TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-02-28 23:27:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: set private labeling setting on project (#2184)

Browse Source 
* docs: add scope to request private labeling

* feat: add enum to project

* fix: remove unused code, add private labeling setting to query side

* fix: set private labeling depending on setting

* fix: private labeling depending on project setting

* Update proto/zitadel/management.proto

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix: rename sql file

* fix: private labeling setting

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
This commit is contained in:
Fabi 2021-08-24 08:34:10 +02:00 committed by GitHub
parent 7993d92907
commit 74688394d8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
47 changed files with 443 additions and 2047 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
docs/docs/apis/openidoauth/scopes.md
View File

@ -22,11 +22,11 @@ ZITADEL supports the usage of scopes as way of requesting information from the I
In addition to the standard compliant scopes we utilize the following scopes. In addition to the standard compliant scopes we utilize the following scopes.
| Scopes | Example | Description | | Scopes | Example | Description |
|:------------------------------------------------|:-------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |:-------------------------------------------------|:-------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| urn:zitadel:iam:org:project:role:{rolename} | `urn:zitadel:iam:org:project:role:user` | By using this scope a client can request the claim urn:zitadel:iam:roles:rolename} to be asserted when possible. As an alternative approach you can enable all roles to be asserted from the [project](../../guides/usage/projects) a client belongs to. | | urn:zitadel:iam:org:project:role:{rolename} | `urn:zitadel:iam:org:project:role:user` | By using this scope a client can request the claim urn:zitadel:iam:roles:rolename} to be asserted when possible. As an alternative approach you can enable all roles to be asserted from the [project](../../guides/usage/projects) a client belongs to. |
| urn:zitadel:iam:org:domain:primary:{domainname} | `urn:zitadel:iam:org:domain:primary:acme.ch` | When requesting this scope **ZITADEL** will enforce that the user is a member of the selected organization. If the organization does not exist a failure is displayed | | urn:zitadel:iam:org:domain:primary:{domainname} | `urn:zitadel:iam:org:domain:primary:acme.ch` | When requesting this scope **ZITADEL** will enforce that the user is a member of the selected organization. If the organization does not exist a failure is displayed |
| urn:zitadel:iam:role:{rolename} | | | | urn:zitadel:iam:role:{rolename} | | |
| `urn:zitadel:iam:org:project:id:{projectid}:aud` | ZITADEL's Project id is `urn:zitadel:iam:org:project:id:69234237810729019:aud` | By adding this scope, the requested projectid will be added to the audience of the access and id token | | `urn:zitadel:iam:org:project:id:{projectid}:aud` | ZITADEL's Project id is `urn:zitadel:iam:org:project:id:69234237810729019:aud` | By adding this scope, the requested projectid will be added to the audience of the access and id token |
> If access to ZITADEL's API's is needed with a service user the scope `urn:zitadel:iam:org:project:id:69234237810729019:aud` needs to be used with the JWT Profile request > If access to ZITADEL's API's is needed with a service user the scope `urn:zitadel:iam:org:project:id:69234237810729019:aud` needs to be used with the JWT Profile request

2
docs/docs/apis/proto/management.md
View File

@ -3277,6 +3277,7 @@ This is an empty request
| project_role_assertion | bool | - | | | project_role_assertion | bool | - | |
| project_role_check | bool | - | | | project_role_check | bool | - | |
| has_project_check | bool | - | | | has_project_check | bool | - | |
| private_labeling_setting | zitadel.project.v1.PrivateLabelingSetting | - | enum.defined_only: true<br /> |
@ -7522,6 +7523,7 @@ This is an empty request
| project_role_assertion | bool | - | | | project_role_assertion | bool | - | |
| project_role_check | bool | - | | | project_role_check | bool | - | |
| has_project_check | bool | - | | | has_project_check | bool | - | |
| private_labeling_setting | zitadel.project.v1.PrivateLabelingSetting | - | enum.defined_only: true<br /> |

13
docs/docs/apis/proto/project.md
View File

@ -66,6 +66,7 @@ title: zitadel/project.proto
| project_role_assertion | bool | describes if roles of user should be added in token | | | project_role_assertion | bool | describes if roles of user should be added in token | |
| project_role_check | bool | ZITADEL checks if the user has at least one on this project | | | project_role_check | bool | ZITADEL checks if the user has at least one on this project | |
| has_project_check | bool | ZITADEL checks if the org of the user has permission to this project | | | has_project_check | bool | ZITADEL checks if the org of the user has permission to this project | |
| private_labeling_setting | PrivateLabelingSetting | Defines from where the private labeling should be triggered | |
@ -160,6 +161,18 @@ title: zitadel/project.proto
## Enums ## Enums
### PrivateLabelingSetting {#privatelabelingsetting}
| Name | Number | Description |
| ---- | ------ | ----------- |
| PRIVATE_LABELING_SETTING_UNSPECIFIED | 0 | - |
| PRIVATE_LABELING_SETTING_ENFORCE_PROJECT_RESOURCE_OWNER_POLICY | 1 | - |
| PRIVATE_LABELING_SETTING_ALLOW_LOGIN_USER_RESOURCE_OWNER_POLICY | 2 | - |
### ProjectGrantState {#projectgrantstate} ### ProjectGrantState {#projectgrantstate}

30
internal/api/grpc/management/project_converter.go
View File

@ -8,14 +8,16 @@ import (
"github.com/caos/zitadel/internal/eventstore/v1/models" "github.com/caos/zitadel/internal/eventstore/v1/models"
proj_model "github.com/caos/zitadel/internal/project/model" proj_model "github.com/caos/zitadel/internal/project/model"
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management" mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
proj_pb "github.com/caos/zitadel/pkg/grpc/project"
) )
func ProjectCreateToDomain(req *mgmt_pb.AddProjectRequest) *domain.Project { func ProjectCreateToDomain(req *mgmt_pb.AddProjectRequest) *domain.Project {
return &domain.Project{ return &domain.Project{
Name: req.Name, Name: req.Name,
ProjectRoleAssertion: req.ProjectRoleAssertion, ProjectRoleAssertion: req.ProjectRoleAssertion,
ProjectRoleCheck: req.ProjectRoleCheck, ProjectRoleCheck: req.ProjectRoleCheck,
HasProjectCheck: req.HasProjectCheck, HasProjectCheck: req.HasProjectCheck,
PrivateLabelingSetting: privateLabelingSettingToDomain(req.PrivateLabelingSetting),
} }
} }
@ -24,10 +26,22 @@ func ProjectUpdateToDomain(req *mgmt_pb.UpdateProjectRequest) *domain.Project {
ObjectRoot: models.ObjectRoot{ ObjectRoot: models.ObjectRoot{
AggregateID: req.Id, AggregateID: req.Id,
}, },
Name: req.Name, Name: req.Name,
ProjectRoleAssertion: req.ProjectRoleAssertion, ProjectRoleAssertion: req.ProjectRoleAssertion,
ProjectRoleCheck: req.ProjectRoleCheck, ProjectRoleCheck: req.ProjectRoleCheck,
HasProjectCheck: req.HasProjectCheck, HasProjectCheck: req.HasProjectCheck,
PrivateLabelingSetting: privateLabelingSettingToDomain(req.PrivateLabelingSetting),
}
}
func privateLabelingSettingToDomain(setting proj_pb.PrivateLabelingSetting) domain.PrivateLabelingSetting {
switch setting {
case proj_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_ALLOW_LOGIN_USER_RESOURCE_OWNER_POLICY:
return domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy
case proj_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_ENFORCE_PROJECT_RESOURCE_OWNER_POLICY:
return domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy
default:
return domain.PrivateLabelingSettingUnspecified
} }
} }

2
internal/api/grpc/project/application.go
View File

@ -22,7 +22,7 @@ func AppsToPb(apps []*proj_model.ApplicationView) []*app_pb.App {
func AppToPb(app *proj_model.ApplicationView) *app_pb.App { func AppToPb(app *proj_model.ApplicationView) *app_pb.App {
return &app_pb.App{ return &app_pb.App{
Id: app.ID, Id: app.ID,
Details: object_grpc.ToViewDetailsPb(app.Sequence, app.CreationDate, app.ChangeDate, ""), //TODO: RO Details: object_grpc.ToViewDetailsPb(app.Sequence, app.CreationDate, app.ChangeDate, app.ResourceOwner),
State: AppStateToPb(app.State), State: AppStateToPb(app.State),
Name: app.Name, Name: app.Name,
Config: AppConfigToPb(app), Config: AppConfigToPb(app),

27
internal/api/grpc/project/converter.go
View File

@ -2,6 +2,7 @@ package project
import ( import (
object_grpc "github.com/caos/zitadel/internal/api/grpc/object" object_grpc "github.com/caos/zitadel/internal/api/grpc/object"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/errors" "github.com/caos/zitadel/internal/errors"
proj_model "github.com/caos/zitadel/internal/project/model" proj_model "github.com/caos/zitadel/internal/project/model"
proj_pb "github.com/caos/zitadel/pkg/grpc/project" proj_pb "github.com/caos/zitadel/pkg/grpc/project"
@ -9,13 +10,14 @@ import (
func ProjectToPb(project *proj_model.ProjectView) *proj_pb.Project { func ProjectToPb(project *proj_model.ProjectView) *proj_pb.Project {
return &proj_pb.Project{ return &proj_pb.Project{
Id: project.ProjectID, Id: project.ProjectID,
Details: object_grpc.ToViewDetailsPb(project.Sequence, project.CreationDate, project.ChangeDate, project.ResourceOwner), Details: object_grpc.ToViewDetailsPb(project.Sequence, project.CreationDate, project.ChangeDate, project.ResourceOwner),
Name: project.Name, Name: project.Name,
State: projectStateToPb(project.State), State: projectStateToPb(project.State),
ProjectRoleAssertion: project.ProjectRoleAssertion, ProjectRoleAssertion: project.ProjectRoleAssertion,
ProjectRoleCheck: project.ProjectRoleCheck, ProjectRoleCheck: project.ProjectRoleCheck,
HasProjectCheck: project.HasProjectCheck, HasProjectCheck: project.HasProjectCheck,
PrivateLabelingSetting: privateLabelingSettingToPb(project.PrivateLabelingSetting),
} }
} }
@ -61,6 +63,17 @@ func projectStateToPb(state proj_model.ProjectState) proj_pb.ProjectState {
} }
} }
func privateLabelingSettingToPb(setting domain.PrivateLabelingSetting) proj_pb.PrivateLabelingSetting {
switch setting {
case domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy:
return proj_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_ALLOW_LOGIN_USER_RESOURCE_OWNER_POLICY
case domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy:
return proj_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_ENFORCE_PROJECT_RESOURCE_OWNER_POLICY
default:
return proj_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_UNSPECIFIED
}
}
func grantedProjectStateToPb(state proj_model.ProjectState) proj_pb.ProjectGrantState { func grantedProjectStateToPb(state proj_model.ProjectState) proj_pb.ProjectGrantState {
switch state { switch state {
case proj_model.ProjectStateActive: case proj_model.ProjectStateActive:

13
internal/auth/repository/eventsourcing/eventstore/auth_request.go
View File

@ -124,6 +124,8 @@ func (repo *AuthRequestRepo) CreateAuthRequest(ctx context.Context, request *dom
} }
request.Audience = appIDs request.Audience = appIDs
request.AppendAudIfNotExisting(app.ProjectID) request.AppendAudIfNotExisting(app.ProjectID)
request.ApplicationResourceOwner = app.ResourceOwner
request.PrivateLabelingSetting = app.PrivateLabelingSetting
if err := setOrgID(repo.OrgViewProvider, request); err != nil { if err := setOrgID(repo.OrgViewProvider, request); err != nil {
return nil, err return nil, err
} }
@ -510,7 +512,16 @@ func (repo *AuthRequestRepo) fillPolicies(ctx context.Context, request *domain.A
return err return err
} }
request.PrivacyPolicy = privacyPolicy request.PrivacyPolicy = privacyPolicy
labelPolicy, err := repo.getLabelPolicy(ctx, orgID) privateLabelingOrgID := domain.IAMID
if request.PrivateLabelingSetting != domain.PrivateLabelingSettingUnspecified {
privateLabelingOrgID = request.ApplicationResourceOwner
}
if request.PrivateLabelingSetting == domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy || request.PrivateLabelingSetting == domain.PrivateLabelingSettingUnspecified {
if request.UserOrgID != "" {
privateLabelingOrgID = request.UserOrgID
}
}
labelPolicy, err := repo.getLabelPolicy(ctx, privateLabelingOrgID)
if err != nil { if err != nil {
return err return err
} }

1
internal/auth/repository/eventsourcing/handler/application.go
View File

@ -84,6 +84,7 @@ func (a *Application) Reduce(event *models.Event) (err error) {
app.ProjectRoleCheck = project.ProjectRoleCheck app.ProjectRoleCheck = project.ProjectRoleCheck
app.HasProjectCheck = project.HasProjectCheck app.HasProjectCheck = project.HasProjectCheck
app.ProjectRoleAssertion = project.ProjectRoleAssertion app.ProjectRoleAssertion = project.ProjectRoleAssertion
app.PrivateLabelingSetting = project.PrivateLabelingSetting
err = app.AppendEvent(event) err = app.AppendEvent(event)
case es_model.ApplicationChanged, case es_model.ApplicationChanged,

12
internal/command/project.go
View File

@ -45,7 +45,14 @@ func (c *Commands) addProject(ctx context.Context, projectAdd *domain.Project, r
projectRole = domain.RoleProjectOwnerGlobal projectRole = domain.RoleProjectOwnerGlobal
} }
events := []eventstore.EventPusher{ events := []eventstore.EventPusher{
project.NewProjectAddedEvent(ctx, projectAgg, projectAdd.Name, projectAdd.ProjectRoleAssertion, projectAdd.ProjectRoleCheck, projectAdd.HasProjectCheck), project.NewProjectAddedEvent(
ctx,
projectAgg,
projectAdd.Name,
projectAdd.ProjectRoleAssertion,
projectAdd.ProjectRoleCheck,
projectAdd.HasProjectCheck,
projectAdd.PrivateLabelingSetting),
project.NewProjectMemberAddedEvent(ctx, projectAgg, ownerUserID, projectRole), project.NewProjectMemberAddedEvent(ctx, projectAgg, ownerUserID, projectRole),
} }
return events, addedProject, nil return events, addedProject, nil
@ -93,7 +100,8 @@ func (c *Commands) ChangeProject(ctx context.Context, projectChange *domain.Proj
projectChange.Name, projectChange.Name,
projectChange.ProjectRoleAssertion, projectChange.ProjectRoleAssertion,
projectChange.ProjectRoleCheck, projectChange.ProjectRoleCheck,
projectChange.HasProjectCheck) projectChange.HasProjectCheck,
projectChange.PrivateLabelingSetting)
if err != nil { if err != nil {
return nil, err return nil, err
} }

