TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-03-01 00:37:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: set private labeling setting on project (#2184)

Browse Source 
* docs: add scope to request private labeling

* feat: add enum to project

* fix: remove unused code, add private labeling setting to query side

* fix: set private labeling depending on setting

* fix: private labeling depending on project setting

* Update proto/zitadel/management.proto

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix: rename sql file

* fix: private labeling setting

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
This commit is contained in:
Fabi 2021-08-24 08:34:10 +02:00 committed by GitHub
parent 7993d92907
commit 74688394d8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
47 changed files with 443 additions and 2047 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/docs/apis/openidoauth/scopes.md
View File

@ -23,7 +23,7 @@ ZITADEL supports the usage of scopes as way of requesting information from the I
In addition to the standard compliant scopes we utilize the following scopes.
| Scopes | Example | Description |
|:------------------------------------------------|:-------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|:-------------------------------------------------|:-------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| urn:zitadel:iam:org:project:role:{rolename} | `urn:zitadel:iam:org:project:role:user` | By using this scope a client can request the claim urn:zitadel:iam:roles:rolename} to be asserted when possible. As an alternative approach you can enable all roles to be asserted from the [project](../../guides/usage/projects) a client belongs to. |
| urn:zitadel:iam:org:domain:primary:{domainname} | `urn:zitadel:iam:org:domain:primary:acme.ch` | When requesting this scope **ZITADEL** will enforce that the user is a member of the selected organization. If the organization does not exist a failure is displayed |
| urn:zitadel:iam:role:{rolename} | | |

2
docs/docs/apis/proto/management.md
View File

@ -3277,6 +3277,7 @@ This is an empty request
| project_role_assertion | bool | - | |
| project_role_check | bool | - | |
| has_project_check | bool | - | |
| private_labeling_setting | zitadel.project.v1.PrivateLabelingSetting | - | enum.defined_only: true<br /> |
@ -7522,6 +7523,7 @@ This is an empty request
| project_role_assertion | bool | - | |
| project_role_check | bool | - | |
| has_project_check | bool | - | |
| private_labeling_setting | zitadel.project.v1.PrivateLabelingSetting | - | enum.defined_only: true<br /> |

13
docs/docs/apis/proto/project.md
View File

@ -66,6 +66,7 @@ title: zitadel/project.proto
| project_role_assertion | bool | describes if roles of user should be added in token | |
| project_role_check | bool | ZITADEL checks if the user has at least one on this project | |
| has_project_check | bool | ZITADEL checks if the org of the user has permission to this project | |
| private_labeling_setting | PrivateLabelingSetting | Defines from where the private labeling should be triggered | |
@ -160,6 +161,18 @@ title: zitadel/project.proto
## Enums
### PrivateLabelingSetting {#privatelabelingsetting}
| Name | Number | Description |
| ---- | ------ | ----------- |
| PRIVATE_LABELING_SETTING_UNSPECIFIED | 0 | - |
| PRIVATE_LABELING_SETTING_ENFORCE_PROJECT_RESOURCE_OWNER_POLICY | 1 | - |
| PRIVATE_LABELING_SETTING_ALLOW_LOGIN_USER_RESOURCE_OWNER_POLICY | 2 | - |
### ProjectGrantState {#projectgrantstate}

14
internal/api/grpc/management/project_converter.go
View File

@ -8,6 +8,7 @@ import (
"github.com/caos/zitadel/internal/eventstore/v1/models"
proj_model "github.com/caos/zitadel/internal/project/model"
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
proj_pb "github.com/caos/zitadel/pkg/grpc/project"
)
func ProjectCreateToDomain(req *mgmt_pb.AddProjectRequest) *domain.Project {
@ -16,6 +17,7 @@ func ProjectCreateToDomain(req *mgmt_pb.AddProjectRequest) *domain.Project {
ProjectRoleAssertion: req.ProjectRoleAssertion,
ProjectRoleCheck: req.ProjectRoleCheck,
HasProjectCheck: req.HasProjectCheck,
PrivateLabelingSetting: privateLabelingSettingToDomain(req.PrivateLabelingSetting),
}
}
@ -28,6 +30,18 @@ func ProjectUpdateToDomain(req *mgmt_pb.UpdateProjectRequest) *domain.Project {
ProjectRoleAssertion: req.ProjectRoleAssertion,
ProjectRoleCheck: req.ProjectRoleCheck,
HasProjectCheck: req.HasProjectCheck,
PrivateLabelingSetting: privateLabelingSettingToDomain(req.PrivateLabelingSetting),
}
}
func privateLabelingSettingToDomain(setting proj_pb.PrivateLabelingSetting) domain.PrivateLabelingSetting {
switch setting {
case proj_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_ALLOW_LOGIN_USER_RESOURCE_OWNER_POLICY:
return domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy
case proj_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_ENFORCE_PROJECT_RESOURCE_OWNER_POLICY:
return domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy
default:
return domain.PrivateLabelingSettingUnspecified
}
}

2
internal/api/grpc/project/application.go
View File

@ -22,7 +22,7 @@ func AppsToPb(apps []*proj_model.ApplicationView) []*app_pb.App {
func AppToPb(app *proj_model.ApplicationView) *app_pb.App {
return &app_pb.App{
Id: app.ID,
Details: object_grpc.ToViewDetailsPb(app.Sequence, app.CreationDate, app.ChangeDate, ""), //TODO: RO
Details: object_grpc.ToViewDetailsPb(app.Sequence, app.CreationDate, app.ChangeDate, app.ResourceOwner),
State: AppStateToPb(app.State),
Name: app.Name,
Config: AppConfigToPb(app),

13
internal/api/grpc/project/converter.go
View File

@ -2,6 +2,7 @@ package project
import (
object_grpc "github.com/caos/zitadel/internal/api/grpc/object"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/errors"
proj_model "github.com/caos/zitadel/internal/project/model"
proj_pb "github.com/caos/zitadel/pkg/grpc/project"
@ -16,6 +17,7 @@ func ProjectToPb(project *proj_model.ProjectView) *proj_pb.Project {
ProjectRoleAssertion: project.ProjectRoleAssertion,
ProjectRoleCheck: project.ProjectRoleCheck,
HasProjectCheck: project.HasProjectCheck,
PrivateLabelingSetting: privateLabelingSettingToPb(project.PrivateLabelingSetting),
}
}
@ -61,6 +63,17 @@ func projectStateToPb(state proj_model.ProjectState) proj_pb.ProjectState {
}
}
func privateLabelingSettingToPb(setting domain.PrivateLabelingSetting) proj_pb.PrivateLabelingSetting {
switch setting {
case domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy:
return proj_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_ALLOW_LOGIN_USER_RESOURCE_OWNER_POLICY
case domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy:
return proj_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_ENFORCE_PROJECT_RESOURCE_OWNER_POLICY
default:
return proj_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_UNSPECIFIED
}
}
func grantedProjectStateToPb(state proj_model.ProjectState) proj_pb.ProjectGrantState {
switch state {
case proj_model.ProjectStateActive:

13
internal/auth/repository/eventsourcing/eventstore/auth_request.go
View File

@ -124,6 +124,8 @@ func (repo *AuthRequestRepo) CreateAuthRequest(ctx context.Context, request *dom
}
request.Audience = appIDs
request.AppendAudIfNotExisting(app.ProjectID)
request.ApplicationResourceOwner = app.ResourceOwner
request.PrivateLabelingSetting = app.PrivateLabelingSetting
if err := setOrgID(repo.OrgViewProvider, request); err != nil {
return nil, err
}
@ -510,7 +512,16 @@ func (repo *AuthRequestRepo) fillPolicies(ctx context.Context, request *domain.A
return err
}
request.PrivacyPolicy = privacyPolicy
labelPolicy, err := repo.getLabelPolicy(ctx, orgID)
privateLabelingOrgID := domain.IAMID
if request.PrivateLabelingSetting != domain.PrivateLabelingSettingUnspecified {
privateLabelingOrgID = request.ApplicationResourceOwner
}
if request.PrivateLabelingSetting == domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy || request.PrivateLabelingSetting == domain.PrivateLabelingSettingUnspecified {
if request.UserOrgID != "" {
privateLabelingOrgID = request.UserOrgID
}
}
labelPolicy, err := repo.getLabelPolicy(ctx, privateLabelingOrgID)
if err != nil {
return err
}

1
internal/auth/repository/eventsourcing/handler/application.go
View File

@ -84,6 +84,7 @@ func (a *Application) Reduce(event *models.Event) (err error) {
app.ProjectRoleCheck = project.ProjectRoleCheck
app.HasProjectCheck = project.HasProjectCheck
app.ProjectRoleAssertion = project.ProjectRoleAssertion
app.PrivateLabelingSetting = project.PrivateLabelingSetting
err = app.AppendEvent(event)
case es_model.ApplicationChanged,

12
internal/command/project.go
View File

@ -45,7 +45,14 @@ func (c *Commands) addProject(ctx context.Context, projectAdd *domain.Project, r
projectRole = domain.RoleProjectOwnerGlobal
}
events := []eventstore.EventPusher{
project.NewProjectAddedEvent(ctx, projectAgg, projectAdd.Name, projectAdd.ProjectRoleAssertion, projectAdd.ProjectRoleCheck, projectAdd.HasProjectCheck),
project.NewProjectAddedEvent(
ctx,
projectAgg,
projectAdd.Name,
projectAdd.ProjectRoleAssertion,
projectAdd.ProjectRoleCheck,
projectAdd.HasProjectCheck,
projectAdd.PrivateLabelingSetting),
project.NewProjectMemberAddedEvent(ctx, projectAgg, ownerUserID, projectRole),
}
return events, addedProject, nil
@ -93,7 +100,8 @@ func (c *Commands) ChangeProject(ctx context.Context, projectChange *domain.Proj
projectChange.Name,
projectChange.ProjectRoleAssertion,
projectChange.ProjectRoleCheck,
projectChange.HasProjectCheck)
projectChange.HasProjectCheck,
projectChange.PrivateLabelingSetting)
if err != nil {
return nil, err
}

9
internal/command/project_application_api_test.go
View File

@ -84,7 +84,8 @@ func TestCommandSide_AddAPIApplication(t *testing.T) {
eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true),
"project", true, true, true,
domain.PrivateLabelingSettingUnspecified),
),
),
),
@ -113,7 +114,8 @@ func TestCommandSide_AddAPIApplication(t *testing.T) {
eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true),
"project", true, true, true,
domain.PrivateLabelingSettingUnspecified),
),
),
expectPush(
@ -180,7 +182,8 @@ func TestCommandSide_AddAPIApplication(t *testing.T) {
eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true),
"project", true, true, true,
domain.PrivateLabelingSettingUnspecified),
),
),
expectPush(

6
internal/command/project_application_oidc_test.go
View File

@ -87,7 +87,8 @@ func TestCommandSide_AddOIDCApplication(t *testing.T) {
eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true),
"project", true, true, true,
domain.PrivateLabelingSettingUnspecified),
),
),
),
@ -116,7 +117,8 @@ func TestCommandSide_AddOIDCApplication(t *testing.T) {
eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true),
"project", true, true, true,
domain.PrivateLabelingSettingUnspecified),
),
),
expectPush(

1
internal/command/project_converter.go
View File

@ -11,6 +11,7 @@ func projectWriteModelToProject(writeModel *ProjectWriteModel) *domain.Project {
ProjectRoleAssertion: writeModel.ProjectRoleAssertion,
ProjectRoleCheck: writeModel.ProjectRoleCheck,
HasProjectCheck: writeModel.HasProjectCheck,
PrivateLabelingSetting: writeModel.PrivateLabelingSetting,
}
}

19
internal/command/project_grant_test.go
View File

@ -88,6 +88,7 @@ func TestCommandSide_AddProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
),
@ -117,6 +118,7 @@ func TestCommandSide_AddProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
eventFromEventPusher(
@ -153,6 +155,7 @@ func TestCommandSide_AddProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
eventFromEventPusher(
@ -342,6 +345,7 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
),
@ -380,6 +384,7 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
eventFromEventPusher(
@ -425,6 +430,7 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
eventFromEventPusher(
@ -478,6 +484,7 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
eventFromEventPusher(
@ -557,6 +564,7 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
eventFromEventPusher(
@ -638,6 +646,7 @@ func TestCommandSide_ChangeProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
eventFromEventPusher(
@ -814,6 +823,7 @@ func TestCommandSide_DeactivateProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
),
@ -840,6 +850,7 @@ func TestCommandSide_DeactivateProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
),
@ -877,6 +888,7 @@ func TestCommandSide_DeactivateProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
),
@ -1010,6 +1022,7 @@ func TestCommandSide_ReactivateProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
),
@ -1036,6 +1049,7 @@ func TestCommandSide_ReactivateProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
),
@ -1069,6 +1083,7 @@ func TestCommandSide_ReactivateProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
),
@ -1207,6 +1222,7 @@ func TestCommandSide_RemoveProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
),
@ -1233,6 +1249,7 @@ func TestCommandSide_RemoveProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
),
@ -1278,6 +1295,7 @@ func TestCommandSide_RemoveProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
),
@ -1325,6 +1343,7 @@ func TestCommandSide_RemoveProjectGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
),

9
internal/command/project_model.go
View File

@ -15,6 +15,7 @@ type ProjectWriteModel struct {
ProjectRoleAssertion bool
ProjectRoleCheck bool
HasProjectCheck bool
PrivateLabelingSetting domain.PrivateLabelingSetting
State domain.ProjectState
}
@ -35,6 +36,7 @@ func (wm *ProjectWriteModel) Reduce() error {
wm.ProjectRoleAssertion = e.ProjectRoleAssertion
wm.ProjectRoleCheck = e.ProjectRoleCheck
wm.HasProjectCheck = e.HasProjectCheck
wm.PrivateLabelingSetting = e.PrivateLabelingSetting
wm.State = domain.ProjectStateActive
case *project.ProjectChangeEvent:
if e.Name != nil {
@ -49,6 +51,9 @@ func (wm *ProjectWriteModel) Reduce() error {
if e.HasProjectCheck != nil {
wm.HasProjectCheck = *e.HasProjectCheck
}
if e.PrivateLabelingSetting != nil {
wm.PrivateLabelingSetting = *e.PrivateLabelingSetting
}
case *project.ProjectDeactivatedEvent:
if wm.State == domain.ProjectStateRemoved {
continue
@ -87,6 +92,7 @@ func (wm *ProjectWriteModel) NewChangedEvent(
projectRoleAssertion,
projectRoleCheck,
hasProjectCheck bool,
privateLabelingSetting domain.PrivateLabelingSetting,
) (*project.ProjectChangeEvent, bool, error) {
changes := make([]project.ProjectChanges, 0)
var err error
@ -105,6 +111,9 @@ func (wm *ProjectWriteModel) NewChangedEvent(
if wm.HasProjectCheck != hasProjectCheck {
changes = append(changes, project.ChangeHasProjectCheck(hasProjectCheck))
}
if wm.PrivateLabelingSetting != privateLabelingSetting {
changes = append(changes, project.ChangePrivateLabelingSetting(privateLabelingSetting))
}
if len(changes) == 0 {
return nil, false, nil
}

12
internal/command/project_role_test.go
View File

@ -42,6 +42,7 @@ func TestCommandSide_AddProjectRole(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
eventFromEventPusher(
@ -77,6 +78,7 @@ func TestCommandSide_AddProjectRole(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
),
@ -105,6 +107,7 @@ func TestCommandSide_AddProjectRole(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
),
@ -149,6 +152,7 @@ func TestCommandSide_AddProjectRole(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
),
@ -241,6 +245,7 @@ func TestCommandSide_BulkAddProjectRole(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
eventFromEventPusher(
@ -278,6 +283,7 @@ func TestCommandSide_BulkAddProjectRole(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
),
@ -310,6 +316,7 @@ func TestCommandSide_BulkAddProjectRole(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
),
@ -368,6 +375,7 @@ func TestCommandSide_BulkAddProjectRole(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
),
@ -487,6 +495,7 @@ func TestCommandSide_ChangeProjectRole(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
eventFromEventPusher(
@ -522,6 +531,7 @@ func TestCommandSide_ChangeProjectRole(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
),
@ -569,6 +579,7 @@ func TestCommandSide_ChangeProjectRole(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
),
@ -610,6 +621,7 @@ func TestCommandSide_ChangeProjectRole(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
),

58
internal/command/project_test.go
View File

@ -74,6 +74,7 @@ func TestCommandSide_AddProject(t *testing.T) {
context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy,
),
),
eventFromEventPusher(project.NewProjectMemberAddedEvent(
@ -97,6 +98,7 @@ func TestCommandSide_AddProject(t *testing.T) {
ProjectRoleAssertion: true,
ProjectRoleCheck: true,
HasProjectCheck: true,
PrivateLabelingSetting: domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy,
},
resourceOwner: "org1",
ownerID: "user1",
@ -124,6 +126,7 @@ func TestCommandSide_AddProject(t *testing.T) {
context.Background(),
&project.NewAggregate("project1", "globalorg").Aggregate,
"project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy,
),
),
eventFromEventPusher(project.NewProjectMemberAddedEvent(
@ -147,6 +150,7 @@ func TestCommandSide_AddProject(t *testing.T) {
ProjectRoleAssertion: true,
ProjectRoleCheck: true,
HasProjectCheck: true,
PrivateLabelingSetting: domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy,
},
resourceOwner: "globalorg",
ownerID: "user1",
@ -161,6 +165,7 @@ func TestCommandSide_AddProject(t *testing.T) {
ProjectRoleAssertion: true,
ProjectRoleCheck: true,
HasProjectCheck: true,
PrivateLabelingSetting: domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy,
},
},
},
@ -183,6 +188,7 @@ func TestCommandSide_AddProject(t *testing.T) {
context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy,
),
),
eventFromEventPusher(project.NewProjectMemberAddedEvent(
@ -206,6 +212,7 @@ func TestCommandSide_AddProject(t *testing.T) {
ProjectRoleAssertion: true,
ProjectRoleCheck: true,
HasProjectCheck: true,
PrivateLabelingSetting: domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy,
},
resourceOwner: "org1",
ownerID: "user1",
@ -220,6 +227,7 @@ func TestCommandSide_AddProject(t *testing.T) {
ProjectRoleAssertion: true,
ProjectRoleCheck: true,
HasProjectCheck: true,
PrivateLabelingSetting: domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy,
},
},
},
@ -332,7 +340,8 @@ func TestCommandSide_ChangeProject(t *testing.T) {
eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true),
"project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
),
eventFromEventPusher(
project.NewProjectRemovedEvent(context.Background(),
@ -365,7 +374,8 @@ func TestCommandSide_ChangeProject(t *testing.T) {
eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true),
"project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
),
),
),
@ -380,6 +390,7 @@ func TestCommandSide_ChangeProject(t *testing.T) {
ProjectRoleAssertion: true,
ProjectRoleCheck: true,
HasProjectCheck: true,
PrivateLabelingSetting: domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy,
},
resourceOwner: "org1",
},
@ -396,7 +407,8 @@ func TestCommandSide_ChangeProject(t *testing.T) {
eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true),
"project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
),
),
expectPush(
@ -409,7 +421,8 @@ func TestCommandSide_ChangeProject(t *testing.T) {
"project-new",
false,
false,
false),
false,
domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy),
),
},
uniqueConstraintsFromEventConstraint(project.NewRemoveProjectNameUniqueConstraint("project", "org1")),
@ -427,6 +440,7 @@ func TestCommandSide_ChangeProject(t *testing.T) {
ProjectRoleAssertion: false,
ProjectRoleCheck: false,
HasProjectCheck: false,
PrivateLabelingSetting: domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy,
},
resourceOwner: "org1",
},
@ -440,6 +454,7 @@ func TestCommandSide_ChangeProject(t *testing.T) {
ProjectRoleAssertion: false,
ProjectRoleCheck: false,
HasProjectCheck: false,
PrivateLabelingSetting: domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy,
},
},
},
@ -452,7 +467,8 @@ func TestCommandSide_ChangeProject(t *testing.T) {
eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true),
"project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
),
),
expectPush(
@ -465,7 +481,8 @@ func TestCommandSide_ChangeProject(t *testing.T) {
"",
false,
false,
false),
false,
domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy),
),
},
),
@ -481,6 +498,7 @@ func TestCommandSide_ChangeProject(t *testing.T) {
ProjectRoleAssertion: false,
ProjectRoleCheck: false,
HasProjectCheck: false,
PrivateLabelingSetting: domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy,
},
resourceOwner: "org1",
},
@ -494,6 +512,7 @@ func TestCommandSide_ChangeProject(t *testing.T) {
ProjectRoleAssertion: false,
ProjectRoleCheck: false,
HasProjectCheck: false,
PrivateLabelingSetting: domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy,
},
},
},
@ -594,7 +613,8 @@ func TestCommandSide_DeactivateProject(t *testing.T) {
eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true),
"project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
),
eventFromEventPusher(
project.NewProjectRemovedEvent(context.Background(),
@ -622,7 +642,8 @@ func TestCommandSide_DeactivateProject(t *testing.T) {
eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true),
"project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
),
eventFromEventPusher(
project.NewProjectDeactivatedEvent(context.Background(),
@ -649,7 +670,8 @@ func TestCommandSide_DeactivateProject(t *testing.T) {
eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true),
"project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
),
),
expectPush(
@ -770,7 +792,8 @@ func TestCommandSide_ReactivateProject(t *testing.T) {
eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true),
"project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
),
eventFromEventPusher(
project.NewProjectRemovedEvent(context.Background(),
@ -798,7 +821,8 @@ func TestCommandSide_ReactivateProject(t *testing.T) {
eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true),
"project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
),
),
),
@ -821,7 +845,8 @@ func TestCommandSide_ReactivateProject(t *testing.T) {
eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true),
"project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
),
eventFromEventPusher(
project.NewProjectDeactivatedEvent(context.Background(),
@ -946,7 +971,8 @@ func TestCommandSide_RemoveProject(t *testing.T) {
eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true),
"project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
),
eventFromEventPusher(
project.NewProjectRemovedEvent(context.Background(),
@ -974,7 +1000,8 @@ func TestCommandSide_RemoveProject(t *testing.T) {
eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"project", true, true, true),
"project", true, true, true,
domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy),
),
),
expectPush(
@ -1020,11 +1047,12 @@ func TestCommandSide_RemoveProject(t *testing.T) {
}
}
func newProjectChangedEvent(ctx context.Context, projectID, resourceOwner, oldName, newName string, roleAssertion, roleCheck, hasProjectCheck bool) *project.ProjectChangeEvent {
func newProjectChangedEvent(ctx context.Context, projectID, resourceOwner, oldName, newName string, roleAssertion, roleCheck, hasProjectCheck bool, privateLabelingSetting domain.PrivateLabelingSetting) *project.ProjectChangeEvent {
changes := []project.ProjectChanges{
project.ChangeProjectRoleAssertion(roleAssertion),
project.ChangeProjectRoleCheck(roleCheck),
project.ChangeHasProjectCheck(hasProjectCheck),
project.ChangePrivateLabelingSetting(privateLabelingSetting),
}
if newName != "" {
changes = append(changes, project.ChangeName(newName))

