDPProviderSequence(event)
}
if err != nil {
return err
}
return i.view.PutIDPProvider(provider, provider.Sequence, event.CreationDate)
return i.view.PutIDPProvider(provider, event)
}
func (i *IDPProvider) fillData(provider *iam_view_model.IDPProviderView) (err error) {
@@ -114,7 +155,7 @@ func (i *IDPProvider) fillConfigData(provider *iam_view_model.IDPProviderView, c
provider.IDPState = int32(config.State)
}
func (i *IDPProvider) OnError(event *models.Event, err error) error {
func (i *IDPProvider) OnError(event *es_models.Event, err error) error {
logging.LogWithFields("SPOOL-Msj8c", "id", event.AggregateID).WithError(err).Warn("something went wrong in idp provider handler")
return spooler.HandleError(event, err, i.view.GetLatestIDPProviderFailedEvent, i.view.ProcessedIDPProviderFailedEvent, i.view.ProcessedIDPProviderSequence, i.errorCountUntilSkip)
}

60
internal/admin/repository/eventsourcing/handler/label_policy.go
View File

@@ -2,37 +2,69 @@ package handler
import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
)
type LabelPolicy struct {
handler
}
const (
labelPolicyTable = "adminapi.label_policies"
)
type LabelPolicy struct {
handler
subscription *eventstore.Subscription
}
func newLabelPolicy(handler handler) *LabelPolicy {
h := &LabelPolicy{
handler: handler,
}
h.subscribe()
return h
}
func (p *LabelPolicy) subscribe() {
p.subscription = p.es.Subscribe(p.AggregateTypes()...)
go func() {
for event := range p.subscription.Events {
query.ReduceEvent(p, event)
}
}()
}
func (p *LabelPolicy) ViewModel() string {
return labelPolicyTable
}
func (p *LabelPolicy) EventQuery() (*models.SearchQuery, error) {
sequence, err := p.view.GetLatestLabelPolicySequence()
func (p *LabelPolicy) AggregateTypes() []es_models.AggregateType {
return []es_models.AggregateType{model.IAMAggregate}
}
func (p *LabelPolicy) EventQuery() (*es_models.SearchQuery, error) {
sequence, err := p.view.GetLatestLabelPolicySequence("")
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate).
AggregateTypeFilter(p.AggregateTypes()...).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
func (p *LabelPolicy) Reduce(event *models.Event) (err error) {
func (p *LabelPolicy) CurrentSequence(event *es_models.Event) (uint64, error) {
sequence, err := p.view.GetLatestLabelPolicySequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (p *LabelPolicy) Reduce(event *es_models.Event) (err error) {
switch event.AggregateType {
case model.IAMAggregate:
err = p.processLabelPolicy(event)
@@ -40,7 +72,7 @@ func (p *LabelPolicy) Reduce(event *models.Event) (err error) {
return err
}
func (p *LabelPolicy) processLabelPolicy(event *models.Event) (err error) {
func (p *LabelPolicy) processLabelPolicy(event *es_models.Event) (err error) {
policy := new(iam_model.LabelPolicyView)
switch event.Type {
case model.LabelPolicyAdded:
@@ -52,15 +84,15 @@ func (p *LabelPolicy) processLabelPolicy(event *models.Event) (err error) {
}
err = policy.AppendEvent(event)
default:
return p.view.ProcessedLabelPolicySequence(event.Sequence, event.CreationDate)
return p.view.ProcessedLabelPolicySequence(event)
}
if err != nil {
return err
}
return p.view.PutLabelPolicy(policy, policy.Sequence, event.CreationDate)
return p.view.PutLabelPolicy(policy, event)
}
func (p *LabelPolicy) OnError(event *models.Event, err error) error {
func (p *LabelPolicy) OnError(event *es_models.Event, err error) error {
logging.LogWithFields("SPOOL-Wj8sf", "id", event.AggregateID).WithError(err).Warn("something went wrong in label policy handler")
return spooler.HandleError(event, err, p.view.GetLatestLabelPolicyFailedEvent, p.view.ProcessedLabelPolicyFailedEvent, p.view.ProcessedLabelPolicySequence, p.errorCountUntilSkip)
}

51
internal/admin/repository/eventsourcing/handler/login_policy.go
View File

@@ -2,36 +2,69 @@ package handler
import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
)
type LoginPolicy struct {
handler
}
const (
loginPolicyTable = "adminapi.login_policies"
)
type LoginPolicy struct {
handler
subscription *eventstore.Subscription
}
func newLoginPolicy(handler handler) *LoginPolicy {
h := &LoginPolicy{
handler: handler,
}
h.subscribe()
return h
}
func (p *LoginPolicy) subscribe() {
p.subscription = p.es.Subscribe(p.AggregateTypes()...)
go func() {
for event := range p.subscription.Events {
query.ReduceEvent(p, event)
}
}()
}
func (p *LoginPolicy) ViewModel() string {
return loginPolicyTable
}
func (p *LoginPolicy) AggregateTypes() []models.AggregateType {
return []models.AggregateType{model.IAMAggregate}
}
func (p *LoginPolicy) EventQuery() (*models.SearchQuery, error) {
sequence, err := p.view.GetLatestLoginPolicySequence()
sequence, err := p.view.GetLatestLoginPolicySequence("")
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate).
AggregateTypeFilter(p.AggregateTypes()...).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
func (p *LoginPolicy) CurrentSequence(event *models.Event) (uint64, error) {
sequence, err := p.view.GetLatestLoginPolicySequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (p *LoginPolicy) Reduce(event *models.Event) (err error) {
switch event.AggregateType {
case model.IAMAggregate:
@@ -56,12 +89,12 @@ func (p *LoginPolicy) processLoginPolicy(event *models.Event) (err error) {
}
err = policy.AppendEvent(event)
default:
return p.view.ProcessedLoginPolicySequence(event.Sequence, event.CreationDate)
return p.view.ProcessedLoginPolicySequence(event)
}
if err != nil {
return err
}
return p.view.PutLoginPolicy(policy, policy.Sequence, event.CreationDate)
return p.view.PutLoginPolicy(policy, event)
}
func (p *LoginPolicy) OnError(event *models.Event, err error) error {

48
internal/admin/repository/eventsourcing/handler/org.go
View File

@@ -3,33 +3,67 @@ package handler
import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
"github.com/caos/zitadel/internal/org/repository/eventsourcing"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
org_model "github.com/caos/zitadel/internal/org/repository/view/model"
)
type Org struct {
handler
}
const (
orgTable = "adminapi.orgs"
)
type Org struct {
handler
subscription *eventstore.Subscription
}
func newOrg(handler handler) *Org {
h := &Org{
handler: handler,
}
h.subscribe()
return h
}
func (o *Org) subscribe() {
o.subscription = o.es.Subscribe(o.AggregateTypes()...)
go func() {
for event := range o.subscription.Events {
query.ReduceEvent(o, event)
}
}()
}
func (o *Org) ViewModel() string {
return orgTable
}
func (o *Org) AggregateTypes() []es_models.AggregateType {
return []es_models.AggregateType{model.OrgAggregate}
}
func (o *Org) EventQuery() (*es_models.SearchQuery, error) {
sequence, err := o.view.GetLatestOrgSequence()
sequence, err := o.view.GetLatestOrgSequence("")
if err != nil {
return nil, err
}
return eventsourcing.OrgQuery(sequence.CurrentSequence), nil
}
func (o *Org) CurrentSequence(event *es_models.Event) (uint64, error) {
sequence, err := o.view.GetLatestOrgSequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (o *Org) Reduce(event *es_models.Event) error {
org := new(org_model.OrgView)
@@ -53,10 +87,10 @@ func (o *Org) Reduce(event *es_models.Event) error {
return err
}
default:
return o.view.ProcessedOrgSequence(event.Sequence, event.CreationDate)
return o.view.ProcessedOrgSequence(event)
}
return o.view.PutOrg(org, event.CreationDate)
return o.view.PutOrg(org, event)
}
func (o *Org) OnError(event *es_models.Event, spoolerErr error) error {

64
internal/admin/repository/eventsourcing/handler/org_iam_policy.go
View File

@@ -2,38 +2,70 @@ package handler
import (
"github.com/caos/logging"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
type OrgIAMPolicy struct {
handler
}
const (
orgIAMPolicyTable = "adminapi.org_iam_policies"
)
type OrgIAMPolicy struct {
handler
subscription *eventstore.Subscription
}
func newOrgIAMPolicy(handler handler) *OrgIAMPolicy {
h := &OrgIAMPolicy{
handler: handler,
}
h.subscribe()
return h
}
func (p *OrgIAMPolicy) subscribe() {
p.subscription = p.es.Subscribe(p.AggregateTypes()...)
go func() {
for event := range p.subscription.Events {
query.ReduceEvent(p, event)
}
}()
}
func (p *OrgIAMPolicy) ViewModel() string {
return orgIAMPolicyTable
}
func (p *OrgIAMPolicy) EventQuery() (*models.SearchQuery, error) {
sequence, err := p.view.GetLatestOrgIAMPolicySequence()
func (p *OrgIAMPolicy) AggregateTypes() []es_models.AggregateType {
return []es_models.AggregateType{model.OrgAggregate, iam_es_model.IAMAggregate}
}
func (p *OrgIAMPolicy) EventQuery() (*es_models.SearchQuery, error) {
sequence, err := p.view.GetLatestOrgIAMPolicySequence("")
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(model.OrgAggregate, iam_es_model.IAMAggregate).
AggregateTypeFilter(p.AggregateTypes()...).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
func (p *OrgIAMPolicy) Reduce(event *models.Event) (err error) {
func (p *OrgIAMPolicy) CurrentSequence(event *es_models.Event) (uint64, error) {
sequence, err := p.view.GetLatestOrgIAMPolicySequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (p *OrgIAMPolicy) Reduce(event *es_models.Event) (err error) {
switch event.AggregateType {
case model.OrgAggregate, iam_es_model.IAMAggregate:
err = p.processOrgIAMPolicy(event)
@@ -41,7 +73,7 @@ func (p *OrgIAMPolicy) Reduce(event *models.Event) (err error) {
return err
}
func (p *OrgIAMPolicy) processOrgIAMPolicy(event *models.Event) (err error) {
func (p *OrgIAMPolicy) processOrgIAMPolicy(event *es_models.Event) (err error) {
policy := new(iam_model.OrgIAMPolicyView)
switch event.Type {
case iam_es_model.OrgIAMPolicyAdded, model.OrgIAMPolicyAdded:
@@ -53,17 +85,17 @@ func (p *OrgIAMPolicy) processOrgIAMPolicy(event *models.Event) (err error) {
}
err = policy.AppendEvent(event)
case model.OrgIAMPolicyRemoved:
return p.view.DeleteOrgIAMPolicy(event.AggregateID, event.Sequence, event.CreationDate)
return p.view.DeleteOrgIAMPolicy(event.AggregateID, event)
default:
return p.view.ProcessedOrgIAMPolicySequence(event.Sequence, event.CreationDate)
return p.view.ProcessedOrgIAMPolicySequence(event)
}
if err != nil {
return err
}
return p.view.PutOrgIAMPolicy(policy, policy.Sequence, event.CreationDate)
return p.view.PutOrgIAMPolicy(policy, event)
}
func (p *OrgIAMPolicy) OnError(event *models.Event, err error) error {
func (p *OrgIAMPolicy) OnError(event *es_models.Event, err error) error {
logging.LogWithFields("SPOOL-Wm8fs", "id", event.AggregateID).WithError(err).Warn("something went wrong in orgIAM policy handler")
return spooler.HandleError(event, err, p.view.GetLatestOrgIAMPolicyFailedEvent, p.view.ProcessedOrgIAMPolicyFailedEvent, p.view.ProcessedOrgIAMPolicySequence, p.errorCountUntilSkip)
}

52
internal/admin/repository/eventsourcing/handler/password_age_policy.go
View File

@@ -2,34 +2,68 @@ package handler
import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
type PasswordAgePolicy struct {
handler
}
const (
passwordAgePolicyTable = "adminapi.password_age_policies"
)
type PasswordAgePolicy struct {
handler
subscription *eventstore.Subscription
}
func newPasswordAgePolicy(handler handler) *PasswordAgePolicy {
h := &PasswordAgePolicy{
handler: handler,
}
h.subscribe()
return h
}
func (p *PasswordAgePolicy) subscribe() {
p.subscription = p.es.Subscribe(p.AggregateTypes()...)
go func() {
for event := range p.subscription.Events {
query.ReduceEvent(p, event)
}
}()
}
func (p *PasswordAgePolicy) ViewModel() string {
return passwordAgePolicyTable
}
func (p *PasswordAgePolicy) AggregateTypes() []models.AggregateType {
return []models.AggregateType{model.OrgAggregate, iam_es_model.IAMAggregate}
}
func (p *PasswordAgePolicy) CurrentSequence(event *models.Event) (uint64, error) {
sequence, err := p.view.GetLatestPasswordAgePolicySequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (p *PasswordAgePolicy) EventQuery() (*models.SearchQuery, error) {
sequence, err := p.view.GetLatestPasswordAgePolicySequence()
sequence, err := p.view.GetLatestPasswordAgePolicySequence("")
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(model.OrgAggregate, iam_es_model.IAMAggregate).
AggregateTypeFilter(p.AggregateTypes()...).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
@@ -53,14 +87,14 @@ func (p *PasswordAgePolicy) processPasswordAgePolicy(event *models.Event) (err e
}
err = policy.AppendEvent(event)
case model.PasswordAgePolicyRemoved:
return p.view.DeletePasswordAgePolicy(event.AggregateID, event.Sequence, event.CreationDate)
return p.view.DeletePasswordAgePolicy(event.AggregateID, event)
default:
return p.view.ProcessedPasswordAgePolicySequence(event.Sequence, event.CreationDate)
return p.view.ProcessedPasswordAgePolicySequence(event)
}
if err != nil {
return err
}
return p.view.PutPasswordAgePolicy(policy, policy.Sequence, event.CreationDate)
return p.view.PutPasswordAgePolicy(policy, event)
}
func (p *PasswordAgePolicy) OnError(event *models.Event, err error) error {

52
internal/admin/repository/eventsourcing/handler/password_complexity_policy.go
View File

@@ -2,34 +2,68 @@ package handler
import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
type PasswordComplexityPolicy struct {
handler
}
const (
passwordComplexityPolicyTable = "adminapi.password_complexity_policies"
)
type PasswordComplexityPolicy struct {
handler
subscription *eventstore.Subscription
}
func newPasswordComplexityPolicy(handler handler) *PasswordComplexityPolicy {
h := &PasswordComplexityPolicy{
handler: handler,
}
h.subscribe()
return h
}
func (p *PasswordComplexityPolicy) subscribe() {
p.subscription = p.es.Subscribe(p.AggregateTypes()...)
go func() {
for event := range p.subscription.Events {
query.ReduceEvent(p, event)
}
}()
}
func (p *PasswordComplexityPolicy) ViewModel() string {
return passwordComplexityPolicyTable
}
func (p *PasswordComplexityPolicy) AggregateTypes() []models.AggregateType {
return []models.AggregateType{model.OrgAggregate, iam_es_model.IAMAggregate}
}
func (p *PasswordComplexityPolicy) CurrentSequence(event *models.Event) (uint64, error) {
sequence, err := p.view.GetLatestPasswordComplexityPolicySequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (p *PasswordComplexityPolicy) EventQuery() (*models.SearchQuery, error) {
sequence, err := p.view.GetLatestPasswordComplexityPolicySequence()
sequence, err := p.view.GetLatestPasswordComplexityPolicySequence("")
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(model.OrgAggregate, iam_es_model.IAMAggregate).
AggregateTypeFilter(p.AggregateTypes()...).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
@@ -53,14 +87,14 @@ func (p *PasswordComplexityPolicy) processPasswordComplexityPolicy(event *models
}
err = policy.AppendEvent(event)
case model.PasswordComplexityPolicyRemoved:
return p.view.DeletePasswordComplexityPolicy(event.AggregateID, event.Sequence, event.CreationDate)
return p.view.DeletePasswordComplexityPolicy(event.AggregateID, event)
default:
return p.view.ProcessedPasswordComplexityPolicySequence(event.Sequence, event.CreationDate)
return p.view.ProcessedPasswordComplexityPolicySequence(event)
}
if err != nil {
return err
}
return p.view.PutPasswordComplexityPolicy(policy, policy.Sequence, event.CreationDate)
return p.view.PutPasswordComplexityPolicy(policy, event)
}
func (p *PasswordComplexityPolicy) OnError(event *models.Event, err error) error {

52
internal/admin/repository/eventsourcing/handler/password_lockout_policy.go
View File

@@ -2,34 +2,68 @@ package handler
import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
type PasswordLockoutPolicy struct {
handler
}
const (
passwordLockoutPolicyTable = "adminapi.password_lockout_policies"
)
type PasswordLockoutPolicy struct {
handler
subscription *eventstore.Subscription
}
func newPasswordLockoutPolicy(handler handler) *PasswordLockoutPolicy {
h := &PasswordLockoutPolicy{
handler: handler,
}
h.subscribe()
return h
}
func (p *PasswordLockoutPolicy) subscribe() {
p.subscription = p.es.Subscribe(p.AggregateTypes()...)
go func() {
for event := range p.subscription.Events {
query.ReduceEvent(p, event)
}
}()
}
func (p *PasswordLockoutPolicy) ViewModel() string {
return passwordLockoutPolicyTable
}
func (p *PasswordLockoutPolicy) AggregateTypes() []models.AggregateType {
return []models.AggregateType{model.OrgAggregate, iam_es_model.IAMAggregate}
}
func (p *PasswordLockoutPolicy) CurrentSequence(event *models.Event) (uint64, error) {
sequence, err := p.view.GetLatestPasswordLockoutPolicySequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (p *PasswordLockoutPolicy) EventQuery() (*models.SearchQuery, error) {
sequence, err := p.view.GetLatestPasswordLockoutPolicySequence()
sequence, err := p.view.GetLatestPasswordLockoutPolicySequence("")
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(model.OrgAggregate, iam_es_model.IAMAggregate).
AggregateTypeFilter(p.AggregateTypes()...).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
@@ -53,14 +87,14 @@ func (p *PasswordLockoutPolicy) processPasswordLockoutPolicy(event *models.Event
}
err = policy.AppendEvent(event)
case model.PasswordLockoutPolicyRemoved:
return p.view.DeletePasswordLockoutPolicy(event.AggregateID, event.Sequence, event.CreationDate)
return p.view.DeletePasswordLockoutPolicy(event.AggregateID, event)
default:
return p.view.ProcessedPasswordLockoutPolicySequence(event.Sequence, event.CreationDate)
return p.view.ProcessedPasswordLockoutPolicySequence(event)
}
if err != nil {
return err
}
return p.view.PutPasswordLockoutPolicy(policy, policy.Sequence, event.CreationDate)
return p.view.PutPasswordLockoutPolicy(policy, event)
}
func (p *PasswordLockoutPolicy) OnError(event *models.Event, err error) error {

64
internal/admin/repository/eventsourcing/handler/user.go
View File

@@ -2,6 +2,7 @@ package handler
import (
"context"
"github.com/caos/zitadel/internal/config/systemdefaults"
iam_es "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
@@ -10,6 +11,7 @@ import (
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
org_model "github.com/caos/zitadel/internal/org/model"
org_events "github.com/caos/zitadel/internal/org/repository/eventsourcing"
@@ -18,29 +20,69 @@ import (
view_model "github.com/caos/zitadel/internal/user/repository/view/model"
)
const (
userTable = "adminapi.users"
)
type User struct {
handler
eventstore eventstore.Eventstore
orgEvents *org_events.OrgEventstore
iamEvents *iam_es.IAMEventstore
systemDefaults systemdefaults.SystemDefaults
subscription *eventstore.Subscription
}
const (
userTable = "adminapi.users"
)
func newUser(
handler handler,
orgEvents *org_events.OrgEventstore,
iamEvents *iam_es.IAMEventstore,
systemDefaults systemdefaults.SystemDefaults,
) *User {
h := &User{
handler: handler,
orgEvents: orgEvents,
iamEvents: iamEvents,
systemDefaults: systemDefaults,
}
h.subscribe()
return h
}
func (u *User) subscribe() {
u.subscription = u.es.Subscribe(u.AggregateTypes()...)
go func() {
for event := range u.subscription.Events {
query.ReduceEvent(u, event)
}
}()
}
func (u *User) ViewModel() string {
return userTable
}
func (u *User) AggregateTypes() []models.AggregateType {
return []models.AggregateType{es_model.UserAggregate, org_es_model.OrgAggregate}
}
func (u *User) CurrentSequence(event *models.Event) (uint64, error) {
sequence, err := u.view.GetLatestUserSequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (u *User) EventQuery() (*models.SearchQuery, error) {
sequence, err := u.view.GetLatestUserSequence()
sequence, err := u.view.GetLatestUserSequence("")
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(es_model.UserAggregate, org_es_model.OrgAggregate).
AggregateTypeFilter(u.AggregateTypes()...).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
@@ -116,14 +158,14 @@ func (u *User) ProcessUser(event *models.Event) (err error) {
}
err = u.fillLoginNames(user)
case es_model.UserRemoved:
return u.view.DeleteUser(event.AggregateID, event.Sequence, event.CreationDate)
return u.view.DeleteUser(event.AggregateID, event)
default:
return u.view.ProcessedUserSequence(event.Sequence, event.CreationDate)
return u.view.ProcessedUserSequence(event)
}
if err != nil {
return err
}
return u.view.PutUser(user, user.Sequence, event.CreationDate)
return u.view.PutUser(user, event)
}
func (u *User) ProcessOrg(event *models.Event) (err error) {
@@ -137,7 +179,7 @@ func (u *User) ProcessOrg(event *models.Event) (err error) {
case org_es_model.OrgDomainPrimarySet:
return u.fillPreferredLoginNamesOnOrgUsers(event)
default:
return u.view.ProcessedUserSequence(event.Sequence, event.CreationDate)
return u.view.ProcessedUserSequence(event)
}
}
@@ -160,7 +202,7 @@ func (u *User) fillLoginNamesOnOrgUsers(event *models.Event) error {
for _, user := range users {
user.SetLoginNames(policy, org.Domains)
}
return u.view.PutUsers(users, event.Sequence, event.CreationDate)
return u.view.PutUsers(users, event)
}
func (u *User) fillPreferredLoginNamesOnOrgUsers(event *models.Event) error {
@@ -185,7 +227,7 @@ func (u *User) fillPreferredLoginNamesOnOrgUsers(event *models.Event) error {
for _, user := range users {
user.PreferredLoginName = user.GenerateLoginName(org.GetPrimaryDomain().Domain, policy.UserLoginMustBeDomain)
}
return u.view.PutUsers(users, event.Sequence, event.CreationDate)
return u.view.PutUsers(users, event)
}
func (u *User) fillLoginNames(user *view_model.UserView) (err error) {

66
internal/admin/repository/eventsourcing/handler/user_external_idps.go
View File

@@ -2,9 +2,11 @@ package handler
import (
"context"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/config/systemdefaults"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/iam/repository/eventsourcing"
iam_view_model "github.com/caos/zitadel/internal/iam/repository/view/model"
org_es "github.com/caos/zitadel/internal/org/repository/eventsourcing"
@@ -14,33 +16,74 @@ import (
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
iam_model "github.com/caos/zitadel/internal/iam/model"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
)
const (
externalIDPTable = "adminapi.user_external_idps"
)
type ExternalIDP struct {
handler
systemDefaults systemdefaults.SystemDefaults
iamEvents *eventsourcing.IAMEventstore
orgEvents *org_es.OrgEventstore
subscription *eventstore.Subscription
}
const (
externalIDPTable = "adminapi.user_external_idps"
)
func newExternalIDP(
handler handler,
systemDefaults systemdefaults.SystemDefaults,
iamEvents *eventsourcing.IAMEventstore,
orgEvents *org_es.OrgEventstore,
) *ExternalIDP {
h := &ExternalIDP{
handler: handler,
systemDefaults: systemDefaults,
iamEvents: iamEvents,
orgEvents: orgEvents,
}
h.subscribe()
return h
}
func (i *ExternalIDP) subscribe() {
i.subscription = i.es.Subscribe(i.AggregateTypes()...)
go func() {
for event := range i.subscription.Events {
query.ReduceEvent(i, event)
}
}()
}
func (i *ExternalIDP) ViewModel() string {
return externalIDPTable
}
func (i *ExternalIDP) AggregateTypes() []models.AggregateType {
return []models.AggregateType{model.UserAggregate, iam_es_model.IAMAggregate, org_es_model.OrgAggregate}
}
func (i *ExternalIDP) CurrentSequence(event *models.Event) (uint64, error) {
sequence, err := i.view.GetLatestExternalIDPSequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (i *ExternalIDP) EventQuery() (*models.SearchQuery, error) {
sequence, err := i.view.GetLatestExternalIDPSequence()
sequence, err := i.view.GetLatestExternalIDPSequence("")
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(model.UserAggregate, iam_es_model.IAMAggregate, org_es_model.OrgAggregate).
AggregateTypeFilter(i.AggregateTypes()...).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
@@ -68,16 +111,16 @@ func (i *ExternalIDP) processUser(event *models.Event) (err error) {
if err != nil {
return err
}
return i.view.DeleteExternalIDP(externalIDP.ExternalUserID, externalIDP.IDPConfigID, event.Sequence, event.CreationDate)
return i.view.DeleteExternalIDP(externalIDP.ExternalUserID, externalIDP.IDPConfigID, event)
case model.UserRemoved:
return i.view.DeleteExternalIDPsByUserID(event.AggregateID, event.Sequence, event.CreationDate)
return i.view.DeleteExternalIDPsByUserID(event.AggregateID, event)
default:
return i.view.ProcessedExternalIDPSequence(event.Sequence, event.CreationDate)
return i.view.ProcessedExternalIDPSequence(event)
}
if err != nil {
return err
}
return i.view.PutExternalIDP(externalIDP, externalIDP.Sequence, event.CreationDate)
return i.view.PutExternalIDP(externalIDP, event)
}
func (i *ExternalIDP) processIdpConfig(event *models.Event) (err error) {
@@ -105,11 +148,10 @@ func (i *ExternalIDP) processIdpConfig(event *models.Event) (err error) {
for _, provider := range exterinalIDPs {
i.fillConfigData(provider, config)
}
return i.view.PutExternalIDPs(event.Sequence, event.CreationDate, exterinalIDPs...)
return i.view.PutExternalIDPs(event, exterinalIDPs...)
default:
return i.view.ProcessedExternalIDPSequence(event.Sequence, event.CreationDate)
return i.view.ProcessedExternalIDPSequence(event)
}
return nil
}
func (i *ExternalIDP) fillData(externalIDP *usr_view_model.ExternalIDPView) error {

14
internal/admin/repository/eventsourcing/spooler/lock.go
View File

@@ -2,28 +2,18 @@ package spooler
import (
"database/sql"
"time"
es_locker "github.com/caos/zitadel/internal/eventstore/locker"
"time"
)
const (
lockTable = "adminapi.locks"
lockedUntilKey = "locked_until"
lockerIDKey = "locker_id"
objectTypeKey = "object_type"
lockTable = "adminapi.locks"
)
type locker struct {
dbClient *sql.DB
}
type lock struct {
LockerID string `gorm:"column:locker_id;primary_key"`
LockedUntil time.Time `gorm:"column:locked_until"`
ViewName string `gorm:"column:object_type;primary_key"`
}
func (l *locker) Renew(lockerID, viewModel string, waitTime time.Duration) error {
return es_locker.Renew(l.dbClient, lockTable, lockerID, viewModel, waitTime)
}