9
internal/command/project_application_api_test.go
View File

@ -84,7 +84,8 @@ func TestCommandSide_AddAPIApplication(t *testing.T) {
eventFromEventPusher( eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true), "project", true, true, true,
domain.PrivateLabelingSettingUnspecified),
), ),
), ),
), ),
@ -113,7 +114,8 @@ func TestCommandSide_AddAPIApplication(t *testing.T) {
eventFromEventPusher( eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true), "project", true, true, true,
domain.PrivateLabelingSettingUnspecified),
), ),
), ),
expectPush( expectPush(
@ -180,7 +182,8 @@ func TestCommandSide_AddAPIApplication(t *testing.T) {
eventFromEventPusher( eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true), "project", true, true, true,
domain.PrivateLabelingSettingUnspecified),
), ),
), ),
expectPush( expectPush(

6
internal/command/project_application_oidc_test.go
View File

@ -87,7 +87,8 @@ func TestCommandSide_AddOIDCApplication(t *testing.T) {
eventFromEventPusher( eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true), "project", true, true, true,
domain.PrivateLabelingSettingUnspecified),
), ),
), ),
), ),
@ -116,7 +117,8 @@ func TestCommandSide_AddOIDCApplication(t *testing.T) {
eventFromEventPusher( eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true), "project", true, true, true,
domain.PrivateLabelingSettingUnspecified),
), ),
), ),
expectPush( expectPush(

11
internal/command/project_converter.go
View File

@ -6,11 +6,12 @@ import (
func projectWriteModelToProject(writeModel *ProjectWriteModel) *domain.Project { func projectWriteModelToProject(writeModel *ProjectWriteModel) *domain.Project {
return &domain.Project{ return &domain.Project{
ObjectRoot: writeModelToObjectRoot(writeModel.WriteModel), ObjectRoot: writeModelToObjectRoot(writeModel.WriteModel),
Name: writeModel.Name, Name: writeModel.Name,
ProjectRoleAssertion: writeModel.ProjectRoleAssertion, ProjectRoleAssertion: writeModel.ProjectRoleAssertion,
ProjectRoleCheck: writeModel.ProjectRoleCheck, ProjectRoleCheck: writeModel.ProjectRoleCheck,
HasProjectCheck: writeModel.HasProjectCheck, HasProjectCheck: writeModel.HasProjectCheck,
PrivateLabelingSetting: writeModel.PrivateLabelingSetting,
} }
} }

19
internal/command/project_grant_test.go
View File

@ -88,6 +88,7 @@ func TestCommandSide_AddProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
), ),
@ -117,6 +118,7 @@ func TestCommandSide_AddProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
eventFromEventPusher( eventFromEventPusher(
@ -153,6 +155,7 @@ func TestCommandSide_AddProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
eventFromEventPusher( eventFromEventPusher(
@ -342,6 +345,7 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
), ),
@ -380,6 +384,7 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
eventFromEventPusher( eventFromEventPusher(
@ -425,6 +430,7 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
eventFromEventPusher( eventFromEventPusher(
@ -478,6 +484,7 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
eventFromEventPusher( eventFromEventPusher(
@ -557,6 +564,7 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
eventFromEventPusher( eventFromEventPusher(
@ -638,6 +646,7 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
eventFromEventPusher( eventFromEventPusher(
@ -814,6 +823,7 @@ func TestCommandSide_DeactivateProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
), ),
@ -840,6 +850,7 @@ func TestCommandSide_DeactivateProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
), ),
@ -877,6 +888,7 @@ func TestCommandSide_DeactivateProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
), ),
@ -1010,6 +1022,7 @@ func TestCommandSide_ReactivateProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
), ),
@ -1036,6 +1049,7 @@ func TestCommandSide_ReactivateProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
), ),
@ -1069,6 +1083,7 @@ func TestCommandSide_ReactivateProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
), ),
@ -1207,6 +1222,7 @@ func TestCommandSide_RemoveProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
), ),
@ -1233,6 +1249,7 @@ func TestCommandSide_RemoveProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
), ),
@ -1278,6 +1295,7 @@ func TestCommandSide_RemoveProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
), ),
@ -1325,6 +1343,7 @@ func TestCommandSide_RemoveProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
), ),

19
internal/command/project_model.go
View File

@ -11,11 +11,12 @@ import (
type ProjectWriteModel struct { type ProjectWriteModel struct {
eventstore.WriteModel eventstore.WriteModel
Name string Name string
ProjectRoleAssertion bool ProjectRoleAssertion bool
ProjectRoleCheck bool ProjectRoleCheck bool
HasProjectCheck bool HasProjectCheck bool
State domain.ProjectState PrivateLabelingSetting domain.PrivateLabelingSetting
State domain.ProjectState
} }
func NewProjectWriteModel(projectID string, resourceOwner string) *ProjectWriteModel { func NewProjectWriteModel(projectID string, resourceOwner string) *ProjectWriteModel {
@ -35,6 +36,7 @@ func (wm *ProjectWriteModel) Reduce() error {
wm.ProjectRoleAssertion = e.ProjectRoleAssertion wm.ProjectRoleAssertion = e.ProjectRoleAssertion
wm.ProjectRoleCheck = e.ProjectRoleCheck wm.ProjectRoleCheck = e.ProjectRoleCheck
wm.HasProjectCheck = e.HasProjectCheck wm.HasProjectCheck = e.HasProjectCheck
wm.PrivateLabelingSetting = e.PrivateLabelingSetting
wm.State = domain.ProjectStateActive wm.State = domain.ProjectStateActive
case *project.ProjectChangeEvent: case *project.ProjectChangeEvent:
if e.Name != nil { if e.Name != nil {
@ -49,6 +51,9 @@ func (wm *ProjectWriteModel) Reduce() error {
if e.HasProjectCheck != nil { if e.HasProjectCheck != nil {
wm.HasProjectCheck = *e.HasProjectCheck wm.HasProjectCheck = *e.HasProjectCheck
} }
if e.PrivateLabelingSetting != nil {
wm.PrivateLabelingSetting = *e.PrivateLabelingSetting
}
case *project.ProjectDeactivatedEvent: case *project.ProjectDeactivatedEvent:
if wm.State == domain.ProjectStateRemoved { if wm.State == domain.ProjectStateRemoved {
continue continue
@ -87,6 +92,7 @@ func (wm *ProjectWriteModel) NewChangedEvent(
projectRoleAssertion, projectRoleAssertion,
projectRoleCheck, projectRoleCheck,
hasProjectCheck bool, hasProjectCheck bool,
privateLabelingSetting domain.PrivateLabelingSetting,
) (*project.ProjectChangeEvent, bool, error) { ) (*project.ProjectChangeEvent, bool, error) {
changes := make([]project.ProjectChanges, 0) changes := make([]project.ProjectChanges, 0)
var err error var err error
@ -105,6 +111,9 @@ func (wm *ProjectWriteModel) NewChangedEvent(
if wm.HasProjectCheck != hasProjectCheck { if wm.HasProjectCheck != hasProjectCheck {
changes = append(changes, project.ChangeHasProjectCheck(hasProjectCheck)) changes = append(changes, project.ChangeHasProjectCheck(hasProjectCheck))
} }
if wm.PrivateLabelingSetting != privateLabelingSetting {
changes = append(changes, project.ChangePrivateLabelingSetting(privateLabelingSetting))
}
if len(changes) == 0 { if len(changes) == 0 {
return nil, false, nil return nil, false, nil
} }

12
internal/command/project_role_test.go
View File

@ -42,6 +42,7 @@ func TestCommandSide_AddProjectRole(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
eventFromEventPusher( eventFromEventPusher(
@ -77,6 +78,7 @@ func TestCommandSide_AddProjectRole(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
), ),
@ -105,6 +107,7 @@ func TestCommandSide_AddProjectRole(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
), ),
@ -149,6 +152,7 @@ func TestCommandSide_AddProjectRole(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
), ),
@ -241,6 +245,7 @@ func TestCommandSide_BulkAddProjectRole(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
eventFromEventPusher( eventFromEventPusher(
@ -278,6 +283,7 @@ func TestCommandSide_BulkAddProjectRole(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
), ),
@ -310,6 +316,7 @@ func TestCommandSide_BulkAddProjectRole(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
), ),
@ -368,6 +375,7 @@ func TestCommandSide_BulkAddProjectRole(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
), ),
@ -487,6 +495,7 @@ func TestCommandSide_ChangeProjectRole(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
eventFromEventPusher( eventFromEventPusher(
@ -522,6 +531,7 @@ func TestCommandSide_ChangeProjectRole(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
), ),
@ -569,6 +579,7 @@ func TestCommandSide_ChangeProjectRole(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
), ),
@ -610,6 +621,7 @@ func TestCommandSide_ChangeProjectRole(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
), ),

138
internal/command/project_test.go
View File

@ -74,6 +74,7 @@ func TestCommandSide_AddProject(t *testing.T) {
context.Background(), context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true, "project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy,
), ),
), ),
eventFromEventPusher(project.NewProjectMemberAddedEvent( eventFromEventPusher(project.NewProjectMemberAddedEvent(
@ -93,10 +94,11 @@ func TestCommandSide_AddProject(t *testing.T) {
args: args{ args: args{
ctx: context.Background(), ctx: context.Background(),
project: &domain.Project{ project: &domain.Project{
Name: "project", Name: "project",
ProjectRoleAssertion: true, ProjectRoleAssertion: true,
ProjectRoleCheck: true, ProjectRoleCheck: true,
HasProjectCheck: true, HasProjectCheck: true,
PrivateLabelingSetting: domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy,
}, },
resourceOwner: "org1", resourceOwner: "org1",
ownerID: "user1", ownerID: "user1",
@ -124,6 +126,7 @@ func TestCommandSide_AddProject(t *testing.T) {
context.Background(), context.Background(),
&project.NewAggregate("project1", "globalorg").Aggregate, &project.NewAggregate("project1", "globalorg").Aggregate,
"project", true, true, true, "project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy,
), ),
), ),
eventFromEventPusher(project.NewProjectMemberAddedEvent( eventFromEventPusher(project.NewProjectMemberAddedEvent(
@ -143,10 +146,11 @@ func TestCommandSide_AddProject(t *testing.T) {
args: args{ args: args{
ctx: context.Background(), ctx: context.Background(),
project: &domain.Project{ project: &domain.Project{
Name: "project", Name: "project",
ProjectRoleAssertion: true, ProjectRoleAssertion: true,
ProjectRoleCheck: true, ProjectRoleCheck: true,
HasProjectCheck: true, HasProjectCheck: true,
PrivateLabelingSetting: domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy,
}, },
resourceOwner: "globalorg", resourceOwner: "globalorg",
ownerID: "user1", ownerID: "user1",
@ -157,10 +161,11 @@ func TestCommandSide_AddProject(t *testing.T) {
ResourceOwner: "globalorg", ResourceOwner: "globalorg",
AggregateID: "project1", AggregateID: "project1",
}, },
Name: "project", Name: "project",
ProjectRoleAssertion: true, ProjectRoleAssertion: true,
ProjectRoleCheck: true, ProjectRoleCheck: true,
HasProjectCheck: true, HasProjectCheck: true,
PrivateLabelingSetting: domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy,
}, },
}, },
}, },
@ -183,6 +188,7 @@ func TestCommandSide_AddProject(t *testing.T) {
context.Background(), context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true, "project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy,
), ),
), ),
eventFromEventPusher(project.NewProjectMemberAddedEvent( eventFromEventPusher(project.NewProjectMemberAddedEvent(
@ -202,10 +208,11 @@ func TestCommandSide_AddProject(t *testing.T) {
args: args{ args: args{
ctx: context.Background(), ctx: context.Background(),
project: &domain.Project{ project: &domain.Project{
Name: "project", Name: "project",
ProjectRoleAssertion: true, ProjectRoleAssertion: true,
ProjectRoleCheck: true, ProjectRoleCheck: true,
HasProjectCheck: true, HasProjectCheck: true,
PrivateLabelingSetting: domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy,
}, },
resourceOwner: "org1", resourceOwner: "org1",
ownerID: "user1", ownerID: "user1",
@ -216,10 +223,11 @@ func TestCommandSide_AddProject(t *testing.T) {
ResourceOwner: "org1", ResourceOwner: "org1",
AggregateID: "project1", AggregateID: "project1",
}, },
Name: "project", Name: "project",
ProjectRoleAssertion: true, ProjectRoleAssertion: true,
ProjectRoleCheck: true, ProjectRoleCheck: true,
HasProjectCheck: true, HasProjectCheck: true,
PrivateLabelingSetting: domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy,
}, },
}, },
}, },
@ -332,7 +340,8 @@ func TestCommandSide_ChangeProject(t *testing.T) {
eventFromEventPusher( eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true), "project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
), ),
eventFromEventPusher( eventFromEventPusher(
project.NewProjectRemovedEvent(context.Background(), project.NewProjectRemovedEvent(context.Background(),
@ -365,7 +374,8 @@ func TestCommandSide_ChangeProject(t *testing.T) {
eventFromEventPusher( eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true), "project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
), ),
), ),
), ),
@ -376,10 +386,11 @@ func TestCommandSide_ChangeProject(t *testing.T) {
ObjectRoot: models.ObjectRoot{ ObjectRoot: models.ObjectRoot{
AggregateID: "project1", AggregateID: "project1",
}, },
Name: "project", Name: "project",
ProjectRoleAssertion: true, ProjectRoleAssertion: true,
ProjectRoleCheck: true, ProjectRoleCheck: true,
HasProjectCheck: true, HasProjectCheck: true,
PrivateLabelingSetting: domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy,
}, },
resourceOwner: "org1", resourceOwner: "org1",
}, },
@ -396,7 +407,8 @@ func TestCommandSide_ChangeProject(t *testing.T) {
eventFromEventPusher( eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true), "project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
), ),
), ),
expectPush( expectPush(
@ -409,7 +421,8 @@ func TestCommandSide_ChangeProject(t *testing.T) {
"project-new", "project-new",
false, false,
false, false,
false), false,
domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy),
), ),
}, },
uniqueConstraintsFromEventConstraint(project.NewRemoveProjectNameUniqueConstraint("project", "org1")), uniqueConstraintsFromEventConstraint(project.NewRemoveProjectNameUniqueConstraint("project", "org1")),
@ -423,10 +436,11 @@ func TestCommandSide_ChangeProject(t *testing.T) {
ObjectRoot: models.ObjectRoot{ ObjectRoot: models.ObjectRoot{
AggregateID: "project1", AggregateID: "project1",
}, },
Name: "project-new", Name: "project-new",
ProjectRoleAssertion: false, ProjectRoleAssertion: false,
ProjectRoleCheck: false, ProjectRoleCheck: false,
HasProjectCheck: false, HasProjectCheck: false,
PrivateLabelingSetting: domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy,
}, },
resourceOwner: "org1", resourceOwner: "org1",
}, },
@ -436,10 +450,11 @@ func TestCommandSide_ChangeProject(t *testing.T) {
AggregateID: "project1", AggregateID: "project1",
ResourceOwner: "org1", ResourceOwner: "org1",
}, },
Name: "project-new", Name: "project-new",
ProjectRoleAssertion: false, ProjectRoleAssertion: false,
ProjectRoleCheck: false, ProjectRoleCheck: false,
HasProjectCheck: false, HasProjectCheck: false,
PrivateLabelingSetting: domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy,
}, },
}, },
}, },
@ -452,7 +467,8 @@ func TestCommandSide_ChangeProject(t *testing.T) {
eventFromEventPusher( eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true), "project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
), ),
), ),
expectPush( expectPush(
@ -465,7 +481,8 @@ func TestCommandSide_ChangeProject(t *testing.T) {
"", "",
false, false,
false, false,
false), false,
domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy),
), ),
}, },
), ),
@ -477,10 +494,11 @@ func TestCommandSide_ChangeProject(t *testing.T) {
ObjectRoot: models.ObjectRoot{ ObjectRoot: models.ObjectRoot{
AggregateID: "project1", AggregateID: "project1",
}, },
Name: "project", Name: "project",
ProjectRoleAssertion: false, ProjectRoleAssertion: false,
ProjectRoleCheck: false, ProjectRoleCheck: false,
HasProjectCheck: false, HasProjectCheck: false,
PrivateLabelingSetting: domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy,
}, },
resourceOwner: "org1", resourceOwner: "org1",
}, },
@ -490,10 +508,11 @@ func TestCommandSide_ChangeProject(t *testing.T) {
AggregateID: "project1", AggregateID: "project1",
ResourceOwner: "org1", ResourceOwner: "org1",
}, },
Name: "project", Name: "project",
ProjectRoleAssertion: false, ProjectRoleAssertion: false,
ProjectRoleCheck: false, ProjectRoleCheck: false,
HasProjectCheck: false, HasProjectCheck: false,
PrivateLabelingSetting: domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy,
}, },
}, },
}, },
@ -594,7 +613,8 @@ func TestCommandSide_DeactivateProject(t *testing.T) {
eventFromEventPusher( eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true), "project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
), ),
eventFromEventPusher( eventFromEventPusher(
project.NewProjectRemovedEvent(context.Background(), project.NewProjectRemovedEvent(context.Background(),
@ -622,7 +642,8 @@ func TestCommandSide_DeactivateProject(t *testing.T) {
eventFromEventPusher( eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true), "project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
), ),
eventFromEventPusher( eventFromEventPusher(
project.NewProjectDeactivatedEvent(context.Background(), project.NewProjectDeactivatedEvent(context.Background(),
@ -649,7 +670,8 @@ func TestCommandSide_DeactivateProject(t *testing.T) {
eventFromEventPusher( eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true), "project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
), ),
), ),
expectPush( expectPush(
@ -770,7 +792,8 @@ func TestCommandSide_ReactivateProject(t *testing.T) {
eventFromEventPusher( eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true), "project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
), ),
eventFromEventPusher( eventFromEventPusher(
project.NewProjectRemovedEvent(context.Background(), project.NewProjectRemovedEvent(context.Background(),
@ -798,7 +821,8 @@ func TestCommandSide_ReactivateProject(t *testing.T) {
eventFromEventPusher( eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true), "project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
), ),
), ),
), ),
@ -821,7 +845,8 @@ func TestCommandSide_ReactivateProject(t *testing.T) {
eventFromEventPusher( eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true), "project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
), ),
eventFromEventPusher( eventFromEventPusher(
project.NewProjectDeactivatedEvent(context.Background(), project.NewProjectDeactivatedEvent(context.Background(),
@ -946,7 +971,8 @@ func TestCommandSide_RemoveProject(t *testing.T) {
eventFromEventPusher( eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true), "project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
), ),
eventFromEventPusher( eventFromEventPusher(
project.NewProjectRemovedEvent(context.Background(), project.NewProjectRemovedEvent(context.Background(),
@ -974,7 +1000,8 @@ func TestCommandSide_RemoveProject(t *testing.T) {
eventFromEventPusher( eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true), "project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
), ),
), ),
expectPush( expectPush(
@ -1020,11 +1047,12 @@ func TestCommandSide_RemoveProject(t *testing.T) {
} }
} }
func newProjectChangedEvent(ctx context.Context, projectID, resourceOwner, oldName, newName string, roleAssertion, roleCheck, hasProjectCheck bool) *project.ProjectChangeEvent { func newProjectChangedEvent(ctx context.Context, projectID, resourceOwner, oldName, newName string, roleAssertion, roleCheck, hasProjectCheck bool, privateLabelingSetting domain.PrivateLabelingSetting) *project.ProjectChangeEvent {
changes := []project.ProjectChanges{ changes := []project.ProjectChanges{
project.ChangeProjectRoleAssertion(roleAssertion), project.ChangeProjectRoleAssertion(roleAssertion),
project.ChangeProjectRoleCheck(roleCheck), project.ChangeProjectRoleCheck(roleCheck),
project.ChangeHasProjectCheck(hasProjectCheck), project.ChangeHasProjectCheck(hasProjectCheck),
project.ChangePrivateLabelingSetting(privateLabelingSetting),
} }
if newName != "" { if newName != "" {
changes = append(changes, project.ChangeName(newName)) changes = append(changes, project.ChangeName(newName))

