feat: multiple domains (#188)

* check uniqueness on create and register user

* change user email, reserve release unique email

* usergrant unique aggregate

* usergrant uniqueness

* validate UserGrant

* fix tests

* domain is set on username in all orgs

* domain in admin

* org domain sql

* zitadel domain org name

* org domains

* org iam policy

* default org iam policy

* SETUP

* load login names

* login by login name

* login name

* fix: merge master

* fix: merge master

* Update internal/user/repository/eventsourcing/user.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix: fix unique domains

* fix: rename env variable

Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>

internal/admin/repository/eventsourcing/eventstore/org.go

@@ -2,6 +2,7 @@ package eventstore
 
 import (
 	"context"
+	"github.com/caos/zitadel/internal/org/repository/view/model"
 
 	admin_model "github.com/caos/zitadel/internal/admin/model"
 	admin_view "github.com/caos/zitadel/internal/admin/repository/eventsourcing/view"
@@ -9,7 +10,6 @@ import (
 	"github.com/caos/zitadel/internal/eventstore/sdk"
 	org_model "github.com/caos/zitadel/internal/org/model"
 	org_es "github.com/caos/zitadel/internal/org/repository/eventsourcing"
-	org_view "github.com/caos/zitadel/internal/org/repository/view"
 	policy_es "github.com/caos/zitadel/internal/policy/repository/eventsourcing"
 	usr_es "github.com/caos/zitadel/internal/user/repository/eventsourcing"
 )
@@ -31,7 +31,11 @@ type OrgRepo struct {
 }
 
 func (repo *OrgRepo) SetUpOrg(ctx context.Context, setUp *admin_model.SetupOrg) (*admin_model.SetupOrg, error) {
-	policy, err := repo.PolicyEventstore.GetPasswordComplexityPolicy(ctx, DEFAULT_POLICY)
+	pwPolicy, err := repo.PolicyEventstore.GetPasswordComplexityPolicy(ctx, DEFAULT_POLICY)
+	if err != nil {
+		return nil, err
+	}
+	orgPolicy, err := repo.OrgEventstore.GetOrgIamPolicy(ctx, DEFAULT_POLICY)
 	if err != nil {
 		return nil, err
 	}
@@ -39,8 +43,7 @@ func (repo *OrgRepo) SetUpOrg(ctx context.Context, setUp *admin_model.SetupOrg)
 	if err != nil {
 		return nil, err
 	}
-
-	user, userAggregates, err := repo.UserEventstore.PrepareCreateUser(ctx, setUp.User, policy, org.AggregateID)
+	user, userAggregates, err := repo.UserEventstore.PrepareCreateUser(ctx, setUp.User, pwPolicy, orgPolicy, org.AggregateID)
 	if err != nil {
 		return nil, err
 	}
@@ -77,10 +80,26 @@ func (repo *OrgRepo) SearchOrgs(ctx context.Context, query *org_model.OrgSearchR
 		Offset:      query.Offset,
 		Limit:       query.Limit,
 		TotalResult: uint64(count),
-		Result:      org_view.OrgsToModel(orgs),
+		Result:      model.OrgsToModel(orgs),
 	}, nil
 }
 
 func (repo *OrgRepo) IsOrgUnique(ctx context.Context, name, domain string) (isUnique bool, err error) {
 	return repo.OrgEventstore.IsOrgUnique(ctx, name, domain)
 }
+
+func (repo *OrgRepo) GetOrgIamPolicyByID(ctx context.Context, id string) (*org_model.OrgIamPolicy, error) {
+	return repo.OrgEventstore.GetOrgIamPolicy(ctx, id)
+}
+
+func (repo *OrgRepo) CreateOrgIamPolicy(ctx context.Context, policy *org_model.OrgIamPolicy) (*org_model.OrgIamPolicy, error) {
+	return repo.OrgEventstore.AddOrgIamPolicy(ctx, policy)
+}
+
+func (repo *OrgRepo) ChangeOrgIamPolicy(ctx context.Context, policy *org_model.OrgIamPolicy) (*org_model.OrgIamPolicy, error) {
+	return repo.OrgEventstore.ChangeOrgIamPolicy(ctx, policy)
+}
+
+func (repo *OrgRepo) RemoveOrgIamPolicy(ctx context.Context, id string) error {
+	return repo.OrgEventstore.RemoveOrgIamPolicy(ctx, id)
+}

internal/admin/repository/eventsourcing/eventstore/user.go

@@ -3,6 +3,7 @@ package eventstore
 import (
 	"context"
 	"github.com/caos/zitadel/internal/api/auth"
+	org_event "github.com/caos/zitadel/internal/org/repository/eventsourcing"
 	policy_event "github.com/caos/zitadel/internal/policy/repository/eventsourcing"
 	usr_model "github.com/caos/zitadel/internal/user/model"
 	usr_event "github.com/caos/zitadel/internal/user/repository/eventsourcing"
@@ -11,6 +12,7 @@ import (
 type UserRepo struct {
 	UserEvents   *usr_event.UserEventstore
 	PolicyEvents *policy_event.PolicyEventstore
+	OrgEvents    *org_event.OrgEventstore
 }
 
 func (repo *UserRepo) UserByID(ctx context.Context, id string) (project *usr_model.User, err error) {
@@ -18,11 +20,15 @@ func (repo *UserRepo) UserByID(ctx context.Context, id string) (project *usr_mod
 }
 
 func (repo *UserRepo) CreateUser(ctx context.Context, user *usr_model.User) (*usr_model.User, error) {
-	policy, err := repo.PolicyEvents.GetPasswordComplexityPolicy(ctx, auth.GetCtxData(ctx).OrgID)
+	pwPolicy, err := repo.PolicyEvents.GetPasswordComplexityPolicy(ctx, auth.GetCtxData(ctx).OrgID)
 	if err != nil {
 		return nil, err
 	}
-	return repo.UserEvents.CreateUser(ctx, user, policy)
+	orgPolicy, err := repo.OrgEvents.GetOrgIamPolicy(ctx, auth.GetCtxData(ctx).OrgID)
+	if err != nil {
+		return nil, err
+	}
+	return repo.UserEvents.CreateUser(ctx, user, pwPolicy, orgPolicy)
 }
 
 func (repo *UserRepo) RegisterUser(ctx context.Context, user *usr_model.User, resourceOwner string) (*usr_model.User, error) {
@@ -30,9 +36,13 @@ func (repo *UserRepo) RegisterUser(ctx context.Context, user *usr_model.User, re
 	if resourceOwner != "" {
 		policyResourceOwner = resourceOwner
 	}
-	policy, err := repo.PolicyEvents.GetPasswordComplexityPolicy(ctx, policyResourceOwner)
+	pwPolicy, err := repo.PolicyEvents.GetPasswordComplexityPolicy(ctx, policyResourceOwner)
 	if err != nil {
 		return nil, err
 	}
-	return repo.UserEvents.RegisterUser(ctx, user, policy, resourceOwner)
+	orgPolicy, err := repo.OrgEvents.GetOrgIamPolicy(ctx, policyResourceOwner)
+	if err != nil {
+		return nil, err
+	}
+	return repo.UserEvents.RegisterUser(ctx, user, pwPolicy, orgPolicy, resourceOwner)
 }