26
internal/admin/repository/eventsourcing/view/external_idps.go
View File

@@ -2,11 +2,11 @@ package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
usr_model "github.com/caos/zitadel/internal/user/model"
"github.com/caos/zitadel/internal/user/repository/view"
"github.com/caos/zitadel/internal/user/repository/view/model"
global_view "github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -33,44 +33,44 @@ func (v *View) SearchExternalIDPs(request *usr_model.ExternalIDPSearchRequest) (
return view.SearchExternalIDPs(v.Db, externalIDPTable, request)
}
func (v *View) PutExternalIDP(externalIDP *model.ExternalIDPView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) PutExternalIDP(externalIDP *model.ExternalIDPView, event *models.Event) error {
err := view.PutExternalIDP(v.Db, externalIDPTable, externalIDP)
if err != nil {
return err
}
return v.ProcessedExternalIDPSequence(sequence, eventTimestamp)
return v.ProcessedExternalIDPSequence(event)
}
func (v *View) PutExternalIDPs(sequence uint64, eventTimestamp time.Time, externalIDPs ...*model.ExternalIDPView) error {
func (v *View) PutExternalIDPs(event *models.Event, externalIDPs ...*model.ExternalIDPView) error {
err := view.PutExternalIDPs(v.Db, externalIDPTable, externalIDPs...)
if err != nil {
return err
}
return v.ProcessedExternalIDPSequence(sequence, eventTimestamp)
return v.ProcessedExternalIDPSequence(event)
}
func (v *View) DeleteExternalIDP(externalUserID, idpConfigID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteExternalIDP(externalUserID, idpConfigID string, event *models.Event) error {
err := view.DeleteExternalIDP(v.Db, externalIDPTable, externalUserID, idpConfigID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedExternalIDPSequence(eventSequence, eventTimestamp)
return v.ProcessedExternalIDPSequence(event)
}
func (v *View) DeleteExternalIDPsByUserID(userID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteExternalIDPsByUserID(userID string, event *models.Event) error {
err := view.DeleteExternalIDPsByUserID(v.Db, externalIDPTable, userID)
if err != nil {
return err
}
return v.ProcessedExternalIDPSequence(eventSequence, eventTimestamp)
return v.ProcessedExternalIDPSequence(event)
}
func (v *View) GetLatestExternalIDPSequence() (*global_view.CurrentSequence, error) {
return v.latestSequence(externalIDPTable)
func (v *View) GetLatestExternalIDPSequence(aggregateType string) (*global_view.CurrentSequence, error) {
return v.latestSequence(externalIDPTable, aggregateType)
}
func (v *View) ProcessedExternalIDPSequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(externalIDPTable, eventSequence, eventTimestamp)
func (v *View) ProcessedExternalIDPSequence(event *models.Event) error {
return v.saveCurrentSequence(externalIDPTable, event)
}
func (v *View) UpdateExternalIDPSpoolerRunTimestamp() error {

26
internal/admin/repository/eventsourcing/view/iam_member.go
View File

@@ -2,11 +2,11 @@ package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/iam/repository/view"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_view "github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -25,44 +25,44 @@ func (v *View) IAMMembersByUserID(userID string) ([]*model.IAMMemberView, error)
return view.IAMMembersByUserID(v.Db, iamMemberTable, userID)
}
func (v *View) PutIAMMember(org *model.IAMMemberView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) PutIAMMember(org *model.IAMMemberView, event *models.Event) error {
err := view.PutIAMMember(v.Db, iamMemberTable, org)
if err != nil {
return err
}
return v.ProcessedIAMMemberSequence(sequence, eventTimestamp)
return v.ProcessedIAMMemberSequence(event)
}
func (v *View) PutIAMMembers(members []*model.IAMMemberView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) PutIAMMembers(members []*model.IAMMemberView, event *models.Event) error {
err := view.PutIAMMembers(v.Db, iamMemberTable, members...)
if err != nil {
return err
}
return v.ProcessedIAMMemberSequence(sequence, eventTimestamp)
return v.ProcessedIAMMemberSequence(event)
}
func (v *View) DeleteIAMMember(iamID, userID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteIAMMember(iamID, userID string, event *models.Event) error {
err := view.DeleteIAMMember(v.Db, iamMemberTable, iamID, userID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedIAMMemberSequence(eventSequence, eventTimestamp)
return v.ProcessedIAMMemberSequence(event)
}
func (v *View) DeleteIAMMembersByUserID(userID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteIAMMembersByUserID(userID string, event *models.Event) error {
err := view.DeleteIAMMembersByUserID(v.Db, iamMemberTable, userID)
if err != nil {
return err
}
return v.ProcessedIAMMemberSequence(eventSequence, eventTimestamp)
return v.ProcessedIAMMemberSequence(event)
}
func (v *View) GetLatestIAMMemberSequence() (*global_view.CurrentSequence, error) {
return v.latestSequence(iamMemberTable)
func (v *View) GetLatestIAMMemberSequence(aggregateType string) (*global_view.CurrentSequence, error) {
return v.latestSequence(iamMemberTable, aggregateType)
}
func (v *View) ProcessedIAMMemberSequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(iamMemberTable, eventSequence, eventTimestamp)
func (v *View) ProcessedIAMMemberSequence(event *models.Event) error {
return v.saveCurrentSequence(iamMemberTable, event)
}
func (v *View) UpdateIAMMemberSpoolerRunTimestamp() error {

18
internal/admin/repository/eventsourcing/view/idp_configs.go
View File

@@ -2,11 +2,11 @@ package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/iam/repository/view"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_view "github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -21,28 +21,28 @@ func (v *View) SearchIDPConfigs(request *iam_model.IDPConfigSearchRequest) ([]*m
return view.SearchIDPs(v.Db, idpConfigTable, request)
}
func (v *View) PutIDPConfig(idp *model.IDPConfigView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) PutIDPConfig(idp *model.IDPConfigView, event *models.Event) error {
err := view.PutIDP(v.Db, idpConfigTable, idp)
if err != nil {
return err
}
return v.ProcessedIDPConfigSequence(sequence, eventTimestamp)
return v.ProcessedIDPConfigSequence(event)
}
func (v *View) DeleteIDPConfig(idpID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteIDPConfig(idpID string, event *models.Event) error {
err := view.DeleteIDP(v.Db, idpConfigTable, idpID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedIDPConfigSequence(eventSequence, eventTimestamp)
return v.ProcessedIDPConfigSequence(event)
}
func (v *View) GetLatestIDPConfigSequence() (*global_view.CurrentSequence, error) {
return v.latestSequence(idpConfigTable)
func (v *View) GetLatestIDPConfigSequence(aggregateType string) (*global_view.CurrentSequence, error) {
return v.latestSequence(idpConfigTable, aggregateType)
}
func (v *View) ProcessedIDPConfigSequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(idpConfigTable, eventSequence, eventTimestamp)
func (v *View) ProcessedIDPConfigSequence(event *models.Event) error {
return v.saveCurrentSequence(idpConfigTable, event)
}
func (v *View) UpdateIDPConfigSpoolerRunTimestamp() error {

22
internal/admin/repository/eventsourcing/view/idp_providers.go
View File

@@ -2,11 +2,11 @@ package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/iam/repository/view"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_view "github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -25,36 +25,36 @@ func (v *View) SearchIDPProviders(request *iam_model.IDPProviderSearchRequest) (
return view.SearchIDPProviders(v.Db, idpProviderTable, request)
}
func (v *View) PutIDPProvider(provider *model.IDPProviderView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) PutIDPProvider(provider *model.IDPProviderView, event *models.Event) error {
err := view.PutIDPProvider(v.Db, idpProviderTable, provider)
if err != nil {
return err
}
return v.ProcessedIDPProviderSequence(sequence, eventTimestamp)
return v.ProcessedIDPProviderSequence(event)
}
func (v *View) PutIDPProviders(sequence uint64, eventTimestamp time.Time, providers ...*model.IDPProviderView) error {
func (v *View) PutIDPProviders(event *models.Event, providers ...*model.IDPProviderView) error {
err := view.PutIDPProviders(v.Db, idpProviderTable, providers...)
if err != nil {
return err
}
return v.ProcessedIDPProviderSequence(sequence, eventTimestamp)
return v.ProcessedIDPProviderSequence(event)
}
func (v *View) DeleteIDPProvider(aggregateID, idpConfigID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteIDPProvider(aggregateID, idpConfigID string, event *models.Event) error {
err := view.DeleteIDPProvider(v.Db, idpProviderTable, aggregateID, idpConfigID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedIDPProviderSequence(eventSequence, eventTimestamp)
return v.ProcessedIDPProviderSequence(event)
}
func (v *View) GetLatestIDPProviderSequence() (*global_view.CurrentSequence, error) {
return v.latestSequence(idpProviderTable)
func (v *View) GetLatestIDPProviderSequence(aggregateType string) (*global_view.CurrentSequence, error) {
return v.latestSequence(idpProviderTable, aggregateType)
}
func (v *View) ProcessedIDPProviderSequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(idpProviderTable, eventSequence, eventTimestamp)
func (v *View) ProcessedIDPProviderSequence(event *models.Event) error {
return v.saveCurrentSequence(idpProviderTable, event)
}
func (v *View) UpdateIDPProviderSpoolerRunTimestamp() error {

14
internal/admin/repository/eventsourcing/view/label_policies.go
View File

@@ -1,10 +1,10 @@
package view
import (
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/repository/view"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_view "github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -15,20 +15,20 @@ func (v *View) LabelPolicyByAggregateID(aggregateID string) (*model.LabelPolicyV
return view.GetLabelPolicyByAggregateID(v.Db, labelPolicyTable, aggregateID)
}
func (v *View) PutLabelPolicy(policy *model.LabelPolicyView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) PutLabelPolicy(policy *model.LabelPolicyView, event *models.Event) error {
err := view.PutLabelPolicy(v.Db, labelPolicyTable, policy)
if err != nil {
return err
}
return v.ProcessedLabelPolicySequence(sequence, eventTimestamp)
return v.ProcessedLabelPolicySequence(event)
}
func (v *View) GetLatestLabelPolicySequence() (*global_view.CurrentSequence, error) {
return v.latestSequence(labelPolicyTable)
func (v *View) GetLatestLabelPolicySequence(aggregateType string) (*global_view.CurrentSequence, error) {
return v.latestSequence(labelPolicyTable, aggregateType)
}
func (v *View) ProcessedLabelPolicySequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(labelPolicyTable, eventSequence, eventTimestamp)
func (v *View) ProcessedLabelPolicySequence(event *models.Event) error {
return v.saveCurrentSequence(labelPolicyTable, event)
}
func (v *View) UpdateLabelPolicySpoolerRunTimestamp() error {

18
internal/admin/repository/eventsourcing/view/login_policies.go
View File

@@ -2,10 +2,10 @@ package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/repository/view"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_view "github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -16,28 +16,28 @@ func (v *View) LoginPolicyByAggregateID(aggregateID string) (*model.LoginPolicyV
return view.GetLoginPolicyByAggregateID(v.Db, loginPolicyTable, aggregateID)
}
func (v *View) PutLoginPolicy(policy *model.LoginPolicyView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) PutLoginPolicy(policy *model.LoginPolicyView, event *models.Event) error {
err := view.PutLoginPolicy(v.Db, loginPolicyTable, policy)
if err != nil {
return err
}
return v.ProcessedLoginPolicySequence(sequence, eventTimestamp)
return v.ProcessedLoginPolicySequence(event)
}
func (v *View) DeleteLoginPolicy(aggregateID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteLoginPolicy(aggregateID string, event *models.Event) error {
err := view.DeleteLoginPolicy(v.Db, loginPolicyTable, aggregateID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedLoginPolicySequence(eventSequence, eventTimestamp)
return v.ProcessedLoginPolicySequence(event)
}
func (v *View) GetLatestLoginPolicySequence() (*global_view.CurrentSequence, error) {
return v.latestSequence(loginPolicyTable)
func (v *View) GetLatestLoginPolicySequence(aggregateType string) (*global_view.CurrentSequence, error) {
return v.latestSequence(loginPolicyTable, aggregateType)
}
func (v *View) ProcessedLoginPolicySequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(loginPolicyTable, eventSequence, eventTimestamp)
func (v *View) ProcessedLoginPolicySequence(event *models.Event) error {
return v.saveCurrentSequence(loginPolicyTable, event)
}
func (v *View) UpdateLoginPolicySpoolerRunTimestamp() error {

14
internal/admin/repository/eventsourcing/view/org.go
View File

@@ -1,11 +1,11 @@
package view
import (
"github.com/caos/zitadel/internal/eventstore/models"
org_model "github.com/caos/zitadel/internal/org/model"
org_view "github.com/caos/zitadel/internal/org/repository/view"
"github.com/caos/zitadel/internal/org/repository/view/model"
"github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -20,12 +20,12 @@ func (v *View) SearchOrgs(query *org_model.OrgSearchRequest) ([]*model.OrgView,
return org_view.SearchOrgs(v.Db, orgTable, query)
}
func (v *View) PutOrg(org *model.OrgView, eventTimestamp time.Time) error {
func (v *View) PutOrg(org *model.OrgView, event *models.Event) error {
err := org_view.PutOrg(v.Db, orgTable, org)
if err != nil {
return err
}
return v.ProcessedOrgSequence(org.Sequence, eventTimestamp)
return v.ProcessedOrgSequence(event)
}
func (v *View) GetLatestOrgFailedEvent(sequence uint64) (*repository.FailedEvent, error) {
@@ -40,10 +40,10 @@ func (v *View) UpdateOrgSpoolerRunTimestamp() error {
return v.updateSpoolerRunSequence(orgTable)
}
func (v *View) GetLatestOrgSequence() (*repository.CurrentSequence, error) {
return v.latestSequence(orgTable)
func (v *View) GetLatestOrgSequence(aggregateType string) (*repository.CurrentSequence, error) {
return v.latestSequence(orgTable, aggregateType)
}
func (v *View) ProcessedOrgSequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(orgTable, eventSequence, eventTimestamp)
func (v *View) ProcessedOrgSequence(event *models.Event) error {
return v.saveCurrentSequence(orgTable, event)
}

18
internal/admin/repository/eventsourcing/view/org_iam_policy.go
View File

@@ -2,10 +2,10 @@ package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/repository/view"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_view "github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -16,28 +16,28 @@ func (v *View) OrgIAMPolicyByAggregateID(aggregateID string) (*model.OrgIAMPolic
return view.GetOrgIAMPolicyByAggregateID(v.Db, orgIAMPolicyTable, aggregateID)
}
func (v *View) PutOrgIAMPolicy(policy *model.OrgIAMPolicyView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) PutOrgIAMPolicy(policy *model.OrgIAMPolicyView, event *models.Event) error {
err := view.PutOrgIAMPolicy(v.Db, orgIAMPolicyTable, policy)
if err != nil {
return err
}
return v.ProcessedOrgIAMPolicySequence(sequence, eventTimestamp)
return v.ProcessedOrgIAMPolicySequence(event)
}
func (v *View) DeleteOrgIAMPolicy(aggregateID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteOrgIAMPolicy(aggregateID string, event *models.Event) error {
err := view.DeleteOrgIAMPolicy(v.Db, orgIAMPolicyTable, aggregateID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedOrgIAMPolicySequence(eventSequence, eventTimestamp)
return v.ProcessedOrgIAMPolicySequence(event)
}
func (v *View) GetLatestOrgIAMPolicySequence() (*global_view.CurrentSequence, error) {
return v.latestSequence(orgIAMPolicyTable)
func (v *View) GetLatestOrgIAMPolicySequence(aggregateType string) (*global_view.CurrentSequence, error) {
return v.latestSequence(orgIAMPolicyTable, aggregateType)
}
func (v *View) ProcessedOrgIAMPolicySequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(orgIAMPolicyTable, eventSequence, eventTimestamp)
func (v *View) ProcessedOrgIAMPolicySequence(event *models.Event) error {
return v.saveCurrentSequence(orgIAMPolicyTable, event)
}
func (v *View) UpdateOrgIAMPolicySpoolerRunTimestamp() error {

18
internal/admin/repository/eventsourcing/view/password_age_policy.go
View File

@@ -2,10 +2,10 @@ package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/repository/view"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_view "github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -16,28 +16,28 @@ func (v *View) PasswordAgePolicyByAggregateID(aggregateID string) (*model.Passwo
return view.GetPasswordAgePolicyByAggregateID(v.Db, passwordAgePolicyTable, aggregateID)
}
func (v *View) PutPasswordAgePolicy(policy *model.PasswordAgePolicyView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) PutPasswordAgePolicy(policy *model.PasswordAgePolicyView, event *models.Event) error {
err := view.PutPasswordAgePolicy(v.Db, passwordAgePolicyTable, policy)
if err != nil {
return err
}
return v.ProcessedPasswordAgePolicySequence(sequence, eventTimestamp)
return v.ProcessedPasswordAgePolicySequence(event)
}
func (v *View) DeletePasswordAgePolicy(aggregateID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeletePasswordAgePolicy(aggregateID string, event *models.Event) error {
err := view.DeletePasswordAgePolicy(v.Db, passwordAgePolicyTable, aggregateID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedPasswordAgePolicySequence(eventSequence, eventTimestamp)
return v.ProcessedPasswordAgePolicySequence(event)
}
func (v *View) GetLatestPasswordAgePolicySequence() (*global_view.CurrentSequence, error) {
return v.latestSequence(passwordAgePolicyTable)
func (v *View) GetLatestPasswordAgePolicySequence(aggregateType string) (*global_view.CurrentSequence, error) {
return v.latestSequence(passwordAgePolicyTable, aggregateType)
}
func (v *View) ProcessedPasswordAgePolicySequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(passwordAgePolicyTable, eventSequence, eventTimestamp)
func (v *View) ProcessedPasswordAgePolicySequence(event *models.Event) error {
return v.saveCurrentSequence(passwordAgePolicyTable, event)
}
func (v *View) UpdateProcessedPasswordAgePolicySpoolerRunTimestamp() error {

18
internal/admin/repository/eventsourcing/view/password_complexity_policy.go
View File

@@ -2,10 +2,10 @@ package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/repository/view"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_view "github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -16,28 +16,28 @@ func (v *View) PasswordComplexityPolicyByAggregateID(aggregateID string) (*model
return view.GetPasswordComplexityPolicyByAggregateID(v.Db, passwordComplexityPolicyTable, aggregateID)
}
func (v *View) PutPasswordComplexityPolicy(policy *model.PasswordComplexityPolicyView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) PutPasswordComplexityPolicy(policy *model.PasswordComplexityPolicyView, event *models.Event) error {
err := view.PutPasswordComplexityPolicy(v.Db, passwordComplexityPolicyTable, policy)
if err != nil {
return err
}
return v.ProcessedPasswordComplexityPolicySequence(sequence, eventTimestamp)
return v.ProcessedPasswordComplexityPolicySequence(event)
}
func (v *View) DeletePasswordComplexityPolicy(aggregateID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeletePasswordComplexityPolicy(aggregateID string, event *models.Event) error {
err := view.DeletePasswordComplexityPolicy(v.Db, passwordComplexityPolicyTable, aggregateID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedPasswordComplexityPolicySequence(eventSequence, eventTimestamp)
return v.ProcessedPasswordComplexityPolicySequence(event)
}
func (v *View) GetLatestPasswordComplexityPolicySequence() (*global_view.CurrentSequence, error) {
return v.latestSequence(passwordComplexityPolicyTable)
func (v *View) GetLatestPasswordComplexityPolicySequence(aggregateType string) (*global_view.CurrentSequence, error) {
return v.latestSequence(passwordComplexityPolicyTable, aggregateType)
}
func (v *View) ProcessedPasswordComplexityPolicySequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(passwordComplexityPolicyTable, eventSequence, eventTimestamp)
func (v *View) ProcessedPasswordComplexityPolicySequence(event *models.Event) error {
return v.saveCurrentSequence(passwordComplexityPolicyTable, event)
}
func (v *View) UpdatePasswordComplexityPolicySpoolerRunTimestamp() error {

18
internal/admin/repository/eventsourcing/view/password_lockout_policy.go
View File

@@ -2,10 +2,10 @@ package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/repository/view"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_view "github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -16,28 +16,28 @@ func (v *View) PasswordLockoutPolicyByAggregateID(aggregateID string) (*model.Pa
return view.GetPasswordLockoutPolicyByAggregateID(v.Db, passwordLockoutPolicyTable, aggregateID)
}
func (v *View) PutPasswordLockoutPolicy(policy *model.PasswordLockoutPolicyView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) PutPasswordLockoutPolicy(policy *model.PasswordLockoutPolicyView, event *models.Event) error {
err := view.PutPasswordLockoutPolicy(v.Db, passwordLockoutPolicyTable, policy)
if err != nil {
return err
}
return v.ProcessedPasswordLockoutPolicySequence(sequence, eventTimestamp)
return v.ProcessedPasswordLockoutPolicySequence(event)
}
func (v *View) DeletePasswordLockoutPolicy(aggregateID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeletePasswordLockoutPolicy(aggregateID string, event *models.Event) error {
err := view.DeletePasswordLockoutPolicy(v.Db, passwordLockoutPolicyTable, aggregateID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedPasswordLockoutPolicySequence(eventSequence, eventTimestamp)
return v.ProcessedPasswordLockoutPolicySequence(event)
}
func (v *View) GetLatestPasswordLockoutPolicySequence() (*global_view.CurrentSequence, error) {
return v.latestSequence(passwordLockoutPolicyTable)
func (v *View) GetLatestPasswordLockoutPolicySequence(aggregateType string) (*global_view.CurrentSequence, error) {
return v.latestSequence(passwordLockoutPolicyTable, aggregateType)
}
func (v *View) ProcessedPasswordLockoutPolicySequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(passwordLockoutPolicyTable, eventSequence, eventTimestamp)
func (v *View) ProcessedPasswordLockoutPolicySequence(event *models.Event) error {
return v.saveCurrentSequence(passwordLockoutPolicyTable, event)
}
func (v *View) UpdatePasswordLockoutPolicySpoolerRunTimestamp() error {

21
internal/admin/repository/eventsourcing/view/sequence.go
View File

@@ -1,20 +1,22 @@
package view
import (
"github.com/caos/zitadel/internal/view/repository"
"time"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/view/repository"
)
const (
sequencesTable = "adminapi.current_sequences"
)
func (v *View) saveCurrentSequence(viewName string, sequence uint64, eventTimeStamp time.Time) error {
return repository.SaveCurrentSequence(v.Db, sequencesTable, viewName, sequence, eventTimeStamp)
func (v *View) saveCurrentSequence(viewName string, event *models.Event) error {
return repository.SaveCurrentSequence(v.Db, sequencesTable, viewName, string(event.AggregateType), event.Sequence, event.CreationDate)
}
func (v *View) latestSequence(viewName string) (*repository.CurrentSequence, error) {
return repository.LatestSequence(v.Db, sequencesTable, viewName)
func (v *View) latestSequence(viewName, aggregateType string) (*repository.CurrentSequence, error) {
return repository.LatestSequence(v.Db, sequencesTable, viewName, aggregateType)
}
func (v *View) AllCurrentSequences(db string) ([]*repository.CurrentSequence, error) {
@@ -22,7 +24,7 @@ func (v *View) AllCurrentSequences(db string) ([]*repository.CurrentSequence, er
}
func (v *View) updateSpoolerRunSequence(viewName string) error {
currentSequence, err := repository.LatestSequence(v.Db, sequencesTable, viewName)
currentSequence, err := repository.LatestSequence(v.Db, sequencesTable, viewName, "")
if err != nil {
return err
}
@@ -30,13 +32,16 @@ func (v *View) updateSpoolerRunSequence(viewName string) error {
currentSequence.ViewName = viewName
}
currentSequence.LastSuccessfulSpoolerRun = time.Now()
//update all aggregate types
//TODO: not sure if all scenarios work as expected
currentSequence.AggregateType = ""
return repository.UpdateCurrentSequence(v.Db, sequencesTable, currentSequence)
}
func (v *View) GetCurrentSequence(db, viewName string) (*repository.CurrentSequence, error) {
func (v *View) GetCurrentSequence(db, viewName, aggregateType string) (*repository.CurrentSequence, error) {
sequenceTable := db + ".current_sequences"
fullView := db + "." + viewName
return repository.LatestSequence(v.Db, sequenceTable, fullView)
return repository.LatestSequence(v.Db, sequenceTable, fullView, aggregateType)
}
func (v *View) ClearView(db, viewName string) error {

30
internal/admin/repository/eventsourcing/view/user.go
View File

@@ -1,11 +1,12 @@
package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
usr_model "github.com/caos/zitadel/internal/user/model"
"github.com/caos/zitadel/internal/user/repository/view"
"github.com/caos/zitadel/internal/user/repository/view/model"
"github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -40,39 +41,36 @@ func (v *View) UserMFAs(userID string) ([]*usr_model.MultiFactor, error) {
return view.UserMFAs(v.Db, userTable, userID)
}
func (v *View) PutUsers(user []*model.UserView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) PutUsers(user []*model.UserView, event *models.Event) error {
err := view.PutUsers(v.Db, userTable, user...)
if err != nil {
return err
}
return v.ProcessedUserSequence(sequence, eventTimestamp)
return v.ProcessedUserSequence(event)
}
func (v *View) PutUser(user *model.UserView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) PutUser(user *model.UserView, event *models.Event) error {
err := view.PutUser(v.Db, userTable, user)
if err != nil {
return err
}
if sequence != 0 {
return v.ProcessedUserSequence(sequence, eventTimestamp)
}
return nil
return v.ProcessedUserSequence(event)
}
func (v *View) DeleteUser(userID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteUser(userID string, event *models.Event) error {
err := view.DeleteUser(v.Db, userTable, userID)
if err != nil {
return nil
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedUserSequence(eventSequence, eventTimestamp)
return v.ProcessedUserSequence(event)
}
func (v *View) GetLatestUserSequence() (*repository.CurrentSequence, error) {
return v.latestSequence(userTable)
func (v *View) GetLatestUserSequence(aggregateType string) (*repository.CurrentSequence, error) {
return v.latestSequence(userTable, aggregateType)
}
func (v *View) ProcessedUserSequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(userTable, eventSequence, eventTimestamp)
func (v *View) ProcessedUserSequence(event *models.Event) error {
return v.saveCurrentSequence(userTable, event)
}
func (v *View) UpdateUserSpoolerRunTimestamp() error {

20
internal/api/authz/authorization.go
View File

@@ -14,33 +14,39 @@ const (
authenticated = "authenticated"
)
func CheckUserAuthorization(ctx context.Context, req interface{}, token, orgID string, verifier *TokenVerifier, authConfig Config, requiredAuthOption Option, method string) (_ context.Context, err error) {
func CheckUserAuthorization(ctx context.Context, req interface{}, token, orgID string, verifier *TokenVerifier, authConfig Config, requiredAuthOption Option, method string) (ctxSetter func(context.Context) context.Context, err error) {
ctx, span := tracing.NewServerInterceptorSpan(ctx)
defer func() { span.EndWithError(err) }()
ctx, err = VerifyTokenAndWriteCtxData(ctx, token, orgID, verifier, method)
ctxData, err := VerifyTokenAndCreateCtxData(ctx, token, orgID, verifier, method)
if err != nil {
return nil, err
}
var perms []string
if requiredAuthOption.Permission == authenticated {
return ctx, nil
return func(parent context.Context) context.Context {
return context.WithValue(parent, dataKey, ctxData)
}, nil
}
ctx, perms, err = getUserMethodPermissions(ctx, verifier, requiredAuthOption.Permission, authConfig)
requestedPermissions, allPermissions, err := getUserMethodPermissions(ctx, verifier, requiredAuthOption.Permission, authConfig, ctxData)
if err != nil {
return nil, err
}
ctx, userPermissionSpan := tracing.NewNamedSpan(ctx, "checkUserPermissions")
err = checkUserPermissions(req, perms, requiredAuthOption)
err = checkUserPermissions(req, requestedPermissions, requiredAuthOption)
userPermissionSpan.EndWithError(err)
if err != nil {
return nil, err
}
return ctx, nil
return func(parent context.Context) context.Context {
parent = context.WithValue(parent, dataKey, ctxData)
parent = context.WithValue(parent, allPermissionsKey, allPermissions)
parent = context.WithValue(parent, requestPermissionsKey, requestedPermissions)
return parent
}, nil
}
func checkUserPermissions(req interface{}, userPerms []string, authOpt Option) error {

