fix: check membership from projection (#3710)

* fix: check membership from projection

* remove authz setup

cmd/admin/setup/01.go

@@ -11,8 +11,6 @@ var (
 	createAdminViews string
 	//go:embed 01_sql/auth.sql
 	createAuthViews string
-	//go:embed 01_sql/authz.sql
-	createAuthzViews string
 	//go:embed 01_sql/notification.sql
 	createNotificationViews string
 	//go:embed 01_sql/projections.sql
@@ -24,7 +22,7 @@ type ProjectionTable struct {
 }
 
 func (mig *ProjectionTable) Execute(ctx context.Context) error {
-	stmt := createAdminViews + createAuthViews + createAuthzViews + createNotificationViews + createProjections
+	stmt := createAdminViews + createAuthViews + createNotificationViews + createProjections
 	_, err := mig.dbClient.ExecContext(ctx, stmt)
 	return err
 }

cmd/admin/setup/01_sql/authz.sql

@@ -1,47 +0,0 @@
-CREATE SCHEMA authz;
-
-CREATE TABLE authz.locks (
-    locker_id TEXT,
-    locked_until TIMESTAMPTZ(3),
-    view_name TEXT,
-    instance_id TEXT NOT NULL,
-
-    PRIMARY KEY (view_name, instance_id)
-);
-
-CREATE TABLE authz.current_sequences (
-    view_name TEXT,
-    current_sequence BIGINT,
-    event_timestamp TIMESTAMPTZ,
-    last_successful_spooler_run TIMESTAMPTZ,
-    instance_id TEXT NOT NULL,
-
-    PRIMARY KEY (view_name, instance_id)
-);
-
-CREATE TABLE authz.failed_events (
-    view_name TEXT,
-    failed_sequence BIGINT,
-    failure_count SMALLINT,
-    err_msg TEXT,
-    instance_id TEXT NOT NULL,
-
-    PRIMARY KEY (view_name, failed_sequence, instance_id)
-);
-
-CREATE TABLE authz.user_memberships (
-    user_id STRING NOT NULL,
-    member_type INT2 NOT NULL,
-    aggregate_id STRING NOT NULL,
-    object_id STRING NOT NULL,
-    roles STRING[] NULL,
-    display_name STRING NULL,
-    resource_owner STRING NULL,
-    resource_owner_name STRING NULL,
-    creation_date TIMESTAMPTZ NULL,
-    change_date TIMESTAMPTZ NULL,
-    sequence INT8 NULL,
-    instance_id STRING NULL,
-
-    PRIMARY KEY (user_id, member_type, aggregate_id, object_id)
-);

cmd/admin/start/config.go

@@ -14,7 +14,6 @@ import (
 	"github.com/zitadel/zitadel/internal/api/ui/console"
 	"github.com/zitadel/zitadel/internal/api/ui/login"
 	auth_es "github.com/zitadel/zitadel/internal/auth/repository/eventsourcing"
-	"github.com/zitadel/zitadel/internal/authz"
 	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/config/hook"
 	"github.com/zitadel/zitadel/internal/config/systemdefaults"
@@ -38,7 +37,6 @@ type Config struct {
 	Database          database.Config
 	Tracing           tracing.Config
 	Projections       projection.Config
-	AuthZ             authz.Config
 	Auth              auth_es.Config
 	Admin             admin_es.Config
 	UserAgentCookie   *middleware.UserAgentCookieConfig

cmd/admin/start/start.go

@@ -98,7 +98,7 @@ func startZitadel(config *Config, masterKey string) error {
 		return fmt.Errorf("cannot start queries: %w", err)
 	}
 
-	authZRepo, err := authz.Start(config.AuthZ, config.SystemDefaults, queries, dbClient, keys.OIDC)
+	authZRepo, err := authz.Start(queries, dbClient, keys.OIDC)
 	if err != nil {
 		return fmt.Errorf("error starting authz repo: %w", err)
 	}

cmd/defaults.yaml

@@ -81,13 +81,6 @@ Projections:
     projects:
       BulkLimit: 2000
 
-AuthZ:
-  Repository:
-    Spooler:
-      ConcurrentWorkers: 1
-      BulkLimit: 10000
-      FailureCountUntilSkip: 5
-
 Auth:
   SearchLimit: 1000
   Spooler: