TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 21:27:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(ldap): adding root ca option to ldap config (#9292)

Browse Source 
# Which Problems Are Solved

Adding ability to add a root CA to LDAP configs

# Additional Context

- Closes https://github.com/zitadel/zitadel/issues/7888

---------

Co-authored-by: Iraq Jaber <IraqJaber@gmail.com>
This commit is contained in:
Iraq
2025-02-18 10:06:50 +00:00
committed by GitHub
parent d7332d1ac4
commit 5bbb953ffb
27 changed files with 418 additions and 243 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
internal/command/idp.go
View File

@@ -107,6 +107,7 @@ type LDAPProvider struct {
UserObjectClasses []string
UserFilters []string
Timeout time.Duration
RootCA []byte
LDAPAttributes idp.LDAPAttributes
IDPOptions idp.Options
}

8
internal/command/idp_model.go
View File

@@ -1,6 +1,7 @@
package command
import (
"bytes"
"net/http"
"reflect"
"slices"
@@ -1366,6 +1367,7 @@ type LDAPIDPWriteModel struct {
UserObjectClasses []string
UserFilters []string
Timeout time.Duration
RootCA []byte
idp.LDAPAttributes
idp.Options
@@ -1406,6 +1408,7 @@ func (wm *LDAPIDPWriteModel) reduceAddedEvent(e *idp.LDAPIDPAddedEvent) {
wm.UserObjectClasses = e.UserObjectClasses
wm.UserFilters = e.UserFilters
wm.Timeout = e.Timeout
wm.RootCA = e.RootCA
wm.LDAPAttributes = e.LDAPAttributes
wm.Options = e.Options
wm.State = domain.IDPStateActive
@@ -1460,6 +1463,7 @@ func (wm *LDAPIDPWriteModel) NewChanges(
userObjectClasses []string,
userFilters []string,
timeout time.Duration,
rootCA []byte,
secretCrypto crypto.EncryptionAlgorithm,
attributes idp.LDAPAttributes,
options idp.Options,
@@ -1501,6 +1505,9 @@ func (wm *LDAPIDPWriteModel) NewChanges(
if wm.Timeout != timeout {
changes = append(changes, idp.ChangeLDAPTimeout(timeout))
}
if !bytes.Equal(wm.RootCA, rootCA) {
changes = append(changes, idp.ChangeLDAPRootCA(rootCA))
}
attrs := wm.LDAPAttributes.Changes(attributes)
if !attrs.IsZero() {
changes = append(changes, idp.ChangeLDAPAttributes(attrs))
@@ -1582,6 +1589,7 @@ func (wm *LDAPIDPWriteModel) ToProvider(callbackURL string, idpAlg crypto.Encryp
wm.UserObjectClasses,
wm.UserFilters,
wm.Timeout,
wm.RootCA,
callbackURL,
opts...,
), nil

2
internal/command/instance_idp.go
View File

@@ -1556,6 +1556,7 @@ func (c *Commands) prepareAddInstanceLDAPProvider(a *instance.Aggregate, writeMo
provider.UserObjectClasses,
provider.UserFilters,
provider.Timeout,
provider.RootCA,
provider.LDAPAttributes,
provider.IDPOptions,
),
@@ -1616,6 +1617,7 @@ func (c *Commands) prepareUpdateInstanceLDAPProvider(a *instance.Aggregate, writ
provider.UserObjectClasses,
provider.UserFilters,
provider.Timeout,
provider.RootCA,
c.idpConfigEncryption,
provider.LDAPAttributes,
provider.IDPOptions,

2
internal/command/instance_idp_model.go
View File

@@ -768,6 +768,7 @@ func (wm *InstanceLDAPIDPWriteModel) NewChangedEvent(
userObjectClasses []string,
userFilters []string,
timeout time.Duration,
rootCA []byte,
secretCrypto crypto.EncryptionAlgorithm,
attributes idp.LDAPAttributes,
options idp.Options,
@@ -784,6 +785,7 @@ func (wm *InstanceLDAPIDPWriteModel) NewChangedEvent(
userObjectClasses,
userFilters,
timeout,
rootCA,
secretCrypto,
attributes,
options,