19
internal/api/authz/context.go
View File

@@ -36,29 +36,36 @@ type Grant struct {
Roles []string
}
func VerifyTokenAndWriteCtxData(ctx context.Context, token, orgID string, t *TokenVerifier, method string) (_ context.Context, err error) {
func VerifyTokenAndCreateCtxData(ctx context.Context, token, orgID string, t *TokenVerifier, method string) (_ CtxData, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
if orgID != "" {
err = t.ExistsOrg(ctx, orgID)
if err != nil {
return nil, errors.ThrowPermissionDenied(nil, "AUTH-Bs7Ds", "Organisation doesn't exist")
return CtxData{}, errors.ThrowPermissionDenied(nil, "AUTH-Bs7Ds", "Organisation doesn't exist")
}
}
userID, clientID, agentID, prefLang, err := verifyAccessToken(ctx, token, t, method)
if err != nil {
return nil, err
return CtxData{}, err
}
projectID, origins, err := t.ProjectIDAndOriginsByClientID(ctx, clientID)
if err != nil {
return nil, errors.ThrowPermissionDenied(err, "AUTH-GHpw2", "could not read projectid by clientid")
return CtxData{}, errors.ThrowPermissionDenied(err, "AUTH-GHpw2", "could not read projectid by clientid")
}
if err := checkOrigin(ctx, origins); err != nil {
return nil, err
return CtxData{}, err
}
return context.WithValue(ctx, dataKey, CtxData{UserID: userID, OrgID: orgID, ProjectID: projectID, AgentID: agentID, PreferredLanguage: prefLang}), nil
return CtxData{
UserID: userID,
OrgID: orgID,
ProjectID: projectID,
AgentID: agentID,
PreferredLanguage: prefLang,
}, nil
}
func SetCtxData(ctx context.Context, ctxData CtxData) context.Context {

18
internal/api/authz/permissions.go
View File

@@ -7,29 +7,29 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing"
)
func getUserMethodPermissions(ctx context.Context, t *TokenVerifier, requiredPerm string, authConfig Config) (_ context.Context, _ []string, err error) {
func getUserMethodPermissions(ctx context.Context, t *TokenVerifier, requiredPerm string, authConfig Config, ctxData CtxData) (requestedPermissions, allPermissions []string, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
ctxData := GetCtxData(ctx)
if ctxData.IsZero() {
return nil, nil, errors.ThrowUnauthenticated(nil, "AUTH-rKLWEH", "context missing")
}
ctx = context.WithValue(ctx, dataKey, ctxData)
grant, err := t.ResolveGrant(ctx)
if err != nil {
return nil, nil, err
}
if grant == nil {
return context.WithValue(ctx, requestPermissionsKey, []string{}), []string{}, nil
return requestedPermissions, nil, nil
}
requestPermissions, allPermissions := mapGrantToPermissions(requiredPerm, grant, authConfig)
ctx = context.WithValue(ctx, allPermissionsKey, allPermissions)
return context.WithValue(ctx, requestPermissionsKey, requestPermissions), requestPermissions, nil
requestedPermissions, allPermissions = mapGrantToPermissions(requiredPerm, grant, authConfig)
return requestedPermissions, allPermissions, nil
}
func mapGrantToPermissions(requiredPerm string, grant *Grant, authConfig Config) ([]string, []string) {
requestPermissions := make([]string, 0)
allPermissions := make([]string, 0)
func mapGrantToPermissions(requiredPerm string, grant *Grant, authConfig Config) (requestPermissions, allPermissions []string) {
requestPermissions = make([]string, 0)
allPermissions = make([]string, 0)
for _, role := range grant.Roles {
requestPermissions, allPermissions = mapRoleToPerm(requiredPerm, role, authConfig, requestPermissions, allPermissions)
}

12
internal/api/authz/permissions_test.go
View File

@@ -49,7 +49,7 @@ func equalStringArray(a, b []string) bool {
func Test_GetUserMethodPermissions(t *testing.T) {
type args struct {
ctx context.Context
ctxData CtxData
verifier *TokenVerifier
requiredPerm string
authConfig Config
@@ -64,7 +64,7 @@ func Test_GetUserMethodPermissions(t *testing.T) {
{
name: "Empty Context",
args: args{
ctx: getTestCtx("", ""),
ctxData: CtxData{},
verifier: Start(&testVerifier{grant: &Grant{
Roles: []string{"ORG_OWNER"},
}}),
@@ -89,7 +89,7 @@ func Test_GetUserMethodPermissions(t *testing.T) {
{
name: "No Grants",
args: args{
ctx: getTestCtx("", ""),
ctxData: CtxData{},
verifier: Start(&testVerifier{grant: &Grant{}}),
requiredPerm: "project.read",
authConfig: Config{
@@ -110,9 +110,9 @@ func Test_GetUserMethodPermissions(t *testing.T) {
{
name: "Get Permissions",
args: args{
ctx: getTestCtx("userID", "orgID"),
ctxData: CtxData{UserID: "userID", OrgID: "orgID"},
verifier: Start(&testVerifier{grant: &Grant{
Roles: []string{"ORG_OWNER"},
Roles: []string{"IAM_OWNER"},
}}),
requiredPerm: "project.read",
authConfig: Config{
@@ -133,7 +133,7 @@ func Test_GetUserMethodPermissions(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
_, perms, err := getUserMethodPermissions(tt.args.ctx, tt.args.verifier, tt.args.requiredPerm, tt.args.authConfig)
_, perms, err := getUserMethodPermissions(context.Background(), tt.args.verifier, tt.args.requiredPerm, tt.args.authConfig, tt.args.ctxData)
if tt.wantErr && err == nil {
t.Errorf("got wrong result, should get err: actual: %v ", err)

4
internal/api/grpc/admin/administrator_converter.go
View File

@@ -28,8 +28,8 @@ func failedEventsFromModel(failedEvents []*view_model.FailedEvent) []*admin.Fail
func viewFromModel(view *view_model.View) *admin.View {
eventTimestamp, err := ptypes.TimestampProto(view.EventTimestamp)
logging.Log("GRPC-KSo03").OnError(err).Debug("unable to parse timestamp")
lastSpool, err := ptypes.TimestampProto(view.EventTimestamp)
logging.Log("GRPC-KSo03").OnError(err).Debug("unable to parse timestamp")
lastSpool, err := ptypes.TimestampProto(view.LastSuccessfulSpoolerRun)
logging.Log("GRPC-0oP87").OnError(err).Debug("unable to parse timestamp")
return &admin.View{
Database: view.Database,

15
internal/api/grpc/auth/user.go
View File

@@ -2,6 +2,7 @@ package auth
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/pkg/grpc/auth"
@@ -162,6 +163,9 @@ func (s *Server) RemoveMfaOTP(ctx context.Context, _ *empty.Empty) (_ *empty.Emp
func (s *Server) AddMyMfaU2F(ctx context.Context, _ *empty.Empty) (_ *auth.WebAuthNResponse, err error) {
u2f, err := s.repo.AddMyMFAU2F(ctx)
if err != nil {
return nil, err
}
return verifyWebAuthNFromModel(u2f), err
}
@@ -175,8 +179,19 @@ func (s *Server) RemoveMyMfaU2F(ctx context.Context, id *auth.WebAuthNTokenID) (
return &empty.Empty{}, err
}
func (s *Server) GetMyPasswordless(ctx context.Context, _ *empty.Empty) (_ *auth.WebAuthNTokens, err error) {
tokens, err := s.repo.GetMyPasswordless(ctx)
if err != nil {
return nil, err
}
return webAuthNTokensFromModel(tokens), err
}
func (s *Server) AddMyPasswordless(ctx context.Context, _ *empty.Empty) (_ *auth.WebAuthNResponse, err error) {
u2f, err := s.repo.AddMyPasswordless(ctx)
if err != nil {
return nil, err
}
return verifyWebAuthNFromModel(u2f), err
}

16
internal/api/grpc/auth/user_converter.go
View File

@@ -436,3 +436,19 @@ func verifyWebAuthNFromModel(u2f *usr_model.WebAuthNToken) *auth.WebAuthNRespons
State: mfaStateFromModel(u2f.State),
}
}
func webAuthNTokensFromModel(tokens []*usr_model.WebAuthNToken) *auth.WebAuthNTokens {
result := make([]*auth.WebAuthNToken, len(tokens))
for i, token := range tokens {
result[i] = webAuthNTokenFromModel(token)
}
return &auth.WebAuthNTokens{Tokens: result}
}
func webAuthNTokenFromModel(token *usr_model.WebAuthNToken) *auth.WebAuthNToken {
return &auth.WebAuthNToken{
Id: token.WebAuthNTokenID,
Name: token.WebAuthNTokenName,
State: mfaStateFromModel(token.State),
}
}

22
internal/api/grpc/management/user.go
View File

@@ -2,9 +2,11 @@ package management
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/golang/protobuf/ptypes/empty"
)
func (s *Server) GetUserByID(ctx context.Context, id *management.UserID) (*management.UserView, error) {
@@ -226,6 +228,24 @@ func (s *Server) RemoveMfaOTP(ctx context.Context, userID *management.UserID) (*
return &empty.Empty{}, err
}
func (s *Server) RemoveMfaU2F(ctx context.Context, webAuthNTokenID *management.WebAuthNTokenID) (*empty.Empty, error) {
err := s.user.RemoveU2F(ctx, webAuthNTokenID.UserId, webAuthNTokenID.Id)
return &empty.Empty{}, err
}
func (s *Server) GetPasswordless(ctx context.Context, userID *management.UserID) (_ *management.WebAuthNTokens, err error) {
tokens, err := s.user.GetPasswordless(ctx, userID.Id)
if err != nil {
return nil, err
}
return webAuthNTokensFromModel(tokens), err
}
func (s *Server) RemovePasswordless(ctx context.Context, id *management.WebAuthNTokenID) (*empty.Empty, error) {
err := s.user.RemovePasswordless(ctx, id.UserId, id.Id)
return &empty.Empty{}, err
}
func (s *Server) SearchUserMemberships(ctx context.Context, in *management.UserMembershipSearchRequest) (*management.UserMembershipSearchResponse, error) {
request := userMembershipSearchRequestsToModel(in)
request.AppendUserIDQuery(in.UserId)

20
internal/api/grpc/management/user_converter.go
View File

@@ -2,14 +2,15 @@ package management
import (
"encoding/json"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/model"
"github.com/golang/protobuf/ptypes"
"golang.org/x/text/language"
"google.golang.org/protobuf/encoding/protojson"
"google.golang.org/protobuf/types/known/structpb"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/model"
usr_model "github.com/caos/zitadel/internal/user/model"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/caos/zitadel/pkg/grpc/message"
@@ -504,6 +505,7 @@ func mfaFromModel(mfa *usr_model.MultiFactor) *management.UserMultiFactor {
State: mfaStateFromModel(mfa.State),
Type: mfaTypeFromModel(mfa.Type),
Attribute: mfa.Attribute,
Id: mfa.ID,
}
}
@@ -627,3 +629,19 @@ func userChangesToMgtAPI(changes *usr_model.UserChanges) (_ []*management.Change
return result
}
func webAuthNTokensFromModel(tokens []*usr_model.WebAuthNToken) *management.WebAuthNTokens {
result := make([]*management.WebAuthNToken, len(tokens))
for i, token := range tokens {
result[i] = webAuthNTokenFromModel(token)
}
return &management.WebAuthNTokens{Tokens: result}
}
func webAuthNTokenFromModel(token *usr_model.WebAuthNToken) *management.WebAuthNToken {
return &management.WebAuthNToken{
Id: token.WebAuthNTokenID,
Name: token.WebAuthNTokenName,
State: mfaStateFromModel(token.State),
}
}

10
internal/api/grpc/server/middleware/auth_interceptor.go
View File

@@ -25,20 +25,20 @@ func authorize(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo,
return handler(ctx, req)
}
ctx, span := tracing.NewServerInterceptorSpan(ctx)
authCtx, span := tracing.NewServerInterceptorSpan(ctx)
defer func() { span.EndWithError(err) }()
authToken := grpc_util.GetAuthorizationHeader(ctx)
authToken := grpc_util.GetAuthorizationHeader(authCtx)
if authToken == "" {
return nil, status.Error(codes.Unauthenticated, "auth header missing")
}
orgID := grpc_util.GetHeader(ctx, http.ZitadelOrgID)
orgID := grpc_util.GetHeader(authCtx, http.ZitadelOrgID)
ctx, err = authz.CheckUserAuthorization(ctx, req, authToken, orgID, verifier, authConfig, authOpt, info.FullMethod)
ctxSetter, err := authz.CheckUserAuthorization(authCtx, req, authToken, orgID, verifier, authConfig, authOpt, info.FullMethod)
if err != nil {
return nil, err
}
span.End()
return handler(ctx, req)
return handler(ctxSetter(ctx), req)
}

21
internal/api/oidc/client.go
View File

@@ -2,17 +2,16 @@ package oidc
import (
"context"
"github.com/caos/zitadel/internal/auth_request/model"
"strings"
"golang.org/x/text/language"
"gopkg.in/square/go-jose.v2"
"github.com/caos/oidc/pkg/oidc"
"github.com/caos/oidc/pkg/op"
"golang.org/x/text/language"
"gopkg.in/square/go-jose.v2"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/api/http"
"github.com/caos/zitadel/internal/auth_request/model"
"github.com/caos/zitadel/internal/crypto"
"github.com/caos/zitadel/internal/errors"
proj_model "github.com/caos/zitadel/internal/project/model"
@@ -155,7 +154,7 @@ func (o *OPStorage) GetUserinfoFromScopes(ctx context.Context, userID, applicati
roles = append(roles, strings.TrimPrefix(scope, ScopeProjectRolePrefix))
}
if strings.HasPrefix(scope, model.OrgDomainPrimaryScope) {
userInfo.AppendClaims(model.OrgDomainPrimaryScope, strings.TrimPrefix(scope, model.OrgDomainPrimaryScope))
userInfo.AppendClaims(model.OrgDomainPrimaryClaim, strings.TrimPrefix(scope, model.OrgDomainPrimaryScope))
}
}
}
@@ -180,7 +179,7 @@ func (o *OPStorage) GetPrivateClaimsFromScopes(ctx context.Context, userID, clie
if strings.HasPrefix(scope, ScopeProjectRolePrefix) {
roles = append(roles, strings.TrimPrefix(scope, ScopeProjectRolePrefix))
} else if strings.HasPrefix(scope, model.OrgDomainPrimaryScope) {
claims = map[string]interface{}{model.OrgDomainPrimaryScope: strings.TrimPrefix(scope, model.OrgDomainPrimaryScope)}
claims = appendClaim(claims, model.OrgDomainPrimaryClaim, strings.TrimPrefix(scope, model.OrgDomainPrimaryScope))
}
}
if len(roles) == 0 || clientID == "" {
@@ -191,7 +190,7 @@ func (o *OPStorage) GetPrivateClaimsFromScopes(ctx context.Context, userID, clie
return nil, err
}
if len(projectRoles) > 0 {
claims = map[string]interface{}{ClaimProjectRoles: projectRoles}
claims = appendClaim(claims, ClaimProjectRoles, projectRoles)
}
return claims, err
}
@@ -240,3 +239,11 @@ func getGender(gender user_model.Gender) string {
}
return ""
}
func appendClaim(claims map[string]interface{}, claim string, value interface{}) map[string]interface{} {
if claims == nil {
claims = make(map[string]interface{})
}
claims[claim] = value
return claims
}

2
internal/auth/repository/auth_request.go
View File

@@ -30,6 +30,4 @@ type AuthRequestRepository interface {
LinkExternalUsers(ctx context.Context, authReqID, userAgentID string, info *model.BrowserInfo) error
AutoRegisterExternalUser(ctx context.Context, user *user_model.User, externalIDP *user_model.ExternalIDP, member *org_model.OrgMember, authReqID, userAgentID, resourceOwner string, info *model.BrowserInfo) error
ResetLinkingUsers(ctx context.Context, authReqID, userAgentID string) error
GetOrgByPrimaryDomain(primaryDomain string) (*org_model.OrgView, error)
}

102
internal/auth/repository/eventsourcing/eventstore/auth_request.go
View File

@@ -110,6 +110,9 @@ func (repo *AuthRequestRepo) CreateAuthRequest(ctx context.Context, request *mod
}
request.Audience = appIDs
request.AppendAudIfNotExisting(app.ProjectID)
if err := setOrgID(repo.OrgViewProvider, request); err != nil {
return nil, err
}
if request.LoginHint != "" {
err = repo.checkLoginName(ctx, request, request.LoginHint)
logging.LogWithFields("EVENT-aG311", "login name", request.LoginHint, "id", request.ID, "applicationID", request.ApplicationID, "traceID", tracing.TraceIDFromCtx(ctx)).OnError(err).Debug("login hint invalid")
@@ -238,6 +241,9 @@ func (repo *AuthRequestRepo) SelectUser(ctx context.Context, id, userID, userAge
if err != nil {
return err
}
if request.RequestedOrgID != "" && request.RequestedOrgID != user.ResourceOwner {
return errors.ThrowPreconditionFailed(nil, "EVENT-fJe2a", "Errors.User.NotAllowedOrg")
}
request.SetUserInfo(user.ID, user.PreferredLoginName, user.DisplayName, user.ResourceOwner)
return repo.AuthRequests.UpdateAuthRequest(ctx, request)
}
@@ -442,16 +448,9 @@ func (repo *AuthRequestRepo) getLoginPolicyAndIDPProviders(ctx context.Context,
}
func (repo *AuthRequestRepo) fillLoginPolicy(ctx context.Context, request *model.AuthRequest) error {
orgID := request.UserOrgID
orgID := request.RequestedOrgID
if orgID == "" {
primaryDomain := request.GetScopeOrgPrimaryDomain()
if primaryDomain != "" {
org, err := repo.GetOrgByPrimaryDomain(primaryDomain)
if err != nil {
return err
}
orgID = org.ID
}
orgID = request.UserOrgID
}
if orgID == "" {
orgID = repo.IAMID
@@ -469,19 +468,9 @@ func (repo *AuthRequestRepo) fillLoginPolicy(ctx context.Context, request *model
}
func (repo *AuthRequestRepo) checkLoginName(ctx context.Context, request *model.AuthRequest, loginName string) (err error) {
primaryDomain := request.GetScopeOrgPrimaryDomain()
orgID := ""
if primaryDomain != "" {
org, err := repo.GetOrgByPrimaryDomain(primaryDomain)
if err != nil {
return err
}
orgID = org.ID
}
user := new(user_view_model.UserView)
if orgID != "" {
user, err = repo.View.UserByLoginNameAndResourceOwner(loginName, orgID)
if request.RequestedOrgID != "" {
user, err = repo.View.UserByLoginNameAndResourceOwner(loginName, request.RequestedOrgID)
} else {
user, err = repo.View.UserByLoginName(loginName)
if err == nil {
@@ -499,14 +488,6 @@ func (repo *AuthRequestRepo) checkLoginName(ctx context.Context, request *model.
return nil
}
func (repo AuthRequestRepo) GetOrgByPrimaryDomain(primaryDomain string) (*org_model.OrgView, error) {
org, err := repo.OrgViewProvider.OrgByPrimaryDomain(primaryDomain)
if err != nil {
return nil, err
}
return org_view_model.OrgToModel(org), nil
}
func (repo AuthRequestRepo) checkLoginPolicyWithResourceOwner(ctx context.Context, request *model.AuthRequest, user *user_view_model.UserView) error {
loginPolicy, idpProviders, err := repo.getLoginPolicyAndIDPProviders(ctx, user.ResourceOwner)
if err != nil {
@@ -537,15 +518,9 @@ func (repo *AuthRequestRepo) checkSelectedExternalIDP(request *model.AuthRequest
}
func (repo *AuthRequestRepo) checkExternalUserLogin(request *model.AuthRequest, idpConfigID, externalUserID string) (err error) {
primaryDomain := request.GetScopeOrgPrimaryDomain()
externalIDP := new(user_view_model.ExternalIDPView)
org := new(org_model.OrgView)
if primaryDomain != "" {
org, err = repo.GetOrgByPrimaryDomain(primaryDomain)
if err != nil {
return err
}
externalIDP, err = repo.View.ExternalIDPByExternalUserIDAndIDPConfigIDAndResourceOwner(externalUserID, idpConfigID, org.ID)
if request.RequestedOrgID != "" {
externalIDP, err = repo.View.ExternalIDPByExternalUserIDAndIDPConfigIDAndResourceOwner(externalUserID, idpConfigID, request.RequestedOrgID)
} else {
externalIDP, err = repo.View.ExternalIDPByExternalUserIDAndIDPConfigID(externalUserID, idpConfigID)
}
@@ -653,10 +628,11 @@ func (repo *AuthRequestRepo) usersForUserSelection(request *model.AuthRequest) (
users := make([]model.UserSelection, len(userSessions))
for i, session := range userSessions {
users[i] = model.UserSelection{
UserID: session.UserID,
DisplayName: session.DisplayName,
LoginName: session.LoginName,
UserSessionState: session.State,
UserID: session.UserID,
DisplayName: session.DisplayName,
LoginName: session.LoginName,
UserSessionState: session.State,
SelectionPossible: request.RequestedOrgID == "" || request.RequestedOrgID == session.ResourceOwner,
}
}
return users, nil
@@ -667,24 +643,28 @@ func (repo *AuthRequestRepo) firstFactorChecked(request *model.AuthRequest, user
return &model.InitUserStep{PasswordSet: user.PasswordSet}
}
if user.IsPasswordlessReady() {
if !checkVerificationTime(userSession.PasswordlessVerification, repo.MultiFactorCheckLifeTime) {
return &model.PasswordlessStep{}
var step model.NextStep
if request.LoginPolicy.PasswordlessType != iam_model.PasswordlessTypeNotAllowed && user.IsPasswordlessReady() {
if checkVerificationTime(userSession.PasswordlessVerification, repo.MultiFactorCheckLifeTime) {
request.AuthTime = userSession.PasswordlessVerification
return nil
}
request.AuthTime = userSession.PasswordlessVerification
return nil
step = &model.PasswordlessStep{}
}
if !user.PasswordSet {
return &model.InitPasswordStep{}
}
if !checkVerificationTime(userSession.PasswordVerification, repo.PasswordCheckLifeTime) {
return &model.PasswordStep{}
if checkVerificationTime(userSession.PasswordVerification, repo.PasswordCheckLifeTime) {
request.PasswordVerified = true
request.AuthTime = userSession.PasswordVerification
return nil
}
request.PasswordVerified = true
request.AuthTime = userSession.PasswordVerification
return nil
if step != nil {
return step
}
return &model.PasswordStep{}
}
func (repo *AuthRequestRepo) mfaChecked(userSession *user_model.UserSessionView, request *model.AuthRequest, user *user_model.UserView) (model.NextStep, bool, error) {
@@ -753,6 +733,21 @@ func (repo *AuthRequestRepo) getLoginPolicy(ctx context.Context, orgID string) (
return iam_es_model.LoginPolicyViewToModel(policy), err
}
func setOrgID(orgViewProvider orgViewProvider, request *model.AuthRequest) error {
primaryDomain := request.GetScopeOrgPrimaryDomain()
if primaryDomain == "" {
return nil
}
org, err := orgViewProvider.OrgByPrimaryDomain(primaryDomain)
if err != nil {
return err
}
request.RequestedOrgID = org.ID
request.RequestedOrgName = org.Name
return nil
}
func getLoginPolicyIDPProviders(provider idpProviderViewProvider, iamID, orgID string, defaultPolicy bool) ([]*iam_model.IDPProviderView, error) {
if defaultPolicy {
idpProviders, err := provider.IDPProvidersByAggregateIDAndState(iamID, iam_model.IDPConfigStateActive)
@@ -824,9 +819,8 @@ func userSessionByIDs(ctx context.Context, provider userSessionViewProvider, eve
case es_model.UserRemoved:
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-dG2fe", "Errors.User.NotActive")
}
if err := sessionCopy.AppendEvent(event); err != nil {
return user_view_model.UserSessionToModel(&sessionCopy), nil
}
err := sessionCopy.AppendEvent(event)
logging.Log("EVENT-qbhj3").OnError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Warn("error appending event")
}
return user_view_model.UserSessionToModel(&sessionCopy), nil
}

101
internal/auth/repository/eventsourcing/eventstore/auth_request_test.go
View File

@@ -56,8 +56,9 @@ type mockViewUserSession struct {
}
type mockUser struct {
UserID string
LoginName string
UserID string
LoginName string
ResourceOwner string
}
func (m *mockViewUserSession) UserSessionByIDs(string, string) (*user_view_model.UserSessionView, error) {
@@ -74,8 +75,9 @@ func (m *mockViewUserSession) UserSessionsByAgentID(string) ([]*user_view_model.
sessions := make([]*user_view_model.UserSessionView, len(m.Users))
for i, user := range m.Users {
sessions[i] = &user_view_model.UserSessionView{
UserID: user.UserID,
LoginName: user.LoginName,
UserID: user.UserID,
LoginName: user.LoginName,
ResourceOwner: user.ResourceOwner,
}
}
return sessions, nil
@@ -270,10 +272,12 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
{
"id1",
"loginname1",
"orgID1",
},
{
"id2",
"loginname2",
"orgID2",
},
},
},
@@ -285,12 +289,52 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
&model.SelectUserStep{
Users: []model.UserSelection{
{
UserID: "id1",
LoginName: "loginname1",
UserID: "id1",
LoginName: "loginname1",
SelectionPossible: true,
},
{
UserID: "id2",
LoginName: "loginname2",
UserID: "id2",
LoginName: "loginname2",
SelectionPossible: true,
},
},
}},
nil,
},
{
"user not set, primary domain set, prompt select account, login and select account steps",
fields{
userSessionViewProvider: &mockViewUserSession{
Users: []mockUser{
{
"id1",
"loginname1",
"orgID1",
},
{
"id2",
"loginname2",
"orgID2",
},
},
},
userEventProvider: &mockEventUser{},
},
args{&model.AuthRequest{Prompt: model.PromptSelectAccount, RequestedOrgID: "orgID1"}, false},
[]model.NextStep{
&model.LoginStep{},
&model.SelectUserStep{
Users: []model.UserSelection{
{
UserID: "id1",
LoginName: "loginname1",
SelectionPossible: true,
},
{
UserID: "id2",
LoginName: "loginname2",
SelectionPossible: false,
},
},
}},
@@ -386,7 +430,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
userEventProvider: &mockEventUser{},
orgViewProvider: &mockViewOrg{State: org_model.OrgStateActive},
},
args{&model.AuthRequest{UserID: "UserID"}, false},
args{&model.AuthRequest{UserID: "UserID", LoginPolicy: &iam_model.LoginPolicyView{}}, false},
[]model.NextStep{&model.PasswordStep{}},
nil,
},
@@ -431,7 +475,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
orgViewProvider: &mockViewOrg{State: org_model.OrgStateActive},
MultiFactorCheckLifeTime: 10 * time.Hour,
},
args{&model.AuthRequest{UserID: "UserID"}, false},
args{&model.AuthRequest{UserID: "UserID", LoginPolicy: &iam_model.LoginPolicyView{PasswordlessType: iam_model.PasswordlessTypeAllowed}}, false},
[]model.NextStep{&model.PasswordlessStep{}},
nil,
},
@@ -456,7 +500,8 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
args{&model.AuthRequest{
UserID: "UserID",
LoginPolicy: &iam_model.LoginPolicyView{
MultiFactors: []iam_model.MultiFactorType{iam_model.MultiFactorTypeU2FWithPIN},
PasswordlessType: iam_model.PasswordlessTypeAllowed,
MultiFactors: []iam_model.MultiFactorType{iam_model.MultiFactorTypeU2FWithPIN},
},
}, false},
[]model.NextStep{&model.VerifyEMailStep{}},
@@ -470,7 +515,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
userEventProvider: &mockEventUser{},
orgViewProvider: &mockViewOrg{State: org_model.OrgStateActive},
},
args{&model.AuthRequest{UserID: "UserID"}, false},
args{&model.AuthRequest{UserID: "UserID", LoginPolicy: &iam_model.LoginPolicyView{}}, false},
[]model.NextStep{&model.InitPasswordStep{}},
nil,
},
@@ -534,7 +579,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
orgViewProvider: &mockViewOrg{State: org_model.OrgStateActive},
PasswordCheckLifeTime: 10 * 24 * time.Hour,
},
args{&model.AuthRequest{UserID: "UserID"}, false},
args{&model.AuthRequest{UserID: "UserID", LoginPolicy: &iam_model.LoginPolicyView{}}, false},
[]model.NextStep{&model.PasswordStep{}},
nil,
},
@@ -566,6 +611,35 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
[]model.NextStep{&model.RedirectToCallbackStep{}},
nil,
},
{
"password verified, passwordless set up, mfa not verified, mfa check step",
fields{
userSessionViewProvider: &mockViewUserSession{
PasswordVerification: time.Now().UTC().Add(-5 * time.Minute),
},
userViewProvider: &mockViewUser{
PasswordSet: true,
PasswordlessTokens: user_view_model.WebAuthNTokens{&user_view_model.WebAuthNView{ID: "id", State: int32(user_model.MFAStateReady)}},
OTPState: int32(user_model.MFAStateReady),
MFAMaxSetUp: int32(model.MFALevelMultiFactor),
},
userEventProvider: &mockEventUser{},
orgViewProvider: &mockViewOrg{State: org_model.OrgStateActive},
PasswordCheckLifeTime: 10 * 24 * time.Hour,
SecondFactorCheckLifeTime: 18 * time.Hour,
},
args{
&model.AuthRequest{
UserID: "UserID",
LoginPolicy: &iam_model.LoginPolicyView{
SecondFactors: []iam_model.SecondFactorType{iam_model.SecondFactorTypeOTP},
},
}, false},
[]model.NextStep{&model.MFAVerificationStep{
MFAProviders: []model.MFAType{model.MFATypeOTP},
}},
nil,
},
{
"mfa not verified, mfa check step",
fields{
@@ -843,6 +917,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
args{
&model.AuthRequest{
UserID: "UserID",
LoginPolicy: &iam_model.LoginPolicyView{},
SelectedIDPConfigID: "IDPConfigID",
LinkingUsers: []*model.ExternalUser{{IDPConfigID: "IDPConfigID", ExternalUserID: "UserID", DisplayName: "DisplayName"}},
}, false},