12
internal/command/user_grant_test.go
View File

@ -141,6 +141,7 @@ func TestCommandSide_AddUserGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
eventFromEventPusher( eventFromEventPusher(
@ -188,6 +189,7 @@ func TestCommandSide_AddUserGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
), ),
@ -230,6 +232,7 @@ func TestCommandSide_AddUserGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
), ),
@ -273,6 +276,7 @@ func TestCommandSide_AddUserGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
eventFromEventPusher( eventFromEventPusher(
@ -332,6 +336,7 @@ func TestCommandSide_AddUserGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
eventFromEventPusher( eventFromEventPusher(
@ -404,6 +409,7 @@ func TestCommandSide_AddUserGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
eventFromEventPusher( eventFromEventPusher(
@ -718,6 +724,7 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
eventFromEventPusher( eventFromEventPusher(
@ -777,6 +784,7 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
), ),
@ -831,6 +839,7 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
), ),
@ -886,6 +895,7 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
eventFromEventPusher( eventFromEventPusher(
@ -957,6 +967,7 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
eventFromEventPusher( eventFromEventPusher(
@ -1044,6 +1055,7 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(), project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate, &project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true, "projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
), ),
), ),
eventFromEventPusher( eventFromEventPusher(

54
internal/domain/auth_request.go
View File

@ -25,32 +25,34 @@ type AuthRequest struct {
MaxAuthAge *time.Duration MaxAuthAge *time.Duration
Request Request Request Request
levelOfAssurance LevelOfAssurance levelOfAssurance LevelOfAssurance
UserID string UserID string
UserName string UserName string
LoginName string LoginName string
DisplayName string DisplayName string
AvatarKey string AvatarKey string
PresignedAvatar string PresignedAvatar string
UserOrgID string UserOrgID string
RequestedOrgID string RequestedOrgID string
RequestedOrgName string RequestedOrgName string
RequestedPrimaryDomain string RequestedPrimaryDomain string
SelectedIDPConfigID string ApplicationResourceOwner string
LinkingUsers []*ExternalUser PrivateLabelingSetting PrivateLabelingSetting
PossibleSteps []NextStep SelectedIDPConfigID string
PasswordVerified bool LinkingUsers []*ExternalUser
MFAsVerified []MFAType PossibleSteps []NextStep
Audience []string PasswordVerified bool
AuthTime time.Time MFAsVerified []MFAType
Code string Audience []string
LoginPolicy *LoginPolicy AuthTime time.Time
AllowedExternalIDPs []*IDPProvider Code string
LabelPolicy *LabelPolicy LoginPolicy *LoginPolicy
PrivacyPolicy *PrivacyPolicy AllowedExternalIDPs []*IDPProvider
LockoutPolicy *LockoutPolicy LabelPolicy *LabelPolicy
DefaultTranslations []*CustomText PrivacyPolicy *PrivacyPolicy
OrgTranslations []*CustomText LockoutPolicy *LockoutPolicy
DefaultTranslations []*CustomText
OrgTranslations []*CustomText
} }
type ExternalUser struct { type ExternalUser struct {

19
internal/domain/project.go
View File

@ -7,11 +7,12 @@ import (
type Project struct { type Project struct {
models.ObjectRoot models.ObjectRoot
State ProjectState State ProjectState
Name string Name string
ProjectRoleAssertion bool ProjectRoleAssertion bool
ProjectRoleCheck bool ProjectRoleCheck bool
HasProjectCheck bool HasProjectCheck bool
PrivateLabelingSetting PrivateLabelingSetting
} }
type ProjectState int32 type ProjectState int32
@ -23,6 +24,14 @@ const (
ProjectStateRemoved ProjectStateRemoved
) )
type PrivateLabelingSetting int32
const (
PrivateLabelingSettingUnspecified PrivateLabelingSetting = iota
PrivateLabelingSettingEnforceProjectResourceOwnerPolicy
PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy
)
func (o *Project) IsValid() bool { func (o *Project) IsValid() bool {
return o.Name != "" return o.Name != ""
} }

1
internal/management/repository/eventsourcing/handler/application.go
View File

@ -86,6 +86,7 @@ func (a *Application) Reduce(event *models.Event) (err error) {
app.ProjectRoleCheck = project.ProjectRoleCheck app.ProjectRoleCheck = project.ProjectRoleCheck
app.HasProjectCheck = project.HasProjectCheck app.HasProjectCheck = project.HasProjectCheck
app.ProjectRoleAssertion = project.ProjectRoleAssertion app.ProjectRoleAssertion = project.ProjectRoleAssertion
app.PrivateLabelingSetting = project.PrivateLabelingSetting
err = app.AppendEvent(event) err = app.AppendEvent(event)
case es_model.ApplicationChanged, case es_model.ApplicationChanged,

19
internal/project/model/application_view.go
View File

@ -8,14 +8,17 @@ import (
) )
type ApplicationView struct { type ApplicationView struct {
ID string ID string
ProjectID string ProjectID string
Name string Name string
CreationDate time.Time CreationDate time.Time
ChangeDate time.Time ChangeDate time.Time
State AppState ResourceOwner string
ProjectRoleAssertion bool State AppState
ProjectRoleCheck bool ProjectRoleAssertion bool
ProjectRoleCheck bool
HasProjectCheck bool
PrivateLabelingSetting domain.PrivateLabelingSetting
IsOIDC bool IsOIDC bool
OIDCVersion OIDCVersion OIDCVersion OIDCVersion

29
internal/project/model/project.go
View File

@ -3,21 +3,23 @@ package model
import ( import (
"github.com/golang/protobuf/ptypes/timestamp" "github.com/golang/protobuf/ptypes/timestamp"
"github.com/caos/zitadel/internal/domain"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models" es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
) )
type Project struct { type Project struct {
es_models.ObjectRoot es_models.ObjectRoot
State ProjectState State ProjectState
Name string Name string
Members []*ProjectMember Members []*ProjectMember
Roles []*ProjectRole Roles []*ProjectRole
Applications []*Application Applications []*Application
Grants []*ProjectGrant Grants []*ProjectGrant
ProjectRoleAssertion bool ProjectRoleAssertion bool
ProjectRoleCheck bool ProjectRoleCheck bool
HasProjectCheck bool HasProjectCheck bool
PrivateLabelingSetting domain.PrivateLabelingSetting
} }
type ProjectChanges struct { type ProjectChanges struct {
Changes []*ProjectChange Changes []*ProjectChange
@ -55,15 +57,6 @@ func (p *Project) IsValid() bool {
return p.Name != "" return p.Name != ""
} }
func (p *Project) GetMember(userID string) (int, *ProjectMember) {
for i, m := range p.Members {
if m.UserID == userID {
return i, m
}
}
return -1, nil
}
func (p *Project) ContainsRole(role *ProjectRole) bool { func (p *Project) ContainsRole(role *ProjectRole) bool {
for _, r := range p.Roles { for _, r := range p.Roles {
if r.Key == role.Key { if r.Key == role.Key {

21
internal/project/model/project_view.go
View File

@ -8,16 +8,17 @@ import (
) )
type ProjectView struct { type ProjectView struct {
ProjectID string ProjectID string
Name string Name string
CreationDate time.Time CreationDate time.Time
ChangeDate time.Time ChangeDate time.Time
State ProjectState State ProjectState
ResourceOwner string ResourceOwner string
ProjectRoleAssertion bool ProjectRoleAssertion bool
ProjectRoleCheck bool ProjectRoleCheck bool
HasProjectCheck bool HasProjectCheck bool
Sequence uint64 PrivateLabelingSetting domain.PrivateLabelingSetting
Sequence uint64
} }
type ProjectViewSearchRequest struct { type ProjectViewSearchRequest struct {

35
internal/project/repository/eventsourcing/cache.go
View File

@ -1,35 +0,0 @@
package eventsourcing
import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/cache"
"github.com/caos/zitadel/internal/cache/config"
"github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
)
type ProjectCache struct {
projectCache cache.Cache
}
func StartCache(conf *config.CacheConfig) (*ProjectCache, error) {
projectCache, err := conf.Config.NewCache()
logging.Log("EVENT-CsHdo").OnError(err).Panic("unable to create project cache")
return &ProjectCache{projectCache: projectCache}, nil
}
func (c *ProjectCache) getProject(ID string) (project *model.Project) {
project = &model.Project{ObjectRoot: models.ObjectRoot{AggregateID: ID}}
if err := c.projectCache.Get(ID, project); err != nil {
logging.Log("EVENT-tMydV").WithError(err).Debug("error in getting cache")
}
return project
}
func (c *ProjectCache) cacheProject(project *model.Project) {
err := c.projectCache.Set(project.AggregateID, project)
if err != nil {
logging.Log("EVENT-3wKzj").WithError(err).Debug("error in setting project cache")
}
}

46
internal/project/repository/eventsourcing/eventstore.go
View File

@ -1,46 +0,0 @@
package eventsourcing
//
//import (
// "github.com/caos/zitadel/internal/cache/config"
// sd "github.com/caos/zitadel/internal/config/systemdefaults"
// "github.com/caos/zitadel/internal/crypto"
// es_int "github.com/caos/zitadel/internal/eventstore"
// "github.com/caos/zitadel/internal/id"
//)
//
//const (
// projectOwnerRole = "PROJECT_OWNER"
// projectOwnerGlobalRole = "PROJECT_OWNER_GLOBAL"
//)
//
//type ProjectEventstore struct {
// es_int.Eventstore
// projectCache *ProjectCache
// passwordAlg crypto.HashAlgorithm
// pwGenerator crypto.Generator
// idGenerator id.Generator
// ClientKeySize int
//}
//
//type ProjectConfig struct {
// es_int.Eventstore
// Cache *config.CacheConfig
//}
//
//func StartProject(conf ProjectConfig, systemDefaults sd.SystemDefaults) (*ProjectEventstore, error) {
// projectCache, err := StartCache(conf.Cache)
// if err != nil {
// return nil, err
// }
// passwordAlg := crypto.NewBCrypt(systemDefaults.SecretGenerators.PasswordSaltCost)
// pwGenerator := crypto.NewHashGenerator(systemDefaults.SecretGenerators.ClientSecretGenerator, passwordAlg)
// return &ProjectEventstore{
// Eventstore: conf.Eventstore,
// projectCache: projectCache,
// passwordAlg: passwordAlg,
// pwGenerator: pwGenerator,
// idGenerator: id.SonyFlakeGenerator,
// ClientKeySize: int(systemDefaults.SecretGenerators.ApplicationKeySize),
// }, nil
//}

31
internal/project/repository/eventsourcing/model/api_config.go
View File

@ -6,7 +6,6 @@ import (
"github.com/caos/logging" "github.com/caos/logging"
"github.com/caos/zitadel/internal/crypto" "github.com/caos/zitadel/internal/crypto"
"github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models" es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/project/model" "github.com/caos/zitadel/internal/project/model"
) )
@ -51,36 +50,6 @@ func APIConfigToModel(config *APIConfig) *model.APIConfig {
return oidcConfig return oidcConfig
} }
func (p *Project) appendAddAPIConfigEvent(event *es_models.Event) error {
config := new(APIConfig)
err := config.setData(event)
if err != nil {
return err
}
config.ObjectRoot.CreationDate = event.CreationDate
if i, a := GetApplication(p.Applications, config.AppID); a != nil {
p.Applications[i].Type = int32(model.AppTypeAPI)
p.Applications[i].APIConfig = config
}
return nil
}
func (p *Project) appendChangeAPIConfigEvent(event *es_models.Event) error {
config := new(APIConfig)
err := config.setData(event)
if err != nil {
return err
}
if i, a := GetApplication(p.Applications, config.AppID); a != nil {
if p.Applications[i].APIConfig == nil {
return errors.ThrowInvalidArgument(nil, "MODEL-ADbsd", "api config is nil")
}
return p.Applications[i].APIConfig.setData(event)
}
return nil
}
func (o *APIConfig) setData(event *es_models.Event) error { func (o *APIConfig) setData(event *es_models.Event) error {
o.ObjectRoot.AppendEvent(event) o.ObjectRoot.AppendEvent(event)
if err := json.Unmarshal(event.Data, o); err != nil { if err := json.Unmarshal(event.Data, o); err != nil {

111
internal/project/repository/eventsourcing/model/application.go
View File

@ -6,7 +6,6 @@ import (
"github.com/caos/logging" "github.com/caos/logging"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models" es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/project/model"
) )
type Application struct { type Application struct {
@ -33,116 +32,6 @@ func GetApplication(apps []*Application, id string) (int, *Application) {
return -1, nil return -1, nil
} }
func (a *Application) Changes(changed *Application) map[string]interface{} {
changes := make(map[string]interface{}, 1)
changes["appId"] = a.AppID
if changed.Name != "" && a.Name != changed.Name {
changes["name"] = changed.Name
}
return changes
}
func AppsToModel(apps []*Application) []*model.Application {
convertedApps := make([]*model.Application, len(apps))
for i, a := range apps {
convertedApps[i] = AppToModel(a)
}
return convertedApps
}
func AppsFromModel(apps []*model.Application) []*Application {
convertedApps := make([]*Application, len(apps))
for i, a := range apps {
convertedApps[i] = AppFromModel(a)
}
return convertedApps
}
func AppFromModel(app *model.Application) *Application {
converted := &Application{
ObjectRoot: app.ObjectRoot,
AppID: app.AppID,
Name: app.Name,
State: int32(app.State),
Type: int32(app.Type),
}
if app.OIDCConfig != nil {
converted.OIDCConfig = OIDCConfigFromModel(app.OIDCConfig)
}
if app.APIConfig != nil {
converted.APIConfig = APIConfigFromModel(app.APIConfig)
}
return converted
}
func AppToModel(app *Application) *model.Application {
converted := &model.Application{
ObjectRoot: app.ObjectRoot,
AppID: app.AppID,
Name: app.Name,
State: model.AppState(app.State),
Type: model.AppType(app.Type),
}
if app.OIDCConfig != nil {
converted.OIDCConfig = OIDCConfigToModel(app.OIDCConfig)
}
if app.APIConfig != nil {
converted.APIConfig = APIConfigToModel(app.APIConfig)
}
return converted
}
func (p *Project) appendAddAppEvent(event *es_models.Event) error {
app := new(Application)
err := app.setData(event)
if err != nil {
return err
}
app.ObjectRoot.CreationDate = event.CreationDate
p.Applications = append(p.Applications, app)
return nil
}
func (p *Project) appendChangeAppEvent(event *es_models.Event) error {
app := new(Application)
err := app.setData(event)
if err != nil {
return err
}
if i, a := GetApplication(p.Applications, app.AppID); a != nil {
return p.Applications[i].setData(event)
}
return nil
}
func (p *Project) appendRemoveAppEvent(event *es_models.Event) error {
app := new(Application)
err := app.setData(event)
if err != nil {
return err
}
if i, a := GetApplication(p.Applications, app.AppID); a != nil {
p.Applications[i] = p.Applications[len(p.Applications)-1]
p.Applications[len(p.Applications)-1] = nil
p.Applications = p.Applications[:len(p.Applications)-1]
}
return nil
}
func (p *Project) appendAppStateEvent(event *es_models.Event, state model.AppState) error {
app := new(Application)
err := app.setData(event)
if err != nil {
return err
}
if i, a := GetApplication(p.Applications, app.AppID); a != nil {
a.State = int32(state)
p.Applications[i] = a
}
return nil
}
func (a *Application) setData(event *es_models.Event) error { func (a *Application) setData(event *es_models.Event) error {
a.ObjectRoot.AppendEvent(event) a.ObjectRoot.AppendEvent(event)
if err := json.Unmarshal(event.Data, a); err != nil { if err := json.Unmarshal(event.Data, a); err != nil {

246
internal/project/repository/eventsourcing/model/application_test.go
View File

@ -1,246 +0,0 @@
package model
import (
"encoding/json"
"testing"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/project/model"
)
func TestApplicationChanges(t *testing.T) {
type args struct {
existingProject *Application
newProject *Application
}
type res struct {
changesLen int
}
tests := []struct {
name string
args args
res res
}{
{
name: "application name changes",
args: args{
existingProject: &Application{AppID: "AppID", Name: "Name"},
newProject: &Application{AppID: "AppID", Name: "NameChanged"},
},
res: res{
changesLen: 2,
},
},
{
name: "no changes",
args: args{
existingProject: &Application{AppID: "AppID", Name: "Name"},
newProject: &Application{AppID: "AppID", Name: "Name"},
},
res: res{
changesLen: 1,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
changes := tt.args.existingProject.Changes(tt.args.newProject)
if len(changes) != tt.res.changesLen {
t.Errorf("got wrong changes len: expected: %v, actual: %v ", tt.res.changesLen, len(changes))
}
})
}
}
func TestAppendAddAppEvent(t *testing.T) {
type args struct {
project *Project
app *Application
event *es_models.Event
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append add application event",
args: args{
project: &Project{},
app: &Application{Name: "Application"},
event: &es_models.Event{},
},
result: &Project{
Applications: []*Application{
{Name: "Application"},
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.app != nil {
data, _ := json.Marshal(tt.args.app)
tt.args.event.Data = data
}
tt.args.project.appendAddAppEvent(tt.args.event)
if len(tt.args.project.Applications) != 1 {
t.Errorf("got wrong result should have one app actual: %v ", len(tt.args.project.Applications))
}
if tt.args.project.Applications[0] == tt.result.Applications[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.Applications[0], tt.args.project.Applications[0])
}
})
}
}
func TestAppendChangeAppEvent(t *testing.T) {
type args struct {
project *Project
app *Application
event *es_models.Event
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append change application event",
args: args{
project: &Project{
Applications: []*Application{
{Name: "Application"},
},
},
app: &Application{Name: "Application Change"},
event: &es_models.Event{},
},
result: &Project{
Applications: []*Application{
{Name: "Application Change"},
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.app != nil {
data, _ := json.Marshal(tt.args.app)
tt.args.event.Data = data
}
tt.args.project.appendChangeAppEvent(tt.args.event)
if len(tt.args.project.Applications) != 1 {
t.Errorf("got wrong result should have one app actual: %v ", len(tt.args.project.Applications))
}
if tt.args.project.Applications[0] == tt.result.Applications[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.Applications[0], tt.args.project.Applications[0])
}
})
}
}
func TestAppendRemoveAppEvent(t *testing.T) {
type args struct {
project *Project
app *Application
event *es_models.Event
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append remove application event",
args: args{
project: &Project{
Applications: []*Application{
{AppID: "AppID", Name: "Application"},
},
},
app: &Application{AppID: "AppID", Name: "Application"},
event: &es_models.Event{},
},
result: &Project{Applications: []*Application{}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.app != nil {
data, _ := json.Marshal(tt.args.app)
tt.args.event.Data = data
}
tt.args.project.appendRemoveAppEvent(tt.args.event)
if len(tt.args.project.Applications) != 0 {
t.Errorf("got wrong result should have no apps actual: %v ", len(tt.args.project.Applications))
}
})
}
}
func TestAppendAppStateEvent(t *testing.T) {
type args struct {
project *Project
app *ApplicationID
event *es_models.Event
state model.AppState
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append deactivate application event",
args: args{
project: &Project{
Applications: []*Application{
{AppID: "AppID", Name: "Application", State: int32(model.AppStateActive)},
},
},
app: &ApplicationID{AppID: "AppID"},
event: &es_models.Event{},
state: model.AppStateInactive,
},
result: &Project{
Applications: []*Application{
{AppID: "AppID", Name: "Application", State: int32(model.AppStateInactive)},
},
},
},
{
name: "append reactivate application event",
args: args{
project: &Project{
Applications: []*Application{
{AppID: "AppID", Name: "Application", State: int32(model.AppStateInactive)},
},
},
app: &ApplicationID{AppID: "AppID"},
event: &es_models.Event{},
state: model.AppStateActive,
},
result: &Project{
Applications: []*Application{
{AppID: "AppID", Name: "Application", State: int32(model.AppStateActive)},
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.app != nil {
data, _ := json.Marshal(tt.args.app)
tt.args.event.Data = data
}
tt.args.project.appendAppStateEvent(tt.args.event, tt.args.state)
if len(tt.args.project.Applications) != 1 {
t.Errorf("got wrong result should have one app actual: %v ", len(tt.args.project.Applications))
}
if tt.args.project.Applications[0] == tt.result.Applications[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.Applications[0], tt.args.project.Applications[0])
}
})
}
}

202
internal/project/repository/eventsourcing/model/oidc_config.go
View File

@ -2,7 +2,6 @@ package model
import ( import (
"encoding/json" "encoding/json"
"reflect"
"time" "time"
"github.com/caos/logging" "github.com/caos/logging"
@ -35,187 +34,6 @@ type OIDCConfig struct {
ClientKeys []*ClientKey `json:"-"` ClientKeys []*ClientKey `json:"-"`
} }
func (c *OIDCConfig) Changes(changed *OIDCConfig) map[string]interface{} {
changes := make(map[string]interface{}, 1)
changes["appId"] = c.AppID
if !reflect.DeepEqual(c.RedirectUris, changed.RedirectUris) {
changes["redirectUris"] = changed.RedirectUris
}
if !reflect.DeepEqual(c.ResponseTypes, changed.ResponseTypes) {
changes["responseTypes"] = changed.ResponseTypes
}
if !reflect.DeepEqual(c.GrantTypes, changed.GrantTypes) {
changes["grantTypes"] = changed.GrantTypes
}
if c.ApplicationType != changed.ApplicationType {
changes["applicationType"] = changed.ApplicationType
}
if c.AuthMethodType != changed.AuthMethodType {
changes["authMethodType"] = changed.AuthMethodType
}
if c.Version != changed.Version {
changes["oidcVersion"] = changed.Version
}
if !reflect.DeepEqual(c.PostLogoutRedirectUris, changed.PostLogoutRedirectUris) {
changes["postLogoutRedirectUris"] = changed.PostLogoutRedirectUris
}
if c.DevMode != changed.DevMode {
changes["devMode"] = changed.DevMode
}
if c.AccessTokenType != changed.AccessTokenType {
changes["accessTokenType"] = changed.AccessTokenType
}
if c.AccessTokenRoleAssertion != changed.AccessTokenRoleAssertion {
changes["accessTokenRoleAssertion"] = changed.AccessTokenRoleAssertion
}
if c.IDTokenRoleAssertion != changed.IDTokenRoleAssertion {
changes["idTokenRoleAssertion"] = changed.IDTokenRoleAssertion
}
if c.IDTokenUserinfoAssertion != changed.IDTokenUserinfoAssertion {
changes["idTokenUserinfoAssertion"] = changed.IDTokenUserinfoAssertion
}
if c.ClockSkew != changed.ClockSkew {
changes["clockSkew"] = changed.ClockSkew
}
return changes
}
func OIDCConfigFromModel(config *model.OIDCConfig) *OIDCConfig {
responseTypes := make([]int32, len(config.ResponseTypes))
for i, rt := range config.ResponseTypes {
responseTypes[i] = int32(rt)
}
grantTypes := make([]int32, len(config.GrantTypes))
for i, rt := range config.GrantTypes {
grantTypes[i] = int32(rt)
}
return &OIDCConfig{
ObjectRoot: config.ObjectRoot,
AppID: config.AppID,
Version: int32(config.OIDCVersion),
ClientID: config.ClientID,
ClientSecret: config.ClientSecret,
RedirectUris: config.RedirectUris,
ResponseTypes: responseTypes,
GrantTypes: grantTypes,
ApplicationType: int32(config.ApplicationType),
AuthMethodType: int32(config.AuthMethodType),
PostLogoutRedirectUris: config.PostLogoutRedirectUris,
DevMode: config.DevMode,
AccessTokenType: int32(config.AccessTokenType),
AccessTokenRoleAssertion: config.AccessTokenRoleAssertion,
IDTokenRoleAssertion: config.IDTokenRoleAssertion,
IDTokenUserinfoAssertion: config.IDTokenUserinfoAssertion,
ClockSkew: config.ClockSkew,
}
}
func OIDCConfigToModel(config *OIDCConfig) *model.OIDCConfig {
responseTypes := make([]model.OIDCResponseType, len(config.ResponseTypes))
for i, rt := range config.ResponseTypes {
responseTypes[i] = model.OIDCResponseType(rt)
}
grantTypes := make([]model.OIDCGrantType, len(config.GrantTypes))
for i, rt := range config.GrantTypes {
grantTypes[i] = model.OIDCGrantType(rt)
}
oidcConfig := &model.OIDCConfig{
ObjectRoot: config.ObjectRoot,
AppID: config.AppID,
OIDCVersion: model.OIDCVersion(config.Version),
ClientID: config.ClientID,
ClientSecret: config.ClientSecret,
RedirectUris: config.RedirectUris,
ResponseTypes: responseTypes,
GrantTypes: grantTypes,
ApplicationType: model.OIDCApplicationType(config.ApplicationType),
AuthMethodType: model.OIDCAuthMethodType(config.AuthMethodType),
PostLogoutRedirectUris: config.PostLogoutRedirectUris,
DevMode: config.DevMode,
AccessTokenType: model.OIDCTokenType(config.AccessTokenType),
AccessTokenRoleAssertion: config.AccessTokenRoleAssertion,
IDTokenRoleAssertion: config.IDTokenRoleAssertion,
IDTokenUserinfoAssertion: config.IDTokenUserinfoAssertion,
ClockSkew: config.ClockSkew,
ClientKeys: ClientKeysToModel(config.ClientKeys),
}
oidcConfig.FillCompliance()
return oidcConfig
}
func (p *Project) appendAddOIDCConfigEvent(event *es_models.Event) error {
config := new(OIDCConfig)
err := config.setData(event)
if err != nil {
return err
}
config.ObjectRoot.CreationDate = event.CreationDate
if i, a := GetApplication(p.Applications, config.AppID); a != nil {
p.Applications[i].Type = int32(model.AppTypeOIDC)
p.Applications[i].OIDCConfig = config
}
return nil
}
func (p *Project) appendChangeOIDCConfigEvent(event *es_models.Event) error {
config := new(OIDCConfig)
err := config.setData(event)
if err != nil {
return err
}
if i, a := GetApplication(p.Applications, config.AppID); a != nil {
if p.Applications[i].OIDCConfig == nil {
return errors.ThrowInvalidArgument(nil, "MODEL-aBR5G", "oidc config is nil")
}
return p.Applications[i].OIDCConfig.setData(event)
}
return nil
}
func (p *Project) appendAddClientKeyEvent(event *es_models.Event) error {
key := new(ClientKey)
err := key.SetData(event)
if err != nil {
return err
}
if i, a := GetApplication(p.Applications, key.ApplicationID); a != nil {
if a.OIDCConfig != nil {
p.Applications[i].OIDCConfig.ClientKeys = append(p.Applications[i].OIDCConfig.ClientKeys, key)
}
if a.APIConfig != nil {
p.Applications[i].APIConfig.ClientKeys = append(p.Applications[i].APIConfig.ClientKeys, key)
}
}
return nil
}
func (p *Project) appendRemoveClientKeyEvent(event *es_models.Event) error {
key := new(ClientKey)
err := key.SetData(event)
if err != nil {
return err
}
if i, a := GetApplication(p.Applications, key.ApplicationID); a != nil {
if a.OIDCConfig != nil {
if j, k := GetClientKey(p.Applications[i].OIDCConfig.ClientKeys, key.KeyID); k != nil {
p.Applications[i].OIDCConfig.ClientKeys[j] = p.Applications[i].OIDCConfig.ClientKeys[len(p.Applications[i].OIDCConfig.ClientKeys)-1]
p.Applications[i].OIDCConfig.ClientKeys[len(p.Applications[i].OIDCConfig.ClientKeys)-1] = nil
p.Applications[i].OIDCConfig.ClientKeys = p.Applications[i].OIDCConfig.ClientKeys[:len(p.Applications[i].OIDCConfig.ClientKeys)-1]
}
}
if a.APIConfig != nil {
if j, k := GetClientKey(p.Applications[i].APIConfig.ClientKeys, key.KeyID); k != nil {
p.Applications[i].APIConfig.ClientKeys[j] = p.Applications[i].APIConfig.ClientKeys[len(p.Applications[i].APIConfig.ClientKeys)-1]
p.Applications[i].APIConfig.ClientKeys[len(p.Applications[i].APIConfig.ClientKeys)-1] = nil
p.Applications[i].APIConfig.ClientKeys = p.Applications[i].APIConfig.ClientKeys[:len(p.Applications[i].APIConfig.ClientKeys)-1]
}
}
}
return nil
}
func (o *OIDCConfig) setData(event *es_models.Event) error { func (o *OIDCConfig) setData(event *es_models.Event) error {
o.ObjectRoot.AppendEvent(event) o.ObjectRoot.AppendEvent(event)
if err := json.Unmarshal(event.Data, o); err != nil { if err := json.Unmarshal(event.Data, o); err != nil {
@ -225,15 +43,6 @@ func (o *OIDCConfig) setData(event *es_models.Event) error {
return nil return nil
} }
func GetClientKey(keys []*ClientKey, id string) (int, *ClientKey) {
for i, k := range keys {
if k.KeyID == id {
return i, k
}
}
return -1, nil
}
type ClientKey struct { type ClientKey struct {
es_models.ObjectRoot `json:"-"` es_models.ObjectRoot `json:"-"`
ApplicationID string `json:"applicationId,omitempty"` ApplicationID string `json:"applicationId,omitempty"`
@ -278,17 +87,6 @@ func (key *ClientKey) AppendEvent(event *es_models.Event) (err error) {
return err return err
} }
func ClientKeyFromModel(key *model.ClientKey) *ClientKey {
return &ClientKey{
ObjectRoot: key.ObjectRoot,
ExpirationDate: key.ExpirationDate,
ApplicationID: key.ApplicationID,
ClientID: key.ClientID,
KeyID: key.KeyID,
Type: int32(key.Type),
}
}
func ClientKeysToModel(keys []*ClientKey) []*model.ClientKey { func ClientKeysToModel(keys []*ClientKey) []*model.ClientKey {
clientKeys := make([]*model.ClientKey, len(keys)) clientKeys := make([]*model.ClientKey, len(keys))
for i, key := range keys { for i, key := range keys {