12
internal/command/user_grant_test.go
View File

@ -141,6 +141,7 @@ func TestCommandSide_AddUserGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
eventFromEventPusher(
@ -188,6 +189,7 @@ func TestCommandSide_AddUserGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
),
@ -230,6 +232,7 @@ func TestCommandSide_AddUserGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
),
@ -273,6 +276,7 @@ func TestCommandSide_AddUserGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
eventFromEventPusher(
@ -332,6 +336,7 @@ func TestCommandSide_AddUserGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
eventFromEventPusher(
@ -404,6 +409,7 @@ func TestCommandSide_AddUserGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
eventFromEventPusher(
@ -718,6 +724,7 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
eventFromEventPusher(
@ -777,6 +784,7 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
),
@ -831,6 +839,7 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
),
@ -886,6 +895,7 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
eventFromEventPusher(
@ -957,6 +967,7 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
eventFromEventPusher(
@ -1044,6 +1055,7 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) {
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1", true, true, true,
domain.PrivateLabelingSettingUnspecified,
),
),
eventFromEventPusher(

2
internal/domain/auth_request.go
View File

@ -36,6 +36,8 @@ type AuthRequest struct {
RequestedOrgID string
RequestedOrgName string
RequestedPrimaryDomain string
ApplicationResourceOwner string
PrivateLabelingSetting PrivateLabelingSetting
SelectedIDPConfigID string
LinkingUsers []*ExternalUser
PossibleSteps []NextStep

9
internal/domain/project.go
View File

@ -12,6 +12,7 @@ type Project struct {
ProjectRoleAssertion bool
ProjectRoleCheck bool
HasProjectCheck bool
PrivateLabelingSetting PrivateLabelingSetting
}
type ProjectState int32
@ -23,6 +24,14 @@ const (
ProjectStateRemoved
)
type PrivateLabelingSetting int32
const (
PrivateLabelingSettingUnspecified PrivateLabelingSetting = iota
PrivateLabelingSettingEnforceProjectResourceOwnerPolicy
PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy
)
func (o *Project) IsValid() bool {
return o.Name != ""
}

1
internal/management/repository/eventsourcing/handler/application.go
View File

@ -86,6 +86,7 @@ func (a *Application) Reduce(event *models.Event) (err error) {
app.ProjectRoleCheck = project.ProjectRoleCheck
app.HasProjectCheck = project.HasProjectCheck
app.ProjectRoleAssertion = project.ProjectRoleAssertion
app.PrivateLabelingSetting = project.PrivateLabelingSetting
err = app.AppendEvent(event)
case es_model.ApplicationChanged,

3
internal/project/model/application_view.go
View File

@ -13,9 +13,12 @@ type ApplicationView struct {
Name string
CreationDate time.Time
ChangeDate time.Time
ResourceOwner string
State AppState
ProjectRoleAssertion bool
ProjectRoleCheck bool
HasProjectCheck bool
PrivateLabelingSetting domain.PrivateLabelingSetting
IsOIDC bool
OIDCVersion OIDCVersion

11
internal/project/model/project.go
View File

@ -3,6 +3,7 @@ package model
import (
"github.com/golang/protobuf/ptypes/timestamp"
"github.com/caos/zitadel/internal/domain"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
)
@ -18,6 +19,7 @@ type Project struct {
ProjectRoleAssertion bool
ProjectRoleCheck bool
HasProjectCheck bool
PrivateLabelingSetting domain.PrivateLabelingSetting
}
type ProjectChanges struct {
Changes []*ProjectChange
@ -55,15 +57,6 @@ func (p *Project) IsValid() bool {
return p.Name != ""
}
func (p *Project) GetMember(userID string) (int, *ProjectMember) {
for i, m := range p.Members {
if m.UserID == userID {
return i, m
}
}
return -1, nil
}
func (p *Project) ContainsRole(role *ProjectRole) bool {
for _, r := range p.Roles {
if r.Key == role.Key {

1
internal/project/model/project_view.go
View File

@ -17,6 +17,7 @@ type ProjectView struct {
ProjectRoleAssertion bool
ProjectRoleCheck bool
HasProjectCheck bool
PrivateLabelingSetting domain.PrivateLabelingSetting
Sequence uint64
}

35
internal/project/repository/eventsourcing/cache.go
View File

@ -1,35 +0,0 @@
package eventsourcing
import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/cache"
"github.com/caos/zitadel/internal/cache/config"
"github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
)
type ProjectCache struct {
projectCache cache.Cache
}
func StartCache(conf *config.CacheConfig) (*ProjectCache, error) {
projectCache, err := conf.Config.NewCache()
logging.Log("EVENT-CsHdo").OnError(err).Panic("unable to create project cache")
return &ProjectCache{projectCache: projectCache}, nil
}
func (c *ProjectCache) getProject(ID string) (project *model.Project) {
project = &model.Project{ObjectRoot: models.ObjectRoot{AggregateID: ID}}
if err := c.projectCache.Get(ID, project); err != nil {
logging.Log("EVENT-tMydV").WithError(err).Debug("error in getting cache")
}
return project
}
func (c *ProjectCache) cacheProject(project *model.Project) {
err := c.projectCache.Set(project.AggregateID, project)
if err != nil {
logging.Log("EVENT-3wKzj").WithError(err).Debug("error in setting project cache")
}
}

46
internal/project/repository/eventsourcing/eventstore.go
View File

@ -1,46 +0,0 @@
package eventsourcing
//
//import (
// "github.com/caos/zitadel/internal/cache/config"
// sd "github.com/caos/zitadel/internal/config/systemdefaults"
// "github.com/caos/zitadel/internal/crypto"
// es_int "github.com/caos/zitadel/internal/eventstore"
// "github.com/caos/zitadel/internal/id"
//)
//
//const (
// projectOwnerRole = "PROJECT_OWNER"
// projectOwnerGlobalRole = "PROJECT_OWNER_GLOBAL"
//)
//
//type ProjectEventstore struct {
// es_int.Eventstore
// projectCache *ProjectCache
// passwordAlg crypto.HashAlgorithm
// pwGenerator crypto.Generator
// idGenerator id.Generator
// ClientKeySize int
//}
//
//type ProjectConfig struct {
// es_int.Eventstore
// Cache *config.CacheConfig
//}
//
//func StartProject(conf ProjectConfig, systemDefaults sd.SystemDefaults) (*ProjectEventstore, error) {
// projectCache, err := StartCache(conf.Cache)
// if err != nil {
// return nil, err
// }
// passwordAlg := crypto.NewBCrypt(systemDefaults.SecretGenerators.PasswordSaltCost)
// pwGenerator := crypto.NewHashGenerator(systemDefaults.SecretGenerators.ClientSecretGenerator, passwordAlg)
// return &ProjectEventstore{
// Eventstore: conf.Eventstore,
// projectCache: projectCache,
// passwordAlg: passwordAlg,
// pwGenerator: pwGenerator,
// idGenerator: id.SonyFlakeGenerator,
// ClientKeySize: int(systemDefaults.SecretGenerators.ApplicationKeySize),
// }, nil
//}

31
internal/project/repository/eventsourcing/model/api_config.go
View File

@ -6,7 +6,6 @@ import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/crypto"
"github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/project/model"
)
@ -51,36 +50,6 @@ func APIConfigToModel(config *APIConfig) *model.APIConfig {
return oidcConfig
}
func (p *Project) appendAddAPIConfigEvent(event *es_models.Event) error {
config := new(APIConfig)
err := config.setData(event)
if err != nil {
return err
}
config.ObjectRoot.CreationDate = event.CreationDate
if i, a := GetApplication(p.Applications, config.AppID); a != nil {
p.Applications[i].Type = int32(model.AppTypeAPI)
p.Applications[i].APIConfig = config
}
return nil
}
func (p *Project) appendChangeAPIConfigEvent(event *es_models.Event) error {
config := new(APIConfig)
err := config.setData(event)
if err != nil {
return err
}
if i, a := GetApplication(p.Applications, config.AppID); a != nil {
if p.Applications[i].APIConfig == nil {
return errors.ThrowInvalidArgument(nil, "MODEL-ADbsd", "api config is nil")
}
return p.Applications[i].APIConfig.setData(event)
}
return nil
}
func (o *APIConfig) setData(event *es_models.Event) error {
o.ObjectRoot.AppendEvent(event)
if err := json.Unmarshal(event.Data, o); err != nil {

111
internal/project/repository/eventsourcing/model/application.go
View File

@ -6,7 +6,6 @@ import (
"github.com/caos/logging"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/project/model"
)
type Application struct {
@ -33,116 +32,6 @@ func GetApplication(apps []*Application, id string) (int, *Application) {
return -1, nil
}
func (a *Application) Changes(changed *Application) map[string]interface{} {
changes := make(map[string]interface{}, 1)
changes["appId"] = a.AppID
if changed.Name != "" && a.Name != changed.Name {
changes["name"] = changed.Name
}
return changes
}
func AppsToModel(apps []*Application) []*model.Application {
convertedApps := make([]*model.Application, len(apps))
for i, a := range apps {
convertedApps[i] = AppToModel(a)
}
return convertedApps
}
func AppsFromModel(apps []*model.Application) []*Application {
convertedApps := make([]*Application, len(apps))
for i, a := range apps {
convertedApps[i] = AppFromModel(a)
}
return convertedApps
}
func AppFromModel(app *model.Application) *Application {
converted := &Application{
ObjectRoot: app.ObjectRoot,
AppID: app.AppID,
Name: app.Name,
State: int32(app.State),
Type: int32(app.Type),
}
if app.OIDCConfig != nil {
converted.OIDCConfig = OIDCConfigFromModel(app.OIDCConfig)
}
if app.APIConfig != nil {
converted.APIConfig = APIConfigFromModel(app.APIConfig)
}
return converted
}
func AppToModel(app *Application) *model.Application {
converted := &model.Application{
ObjectRoot: app.ObjectRoot,
AppID: app.AppID,
Name: app.Name,
State: model.AppState(app.State),
Type: model.AppType(app.Type),
}
if app.OIDCConfig != nil {
converted.OIDCConfig = OIDCConfigToModel(app.OIDCConfig)
}
if app.APIConfig != nil {
converted.APIConfig = APIConfigToModel(app.APIConfig)
}
return converted
}
func (p *Project) appendAddAppEvent(event *es_models.Event) error {
app := new(Application)
err := app.setData(event)
if err != nil {
return err
}
app.ObjectRoot.CreationDate = event.CreationDate
p.Applications = append(p.Applications, app)
return nil
}
func (p *Project) appendChangeAppEvent(event *es_models.Event) error {
app := new(Application)
err := app.setData(event)
if err != nil {
return err
}
if i, a := GetApplication(p.Applications, app.AppID); a != nil {
return p.Applications[i].setData(event)
}
return nil
}
func (p *Project) appendRemoveAppEvent(event *es_models.Event) error {
app := new(Application)
err := app.setData(event)
if err != nil {
return err
}
if i, a := GetApplication(p.Applications, app.AppID); a != nil {
p.Applications[i] = p.Applications[len(p.Applications)-1]
p.Applications[len(p.Applications)-1] = nil
p.Applications = p.Applications[:len(p.Applications)-1]
}
return nil
}
func (p *Project) appendAppStateEvent(event *es_models.Event, state model.AppState) error {
app := new(Application)
err := app.setData(event)
if err != nil {
return err
}
if i, a := GetApplication(p.Applications, app.AppID); a != nil {
a.State = int32(state)
p.Applications[i] = a
}
return nil
}
func (a *Application) setData(event *es_models.Event) error {
a.ObjectRoot.AppendEvent(event)
if err := json.Unmarshal(event.Data, a); err != nil {

246
internal/project/repository/eventsourcing/model/application_test.go
View File