2
internal/auth/repository/eventsourcing/eventstore/org.go
View File

@@ -36,7 +36,7 @@ type OrgRepository struct {
func (repo *OrgRepository) SearchOrgs(ctx context.Context, request *org_model.OrgSearchRequest) (*org_model.OrgSearchResult, error) {
request.EnsureLimit(repo.SearchLimit)
sequence, err := repo.View.GetLatestOrgSequence()
sequence, err := repo.View.GetLatestOrgSequence("")
logging.Log("EVENT-7Udhz").OnError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Warn("could not read latest org sequence")
members, count, err := repo.View.SearchOrgs(request)
if err != nil {

48
internal/auth/repository/eventsourcing/eventstore/user.go
View File

@@ -109,7 +109,7 @@ func (repo *UserRepo) ChangeMyProfile(ctx context.Context, profile *model.Profil
func (repo *UserRepo) SearchMyExternalIDPs(ctx context.Context, request *model.ExternalIDPSearchRequest) (*model.ExternalIDPSearchResponse, error) {
request.EnsureLimit(repo.SearchLimit)
sequence, seqErr := repo.View.GetLatestExternalIDPSequence()
sequence, seqErr := repo.View.GetLatestExternalIDPSequence("")
logging.Log("EVENT-5Jsi8").OnError(seqErr).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Warn("could not read latest user sequence")
request.AppendUserQuery(authz.GetCtxData(ctx).UserID)
externalIDPS, count, err := repo.View.SearchExternalIDPs(request)
@@ -303,11 +303,26 @@ func (repo *UserRepo) RemoveMyMFAOTP(ctx context.Context) error {
}
func (repo *UserRepo) AddMFAU2F(ctx context.Context, userID string) (*model.WebAuthNToken, error) {
return repo.UserEvents.AddU2F(ctx, userID, true)
accountName := ""
user, err := repo.UserByID(ctx, userID)
if err != nil {
logging.Log("EVENT-DAqe1").WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("unable to get user for loginname")
} else {
accountName = user.PreferredLoginName
}
return repo.UserEvents.AddU2F(ctx, userID, accountName, true)
}
func (repo *UserRepo) AddMyMFAU2F(ctx context.Context) (*model.WebAuthNToken, error) {
return repo.UserEvents.AddU2F(ctx, authz.GetCtxData(ctx).UserID, false)
userID := authz.GetCtxData(ctx).UserID
accountName := ""
user, err := repo.UserByID(ctx, userID)
if err != nil {
logging.Log("EVENT-Ghwl1").WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("unable to get user for loginname")
} else {
accountName = user.PreferredLoginName
}
return repo.UserEvents.AddU2F(ctx, userID, accountName, false)
}
func (repo *UserRepo) VerifyMFAU2FSetup(ctx context.Context, userID, tokenName, userAgentID string, credentialData []byte) error {
@@ -326,12 +341,35 @@ func (repo *UserRepo) RemoveMyMFAU2F(ctx context.Context, webAuthNTokenID string
return repo.UserEvents.RemoveU2FToken(ctx, authz.GetCtxData(ctx).UserID, webAuthNTokenID)
}
func (repo *UserRepo) GetPasswordless(ctx context.Context, userID string) ([]*model.WebAuthNToken, error) {
return repo.UserEvents.GetPasswordless(ctx, userID)
}
func (repo *UserRepo) AddPasswordless(ctx context.Context, userID string) (*model.WebAuthNToken, error) {
return repo.UserEvents.AddPasswordless(ctx, userID, true)
accountName := ""
user, err := repo.UserByID(ctx, userID)
if err != nil {
logging.Log("EVENT-Vj2k1").WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("unable to get user for loginname")
} else {
accountName = user.PreferredLoginName
}
return repo.UserEvents.AddPasswordless(ctx, userID, accountName, true)
}
func (repo *UserRepo) GetMyPasswordless(ctx context.Context) ([]*model.WebAuthNToken, error) {
return repo.UserEvents.GetPasswordless(ctx, authz.GetCtxData(ctx).UserID)
}
func (repo *UserRepo) AddMyPasswordless(ctx context.Context) (*model.WebAuthNToken, error) {
return repo.UserEvents.AddPasswordless(ctx, authz.GetCtxData(ctx).UserID, false)
userID := authz.GetCtxData(ctx).UserID
accountName := ""
user, err := repo.UserByID(ctx, userID)
if err != nil {
logging.Log("EVENT-AEq21").WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("unable to get user for loginname")
} else {
accountName = user.PreferredLoginName
}
return repo.UserEvents.AddPasswordless(ctx, authz.GetCtxData(ctx).UserID, accountName, false)
}
func (repo *UserRepo) VerifyPasswordlessSetup(ctx context.Context, userID, tokenName, userAgentID string, credentialData []byte) error {

2
internal/auth/repository/eventsourcing/eventstore/user_grant.go
View File

@@ -29,7 +29,7 @@ type UserGrantRepo struct {
func (repo *UserGrantRepo) SearchMyUserGrants(ctx context.Context, request *grant_model.UserGrantSearchRequest) (*grant_model.UserGrantSearchResponse, error) {
request.EnsureLimit(repo.SearchLimit)
sequence, err := repo.View.GetLatestUserGrantSequence()
sequence, err := repo.View.GetLatestUserGrantSequence("")
logging.Log("EVENT-Hd7s3").OnError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Warn("could not read latest user grant sequence")
request.Queries = append(request.Queries, &grant_model.UserGrantSearchQuery{Key: grant_model.UserGrantSearchKeyUserID, Method: global_model.SearchMethodEquals, Value: authz.GetCtxData(ctx).UserID})
grants, count, err := repo.View.SearchUserGrants(request)

60
internal/auth/repository/eventsourcing/handler/application.go
View File

@@ -5,7 +5,9 @@ import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
"github.com/caos/zitadel/internal/project/repository/eventsourcing"
proj_event "github.com/caos/zitadel/internal/project/repository/eventsourcing"
@@ -13,19 +15,52 @@ import (
view_model "github.com/caos/zitadel/internal/project/repository/view/model"
)
type Application struct {
handler
projectEvents *proj_event.ProjectEventstore
}
const (
applicationTable = "auth.applications"
)
type Application struct {
handler
projectEvents *proj_event.ProjectEventstore
subscription *eventstore.Subscription
}
func newApplication(handler handler, projectEvents *proj_event.ProjectEventstore) *Application {
h := &Application{
handler: handler,
projectEvents: projectEvents,
}
h.subscribe()
return h
}
func (a *Application) subscribe() {
a.subscription = a.es.Subscribe(a.AggregateTypes()...)
go func() {
for event := range a.subscription.Events {
query.ReduceEvent(a, event)
}
}()
}
func (a *Application) ViewModel() string {
return applicationTable
}
func (_ *Application) AggregateTypes() []models.AggregateType {
return []models.AggregateType{es_model.ProjectAggregate}
}
func (a *Application) CurrentSequence(event *models.Event) (uint64, error) {
sequence, err := a.view.GetLatestApplicationSequence()
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (a *Application) EventQuery() (*models.SearchQuery, error) {
sequence, err := a.view.GetLatestApplicationSequence()
if err != nil {
@@ -65,30 +100,33 @@ func (a *Application) Reduce(event *models.Event) (err error) {
if err != nil {
return err
}
return a.view.DeleteApplication(app.ID, event.Sequence, event.CreationDate)
return a.view.DeleteApplication(app.ID, event)
case es_model.ProjectChanged:
apps, err := a.view.ApplicationsByProjectID(event.AggregateID)
if err != nil {
return err
}
if len(apps) == 0 {
return a.view.ProcessedApplicationSequence(event.Sequence, event.CreationDate)
return a.view.ProcessedApplicationSequence(event)
}
for _, app := range apps {
if err := app.AppendEvent(event); err != nil {
return err
}
}
return a.view.PutApplications(apps, event.Sequence, event.CreationDate)
return a.view.PutApplications(apps, event)
case es_model.ProjectRemoved:
return a.view.DeleteApplicationsByProjectID(event.AggregateID)
err = a.view.DeleteApplicationsByProjectID(event.AggregateID)
if err == nil {
return a.view.ProcessedApplicationSequence(event)
}
default:
return a.view.ProcessedApplicationSequence(event.Sequence, event.CreationDate)
return a.view.ProcessedApplicationSequence(event)
}
if err != nil {
return err
}
return a.view.PutApplication(app, event.CreationDate)
return a.view.PutApplication(app, event)
}
func (a *Application) OnError(event *models.Event, spoolerError error) error {

88
internal/auth/repository/eventsourcing/handler/handler.go
View File

@@ -26,6 +26,12 @@ type handler struct {
bulkLimit uint64
cycleDuration time.Duration
errorCountUntilSkip uint64
es eventstore.Eventstore
}
func (h *handler) Eventstore() eventstore.Eventstore {
return h.es
}
type EventstoreRepos struct {
@@ -35,39 +41,65 @@ type EventstoreRepos struct {
IamEvents *iam_events.IAMEventstore
}
func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, eventstore eventstore.Eventstore, repos EventstoreRepos, systemDefaults sd.SystemDefaults) []query.Handler {
func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, es eventstore.Eventstore, repos EventstoreRepos, systemDefaults sd.SystemDefaults) []query.Handler {
return []query.Handler{
&User{handler: handler{view, bulkLimit, configs.cycleDuration("User"), errorCount},
orgEvents: repos.OrgEvents, iamEvents: repos.IamEvents, iamID: systemDefaults.IamID},
&UserSession{handler: handler{view, bulkLimit, configs.cycleDuration("UserSession"), errorCount}, userEvents: repos.UserEvents},
&UserMembership{handler: handler{view, bulkLimit, configs.cycleDuration("UserMembership"), errorCount}, orgEvents: repos.OrgEvents, projectEvents: repos.ProjectEvents},
&Token{handler: handler{view, bulkLimit, configs.cycleDuration("Token"), errorCount}, ProjectEvents: repos.ProjectEvents},
&Key{handler: handler{view, bulkLimit, configs.cycleDuration("Key"), errorCount}},
&Application{handler: handler{view, bulkLimit, configs.cycleDuration("Application"), errorCount}, projectEvents: repos.ProjectEvents},
&Org{handler: handler{view, bulkLimit, configs.cycleDuration("Org"), errorCount}},
&UserGrant{
handler: handler{view, bulkLimit, configs.cycleDuration("UserGrant"), errorCount},
eventstore: eventstore,
userEvents: repos.UserEvents,
orgEvents: repos.OrgEvents,
projectEvents: repos.ProjectEvents,
iamEvents: repos.IamEvents,
iamID: systemDefaults.IamID},
&MachineKeys{handler: handler{view, bulkLimit, configs.cycleDuration("MachineKey"), errorCount}},
&LoginPolicy{handler: handler{view, bulkLimit, configs.cycleDuration("LoginPolicy"), errorCount}},
&IDPConfig{handler: handler{view, bulkLimit, configs.cycleDuration("IDPConfig"), errorCount}},
&IDPProvider{handler: handler{view, bulkLimit, configs.cycleDuration("IDPProvider"), errorCount}, systemDefaults: systemDefaults, orgEvents: repos.OrgEvents, iamEvents: repos.IamEvents},
&ExternalIDP{handler: handler{view, bulkLimit, configs.cycleDuration("ExternalIDP"), errorCount}, systemDefaults: systemDefaults, orgEvents: repos.OrgEvents, iamEvents: repos.IamEvents},
&PasswordComplexityPolicy{handler: handler{view, bulkLimit, configs.cycleDuration("PasswordComplexityPolicy"), errorCount}},
&OrgIAMPolicy{handler: handler{view, bulkLimit, configs.cycleDuration("OrgIAMPolicy"), errorCount}},
&ProjectRole{handler: handler{view, bulkLimit, configs.cycleDuration("ProjectRole"), errorCount}, projectEvents: repos.ProjectEvents},
newUser(
handler{view, bulkLimit, configs.cycleDuration("User"), errorCount, es},
repos.OrgEvents,
repos.IamEvents,
systemDefaults.IamID),
newUserSession(
handler{view, bulkLimit, configs.cycleDuration("UserSession"), errorCount, es},
repos.UserEvents),
newUserMembership(
handler{view, bulkLimit, configs.cycleDuration("UserMembership"), errorCount, es},
repos.OrgEvents,
repos.ProjectEvents),
newToken(
handler{view, bulkLimit, configs.cycleDuration("Token"), errorCount, es},
repos.ProjectEvents),
newKey(
handler{view, bulkLimit, configs.cycleDuration("Key"), errorCount, es}),
newApplication(handler{view, bulkLimit, configs.cycleDuration("Application"), errorCount, es},
repos.ProjectEvents),
newOrg(
handler{view, bulkLimit, configs.cycleDuration("Org"), errorCount, es}),
newUserGrant(
handler{view, bulkLimit, configs.cycleDuration("UserGrant"), errorCount, es},
repos.ProjectEvents,
repos.UserEvents,
repos.OrgEvents,
repos.IamEvents,
systemDefaults.IamID),
newMachineKeys(
handler{view, bulkLimit, configs.cycleDuration("MachineKey"), errorCount, es}),
newLoginPolicy(
handler{view, bulkLimit, configs.cycleDuration("LoginPolicy"), errorCount, es}),
newIDPConfig(
handler{view, bulkLimit, configs.cycleDuration("IDPConfig"), errorCount, es}),
newIDPProvider(
handler{view, bulkLimit, configs.cycleDuration("IDPProvider"), errorCount, es},
systemDefaults,
repos.IamEvents,
repos.OrgEvents),
newExternalIDP(
handler{view, bulkLimit, configs.cycleDuration("ExternalIDP"), errorCount, es},
systemDefaults,
repos.IamEvents,
repos.OrgEvents),
newPasswordComplexityPolicy(
handler{view, bulkLimit, configs.cycleDuration("PasswordComplexityPolicy"), errorCount, es}),
newOrgIAMPolicy(
handler{view, bulkLimit, configs.cycleDuration("OrgIAMPolicy"), errorCount, es}),
newProjectRole(handler{view, bulkLimit, configs.cycleDuration("ProjectRole"), errorCount, es},
repos.ProjectEvents),
}
}
func (configs Configs) cycleDuration(viewModel string) time.Duration {
c, ok := configs[viewModel]
if !ok {
return 1 * time.Second
return 3 * time.Minute
}
return c.MinimumCycleDuration.Duration
}
@@ -76,6 +108,10 @@ func (h *handler) MinimumCycleDuration() time.Duration {
return h.cycleDuration
}
func (h *handler) LockDuration() time.Duration {
return h.cycleDuration / 3
}
func (h *handler) QueryLimit() uint64 {
return h.bulkLimit
}

52
internal/auth/repository/eventsourcing/handler/idp_config.go
View File

@@ -2,8 +2,10 @@ package handler
import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
iam_model "github.com/caos/zitadel/internal/iam/model"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
@@ -11,25 +13,57 @@ import (
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
type IDPConfig struct {
handler
}
const (
idpConfigTable = "auth.idp_configs"
)
type IDPConfig struct {
handler
subscription *eventstore.Subscription
}
func newIDPConfig(h handler) *IDPConfig {
idpConfig := &IDPConfig{
handler: h,
}
idpConfig.subscribe()
return idpConfig
}
func (i *IDPConfig) subscribe() {
i.subscription = i.es.Subscribe(i.AggregateTypes()...)
go func() {
for event := range i.subscription.Events {
query.ReduceEvent(i, event)
}
}()
}
func (i *IDPConfig) ViewModel() string {
return idpConfigTable
}
func (_ *IDPConfig) AggregateTypes() []models.AggregateType {
return []models.AggregateType{model.OrgAggregate, iam_es_model.IAMAggregate}
}
func (i *IDPConfig) CurrentSequence(event *models.Event) (uint64, error) {
sequence, err := i.view.GetLatestIDPConfigSequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (i *IDPConfig) EventQuery() (*models.SearchQuery, error) {
sequence, err := i.view.GetLatestIDPConfigSequence()
sequence, err := i.view.GetLatestIDPConfigSequence("")
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(model.OrgAggregate, iam_es_model.IAMAggregate).
AggregateTypeFilter(i.AggregateTypes()...).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
@@ -66,14 +100,14 @@ func (i *IDPConfig) processIdpConfig(providerType iam_model.IDPProviderType, eve
if err != nil {
return err
}
return i.view.DeleteIDPConfig(idp.IDPConfigID, event.Sequence, event.CreationDate)
return i.view.DeleteIDPConfig(idp.IDPConfigID, event)
default:
return i.view.ProcessedIDPConfigSequence(event.Sequence, event.CreationDate)
return i.view.ProcessedIDPConfigSequence(event)
}
if err != nil {
return err
}
return i.view.PutIDPConfig(idp, idp.Sequence, event.CreationDate)
return i.view.PutIDPConfig(idp, event)
}
func (i *IDPConfig) OnError(event *models.Event, err error) error {

63
internal/auth/repository/eventsourcing/handler/idp_providers.go
View File

@@ -2,42 +2,85 @@ package handler
import (
"context"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/config/systemdefaults"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/iam/repository/eventsourcing"
org_es "github.com/caos/zitadel/internal/org/repository/eventsourcing"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
iam_view_model "github.com/caos/zitadel/internal/iam/repository/view/model"
)
const (
idpProviderTable = "auth.idp_providers"
)
type IDPProvider struct {
handler
systemDefaults systemdefaults.SystemDefaults
iamEvents *eventsourcing.IAMEventstore
orgEvents *org_es.OrgEventstore
subscription *eventstore.Subscription
}
const (
idpProviderTable = "auth.idp_providers"
)
func newIDPProvider(
h handler,
defaults systemdefaults.SystemDefaults,
iamEvents *eventsourcing.IAMEventstore,
orgEvents *org_es.OrgEventstore,
) *IDPProvider {
idpProvider := &IDPProvider{
handler: h,
systemDefaults: defaults,
iamEvents: iamEvents,
orgEvents: orgEvents,
}
idpProvider.subscribe()
return idpProvider
}
func (i *IDPProvider) subscribe() {
i.subscription = i.es.Subscribe(i.AggregateTypes()...)
go func() {
for event := range i.subscription.Events {
query.ReduceEvent(i, event)
}
}()
}
func (i *IDPProvider) ViewModel() string {
return idpProviderTable
}
func (_ *IDPProvider) AggregateTypes() []models.AggregateType {
return []models.AggregateType{model.IAMAggregate, org_es_model.OrgAggregate}
}
func (i *IDPProvider) CurrentSequence(event *models.Event) (uint64, error) {
sequence, err := i.view.GetLatestIDPProviderSequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (i *IDPProvider) EventQuery() (*models.SearchQuery, error) {
sequence, err := i.view.GetLatestIDPProviderSequence()
sequence, err := i.view.GetLatestIDPProviderSequence("")
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate, org_es_model.OrgAggregate).
AggregateTypeFilter(i.AggregateTypes()...).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
@@ -64,7 +107,7 @@ func (i *IDPProvider) processIdpProvider(event *models.Event) (err error) {
if err != nil {
return err
}
return i.view.DeleteIDPProvider(event.AggregateID, provider.IDPConfigID, event.Sequence, event.CreationDate)
return i.view.DeleteIDPProvider(event.AggregateID, provider.IDPConfigID, event)
case model.IDPConfigChanged, org_es_model.IDPConfigChanged:
esConfig := new(iam_view_model.IDPConfigView)
providerType := iam_model.IDPProviderTypeSystem
@@ -88,16 +131,16 @@ func (i *IDPProvider) processIdpProvider(event *models.Event) (err error) {
for _, provider := range providers {
i.fillConfigData(provider, config)
}
return i.view.PutIDPProviders(event.Sequence, event.CreationDate, providers...)
return i.view.PutIDPProviders(event, providers...)
case org_es_model.LoginPolicyRemoved:
return i.view.DeleteIDPProvidersByAggregateID(event.AggregateID, event.Sequence, event.CreationDate)
return i.view.DeleteIDPProvidersByAggregateID(event.AggregateID, event)
default:
return i.view.ProcessedIDPProviderSequence(event.Sequence, event.CreationDate)
return i.view.ProcessedIDPProviderSequence(event)
}
if err != nil {
return err
}
return i.view.PutIDPProvider(provider, provider.Sequence, event.CreationDate)
return i.view.PutIDPProvider(provider, event)
}
func (i *IDPProvider) fillData(provider *iam_view_model.IDPProviderView) (err error) {

54
internal/auth/repository/eventsourcing/handler/key.go
View File

@@ -3,30 +3,62 @@ package handler
import (
"time"
es_model "github.com/caos/zitadel/internal/key/repository/eventsourcing/model"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
"github.com/caos/zitadel/internal/key/repository/eventsourcing"
es_model "github.com/caos/zitadel/internal/key/repository/eventsourcing/model"
view_model "github.com/caos/zitadel/internal/key/repository/view/model"
)
type Key struct {
handler
}
const (
keyTable = "auth.keys"
)
type Key struct {
handler
subscription *eventstore.Subscription
}
func newKey(handler handler) *Key {
h := &Key{
handler: handler,
}
h.subscribe()
return h
}
func (k *Key) subscribe() {
k.subscription = k.es.Subscribe(k.AggregateTypes()...)
go func() {
for event := range k.subscription.Events {
query.ReduceEvent(k, event)
}
}()
}
func (k *Key) ViewModel() string {
return keyTable
}
func (_ *Key) AggregateTypes() []models.AggregateType {
return []models.AggregateType{es_model.KeyPairAggregate}
}
func (k *Key) CurrentSequence(event *models.Event) (uint64, error) {
sequence, err := k.view.GetLatestKeySequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (k *Key) EventQuery() (*models.SearchQuery, error) {
sequence, err := k.view.GetLatestKeySequence()
sequence, err := k.view.GetLatestKeySequence("")
if err != nil {
return nil, err
}
@@ -41,11 +73,11 @@ func (k *Key) Reduce(event *models.Event) error {
return err
}
if privateKey.Expiry.Before(time.Now()) && publicKey.Expiry.Before(time.Now()) {
return k.view.ProcessedKeySequence(event.Sequence, event.CreationDate)
return k.view.ProcessedKeySequence(event)
}
return k.view.PutKeys(privateKey, publicKey, event.Sequence, event.CreationDate)
return k.view.PutKeys(privateKey, publicKey, event)
default:
return k.view.ProcessedKeySequence(event.Sequence, event.CreationDate)
return k.view.ProcessedKeySequence(event)
}
}

52
internal/auth/repository/eventsourcing/handler/login_policy.go
View File

@@ -2,34 +2,68 @@ package handler
import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
type LoginPolicy struct {
handler
}
const (
loginPolicyTable = "auth.login_policies"
)
type LoginPolicy struct {
handler
subscription *eventstore.Subscription
}
func newLoginPolicy(handler handler) *LoginPolicy {
h := &LoginPolicy{
handler: handler,
}
h.subscribe()
return h
}
func (p *LoginPolicy) subscribe() {
p.subscription = p.es.Subscribe(p.AggregateTypes()...)
go func() {
for event := range p.subscription.Events {
query.ReduceEvent(p, event)
}
}()
}
func (p *LoginPolicy) ViewModel() string {
return loginPolicyTable
}
func (_ *LoginPolicy) AggregateTypes() []models.AggregateType {
return []models.AggregateType{model.OrgAggregate, iam_es_model.IAMAggregate}
}
func (p *LoginPolicy) CurrentSequence(event *models.Event) (uint64, error) {
sequence, err := p.view.GetLatestLoginPolicySequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (p *LoginPolicy) EventQuery() (*models.SearchQuery, error) {
sequence, err := p.view.GetLatestLoginPolicySequence()
sequence, err := p.view.GetLatestLoginPolicySequence("")
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(model.OrgAggregate, iam_es_model.IAMAggregate).
AggregateTypeFilter(p.AggregateTypes()...).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
@@ -57,14 +91,14 @@ func (p *LoginPolicy) processLoginPolicy(event *models.Event) (err error) {
}
err = policy.AppendEvent(event)
case model.LoginPolicyRemoved:
return p.view.DeleteLoginPolicy(event.AggregateID, event.Sequence, event.CreationDate)
return p.view.DeleteLoginPolicy(event.AggregateID, event)
default:
return p.view.ProcessedLoginPolicySequence(event.Sequence, event.CreationDate)
return p.view.ProcessedLoginPolicySequence(event)
}
if err != nil {
return err
}
return p.view.PutLoginPolicy(policy, policy.Sequence, event.CreationDate)
return p.view.PutLoginPolicy(policy, event)
}
func (p *LoginPolicy) OnError(event *models.Event, err error) error {

