Merge branch 'main' into syste-users-permissions

cmd/setup/51.go

@@ -0,0 +1,27 @@
+package setup
+
+import (
+	"context"
+	_ "embed"
+
+	"github.com/zitadel/zitadel/internal/database"
+	"github.com/zitadel/zitadel/internal/eventstore"
+)
+
+var (
+	//go:embed 51.sql
+	addRootCA string
+)
+
+type IDPTemplate6RootCA struct {
+	dbClient *database.DB
+}
+
+func (mig *IDPTemplate6RootCA) Execute(ctx context.Context, _ eventstore.Event) error {
+	_, err := mig.dbClient.ExecContext(ctx, addRootCA)
+	return err
+}
+
+func (mig *IDPTemplate6RootCA) String() string {
+	return "51_idp_templates6_add_root_ca"
+}

cmd/setup/51.sql

@@ -0,0 +1 @@
+ALTER TABLE IF EXISTS projections.idp_templates6_ldap2 ADD COLUMN IF NOT EXISTS root_ca BYTEA;

cmd/setup/config.go

@@ -139,6 +139,7 @@ type Steps struct {
 	s48Apps7SAMLConfigsLoginVersion         *Apps7SAMLConfigsLoginVersion
 	s49InitPermittedOrgsFunction            *InitPermittedOrgsFunction
 	s50IDPTemplate6UsePKCE                  *IDPTemplate6UsePKCE
+	s51IDPTemplate6RootCA                   *IDPTemplate6RootCA
 	s52InitPermittedOrgsFunction            *InitPermittedOrgsFunction52
 }
 

cmd/setup/setup.go

@@ -177,6 +177,7 @@ func Setup(ctx context.Context, config *Config, steps *Steps, masterKey string)
 	steps.s48Apps7SAMLConfigsLoginVersion = &Apps7SAMLConfigsLoginVersion{dbClient: dbClient}
 	steps.s49InitPermittedOrgsFunction = &InitPermittedOrgsFunction{eventstoreClient: dbClient}
 	steps.s50IDPTemplate6UsePKCE = &IDPTemplate6UsePKCE{dbClient: dbClient}
+	steps.s51IDPTemplate6RootCA = &IDPTemplate6RootCA{dbClient: dbClient}
 	steps.s52InitPermittedOrgsFunction = &InitPermittedOrgsFunction52{eventstoreClient: dbClient}
 
 	err = projection.Create(ctx, dbClient, eventstoreClient, config.Projections, nil, nil, nil)
@@ -217,6 +218,7 @@ func Setup(ctx context.Context, config *Config, steps *Steps, masterKey string)
 		steps.s47FillMembershipFields,
 		steps.s49InitPermittedOrgsFunction,
 		steps.s50IDPTemplate6UsePKCE,
+		steps.s51IDPTemplate6RootCA,
 		steps.s52InitPermittedOrgsFunction,
 	} {
 		mustExecuteMigration(ctx, eventstoreClient, step, "migration failed")
@@ -469,10 +471,14 @@ func startCommandsQueries(
 		config.DefaultInstance.SecretGenerators,
 	)
 	logging.OnError(err).Fatal("unable to start commands")
+
+	if !config.Notifications.LegacyEnabled && dbClient.Type() == "cockroach" {
+		logging.Fatal("notifications must be set to LegacyEnabled=true when using CockroachDB")
+	}
 	q, err := queue.NewQueue(&queue.Config{
 		Client: dbClient,
 	})
-	logging.OnError(err).Fatal("unable to start queue")
+	logging.OnError(err).Fatal("unable to init queue")
 
 	notify_handler.Register(
 		ctx,

cmd/start/start.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto/tls"
 	_ "embed"
+	"errors"
 	"fmt"
 	"math"
 	"net/http"
@@ -268,6 +269,9 @@ func startZitadel(ctx context.Context, config *Config, masterKey string, server
 	actionsLogstoreSvc := logstore.New(queries, actionsExecutionDBEmitter, actionsExecutionStdoutEmitter)
 	actions.SetLogstoreService(actionsLogstoreSvc)
 
+	if !config.Notifications.LegacyEnabled && dbClient.Type() == "cockroach" {
+		return errors.New("notifications must be set to LegacyEnabled=true when using CockroachDB")
+	}
 	q, err := queue.NewQueue(&queue.Config{
 		Client: dbClient,
 	})