198
internal/project/repository/eventsourcing/model/oidc_config_test.go
View File

@ -1,198 +0,0 @@
package model
import (
"encoding/json"
"testing"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
)
func TestOIDCConfigChanges(t *testing.T) {
type args struct {
existingConfig *OIDCConfig
newConfig *OIDCConfig
}
type res struct {
changesLen int
}
tests := []struct {
name string
args args
res res
}{
{
name: "all possible values change",
args: args{
existingConfig: &OIDCConfig{
AppID: "AppID",
RedirectUris: []string{"RedirectUris"},
ResponseTypes: []int32{1},
GrantTypes: []int32{1},
ApplicationType: 1,
AuthMethodType: 1,
PostLogoutRedirectUris: []string{"PostLogoutRedirectUris"},
},
newConfig: &OIDCConfig{
AppID: "AppID",
RedirectUris: []string{"RedirectUrisChanged"},
ResponseTypes: []int32{2},
GrantTypes: []int32{2},
ApplicationType: 2,
AuthMethodType: 2,
PostLogoutRedirectUris: []string{"PostLogoutRedirectUrisChanged"},
},
},
res: res{
changesLen: 7,
},
},
{
name: "no changes",
args: args{
existingConfig: &OIDCConfig{
AppID: "AppID",
RedirectUris: []string{"RedirectUris"},
ResponseTypes: []int32{1},
GrantTypes: []int32{1},
ApplicationType: 1,
AuthMethodType: 1,
PostLogoutRedirectUris: []string{"PostLogoutRedirectUris"},
},
newConfig: &OIDCConfig{
AppID: "AppID",
RedirectUris: []string{"RedirectUris"},
ResponseTypes: []int32{1},
GrantTypes: []int32{1},
ApplicationType: 1,
AuthMethodType: 1,
PostLogoutRedirectUris: []string{"PostLogoutRedirectUris"},
},
},
res: res{
changesLen: 1,
},
},
{
name: "change not changeable attributes",
args: args{
existingConfig: &OIDCConfig{
AppID: "AppID",
ClientID: "ClientID",
},
newConfig: &OIDCConfig{
AppID: "AppIDChange",
ClientID: "ClientIDChange",
},
},
res: res{
changesLen: 1,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
changes := tt.args.existingConfig.Changes(tt.args.newConfig)
if len(changes) != tt.res.changesLen {
t.Errorf("got wrong changes len: expected: %v, actual: %v ", tt.res.changesLen, len(changes))
}
})
}
}
func TestAppendAddOIDCConfigEvent(t *testing.T) {
type args struct {
project *Project
config *OIDCConfig
event *es_models.Event
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append add application event",
args: args{
project: &Project{
Applications: []*Application{
{AppID: "AppID"},
},
},
config: &OIDCConfig{AppID: "AppID", ClientID: "ClientID"},
event: &es_models.Event{},
},
result: &Project{
Applications: []*Application{
{AppID: "AppID", OIDCConfig: &OIDCConfig{AppID: "AppID", ClientID: "ClientID"}},
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.config != nil {
data, _ := json.Marshal(tt.args.config)
tt.args.event.Data = data
}
tt.args.project.appendAddOIDCConfigEvent(tt.args.event)
if len(tt.args.project.Applications) != 1 {
t.Errorf("got wrong result should have one app actual: %v ", len(tt.args.project.Applications))
}
if tt.args.project.Applications[0].OIDCConfig == nil {
t.Errorf("got wrong result should have oidc config actual: %v ", tt.args.project.Applications[0].OIDCConfig)
}
if tt.args.project.Applications[0] == tt.result.Applications[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.Applications[0], tt.args.project.Applications[0])
}
})
}
}
func TestAppendChangeOIDCConfigEvent(t *testing.T) {
type args struct {
project *Project
config *OIDCConfig
event *es_models.Event
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append change application event",
args: args{
project: &Project{
Applications: []*Application{
{AppID: "AppID", OIDCConfig: &OIDCConfig{AppID: "AppID", ClientID: "ClientID"}},
},
},
config: &OIDCConfig{AppID: "AppID", ClientID: "ClientID Changed"},
event: &es_models.Event{},
},
result: &Project{
Applications: []*Application{
{AppID: "AppID", OIDCConfig: &OIDCConfig{AppID: "AppID", ClientID: "ClientID Changed"}},
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.config != nil {
data, _ := json.Marshal(tt.args.config)
tt.args.event.Data = data
}
tt.args.project.appendChangeOIDCConfigEvent(tt.args.event)
if len(tt.args.project.Applications) != 1 {
t.Errorf("got wrong result should have one app actual: %v ", len(tt.args.project.Applications))
}
if tt.args.project.Applications[0].OIDCConfig == nil {
t.Errorf("got wrong result should have oidc config actual: %v ", tt.args.project.Applications[0].OIDCConfig)
}
if tt.args.project.Applications[0] == tt.result.Applications[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.Applications[0], tt.args.project.Applications[0])
}
})
}
}

76
internal/project/repository/eventsourcing/model/project.go
View File

@ -15,32 +15,20 @@ const (
type Project struct { type Project struct {
es_models.ObjectRoot es_models.ObjectRoot
Name string `json:"name,omitempty"` Name string `json:"name,omitempty"`
ProjectRoleAssertion bool `json:"projectRoleAssertion,omitempty"` ProjectRoleAssertion bool `json:"projectRoleAssertion,omitempty"`
ProjectRoleCheck bool `json:"projectRoleCheck,omitempty"` ProjectRoleCheck bool `json:"projectRoleCheck,omitempty"`
HasProjectCheck bool `json:"hasProjectCheck,omitempty"` HasProjectCheck bool `json:"hasProjectCheck,omitempty"`
State int32 `json:"-"` State int32 `json:"-"`
Members []*ProjectMember `json:"-"`
Roles []*ProjectRole `json:"-"`
Applications []*Application `json:"-"`
Grants []*ProjectGrant `json:"-"`
} }
func ProjectToModel(project *Project) *model.Project { func ProjectToModel(project *Project) *model.Project {
members := ProjectMembersToModel(project.Members)
roles := ProjectRolesToModel(project.Roles)
apps := AppsToModel(project.Applications)
grants := GrantsToModel(project.Grants)
return &model.Project{ return &model.Project{
ObjectRoot: project.ObjectRoot, ObjectRoot: project.ObjectRoot,
Name: project.Name, Name: project.Name,
ProjectRoleAssertion: project.ProjectRoleAssertion, ProjectRoleAssertion: project.ProjectRoleAssertion,
ProjectRoleCheck: project.ProjectRoleCheck, ProjectRoleCheck: project.ProjectRoleCheck,
State: model.ProjectState(project.State), State: model.ProjectState(project.State),
Members: members,
Roles: roles,
Applications: apps,
Grants: grants,
} }
} }
@ -73,60 +61,6 @@ func (p *Project) AppendEvent(event *es_models.Event) error {
return p.appendReactivatedEvent() return p.appendReactivatedEvent()
case ProjectRemoved: case ProjectRemoved:
return p.appendRemovedEvent() return p.appendRemovedEvent()
case ProjectMemberAdded:
return p.appendAddMemberEvent(event)
case ProjectMemberChanged:
return p.appendChangeMemberEvent(event)
case ProjectMemberRemoved:
return p.appendRemoveMemberEvent(event)
case ProjectMemberCascadeRemoved:
return p.appendRemoveMemberEvent(event)
case ProjectRoleAdded:
return p.appendAddRoleEvent(event)
case ProjectRoleChanged:
return p.appendChangeRoleEvent(event)
case ProjectRoleRemoved:
return p.appendRemoveRoleEvent(event)
case ApplicationAdded:
return p.appendAddAppEvent(event)
case ApplicationChanged:
return p.appendChangeAppEvent(event)
case ApplicationRemoved:
return p.appendRemoveAppEvent(event)
case ApplicationDeactivated:
return p.appendAppStateEvent(event, model.AppStateInactive)
case ApplicationReactivated:
return p.appendAppStateEvent(event, model.AppStateActive)
case OIDCConfigAdded:
return p.appendAddOIDCConfigEvent(event)
case OIDCConfigChanged, OIDCConfigSecretChanged:
return p.appendChangeOIDCConfigEvent(event)
case APIConfigAdded:
return p.appendAddAPIConfigEvent(event)
case APIConfigChanged, APIConfigSecretChanged:
return p.appendChangeAPIConfigEvent(event)
case ClientKeyAdded:
return p.appendAddClientKeyEvent(event)
case ClientKeyRemoved:
return p.appendRemoveClientKeyEvent(event)
case ProjectGrantAdded:
return p.appendAddGrantEvent(event)
case ProjectGrantChanged, ProjectGrantCascadeChanged:
return p.appendChangeGrantEvent(event)
case ProjectGrantDeactivated:
return p.appendGrantStateEvent(event, model.ProjectGrantStateInactive)
case ProjectGrantReactivated:
return p.appendGrantStateEvent(event, model.ProjectGrantStateActive)
case ProjectGrantRemoved:
return p.appendRemoveGrantEvent(event)
case ProjectGrantMemberAdded:
return p.appendAddGrantMemberEvent(event)
case ProjectGrantMemberChanged:
return p.appendChangeGrantMemberEvent(event)
case ProjectGrantMemberRemoved:
return p.appendRemoveGrantMemberEvent(event)
case ProjectGrantMemberCascadeRemoved:
return p.appendRemoveGrantMemberEvent(event)
} }
return nil return nil
} }