74
internal/auth/repository/eventsourcing/handler/machine_keys.go
View File

@@ -5,73 +5,107 @@ import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
"github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
usr_model "github.com/caos/zitadel/internal/user/repository/view/model"
)
type MachineKeys struct {
handler
}
const (
machineKeysTable = "auth.machine_keys"
)
func (d *MachineKeys) ViewModel() string {
type MachineKeys struct {
handler
subscription *eventstore.Subscription
}
func newMachineKeys(handler handler) *MachineKeys {
h := &MachineKeys{
handler: handler,
}
h.subscribe()
return h
}
func (k *MachineKeys) subscribe() {
k.subscription = k.es.Subscribe(k.AggregateTypes()...)
go func() {
for event := range k.subscription.Events {
query.ReduceEvent(k, event)
}
}()
}
func (k *MachineKeys) ViewModel() string {
return machineKeysTable
}
func (d *MachineKeys) EventQuery() (*models.SearchQuery, error) {
sequence, err := d.view.GetLatestMachineKeySequence()
func (_ *MachineKeys) AggregateTypes() []es_models.AggregateType {
return []es_models.AggregateType{model.UserAggregate}
}
func (k *MachineKeys) CurrentSequence(event *models.Event) (uint64, error) {
sequence, err := k.view.GetLatestMachineKeySequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (k *MachineKeys) EventQuery() (*es_models.SearchQuery, error) {
sequence, err := k.view.GetLatestMachineKeySequence("")
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(model.UserAggregate).
AggregateTypeFilter(k.AggregateTypes()...).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
func (d *MachineKeys) Reduce(event *models.Event) (err error) {
func (k *MachineKeys) Reduce(event *es_models.Event) (err error) {
switch event.AggregateType {
case model.UserAggregate:
err = d.processMachineKeys(event)
err = k.processMachineKeys(event)
}
return err
}
func (d *MachineKeys) processMachineKeys(event *models.Event) (err error) {
func (k *MachineKeys) processMachineKeys(event *es_models.Event) (err error) {
key := new(usr_model.MachineKeyView)
switch event.Type {
case model.MachineKeyAdded:
err = key.AppendEvent(event)
if key.ExpirationDate.Before(time.Now()) {
return d.view.ProcessedMachineKeySequence(event.Sequence, event.CreationDate)
return k.view.ProcessedMachineKeySequence(event)
}
case model.MachineKeyRemoved:
err = key.SetData(event)
if err != nil {
return err
}
return d.view.DeleteMachineKey(key.ID, event.Sequence, event.CreationDate)
return k.view.DeleteMachineKey(key.ID, event)
case model.UserRemoved:
return d.view.DeleteMachineKeysByUserID(event.AggregateID, event.Sequence, event.CreationDate)
return k.view.DeleteMachineKeysByUserID(event.AggregateID, event)
default:
return d.view.ProcessedMachineKeySequence(event.Sequence, event.CreationDate)
return k.view.ProcessedMachineKeySequence(event)
}
if err != nil {
return err
}
return d.view.PutMachineKey(key, key.Sequence, event.CreationDate)
return k.view.PutMachineKey(key, event)
}
func (d *MachineKeys) OnError(event *models.Event, err error) error {
func (k *MachineKeys) OnError(event *es_models.Event, err error) error {
logging.LogWithFields("SPOOL-S9fe", "id", event.AggregateID).WithError(err).Warn("something went wrong in machine key handler")
return spooler.HandleError(event, err, d.view.GetLatestMachineKeyFailedEvent, d.view.ProcessedMachineKeyFailedEvent, d.view.ProcessedMachineKeySequence, d.errorCountUntilSkip)
return spooler.HandleError(event, err, k.view.GetLatestMachineKeyFailedEvent, k.view.ProcessedMachineKeyFailedEvent, k.view.ProcessedMachineKeySequence, k.errorCountUntilSkip)
}
func (d *MachineKeys) OnSuccess() error {
return spooler.HandleSuccess(d.view.UpdateMachineKeySpoolerRunTimestamp)
func (k *MachineKeys) OnSuccess() error {
return spooler.HandleSuccess(k.view.UpdateMachineKeySpoolerRunTimestamp)
}

49
internal/auth/repository/eventsourcing/handler/org.go
View File

@@ -3,27 +3,62 @@ package handler
import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
"github.com/caos/zitadel/internal/org/repository/eventsourcing"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
org_model "github.com/caos/zitadel/internal/org/repository/view/model"
)
type Org struct {
handler
}
const (
orgTable = "auth.orgs"
)
type Org struct {
handler
subscription *eventstore.Subscription
}
func newOrg(handler handler) *Org {
h := &Org{
handler: handler,
}
h.subscribe()
return h
}
func (o *Org) subscribe() {
o.subscription = o.es.Subscribe(o.AggregateTypes()...)
go func() {
for event := range o.subscription.Events {
query.ReduceEvent(o, event)
}
}()
}
func (o *Org) ViewModel() string {
return orgTable
}
func (_ *Org) AggregateTypes() []es_models.AggregateType {
return []es_models.AggregateType{model.OrgAggregate}
}
func (o *Org) CurrentSequence(event *models.Event) (uint64, error) {
sequence, err := o.view.GetLatestOrgSequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (o *Org) EventQuery() (*es_models.SearchQuery, error) {
sequence, err := o.view.GetLatestOrgSequence()
sequence, err := o.view.GetLatestOrgSequence("")
if err != nil {
return nil, err
}
@@ -58,13 +93,13 @@ func (o *Org) Reduce(event *es_models.Event) (err error) {
}
org.Domain = domain.Domain
default:
return o.view.ProcessedOrgSequence(event.Sequence, event.CreationDate)
return o.view.ProcessedOrgSequence(event)
}
if err != nil {
return err
}
return o.view.PutOrg(org, event.CreationDate)
return o.view.PutOrg(org, event)
}
func (o *Org) OnError(event *es_models.Event, spoolerErr error) error {

73
internal/auth/repository/eventsourcing/handler/org_iam_policy.go
View File

@@ -2,68 +2,101 @@ package handler
import (
"github.com/caos/logging"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
type OrgIAMPolicy struct {
handler
}
const (
orgIAMPolicyTable = "auth.org_iam_policies"
)
type OrgIAMPolicy struct {
handler
subscription *eventstore.Subscription
}
func newOrgIAMPolicy(handler handler) *OrgIAMPolicy {
h := &OrgIAMPolicy{
handler: handler,
}
h.subscribe()
return h
}
func (p *OrgIAMPolicy) subscribe() {
p.subscription = p.es.Subscribe(p.AggregateTypes()...)
go func() {
for event := range p.subscription.Events {
query.ReduceEvent(p, event)
}
}()
}
func (p *OrgIAMPolicy) ViewModel() string {
return orgIAMPolicyTable
}
func (p *OrgIAMPolicy) EventQuery() (*models.SearchQuery, error) {
sequence, err := p.view.GetLatestOrgIAMPolicySequence()
func (_ *OrgIAMPolicy) AggregateTypes() []es_models.AggregateType {
return []es_models.AggregateType{org_es_model.OrgAggregate, iam_es_model.IAMAggregate}
}
func (p *OrgIAMPolicy) CurrentSequence(event *models.Event) (uint64, error) {
sequence, err := p.view.GetLatestOrgIAMPolicySequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (p *OrgIAMPolicy) EventQuery() (*es_models.SearchQuery, error) {
sequence, err := p.view.GetLatestOrgIAMPolicySequence("")
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(model.OrgAggregate, iam_es_model.IAMAggregate).
AggregateTypeFilter(p.AggregateTypes()...).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
func (p *OrgIAMPolicy) Reduce(event *models.Event) (err error) {
func (p *OrgIAMPolicy) Reduce(event *es_models.Event) (err error) {
switch event.AggregateType {
case model.OrgAggregate, iam_es_model.IAMAggregate:
case org_es_model.OrgAggregate, iam_es_model.IAMAggregate:
err = p.processOrgIAMPolicy(event)
}
return err
}
func (p *OrgIAMPolicy) processOrgIAMPolicy(event *models.Event) (err error) {
func (p *OrgIAMPolicy) processOrgIAMPolicy(event *es_models.Event) (err error) {
policy := new(iam_model.OrgIAMPolicyView)
switch event.Type {
case iam_es_model.OrgIAMPolicyAdded, model.OrgIAMPolicyAdded:
case iam_es_model.OrgIAMPolicyAdded, org_es_model.OrgIAMPolicyAdded:
err = policy.AppendEvent(event)
case iam_es_model.OrgIAMPolicyChanged, model.OrgIAMPolicyChanged:
case iam_es_model.OrgIAMPolicyChanged, org_es_model.OrgIAMPolicyChanged:
policy, err = p.view.OrgIAMPolicyByAggregateID(event.AggregateID)
if err != nil {
return err
}
err = policy.AppendEvent(event)
case model.OrgIAMPolicyRemoved:
return p.view.DeleteOrgIAMPolicy(event.AggregateID, event.Sequence, event.CreationDate)
case org_es_model.OrgIAMPolicyRemoved:
return p.view.DeleteOrgIAMPolicy(event.AggregateID, event)
default:
return p.view.ProcessedOrgIAMPolicySequence(event.Sequence, event.CreationDate)
return p.view.ProcessedOrgIAMPolicySequence(event)
}
if err != nil {
return err
}
return p.view.PutOrgIAMPolicy(policy, policy.Sequence, event.CreationDate)
return p.view.PutOrgIAMPolicy(policy, event)
}
func (p *OrgIAMPolicy) OnError(event *models.Event, err error) error {
func (p *OrgIAMPolicy) OnError(event *es_models.Event, err error) error {
logging.LogWithFields("SPOOL-3Gj8s", "id", event.AggregateID).WithError(err).Warn("something went wrong in orgIAM policy handler")
return spooler.HandleError(event, err, p.view.GetLatestOrgIAMPolicyFailedEvent, p.view.ProcessedOrgIAMPolicyFailedEvent, p.view.ProcessedOrgIAMPolicySequence, p.errorCountUntilSkip)
}

73
internal/auth/repository/eventsourcing/handler/password_complexity_policy.go
View File

@@ -2,68 +2,101 @@ package handler
import (
"github.com/caos/logging"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
type PasswordComplexityPolicy struct {
handler
}
const (
passwordComplexityPolicyTable = "auth.password_complexity_policies"
)
type PasswordComplexityPolicy struct {
handler
subscription *eventstore.Subscription
}
func newPasswordComplexityPolicy(handler handler) *PasswordComplexityPolicy {
h := &PasswordComplexityPolicy{
handler: handler,
}
h.subscribe()
return h
}
func (p *PasswordComplexityPolicy) subscribe() {
p.subscription = p.es.Subscribe(p.AggregateTypes()...)
go func() {
for event := range p.subscription.Events {
query.ReduceEvent(p, event)
}
}()
}
func (p *PasswordComplexityPolicy) ViewModel() string {
return passwordComplexityPolicyTable
}
func (p *PasswordComplexityPolicy) EventQuery() (*models.SearchQuery, error) {
sequence, err := p.view.GetLatestPasswordComplexityPolicySequence()
func (_ *PasswordComplexityPolicy) AggregateTypes() []es_models.AggregateType {
return []es_models.AggregateType{org_es_model.OrgAggregate, iam_es_model.IAMAggregate}
}
func (p *PasswordComplexityPolicy) CurrentSequence(event *models.Event) (uint64, error) {
sequence, err := p.view.GetLatestPasswordComplexityPolicySequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (p *PasswordComplexityPolicy) EventQuery() (*es_models.SearchQuery, error) {
sequence, err := p.view.GetLatestPasswordComplexityPolicySequence("")
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(model.OrgAggregate, iam_es_model.IAMAggregate).
AggregateTypeFilter(p.AggregateTypes()...).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
func (p *PasswordComplexityPolicy) Reduce(event *models.Event) (err error) {
func (p *PasswordComplexityPolicy) Reduce(event *es_models.Event) (err error) {
switch event.AggregateType {
case model.OrgAggregate, iam_es_model.IAMAggregate:
case org_es_model.OrgAggregate, iam_es_model.IAMAggregate:
err = p.processPasswordComplexityPolicy(event)
}
return err
}
func (p *PasswordComplexityPolicy) processPasswordComplexityPolicy(event *models.Event) (err error) {
func (p *PasswordComplexityPolicy) processPasswordComplexityPolicy(event *es_models.Event) (err error) {
policy := new(iam_model.PasswordComplexityPolicyView)
switch event.Type {
case iam_es_model.PasswordComplexityPolicyAdded, model.PasswordComplexityPolicyAdded:
case iam_es_model.PasswordComplexityPolicyAdded, org_es_model.PasswordComplexityPolicyAdded:
err = policy.AppendEvent(event)
case iam_es_model.PasswordComplexityPolicyChanged, model.PasswordComplexityPolicyChanged:
case iam_es_model.PasswordComplexityPolicyChanged, org_es_model.PasswordComplexityPolicyChanged:
policy, err = p.view.PasswordComplexityPolicyByAggregateID(event.AggregateID)
if err != nil {
return err
}
err = policy.AppendEvent(event)
case model.PasswordComplexityPolicyRemoved:
return p.view.DeletePasswordComplexityPolicy(event.AggregateID, event.Sequence, event.CreationDate)
case org_es_model.PasswordComplexityPolicyRemoved:
return p.view.DeletePasswordComplexityPolicy(event.AggregateID, event)
default:
return p.view.ProcessedPasswordComplexityPolicySequence(event.Sequence, event.CreationDate)
return p.view.ProcessedPasswordComplexityPolicySequence(event)
}
if err != nil {
return err
}
return p.view.PutPasswordComplexityPolicy(policy, policy.Sequence, event.CreationDate)
return p.view.PutPasswordComplexityPolicy(policy, event)
}
func (p *PasswordComplexityPolicy) OnError(event *models.Event, err error) error {
func (p *PasswordComplexityPolicy) OnError(event *es_models.Event, err error) error {
logging.LogWithFields("SPOOL-4Djo9", "id", event.AggregateID).WithError(err).Warn("something went wrong in passwordComplexity policy handler")
return spooler.HandleError(event, err, p.view.GetLatestPasswordComplexityPolicyFailedEvent, p.view.ProcessedPasswordComplexityPolicyFailedEvent, p.view.ProcessedPasswordComplexityPolicySequence, p.errorCountUntilSkip)
}

83
internal/auth/repository/eventsourcing/handler/project_role.go
View File

@@ -2,42 +2,80 @@ package handler
import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
"github.com/caos/zitadel/internal/project/repository/eventsourcing"
proj_event "github.com/caos/zitadel/internal/project/repository/eventsourcing"
es_model "github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
proj_events "github.com/caos/zitadel/internal/project/repository/eventsourcing"
"github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
view_model "github.com/caos/zitadel/internal/project/repository/view/model"
)
type ProjectRole struct {
handler
projectEvents *proj_event.ProjectEventstore
}
const (
projectRoleTable = "auth.project_roles"
)
type ProjectRole struct {
handler
projectEvents *proj_event.ProjectEventstore
subscription *eventstore.Subscription
}
func newProjectRole(
handler handler,
projectEvents *proj_events.ProjectEventstore,
) *ProjectRole {
h := &ProjectRole{
handler: handler,
projectEvents: projectEvents,
}
h.subscribe()
return h
}
func (k *ProjectRole) subscribe() {
k.subscription = k.es.Subscribe(k.AggregateTypes()...)
go func() {
for event := range k.subscription.Events {
query.ReduceEvent(k, event)
}
}()
}
func (p *ProjectRole) ViewModel() string {
return projectRoleTable
}
func (p *ProjectRole) EventQuery() (*models.SearchQuery, error) {
sequence, err := p.view.GetLatestProjectRoleSequence()
func (_ *ProjectRole) AggregateTypes() []es_models.AggregateType {
return []es_models.AggregateType{model.ProjectAggregate}
}
func (p *ProjectRole) CurrentSequence(event *models.Event) (uint64, error) {
sequence, err := p.view.GetLatestProjectRoleSequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (p *ProjectRole) EventQuery() (*es_models.SearchQuery, error) {
sequence, err := p.view.GetLatestProjectRoleSequence("")
if err != nil {
return nil, err
}
return eventsourcing.ProjectQuery(sequence.CurrentSequence), nil
return proj_events.ProjectQuery(sequence.CurrentSequence), nil
}
func (p *ProjectRole) Reduce(event *models.Event) (err error) {
func (p *ProjectRole) Reduce(event *es_models.Event) (err error) {
role := new(view_model.ProjectRoleView)
switch event.Type {
case es_model.ProjectRoleAdded:
case model.ProjectRoleAdded:
err = role.AppendEvent(event)
case es_model.ProjectRoleChanged:
case model.ProjectRoleChanged:
err = role.SetData(event)
if err != nil {
return err
@@ -47,24 +85,27 @@ func (p *ProjectRole) Reduce(event *models.Event) (err error) {
return err
}
err = role.AppendEvent(event)
case es_model.ProjectRoleRemoved:
case model.ProjectRoleRemoved:
err = role.SetData(event)
if err != nil {
return err
}
return p.view.DeleteProjectRole(event.AggregateID, event.ResourceOwner, role.Key, event.Sequence, event.CreationDate)
case es_model.ProjectRemoved:
return p.view.DeleteProjectRolesByProjectID(event.AggregateID)
return p.view.DeleteProjectRole(event.AggregateID, event.ResourceOwner, role.Key, event)
case model.ProjectRemoved:
err := p.view.DeleteProjectRolesByProjectID(event.AggregateID)
if err == nil {
return p.view.ProcessedProjectRoleSequence(event)
}
default:
return p.view.ProcessedProjectRoleSequence(event.Sequence, event.CreationDate)
return p.view.ProcessedProjectRoleSequence(event)
}
if err != nil {
return err
}
return p.view.PutProjectRole(role, event.CreationDate)
return p.view.PutProjectRole(role, event)
}
func (p *ProjectRole) OnError(event *models.Event, err error) error {
func (p *ProjectRole) OnError(event *es_models.Event, err error) error {
logging.LogWithFields("SPOOL-lso9w", "id", event.AggregateID).WithError(err).Warn("something went wrong in project role handler")
return spooler.HandleError(event, err, p.view.GetLatestProjectRoleFailedEvent, p.view.ProcessedProjectRoleFailedEvent, p.view.ProcessedProjectRoleSequence, p.errorCountUntilSkip)
}

64
internal/auth/repository/eventsourcing/handler/token.go
View File

@@ -6,8 +6,10 @@ import (
"github.com/caos/logging"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
proj_event "github.com/caos/zitadel/internal/project/repository/eventsourcing"
project_es_model "github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
@@ -15,21 +17,57 @@ import (
view_model "github.com/caos/zitadel/internal/user/repository/view/model"
)
type Token struct {
handler
ProjectEvents *proj_event.ProjectEventstore
}
const (
tokenTable = "auth.tokens"
)
type Token struct {
handler
ProjectEvents *proj_event.ProjectEventstore
subscription *eventstore.Subscription
}
func newToken(
handler handler,
projectEvents *proj_event.ProjectEventstore,
) *Token {
h := &Token{
handler: handler,
ProjectEvents: projectEvents,
}
h.subscribe()
return h
}
func (t *Token) subscribe() {
t.subscription = t.es.Subscribe(t.AggregateTypes()...)
go func() {
for event := range t.subscription.Events {
query.ReduceEvent(t, event)
}
}()
}
func (t *Token) ViewModel() string {
return tokenTable
}
func (_ *Token) AggregateTypes() []es_models.AggregateType {
return []es_models.AggregateType{user_es_model.UserAggregate, project_es_model.ProjectAggregate}
}
func (p *Token) CurrentSequence(event *models.Event) (uint64, error) {
sequence, err := p.view.GetLatestTokenSequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (t *Token) EventQuery() (*models.SearchQuery, error) {
sequence, err := t.view.GetLatestTokenSequence()
sequence, err := t.view.GetLatestTokenSequence("")
if err != nil {
return nil, err
}
@@ -49,7 +87,7 @@ func (t *Token) Reduce(event *models.Event) (err error) {
if err != nil {
return err
}
return t.view.PutToken(token, event.CreationDate)
return t.view.PutToken(token, event)
case user_es_model.UserProfileChanged,
user_es_model.HumanProfileChanged:
user := new(view_model.UserView)
@@ -61,25 +99,25 @@ func (t *Token) Reduce(event *models.Event) (err error) {
for _, token := range tokens {
token.PreferredLanguage = user.PreferredLanguage
}
return t.view.PutTokens(tokens, event.Sequence, event.CreationDate)
return t.view.PutTokens(tokens, event)
case user_es_model.SignedOut,
user_es_model.HumanSignedOut:
id, err := agentIDFromSession(event)
if err != nil {
return err
}
return t.view.DeleteSessionTokens(id, event.AggregateID, event.Sequence, event.CreationDate)
return t.view.DeleteSessionTokens(id, event.AggregateID, event)
case user_es_model.UserLocked,
user_es_model.UserDeactivated,
user_es_model.UserRemoved:
return t.view.DeleteUserTokens(event.AggregateID, event.Sequence, event.CreationDate)
return t.view.DeleteUserTokens(event.AggregateID, event)
case project_es_model.ApplicationDeactivated,
project_es_model.ApplicationRemoved:
application, err := applicationFromSession(event)
if err != nil {
return err
}
return t.view.DeleteApplicationTokens(event.Sequence, event.CreationDate, application.AppID)
return t.view.DeleteApplicationTokens(event, application.AppID)
case project_es_model.ProjectDeactivated,
project_es_model.ProjectRemoved:
project, err := t.ProjectEvents.ProjectByID(context.Background(), event.AggregateID)
@@ -90,9 +128,9 @@ func (t *Token) Reduce(event *models.Event) (err error) {
for _, app := range project.Applications {
applicationsIDs = append(applicationsIDs, app.AppID)
}
return t.view.DeleteApplicationTokens(event.Sequence, event.CreationDate, applicationsIDs...)
return t.view.DeleteApplicationTokens(event, applicationsIDs...)
default:
return t.view.ProcessedTokenSequence(event.Sequence, event.CreationDate)
return t.view.ProcessedTokenSequence(event)
}
}

84
internal/auth/repository/eventsourcing/handler/user.go
View File

@@ -2,45 +2,83 @@ package handler
import (
"context"
iam_es "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
iam_es "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
org_model "github.com/caos/zitadel/internal/org/model"
org_events "github.com/caos/zitadel/internal/org/repository/eventsourcing"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/spooler"
view_model "github.com/caos/zitadel/internal/user/repository/view/model"
)
type User struct {
handler
eventstore eventstore.Eventstore
orgEvents *org_events.OrgEventstore
iamEvents *iam_es.IAMEventstore
iamID string
}
const (
userTable = "auth.users"
)
type User struct {
handler
orgEvents *org_events.OrgEventstore
iamEvents *iam_es.IAMEventstore
iamID string
subscription *eventstore.Subscription
}
func newUser(
handler handler,
orgEvents *org_events.OrgEventstore,
iamEvents *iam_es.IAMEventstore,
iamID string,
) *User {
h := &User{
handler: handler,
orgEvents: orgEvents,
iamEvents: iamEvents,
iamID: iamID,
}
h.subscribe()
return h
}
func (k *User) subscribe() {
k.subscription = k.es.Subscribe(k.AggregateTypes()...)
go func() {
for event := range k.subscription.Events {
query.ReduceEvent(k, event)
}
}()
}
func (u *User) ViewModel() string {
return userTable
}
func (_ *User) AggregateTypes() []models.AggregateType {
return []models.AggregateType{es_model.UserAggregate, org_es_model.OrgAggregate}
}
func (u *User) CurrentSequence(event *models.Event) (uint64, error) {
sequence, err := u.view.GetLatestUserSequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (u *User) EventQuery() (*models.SearchQuery, error) {
sequence, err := u.view.GetLatestUserSequence()
sequence, err := u.view.GetLatestUserSequence("")
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(es_model.UserAggregate, org_es_model.OrgAggregate).
AggregateTypeFilter(u.AggregateTypes()...).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
@@ -120,14 +158,14 @@ func (u *User) ProcessUser(event *models.Event) (err error) {
}
err = u.fillLoginNames(user)
case es_model.UserRemoved:
return u.view.DeleteUser(event.AggregateID, event.Sequence, event.CreationDate)
return u.view.DeleteUser(event.AggregateID, event)
default:
return u.view.ProcessedUserSequence(event.Sequence, event.CreationDate)
return u.view.ProcessedUserSequence(event)
}
if err != nil {
return err
}
return u.view.PutUser(user, user.Sequence, event.CreationDate)
return u.view.PutUser(user, event)
}
func (u *User) fillLoginNames(user *view_model.UserView) (err error) {
@@ -158,7 +196,7 @@ func (u *User) ProcessOrg(event *models.Event) (err error) {
case org_es_model.OrgDomainPrimarySet:
return u.fillPreferredLoginNamesOnOrgUsers(event)
default:
return u.view.ProcessedUserSequence(event.Sequence, event.CreationDate)
return u.view.ProcessedUserSequence(event)
}
}
@@ -181,7 +219,7 @@ func (u *User) fillLoginNamesOnOrgUsers(event *models.Event) error {
for _, user := range users {
user.SetLoginNames(policy, org.Domains)
}
return u.view.PutUsers(users, event.Sequence, event.CreationDate)
return u.view.PutUsers(users, event)
}
func (u *User) fillPreferredLoginNamesOnOrgUsers(event *models.Event) error {
@@ -206,7 +244,7 @@ func (u *User) fillPreferredLoginNamesOnOrgUsers(event *models.Event) error {
for _, user := range users {
user.PreferredLoginName = user.GenerateLoginName(org.GetPrimaryDomain().Domain, policy.UserLoginMustBeDomain)
}
return u.view.PutUsers(users, 0, event.CreationDate)
return u.view.PutUsers(users, event)
}
func (u *User) OnError(event *models.Event, err error) error {

65
internal/auth/repository/eventsourcing/handler/user_external_idps.go
View File

@@ -2,11 +2,14 @@ package handler
import (
"context"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/config/systemdefaults"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/iam/repository/eventsourcing"
@@ -18,28 +21,68 @@ import (
usr_view_model "github.com/caos/zitadel/internal/user/repository/view/model"
)
const (
externalIDPTable = "auth.user_external_idps"
)
type ExternalIDP struct {
handler
systemDefaults systemdefaults.SystemDefaults
iamEvents *eventsourcing.IAMEventstore
orgEvents *org_es.OrgEventstore
subscription *eventstore.Subscription
}
const (
externalIDPTable = "auth.user_external_idps"
)
func newExternalIDP(
handler handler,
defaults systemdefaults.SystemDefaults,
iamEvents *eventsourcing.IAMEventstore,
orgEvents *org_es.OrgEventstore,
) *ExternalIDP {
h := &ExternalIDP{
handler: handler,
systemDefaults: defaults,
iamEvents: iamEvents,
orgEvents: orgEvents,
}
h.subscribe()
return h
}
func (i *ExternalIDP) subscribe() {
i.subscription = i.es.Subscribe(i.AggregateTypes()...)
go func() {
for event := range i.subscription.Events {
query.ReduceEvent(i, event)
}
}()
}
func (i *ExternalIDP) ViewModel() string {
return externalIDPTable
}
func (_ *ExternalIDP) AggregateTypes() []es_models.AggregateType {
return []es_models.AggregateType{model.UserAggregate, iam_es_model.IAMAggregate, org_es_model.OrgAggregate}
}
func (i *ExternalIDP) CurrentSequence(event *models.Event) (uint64, error) {
sequence, err := i.view.GetLatestExternalIDPSequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (i *ExternalIDP) EventQuery() (*models.SearchQuery, error) {
sequence, err := i.view.GetLatestExternalIDPSequence()
sequence, err := i.view.GetLatestExternalIDPSequence("")
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(model.UserAggregate, iam_es_model.IAMAggregate, org_es_model.OrgAggregate).
AggregateTypeFilter(i.AggregateTypes()...).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
@@ -67,16 +110,16 @@ func (i *ExternalIDP) processUser(event *models.Event) (err error) {
if err != nil {
return err
}
return i.view.DeleteExternalIDP(externalIDP.ExternalUserID, externalIDP.IDPConfigID, event.Sequence, event.CreationDate)
return i.view.DeleteExternalIDP(externalIDP.ExternalUserID, externalIDP.IDPConfigID, event)
case model.UserRemoved:
return i.view.DeleteExternalIDPsByUserID(event.AggregateID, event.Sequence, event.CreationDate)
return i.view.DeleteExternalIDPsByUserID(event.AggregateID, event)
default:
return i.view.ProcessedExternalIDPSequence(event.Sequence, event.CreationDate)
return i.view.ProcessedExternalIDPSequence(event)
}
if err != nil {
return err
}
return i.view.PutExternalIDP(externalIDP, externalIDP.Sequence, event.CreationDate)
return i.view.PutExternalIDP(externalIDP, event)
}
func (i *ExternalIDP) processIdpConfig(event *models.Event) (err error) {
@@ -104,9 +147,9 @@ func (i *ExternalIDP) processIdpConfig(event *models.Event) (err error) {
for _, provider := range exterinalIDPs {
i.fillConfigData(provider, config)
}
return i.view.PutExternalIDPs(event.Sequence, event.CreationDate, exterinalIDPs...)
return i.view.PutExternalIDPs(event, exterinalIDPs...)
default:
return i.view.ProcessedExternalIDPSequence(event.Sequence, event.CreationDate)
return i.view.ProcessedExternalIDPSequence(event)
}
return nil
}

