TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 07:57:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixup! fixup! fixup! fixup! fixup! fixup! added first event

Browse Source
This commit is contained in:
Iraq Jaber
2025-07-30 12:15:56 +01:00
parent ae65867849
commit 5ed2f54398
7 changed files with 465 additions and 138 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
backend/v3/storage/database/dialect/postgres/migration/003_identity_providers_table/up.sql
View File

@@ -10,6 +10,7 @@ CREATE TYPE zitadel.idp_type AS ENUM (
'saml',
'ldap',
'github',
'azure',
'google',
'microsoft',
'apple'

166
backend/v3/storage/database/events_testing/id_provider_test.go
View File

@@ -37,8 +37,8 @@ func TestServer_TestIDProviderReduces(t *testing.T) {
UsernameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL,
AutoRegister: true,
})
require.NoError(t, err)
afterCreate := time.Now()
require.NoError(t, err)
idpRepo := repository.IDProviderRepository(pool)
@@ -773,4 +773,168 @@ func TestServer_TestIDProviderReduces(t *testing.T) {
assert.WithinRange(t, updateOIDC.UpdatedAt, beforeCreate, afterCreate)
}, retryDuration, tick)
})
t.Run("test instance idp oidc migrated azure migration reduces", func(t *testing.T) {
name := gofakeit.Name()
// create OIDC
addOIDC, err := AdminClient.AddGenericOIDCProvider(CTX, &admin.AddGenericOIDCProviderRequest{
Name: name,
ClientId: "clientId",
ClientSecret: "clientSecret",
Scopes: []string{"scope"},
Issuer: "issuer",
ProviderOptions: &idp_grpc.Options{
IsLinkingAllowed: false,
IsCreationAllowed: false,
IsAutoCreation: false,
IsAutoUpdate: false,
AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_EMAIL,
},
IsIdTokenMapping: false,
UsePkce: false,
})
require.NoError(t, err)
idpRepo := repository.IDProviderRepository(pool)
var oidc *domain.IDPOIDC
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5)
assert.EventuallyWithT(t, func(t *assert.CollectT) {
oidc, err = idpRepo.GetOIDC(CTX, idpRepo.IDCondition(addOIDC.Id), instanceID, nil)
require.NoError(t, err)
assert.Equal(t, domain.IDPTypeOIDC.String(), oidc.Type)
}, retryDuration, tick)
beforeCreate := time.Now()
_, err = AdminClient.MigrateGenericOIDCProvider(CTX, &admin.MigrateGenericOIDCProviderRequest{
Id: addOIDC.Id,
Template: &admin.MigrateGenericOIDCProviderRequest_Azure{
Azure: &admin.AddAzureADProviderRequest{
Name: name,
ClientId: "new_clientId",
ClientSecret: "new_clientSecret",
Tenant: &idp_grpc.AzureADTenant{
Type: &idp_grpc.AzureADTenant_TenantType{
TenantType: idp.AzureADTenantType_AZURE_AD_TENANT_TYPE_ORGANISATIONS,
},
},
EmailVerified: true,
Scopes: []string{"new_scope"},
ProviderOptions: &idp_grpc.Options{
IsLinkingAllowed: true,
IsCreationAllowed: true,
IsAutoCreation: true,
IsAutoUpdate: true,
AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME,
},
},
},
})
afterCreate := time.Now()
require.NoError(t, err)
retryDuration, tick = integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5)
assert.EventuallyWithT(t, func(t *assert.CollectT) {
azure, err := idpRepo.GetOAzureAD(CTX, idpRepo.IDCondition(addOIDC.Id), instanceID, nil)
require.NoError(t, err)
// event instance.idp.oidc.migrated.azure
// idp
assert.Equal(t, addOIDC.Id, azure.IdentityProvider.ID)
assert.Equal(t, name, azure.IdentityProvider.Name)
// oidc
assert.Equal(t, "new_clientId", azure.ClientID)
assert.NotEqual(t, oidc.ClientSecret, azure.ClientSecret)
// type = azure
assert.Equal(t, domain.AzureTenantTypeOrganizations.String(), azure.Tenant)
assert.Equal(t, domain.IDPTypeAzure.String(), azure.Type)
assert.Equal(t, true, azure.IsEmailVerified)
assert.Equal(t, []string{"new_scope"}, azure.Scopes)
assert.Equal(t, true, azure.AllowLinking)
assert.Equal(t, true, azure.AllowCreation)
assert.Equal(t, true, azure.AllowAutoUpdate)
assert.Equal(t, domain.IDPAutoLinkingOptionUserName.String(), azure.AllowAutoLinking)
assert.WithinRange(t, azure.UpdatedAt, beforeCreate, afterCreate)
}, retryDuration, tick)
})
t.Run("test instance idp oidc migrated google migration reduces", func(t *testing.T) {
name := gofakeit.Name()
// create OIDC
addOIDC, err := AdminClient.AddGenericOIDCProvider(CTX, &admin.AddGenericOIDCProviderRequest{
Name: name,
ClientId: "clientId",
ClientSecret: "clientSecret",
Scopes: []string{"scope"},
Issuer: "issuer",
ProviderOptions: &idp_grpc.Options{
IsLinkingAllowed: false,
IsCreationAllowed: false,
IsAutoCreation: false,
IsAutoUpdate: false,
AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_EMAIL,
},
IsIdTokenMapping: false,
UsePkce: false,
})
require.NoError(t, err)
idpRepo := repository.IDProviderRepository(pool)
var oidc *domain.IDPOIDC
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5)
assert.EventuallyWithT(t, func(t *assert.CollectT) {
oidc, err = idpRepo.GetOIDC(CTX, idpRepo.IDCondition(addOIDC.Id), instanceID, nil)
require.NoError(t, err)
assert.Equal(t, domain.IDPTypeOIDC.String(), oidc.Type)
}, retryDuration, tick)
beforeCreate := time.Now()
_, err = AdminClient.MigrateGenericOIDCProvider(CTX, &admin.MigrateGenericOIDCProviderRequest{
Id: addOIDC.Id,
Template: &admin.MigrateGenericOIDCProviderRequest_Google{
Google: &admin.AddGoogleProviderRequest{
Name: name,
ClientId: "new_clientId",
ClientSecret: "new_clientSecret",
Scopes: []string{"new_scope"},
ProviderOptions: &idp_grpc.Options{
IsLinkingAllowed: true,
IsCreationAllowed: true,
IsAutoCreation: true,
IsAutoUpdate: true,
AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME,
},
},
},
})
afterCreate := time.Now()
require.NoError(t, err)
retryDuration, tick = integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5)
assert.EventuallyWithT(t, func(t *assert.CollectT) {
google, err := idpRepo.GetGoogle(CTX, idpRepo.IDCondition(addOIDC.Id), instanceID, nil)
require.NoError(t, err)
// event instance.idp.oidc.migrated.google
// idp
assert.Equal(t, addOIDC.Id, google.IdentityProvider.ID)
assert.Equal(t, name, google.IdentityProvider.Name)
// oidc
assert.Equal(t, "new_clientId", google.ClientID)
assert.NotEqual(t, oidc.ClientSecret, google.ClientSecret)
// type = google
assert.Equal(t, domain.IDPTypeGoogle.String(), google.Type)
assert.Equal(t, []string{"new_scope"}, google.Scopes)
assert.Equal(t, true, google.AllowLinking)
assert.Equal(t, true, google.AllowCreation)
assert.Equal(t, true, google.AllowAutoUpdate)
assert.Equal(t, domain.IDPAutoLinkingOptionUserName.String(), google.AllowAutoLinking)
assert.WithinRange(t, google.UpdatedAt, beforeCreate, afterCreate)
}, retryDuration, tick)
})
}