8
internal/command/instance_idp_test.go
View File

@@ -4260,6 +4260,7 @@ func TestCommandSide_AddInstanceLDAPIDP(t *testing.T) {
[]string{"object"},
[]string{"filter"},
time.Second*30,
[]byte("certificate"),
idp.LDAPAttributes{},
idp.Options{},
),
@@ -4281,6 +4282,7 @@ func TestCommandSide_AddInstanceLDAPIDP(t *testing.T) {
UserObjectClasses: []string{"object"},
UserFilters: []string{"filter"},
Timeout: time.Second * 30,
RootCA: []byte("certificate"),
},
},
res: res{
@@ -4311,6 +4313,7 @@ func TestCommandSide_AddInstanceLDAPIDP(t *testing.T) {
[]string{"object"},
[]string{"filter"},
time.Second*30,
[]byte("certificate"),
idp.LDAPAttributes{
IDAttribute: "id",
FirstNameAttribute: "firstName",
@@ -4351,6 +4354,7 @@ func TestCommandSide_AddInstanceLDAPIDP(t *testing.T) {
UserObjectClasses: []string{"object"},
UserFilters: []string{"filter"},
Timeout: time.Second * 30,
RootCA: []byte("certificate"),
LDAPAttributes: idp.LDAPAttributes{
IDAttribute: "id",
FirstNameAttribute: "firstName",
@@ -4626,6 +4630,7 @@ func TestCommandSide_UpdateInstanceLDAPIDP(t *testing.T) {
[]string{"object"},
[]string{"filter"},
time.Second*30,
[]byte("certificate"),
idp.LDAPAttributes{},
idp.Options{},
)),
@@ -4645,6 +4650,7 @@ func TestCommandSide_UpdateInstanceLDAPIDP(t *testing.T) {
UserObjectClasses: []string{"object"},
UserFilters: []string{"filter"},
Timeout: time.Second * 30,
RootCA: []byte("certificate"),
},
},
res: res{
@@ -4674,6 +4680,7 @@ func TestCommandSide_UpdateInstanceLDAPIDP(t *testing.T) {
[]string{"object"},
[]string{"filter"},
time.Second*30,
[]byte("certificate"),
idp.LDAPAttributes{},
idp.Options{},
)),
@@ -4742,6 +4749,7 @@ func TestCommandSide_UpdateInstanceLDAPIDP(t *testing.T) {
UserObjectClasses: []string{"new object"},
UserFilters: []string{"new filter"},
Timeout: time.Second * 20,
RootCA: []byte("certificate"),
LDAPAttributes: idp.LDAPAttributes{
IDAttribute: "new id",
FirstNameAttribute: "new firstName",

2
internal/command/org_idp.go
View File

@@ -1540,6 +1540,7 @@ func (c *Commands) prepareAddOrgLDAPProvider(a *org.Aggregate, writeModel *OrgLD
provider.UserObjectClasses,
provider.UserFilters,
provider.Timeout,
provider.RootCA,
provider.LDAPAttributes,
provider.IDPOptions,
),
@@ -1600,6 +1601,7 @@ func (c *Commands) prepareUpdateOrgLDAPProvider(a *org.Aggregate, writeModel *Or
provider.UserObjectClasses,
provider.UserFilters,
provider.Timeout,
provider.RootCA,
c.idpConfigEncryption,
provider.LDAPAttributes,
provider.IDPOptions,

2
internal/command/org_idp_model.go
View File

@@ -778,6 +778,7 @@ func (wm *OrgLDAPIDPWriteModel) NewChangedEvent(
userObjectClasses []string,
userFilters []string,
timeout time.Duration,
rootCA []byte,
secretCrypto crypto.EncryptionAlgorithm,
attributes idp.LDAPAttributes,
options idp.Options,
@@ -794,6 +795,7 @@ func (wm *OrgLDAPIDPWriteModel) NewChangedEvent(
userObjectClasses,
userFilters,
timeout,
rootCA,
secretCrypto,
attributes,
options,

7
internal/command/org_idp_test.go
View File

@@ -4328,6 +4328,7 @@ func TestCommandSide_AddOrgLDAPIDP(t *testing.T) {
[]string{"object"},
[]string{"filter"},
time.Second*30,
nil,
idp.LDAPAttributes{},
idp.Options{},
),
@@ -4380,6 +4381,7 @@ func TestCommandSide_AddOrgLDAPIDP(t *testing.T) {
[]string{"object"},
[]string{"filter"},
time.Second*30,
[]byte("certificate"),
idp.LDAPAttributes{
IDAttribute: "id",
FirstNameAttribute: "firstName",
@@ -4421,6 +4423,7 @@ func TestCommandSide_AddOrgLDAPIDP(t *testing.T) {
UserObjectClasses: []string{"object"},
UserFilters: []string{"filter"},
Timeout: time.Second * 30,
RootCA: []byte("certificate"),
LDAPAttributes: idp.LDAPAttributes{
IDAttribute: "id",
FirstNameAttribute: "firstName",
@@ -4706,6 +4709,7 @@ func TestCommandSide_UpdateOrgLDAPIDP(t *testing.T) {
[]string{"object"},
[]string{"filter"},
time.Second*30,
[]byte("certificate"),
idp.LDAPAttributes{},
idp.Options{},
)),
@@ -4725,6 +4729,7 @@ func TestCommandSide_UpdateOrgLDAPIDP(t *testing.T) {
UserFilters: []string{"filter"},
UserBase: "user",
Timeout: time.Second * 30,
RootCA: []byte("certificate"),
},
},
res: res{
@@ -4754,6 +4759,7 @@ func TestCommandSide_UpdateOrgLDAPIDP(t *testing.T) {
[]string{"object"},
[]string{"filter"},
time.Second*30,
[]byte("certificate"),
idp.LDAPAttributes{},
idp.Options{},
)),
@@ -4823,6 +4829,7 @@ func TestCommandSide_UpdateOrgLDAPIDP(t *testing.T) {
UserObjectClasses: []string{"new object"},
UserFilters: []string{"new filter"},
Timeout: time.Second * 20,
RootCA: []byte("certificate"),
LDAPAttributes: idp.LDAPAttributes{
IDAttribute: "new id",
FirstNameAttribute: "new firstName",