90
internal/auth/repository/eventsourcing/handler/user_grant.go
View File

@@ -11,6 +11,7 @@ import (
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
iam_events "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
@@ -28,25 +29,68 @@ import (
"github.com/caos/zitadel/internal/v2/domain"
)
const (
userGrantTable = "auth.user_grants"
)
type UserGrant struct {
handler
eventstore eventstore.Eventstore
projectEvents *proj_event.ProjectEventstore
userEvents *usr_events.UserEventstore
orgEvents *org_events.OrgEventstore
iamEvents *iam_events.IAMEventstore
iamID string
iamProjectID string
subscription *eventstore.Subscription
}
const (
userGrantTable = "auth.user_grants"
)
func newUserGrant(
handler handler,
projectEvents *proj_event.ProjectEventstore,
userEvents *usr_events.UserEventstore,
orgEvents *org_events.OrgEventstore,
iamEvents *iam_events.IAMEventstore,
iamID string,
) *UserGrant {
h := &UserGrant{
handler: handler,
projectEvents: projectEvents,
userEvents: userEvents,
orgEvents: orgEvents,
iamEvents: iamEvents,
iamID: iamID,
}
h.subscribe()
return h
}
func (k *UserGrant) subscribe() {
k.subscription = k.es.Subscribe(k.AggregateTypes()...)
go func() {
for event := range k.subscription.Events {
query.ReduceEvent(k, event)
}
}()
}
func (u *UserGrant) ViewModel() string {
return userGrantTable
}
func (_ *UserGrant) AggregateTypes() []es_models.AggregateType {
return []es_models.AggregateType{grant_es_model.UserGrantAggregate, iam_es_model.IAMAggregate, org_es_model.OrgAggregate, usr_es_model.UserAggregate, proj_es_model.ProjectAggregate}
}
func (u *UserGrant) CurrentSequence(event *models.Event) (uint64, error) {
sequence, err := u.view.GetLatestUserGrantSequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (u *UserGrant) EventQuery() (*models.SearchQuery, error) {
if u.iamProjectID == "" {
err := u.setIamProjectID()
@@ -54,12 +98,12 @@ func (u *UserGrant) EventQuery() (*models.SearchQuery, error) {
return nil, err
}
}
sequence, err := u.view.GetLatestUserGrantSequence()
sequence, err := u.view.GetLatestUserGrantSequence("")
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(grant_es_model.UserGrantAggregate, iam_es_model.IAMAggregate, org_es_model.OrgAggregate, usr_es_model.UserAggregate, proj_es_model.ProjectAggregate).
AggregateTypeFilter(u.AggregateTypes()...).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
@@ -98,14 +142,14 @@ func (u *UserGrant) processUserGrant(event *models.Event) (err error) {
}
err = grant.AppendEvent(event)
case grant_es_model.UserGrantRemoved, grant_es_model.UserGrantCascadeRemoved:
return u.view.DeleteUserGrant(event.AggregateID, event.Sequence, event.CreationDate)
return u.view.DeleteUserGrant(event.AggregateID, event)
default:
return u.view.ProcessedUserGrantSequence(event.Sequence, event.CreationDate)
return u.view.ProcessedUserGrantSequence(event)
}
if err != nil {
return err
}
return u.view.PutUserGrant(grant, grant.Sequence, event.CreationDate)
return u.view.PutUserGrant(grant, event)
}
func (u *UserGrant) processUser(event *models.Event) (err error) {
@@ -120,7 +164,7 @@ func (u *UserGrant) processUser(event *models.Event) (err error) {
return err
}
if len(grants) == 0 {
return u.view.ProcessedUserGrantSequence(event.Sequence, event.CreationDate)
return u.view.ProcessedUserGrantSequence(event)
}
user, err := u.userEvents.UserByID(context.Background(), event.AggregateID)
if err != nil {
@@ -129,9 +173,9 @@ func (u *UserGrant) processUser(event *models.Event) (err error) {
for _, grant := range grants {
u.fillUserData(grant, user)
}
return u.view.PutUserGrants(grants, event.Sequence, event.CreationDate)
return u.view.PutUserGrants(grants, event)
default:
return u.view.ProcessedUserGrantSequence(event.Sequence, event.CreationDate)
return u.view.ProcessedUserGrantSequence(event)
}
}
@@ -149,7 +193,7 @@ func (u *UserGrant) processProject(event *models.Event) (err error) {
for _, grant := range grants {
u.fillProjectData(grant, project)
}
return u.view.PutUserGrants(grants, event.Sequence, event.CreationDate)
return u.view.PutUserGrants(grants, event)
case proj_es_model.ProjectMemberAdded, proj_es_model.ProjectMemberChanged, proj_es_model.ProjectMemberRemoved:
member := new(proj_es_model.ProjectMember)
member.SetData(event)
@@ -159,7 +203,7 @@ func (u *UserGrant) processProject(event *models.Event) (err error) {
member.SetData(event)
return u.processMember(event, "PROJECT_GRANT", member.GrantID, member.UserID, member.Roles)
default:
return u.view.ProcessedUserGrantSequence(event.Sequence, event.CreationDate)
return u.view.ProcessedUserGrantSequence(event)
}
}
@@ -170,7 +214,7 @@ func (u *UserGrant) processOrg(event *models.Event) (err error) {
member.SetData(event)
return u.processMember(event, "ORG", "", member.UserID, member.Roles)
default:
return u.view.ProcessedUserGrantSequence(event.Sequence, event.CreationDate)
return u.view.ProcessedUserGrantSequence(event)
}
}
@@ -208,16 +252,16 @@ func (u *UserGrant) processIAMMember(event *models.Event, rolePrefix string, suf
}
grant.Sequence = event.Sequence
grant.ChangeDate = event.CreationDate
return u.view.PutUserGrant(grant, grant.Sequence, event.CreationDate)
return u.view.PutUserGrant(grant, event)
case iam_es_model.IAMMemberRemoved:
member.SetData(event)
grant, err := u.view.UserGrantByIDs(u.iamID, u.iamProjectID, member.UserID)
if err != nil {
return err
}
return u.view.DeleteUserGrant(grant.ID, event.Sequence, event.CreationDate)
return u.view.DeleteUserGrant(grant.ID, event)
default:
return u.view.ProcessedUserGrantSequence(event.Sequence, event.CreationDate)
return u.view.ProcessedUserGrantSequence(event)
}
}
@@ -253,7 +297,7 @@ func (u *UserGrant) processMember(event *models.Event, rolePrefix, roleSuffix st
}
grant.Sequence = event.Sequence
grant.ChangeDate = event.CreationDate
return u.view.PutUserGrant(grant, event.Sequence, event.CreationDate)
return u.view.PutUserGrant(grant, event)
case org_es_model.OrgMemberRemoved,
proj_es_model.ProjectMemberRemoved,
proj_es_model.ProjectGrantMemberRemoved:
@@ -263,18 +307,18 @@ func (u *UserGrant) processMember(event *models.Event, rolePrefix, roleSuffix st
return err
}
if errors.IsNotFound(err) {
return u.view.ProcessedUserGrantSequence(event.Sequence, event.CreationDate)
return u.view.ProcessedUserGrantSequence(event)
}
if roleSuffix != "" {
roleKeys = suffixRoles(roleSuffix, roleKeys)
}
if grant.RoleKeys == nil {
return u.view.ProcessedUserGrantSequence(event.Sequence, event.CreationDate)
return u.view.ProcessedUserGrantSequence(event)
}
grant.RoleKeys = mergeExistingRoles(rolePrefix, roleSuffix, grant.RoleKeys, nil)
return u.view.PutUserGrant(grant, event.Sequence, event.CreationDate)
return u.view.PutUserGrant(grant, event)
default:
return u.view.ProcessedUserGrantSequence(event.Sequence, event.CreationDate)
return u.view.ProcessedUserGrantSequence(event)
}
}

100
internal/auth/repository/eventsourcing/handler/user_membership.go
View File

@@ -2,52 +2,90 @@ package handler
import (
"context"
"github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
org_model "github.com/caos/zitadel/internal/org/model"
org_event "github.com/caos/zitadel/internal/org/repository/eventsourcing"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
proj_event "github.com/caos/zitadel/internal/project/repository/eventsourcing"
proj_es_model "github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/spooler"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
usr_model "github.com/caos/zitadel/internal/user/model"
"github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
usr_es_model "github.com/caos/zitadel/internal/user/repository/view/model"
)
const (
userMembershipTable = "auth.user_memberships"
)
type UserMembership struct {
handler
orgEvents *org_event.OrgEventstore
projectEvents *proj_event.ProjectEventstore
subscription *eventstore.Subscription
}
const (
userMembershipTable = "auth.user_memberships"
)
func newUserMembership(
handler handler,
orgEvents *org_event.OrgEventstore,
projectEvents *proj_event.ProjectEventstore,
) *UserMembership {
h := &UserMembership{
handler: handler,
orgEvents: orgEvents,
projectEvents: projectEvents,
}
h.subscribe()
return h
}
func (m *UserMembership) subscribe() {
m.subscription = m.es.Subscribe(m.AggregateTypes()...)
go func() {
for event := range m.subscription.Events {
query.ReduceEvent(m, event)
}
}()
}
func (m *UserMembership) ViewModel() string {
return userMembershipTable
}
func (_ *UserMembership) AggregateTypes() []es_models.AggregateType {
return []es_models.AggregateType{iam_es_model.IAMAggregate, org_es_model.OrgAggregate, proj_es_model.ProjectAggregate, model.UserAggregate}
}
func (m *UserMembership) CurrentSequence(event *models.Event) (uint64, error) {
sequence, err := m.view.GetLatestUserMembershipSequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (m *UserMembership) EventQuery() (*models.SearchQuery, error) {
sequence, err := m.view.GetLatestUserMembershipSequence()
sequence, err := m.view.GetLatestUserMembershipSequence("")
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(iam_es_model.IAMAggregate, org_es_model.OrgAggregate, proj_es_model.ProjectAggregate, model.UserAggregate).
AggregateTypeFilter(m.AggregateTypes()...).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
func (m *UserMembership) Reduce(event *models.Event) (err error) {
switch event.AggregateType {
case iam_es_model.IAMAggregate:
err = m.processIam(event)
err = m.processIAM(event)
case org_es_model.OrgAggregate:
err = m.processOrg(event)
case proj_es_model.ProjectAggregate:
@@ -58,7 +96,7 @@ func (m *UserMembership) Reduce(event *models.Event) (err error) {
return err
}
func (m *UserMembership) processIam(event *models.Event) (err error) {
func (m *UserMembership) processIAM(event *models.Event) (err error) {
member := new(usr_es_model.UserMembershipView)
err = member.AppendEvent(event)
if err != nil {
@@ -74,14 +112,14 @@ func (m *UserMembership) processIam(event *models.Event) (err error) {
}
err = member.AppendEvent(event)
case iam_es_model.IAMMemberRemoved:
return m.view.DeleteUserMembership(member.UserID, event.AggregateID, event.AggregateID, usr_model.MemberTypeIam, event.Sequence, event.CreationDate)
return m.view.DeleteUserMembership(member.UserID, event.AggregateID, event.AggregateID, usr_model.MemberTypeIam, event)
default:
return m.view.ProcessedUserMembershipSequence(event.Sequence, event.CreationDate)
return m.view.ProcessedUserMembershipSequence(event)
}
if err != nil {
return err
}
return m.view.PutUserMembership(member, event.Sequence, event.CreationDate)
return m.view.PutUserMembership(member, event)
}
func (m *UserMembership) fillIamDisplayName(member *usr_es_model.UserMembershipView) {
@@ -105,16 +143,16 @@ func (m *UserMembership) processOrg(event *models.Event) (err error) {
}
err = member.AppendEvent(event)
case org_es_model.OrgMemberRemoved:
return m.view.DeleteUserMembership(member.UserID, event.AggregateID, event.AggregateID, usr_model.MemberTypeOrganisation, event.Sequence, event.CreationDate)
return m.view.DeleteUserMembership(member.UserID, event.AggregateID, event.AggregateID, usr_model.MemberTypeOrganisation, event)
case org_es_model.OrgChanged:
return m.updateOrgName(event)
default:
return m.view.ProcessedUserMembershipSequence(event.Sequence, event.CreationDate)
return m.view.ProcessedUserMembershipSequence(event)
}
if err != nil {
return err
}
return m.view.PutUserMembership(member, event.Sequence, event.CreationDate)
return m.view.PutUserMembership(member, event)
}
func (m *UserMembership) fillOrgName(member *usr_es_model.UserMembershipView) (err error) {
@@ -145,7 +183,7 @@ func (m *UserMembership) updateOrgName(event *models.Event) error {
membership.DisplayName = org.Name
}
}
return m.view.BulkPutUserMemberships(memberships, event.Sequence, event.CreationDate)
return m.view.BulkPutUserMemberships(memberships, event)
}
func (m *UserMembership) processProject(event *models.Event) (err error) {
@@ -168,7 +206,7 @@ func (m *UserMembership) processProject(event *models.Event) (err error) {
}
err = member.AppendEvent(event)
case proj_es_model.ProjectMemberRemoved:
return m.view.DeleteUserMembership(member.UserID, event.AggregateID, event.AggregateID, usr_model.MemberTypeProject, event.Sequence, event.CreationDate)
return m.view.DeleteUserMembership(member.UserID, event.AggregateID, event.AggregateID, usr_model.MemberTypeProject, event)
case proj_es_model.ProjectGrantMemberChanged:
member, err = m.view.UserMembershipByIDs(member.UserID, event.AggregateID, member.ObjectID, usr_model.MemberTypeProjectGrant)
if err != nil {
@@ -176,20 +214,20 @@ func (m *UserMembership) processProject(event *models.Event) (err error) {
}
err = member.AppendEvent(event)
case proj_es_model.ProjectGrantMemberRemoved:
return m.view.DeleteUserMembership(member.UserID, event.AggregateID, member.ObjectID, usr_model.MemberTypeProjectGrant, event.Sequence, event.CreationDate)
return m.view.DeleteUserMembership(member.UserID, event.AggregateID, member.ObjectID, usr_model.MemberTypeProjectGrant, event)
case proj_es_model.ProjectChanged:
return m.updateProjectDisplayName(event)
case proj_es_model.ProjectRemoved:
return m.view.DeleteUserMembershipsByAggregateID(event.AggregateID, event.Sequence, event.CreationDate)
return m.view.DeleteUserMembershipsByAggregateID(event.AggregateID, event)
case proj_es_model.ProjectGrantRemoved:
return m.view.DeleteUserMembershipsByAggregateIDAndObjectID(event.AggregateID, member.ObjectID, event.Sequence, event.CreationDate)
return m.view.DeleteUserMembershipsByAggregateIDAndObjectID(event.AggregateID, member.ObjectID, event)
default:
return m.view.ProcessedUserMembershipSequence(event.Sequence, event.CreationDate)
return m.view.ProcessedUserMembershipSequence(event)
}
if err != nil {
return err
}
return m.view.PutUserMembership(member, event.Sequence, event.CreationDate)
return m.view.PutUserMembership(member, event)
}
func (m *UserMembership) fillProjectDisplayName(member *usr_es_model.UserMembershipView) (err error) {
@@ -214,15 +252,15 @@ func (m *UserMembership) updateProjectDisplayName(event *models.Event) error {
for _, membership := range memberships {
membership.DisplayName = project.Name
}
return m.view.BulkPutUserMemberships(memberships, event.Sequence, event.CreationDate)
return m.view.BulkPutUserMemberships(memberships, event)
}
func (m *UserMembership) processUser(event *models.Event) (err error) {
switch event.Type {
case model.UserRemoved:
return m.view.DeleteUserMembershipsByUserID(event.AggregateID, event.Sequence, event.CreationDate)
return m.view.DeleteUserMembershipsByUserID(event.AggregateID, event)
default:
return m.view.ProcessedUserMembershipSequence(event.Sequence, event.CreationDate)
return m.view.ProcessedUserMembershipSequence(event)
}
}

66
internal/auth/repository/eventsourcing/handler/user_session.go
View File

@@ -1,34 +1,70 @@
package handler
import (
"github.com/caos/logging"
req_model "github.com/caos/zitadel/internal/auth_request/model"
"github.com/caos/zitadel/internal/errors"
es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
"github.com/caos/zitadel/internal/user/repository/eventsourcing"
user_events "github.com/caos/zitadel/internal/user/repository/eventsourcing"
es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
view_model "github.com/caos/zitadel/internal/user/repository/view/model"
)
type UserSession struct {
handler
userEvents *user_events.UserEventstore
}
const (
userSessionTable = "auth.user_sessions"
)
type UserSession struct {
handler
userEvents *user_events.UserEventstore
subscription *eventstore.Subscription
}
func newUserSession(
handler handler,
userEvents *user_events.UserEventstore,
) *UserSession {
h := &UserSession{
handler: handler,
userEvents: userEvents,
}
h.subscribe()
return h
}
func (k *UserSession) subscribe() {
k.subscription = k.es.Subscribe(k.AggregateTypes()...)
go func() {
for event := range k.subscription.Events {
query.ReduceEvent(k, event)
}
}()
}
func (u *UserSession) ViewModel() string {
return userSessionTable
}
func (_ *UserSession) AggregateTypes() []models.AggregateType {
return []models.AggregateType{es_model.UserAggregate}
}
func (u *UserSession) CurrentSequence(event *models.Event) (uint64, error) {
sequence, err := u.view.GetLatestUserSessionSequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (u *UserSession) EventQuery() (*models.SearchQuery, error) {
sequence, err := u.view.GetLatestUserSessionSequence()
sequence, err := u.view.GetLatestUserSessionSequence("")
if err != nil {
return nil, err
}
@@ -90,7 +126,7 @@ func (u *UserSession) Reduce(event *models.Event) (err error) {
return err
}
if len(sessions) == 0 {
return u.view.ProcessedUserSessionSequence(event.Sequence, event.CreationDate)
return u.view.ProcessedUserSessionSequence(event)
}
for _, session := range sessions {
if err := session.AppendEvent(event); err != nil {
@@ -100,11 +136,11 @@ func (u *UserSession) Reduce(event *models.Event) (err error) {
return err
}
}
return u.view.PutUserSessions(sessions, event.Sequence, event.CreationDate)
return u.view.PutUserSessions(sessions, event)
case es_model.UserRemoved:
return u.view.DeleteUserSessions(event.AggregateID, event.Sequence, event.CreationDate)
return u.view.DeleteUserSessions(event.AggregateID, event)
default:
return u.view.ProcessedUserSessionSequence(event.Sequence, event.CreationDate)
return u.view.ProcessedUserSessionSequence(event)
}
}
@@ -124,7 +160,7 @@ func (u *UserSession) updateSession(session *view_model.UserSessionView, event *
if err := u.fillUserInfo(session, event.AggregateID); err != nil {
return err
}
return u.view.PutUserSession(session, event.CreationDate)
return u.view.PutUserSession(session, event)
}
func (u *UserSession) fillUserInfo(session *view_model.UserSessionView, id string) error {

3
internal/auth/repository/eventsourcing/spooler/lock.go
View File

@@ -2,8 +2,9 @@ package spooler
import (
"database/sql"
es_locker "github.com/caos/zitadel/internal/eventstore/locker"
"time"
es_locker "github.com/caos/zitadel/internal/eventstore/locker"
)
const (

25
internal/auth/repository/eventsourcing/view/application.go
View File

@@ -2,13 +2,14 @@ package view
import (
"context"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
global_model "github.com/caos/zitadel/internal/model"
proj_model "github.com/caos/zitadel/internal/project/model"
"github.com/caos/zitadel/internal/project/repository/view"
"github.com/caos/zitadel/internal/project/repository/view/model"
"github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -27,28 +28,28 @@ func (v *View) SearchApplications(request *proj_model.ApplicationSearchRequest)
return view.SearchApplications(v.Db, applicationTable, request)
}
func (v *View) PutApplication(app *model.ApplicationView, eventTimestamp time.Time) error {
func (v *View) PutApplication(app *model.ApplicationView, event *models.Event) error {
err := view.PutApplication(v.Db, applicationTable, app)
if err != nil {
return err
}
return v.ProcessedApplicationSequence(app.Sequence, eventTimestamp)
return v.ProcessedApplicationSequence(event)
}
func (v *View) PutApplications(apps []*model.ApplicationView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) PutApplications(apps []*model.ApplicationView, event *models.Event) error {
err := view.PutApplications(v.Db, applicationTable, apps...)
if err != nil {
return err
}
return v.ProcessedApplicationSequence(sequence, eventTimestamp)
return v.ProcessedApplicationSequence(event)
}
func (v *View) DeleteApplication(appID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteApplication(appID string, event *models.Event) error {
err := view.DeleteApplication(v.Db, applicationTable, appID)
if err != nil {
return nil
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedApplicationSequence(eventSequence, eventTimestamp)
return v.ProcessedApplicationSequence(event)
}
func (v *View) DeleteApplicationsByProjectID(projectID string) error {
@@ -56,11 +57,11 @@ func (v *View) DeleteApplicationsByProjectID(projectID string) error {
}
func (v *View) GetLatestApplicationSequence() (*repository.CurrentSequence, error) {
return v.latestSequence(applicationTable)
return v.latestSequence(applicationTable, "")
}
func (v *View) ProcessedApplicationSequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(applicationTable, eventSequence, eventTimestamp)
func (v *View) ProcessedApplicationSequence(event *models.Event) error {
return v.saveCurrentSequence(applicationTable, event)
}
func (v *View) UpdateApplicationSpoolerRunTimestamp() error {

26
internal/auth/repository/eventsourcing/view/external_idps.go
View File

@@ -2,11 +2,11 @@ package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
usr_model "github.com/caos/zitadel/internal/user/model"
"github.com/caos/zitadel/internal/user/repository/view"
"github.com/caos/zitadel/internal/user/repository/view/model"
global_view "github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -33,44 +33,44 @@ func (v *View) SearchExternalIDPs(request *usr_model.ExternalIDPSearchRequest) (
return view.SearchExternalIDPs(v.Db, externalIDPTable, request)
}
func (v *View) PutExternalIDP(externalIDP *model.ExternalIDPView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) PutExternalIDP(externalIDP *model.ExternalIDPView, event *models.Event) error {
err := view.PutExternalIDP(v.Db, externalIDPTable, externalIDP)
if err != nil {
return err
}
return v.ProcessedExternalIDPSequence(sequence, eventTimestamp)
return v.ProcessedExternalIDPSequence(event)
}
func (v *View) PutExternalIDPs(sequence uint64, eventTimestamp time.Time, externalIDPs ...*model.ExternalIDPView) error {
func (v *View) PutExternalIDPs(event *models.Event, externalIDPs ...*model.ExternalIDPView) error {
err := view.PutExternalIDPs(v.Db, externalIDPTable, externalIDPs...)
if err != nil {
return err
}
return v.ProcessedExternalIDPSequence(sequence, eventTimestamp)
return v.ProcessedExternalIDPSequence(event)
}
func (v *View) DeleteExternalIDP(externalUserID, idpConfigID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteExternalIDP(externalUserID, idpConfigID string, event *models.Event) error {
err := view.DeleteExternalIDP(v.Db, externalIDPTable, externalUserID, idpConfigID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedExternalIDPSequence(eventSequence, eventTimestamp)
return v.ProcessedExternalIDPSequence(event)
}
func (v *View) DeleteExternalIDPsByUserID(userID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteExternalIDPsByUserID(userID string, event *models.Event) error {
err := view.DeleteExternalIDPsByUserID(v.Db, externalIDPTable, userID)
if err != nil {
return err
}
return v.ProcessedExternalIDPSequence(eventSequence, eventTimestamp)
return v.ProcessedExternalIDPSequence(event)
}
func (v *View) GetLatestExternalIDPSequence() (*global_view.CurrentSequence, error) {
return v.latestSequence(externalIDPTable)
func (v *View) GetLatestExternalIDPSequence(aggregateType string) (*global_view.CurrentSequence, error) {
return v.latestSequence(externalIDPTable, aggregateType)
}
func (v *View) ProcessedExternalIDPSequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(externalIDPTable, eventSequence, eventTimestamp)
func (v *View) ProcessedExternalIDPSequence(event *models.Event) error {
return v.saveCurrentSequence(externalIDPTable, event)
}
func (v *View) UpdateExternalIDPSpoolerRunTimestamp() error {

18
internal/auth/repository/eventsourcing/view/idp_configs.go
View File

@@ -2,11 +2,11 @@ package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/iam/repository/view"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/view/model"
global_view "github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -25,28 +25,28 @@ func (v *View) SearchIDPConfigs(request *iam_model.IDPConfigSearchRequest) ([]*i
return view.SearchIDPs(v.Db, idpConfigTable, request)
}
func (v *View) PutIDPConfig(idp *iam_es_model.IDPConfigView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) PutIDPConfig(idp *iam_es_model.IDPConfigView, event *models.Event) error {
err := view.PutIDP(v.Db, idpConfigTable, idp)
if err != nil {
return err
}
return v.ProcessedIDPConfigSequence(sequence, eventTimestamp)
return v.ProcessedIDPConfigSequence(event)
}
func (v *View) DeleteIDPConfig(idpID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteIDPConfig(idpID string, event *models.Event) error {
err := view.DeleteIDP(v.Db, idpConfigTable, idpID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedIDPConfigSequence(eventSequence, eventTimestamp)
return v.ProcessedIDPConfigSequence(event)
}
func (v *View) GetLatestIDPConfigSequence() (*global_view.CurrentSequence, error) {
return v.latestSequence(idpConfigTable)
func (v *View) GetLatestIDPConfigSequence(aggregateType string) (*global_view.CurrentSequence, error) {
return v.latestSequence(idpConfigTable, aggregateType)
}
func (v *View) ProcessedIDPConfigSequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(idpConfigTable, eventSequence, eventTimestamp)
func (v *View) ProcessedIDPConfigSequence(event *models.Event) error {
return v.saveCurrentSequence(idpConfigTable, event)
}
func (v *View) UpdateIDPConfigSpoolerRunTimestamp() error {

26
internal/auth/repository/eventsourcing/view/idp_providers.go
View File

@@ -2,11 +2,11 @@ package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/iam/repository/view"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_view "github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -29,44 +29,44 @@ func (v *View) SearchIDPProviders(request *iam_model.IDPProviderSearchRequest) (
return view.SearchIDPProviders(v.Db, idpProviderTable, request)
}
func (v *View) PutIDPProvider(provider *model.IDPProviderView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) PutIDPProvider(provider *model.IDPProviderView, event *models.Event) error {
err := view.PutIDPProvider(v.Db, idpProviderTable, provider)
if err != nil {
return err
}
return v.ProcessedIDPProviderSequence(sequence, eventTimestamp)
return v.ProcessedIDPProviderSequence(event)
}
func (v *View) PutIDPProviders(sequence uint64, eventTimestamp time.Time, providers ...*model.IDPProviderView) error {
func (v *View) PutIDPProviders(event *models.Event, providers ...*model.IDPProviderView) error {
err := view.PutIDPProviders(v.Db, idpProviderTable, providers...)
if err != nil {
return err
}
return v.ProcessedIDPProviderSequence(sequence, eventTimestamp)
return v.ProcessedIDPProviderSequence(event)
}
func (v *View) DeleteIDPProvider(aggregateID, idpConfigID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteIDPProvider(aggregateID, idpConfigID string, event *models.Event) error {
err := view.DeleteIDPProvider(v.Db, idpProviderTable, aggregateID, idpConfigID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedIDPProviderSequence(eventSequence, eventTimestamp)
return v.ProcessedIDPProviderSequence(event)
}
func (v *View) DeleteIDPProvidersByAggregateID(aggregateID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteIDPProvidersByAggregateID(aggregateID string, event *models.Event) error {
err := view.DeleteIDPProvidersByAggregateID(v.Db, idpProviderTable, aggregateID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedIDPProviderSequence(eventSequence, eventTimestamp)
return v.ProcessedIDPProviderSequence(event)
}
func (v *View) GetLatestIDPProviderSequence() (*global_view.CurrentSequence, error) {
return v.latestSequence(idpProviderTable)
func (v *View) GetLatestIDPProviderSequence(aggregateType string) (*global_view.CurrentSequence, error) {
return v.latestSequence(idpProviderTable, aggregateType)
}
func (v *View) ProcessedIDPProviderSequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(idpProviderTable, eventSequence, eventTimestamp)
func (v *View) ProcessedIDPProviderSequence(event *models.Event) error {
return v.saveCurrentSequence(idpProviderTable, event)
}
func (v *View) UpdateIDPProviderSpoolerRunTimestamp() error {