@ -1,246 +0,0 @@
package model
import (
"encoding/json"
"testing"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/project/model"
)
func TestApplicationChanges(t *testing.T) {
type args struct {
existingProject *Application
newProject *Application
}
type res struct {
changesLen int
}
tests := []struct {
name string
args args
res res
}{
{
name: "application name changes",
args: args{
existingProject: &Application{AppID: "AppID", Name: "Name"},
newProject: &Application{AppID: "AppID", Name: "NameChanged"},
},
res: res{
changesLen: 2,
},
},
{
name: "no changes",
args: args{
existingProject: &Application{AppID: "AppID", Name: "Name"},
newProject: &Application{AppID: "AppID", Name: "Name"},
},
res: res{
changesLen: 1,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
changes := tt.args.existingProject.Changes(tt.args.newProject)
if len(changes) != tt.res.changesLen {
t.Errorf("got wrong changes len: expected: %v, actual: %v ", tt.res.changesLen, len(changes))
}
})
}
}
func TestAppendAddAppEvent(t *testing.T) {
type args struct {
project *Project
app *Application
event *es_models.Event
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append add application event",
args: args{
project: &Project{},
app: &Application{Name: "Application"},
event: &es_models.Event{},
},
result: &Project{
Applications: []*Application{
{Name: "Application"},
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.app != nil {
data, _ := json.Marshal(tt.args.app)
tt.args.event.Data = data
}
tt.args.project.appendAddAppEvent(tt.args.event)
if len(tt.args.project.Applications) != 1 {
t.Errorf("got wrong result should have one app actual: %v ", len(tt.args.project.Applications))
}
if tt.args.project.Applications[0] == tt.result.Applications[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.Applications[0], tt.args.project.Applications[0])
}
})
}
}
func TestAppendChangeAppEvent(t *testing.T) {
type args struct {
project *Project
app *Application
event *es_models.Event
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append change application event",
args: args{
project: &Project{
Applications: []*Application{
{Name: "Application"},
},
},
app: &Application{Name: "Application Change"},
event: &es_models.Event{},
},
result: &Project{
Applications: []*Application{
{Name: "Application Change"},
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.app != nil {
data, _ := json.Marshal(tt.args.app)
tt.args.event.Data = data
}
tt.args.project.appendChangeAppEvent(tt.args.event)
if len(tt.args.project.Applications) != 1 {
t.Errorf("got wrong result should have one app actual: %v ", len(tt.args.project.Applications))
}
if tt.args.project.Applications[0] == tt.result.Applications[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.Applications[0], tt.args.project.Applications[0])
}
})
}
}
func TestAppendRemoveAppEvent(t *testing.T) {
type args struct {
project *Project
app *Application
event *es_models.Event
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append remove application event",
args: args{
project: &Project{
Applications: []*Application{
{AppID: "AppID", Name: "Application"},
},
},
app: &Application{AppID: "AppID", Name: "Application"},
event: &es_models.Event{},
},
result: &Project{Applications: []*Application{}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.app != nil {
data, _ := json.Marshal(tt.args.app)
tt.args.event.Data = data
}
tt.args.project.appendRemoveAppEvent(tt.args.event)
if len(tt.args.project.Applications) != 0 {
t.Errorf("got wrong result should have no apps actual: %v ", len(tt.args.project.Applications))
}
})
}
}
func TestAppendAppStateEvent(t *testing.T) {
type args struct {
project *Project
app *ApplicationID
event *es_models.Event
state model.AppState
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append deactivate application event",
args: args{
project: &Project{
Applications: []*Application{
{AppID: "AppID", Name: "Application", State: int32(model.AppStateActive)},
},
},
app: &ApplicationID{AppID: "AppID"},
event: &es_models.Event{},
state: model.AppStateInactive,
},
result: &Project{
Applications: []*Application{
{AppID: "AppID", Name: "Application", State: int32(model.AppStateInactive)},
},
},
},
{
name: "append reactivate application event",
args: args{
project: &Project{
Applications: []*Application{
{AppID: "AppID", Name: "Application", State: int32(model.AppStateInactive)},
},
},
app: &ApplicationID{AppID: "AppID"},
event: &es_models.Event{},
state: model.AppStateActive,
},
result: &Project{
Applications: []*Application{
{AppID: "AppID", Name: "Application", State: int32(model.AppStateActive)},
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.app != nil {
data, _ := json.Marshal(tt.args.app)
tt.args.event.Data = data
}
tt.args.project.appendAppStateEvent(tt.args.event, tt.args.state)
if len(tt.args.project.Applications) != 1 {
t.Errorf("got wrong result should have one app actual: %v ", len(tt.args.project.Applications))
}
if tt.args.project.Applications[0] == tt.result.Applications[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.Applications[0], tt.args.project.Applications[0])
}
})
}
}

202
internal/project/repository/eventsourcing/model/oidc_config.go
View File

@ -2,7 +2,6 @@ package model
import (
"encoding/json"
"reflect"
"time"
"github.com/caos/logging"
@ -35,187 +34,6 @@ type OIDCConfig struct {
ClientKeys []*ClientKey `json:"-"`
}
func (c *OIDCConfig) Changes(changed *OIDCConfig) map[string]interface{} {
changes := make(map[string]interface{}, 1)
changes["appId"] = c.AppID
if !reflect.DeepEqual(c.RedirectUris, changed.RedirectUris) {
changes["redirectUris"] = changed.RedirectUris
}
if !reflect.DeepEqual(c.ResponseTypes, changed.ResponseTypes) {
changes["responseTypes"] = changed.ResponseTypes
}
if !reflect.DeepEqual(c.GrantTypes, changed.GrantTypes) {
changes["grantTypes"] = changed.GrantTypes
}
if c.ApplicationType != changed.ApplicationType {
changes["applicationType"] = changed.ApplicationType
}
if c.AuthMethodType != changed.AuthMethodType {
changes["authMethodType"] = changed.AuthMethodType
}
if c.Version != changed.Version {
changes["oidcVersion"] = changed.Version
}
if !reflect.DeepEqual(c.PostLogoutRedirectUris, changed.PostLogoutRedirectUris) {
changes["postLogoutRedirectUris"] = changed.PostLogoutRedirectUris
}
if c.DevMode != changed.DevMode {
changes["devMode"] = changed.DevMode
}
if c.AccessTokenType != changed.AccessTokenType {
changes["accessTokenType"] = changed.AccessTokenType
}
if c.AccessTokenRoleAssertion != changed.AccessTokenRoleAssertion {
changes["accessTokenRoleAssertion"] = changed.AccessTokenRoleAssertion
}
if c.IDTokenRoleAssertion != changed.IDTokenRoleAssertion {
changes["idTokenRoleAssertion"] = changed.IDTokenRoleAssertion
}
if c.IDTokenUserinfoAssertion != changed.IDTokenUserinfoAssertion {
changes["idTokenUserinfoAssertion"] = changed.IDTokenUserinfoAssertion
}
if c.ClockSkew != changed.ClockSkew {
changes["clockSkew"] = changed.ClockSkew
}
return changes
}
func OIDCConfigFromModel(config *model.OIDCConfig) *OIDCConfig {
responseTypes := make([]int32, len(config.ResponseTypes))
for i, rt := range config.ResponseTypes {
responseTypes[i] = int32(rt)
}
grantTypes := make([]int32, len(config.GrantTypes))
for i, rt := range config.GrantTypes {
grantTypes[i] = int32(rt)
}
return &OIDCConfig{
ObjectRoot: config.ObjectRoot,
AppID: config.AppID,
Version: int32(config.OIDCVersion),
ClientID: config.ClientID,
ClientSecret: config.ClientSecret,
RedirectUris: config.RedirectUris,
ResponseTypes: responseTypes,
GrantTypes: grantTypes,
ApplicationType: int32(config.ApplicationType),
AuthMethodType: int32(config.AuthMethodType),
PostLogoutRedirectUris: config.PostLogoutRedirectUris,
DevMode: config.DevMode,
AccessTokenType: int32(config.AccessTokenType),
AccessTokenRoleAssertion: config.AccessTokenRoleAssertion,
IDTokenRoleAssertion: config.IDTokenRoleAssertion,
IDTokenUserinfoAssertion: config.IDTokenUserinfoAssertion,
ClockSkew: config.ClockSkew,
}
}
func OIDCConfigToModel(config *OIDCConfig) *model.OIDCConfig {
responseTypes := make([]model.OIDCResponseType, len(config.ResponseTypes))
for i, rt := range config.ResponseTypes {
responseTypes[i] = model.OIDCResponseType(rt)
}
grantTypes := make([]model.OIDCGrantType, len(config.GrantTypes))
for i, rt := range config.GrantTypes {
grantTypes[i] = model.OIDCGrantType(rt)
}
oidcConfig := &model.OIDCConfig{
ObjectRoot: config.ObjectRoot,
AppID: config.AppID,
OIDCVersion: model.OIDCVersion(config.Version),
ClientID: config.ClientID,
ClientSecret: config.ClientSecret,
RedirectUris: config.RedirectUris,
ResponseTypes: responseTypes,
GrantTypes: grantTypes,
ApplicationType: model.OIDCApplicationType(config.ApplicationType),
AuthMethodType: model.OIDCAuthMethodType(config.AuthMethodType),
PostLogoutRedirectUris: config.PostLogoutRedirectUris,
DevMode: config.DevMode,
AccessTokenType: model.OIDCTokenType(config.AccessTokenType),
AccessTokenRoleAssertion: config.AccessTokenRoleAssertion,
IDTokenRoleAssertion: config.IDTokenRoleAssertion,
IDTokenUserinfoAssertion: config.IDTokenUserinfoAssertion,
ClockSkew: config.ClockSkew,
ClientKeys: ClientKeysToModel(config.ClientKeys),
}
oidcConfig.FillCompliance()
return oidcConfig
}
func (p *Project) appendAddOIDCConfigEvent(event *es_models.Event) error {
config := new(OIDCConfig)
err := config.setData(event)
if err != nil {
return err
}
config.ObjectRoot.CreationDate = event.CreationDate
if i, a := GetApplication(p.Applications, config.AppID); a != nil {
p.Applications[i].Type = int32(model.AppTypeOIDC)
p.Applications[i].OIDCConfig = config
}
return nil
}
func (p *Project) appendChangeOIDCConfigEvent(event *es_models.Event) error {
config := new(OIDCConfig)
err := config.setData(event)
if err != nil {
return err
}
if i, a := GetApplication(p.Applications, config.AppID); a != nil {
if p.Applications[i].OIDCConfig == nil {
return errors.ThrowInvalidArgument(nil, "MODEL-aBR5G", "oidc config is nil")
}
return p.Applications[i].OIDCConfig.setData(event)
}
return nil
}
func (p *Project) appendAddClientKeyEvent(event *es_models.Event) error {
key := new(ClientKey)
err := key.SetData(event)
if err != nil {
return err
}
if i, a := GetApplication(p.Applications, key.ApplicationID); a != nil {
if a.OIDCConfig != nil {
p.Applications[i].OIDCConfig.ClientKeys = append(p.Applications[i].OIDCConfig.ClientKeys, key)
}
if a.APIConfig != nil {
p.Applications[i].APIConfig.ClientKeys = append(p.Applications[i].APIConfig.ClientKeys, key)
}
}
return nil
}
func (p *Project) appendRemoveClientKeyEvent(event *es_models.Event) error {
key := new(ClientKey)
err := key.SetData(event)
if err != nil {
return err
}
if i, a := GetApplication(p.Applications, key.ApplicationID); a != nil {
if a.OIDCConfig != nil {
if j, k := GetClientKey(p.Applications[i].OIDCConfig.ClientKeys, key.KeyID); k != nil {
p.Applications[i].OIDCConfig.ClientKeys[j] = p.Applications[i].OIDCConfig.ClientKeys[len(p.Applications[i].OIDCConfig.ClientKeys)-1]
p.Applications[i].OIDCConfig.ClientKeys[len(p.Applications[i].OIDCConfig.ClientKeys)-1] = nil
p.Applications[i].OIDCConfig.ClientKeys = p.Applications[i].OIDCConfig.ClientKeys[:len(p.Applications[i].OIDCConfig.ClientKeys)-1]
}
}
if a.APIConfig != nil {
if j, k := GetClientKey(p.Applications[i].APIConfig.ClientKeys, key.KeyID); k != nil {
p.Applications[i].APIConfig.ClientKeys[j] = p.Applications[i].APIConfig.ClientKeys[len(p.Applications[i].APIConfig.ClientKeys)-1]
p.Applications[i].APIConfig.ClientKeys[len(p.Applications[i].APIConfig.ClientKeys)-1] = nil
p.Applications[i].APIConfig.ClientKeys = p.Applications[i].APIConfig.ClientKeys[:len(p.Applications[i].APIConfig.ClientKeys)-1]
}
}
}
return nil
}
func (o *OIDCConfig) setData(event *es_models.Event) error {
o.ObjectRoot.AppendEvent(event)
if err := json.Unmarshal(event.Data, o); err != nil {
@ -225,15 +43,6 @@ func (o *OIDCConfig) setData(event *es_models.Event) error {
return nil
}
func GetClientKey(keys []*ClientKey, id string) (int, *ClientKey) {
for i, k := range keys {
if k.KeyID == id {
return i, k
}
}
return -1, nil
}
type ClientKey struct {
es_models.ObjectRoot `json:"-"`
ApplicationID string `json:"applicationId,omitempty"`
@ -278,17 +87,6 @@ func (key *ClientKey) AppendEvent(event *es_models.Event) (err error) {
return err
}
func ClientKeyFromModel(key *model.ClientKey) *ClientKey {
return &ClientKey{
ObjectRoot: key.ObjectRoot,
ExpirationDate: key.ExpirationDate,
ApplicationID: key.ApplicationID,
ClientID: key.ClientID,
KeyID: key.KeyID,
Type: int32(key.Type),
}
}
func ClientKeysToModel(keys []*ClientKey) []*model.ClientKey {
clientKeys := make([]*model.ClientKey, len(keys))
for i, key := range keys {