44
backend/v3/storage/database/repository/id_provider.go
View File

@@ -185,6 +185,50 @@ func (i *idProvider) GetOAuth(ctx context.Context, id domain.IDPIdentifierCondit
return idpOAuth, nil
}
func (i *idProvider) GetOAzureAD(ctx context.Context, id domain.IDPIdentifierCondition, instnaceID string, orgID *string) (*domain.IDPOAzureAD, error) {
idpAzure := &domain.IDPOAzureAD{}
var err error
idpAzure.IdentityProvider, err = i.Get(ctx, id, instnaceID, orgID)
if err != nil {
return nil, err
}
if idpAzure.Type != domain.IDPTypeAzure.String() {
// TODO
return nil, errors.New("WRONG TYPE")
}
err = json.Unmarshal([]byte(*idpAzure.Payload), idpAzure)
if err != nil {
return nil, err
}
return idpAzure, nil
}
func (i *idProvider) GetGoogle(ctx context.Context, id domain.IDPIdentifierCondition, instnaceID string, orgID *string) (*domain.IDPGoogle, error) {
idpGoogle := &domain.IDPGoogle{}
var err error
idpGoogle.IdentityProvider, err = i.Get(ctx, id, instnaceID, orgID)
if err != nil {
return nil, err
}
if idpGoogle.Type != domain.IDPTypeGoogle.String() {
// TODO
return nil, errors.New("WRONG TYPE")
}
err = json.Unmarshal([]byte(*idpGoogle.Payload), idpGoogle)
if err != nil {
return nil, err
}
return idpGoogle, nil
}
// -------------------------------------------------------------
// columns
// -------------------------------------------------------------