31
internal/auth/repository/eventsourcing/view/key.go
View File

@@ -1,11 +1,12 @@
package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
key_model "github.com/caos/zitadel/internal/key/model"
"github.com/caos/zitadel/internal/key/repository/view"
"github.com/caos/zitadel/internal/key/repository/view/model"
"github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -32,36 +33,36 @@ func (v *View) GetActiveKeySet() ([]*key_model.PublicKey, error) {
return key_model.PublicKeysFromKeyView(model.KeyViewsToModel(keys), v.keyAlgorithm)
}
func (v *View) PutKeys(privateKey, publicKey *model.KeyView, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) PutKeys(privateKey, publicKey *model.KeyView, event *models.Event) error {
err := view.PutKeys(v.Db, keyTable, privateKey, publicKey)
if err != nil {
return err
}
return v.ProcessedKeySequence(eventSequence, eventTimestamp)
return v.ProcessedKeySequence(event)
}
func (v *View) DeleteKey(keyID string, private bool, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteKey(keyID string, private bool, event *models.Event) error {
err := view.DeleteKey(v.Db, keyTable, keyID, private)
if err != nil {
return nil
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedKeySequence(eventSequence, eventTimestamp)
return v.ProcessedKeySequence(event)
}
func (v *View) DeleteKeyPair(keyID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteKeyPair(keyID string, event *models.Event) error {
err := view.DeleteKeyPair(v.Db, keyTable, keyID)
if err != nil {
return nil
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedKeySequence(eventSequence, eventTimestamp)
return v.ProcessedKeySequence(event)
}
func (v *View) GetLatestKeySequence() (*repository.CurrentSequence, error) {
return v.latestSequence(keyTable)
func (v *View) GetLatestKeySequence(aggregateType string) (*repository.CurrentSequence, error) {
return v.latestSequence(keyTable, aggregateType)
}
func (v *View) ProcessedKeySequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(keyTable, eventSequence, eventTimestamp)
func (v *View) ProcessedKeySequence(event *models.Event) error {
return v.saveCurrentSequence(keyTable, event)
}
func (v *View) UpdateKeySpoolerRunTimestamp() error {

18
internal/auth/repository/eventsourcing/view/login_policies.go
View File

@@ -2,10 +2,10 @@ package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/repository/view"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_view "github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -16,28 +16,28 @@ func (v *View) LoginPolicyByAggregateID(aggregateID string) (*model.LoginPolicyV
return view.GetLoginPolicyByAggregateID(v.Db, loginPolicyTable, aggregateID)
}
func (v *View) PutLoginPolicy(policy *model.LoginPolicyView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) PutLoginPolicy(policy *model.LoginPolicyView, event *models.Event) error {
err := view.PutLoginPolicy(v.Db, loginPolicyTable, policy)
if err != nil {
return err
}
return v.ProcessedLoginPolicySequence(sequence, eventTimestamp)
return v.ProcessedLoginPolicySequence(event)
}
func (v *View) DeleteLoginPolicy(aggregateID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteLoginPolicy(aggregateID string, event *models.Event) error {
err := view.DeleteLoginPolicy(v.Db, loginPolicyTable, aggregateID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedLoginPolicySequence(eventSequence, eventTimestamp)
return v.ProcessedLoginPolicySequence(event)
}
func (v *View) GetLatestLoginPolicySequence() (*global_view.CurrentSequence, error) {
return v.latestSequence(loginPolicyTable)
func (v *View) GetLatestLoginPolicySequence(aggregateType string) (*global_view.CurrentSequence, error) {
return v.latestSequence(loginPolicyTable, aggregateType)
}
func (v *View) ProcessedLoginPolicySequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(loginPolicyTable, eventSequence, eventTimestamp)
func (v *View) ProcessedLoginPolicySequence(event *models.Event) error {
return v.saveCurrentSequence(loginPolicyTable, event)
}
func (v *View) UpdateLoginPolicySpoolerRunTimestamp() error {

34
internal/auth/repository/eventsourcing/view/machine_keys.go
View File

@@ -1,11 +1,12 @@
package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
usr_model "github.com/caos/zitadel/internal/user/model"
"github.com/caos/zitadel/internal/user/repository/view"
"github.com/caos/zitadel/internal/user/repository/view/model"
"github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -28,39 +29,36 @@ func (v *View) SearchMachineKeys(request *usr_model.MachineKeySearchRequest) ([]
return view.SearchMachineKeys(v.Db, machineKeyTable, request)
}
func (v *View) PutMachineKey(key *model.MachineKeyView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) PutMachineKey(key *model.MachineKeyView, event *models.Event) error {
err := view.PutMachineKey(v.Db, machineKeyTable, key)
if err != nil {
return err
}
if sequence != 0 {
return v.ProcessedMachineKeySequence(sequence, eventTimestamp)
}
return nil
return v.ProcessedMachineKeySequence(event)
}
func (v *View) DeleteMachineKey(keyID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteMachineKey(keyID string, event *models.Event) error {
err := view.DeleteMachineKey(v.Db, machineKeyTable, keyID)
if err != nil {
return nil
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedMachineKeySequence(eventSequence, eventTimestamp)
return v.ProcessedMachineKeySequence(event)
}
func (v *View) DeleteMachineKeysByUserID(userID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteMachineKeysByUserID(userID string, event *models.Event) error {
err := view.DeleteMachineKey(v.Db, machineKeyTable, userID)
if err != nil {
return nil
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedMachineKeySequence(eventSequence, eventTimestamp)
return v.ProcessedMachineKeySequence(event)
}
func (v *View) GetLatestMachineKeySequence() (*repository.CurrentSequence, error) {
return v.latestSequence(machineKeyTable)
func (v *View) GetLatestMachineKeySequence(aggregateType string) (*repository.CurrentSequence, error) {
return v.latestSequence(machineKeyTable, aggregateType)
}
func (v *View) ProcessedMachineKeySequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(machineKeyTable, eventSequence, eventTimestamp)
func (v *View) ProcessedMachineKeySequence(event *models.Event) error {
return v.saveCurrentSequence(machineKeyTable, event)
}
func (v *View) UpdateMachineKeySpoolerRunTimestamp() error {

14
internal/auth/repository/eventsourcing/view/org.go
View File

@@ -1,11 +1,11 @@
package view
import (
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/org/model"
org_view "github.com/caos/zitadel/internal/org/repository/view"
org_model "github.com/caos/zitadel/internal/org/repository/view/model"
"github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -24,12 +24,12 @@ func (v *View) SearchOrgs(req *model.OrgSearchRequest) ([]*org_model.OrgView, ui
return org_view.SearchOrgs(v.Db, orgTable, req)
}
func (v *View) PutOrg(org *org_model.OrgView, eventTimestamp time.Time) error {
func (v *View) PutOrg(org *org_model.OrgView, event *models.Event) error {
err := org_view.PutOrg(v.Db, orgTable, org)
if err != nil {
return err
}
return v.ProcessedOrgSequence(org.Sequence, eventTimestamp)
return v.ProcessedOrgSequence(event)
}
func (v *View) GetLatestOrgFailedEvent(sequence uint64) (*repository.FailedEvent, error) {
@@ -44,10 +44,10 @@ func (v *View) UpdateOrgSpoolerRunTimestamp() error {
return v.updateSpoolerRunSequence(orgTable)
}
func (v *View) GetLatestOrgSequence() (*repository.CurrentSequence, error) {
return v.latestSequence(orgTable)
func (v *View) GetLatestOrgSequence(aggregateType string) (*repository.CurrentSequence, error) {
return v.latestSequence(orgTable, aggregateType)
}
func (v *View) ProcessedOrgSequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(orgTable, eventSequence, eventTimestamp)
func (v *View) ProcessedOrgSequence(event *models.Event) error {
return v.saveCurrentSequence(orgTable, event)
}

18
internal/auth/repository/eventsourcing/view/org_iam_policy.go
View File

@@ -2,10 +2,10 @@ package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/repository/view"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_view "github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -16,28 +16,28 @@ func (v *View) OrgIAMPolicyByAggregateID(aggregateID string) (*model.OrgIAMPolic
return view.GetOrgIAMPolicyByAggregateID(v.Db, orgIAMPolicyTable, aggregateID)
}
func (v *View) PutOrgIAMPolicy(policy *model.OrgIAMPolicyView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) PutOrgIAMPolicy(policy *model.OrgIAMPolicyView, event *models.Event) error {
err := view.PutOrgIAMPolicy(v.Db, orgIAMPolicyTable, policy)
if err != nil {
return err
}
return v.ProcessedOrgIAMPolicySequence(sequence, eventTimestamp)
return v.ProcessedOrgIAMPolicySequence(event)
}
func (v *View) DeleteOrgIAMPolicy(aggregateID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteOrgIAMPolicy(aggregateID string, event *models.Event) error {
err := view.DeleteOrgIAMPolicy(v.Db, orgIAMPolicyTable, aggregateID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedOrgIAMPolicySequence(eventSequence, eventTimestamp)
return v.ProcessedOrgIAMPolicySequence(event)
}
func (v *View) GetLatestOrgIAMPolicySequence() (*global_view.CurrentSequence, error) {
return v.latestSequence(orgIAMPolicyTable)
func (v *View) GetLatestOrgIAMPolicySequence(aggregateType string) (*global_view.CurrentSequence, error) {
return v.latestSequence(orgIAMPolicyTable, aggregateType)
}
func (v *View) ProcessedOrgIAMPolicySequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(orgIAMPolicyTable, eventSequence, eventTimestamp)
func (v *View) ProcessedOrgIAMPolicySequence(event *models.Event) error {
return v.saveCurrentSequence(orgIAMPolicyTable, event)
}
func (v *View) UpdateOrgIAMPolicySpoolerRunTimestamp() error {

18
internal/auth/repository/eventsourcing/view/password_complexity_policy.go
View File

@@ -2,10 +2,10 @@ package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/repository/view"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_view "github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -16,28 +16,28 @@ func (v *View) PasswordComplexityPolicyByAggregateID(aggregateID string) (*model
return view.GetPasswordComplexityPolicyByAggregateID(v.Db, passwordComplexityPolicyTable, aggregateID)
}
func (v *View) PutPasswordComplexityPolicy(policy *model.PasswordComplexityPolicyView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) PutPasswordComplexityPolicy(policy *model.PasswordComplexityPolicyView, event *models.Event) error {
err := view.PutPasswordComplexityPolicy(v.Db, passwordComplexityPolicyTable, policy)
if err != nil {
return err
}
return v.ProcessedPasswordComplexityPolicySequence(sequence, eventTimestamp)
return v.ProcessedPasswordComplexityPolicySequence(event)
}
func (v *View) DeletePasswordComplexityPolicy(aggregateID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeletePasswordComplexityPolicy(aggregateID string, event *models.Event) error {
err := view.DeletePasswordComplexityPolicy(v.Db, passwordComplexityPolicyTable, aggregateID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedPasswordComplexityPolicySequence(eventSequence, eventTimestamp)
return v.ProcessedPasswordComplexityPolicySequence(event)
}
func (v *View) GetLatestPasswordComplexityPolicySequence() (*global_view.CurrentSequence, error) {
return v.latestSequence(passwordComplexityPolicyTable)
func (v *View) GetLatestPasswordComplexityPolicySequence(aggregateType string) (*global_view.CurrentSequence, error) {
return v.latestSequence(passwordComplexityPolicyTable, aggregateType)
}
func (v *View) ProcessedPasswordComplexityPolicySequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(passwordComplexityPolicyTable, eventSequence, eventTimestamp)
func (v *View) ProcessedPasswordComplexityPolicySequence(event *models.Event) error {
return v.saveCurrentSequence(passwordComplexityPolicyTable, event)
}
func (v *View) UpdatePasswordComplexityPolicySpoolerRunTimestamp() error {

25
internal/auth/repository/eventsourcing/view/project_role.go
View File

@@ -1,11 +1,12 @@
package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
proj_model "github.com/caos/zitadel/internal/project/model"
"github.com/caos/zitadel/internal/project/repository/view"
"github.com/caos/zitadel/internal/project/repository/view/model"
"github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -32,32 +33,32 @@ func (v *View) SearchProjectRoles(request *proj_model.ProjectRoleSearchRequest)
return view.SearchProjectRoles(v.Db, projectRoleTable, request)
}
func (v *View) PutProjectRole(project *model.ProjectRoleView, eventTimestamp time.Time) error {
err := view.PutProjectRole(v.Db, projectRoleTable, project)
func (v *View) PutProjectRole(role *model.ProjectRoleView, event *models.Event) error {
err := view.PutProjectRole(v.Db, projectRoleTable, role)
if err != nil {
return err
}
return v.ProcessedProjectRoleSequence(project.Sequence, eventTimestamp)
return v.ProcessedProjectRoleSequence(event)
}
func (v *View) DeleteProjectRole(projectID, orgID, key string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteProjectRole(projectID, orgID, key string, event *models.Event) error {
err := view.DeleteProjectRole(v.Db, projectRoleTable, projectID, orgID, key)
if err != nil {
return nil
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedProjectRoleSequence(eventSequence, eventTimestamp)
return v.ProcessedProjectRoleSequence(event)
}
func (v *View) DeleteProjectRolesByProjectID(projectID string) error {
return view.DeleteProjectRolesByProjectID(v.Db, projectRoleTable, projectID)
}
func (v *View) GetLatestProjectRoleSequence() (*repository.CurrentSequence, error) {
return v.latestSequence(projectRoleTable)
func (v *View) GetLatestProjectRoleSequence(aggregateType string) (*repository.CurrentSequence, error) {
return v.latestSequence(projectRoleTable, aggregateType)
}
func (v *View) ProcessedProjectRoleSequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(projectRoleTable, eventSequence, eventTimestamp)
func (v *View) ProcessedProjectRoleSequence(event *models.Event) error {
return v.saveCurrentSequence(projectRoleTable, event)
}
func (v *View) UpdateProjectRoleSpoolerRunTimestamp() error {

17
internal/auth/repository/eventsourcing/view/sequence.go
View File

@@ -1,24 +1,26 @@
package view
import (
"github.com/caos/zitadel/internal/view/repository"
"time"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/view/repository"
)
const (
sequencesTable = "auth.current_sequences"
)
func (v *View) saveCurrentSequence(viewName string, sequence uint64, eventTimestamp time.Time) error {
return repository.SaveCurrentSequence(v.Db, sequencesTable, viewName, sequence, eventTimestamp)
func (v *View) saveCurrentSequence(viewName string, event *models.Event) error {
return repository.SaveCurrentSequence(v.Db, sequencesTable, viewName, string(event.AggregateType), event.Sequence, event.CreationDate)
}
func (v *View) latestSequence(viewName string) (*repository.CurrentSequence, error) {
return repository.LatestSequence(v.Db, sequencesTable, viewName)
func (v *View) latestSequence(viewName, aggregateType string) (*repository.CurrentSequence, error) {
return repository.LatestSequence(v.Db, sequencesTable, viewName, aggregateType)
}
func (v *View) updateSpoolerRunSequence(viewName string) error {
currentSequence, err := repository.LatestSequence(v.Db, sequencesTable, viewName)
currentSequence, err := repository.LatestSequence(v.Db, sequencesTable, viewName, "")
if err != nil {
return err
}
@@ -26,5 +28,8 @@ func (v *View) updateSpoolerRunSequence(viewName string) error {
currentSequence.ViewName = viewName
}
currentSequence.LastSuccessfulSpoolerRun = time.Now()
//update all aggregate types
//TODO: not sure if all scenarios work as expected
currentSequence.AggregateType = ""
return repository.UpdateCurrentSequence(v.Db, sequencesTable, currentSequence)
}

51
internal/auth/repository/eventsourcing/view/token.go
View File

@@ -1,10 +1,11 @@
package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
usr_view "github.com/caos/zitadel/internal/user/repository/view"
"github.com/caos/zitadel/internal/user/repository/view/model"
"github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -19,60 +20,60 @@ func (v *View) TokensByUserID(userID string) ([]*model.TokenView, error) {
return usr_view.TokensByUserID(v.Db, tokenTable, userID)
}
func (v *View) PutToken(token *model.TokenView, eventTimestamp time.Time) error {
func (v *View) PutToken(token *model.TokenView, event *models.Event) error {
err := usr_view.PutToken(v.Db, tokenTable, token)
if err != nil {
return err
}
return v.ProcessedTokenSequence(token.Sequence, eventTimestamp)
return v.ProcessedTokenSequence(event)
}
func (v *View) PutTokens(token []*model.TokenView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) PutTokens(token []*model.TokenView, event *models.Event) error {
err := usr_view.PutTokens(v.Db, tokenTable, token...)
if err != nil {
return err
}
return v.ProcessedTokenSequence(sequence, eventTimestamp)
return v.ProcessedTokenSequence(event)
}
func (v *View) DeleteToken(tokenID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteToken(tokenID string, event *models.Event) error {
err := usr_view.DeleteToken(v.Db, tokenTable, tokenID)
if err != nil {
return nil
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedTokenSequence(eventSequence, eventTimestamp)
return v.ProcessedTokenSequence(event)
}
func (v *View) DeleteSessionTokens(agentID, userID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteSessionTokens(agentID, userID string, event *models.Event) error {
err := usr_view.DeleteSessionTokens(v.Db, tokenTable, agentID, userID)
if err != nil {
return nil
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedTokenSequence(eventSequence, eventTimestamp)
return v.ProcessedTokenSequence(event)
}
func (v *View) DeleteUserTokens(userID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteUserTokens(userID string, event *models.Event) error {
err := usr_view.DeleteUserTokens(v.Db, tokenTable, userID)
if err != nil {
return nil
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedTokenSequence(eventSequence, eventTimestamp)
return v.ProcessedTokenSequence(event)
}
func (v *View) DeleteApplicationTokens(eventSequence uint64, eventTimestamp time.Time, ids ...string) error {
func (v *View) DeleteApplicationTokens(event *models.Event, ids ...string) error {
err := usr_view.DeleteApplicationTokens(v.Db, tokenTable, ids)
if err != nil {
return nil
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedTokenSequence(eventSequence, eventTimestamp)
return v.ProcessedTokenSequence(event)
}
func (v *View) GetLatestTokenSequence() (*repository.CurrentSequence, error) {
return v.latestSequence(tokenTable)
func (v *View) GetLatestTokenSequence(aggregateType string) (*repository.CurrentSequence, error) {
return v.latestSequence(tokenTable, aggregateType)
}
func (v *View) ProcessedTokenSequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(tokenTable, eventSequence, eventTimestamp)
func (v *View) ProcessedTokenSequence(event *models.Event) error {
return v.saveCurrentSequence(tokenTable, event)
}
func (v *View) UpdateTokenSpoolerRunTimestamp() error {

27
internal/auth/repository/eventsourcing/view/user.go
View File

@@ -1,11 +1,12 @@
package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
usr_model "github.com/caos/zitadel/internal/user/model"
"github.com/caos/zitadel/internal/user/repository/view"
"github.com/caos/zitadel/internal/user/repository/view/model"
"github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -52,36 +53,36 @@ func (v *View) UserMFAs(userID string) ([]*usr_model.MultiFactor, error) {
return view.UserMFAs(v.Db, userTable, userID)
}
func (v *View) PutUser(user *model.UserView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) PutUser(user *model.UserView, event *models.Event) error {
err := view.PutUser(v.Db, userTable, user)
if err != nil {
return err
}
return v.ProcessedUserSequence(sequence, eventTimestamp)
return v.ProcessedUserSequence(event)
}
func (v *View) PutUsers(users []*model.UserView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) PutUsers(users []*model.UserView, event *models.Event) error {
err := view.PutUsers(v.Db, userTable, users...)
if err != nil {
return err
}
return v.ProcessedUserSequence(sequence, eventTimestamp)
return v.ProcessedUserSequence(event)
}
func (v *View) DeleteUser(userID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteUser(userID string, event *models.Event) error {
err := view.DeleteUser(v.Db, userTable, userID)
if err != nil {
return nil
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedUserSequence(eventSequence, eventTimestamp)
return v.ProcessedUserSequence(event)
}
func (v *View) GetLatestUserSequence() (*repository.CurrentSequence, error) {
return v.latestSequence(userTable)
func (v *View) GetLatestUserSequence(aggregateType string) (*repository.CurrentSequence, error) {
return v.latestSequence(userTable, aggregateType)
}
func (v *View) ProcessedUserSequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(userTable, eventSequence, eventTimestamp)
func (v *View) ProcessedUserSequence(event *models.Event) error {
return v.saveCurrentSequence(userTable, event)
}
func (v *View) UpdateUserSpoolerRunTimestamp() error {

27
internal/auth/repository/eventsourcing/view/user_grant.go
View File

@@ -1,11 +1,12 @@
package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
grant_model "github.com/caos/zitadel/internal/usergrant/model"
"github.com/caos/zitadel/internal/usergrant/repository/view"
"github.com/caos/zitadel/internal/usergrant/repository/view/model"
"github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -36,36 +37,36 @@ func (v *View) SearchUserGrants(request *grant_model.UserGrantSearchRequest) ([]
return view.SearchUserGrants(v.Db, userGrantTable, request)
}
func (v *View) PutUserGrant(grant *model.UserGrantView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) PutUserGrant(grant *model.UserGrantView, event *models.Event) error {
err := view.PutUserGrant(v.Db, userGrantTable, grant)
if err != nil {
return err
}
return v.ProcessedUserGrantSequence(sequence, eventTimestamp)
return v.ProcessedUserGrantSequence(event)
}
func (v *View) PutUserGrants(grants []*model.UserGrantView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) PutUserGrants(grants []*model.UserGrantView, event *models.Event) error {
err := view.PutUserGrants(v.Db, userGrantTable, grants...)
if err != nil {
return err
}
return v.ProcessedUserGrantSequence(sequence, eventTimestamp)
return v.ProcessedUserGrantSequence(event)
}
func (v *View) DeleteUserGrant(grantID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteUserGrant(grantID string, event *models.Event) error {
err := view.DeleteUserGrant(v.Db, userGrantTable, grantID)
if err != nil {
return nil
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedUserGrantSequence(eventSequence, eventTimestamp)
return v.ProcessedUserGrantSequence(event)
}
func (v *View) GetLatestUserGrantSequence() (*repository.CurrentSequence, error) {
return v.latestSequence(userGrantTable)
func (v *View) GetLatestUserGrantSequence(aggregateType string) (*repository.CurrentSequence, error) {
return v.latestSequence(userGrantTable, aggregateType)
}
func (v *View) ProcessedUserGrantSequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(userGrantTable, eventSequence, eventTimestamp)
func (v *View) ProcessedUserGrantSequence(event *models.Event) error {
return v.saveCurrentSequence(userGrantTable, event)
}
func (v *View) UpdateUserGrantSpoolerRunTimestamp() error {

51
internal/auth/repository/eventsourcing/view/user_membership.go
View File

@@ -1,11 +1,12 @@
package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
usr_model "github.com/caos/zitadel/internal/user/model"
"github.com/caos/zitadel/internal/user/repository/view"
"github.com/caos/zitadel/internal/user/repository/view/model"
"github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -28,60 +29,60 @@ func (v *View) SearchUserMemberships(request *usr_model.UserMembershipSearchRequ
return view.SearchUserMemberships(v.Db, userMembershipTable, request)
}
func (v *View) PutUserMembership(membership *model.UserMembershipView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) PutUserMembership(membership *model.UserMembershipView, event *models.Event) error {
err := view.PutUserMembership(v.Db, userMembershipTable, membership)
if err != nil {
return err
}
return v.ProcessedUserMembershipSequence(sequence, eventTimestamp)
return v.ProcessedUserMembershipSequence(event)
}
func (v *View) BulkPutUserMemberships(memberships []*model.UserMembershipView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) BulkPutUserMemberships(memberships []*model.UserMembershipView, event *models.Event) error {
err := view.PutUserMemberships(v.Db, userMembershipTable, memberships...)
if err != nil {
return err
}
return v.ProcessedUserMembershipSequence(sequence, eventTimestamp)
return v.ProcessedUserMembershipSequence(event)
}
func (v *View) DeleteUserMembership(userID, aggregateID, objectID string, memberType usr_model.MemberType, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteUserMembership(userID, aggregateID, objectID string, memberType usr_model.MemberType, event *models.Event) error {
err := view.DeleteUserMembership(v.Db, userMembershipTable, userID, aggregateID, objectID, memberType)
if err != nil {
return nil
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedUserMembershipSequence(eventSequence, eventTimestamp)
return v.ProcessedUserMembershipSequence(event)
}
func (v *View) DeleteUserMembershipsByUserID(userID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteUserMembershipsByUserID(userID string, event *models.Event) error {
err := view.DeleteUserMembershipsByUserID(v.Db, userMembershipTable, userID)
if err != nil {
return nil
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedUserMembershipSequence(eventSequence, eventTimestamp)
return v.ProcessedUserMembershipSequence(event)
}
func (v *View) DeleteUserMembershipsByAggregateID(aggregateID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteUserMembershipsByAggregateID(aggregateID string, event *models.Event) error {
err := view.DeleteUserMembershipsByAggregateID(v.Db, userMembershipTable, aggregateID)
if err != nil {
return nil
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedUserMembershipSequence(eventSequence, eventTimestamp)
return v.ProcessedUserMembershipSequence(event)
}
func (v *View) DeleteUserMembershipsByAggregateIDAndObjectID(aggregateID, objectID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteUserMembershipsByAggregateIDAndObjectID(aggregateID, objectID string, event *models.Event) error {
err := view.DeleteUserMembershipsByAggregateIDAndObjectID(v.Db, userMembershipTable, aggregateID, objectID)
if err != nil {
return nil
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedUserMembershipSequence(eventSequence, eventTimestamp)
return v.ProcessedUserMembershipSequence(event)
}
func (v *View) GetLatestUserMembershipSequence() (*repository.CurrentSequence, error) {
return v.latestSequence(userMembershipTable)
func (v *View) GetLatestUserMembershipSequence(aggregateType string) (*repository.CurrentSequence, error) {
return v.latestSequence(userMembershipTable, aggregateType)
}
func (v *View) ProcessedUserMembershipSequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(userMembershipTable, eventSequence, eventTimestamp)
func (v *View) ProcessedUserMembershipSequence(event *models.Event) error {
return v.saveCurrentSequence(userMembershipTable, event)
}
func (v *View) UpdateUserMembershipSpoolerRunTimestamp() error {