107
internal/project/repository/eventsourcing/model/project_grant.go
View File

@ -2,10 +2,11 @@ package model
import ( import (
"encoding/json" "encoding/json"
"github.com/caos/logging"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/project/model"
"reflect" "reflect"
"github.com/caos/logging"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
) )
type ProjectGrant struct { type ProjectGrant struct {
@ -31,15 +32,6 @@ func GetProjectGrant(grants []*ProjectGrant, id string) (int, *ProjectGrant) {
return -1, nil return -1, nil
} }
func GetProjectGrantByOrgID(grants []*ProjectGrant, resourceOwner string) (int, *ProjectGrant) {
for i, g := range grants {
if g.GrantedOrgID == resourceOwner {
return i, g
}
}
return -1, nil
}
func (g *ProjectGrant) Changes(changed *ProjectGrant) map[string]interface{} { func (g *ProjectGrant) Changes(changed *ProjectGrant) map[string]interface{} {
changes := make(map[string]interface{}, 1) changes := make(map[string]interface{}, 1)
changes["grantId"] = g.GrantID changes["grantId"] = g.GrantID
@ -49,97 +41,6 @@ func (g *ProjectGrant) Changes(changed *ProjectGrant) map[string]interface{} {
return changes return changes
} }
func GrantsToModel(grants []*ProjectGrant) []*model.ProjectGrant {
convertedGrants := make([]*model.ProjectGrant, len(grants))
for i, g := range grants {
convertedGrants[i] = GrantToModel(g)
}
return convertedGrants
}
func GrantsFromModel(grants []*model.ProjectGrant) []*ProjectGrant {
convertedGrants := make([]*ProjectGrant, len(grants))
for i, g := range grants {
convertedGrants[i] = GrantFromModel(g)
}
return convertedGrants
}
func GrantFromModel(grant *model.ProjectGrant) *ProjectGrant {
members := GrantMembersFromModel(grant.Members)
return &ProjectGrant{
ObjectRoot: grant.ObjectRoot,
GrantID: grant.GrantID,
GrantedOrgID: grant.GrantedOrgID,
State: int32(grant.State),
RoleKeys: grant.RoleKeys,
Members: members,
}
}
func GrantToModel(grant *ProjectGrant) *model.ProjectGrant {
members := GrantMembersToModel(grant.Members)
return &model.ProjectGrant{
ObjectRoot: grant.ObjectRoot,
GrantID: grant.GrantID,
GrantedOrgID: grant.GrantedOrgID,
State: model.ProjectGrantState(grant.State),
RoleKeys: grant.RoleKeys,
Members: members,
}
}
func (p *Project) appendAddGrantEvent(event *es_models.Event) error {
grant := new(ProjectGrant)
err := grant.getData(event)
if err != nil {
return err
}
grant.ObjectRoot.CreationDate = event.CreationDate
p.Grants = append(p.Grants, grant)
return nil
}
func (p *Project) appendChangeGrantEvent(event *es_models.Event) error {
grant := new(ProjectGrant)
err := grant.getData(event)
if err != nil {
return err
}
if i, g := GetProjectGrant(p.Grants, grant.GrantID); g != nil {
p.Grants[i].getData(event)
}
return nil
}
func (p *Project) appendGrantStateEvent(event *es_models.Event, state model.ProjectGrantState) error {
grant := new(ProjectGrant)
err := grant.getData(event)
if err != nil {
return err
}
if i, g := GetProjectGrant(p.Grants, grant.GrantID); g != nil {
g.State = int32(state)
p.Grants[i] = g
}
return nil
}
func (p *Project) appendRemoveGrantEvent(event *es_models.Event) error {
grant := new(ProjectGrant)
err := grant.getData(event)
if err != nil {
return err
}
if i, g := GetProjectGrant(p.Grants, grant.GrantID); g != nil {
p.Grants[i] = p.Grants[len(p.Grants)-1]
p.Grants[len(p.Grants)-1] = nil
p.Grants = p.Grants[:len(p.Grants)-1]
}
return nil
}
func (g *ProjectGrant) getData(event *es_models.Event) error { func (g *ProjectGrant) getData(event *es_models.Event) error {
g.ObjectRoot.AppendEvent(event) g.ObjectRoot.AppendEvent(event)
if err := json.Unmarshal(event.Data, g); err != nil { if err := json.Unmarshal(event.Data, g); err != nil {

91
internal/project/repository/eventsourcing/model/project_grant_member.go
View File

@ -2,9 +2,10 @@ package model
import ( import (
"encoding/json" "encoding/json"
"github.com/caos/logging" "github.com/caos/logging"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models" es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/project/model"
) )
type ProjectGrantMember struct { type ProjectGrantMember struct {
@ -14,94 +15,6 @@ type ProjectGrantMember struct {
Roles []string `json:"roles,omitempty"` Roles []string `json:"roles,omitempty"`
} }
func GetProjectGrantMember(members []*ProjectGrantMember, id string) (int, *ProjectGrantMember) {
for i, m := range members {
if m.UserID == id {
return i, m
}
}
return -1, nil
}
func GrantMembersToModel(members []*ProjectGrantMember) []*model.ProjectGrantMember {
convertedMembers := make([]*model.ProjectGrantMember, len(members))
for i, g := range members {
convertedMembers[i] = GrantMemberToModel(g)
}
return convertedMembers
}
func GrantMembersFromModel(members []*model.ProjectGrantMember) []*ProjectGrantMember {
convertedMembers := make([]*ProjectGrantMember, len(members))
for i, g := range members {
convertedMembers[i] = GrantMemberFromModel(g)
}
return convertedMembers
}
func GrantMemberFromModel(member *model.ProjectGrantMember) *ProjectGrantMember {
return &ProjectGrantMember{
ObjectRoot: member.ObjectRoot,
GrantID: member.GrantID,
UserID: member.UserID,
Roles: member.Roles,
}
}
func GrantMemberToModel(member *ProjectGrantMember) *model.ProjectGrantMember {
return &model.ProjectGrantMember{
ObjectRoot: member.ObjectRoot,
GrantID: member.GrantID,
UserID: member.UserID,
Roles: member.Roles,
}
}
func (p *Project) appendAddGrantMemberEvent(event *es_models.Event) error {
member := &ProjectGrantMember{}
err := member.SetData(event)
if err != nil {
return err
}
member.ObjectRoot.CreationDate = event.CreationDate
if _, g := GetProjectGrant(p.Grants, member.GrantID); g != nil {
g.Members = append(g.Members, member)
}
return nil
}
func (p *Project) appendChangeGrantMemberEvent(event *es_models.Event) error {
member := &ProjectGrantMember{}
err := member.SetData(event)
if err != nil {
return err
}
if _, g := GetProjectGrant(p.Grants, member.GrantID); g != nil {
if i, m := GetProjectGrantMember(g.Members, member.UserID); m != nil {
g.Members[i].SetData(event)
}
}
return nil
}
func (p *Project) appendRemoveGrantMemberEvent(event *es_models.Event) error {
member := &ProjectGrantMember{}
err := member.SetData(event)
if err != nil {
return err
}
if _, g := GetProjectGrant(p.Grants, member.GrantID); g != nil {
if i, member := GetProjectGrantMember(g.Members, member.UserID); member != nil {
g.Members[i] = g.Members[len(g.Members)-1]
g.Members[len(g.Members)-1] = nil
g.Members = g.Members[:len(g.Members)-1]
}
}
return nil
}
func (m *ProjectGrantMember) SetData(event *es_models.Event) error { func (m *ProjectGrantMember) SetData(event *es_models.Event) error {
m.ObjectRoot.AppendEvent(event) m.ObjectRoot.AppendEvent(event)
if err := json.Unmarshal(event.Data, m); err != nil { if err := json.Unmarshal(event.Data, m); err != nil {

145
internal/project/repository/eventsourcing/model/project_grant_member_test.go
View File

@ -1,145 +0,0 @@
package model
import (
"encoding/json"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"testing"
)
func TestAppendAddGrantMemberEvent(t *testing.T) {
type args struct {
project *Project
member *ProjectGrantMember
event *es_models.Event
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append add grant member",
args: args{
project: &Project{Grants: []*ProjectGrant{
&ProjectGrant{GrantID: "ProjectGrantID", GrantedOrgID: "OrgID", RoleKeys: []string{"Key"}}}},
member: &ProjectGrantMember{GrantID: "ProjectGrantID", UserID: "UserID", Roles: []string{"Role"}},
event: &es_models.Event{},
},
result: &Project{
Grants: []*ProjectGrant{
&ProjectGrant{
GrantID: "ProjectGrantID",
GrantedOrgID: "OrgID",
RoleKeys: []string{"Key"},
Members: []*ProjectGrantMember{&ProjectGrantMember{GrantID: "ProjectGrantID", UserID: "UserID", Roles: []string{"Role"}}}}},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.member != nil {
data, _ := json.Marshal(tt.args.member)
tt.args.event.Data = data
}
tt.args.project.appendAddGrantMemberEvent(tt.args.event)
if len(tt.args.project.Grants[0].Members) != 1 {
t.Errorf("got wrong result should have one grant actual: %v ", len(tt.args.project.Grants[0].Members))
}
if tt.args.project.Grants[0].Members[0] == tt.result.Grants[0].Members[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.Grants[0].Members[0], tt.args.project.Grants[0].Members[0])
}
})
}
}
func TestAppendChangeGrantMemberEvent(t *testing.T) {
type args struct {
project *Project
member *ProjectGrantMember
event *es_models.Event
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append change grant member",
args: args{
project: &Project{
Grants: []*ProjectGrant{
&ProjectGrant{
GrantID: "ProjectGrantID",
GrantedOrgID: "OrgID",
RoleKeys: []string{"Key"},
Members: []*ProjectGrantMember{&ProjectGrantMember{GrantID: "ProjectGrantID", UserID: "UserID", Roles: []string{"Role"}}}}},
},
member: &ProjectGrantMember{GrantID: "ProjectGrantID", UserID: "UserID", Roles: []string{"RoleChanged"}},
event: &es_models.Event{},
},
result: &Project{
Grants: []*ProjectGrant{
&ProjectGrant{
GrantID: "ProjectGrantID",
GrantedOrgID: "OrgID",
RoleKeys: []string{"Key"},
Members: []*ProjectGrantMember{&ProjectGrantMember{GrantID: "ProjectGrantID", UserID: "UserID", Roles: []string{"RoleChanged"}}}}},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.member != nil {
data, _ := json.Marshal(tt.args.member)
tt.args.event.Data = data
}
tt.args.project.appendChangeGrantMemberEvent(tt.args.event)
if len(tt.args.project.Grants[0].Members) != 1 {
t.Errorf("got wrong result should have one grant actual: %v ", len(tt.args.project.Grants[0].Members))
}
if tt.args.project.Grants[0].Members[0] == tt.result.Grants[0].Members[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.Grants[0].Members[0], tt.args.project.Grants[0].Members[0])
}
})
}
}
func TestAppendRemoveGrantMemberEvent(t *testing.T) {
type args struct {
project *Project
member *ProjectGrantMember
event *es_models.Event
}
tests := []struct {
name string
args args
}{
{
name: "append remove grant member",
args: args{
project: &Project{
Grants: []*ProjectGrant{
&ProjectGrant{
GrantID: "ProjectGrantID",
GrantedOrgID: "OrgID",
RoleKeys: []string{"Key"},
Members: []*ProjectGrantMember{&ProjectGrantMember{GrantID: "ProjectGrantID", UserID: "UserID", Roles: []string{"Role"}}}}},
},
member: &ProjectGrantMember{GrantID: "ProjectGrantID", UserID: "UserID", Roles: []string{"RoleChanged"}},
event: &es_models.Event{},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.member != nil {
data, _ := json.Marshal(tt.args.member)
tt.args.event.Data = data
}
tt.args.project.appendRemoveGrantMemberEvent(tt.args.event)
if len(tt.args.project.Grants[0].Members) != 0 {
t.Errorf("got wrong result should have no members actual: %v ", len(tt.args.project.Grants[0].Members))
}
})
}
}

169
internal/project/repository/eventsourcing/model/project_grant_test.go
View File

@ -1,169 +0,0 @@
package model
import (
"encoding/json"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/project/model"
"testing"
)
func TestAppendAddGrantEvent(t *testing.T) {
type args struct {
project *Project
role *ProjectGrant
event *es_models.Event
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append add grant event",
args: args{
project: &Project{},
role: &ProjectGrant{GrantID: "ProjectGrantID", GrantedOrgID: "OrgID", RoleKeys: []string{"Key"}},
event: &es_models.Event{},
},
result: &Project{Grants: []*ProjectGrant{&ProjectGrant{GrantID: "ProjectGrantID", GrantedOrgID: "OrgID", RoleKeys: []string{"Key"}}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.role != nil {
data, _ := json.Marshal(tt.args.role)
tt.args.event.Data = data
}
tt.args.project.appendAddGrantEvent(tt.args.event)
if len(tt.args.project.Grants) != 1 {
t.Errorf("got wrong result should have one grant actual: %v ", len(tt.args.project.Grants))
}
if tt.args.project.Grants[0] == tt.result.Grants[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.Grants[0], tt.args.project.Grants[0])
}
})
}
}
func TestAppendChangeGrantEvent(t *testing.T) {
type args struct {
project *Project
grant *ProjectGrant
event *es_models.Event
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append change grant event",
args: args{
project: &Project{Grants: []*ProjectGrant{&ProjectGrant{GrantID: "ProjectGrantID", GrantedOrgID: "OrgID", RoleKeys: []string{"Key"}}}},
grant: &ProjectGrant{GrantID: "ProjectGrantID", GrantedOrgID: "OrgID", RoleKeys: []string{"KeyChanged"}},
event: &es_models.Event{},
},
result: &Project{Grants: []*ProjectGrant{&ProjectGrant{GrantID: "ProjectGrantID", GrantedOrgID: "OrgID", RoleKeys: []string{"KeyChanged"}}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.grant != nil {
data, _ := json.Marshal(tt.args.grant)
tt.args.event.Data = data
}
tt.args.project.appendChangeGrantEvent(tt.args.event)
if len(tt.args.project.Grants) != 1 {
t.Errorf("got wrong result should have one grant actual: %v ", len(tt.args.project.Grants))
}
if tt.args.project.Grants[0] == tt.result.Grants[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.Grants[0], tt.args.project.Grants[0])
}
})
}
}
func TestAppendRemoveGrantEvent(t *testing.T) {
type args struct {
project *Project
grant *ProjectGrant
event *es_models.Event
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append remove role event",
args: args{
project: &Project{Grants: []*ProjectGrant{&ProjectGrant{GrantID: "ProjectGrantID", GrantedOrgID: "OrgID", RoleKeys: []string{"Key"}}}},
grant: &ProjectGrant{GrantID: "ProjectGrantID"},
event: &es_models.Event{},
},
result: &Project{Grants: []*ProjectGrant{}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.grant != nil {
data, _ := json.Marshal(tt.args.grant)
tt.args.event.Data = data
}
tt.args.project.appendRemoveGrantEvent(tt.args.event)
if len(tt.args.project.Grants) != 0 {
t.Errorf("got wrong result should have no grant actual: %v ", len(tt.args.project.Grants))
}
})
}
}
func TestAppendGrantStateEvent(t *testing.T) {
type args struct {
project *Project
grant *ProjectGrantID
event *es_models.Event
state model.ProjectGrantState
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append deactivate grant event",
args: args{
project: &Project{Grants: []*ProjectGrant{&ProjectGrant{GrantID: "ProjectGrantID", GrantedOrgID: "OrgID", RoleKeys: []string{"Key"}}}},
grant: &ProjectGrantID{GrantID: "ProjectGrantID"},
event: &es_models.Event{},
state: model.ProjectGrantStateInactive,
},
result: &Project{Grants: []*ProjectGrant{&ProjectGrant{GrantID: "ProjectGrantID", GrantedOrgID: "OrgID", RoleKeys: []string{"Key"}, State: int32(model.ProjectGrantStateInactive)}}},
},
{
name: "append reactivate grant event",
args: args{
project: &Project{Grants: []*ProjectGrant{&ProjectGrant{GrantID: "ProjectGrantID", GrantedOrgID: "OrgID", RoleKeys: []string{"Key"}}}},
grant: &ProjectGrantID{GrantID: "ProjectGrantID"},
event: &es_models.Event{},
state: model.ProjectGrantStateActive,
},
result: &Project{Grants: []*ProjectGrant{&ProjectGrant{GrantID: "ProjectGrantID", GrantedOrgID: "OrgID", RoleKeys: []string{"Key"}, State: int32(model.ProjectGrantStateActive)}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.grant != nil {
data, _ := json.Marshal(tt.args.grant)
tt.args.event.Data = data
}
tt.args.project.appendGrantStateEvent(tt.args.event, tt.args.state)
if len(tt.args.project.Grants) != 1 {
t.Errorf("got wrong result should have one grant actual: %v ", len(tt.args.project.Grants))
}
if tt.args.project.Grants[0] == tt.result.Grants[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.Grants[0], tt.args.project.Grants[0])
}
})
}
}

81
internal/project/repository/eventsourcing/model/project_member.go
View File

@ -2,9 +2,10 @@ package model
import ( import (
"encoding/json" "encoding/json"
"github.com/caos/logging" "github.com/caos/logging"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models" es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/project/model"
) )
type ProjectMember struct { type ProjectMember struct {
@ -13,84 +14,6 @@ type ProjectMember struct {
Roles []string `json:"roles,omitempty"` Roles []string `json:"roles,omitempty"`
} }
func GetProjectMember(members []*ProjectMember, id string) (int, *ProjectMember) {
for i, m := range members {
if m.UserID == id {
return i, m
}
}
return -1, nil
}
func ProjectMembersToModel(members []*ProjectMember) []*model.ProjectMember {
convertedMembers := make([]*model.ProjectMember, len(members))
for i, m := range members {
convertedMembers[i] = ProjectMemberToModel(m)
}
return convertedMembers
}
func ProjectMembersFromModel(members []*model.ProjectMember) []*ProjectMember {
convertedMembers := make([]*ProjectMember, len(members))
for i, m := range members {
convertedMembers[i] = ProjectMemberFromModel(m)
}
return convertedMembers
}
func ProjectMemberFromModel(member *model.ProjectMember) *ProjectMember {
return &ProjectMember{
ObjectRoot: member.ObjectRoot,
UserID: member.UserID,
Roles: member.Roles,
}
}
func ProjectMemberToModel(member *ProjectMember) *model.ProjectMember {
return &model.ProjectMember{
ObjectRoot: member.ObjectRoot,
UserID: member.UserID,
Roles: member.Roles,
}
}
func (p *Project) appendAddMemberEvent(event *es_models.Event) error {
member := &ProjectMember{}
err := member.SetData(event)
if err != nil {
return err
}
member.ObjectRoot.CreationDate = event.CreationDate
p.Members = append(p.Members, member)
return nil
}
func (p *Project) appendChangeMemberEvent(event *es_models.Event) error {
member := &ProjectMember{}
err := member.SetData(event)
if err != nil {
return err
}
if i, m := GetProjectMember(p.Members, member.UserID); m != nil {
p.Members[i] = member
}
return nil
}
func (p *Project) appendRemoveMemberEvent(event *es_models.Event) error {
member := &ProjectMember{}
err := member.SetData(event)
if err != nil {
return err
}
if i, m := GetProjectMember(p.Members, member.UserID); m != nil {
p.Members[i] = p.Members[len(p.Members)-1]
p.Members[len(p.Members)-1] = nil
p.Members = p.Members[:len(p.Members)-1]
}
return nil
}
func (m *ProjectMember) SetData(event *es_models.Event) error { func (m *ProjectMember) SetData(event *es_models.Event) error {
m.ObjectRoot.AppendEvent(event) m.ObjectRoot.AppendEvent(event)
if err := json.Unmarshal(event.Data, m); err != nil { if err := json.Unmarshal(event.Data, m); err != nil {

118
internal/project/repository/eventsourcing/model/project_member_test.go
View File

@ -1,118 +0,0 @@
package model
import (
"encoding/json"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"testing"
)
func TestAppendAddMemberEvent(t *testing.T) {
type args struct {
project *Project
member *ProjectMember
event *es_models.Event
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append add member event",
args: args{
project: &Project{},
member: &ProjectMember{UserID: "UserID", Roles: []string{"Role"}},
event: &es_models.Event{},
},
result: &Project{Members: []*ProjectMember{&ProjectMember{UserID: "UserID", Roles: []string{"Role"}}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.member != nil {
data, _ := json.Marshal(tt.args.member)
tt.args.event.Data = data
}
tt.args.project.appendAddMemberEvent(tt.args.event)
if len(tt.args.project.Members) != 1 {
t.Errorf("got wrong result should have one member actual: %v ", len(tt.args.project.Members))
}
if tt.args.project.Members[0] == tt.result.Members[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.Members[0], tt.args.project.Members[0])
}
})
}
}
func TestAppendChangeMemberEvent(t *testing.T) {
type args struct {
project *Project
member *ProjectMember
event *es_models.Event
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append change member event",
args: args{
project: &Project{Members: []*ProjectMember{&ProjectMember{UserID: "UserID", Roles: []string{"Role"}}}},
member: &ProjectMember{UserID: "UserID", Roles: []string{"ChangedRole"}},
event: &es_models.Event{},
},
result: &Project{Members: []*ProjectMember{&ProjectMember{UserID: "UserID", Roles: []string{"ChangedRole"}}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.member != nil {
data, _ := json.Marshal(tt.args.member)
tt.args.event.Data = data
}
tt.args.project.appendChangeMemberEvent(tt.args.event)
if len(tt.args.project.Members) != 1 {
t.Errorf("got wrong result should have one member actual: %v ", len(tt.args.project.Members))
}
if tt.args.project.Members[0] == tt.result.Members[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.Members[0], tt.args.project.Members[0])
}
})
}
}
func TestAppendRemoveMemberEvent(t *testing.T) {
type args struct {
project *Project
member *ProjectMember
event *es_models.Event
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append remove member event",
args: args{
project: &Project{Members: []*ProjectMember{&ProjectMember{UserID: "UserID", Roles: []string{"Role"}}}},
member: &ProjectMember{UserID: "UserID"},
event: &es_models.Event{},
},
result: &Project{Members: []*ProjectMember{}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.member != nil {
data, _ := json.Marshal(tt.args.member)
tt.args.event.Data = data
}
tt.args.project.appendRemoveMemberEvent(tt.args.event)
if len(tt.args.project.Members) != 0 {
t.Errorf("got wrong result should have no member actual: %v ", len(tt.args.project.Members))
}
})
}
}

37
internal/project/repository/eventsourcing/model/project_role.go
View File

@ -57,43 +57,6 @@ func ProjectRoleToModel(role *ProjectRole) *model.ProjectRole {
} }
} }
func (p *Project) appendAddRoleEvent(event *es_models.Event) error {
role := new(ProjectRole)
err := role.setData(event)
if err != nil {
return err
}
role.ObjectRoot.CreationDate = event.CreationDate
p.Roles = append(p.Roles, role)
return nil
}
func (p *Project) appendChangeRoleEvent(event *es_models.Event) error {
role := new(ProjectRole)
err := role.setData(event)
if err != nil {
return err
}
if i, r := GetProjectRole(p.Roles, role.Key); r != nil {
p.Roles[i] = role
}
return nil
}
func (p *Project) appendRemoveRoleEvent(event *es_models.Event) error {
role := new(ProjectRole)
err := role.setData(event)
if err != nil {
return err
}
if i, r := GetProjectRole(p.Roles, role.Key); r != nil {
p.Roles[i] = p.Roles[len(p.Roles)-1]
p.Roles[len(p.Roles)-1] = nil
p.Roles = p.Roles[:len(p.Roles)-1]
}
return nil
}
func (r *ProjectRole) setData(event *es_models.Event) error { func (r *ProjectRole) setData(event *es_models.Event) error {
r.ObjectRoot.AppendEvent(event) r.ObjectRoot.AppendEvent(event)
if err := json.Unmarshal(event.Data, r); err != nil { if err := json.Unmarshal(event.Data, r); err != nil {

150
internal/project/repository/eventsourcing/project.go
View File

@ -1,150 +0,0 @@
package eventsourcing
import (
"context"
"github.com/caos/zitadel/internal/crypto"
"github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
es_sdk "github.com/caos/zitadel/internal/eventstore/v1/sdk"
"github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
)
func ProjectAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, project *model.Project) (*es_models.Aggregate, error) {
if project == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-doe93", "Errors.Internal")
}
return aggCreator.NewAggregate(ctx, project.AggregateID, model.ProjectAggregate, model.ProjectVersion, project.Sequence)
}
func ApplicationAddedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, app *model.Application) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if app == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-09du7", "Errors.Internal")
}
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
agg.AppendEvent(model.ApplicationAdded, app)
if app.OIDCConfig != nil {
agg.AppendEvent(model.OIDCConfigAdded, app.OIDCConfig)
}
if app.APIConfig != nil {
agg.AppendEvent(model.APIConfigAdded, app.APIConfig)
}
return agg, nil
}
}
func APIConfigChangedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, config *model.APIConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if config == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-slf32", "Errors.Internal")
}
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
var changes map[string]interface{}
for _, a := range existingProject.Applications {
if a.AppID == config.AppID {
if a.APIConfig != nil {
changes = a.APIConfig.Changes(config)
}
}
}
agg.AppendEvent(model.APIConfigChanged, changes)
return agg, nil
}
}
func OIDCConfigSecretChangedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, appID string, secret *crypto.CryptoValue) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
changes := make(map[string]interface{}, 2)
changes["appId"] = appID
changes["clientSecret"] = secret
agg.AppendEvent(model.OIDCConfigSecretChanged, changes)
return agg, nil
}
}
func APIConfigSecretChangedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, appID string, secret *crypto.CryptoValue) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
changes := make(map[string]interface{}, 2)
changes["appId"] = appID
changes["clientSecret"] = secret
agg.AppendEvent(model.APIConfigSecretChanged, changes)
return agg, nil
}
}
func OIDCClientSecretCheckSucceededAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, appID string) es_sdk.AggregateFunc {
return func(ctx context.Context) (*es_models.Aggregate, error) {
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
changes := make(map[string]interface{}, 1)
changes["appId"] = appID
agg.AppendEvent(model.OIDCClientSecretCheckSucceeded, changes)
return agg, nil
}
}
func OIDCClientSecretCheckFailedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, appID string) es_sdk.AggregateFunc {
return func(ctx context.Context) (*es_models.Aggregate, error) {
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
changes := make(map[string]interface{}, 1)
changes["appId"] = appID
agg.AppendEvent(model.OIDCClientSecretCheckFailed, changes)
return agg, nil
}
}
func OIDCApplicationKeyAddedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, key *model.ClientKey) es_sdk.AggregateFunc {
return func(ctx context.Context) (*es_models.Aggregate, error) {
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
agg.AppendEvent(model.ClientKeyAdded, key)
return agg, nil
}
}
func OIDCApplicationKeyRemovedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, keyID string) es_sdk.AggregateFunc {
return func(ctx context.Context) (*es_models.Aggregate, error) {
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
changes := make(map[string]interface{}, 1)
changes["keyId"] = keyID
agg.AppendEvent(model.ClientKeyRemoved, changes)
return agg, nil
}
}

53
internal/project/repository/view/model/application.go
View File

@ -8,6 +8,7 @@ import (
"github.com/lib/pq" "github.com/lib/pq"
http_util "github.com/caos/zitadel/internal/api/http" http_util "github.com/caos/zitadel/internal/api/http"
"github.com/caos/zitadel/internal/domain"
caos_errs "github.com/caos/zitadel/internal/errors" caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v1/models" "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/project/model" "github.com/caos/zitadel/internal/project/model"
@ -23,15 +24,17 @@ const (
) )
type ApplicationView struct { type ApplicationView struct {
ID string `json:"appId" gorm:"column:id;primary_key"` ID string `json:"appId" gorm:"column:id;primary_key"`
ProjectID string `json:"-" gorm:"column:project_id"` ProjectID string `json:"-" gorm:"column:project_id"`
Name string `json:"name" gorm:"column:app_name"` Name string `json:"name" gorm:"column:app_name"`
CreationDate time.Time `json:"-" gorm:"column:creation_date"` CreationDate time.Time `json:"-" gorm:"column:creation_date"`
ChangeDate time.Time `json:"-" gorm:"column:change_date"` ChangeDate time.Time `json:"-" gorm:"column:change_date"`
State int32 `json:"-" gorm:"column:app_state"` State int32 `json:"-" gorm:"column:app_state"`
ProjectRoleAssertion bool `json:"projectRoleAssertion" gorm:"column:project_role_assertion"` ResourceOwner string `json:"-" gorm:"column:resource_owner"`
ProjectRoleCheck bool `json:"projectRoleCheck" gorm:"column:project_role_check"` ProjectRoleAssertion bool `json:"projectRoleAssertion" gorm:"column:project_role_assertion"`
HasProjectCheck bool `json:"hasProjectCheck" gorm:"column:has_project_check"` ProjectRoleCheck bool `json:"projectRoleCheck" gorm:"column:project_role_check"`
HasProjectCheck bool `json:"hasProjectCheck" gorm:"column:has_project_check"`
PrivateLabelingSetting domain.PrivateLabelingSetting `json:"privateLabelingSetting" gorm:"column:private_labeling_setting"`
IsOIDC bool `json:"-" gorm:"column:is_oidc"` IsOIDC bool `json:"-" gorm:"column:is_oidc"`
OIDCVersion int32 `json:"oidcVersion" gorm:"column:oidc_version"` OIDCVersion int32 `json:"oidcVersion" gorm:"column:oidc_version"`
@ -58,15 +61,18 @@ type ApplicationView struct {
func ApplicationViewToModel(app *ApplicationView) *model.ApplicationView { func ApplicationViewToModel(app *ApplicationView) *model.ApplicationView {
return &model.ApplicationView{ return &model.ApplicationView{
ID: app.ID, ID: app.ID,
ProjectID: app.ProjectID, ProjectID: app.ProjectID,
Name: app.Name, Name: app.Name,
State: model.AppState(app.State), State: model.AppState(app.State),
Sequence: app.Sequence, Sequence: app.Sequence,
CreationDate: app.CreationDate, CreationDate: app.CreationDate,
ChangeDate: app.ChangeDate, ChangeDate: app.ChangeDate,
ProjectRoleAssertion: app.ProjectRoleAssertion, ResourceOwner: app.ResourceOwner,
ProjectRoleCheck: app.ProjectRoleCheck, ProjectRoleAssertion: app.ProjectRoleAssertion,
ProjectRoleCheck: app.ProjectRoleCheck,
HasProjectCheck: app.HasProjectCheck,
PrivateLabelingSetting: app.PrivateLabelingSetting,
IsOIDC: app.IsOIDC, IsOIDC: app.IsOIDC,
OIDCVersion: model.OIDCVersion(app.OIDCVersion), OIDCVersion: model.OIDCVersion(app.OIDCVersion),
@ -158,6 +164,7 @@ func (a *ApplicationView) AppendEvent(event *models.Event) (err error) {
case es_model.ApplicationAdded: case es_model.ApplicationAdded:
a.setRootData(event) a.setRootData(event)
a.CreationDate = event.CreationDate a.CreationDate = event.CreationDate
a.ResourceOwner = event.ResourceOwner
err = a.SetData(event) err = a.SetData(event)
case es_model.OIDCConfigAdded: case es_model.OIDCConfigAdded:
a.IsOIDC = true a.IsOIDC = true
@ -233,9 +240,10 @@ func (a *ApplicationView) setCompliance() {
func (a *ApplicationView) setProjectChanges(event *models.Event) error { func (a *ApplicationView) setProjectChanges(event *models.Event) error {
changes := struct { changes := struct {
ProjectRoleAssertion *bool `json:"projectRoleAssertion,omitempty"` ProjectRoleAssertion *bool `json:"projectRoleAssertion,omitempty"`
ProjectRoleCheck *bool `json:"projectRoleCheck,omitempty"` ProjectRoleCheck *bool `json:"projectRoleCheck,omitempty"`
HasProjectCheck *bool `json:"hasProjectCheck,omitempty"` HasProjectCheck *bool `json:"hasProjectCheck,omitempty"`
PrivateLabelingSetting *domain.PrivateLabelingSetting `json:"privateLabelingSetting,omitempty"`
}{} }{}
if err := json.Unmarshal(event.Data, &changes); err != nil { if err := json.Unmarshal(event.Data, &changes); err != nil {
logging.Log("EVEN-DFbfg").WithError(err).Error("could not unmarshal event data") logging.Log("EVEN-DFbfg").WithError(err).Error("could not unmarshal event data")
@ -250,5 +258,8 @@ func (a *ApplicationView) setProjectChanges(event *models.Event) error {
if changes.HasProjectCheck != nil { if changes.HasProjectCheck != nil {
a.HasProjectCheck = *changes.HasProjectCheck a.HasProjectCheck = *changes.HasProjectCheck
} }
if changes.PrivateLabelingSetting != nil {
a.PrivateLabelingSetting = *changes.PrivateLabelingSetting
}
return nil return nil
} }