198
internal/project/repository/eventsourcing/model/oidc_config_test.go
View File

@ -1,198 +0,0 @@
package model
import (
"encoding/json"
"testing"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
)
func TestOIDCConfigChanges(t *testing.T) {
type args struct {
existingConfig *OIDCConfig
newConfig *OIDCConfig
}
type res struct {
changesLen int
}
tests := []struct {
name string
args args
res res
}{
{
name: "all possible values change",
args: args{
existingConfig: &OIDCConfig{
AppID: "AppID",
RedirectUris: []string{"RedirectUris"},
ResponseTypes: []int32{1},
GrantTypes: []int32{1},
ApplicationType: 1,
AuthMethodType: 1,
PostLogoutRedirectUris: []string{"PostLogoutRedirectUris"},
},
newConfig: &OIDCConfig{
AppID: "AppID",
RedirectUris: []string{"RedirectUrisChanged"},
ResponseTypes: []int32{2},
GrantTypes: []int32{2},
ApplicationType: 2,
AuthMethodType: 2,
PostLogoutRedirectUris: []string{"PostLogoutRedirectUrisChanged"},
},
},
res: res{
changesLen: 7,
},
},
{
name: "no changes",
args: args{
existingConfig: &OIDCConfig{
AppID: "AppID",
RedirectUris: []string{"RedirectUris"},
ResponseTypes: []int32{1},
GrantTypes: []int32{1},
ApplicationType: 1,
AuthMethodType: 1,
PostLogoutRedirectUris: []string{"PostLogoutRedirectUris"},
},
newConfig: &OIDCConfig{
AppID: "AppID",
RedirectUris: []string{"RedirectUris"},
ResponseTypes: []int32{1},
GrantTypes: []int32{1},
ApplicationType: 1,
AuthMethodType: 1,
PostLogoutRedirectUris: []string{"PostLogoutRedirectUris"},
},
},
res: res{
changesLen: 1,
},
},
{
name: "change not changeable attributes",
args: args{
existingConfig: &OIDCConfig{
AppID: "AppID",
ClientID: "ClientID",
},
newConfig: &OIDCConfig{
AppID: "AppIDChange",
ClientID: "ClientIDChange",
},
},
res: res{
changesLen: 1,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
changes := tt.args.existingConfig.Changes(tt.args.newConfig)
if len(changes) != tt.res.changesLen {
t.Errorf("got wrong changes len: expected: %v, actual: %v ", tt.res.changesLen, len(changes))
}
})
}
}
func TestAppendAddOIDCConfigEvent(t *testing.T) {
type args struct {
project *Project
config *OIDCConfig
event *es_models.Event
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append add application event",
args: args{
project: &Project{
Applications: []*Application{
{AppID: "AppID"},
},
},
config: &OIDCConfig{AppID: "AppID", ClientID: "ClientID"},
event: &es_models.Event{},
},
result: &Project{
Applications: []*Application{
{AppID: "AppID", OIDCConfig: &OIDCConfig{AppID: "AppID", ClientID: "ClientID"}},
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.config != nil {
data, _ := json.Marshal(tt.args.config)
tt.args.event.Data = data
}
tt.args.project.appendAddOIDCConfigEvent(tt.args.event)
if len(tt.args.project.Applications) != 1 {
t.Errorf("got wrong result should have one app actual: %v ", len(tt.args.project.Applications))
}
if tt.args.project.Applications[0].OIDCConfig == nil {
t.Errorf("got wrong result should have oidc config actual: %v ", tt.args.project.Applications[0].OIDCConfig)
}
if tt.args.project.Applications[0] == tt.result.Applications[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.Applications[0], tt.args.project.Applications[0])
}
})
}
}
func TestAppendChangeOIDCConfigEvent(t *testing.T) {
type args struct {
project *Project
config *OIDCConfig
event *es_models.Event
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append change application event",
args: args{
project: &Project{
Applications: []*Application{
{AppID: "AppID", OIDCConfig: &OIDCConfig{AppID: "AppID", ClientID: "ClientID"}},
},
},
config: &OIDCConfig{AppID: "AppID", ClientID: "ClientID Changed"},
event: &es_models.Event{},
},
result: &Project{
Applications: []*Application{
{AppID: "AppID", OIDCConfig: &OIDCConfig{AppID: "AppID", ClientID: "ClientID Changed"}},
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.config != nil {
data, _ := json.Marshal(tt.args.config)
tt.args.event.Data = data
}
tt.args.project.appendChangeOIDCConfigEvent(tt.args.event)
if len(tt.args.project.Applications) != 1 {
t.Errorf("got wrong result should have one app actual: %v ", len(tt.args.project.Applications))
}
if tt.args.project.Applications[0].OIDCConfig == nil {
t.Errorf("got wrong result should have oidc config actual: %v ", tt.args.project.Applications[0].OIDCConfig)
}
if tt.args.project.Applications[0] == tt.result.Applications[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.Applications[0], tt.args.project.Applications[0])
}
})
}
}

66
internal/project/repository/eventsourcing/model/project.go
View File

@ -20,27 +20,15 @@ type Project struct {
ProjectRoleCheck bool `json:"projectRoleCheck,omitempty"`
HasProjectCheck bool `json:"hasProjectCheck,omitempty"`
State int32 `json:"-"`
Members []*ProjectMember `json:"-"`
Roles []*ProjectRole `json:"-"`
Applications []*Application `json:"-"`
Grants []*ProjectGrant `json:"-"`
}
func ProjectToModel(project *Project) *model.Project {
members := ProjectMembersToModel(project.Members)
roles := ProjectRolesToModel(project.Roles)
apps := AppsToModel(project.Applications)
grants := GrantsToModel(project.Grants)
return &model.Project{
ObjectRoot: project.ObjectRoot,
Name: project.Name,
ProjectRoleAssertion: project.ProjectRoleAssertion,
ProjectRoleCheck: project.ProjectRoleCheck,
State: model.ProjectState(project.State),
Members: members,
Roles: roles,
Applications: apps,
Grants: grants,
}
}
@ -73,60 +61,6 @@ func (p *Project) AppendEvent(event *es_models.Event) error {
return p.appendReactivatedEvent()
case ProjectRemoved:
return p.appendRemovedEvent()
case ProjectMemberAdded:
return p.appendAddMemberEvent(event)
case ProjectMemberChanged:
return p.appendChangeMemberEvent(event)
case ProjectMemberRemoved:
return p.appendRemoveMemberEvent(event)
case ProjectMemberCascadeRemoved:
return p.appendRemoveMemberEvent(event)
case ProjectRoleAdded:
return p.appendAddRoleEvent(event)
case ProjectRoleChanged:
return p.appendChangeRoleEvent(event)
case ProjectRoleRemoved:
return p.appendRemoveRoleEvent(event)
case ApplicationAdded:
return p.appendAddAppEvent(event)
case ApplicationChanged:
return p.appendChangeAppEvent(event)
case ApplicationRemoved:
return p.appendRemoveAppEvent(event)
case ApplicationDeactivated:
return p.appendAppStateEvent(event, model.AppStateInactive)
case ApplicationReactivated:
return p.appendAppStateEvent(event, model.AppStateActive)
case OIDCConfigAdded:
return p.appendAddOIDCConfigEvent(event)
case OIDCConfigChanged, OIDCConfigSecretChanged:
return p.appendChangeOIDCConfigEvent(event)
case APIConfigAdded:
return p.appendAddAPIConfigEvent(event)
case APIConfigChanged, APIConfigSecretChanged:
return p.appendChangeAPIConfigEvent(event)
case ClientKeyAdded:
return p.appendAddClientKeyEvent(event)
case ClientKeyRemoved:
return p.appendRemoveClientKeyEvent(event)
case ProjectGrantAdded:
return p.appendAddGrantEvent(event)
case ProjectGrantChanged, ProjectGrantCascadeChanged:
return p.appendChangeGrantEvent(event)
case ProjectGrantDeactivated:
return p.appendGrantStateEvent(event, model.ProjectGrantStateInactive)
case ProjectGrantReactivated:
return p.appendGrantStateEvent(event, model.ProjectGrantStateActive)
case ProjectGrantRemoved:
return p.appendRemoveGrantEvent(event)
case ProjectGrantMemberAdded:
return p.appendAddGrantMemberEvent(event)
case ProjectGrantMemberChanged:
return p.appendChangeGrantMemberEvent(event)
case ProjectGrantMemberRemoved:
return p.appendRemoveGrantMemberEvent(event)
case ProjectGrantMemberCascadeRemoved:
return p.appendRemoveGrantMemberEvent(event)
}
return nil
}