27
internal/auth/repository/eventsourcing/view/user_session.go
View File

@@ -1,10 +1,11 @@
package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/user/repository/view"
"github.com/caos/zitadel/internal/user/repository/view/model"
"github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -27,36 +28,36 @@ func (v *View) ActiveUserSessions() ([]*model.UserSessionView, error) {
return view.ActiveUserSessions(v.Db, userSessionTable)
}
func (v *View) PutUserSession(userSession *model.UserSessionView, eventTimestamp time.Time) error {
func (v *View) PutUserSession(userSession *model.UserSessionView, event *models.Event) error {
err := view.PutUserSession(v.Db, userSessionTable, userSession)
if err != nil {
return err
}
return v.ProcessedUserSessionSequence(userSession.Sequence, eventTimestamp)
return v.ProcessedUserSessionSequence(event)
}
func (v *View) PutUserSessions(userSession []*model.UserSessionView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) PutUserSessions(userSession []*model.UserSessionView, event *models.Event) error {
err := view.PutUserSessions(v.Db, userSessionTable, userSession...)
if err != nil {
return err
}
return v.ProcessedUserSessionSequence(sequence, eventTimestamp)
return v.ProcessedUserSessionSequence(event)
}
func (v *View) DeleteUserSessions(userID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteUserSessions(userID string, event *models.Event) error {
err := view.DeleteUserSessions(v.Db, userSessionTable, userID)
if err != nil {
return nil
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedUserSessionSequence(eventSequence, eventTimestamp)
return v.ProcessedUserSessionSequence(event)
}
func (v *View) GetLatestUserSessionSequence() (*repository.CurrentSequence, error) {
return v.latestSequence(userSessionTable)
func (v *View) GetLatestUserSessionSequence(aggregateType string) (*repository.CurrentSequence, error) {
return v.latestSequence(userSessionTable, aggregateType)
}
func (v *View) ProcessedUserSessionSequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(userSessionTable, eventSequence, eventTimestamp)
func (v *View) ProcessedUserSessionSequence(event *models.Event) error {
return v.saveCurrentSequence(userSessionTable, event)
}
func (v *View) UpdateUserSessionSpoolerRunTimestamp() error {

2
internal/auth/repository/user.go
View File

@@ -32,6 +32,7 @@ type UserRepository interface {
VerifyMFAU2FSetup(ctx context.Context, userID, tokenName, userAgentID string, credentialData []byte) error
RemoveMFAU2F(ctx context.Context, userID, webAuthNTokenID string) error
GetPasswordless(ctx context.Context, id string) ([]*model.WebAuthNToken, error)
AddPasswordless(ctx context.Context, id string) (*model.WebAuthNToken, error)
VerifyPasswordlessSetup(ctx context.Context, userID, tokenName, userAgentID string, credentialData []byte) error
RemovePasswordless(ctx context.Context, userID, webAuthNTokenID string) error
@@ -80,6 +81,7 @@ type myUserRepo interface {
VerifyMyMFAU2FSetup(ctx context.Context, tokenName string, data []byte) error
RemoveMyMFAU2F(ctx context.Context, webAuthNTokenID string) error
GetMyPasswordless(ctx context.Context) ([]*model.WebAuthNToken, error)
AddMyPasswordless(ctx context.Context) (*model.WebAuthNToken, error)
VerifyMyPasswordlessSetup(ctx context.Context, tokenName string, data []byte) error
RemoveMyPasswordless(ctx context.Context, webAuthNTokenID string) error

8
internal/auth_request/model/auth_request.go
View File

@@ -1,11 +1,13 @@
package model
import (
"github.com/caos/zitadel/internal/iam/model"
"golang.org/x/text/language"
"strings"
"time"
"golang.org/x/text/language"
"github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/errors"
)
@@ -30,6 +32,8 @@ type AuthRequest struct {
LoginName string
DisplayName string
UserOrgID string
RequestedOrgID string
RequestedOrgName string
SelectedIDPConfigID string
LinkingUsers []*ExternalUser
PossibleSteps []NextStep

9
internal/auth_request/model/next_step.go
View File

@@ -48,10 +48,11 @@ func (s *SelectUserStep) Type() NextStepType {
}
type UserSelection struct {
UserID string
DisplayName string
LoginName string
UserSessionState UserSessionState
UserID string
DisplayName string
LoginName string
UserSessionState UserSessionState
SelectionPossible bool
}
type InitUserStep struct {

1
internal/auth_request/model/request.go
View File

@@ -20,6 +20,7 @@ const (
const (
OrgDomainPrimaryScope = "urn:zitadel:iam:org:domain:primary:"
OrgDomainPrimaryClaim = "urn:zitadel:iam:org:domain:primary"
ProjectIDScope = "urn:zitadel:iam:org:project:id:"
AudSuffix = ":aud"
)

50
internal/authz/repository/eventsourcing/handler/application.go
View File

@@ -3,27 +3,61 @@ package handler
import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
"github.com/caos/zitadel/internal/project/repository/eventsourcing"
es_model "github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
view_model "github.com/caos/zitadel/internal/project/repository/view/model"
)
type Application struct {
handler
}
const (
applicationTable = "authz.applications"
)
type Application struct {
handler
subscription *eventstore.Subscription
}
func newApplication(handler handler) *Application {
h := &Application{
handler: handler,
}
h.subscribe()
return h
}
func (k *Application) subscribe() {
k.subscription = k.es.Subscribe(k.AggregateTypes()...)
go func() {
for event := range k.subscription.Events {
query.ReduceEvent(k, event)
}
}()
}
func (a *Application) ViewModel() string {
return applicationTable
}
func (a *Application) AggregateTypes() []models.AggregateType {
return []models.AggregateType{es_model.ProjectAggregate}
}
func (a *Application) CurrentSequence(event *models.Event) (uint64, error) {
sequence, err := a.view.GetLatestApplicationSequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (a *Application) EventQuery() (*models.SearchQuery, error) {
sequence, err := a.view.GetLatestApplicationSequence()
sequence, err := a.view.GetLatestApplicationSequence("")
if err != nil {
return nil, err
}
@@ -54,14 +88,14 @@ func (a *Application) Reduce(event *models.Event) (err error) {
if err != nil {
return err
}
return a.view.DeleteApplication(app.ID, event.Sequence, event.CreationDate)
return a.view.DeleteApplication(app.ID, event)
default:
return a.view.ProcessedApplicationSequence(event.Sequence, event.CreationDate)
return a.view.ProcessedApplicationSequence(event)
}
if err != nil {
return err
}
return a.view.PutApplication(app, event.CreationDate)
return a.view.PutApplication(app, event)
}
func (a *Application) OnError(event *models.Event, spoolerError error) error {

37
internal/authz/repository/eventsourcing/handler/handler.go
View File

@@ -3,13 +3,12 @@ package handler
import (
"time"
"github.com/caos/zitadel/internal/authz/repository/eventsourcing/view"
sd "github.com/caos/zitadel/internal/config/systemdefaults"
"github.com/caos/zitadel/internal/config/types"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/query"
iam_events "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
"github.com/caos/zitadel/internal/authz/repository/eventsourcing/view"
"github.com/caos/zitadel/internal/config/types"
)
type Configs map[string]*Config
@@ -23,29 +22,35 @@ type handler struct {
bulkLimit uint64
cycleDuration time.Duration
errorCountUntilSkip uint64
es eventstore.Eventstore
}
func (h *handler) Eventstore() eventstore.Eventstore {
return h.es
}
type EventstoreRepos struct {
IamEvents *iam_events.IAMEventstore
IAMEvents *iam_events.IAMEventstore
}
func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, eventstore eventstore.Eventstore, repos EventstoreRepos, systemDefaults sd.SystemDefaults) []query.Handler {
func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, es eventstore.Eventstore, repos EventstoreRepos, systemDefaults sd.SystemDefaults) []query.Handler {
return []query.Handler{
&UserGrant{
handler: handler{view, bulkLimit, configs.cycleDuration("UserGrant"), errorCount},
eventstore: eventstore,
iamID: systemDefaults.IamID,
iamEvents: repos.IamEvents,
},
&Application{handler: handler{view, bulkLimit, configs.cycleDuration("Application"), errorCount}},
&Org{handler: handler{view, bulkLimit, configs.cycleDuration("Org"), errorCount}},
newUserGrant(
handler{view, bulkLimit, configs.cycleDuration("UserGrant"), errorCount, es},
repos.IAMEvents,
systemDefaults.IamID),
newApplication(
handler{view, bulkLimit, configs.cycleDuration("Application"), errorCount, es}),
newOrg(
handler{view, bulkLimit, configs.cycleDuration("Org"), errorCount, es}),
}
}
func (configs Configs) cycleDuration(viewModel string) time.Duration {
c, ok := configs[viewModel]
if !ok {
return 1 * time.Second
return 3 * time.Minute
}
return c.MinimumCycleDuration.Duration
}
@@ -54,6 +59,10 @@ func (h *handler) MinimumCycleDuration() time.Duration {
return h.cycleDuration
}
func (h *handler) LockDuration() time.Duration {
return h.cycleDuration / 3
}
func (h *handler) QueryLimit() uint64 {
return h.bulkLimit
}

49
internal/authz/repository/eventsourcing/handler/org.go
View File

@@ -3,27 +3,62 @@ package handler
import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
"github.com/caos/zitadel/internal/org/repository/eventsourcing"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
org_model "github.com/caos/zitadel/internal/org/repository/view/model"
)
type Org struct {
handler
}
const (
orgTable = "authz.orgs"
)
type Org struct {
handler
subscription *eventstore.Subscription
}
func newOrg(handler handler) *Org {
h := &Org{
handler: handler,
}
h.subscribe()
return h
}
func (k *Org) subscribe() {
k.subscription = k.es.Subscribe(k.AggregateTypes()...)
go func() {
for event := range k.subscription.Events {
query.ReduceEvent(k, event)
}
}()
}
func (o *Org) ViewModel() string {
return orgTable
}
func (_ *Org) AggregateTypes() []es_models.AggregateType {
return []es_models.AggregateType{model.OrgAggregate}
}
func (o *Org) CurrentSequence(event *models.Event) (uint64, error) {
sequence, err := o.view.GetLatestOrgSequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (o *Org) EventQuery() (*es_models.SearchQuery, error) {
sequence, err := o.view.GetLatestOrgSequence()
sequence, err := o.view.GetLatestOrgSequence("")
if err != nil {
return nil, err
}
@@ -53,10 +88,10 @@ func (o *Org) Reduce(event *es_models.Event) error {
return err
}
default:
return o.view.ProcessedOrgSequence(event.Sequence, event.CreationDate)
return o.view.ProcessedOrgSequence(event)
}
return o.view.PutOrg(org, event.CreationDate)
return o.view.PutOrg(org, event)
}
func (o *Org) OnError(event *es_models.Event, spoolerErr error) error {

76
internal/authz/repository/eventsourcing/handler/user_grant.go
View File

@@ -11,6 +11,7 @@ import (
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/query"
"github.com/caos/zitadel/internal/eventstore/spooler"
iam_events "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
@@ -20,22 +21,59 @@ import (
"github.com/caos/zitadel/internal/v2/domain"
)
type UserGrant struct {
handler
eventstore eventstore.Eventstore
iamEvents *iam_events.IAMEventstore
iamID string
iamProjectID string
}
const (
userGrantTable = "authz.user_grants"
)
type UserGrant struct {
handler
iamEvents *iam_events.IAMEventstore
iamID string
iamProjectID string
subscription *eventstore.Subscription
}
func newUserGrant(
handler handler,
iamEvents *iam_events.IAMEventstore,
iamID string,
) *UserGrant {
h := &UserGrant{
handler: handler,
iamEvents: iamEvents,
iamID: iamID,
}
h.subscribe()
return h
}
func (k *UserGrant) subscribe() {
k.subscription = k.es.Subscribe(k.AggregateTypes()...)
go func() {
for event := range k.subscription.Events {
query.ReduceEvent(k, event)
}
}()
}
func (u *UserGrant) ViewModel() string {
return userGrantTable
}
func (_ *UserGrant) AggregateTypes() []es_models.AggregateType {
return []es_models.AggregateType{iam_es_model.IAMAggregate, org_es_model.OrgAggregate, proj_es_model.ProjectAggregate}
}
func (u *UserGrant) CurrentSequence(event *models.Event) (uint64, error) {
sequence, err := u.view.GetLatestUserGrantSequence(string(event.AggregateType))
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (u *UserGrant) EventQuery() (*models.SearchQuery, error) {
if u.iamProjectID == "" {
err := u.setIamProjectID()
@@ -43,7 +81,7 @@ func (u *UserGrant) EventQuery() (*models.SearchQuery, error) {
return nil, err
}
}
sequence, err := u.view.GetLatestUserGrantSequence()
sequence, err := u.view.GetLatestUserGrantSequence("")
if err != nil {
return nil, err
}
@@ -75,7 +113,7 @@ func (u *UserGrant) processProject(event *models.Event) (err error) {
member.SetData(event)
return u.processMember(event, "PROJECT_GRANT", member.GrantID, member.UserID, member.Roles)
default:
return u.view.ProcessedUserGrantSequence(event.Sequence, event.CreationDate)
return u.view.ProcessedUserGrantSequence(event)
}
}
@@ -86,7 +124,7 @@ func (u *UserGrant) processOrg(event *models.Event) (err error) {
member.SetData(event)
return u.processMember(event, "ORG", "", member.UserID, member.Roles)
default:
return u.view.ProcessedUserGrantSequence(event.Sequence, event.CreationDate)
return u.view.ProcessedUserGrantSequence(event)
}
}
@@ -124,16 +162,16 @@ func (u *UserGrant) processIAMMember(event *models.Event, rolePrefix string, suf
}
grant.Sequence = event.Sequence
grant.ChangeDate = event.CreationDate
return u.view.PutUserGrant(grant, grant.Sequence, event.CreationDate)
return u.view.PutUserGrant(grant, event)
case iam_es_model.IAMMemberRemoved:
member.SetData(event)
grant, err := u.view.UserGrantByIDs(u.iamID, u.iamProjectID, member.UserID)
if err != nil {
return err
}
return u.view.DeleteUserGrant(grant.ID, event.Sequence, event.CreationDate)
return u.view.DeleteUserGrant(grant.ID, event)
default:
return u.view.ProcessedUserGrantSequence(event.Sequence, event.CreationDate)
return u.view.ProcessedUserGrantSequence(event)
}
}
@@ -169,7 +207,7 @@ func (u *UserGrant) processMember(event *models.Event, rolePrefix, roleSuffix st
}
grant.Sequence = event.Sequence
grant.ChangeDate = event.CreationDate
return u.view.PutUserGrant(grant, event.Sequence, event.CreationDate)
return u.view.PutUserGrant(grant, event)
case org_es_model.OrgMemberRemoved,
proj_es_model.ProjectMemberRemoved,
proj_es_model.ProjectGrantMemberRemoved:
@@ -179,18 +217,18 @@ func (u *UserGrant) processMember(event *models.Event, rolePrefix, roleSuffix st
return err
}
if errors.IsNotFound(err) {
return u.view.ProcessedUserGrantSequence(event.Sequence, event.CreationDate)
return u.view.ProcessedUserGrantSequence(event)
}
if roleSuffix != "" {
roleKeys = suffixRoles(roleSuffix, roleKeys)
}
if grant.RoleKeys == nil {
return u.view.ProcessedUserGrantSequence(event.Sequence, event.CreationDate)
return u.view.ProcessedUserGrantSequence(event)
}
grant.RoleKeys = mergeExistingRoles(rolePrefix, roleSuffix, grant.RoleKeys, nil)
return u.view.PutUserGrant(grant, event.Sequence, event.CreationDate)
return u.view.PutUserGrant(grant, event)
default:
return u.view.ProcessedUserGrantSequence(event.Sequence, event.CreationDate)
return u.view.ProcessedUserGrantSequence(event)
}
}

2
internal/authz/repository/eventsourcing/repository.go
View File

@@ -84,7 +84,7 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults) (*
return nil, err
}
repos := handler.EventstoreRepos{IamEvents: iam}
repos := handler.EventstoreRepos{IAMEvents: iam}
spool := spooler.StartSpooler(conf.Spooler, es, view, sqlClient, repos, systemDefaults)
return &EsRepository{

23
internal/authz/repository/eventsourcing/view/application.go
View File

@@ -2,8 +2,9 @@ package view
import (
"context"
"time"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
proj_model "github.com/caos/zitadel/internal/project/model"
"github.com/caos/zitadel/internal/project/repository/view"
"github.com/caos/zitadel/internal/project/repository/view/model"
@@ -34,28 +35,28 @@ func (v *View) SearchApplications(request *proj_model.ApplicationSearchRequest)
return view.SearchApplications(v.Db, applicationTable, request)
}
func (v *View) PutApplication(project *model.ApplicationView, eventTimestamp time.Time) error {
func (v *View) PutApplication(project *model.ApplicationView, event *models.Event) error {
err := view.PutApplication(v.Db, applicationTable, project)
if err != nil {
return err
}
return v.ProcessedApplicationSequence(project.Sequence, eventTimestamp)
return v.ProcessedApplicationSequence(event)
}
func (v *View) DeleteApplication(appID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteApplication(appID string, event *models.Event) error {
err := view.DeleteApplication(v.Db, applicationTable, appID)
if err != nil {
return nil
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedApplicationSequence(eventSequence, eventTimestamp)
return v.ProcessedApplicationSequence(event)
}
func (v *View) GetLatestApplicationSequence() (*repository.CurrentSequence, error) {
return v.latestSequence(applicationTable)
func (v *View) GetLatestApplicationSequence(aggregateType string) (*repository.CurrentSequence, error) {
return v.latestSequence(applicationTable, aggregateType)
}
func (v *View) ProcessedApplicationSequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(applicationTable, eventSequence, eventTimestamp)
func (v *View) ProcessedApplicationSequence(event *models.Event) error {
return v.saveCurrentSequence(applicationTable, event)
}
func (v *View) UpdateApplicationSpoolerRunTimestamp() error {

14
internal/authz/repository/eventsourcing/view/org.go
View File

@@ -1,11 +1,11 @@
package view
import (
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/org/model"
org_view "github.com/caos/zitadel/internal/org/repository/view"
org_model "github.com/caos/zitadel/internal/org/repository/view/model"
"github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -20,12 +20,12 @@ func (v *View) SearchOrgs(req *model.OrgSearchRequest) ([]*org_model.OrgView, ui
return org_view.SearchOrgs(v.Db, orgTable, req)
}
func (v *View) PutOrg(org *org_model.OrgView, eventTimestamp time.Time) error {
func (v *View) PutOrg(org *org_model.OrgView, event *models.Event) error {
err := org_view.PutOrg(v.Db, orgTable, org)
if err != nil {
return err
}
return v.ProcessedOrgSequence(org.Sequence, eventTimestamp)
return v.ProcessedOrgSequence(event)
}
func (v *View) GetLatestOrgFailedEvent(sequence uint64) (*repository.FailedEvent, error) {
@@ -36,12 +36,12 @@ func (v *View) ProcessedOrgFailedEvent(failedEvent *repository.FailedEvent) erro
return v.saveFailedEvent(failedEvent)
}
func (v *View) GetLatestOrgSequence() (*repository.CurrentSequence, error) {
return v.latestSequence(orgTable)
func (v *View) GetLatestOrgSequence(aggregateType string) (*repository.CurrentSequence, error) {
return v.latestSequence(orgTable, aggregateType)
}
func (v *View) ProcessedOrgSequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(orgTable, eventSequence, eventTimestamp)
func (v *View) ProcessedOrgSequence(event *models.Event) error {
return v.saveCurrentSequence(orgTable, event)
}
func (v *View) UpdateOrgSpoolerRunTimestamp() error {

17
internal/authz/repository/eventsourcing/view/sequence.go
View File

@@ -1,24 +1,26 @@
package view
import (
"github.com/caos/zitadel/internal/view/repository"
"time"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/view/repository"
)
const (
sequencesTable = "authz.current_sequences"
)
func (v *View) saveCurrentSequence(viewName string, sequence uint64, eventTimestamp time.Time) error {
return repository.SaveCurrentSequence(v.Db, sequencesTable, viewName, sequence, eventTimestamp)
func (v *View) saveCurrentSequence(viewName string, event *models.Event) error {
return repository.SaveCurrentSequence(v.Db, sequencesTable, viewName, string(event.AggregateType), event.Sequence, event.CreationDate)
}
func (v *View) latestSequence(viewName string) (*repository.CurrentSequence, error) {
return repository.LatestSequence(v.Db, sequencesTable, viewName)
func (v *View) latestSequence(viewName, aggregateType string) (*repository.CurrentSequence, error) {
return repository.LatestSequence(v.Db, sequencesTable, viewName, aggregateType)
}
func (v *View) updateSpoolerRunSequence(viewName string) error {
currentSequence, err := repository.LatestSequence(v.Db, sequencesTable, viewName)
currentSequence, err := repository.LatestSequence(v.Db, sequencesTable, viewName, "")
if err != nil {
return err
}
@@ -26,5 +28,8 @@ func (v *View) updateSpoolerRunSequence(viewName string) error {
currentSequence.ViewName = viewName
}
currentSequence.LastSuccessfulSpoolerRun = time.Now()
//update all aggregate types
//TODO: not sure if all scenarios work as expected
currentSequence.AggregateType = ""
return repository.UpdateCurrentSequence(v.Db, sequencesTable, currentSequence)
}

31
internal/authz/repository/eventsourcing/view/token.go
View File

@@ -1,10 +1,11 @@
package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
usr_view "github.com/caos/zitadel/internal/user/repository/view"
usr_view_model "github.com/caos/zitadel/internal/user/repository/view/model"
"github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -15,36 +16,36 @@ func (v *View) TokenByID(tokenID string) (*usr_view_model.TokenView, error) {
return usr_view.TokenByID(v.Db, tokenTable, tokenID)
}
func (v *View) PutToken(token *usr_view_model.TokenView, eventTimestamp time.Time) error {
func (v *View) PutToken(token *usr_view_model.TokenView, event *models.Event) error {
err := usr_view.PutToken(v.Db, tokenTable, token)
if err != nil {
return err
}
return v.ProcessedTokenSequence(token.Sequence, eventTimestamp)
return v.ProcessedTokenSequence(event)
}
func (v *View) DeleteToken(tokenID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteToken(tokenID string, event *models.Event) error {
err := usr_view.DeleteToken(v.Db, tokenTable, tokenID)
if err != nil {
return nil
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedTokenSequence(eventSequence, eventTimestamp)
return v.ProcessedTokenSequence(event)
}
func (v *View) DeleteSessionTokens(agentID, userID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteSessionTokens(agentID, userID string, event *models.Event) error {
err := usr_view.DeleteSessionTokens(v.Db, tokenTable, agentID, userID)
if err != nil {
return nil
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedTokenSequence(eventSequence, eventTimestamp)
return v.ProcessedTokenSequence(event)
}
func (v *View) GetLatestTokenSequence() (*repository.CurrentSequence, error) {
return v.latestSequence(tokenTable)
func (v *View) GetLatestTokenSequence(aggregateType string) (*repository.CurrentSequence, error) {
return v.latestSequence(tokenTable, aggregateType)
}
func (v *View) ProcessedTokenSequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(tokenTable, eventSequence, eventTimestamp)
func (v *View) ProcessedTokenSequence(event *models.Event) error {
return v.saveCurrentSequence(tokenTable, event)
}
func (v *View) UpdateTokenSpoolerRunTimestamp() error {

23
internal/authz/repository/eventsourcing/view/user_grant.go
View File

@@ -1,11 +1,12 @@
package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
grant_model "github.com/caos/zitadel/internal/usergrant/model"
"github.com/caos/zitadel/internal/usergrant/repository/view"
"github.com/caos/zitadel/internal/usergrant/repository/view/model"
"github.com/caos/zitadel/internal/view/repository"
"time"
)
const (
@@ -32,28 +33,28 @@ func (v *View) SearchUserGrants(request *grant_model.UserGrantSearchRequest) ([]
return view.SearchUserGrants(v.Db, userGrantTable, request)
}
func (v *View) PutUserGrant(grant *model.UserGrantView, sequence uint64, eventTimestamp time.Time) error {
func (v *View) PutUserGrant(grant *model.UserGrantView, event *models.Event) error {
err := view.PutUserGrant(v.Db, userGrantTable, grant)
if err != nil {
return err
}
return v.ProcessedUserGrantSequence(sequence, eventTimestamp)
return v.ProcessedUserGrantSequence(event)
}
func (v *View) DeleteUserGrant(grantID string, eventSequence uint64, eventTimestamp time.Time) error {
func (v *View) DeleteUserGrant(grantID string, event *models.Event) error {
err := view.DeleteUserGrant(v.Db, userGrantTable, grantID)
if err != nil {
return nil
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedUserGrantSequence(eventSequence, eventTimestamp)
return v.ProcessedUserGrantSequence(event)
}
func (v *View) GetLatestUserGrantSequence() (*repository.CurrentSequence, error) {
return v.latestSequence(userGrantTable)
func (v *View) GetLatestUserGrantSequence(aggregateType string) (*repository.CurrentSequence, error) {
return v.latestSequence(userGrantTable, aggregateType)
}
func (v *View) ProcessedUserGrantSequence(eventSequence uint64, eventTimestamp time.Time) error {
return v.saveCurrentSequence(userGrantTable, eventSequence, eventTimestamp)
func (v *View) ProcessedUserGrantSequence(event *models.Event) error {
return v.saveCurrentSequence(userGrantTable, event)
}
func (v *View) UpdateUserGrantSpoolerRunTimestamp() error {

4
internal/config/types/sql.go
View File

@@ -62,6 +62,10 @@ func (s *SQL) Start() (*sql.DB, error) {
if err != nil {
return nil, errors.ThrowPreconditionFailed(err, "TYPES-9qBtr", "unable to open database connection")
}
// as we open many sql clients we set the max
// open cons deep. now 3(maxconn) * 8(clients) = max 24 conns per pod
client.SetMaxOpenConns(3)
client.SetMaxIdleConns(3)
return client, nil
}

5
internal/crypto/aes.go
View File

@@ -116,7 +116,10 @@ func DecryptAESString(data string, key string) (string, error) {
return string(decrypted), nil
}
func DecryptAES(cipherText []byte, key string) ([]byte, error) {
func DecryptAES(text []byte, key string) ([]byte, error) {
cipherText := make([]byte, len(text))
copy(cipherText, text)
block, err := aes.NewCipher([]byte(key))
if err != nil {
return nil, err

3
internal/eventstore/eventstore.go
View File

@@ -16,6 +16,7 @@ type Eventstore interface {
FilterEvents(ctx context.Context, searchQuery *models.SearchQuery) (events []*models.Event, err error)
LatestSequence(ctx context.Context, searchQuery *models.SearchQueryFactory) (uint64, error)
V2() *es_v2.Eventstore
Subscribe(aggregates ...models.AggregateType) *Subscription
}
var _ Eventstore = (*eventstore)(nil)
@@ -46,6 +47,8 @@ func (es *eventstore) PushAggregates(ctx context.Context, aggregates ...*models.
if err != nil {
return err
}
go notify(aggregates)
return nil
}

19
internal/eventstore/mock/eventstore.mock.go
View File

@@ -6,6 +6,7 @@ package mock
import (
context "context"
eventstore "github.com/caos/zitadel/internal/eventstore"
models "github.com/caos/zitadel/internal/eventstore/models"
gomock "github.com/golang/mock/gomock"
reflect "reflect"
@@ -110,3 +111,21 @@ func (mr *MockEventstoreMockRecorder) PushAggregates(arg0 interface{}, arg1 ...i
varargs := append([]interface{}{arg0}, arg1...)
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "PushAggregates", reflect.TypeOf((*MockEventstore)(nil).PushAggregates), varargs...)
}
// Subscribe mocks base method
func (m *MockEventstore) Subscribe(arg0 ...models.AggregateType) *eventstore.Subscription {
m.ctrl.T.Helper()
varargs := []interface{}{}
for _, a := range arg0 {
varargs = append(varargs, a)
}
ret := m.ctrl.Call(m, "Subscribe", varargs...)
ret0, _ := ret[0].(*eventstore.Subscription)
return ret0
}
// Subscribe indicates an expected call of Subscribe
func (mr *MockEventstoreMockRecorder) Subscribe(arg0 ...interface{}) *gomock.Call {
mr.mock.ctrl.T.Helper()
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Subscribe", reflect.TypeOf((*MockEventstore)(nil).Subscribe), arg0...)
}

Some files were not shown because too many files have changed in this diff Show More