43
internal/project/repository/view/model/project.go
View File

@ -6,6 +6,7 @@ import (
"github.com/caos/logging" "github.com/caos/logging"
"github.com/caos/zitadel/internal/domain"
caos_errs "github.com/caos/zitadel/internal/errors" caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v1/models" "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/project/model" "github.com/caos/zitadel/internal/project/model"
@ -19,30 +20,32 @@ const (
) )
type ProjectView struct { type ProjectView struct {
ProjectID string `json:"-" gorm:"column:project_id;primary_key"` ProjectID string `json:"-" gorm:"column:project_id;primary_key"`
Name string `json:"name" gorm:"column:project_name"` Name string `json:"name" gorm:"column:project_name"`
CreationDate time.Time `json:"-" gorm:"column:creation_date"` CreationDate time.Time `json:"-" gorm:"column:creation_date"`
ChangeDate time.Time `json:"-" gorm:"column:change_date"` ChangeDate time.Time `json:"-" gorm:"column:change_date"`
State int32 `json:"-" gorm:"column:project_state"` State int32 `json:"-" gorm:"column:project_state"`
ResourceOwner string `json:"-" gorm:"column:resource_owner"` ResourceOwner string `json:"-" gorm:"column:resource_owner"`
ProjectRoleAssertion bool `json:"projectRoleAssertion" gorm:"column:project_role_assertion"` ProjectRoleAssertion bool `json:"projectRoleAssertion" gorm:"column:project_role_assertion"`
ProjectRoleCheck bool `json:"projectRoleCheck" gorm:"column:project_role_check"` ProjectRoleCheck bool `json:"projectRoleCheck" gorm:"column:project_role_check"`
HasProjectCheck bool `json:"hasProjectCheck" gorm:"column:has_project_check"` HasProjectCheck bool `json:"hasProjectCheck" gorm:"column:has_project_check"`
Sequence uint64 `json:"-" gorm:"column:sequence"` PrivateLabelingSetting domain.PrivateLabelingSetting `json:"privateLabelingSetting" gorm:"column:private_labeling_setting"`
Sequence uint64 `json:"-" gorm:"column:sequence"`
} }
func ProjectToModel(project *ProjectView) *model.ProjectView { func ProjectToModel(project *ProjectView) *model.ProjectView {
return &model.ProjectView{ return &model.ProjectView{
ProjectID: project.ProjectID, ProjectID: project.ProjectID,
Name: project.Name, Name: project.Name,
ChangeDate: project.ChangeDate, ChangeDate: project.ChangeDate,
CreationDate: project.CreationDate, CreationDate: project.CreationDate,
State: model.ProjectState(project.State), State: model.ProjectState(project.State),
ResourceOwner: project.ResourceOwner, ResourceOwner: project.ResourceOwner,
ProjectRoleAssertion: project.ProjectRoleAssertion, ProjectRoleAssertion: project.ProjectRoleAssertion,
ProjectRoleCheck: project.ProjectRoleCheck, ProjectRoleCheck: project.ProjectRoleCheck,
HasProjectCheck: project.HasProjectCheck, HasProjectCheck: project.HasProjectCheck,
Sequence: project.Sequence, PrivateLabelingSetting: project.PrivateLabelingSetting,
Sequence: project.Sequence,
} }
} }

38
internal/repository/project/project.go
View File

@ -3,6 +3,8 @@ package project
import ( import (
"context" "context"
"encoding/json" "encoding/json"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/eventstore" "github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/errors" "github.com/caos/zitadel/internal/errors"
@ -35,10 +37,11 @@ func NewRemoveProjectNameUniqueConstraint(projectName, resourceOwner string) *ev
type ProjectAddedEvent struct { type ProjectAddedEvent struct {
eventstore.BaseEvent `json:"-"` eventstore.BaseEvent `json:"-"`
Name string `json:"name,omitempty"` Name string `json:"name,omitempty"`
ProjectRoleAssertion bool `json:"projectRoleAssertion,omitempty"` ProjectRoleAssertion bool `json:"projectRoleAssertion,omitempty"`
ProjectRoleCheck bool `json:"projectRoleCheck,omitempty"` ProjectRoleCheck bool `json:"projectRoleCheck,omitempty"`
HasProjectCheck bool `json:"hasProjectCheck,omitempty"` HasProjectCheck bool `json:"hasProjectCheck,omitempty"`
PrivateLabelingSetting domain.PrivateLabelingSetting `json:"privateLabelingSetting,omitempty"`
} }
func (e *ProjectAddedEvent) Data() interface{} { func (e *ProjectAddedEvent) Data() interface{} {
@ -56,6 +59,7 @@ func NewProjectAddedEvent(
projectRoleAssertion, projectRoleAssertion,
projectRoleCheck, projectRoleCheck,
hasProjectCheck bool, hasProjectCheck bool,
privateLabelingSetting domain.PrivateLabelingSetting,
) *ProjectAddedEvent { ) *ProjectAddedEvent {
return &ProjectAddedEvent{ return &ProjectAddedEvent{
BaseEvent: *eventstore.NewBaseEventForPush( BaseEvent: *eventstore.NewBaseEventForPush(
@ -63,10 +67,11 @@ func NewProjectAddedEvent(
aggregate, aggregate,
ProjectAddedType, ProjectAddedType,
), ),
Name: name, Name: name,
ProjectRoleAssertion: projectRoleAssertion, ProjectRoleAssertion: projectRoleAssertion,
ProjectRoleCheck: projectRoleCheck, ProjectRoleCheck: projectRoleCheck,
HasProjectCheck: hasProjectCheck, HasProjectCheck: hasProjectCheck,
PrivateLabelingSetting: privateLabelingSetting,
} }
} }
@ -86,11 +91,12 @@ func ProjectAddedEventMapper(event *repository.Event) (eventstore.EventReader, e
type ProjectChangeEvent struct { type ProjectChangeEvent struct {
eventstore.BaseEvent `json:"-"` eventstore.BaseEvent `json:"-"`
Name *string `json:"name,omitempty"` Name *string `json:"name,omitempty"`
ProjectRoleAssertion *bool `json:"projectRoleAssertion,omitempty"` ProjectRoleAssertion *bool `json:"projectRoleAssertion,omitempty"`
ProjectRoleCheck *bool `json:"projectRoleCheck,omitempty"` ProjectRoleCheck *bool `json:"projectRoleCheck,omitempty"`
HasProjectCheck *bool `json:"hasProjectCheck,omitempty"` HasProjectCheck *bool `json:"hasProjectCheck,omitempty"`
oldName string PrivateLabelingSetting *domain.PrivateLabelingSetting `json:"privateLabelingSetting,omitempty"`
oldName string
} }
func (e *ProjectChangeEvent) Data() interface{} { func (e *ProjectChangeEvent) Data() interface{} {
@ -156,6 +162,12 @@ func ChangeHasProjectCheck(ChangeHasProjectCheck bool) func(event *ProjectChange
} }
} }
func ChangePrivateLabelingSetting(ChangePrivateLabelingSetting domain.PrivateLabelingSetting) func(event *ProjectChangeEvent) {
return func(e *ProjectChangeEvent) {
e.PrivateLabelingSetting = &ChangePrivateLabelingSetting
}
}
func ProjectChangeEventMapper(event *repository.Event) (eventstore.EventReader, error) { func ProjectChangeEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &ProjectChangeEvent{ e := &ProjectChangeEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event), BaseEvent: *eventstore.BaseEventFromRepo(event),

15
internal/ui/login/handler/renderer.go
View File

@ -329,6 +329,7 @@ func (l *Login) getBaseData(r *http.Request, authReq *domain.AuthRequest, title
Theme: l.getTheme(r), Theme: l.getTheme(r),
ThemeMode: l.getThemeMode(r), ThemeMode: l.getThemeMode(r),
DarkMode: l.isDarkMode(r), DarkMode: l.isDarkMode(r),
PrivateLabelingOrgID: l.getPrivateLabelingID(authReq),
OrgID: l.getOrgID(authReq), OrgID: l.getOrgID(authReq),
OrgName: l.getOrgName(authReq), OrgName: l.getOrgName(authReq),
PrimaryDomain: l.getOrgPrimaryDomain(authReq), PrimaryDomain: l.getOrgPrimaryDomain(authReq),
@ -423,6 +424,19 @@ func (l *Login) getOrgID(authReq *domain.AuthRequest) string {
return authReq.UserOrgID return authReq.UserOrgID
} }
func (l *Login) getPrivateLabelingID(authReq *domain.AuthRequest) string {
privateLabelingOrgID := domain.IAMID
if authReq.PrivateLabelingSetting != domain.PrivateLabelingSettingUnspecified {
privateLabelingOrgID = authReq.ApplicationResourceOwner
}
if authReq.PrivateLabelingSetting == domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy || authReq.PrivateLabelingSetting == domain.PrivateLabelingSettingUnspecified {
if authReq.UserOrgID != "" {
privateLabelingOrgID = authReq.UserOrgID
}
}
return privateLabelingOrgID
}
func (l *Login) getOrgName(authReq *domain.AuthRequest) string { func (l *Login) getOrgName(authReq *domain.AuthRequest) string {
if authReq == nil { if authReq == nil {
return "" return ""
@ -485,6 +499,7 @@ type baseData struct {
Theme string Theme string
ThemeMode string ThemeMode string
DarkMode bool DarkMode bool
PrivateLabelingOrgID string
OrgID string OrgID string
OrgName string OrgName string
PrimaryDomain string PrimaryDomain string

2
internal/ui/login/static/templates/main.html
View File

@ -10,7 +10,7 @@
<link rel="stylesheet" href="{{ resourceThemeUrl "css/zitadel.css" .Theme }}" type="text/css"> <link rel="stylesheet" href="{{ resourceThemeUrl "css/zitadel.css" .Theme }}" type="text/css">
<link rel="icon" type="image/x-icon" href="{{ resourceThemeUrl "favicon.ico" .Theme }}"> <link rel="icon" type="image/x-icon" href="{{ resourceThemeUrl "favicon.ico" .Theme }}">
{{ if hasCustomPolicy .LabelPolicy }} {{ if hasCustomPolicy .LabelPolicy }}
<link rel="stylesheet" href="{{ variablesCssFileUrl .OrgID .LabelPolicy}}" type="text/css"> <link rel="stylesheet" href="{{ variablesCssFileUrl .PrivateLabelingOrgID .LabelPolicy}}" type="text/css">
{{ end}} {{ end}}
<link rel="stylesheet" href="{{ resourceThemeUrl "../../fonts/lgn-icons/css/lgn-icon-font.css" .Theme }}"> <link rel="stylesheet" href="{{ resourceThemeUrl "../../fonts/lgn-icons/css/lgn-icon-font.css" .Theme }}">

5
migrations/cockroach/V1.67__project_private_labeling.sql Normal file
View File

@ -0,0 +1,5 @@
ALTER TABLE management.projects ADD COLUMN private_labeling_setting SMALLINT;
ALTER TABLE authz.applications ADD COLUMN private_labeling_setting SMALLINT;
ALTER TABLE auth.applications ADD COLUMN private_labeling_setting SMALLINT;
ALTER TABLE management.applications ADD COLUMN private_labeling_setting SMALLINT;

2
proto/zitadel/management.proto
View File

@ -3453,6 +3453,7 @@ message AddProjectRequest {
bool project_role_assertion = 2; bool project_role_assertion = 2;
bool project_role_check = 3; bool project_role_check = 3;
bool has_project_check = 4; bool has_project_check = 4;
zitadel.project.v1.PrivateLabelingSetting private_labeling_setting = 5 [(validate.rules).enum = {defined_only: true}];
} }
message AddProjectResponse { message AddProjectResponse {
@ -3466,6 +3467,7 @@ message UpdateProjectRequest {
bool project_role_assertion = 3; bool project_role_assertion = 3;
bool project_role_check = 4; bool project_role_check = 4;
bool has_project_check = 5; bool has_project_check = 5;
zitadel.project.v1.PrivateLabelingSetting private_labeling_setting = 6 [(validate.rules).enum = {defined_only: true}];
} }
message UpdateProjectResponse { message UpdateProjectResponse {

8
proto/zitadel/project.proto
View File

@ -31,6 +31,8 @@ message Project {
bool project_role_check = 6; bool project_role_check = 6;
// ZITADEL checks if the org of the user has permission to this project // ZITADEL checks if the org of the user has permission to this project
bool has_project_check = 7; bool has_project_check = 7;
// Defines from where the private labeling should be triggered
PrivateLabelingSetting private_labeling_setting = 8;
} }
message GrantedProject { message GrantedProject {
@ -90,6 +92,12 @@ enum ProjectState {
PROJECT_STATE_INACTIVE = 2; PROJECT_STATE_INACTIVE = 2;
} }
enum PrivateLabelingSetting {
PRIVATE_LABELING_SETTING_UNSPECIFIED = 0;
PRIVATE_LABELING_SETTING_ENFORCE_PROJECT_RESOURCE_OWNER_POLICY = 1;
PRIVATE_LABELING_SETTING_ALLOW_LOGIN_USER_RESOURCE_OWNER_POLICY = 2;
}
enum ProjectGrantState { enum ProjectGrantState {
PROJECT_GRANT_STATE_UNSPECIFIED = 0; PROJECT_GRANT_STATE_UNSPECIFIED = 0;
PROJECT_GRANT_STATE_ACTIVE = 1; PROJECT_GRANT_STATE_ACTIVE = 1;