107
internal/project/repository/eventsourcing/model/project_grant.go
View File

@ -2,10 +2,11 @@ package model
import (
"encoding/json"
"github.com/caos/logging"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/project/model"
"reflect"
"github.com/caos/logging"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
)
type ProjectGrant struct {
@ -31,15 +32,6 @@ func GetProjectGrant(grants []*ProjectGrant, id string) (int, *ProjectGrant) {
return -1, nil
}
func GetProjectGrantByOrgID(grants []*ProjectGrant, resourceOwner string) (int, *ProjectGrant) {
for i, g := range grants {
if g.GrantedOrgID == resourceOwner {
return i, g
}
}
return -1, nil
}
func (g *ProjectGrant) Changes(changed *ProjectGrant) map[string]interface{} {
changes := make(map[string]interface{}, 1)
changes["grantId"] = g.GrantID
@ -49,97 +41,6 @@ func (g *ProjectGrant) Changes(changed *ProjectGrant) map[string]interface{} {
return changes
}
func GrantsToModel(grants []*ProjectGrant) []*model.ProjectGrant {
convertedGrants := make([]*model.ProjectGrant, len(grants))
for i, g := range grants {
convertedGrants[i] = GrantToModel(g)
}
return convertedGrants
}
func GrantsFromModel(grants []*model.ProjectGrant) []*ProjectGrant {
convertedGrants := make([]*ProjectGrant, len(grants))
for i, g := range grants {
convertedGrants[i] = GrantFromModel(g)
}
return convertedGrants
}
func GrantFromModel(grant *model.ProjectGrant) *ProjectGrant {
members := GrantMembersFromModel(grant.Members)
return &ProjectGrant{
ObjectRoot: grant.ObjectRoot,
GrantID: grant.GrantID,
GrantedOrgID: grant.GrantedOrgID,
State: int32(grant.State),
RoleKeys: grant.RoleKeys,
Members: members,
}
}
func GrantToModel(grant *ProjectGrant) *model.ProjectGrant {
members := GrantMembersToModel(grant.Members)
return &model.ProjectGrant{
ObjectRoot: grant.ObjectRoot,
GrantID: grant.GrantID,
GrantedOrgID: grant.GrantedOrgID,
State: model.ProjectGrantState(grant.State),
RoleKeys: grant.RoleKeys,
Members: members,
}
}
func (p *Project) appendAddGrantEvent(event *es_models.Event) error {
grant := new(ProjectGrant)
err := grant.getData(event)
if err != nil {
return err
}
grant.ObjectRoot.CreationDate = event.CreationDate
p.Grants = append(p.Grants, grant)
return nil
}
func (p *Project) appendChangeGrantEvent(event *es_models.Event) error {
grant := new(ProjectGrant)
err := grant.getData(event)
if err != nil {
return err
}
if i, g := GetProjectGrant(p.Grants, grant.GrantID); g != nil {
p.Grants[i].getData(event)
}
return nil
}
func (p *Project) appendGrantStateEvent(event *es_models.Event, state model.ProjectGrantState) error {
grant := new(ProjectGrant)
err := grant.getData(event)
if err != nil {
return err
}
if i, g := GetProjectGrant(p.Grants, grant.GrantID); g != nil {
g.State = int32(state)
p.Grants[i] = g
}
return nil
}
func (p *Project) appendRemoveGrantEvent(event *es_models.Event) error {
grant := new(ProjectGrant)
err := grant.getData(event)
if err != nil {
return err
}
if i, g := GetProjectGrant(p.Grants, grant.GrantID); g != nil {
p.Grants[i] = p.Grants[len(p.Grants)-1]
p.Grants[len(p.Grants)-1] = nil
p.Grants = p.Grants[:len(p.Grants)-1]
}
return nil
}
func (g *ProjectGrant) getData(event *es_models.Event) error {
g.ObjectRoot.AppendEvent(event)
if err := json.Unmarshal(event.Data, g); err != nil {

91
internal/project/repository/eventsourcing/model/project_grant_member.go
View File

@ -2,9 +2,10 @@ package model
import (
"encoding/json"
"github.com/caos/logging"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/project/model"
)
type ProjectGrantMember struct {
@ -14,94 +15,6 @@ type ProjectGrantMember struct {
Roles []string `json:"roles,omitempty"`
}
func GetProjectGrantMember(members []*ProjectGrantMember, id string) (int, *ProjectGrantMember) {
for i, m := range members {
if m.UserID == id {
return i, m
}
}
return -1, nil
}
func GrantMembersToModel(members []*ProjectGrantMember) []*model.ProjectGrantMember {
convertedMembers := make([]*model.ProjectGrantMember, len(members))
for i, g := range members {
convertedMembers[i] = GrantMemberToModel(g)
}
return convertedMembers
}
func GrantMembersFromModel(members []*model.ProjectGrantMember) []*ProjectGrantMember {
convertedMembers := make([]*ProjectGrantMember, len(members))
for i, g := range members {
convertedMembers[i] = GrantMemberFromModel(g)
}
return convertedMembers
}
func GrantMemberFromModel(member *model.ProjectGrantMember) *ProjectGrantMember {
return &ProjectGrantMember{
ObjectRoot: member.ObjectRoot,
GrantID: member.GrantID,
UserID: member.UserID,
Roles: member.Roles,
}
}
func GrantMemberToModel(member *ProjectGrantMember) *model.ProjectGrantMember {
return &model.ProjectGrantMember{
ObjectRoot: member.ObjectRoot,
GrantID: member.GrantID,
UserID: member.UserID,
Roles: member.Roles,
}
}
func (p *Project) appendAddGrantMemberEvent(event *es_models.Event) error {
member := &ProjectGrantMember{}
err := member.SetData(event)
if err != nil {
return err
}
member.ObjectRoot.CreationDate = event.CreationDate
if _, g := GetProjectGrant(p.Grants, member.GrantID); g != nil {
g.Members = append(g.Members, member)
}
return nil
}
func (p *Project) appendChangeGrantMemberEvent(event *es_models.Event) error {
member := &ProjectGrantMember{}
err := member.SetData(event)
if err != nil {
return err
}
if _, g := GetProjectGrant(p.Grants, member.GrantID); g != nil {
if i, m := GetProjectGrantMember(g.Members, member.UserID); m != nil {
g.Members[i].SetData(event)
}
}
return nil
}
func (p *Project) appendRemoveGrantMemberEvent(event *es_models.Event) error {
member := &ProjectGrantMember{}
err := member.SetData(event)
if err != nil {
return err
}
if _, g := GetProjectGrant(p.Grants, member.GrantID); g != nil {
if i, member := GetProjectGrantMember(g.Members, member.UserID); member != nil {
g.Members[i] = g.Members[len(g.Members)-1]
g.Members[len(g.Members)-1] = nil
g.Members = g.Members[:len(g.Members)-1]
}
}
return nil
}
func (m *ProjectGrantMember) SetData(event *es_models.Event) error {
m.ObjectRoot.AppendEvent(event)
if err := json.Unmarshal(event.Data, m); err != nil {

145
internal/project/repository/eventsourcing/model/project_grant_member_test.go
View File

@ -1,145 +0,0 @@
package model
import (
"encoding/json"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"testing"
)
func TestAppendAddGrantMemberEvent(t *testing.T) {
type args struct {
project *Project
member *ProjectGrantMember
event *es_models.Event
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append add grant member",
args: args{
project: &Project{Grants: []*ProjectGrant{
&ProjectGrant{GrantID: "ProjectGrantID", GrantedOrgID: "OrgID", RoleKeys: []string{"Key"}}}},
member: &ProjectGrantMember{GrantID: "ProjectGrantID", UserID: "UserID", Roles: []string{"Role"}},
event: &es_models.Event{},
},
result: &Project{
Grants: []*ProjectGrant{
&ProjectGrant{
GrantID: "ProjectGrantID",
GrantedOrgID: "OrgID",
RoleKeys: []string{"Key"},
Members: []*ProjectGrantMember{&ProjectGrantMember{GrantID: "ProjectGrantID", UserID: "UserID", Roles: []string{"Role"}}}}},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.member != nil {
data, _ := json.Marshal(tt.args.member)
tt.args.event.Data = data
}
tt.args.project.appendAddGrantMemberEvent(tt.args.event)
if len(tt.args.project.Grants[0].Members) != 1 {
t.Errorf("got wrong result should have one grant actual: %v ", len(tt.args.project.Grants[0].Members))
}
if tt.args.project.Grants[0].Members[0] == tt.result.Grants[0].Members[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.Grants[0].Members[0], tt.args.project.Grants[0].Members[0])
}
})
}
}
func TestAppendChangeGrantMemberEvent(t *testing.T) {
type args struct {
project *Project
member *ProjectGrantMember
event *es_models.Event
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append change grant member",
args: args{
project: &Project{
Grants: []*ProjectGrant{
&ProjectGrant{
GrantID: "ProjectGrantID",
GrantedOrgID: "OrgID",
RoleKeys: []string{"Key"},
Members: []*ProjectGrantMember{&ProjectGrantMember{GrantID: "ProjectGrantID", UserID: "UserID", Roles: []string{"Role"}}}}},
},
member: &ProjectGrantMember{GrantID: "ProjectGrantID", UserID: "UserID", Roles: []string{"RoleChanged"}},
event: &es_models.Event{},
},
result: &Project{
Grants: []*ProjectGrant{
&ProjectGrant{
GrantID: "ProjectGrantID",
GrantedOrgID: "OrgID",
RoleKeys: []string{"Key"},
Members: []*ProjectGrantMember{&ProjectGrantMember{GrantID: "ProjectGrantID", UserID: "UserID", Roles: []string{"RoleChanged"}}}}},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.member != nil {
data, _ := json.Marshal(tt.args.member)
tt.args.event.Data = data
}
tt.args.project.appendChangeGrantMemberEvent(tt.args.event)
if len(tt.args.project.Grants[0].Members) != 1 {
t.Errorf("got wrong result should have one grant actual: %v ", len(tt.args.project.Grants[0].Members))
}
if tt.args.project.Grants[0].Members[0] == tt.result.Grants[0].Members[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.Grants[0].Members[0], tt.args.project.Grants[0].Members[0])
}
})
}
}
func TestAppendRemoveGrantMemberEvent(t *testing.T) {
type args struct {
project *Project
member *ProjectGrantMember
event *es_models.Event
}
tests := []struct {
name string
args args
}{
{
name: "append remove grant member",
args: args{
project: &Project{
Grants: []*ProjectGrant{
&ProjectGrant{
GrantID: "ProjectGrantID",
GrantedOrgID: "OrgID",
RoleKeys: []string{"Key"},
Members: []*ProjectGrantMember{&ProjectGrantMember{GrantID: "ProjectGrantID", UserID: "UserID", Roles: []string{"Role"}}}}},
},
member: &ProjectGrantMember{GrantID: "ProjectGrantID", UserID: "UserID", Roles: []string{"RoleChanged"}},
event: &es_models.Event{},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.member != nil {
data, _ := json.Marshal(tt.args.member)
tt.args.event.Data = data
}
tt.args.project.appendRemoveGrantMemberEvent(tt.args.event)
if len(tt.args.project.Grants[0].Members) != 0 {
t.Errorf("got wrong result should have no members actual: %v ", len(tt.args.project.Grants[0].Members))
}
})
}
}

169
internal/project/repository/eventsourcing/model/project_grant_test.go
View File

@ -1,169 +0,0 @@
package model
import (
"encoding/json"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/project/model"
"testing"
)
func TestAppendAddGrantEvent(t *testing.T) {
type args struct {
project *Project
role *ProjectGrant
event *es_models.Event
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append add grant event",
args: args{
project: &Project{},
role: &ProjectGrant{GrantID: "ProjectGrantID", GrantedOrgID: "OrgID", RoleKeys: []string{"Key"}},
event: &es_models.Event{},
},
result: &Project{Grants: []*ProjectGrant{&ProjectGrant{GrantID: "ProjectGrantID", GrantedOrgID: "OrgID", RoleKeys: []string{"Key"}}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.role != nil {
data, _ := json.Marshal(tt.args.role)
tt.args.event.Data = data
}
tt.args.project.appendAddGrantEvent(tt.args.event)
if len(tt.args.project.Grants) != 1 {
t.Errorf("got wrong result should have one grant actual: %v ", len(tt.args.project.Grants))
}
if tt.args.project.Grants[0] == tt.result.Grants[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.Grants[0], tt.args.project.Grants[0])
}
})
}
}
func TestAppendChangeGrantEvent(t *testing.T) {
type args struct {
project *Project
grant *ProjectGrant
event *es_models.Event
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append change grant event",
args: args{
project: &Project{Grants: []*ProjectGrant{&ProjectGrant{GrantID: "ProjectGrantID", GrantedOrgID: "OrgID", RoleKeys: []string{"Key"}}}},
grant: &ProjectGrant{GrantID: "ProjectGrantID", GrantedOrgID: "OrgID", RoleKeys: []string{"KeyChanged"}},
event: &es_models.Event{},
},
result: &Project{Grants: []*ProjectGrant{&ProjectGrant{GrantID: "ProjectGrantID", GrantedOrgID: "OrgID", RoleKeys: []string{"KeyChanged"}}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.grant != nil {
data, _ := json.Marshal(tt.args.grant)
tt.args.event.Data = data
}
tt.args.project.appendChangeGrantEvent(tt.args.event)
if len(tt.args.project.Grants) != 1 {
t.Errorf("got wrong result should have one grant actual: %v ", len(tt.args.project.Grants))
}
if tt.args.project.Grants[0] == tt.result.Grants[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.Grants[0], tt.args.project.Grants[0])
}
})
}
}
func TestAppendRemoveGrantEvent(t *testing.T) {
type args struct {
project *Project
grant *ProjectGrant
event *es_models.Event
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append remove role event",
args: args{
project: &Project{Grants: []*ProjectGrant{&ProjectGrant{GrantID: "ProjectGrantID", GrantedOrgID: "OrgID", RoleKeys: []string{"Key"}}}},
grant: &ProjectGrant{GrantID: "ProjectGrantID"},
event: &es_models.Event{},
},
result: &Project{Grants: []*ProjectGrant{}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.grant != nil {
data, _ := json.Marshal(tt.args.grant)
tt.args.event.Data = data
}
tt.args.project.appendRemoveGrantEvent(tt.args.event)
if len(tt.args.project.Grants) != 0 {
t.Errorf("got wrong result should have no grant actual: %v ", len(tt.args.project.Grants))
}
})
}
}
func TestAppendGrantStateEvent(t *testing.T) {
type args struct {
project *Project
grant *ProjectGrantID
event *es_models.Event
state model.ProjectGrantState
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append deactivate grant event",
args: args{
project: &Project{Grants: []*ProjectGrant{&ProjectGrant{GrantID: "ProjectGrantID", GrantedOrgID: "OrgID", RoleKeys: []string{"Key"}}}},
grant: &ProjectGrantID{GrantID: "ProjectGrantID"},
event: &es_models.Event{},
state: model.ProjectGrantStateInactive,
},
result: &Project{Grants: []*ProjectGrant{&ProjectGrant{GrantID: "ProjectGrantID", GrantedOrgID: "OrgID", RoleKeys: []string{"Key"}, State: int32(model.ProjectGrantStateInactive)}}},
},
{
name: "append reactivate grant event",
args: args{
project: &Project{Grants: []*ProjectGrant{&ProjectGrant{GrantID: "ProjectGrantID", GrantedOrgID: "OrgID", RoleKeys: []string{"Key"}}}},
grant: &ProjectGrantID{GrantID: "ProjectGrantID"},
event: &es_models.Event{},
state: model.ProjectGrantStateActive,
},
result: &Project{Grants: []*ProjectGrant{&ProjectGrant{GrantID: "ProjectGrantID", GrantedOrgID: "OrgID", RoleKeys: []string{"Key"}, State: int32(model.ProjectGrantStateActive)}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.grant != nil {
data, _ := json.Marshal(tt.args.grant)
tt.args.event.Data = data
}
tt.args.project.appendGrantStateEvent(tt.args.event, tt.args.state)
if len(tt.args.project.Grants) != 1 {
t.Errorf("got wrong result should have one grant actual: %v ", len(tt.args.project.Grants))
}
if tt.args.project.Grants[0] == tt.result.Grants[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.Grants[0], tt.args.project.Grants[0])
}
})
}
}

81
internal/project/repository/eventsourcing/model/project_member.go
View File

@ -2,9 +2,10 @@ package model
import (
"encoding/json"
"github.com/caos/logging"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/project/model"
)
type ProjectMember struct {
@ -13,84 +14,6 @@ type ProjectMember struct {
Roles []string `json:"roles,omitempty"`
}
func GetProjectMember(members []*ProjectMember, id string) (int, *ProjectMember) {
for i, m := range members {
if m.UserID == id {
return i, m
}
}
return -1, nil
}
func ProjectMembersToModel(members []*ProjectMember) []*model.ProjectMember {
convertedMembers := make([]*model.ProjectMember, len(members))
for i, m := range members {
convertedMembers[i] = ProjectMemberToModel(m)
}
return convertedMembers
}
func ProjectMembersFromModel(members []*model.ProjectMember) []*ProjectMember {
convertedMembers := make([]*ProjectMember, len(members))
for i, m := range members {
convertedMembers[i] = ProjectMemberFromModel(m)
}
return convertedMembers
}
func ProjectMemberFromModel(member *model.ProjectMember) *ProjectMember {
return &ProjectMember{
ObjectRoot: member.ObjectRoot,
UserID: member.UserID,
Roles: member.Roles,
}
}
func ProjectMemberToModel(member *ProjectMember) *model.ProjectMember {
return &model.ProjectMember{
ObjectRoot: member.ObjectRoot,
UserID: member.UserID,
Roles: member.Roles,
}
}
func (p *Project) appendAddMemberEvent(event *es_models.Event) error {
member := &ProjectMember{}
err := member.SetData(event)
if err != nil {
return err
}
member.ObjectRoot.CreationDate = event.CreationDate
p.Members = append(p.Members, member)
return nil
}
func (p *Project) appendChangeMemberEvent(event *es_models.Event) error {
member := &ProjectMember{}
err := member.SetData(event)
if err != nil {
return err
}
if i, m := GetProjectMember(p.Members, member.UserID); m != nil {
p.Members[i] = member
}
return nil
}
func (p *Project) appendRemoveMemberEvent(event *es_models.Event) error {
member := &ProjectMember{}
err := member.SetData(event)
if err != nil {
return err
}
if i, m := GetProjectMember(p.Members, member.UserID); m != nil {
p.Members[i] = p.Members[len(p.Members)-1]
p.Members[len(p.Members)-1] = nil
p.Members = p.Members[:len(p.Members)-1]
}
return nil
}
func (m *ProjectMember) SetData(event *es_models.Event) error {
m.ObjectRoot.AppendEvent(event)
if err := json.Unmarshal(event.Data, m); err != nil {

118
internal/project/repository/eventsourcing/model/project_member_test.go
View File

@ -1,118 +0,0 @@
package model
import (
"encoding/json"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"testing"
)
func TestAppendAddMemberEvent(t *testing.T) {
type args struct {
project *Project
member *ProjectMember
event *es_models.Event
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append add member event",
args: args{
project: &Project{},
member: &ProjectMember{UserID: "UserID", Roles: []string{"Role"}},
event: &es_models.Event{},
},
result: &Project{Members: []*ProjectMember{&ProjectMember{UserID: "UserID", Roles: []string{"Role"}}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.member != nil {
data, _ := json.Marshal(tt.args.member)
tt.args.event.Data = data
}
tt.args.project.appendAddMemberEvent(tt.args.event)
if len(tt.args.project.Members) != 1 {
t.Errorf("got wrong result should have one member actual: %v ", len(tt.args.project.Members))
}
if tt.args.project.Members[0] == tt.result.Members[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.Members[0], tt.args.project.Members[0])
}
})
}
}
func TestAppendChangeMemberEvent(t *testing.T) {
type args struct {
project *Project
member *ProjectMember
event *es_models.Event
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append change member event",
args: args{
project: &Project{Members: []*ProjectMember{&ProjectMember{UserID: "UserID", Roles: []string{"Role"}}}},
member: &ProjectMember{UserID: "UserID", Roles: []string{"ChangedRole"}},
event: &es_models.Event{},
},
result: &Project{Members: []*ProjectMember{&ProjectMember{UserID: "UserID", Roles: []string{"ChangedRole"}}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.member != nil {
data, _ := json.Marshal(tt.args.member)
tt.args.event.Data = data
}
tt.args.project.appendChangeMemberEvent(tt.args.event)
if len(tt.args.project.Members) != 1 {
t.Errorf("got wrong result should have one member actual: %v ", len(tt.args.project.Members))
}
if tt.args.project.Members[0] == tt.result.Members[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.Members[0], tt.args.project.Members[0])
}
})
}
}
func TestAppendRemoveMemberEvent(t *testing.T) {
type args struct {
project *Project
member *ProjectMember
event *es_models.Event
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append remove member event",
args: args{
project: &Project{Members: []*ProjectMember{&ProjectMember{UserID: "UserID", Roles: []string{"Role"}}}},
member: &ProjectMember{UserID: "UserID"},
event: &es_models.Event{},
},
result: &Project{Members: []*ProjectMember{}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.member != nil {
data, _ := json.Marshal(tt.args.member)
tt.args.event.Data = data
}
tt.args.project.appendRemoveMemberEvent(tt.args.event)
if len(tt.args.project.Members) != 0 {
t.Errorf("got wrong result should have no member actual: %v ", len(tt.args.project.Members))
}
})
}
}

37
internal/project/repository/eventsourcing/model/project_role.go
View File

@ -57,43 +57,6 @@ func ProjectRoleToModel(role *ProjectRole) *model.ProjectRole {
}
}
func (p *Project) appendAddRoleEvent(event *es_models.Event) error {
role := new(ProjectRole)
err := role.setData(event)
if err != nil {
return err
}
role.ObjectRoot.CreationDate = event.CreationDate
p.Roles = append(p.Roles, role)
return nil
}
func (p *Project) appendChangeRoleEvent(event *es_models.Event) error {
role := new(ProjectRole)
err := role.setData(event)
if err != nil {
return err
}
if i, r := GetProjectRole(p.Roles, role.Key); r != nil {
p.Roles[i] = role
}
return nil
}
func (p *Project) appendRemoveRoleEvent(event *es_models.Event) error {
role := new(ProjectRole)
err := role.setData(event)
if err != nil {
return err
}
if i, r := GetProjectRole(p.Roles, role.Key); r != nil {
p.Roles[i] = p.Roles[len(p.Roles)-1]
p.Roles[len(p.Roles)-1] = nil
p.Roles = p.Roles[:len(p.Roles)-1]
}
return nil
}
func (r *ProjectRole) setData(event *es_models.Event) error {
r.ObjectRoot.AppendEvent(event)
if err := json.Unmarshal(event.Data, r); err != nil {

150
internal/project/repository/eventsourcing/project.go
View File

@ -1,150 +0,0 @@
package eventsourcing
import (
"context"
"github.com/caos/zitadel/internal/crypto"
"github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
es_sdk "github.com/caos/zitadel/internal/eventstore/v1/sdk"
"github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
)
func ProjectAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, project *model.Project) (*es_models.Aggregate, error) {
if project == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-doe93", "Errors.Internal")
}
return aggCreator.NewAggregate(ctx, project.AggregateID, model.ProjectAggregate, model.ProjectVersion, project.Sequence)
}
func ApplicationAddedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, app *model.Application) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if app == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-09du7", "Errors.Internal")
}
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
agg.AppendEvent(model.ApplicationAdded, app)
if app.OIDCConfig != nil {
agg.AppendEvent(model.OIDCConfigAdded, app.OIDCConfig)
}
if app.APIConfig != nil {
agg.AppendEvent(model.APIConfigAdded, app.APIConfig)
}
return agg, nil
}
}
func APIConfigChangedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, config *model.APIConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if config == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-slf32", "Errors.Internal")
}
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
var changes map[string]interface{}
for _, a := range existingProject.Applications {
if a.AppID == config.AppID {
if a.APIConfig != nil {
changes = a.APIConfig.Changes(config)
}
}
}
agg.AppendEvent(model.APIConfigChanged, changes)
return agg, nil
}
}
func OIDCConfigSecretChangedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, appID string, secret *crypto.CryptoValue) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
changes := make(map[string]interface{}, 2)
changes["appId"] = appID
changes["clientSecret"] = secret
agg.AppendEvent(model.OIDCConfigSecretChanged, changes)
return agg, nil
}
}
func APIConfigSecretChangedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, appID string, secret *crypto.CryptoValue) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
changes := make(map[string]interface{}, 2)
changes["appId"] = appID
changes["clientSecret"] = secret
agg.AppendEvent(model.APIConfigSecretChanged, changes)
return agg, nil
}
}
func OIDCClientSecretCheckSucceededAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, appID string) es_sdk.AggregateFunc {
return func(ctx context.Context) (*es_models.Aggregate, error) {
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
changes := make(map[string]interface{}, 1)
changes["appId"] = appID
agg.AppendEvent(model.OIDCClientSecretCheckSucceeded, changes)
return agg, nil
}
}
func OIDCClientSecretCheckFailedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, appID string) es_sdk.AggregateFunc {
return func(ctx context.Context) (*es_models.Aggregate, error) {
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
changes := make(map[string]interface{}, 1)
changes["appId"] = appID
agg.AppendEvent(model.OIDCClientSecretCheckFailed, changes)
return agg, nil
}
}
func OIDCApplicationKeyAddedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, key *model.ClientKey) es_sdk.AggregateFunc {
return func(ctx context.Context) (*es_models.Aggregate, error) {
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
agg.AppendEvent(model.ClientKeyAdded, key)
return agg, nil
}
}
func OIDCApplicationKeyRemovedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, keyID string) es_sdk.AggregateFunc {
return func(ctx context.Context) (*es_models.Aggregate, error) {
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
changes := make(map[string]interface{}, 1)
changes["keyId"] = keyID
agg.AppendEvent(model.ClientKeyRemoved, changes)
return agg, nil
}
}

11
internal/project/repository/view/model/application.go
View File

@ -8,6 +8,7 @@ import (
"github.com/lib/pq"
http_util "github.com/caos/zitadel/internal/api/http"
"github.com/caos/zitadel/internal/domain"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/project/model"
@ -29,9 +30,11 @@ type ApplicationView struct {
CreationDate time.Time `json:"-" gorm:"column:creation_date"`
ChangeDate time.Time `json:"-" gorm:"column:change_date"`
State int32 `json:"-" gorm:"column:app_state"`
ResourceOwner string `json:"-" gorm:"column:resource_owner"`
ProjectRoleAssertion bool `json:"projectRoleAssertion" gorm:"column:project_role_assertion"`
ProjectRoleCheck bool `json:"projectRoleCheck" gorm:"column:project_role_check"`
HasProjectCheck bool `json:"hasProjectCheck" gorm:"column:has_project_check"`
PrivateLabelingSetting domain.PrivateLabelingSetting `json:"privateLabelingSetting" gorm:"column:private_labeling_setting"`
IsOIDC bool `json:"-" gorm:"column:is_oidc"`
OIDCVersion int32 `json:"oidcVersion" gorm:"column:oidc_version"`
@ -65,8 +68,11 @@ func ApplicationViewToModel(app *ApplicationView) *model.ApplicationView {
Sequence: app.Sequence,
CreationDate: app.CreationDate,
ChangeDate: app.ChangeDate,
ResourceOwner: app.ResourceOwner,
ProjectRoleAssertion: app.ProjectRoleAssertion,
ProjectRoleCheck: app.ProjectRoleCheck,
HasProjectCheck: app.HasProjectCheck,
PrivateLabelingSetting: app.PrivateLabelingSetting,
IsOIDC: app.IsOIDC,
OIDCVersion: model.OIDCVersion(app.OIDCVersion),
@ -158,6 +164,7 @@ func (a *ApplicationView) AppendEvent(event *models.Event) (err error) {
case es_model.ApplicationAdded:
a.setRootData(event)
a.CreationDate = event.CreationDate
a.ResourceOwner = event.ResourceOwner
err = a.SetData(event)
case es_model.OIDCConfigAdded:
a.IsOIDC = true
@ -236,6 +243,7 @@ func (a *ApplicationView) setProjectChanges(event *models.Event) error {
ProjectRoleAssertion *bool `json:"projectRoleAssertion,omitempty"`
ProjectRoleCheck *bool `json:"projectRoleCheck,omitempty"`
HasProjectCheck *bool `json:"hasProjectCheck,omitempty"`
PrivateLabelingSetting *domain.PrivateLabelingSetting `json:"privateLabelingSetting,omitempty"`
}{}
if err := json.Unmarshal(event.Data, &changes); err != nil {
logging.Log("EVEN-DFbfg").WithError(err).Error("could not unmarshal event data")
@ -250,5 +258,8 @@ func (a *ApplicationView) setProjectChanges(event *models.Event) error {
if changes.HasProjectCheck != nil {
a.HasProjectCheck = *changes.HasProjectCheck
}
if changes.PrivateLabelingSetting != nil {
a.PrivateLabelingSetting = *changes.PrivateLabelingSetting
}
return nil
}

3
internal/project/repository/view/model/project.go
View File

@ -6,6 +6,7 @@ import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/domain"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/project/model"
@ -28,6 +29,7 @@ type ProjectView struct {
ProjectRoleAssertion bool `json:"projectRoleAssertion" gorm:"column:project_role_assertion"`
ProjectRoleCheck bool `json:"projectRoleCheck" gorm:"column:project_role_check"`
HasProjectCheck bool `json:"hasProjectCheck" gorm:"column:has_project_check"`
PrivateLabelingSetting domain.PrivateLabelingSetting `json:"privateLabelingSetting" gorm:"column:private_labeling_setting"`
Sequence uint64 `json:"-" gorm:"column:sequence"`
}
@ -42,6 +44,7 @@ func ProjectToModel(project *ProjectView) *model.ProjectView {
ProjectRoleAssertion: project.ProjectRoleAssertion,
ProjectRoleCheck: project.ProjectRoleCheck,
HasProjectCheck: project.HasProjectCheck,
PrivateLabelingSetting: project.PrivateLabelingSetting,
Sequence: project.Sequence,
}
}

12
internal/repository/project/project.go
View File

@ -3,6 +3,8 @@ package project
import (
"context"
"encoding/json"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/errors"
@ -39,6 +41,7 @@ type ProjectAddedEvent struct {
ProjectRoleAssertion bool `json:"projectRoleAssertion,omitempty"`
ProjectRoleCheck bool `json:"projectRoleCheck,omitempty"`
HasProjectCheck bool `json:"hasProjectCheck,omitempty"`
PrivateLabelingSetting domain.PrivateLabelingSetting `json:"privateLabelingSetting,omitempty"`
}
func (e *ProjectAddedEvent) Data() interface{} {
@ -56,6 +59,7 @@ func NewProjectAddedEvent(
projectRoleAssertion,
projectRoleCheck,
hasProjectCheck bool,
privateLabelingSetting domain.PrivateLabelingSetting,
) *ProjectAddedEvent {
return &ProjectAddedEvent{
BaseEvent: *eventstore.NewBaseEventForPush(
@ -67,6 +71,7 @@ func NewProjectAddedEvent(
ProjectRoleAssertion: projectRoleAssertion,
ProjectRoleCheck: projectRoleCheck,
HasProjectCheck: hasProjectCheck,
PrivateLabelingSetting: privateLabelingSetting,
}
}
@ -90,6 +95,7 @@ type ProjectChangeEvent struct {
ProjectRoleAssertion *bool `json:"projectRoleAssertion,omitempty"`
ProjectRoleCheck *bool `json:"projectRoleCheck,omitempty"`
HasProjectCheck *bool `json:"hasProjectCheck,omitempty"`
PrivateLabelingSetting *domain.PrivateLabelingSetting `json:"privateLabelingSetting,omitempty"`
oldName string
}
@ -156,6 +162,12 @@ func ChangeHasProjectCheck(ChangeHasProjectCheck bool) func(event *ProjectChange
}
}
func ChangePrivateLabelingSetting(ChangePrivateLabelingSetting domain.PrivateLabelingSetting) func(event *ProjectChangeEvent) {
return func(e *ProjectChangeEvent) {
e.PrivateLabelingSetting = &ChangePrivateLabelingSetting
}
}
func ProjectChangeEventMapper(event *repository.Event) (eventstore.EventReader, error) {
e := &ProjectChangeEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),

15
internal/ui/login/handler/renderer.go
View File

@ -329,6 +329,7 @@ func (l *Login) getBaseData(r *http.Request, authReq *domain.AuthRequest, title
Theme: l.getTheme(r),
ThemeMode: l.getThemeMode(r),
DarkMode: l.isDarkMode(r),
PrivateLabelingOrgID: l.getPrivateLabelingID(authReq),
OrgID: l.getOrgID(authReq),
OrgName: l.getOrgName(authReq),
PrimaryDomain: l.getOrgPrimaryDomain(authReq),
@ -423,6 +424,19 @@ func (l *Login) getOrgID(authReq *domain.AuthRequest) string {
return authReq.UserOrgID
}
func (l *Login) getPrivateLabelingID(authReq *domain.AuthRequest) string {
privateLabelingOrgID := domain.IAMID
if authReq.PrivateLabelingSetting != domain.PrivateLabelingSettingUnspecified {
privateLabelingOrgID = authReq.ApplicationResourceOwner
}
if authReq.PrivateLabelingSetting == domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy || authReq.PrivateLabelingSetting == domain.PrivateLabelingSettingUnspecified {
if authReq.UserOrgID != "" {
privateLabelingOrgID = authReq.UserOrgID
}
}
return privateLabelingOrgID
}
func (l *Login) getOrgName(authReq *domain.AuthRequest) string {
if authReq == nil {
return ""
@ -485,6 +499,7 @@ type baseData struct {
Theme string
ThemeMode string
DarkMode bool
PrivateLabelingOrgID string
OrgID string
OrgName string
PrimaryDomain string

2
internal/ui/login/static/templates/main.html
View File

@ -10,7 +10,7 @@
<link rel="stylesheet" href="{{ resourceThemeUrl "css/zitadel.css" .Theme }}" type="text/css">
<link rel="icon" type="image/x-icon" href="{{ resourceThemeUrl "favicon.ico" .Theme }}">
{{ if hasCustomPolicy .LabelPolicy }}
<link rel="stylesheet" href="{{ variablesCssFileUrl .OrgID .LabelPolicy}}" type="text/css">
<link rel="stylesheet" href="{{ variablesCssFileUrl .PrivateLabelingOrgID .LabelPolicy}}" type="text/css">
{{ end}}
<link rel="stylesheet" href="{{ resourceThemeUrl "../../fonts/lgn-icons/css/lgn-icon-font.css" .Theme }}">

5
migrations/cockroach/V1.67__project_private_labeling.sql Normal file
View File

@ -0,0 +1,5 @@
ALTER TABLE management.projects ADD COLUMN private_labeling_setting SMALLINT;
ALTER TABLE authz.applications ADD COLUMN private_labeling_setting SMALLINT;
ALTER TABLE auth.applications ADD COLUMN private_labeling_setting SMALLINT;
ALTER TABLE management.applications ADD COLUMN private_labeling_setting SMALLINT;

2
proto/zitadel/management.proto
View File

@ -3453,6 +3453,7 @@ message AddProjectRequest {
bool project_role_assertion = 2;
bool project_role_check = 3;
bool has_project_check = 4;
zitadel.project.v1.PrivateLabelingSetting private_labeling_setting = 5 [(validate.rules).enum = {defined_only: true}];
}
message AddProjectResponse {
@ -3466,6 +3467,7 @@ message UpdateProjectRequest {
bool project_role_assertion = 3;
bool project_role_check = 4;
bool has_project_check = 5;
zitadel.project.v1.PrivateLabelingSetting private_labeling_setting = 6 [(validate.rules).enum = {defined_only: true}];
}
message UpdateProjectResponse {

8
proto/zitadel/project.proto
View File

@ -31,6 +31,8 @@ message Project {
bool project_role_check = 6;
// ZITADEL checks if the org of the user has permission to this project
bool has_project_check = 7;
// Defines from where the private labeling should be triggered
PrivateLabelingSetting private_labeling_setting = 8;
}
message GrantedProject {
@ -90,6 +92,12 @@ enum ProjectState {
PROJECT_STATE_INACTIVE = 2;
}
enum PrivateLabelingSetting {
PRIVATE_LABELING_SETTING_UNSPECIFIED = 0;
PRIVATE_LABELING_SETTING_ENFORCE_PROJECT_RESOURCE_OWNER_POLICY = 1;
PRIVATE_LABELING_SETTING_ALLOW_LOGIN_USER_RESOURCE_OWNER_POLICY = 2;
}
enum ProjectGrantState {
PROJECT_GRANT_STATE_UNSPECIFIED = 0;
PROJECT_GRANT_STATE_ACTIVE = 1;