mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-11 21:17:32 +00:00
feat: project v2beta resource API (#9742)
# Which Problems Are Solved Resource management of projects and sub-resources was before limited by the context provided by the management API, which would mean you could only manage resources belonging to a specific organization. # How the Problems Are Solved With the addition of a resource-based API, it is now possible to manage projects and sub-resources on the basis of the resources themselves, which means that as long as you have the permission for the resource, you can create, read, update and delete it. - CreateProject to create a project under an organization - UpdateProject to update an existing project - DeleteProject to delete an existing project - DeactivateProject and ActivateProject to change the status of a project - GetProject to query for a specific project with an identifier - ListProject to query for projects and granted projects - CreateProjectGrant to create a project grant with project and granted organization - UpdateProjectGrant to update the roles of a project grant - DeactivateProjectGrant and ActivateProjectGrant to change the status of a project grant - DeleteProjectGrant to delete an existing project grant - ListProjectGrants to query for project grants - AddProjectRole to add a role to an existing project - UpdateProjectRole to change texts of an existing role - RemoveProjectRole to remove an existing role - ListProjectRoles to query for project roles # Additional Changes - Changes to ListProjects, which now contains granted projects as well - Changes to messages as defined in the [API_DESIGN](https://github.com/zitadel/zitadel/blob/main/API_DESIGN.md) - Permission checks for project functionality on query and command side - Added testing to unit tests on command side - Change update endpoints to no error returns if nothing changes in the resource - Changed all integration test utility to the new service - ListProjects now also correctly lists `granted projects` - Permission checks for project grant and project role functionality on query and command side - Change existing pre checks so that they also work resource specific without resourceowner - Added the resourceowner to the grant and role if no resourceowner is provided - Corrected import tests with project grants and roles - Added testing to unit tests on command side - Change update endpoints to no error returns if nothing changes in the resource - Changed all integration test utility to the new service - Corrected some naming in the proto files to adhere to the API_DESIGN # Additional Context Closes #9177 --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
This commit is contained in:
Stefan Benz
@@ -24,8 +24,7 @@ import (
|
||||
)
|
||||
|
||||
func TestServer_GetAuthRequest(t *testing.T) {
|
||||
project, err := Instance.CreateProject(CTX)
|
||||
require.NoError(t, err)
|
||||
project := Instance.CreateProject(CTX, t, "", gofakeit.AppName(), false, false)
|
||||
client, err := Instance.CreateOIDCNativeClient(CTX, redirectURI, logoutRedirectURI, project.GetId(), false)
|
||||
require.NoError(t, err)
|
||||
|
||||
@@ -98,8 +97,7 @@ func TestServer_GetAuthRequest(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestServer_CreateCallback(t *testing.T) {
|
||||
project, err := Instance.CreateProject(CTX)
|
||||
require.NoError(t, err)
|
||||
project := Instance.CreateProject(CTX, t, "", gofakeit.AppName(), false, false)
|
||||
client, err := Instance.CreateOIDCNativeClient(CTX, redirectURI, logoutRedirectURI, project.GetId(), false)
|
||||
require.NoError(t, err)
|
||||
clientV2, err := Instance.CreateOIDCClientLoginVersion(CTX, redirectURI, logoutRedirectURI, project.GetId(), app.OIDCAppType_OIDC_APP_TYPE_NATIVE, app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_NONE, false, loginV2)
|
||||
@@ -288,7 +286,7 @@ func TestServer_CreateCallback(t *testing.T) {
|
||||
ctx: CTX,
|
||||
req: &oidc_pb.CreateCallbackRequest{
|
||||
AuthRequestId: func() string {
|
||||
client, err := Instance.CreateOIDCImplicitFlowClient(CTX, redirectURIImplicit, nil)
|
||||
client, err := Instance.CreateOIDCImplicitFlowClient(CTX, t, redirectURIImplicit, nil)
|
||||
require.NoError(t, err)
|
||||
authRequestID, err := Instance.CreateOIDCAuthRequestImplicit(CTX, client.GetClientId(), Instance.Users.Get(integration.UserTypeOrgOwner).ID, redirectURIImplicit)
|
||||
require.NoError(t, err)
|
||||
@@ -315,7 +313,7 @@ func TestServer_CreateCallback(t *testing.T) {
|
||||
ctx: CTXLoginClient,
|
||||
req: &oidc_pb.CreateCallbackRequest{
|
||||
AuthRequestId: func() string {
|
||||
clientV2, err := Instance.CreateOIDCImplicitFlowClient(CTX, redirectURIImplicit, loginV2)
|
||||
clientV2, err := Instance.CreateOIDCImplicitFlowClient(CTX, t, redirectURIImplicit, loginV2)
|
||||
require.NoError(t, err)
|
||||
authRequestID, err := Instance.CreateOIDCAuthRequestImplicitWithoutLoginClientHeader(CTX, clientV2.GetClientId(), redirectURIImplicit)
|
||||
require.NoError(t, err)
|
||||
@@ -371,7 +369,7 @@ func TestServer_CreateCallback_Permission(t *testing.T) {
|
||||
projectID2, _ := createOIDCApplication(ctx, t, true, true)
|
||||
|
||||
orgResp := Instance.CreateOrganization(ctx, "oidc-permission-"+gofakeit.AppName(), gofakeit.Email())
|
||||
Instance.CreateProjectGrant(ctx, projectID2, orgResp.GetOrganizationId())
|
||||
Instance.CreateProjectGrant(ctx, t, projectID2, orgResp.GetOrganizationId())
|
||||
user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
|
||||
Instance.CreateProjectUserGrant(t, ctx, projectID, user.GetUserId())
|
||||
|
||||
@@ -386,7 +384,7 @@ func TestServer_CreateCallback_Permission(t *testing.T) {
|
||||
projectID, clientID := createOIDCApplication(ctx, t, true, true)
|
||||
|
||||
orgResp := Instance.CreateOrganization(ctx, "oidc-permission-"+gofakeit.AppName(), gofakeit.Email())
|
||||
Instance.CreateProjectGrant(ctx, projectID, orgResp.GetOrganizationId())
|
||||
Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
|
||||
user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
|
||||
Instance.CreateProjectUserGrant(t, ctx, projectID, user.GetUserId())
|
||||
|
||||
@@ -407,9 +405,9 @@ func TestServer_CreateCallback_Permission(t *testing.T) {
|
||||
projectID, clientID := createOIDCApplication(ctx, t, true, true)
|
||||
|
||||
orgResp := Instance.CreateOrganization(ctx, "oidc-permission-"+gofakeit.AppName(), gofakeit.Email())
|
||||
projectGrantResp := Instance.CreateProjectGrant(ctx, projectID, orgResp.GetOrganizationId())
|
||||
Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
|
||||
user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
|
||||
Instance.CreateProjectGrantUserGrant(ctx, orgResp.GetOrganizationId(), projectID, projectGrantResp.GetGrantId(), user.GetUserId())
|
||||
Instance.CreateProjectGrantUserGrant(ctx, orgResp.GetOrganizationId(), projectID, orgResp.GetOrganizationId(), user.GetUserId())
|
||||
|
||||
return createSessionAndAuthRequestForCallback(ctx, t, clientID, Instance.Users.Get(integration.UserTypeOrgOwner).ID, user.GetUserId())
|
||||
},
|
||||
@@ -544,9 +542,9 @@ func TestServer_CreateCallback_Permission(t *testing.T) {
|
||||
projectID, clientID := createOIDCApplication(ctx, t, true, false)
|
||||
|
||||
orgResp := Instance.CreateOrganization(ctx, "oidc-permission-"+gofakeit.AppName(), gofakeit.Email())
|
||||
projectGrantResp := Instance.CreateProjectGrant(ctx, projectID, orgResp.GetOrganizationId())
|
||||
Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
|
||||
user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
|
||||
Instance.CreateProjectGrantUserGrant(ctx, orgResp.GetOrganizationId(), projectID, projectGrantResp.GetGrantId(), user.GetUserId())
|
||||
Instance.CreateProjectGrantUserGrant(ctx, orgResp.GetOrganizationId(), projectID, orgResp.GetOrganizationId(), user.GetUserId())
|
||||
return createSessionAndAuthRequestForCallback(ctx, t, clientID, Instance.Users.Get(integration.UserTypeOrgOwner).ID, user.GetUserId())
|
||||
},
|
||||
want: &oidc_pb.CreateCallbackResponse{
|
||||
@@ -564,7 +562,7 @@ func TestServer_CreateCallback_Permission(t *testing.T) {
|
||||
projectID, clientID := createOIDCApplication(ctx, t, true, false)
|
||||
|
||||
orgResp := Instance.CreateOrganization(ctx, "oidc-permission-"+gofakeit.AppName(), gofakeit.Email())
|
||||
Instance.CreateProjectGrant(ctx, projectID, orgResp.GetOrganizationId())
|
||||
Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
|
||||
user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
|
||||
return createSessionAndAuthRequestForCallback(ctx, t, clientID, Instance.Users.Get(integration.UserTypeOrgOwner).ID, user.GetUserId())
|
||||
},
|
||||
@@ -606,7 +604,7 @@ func TestServer_CreateCallback_Permission(t *testing.T) {
|
||||
projectID, clientID := createOIDCApplication(ctx, t, false, true)
|
||||
|
||||
orgResp := Instance.CreateOrganization(ctx, "oidc-permission-"+gofakeit.AppName(), gofakeit.Email())
|
||||
Instance.CreateProjectGrant(ctx, projectID, orgResp.GetOrganizationId())
|
||||
Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
|
||||
user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
|
||||
|
||||
return createSessionAndAuthRequestForCallback(ctx, t, clientID, Instance.Users.Get(integration.UserTypeOrgOwner).ID, user.GetUserId())
|
||||
@@ -639,8 +637,7 @@ func TestServer_CreateCallback_Permission(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestServer_GetDeviceAuthorizationRequest(t *testing.T) {
|
||||
project, err := Instance.CreateProject(CTX)
|
||||
require.NoError(t, err)
|
||||
project := Instance.CreateProject(CTX, t, "", gofakeit.AppName(), false, false)
|
||||
client, err := Instance.CreateOIDCClient(CTX, redirectURI, logoutRedirectURI, project.GetId(), app.OIDCAppType_OIDC_APP_TYPE_NATIVE, app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_NONE, false, app.OIDCGrantType_OIDC_GRANT_TYPE_DEVICE_CODE)
|
||||
require.NoError(t, err)
|
||||
|
||||
@@ -697,8 +694,7 @@ func TestServer_GetDeviceAuthorizationRequest(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestServer_AuthorizeOrDenyDeviceAuthorization(t *testing.T) {
|
||||
project, err := Instance.CreateProject(CTX)
|
||||
require.NoError(t, err)
|
||||
project := Instance.CreateProject(CTX, t, "", gofakeit.AppName(), false, false)
|
||||
client, err := Instance.CreateOIDCClient(CTX, redirectURI, logoutRedirectURI, project.GetId(), app.OIDCAppType_OIDC_APP_TYPE_NATIVE, app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_NONE, false, app.OIDCGrantType_OIDC_GRANT_TYPE_DEVICE_CODE)
|
||||
require.NoError(t, err)
|
||||
sessionResp := createSession(t, CTX, Instance.Users[integration.UserTypeOrgOwner].ID)
|
||||
@@ -895,8 +891,7 @@ func createSessionAndAuthRequestForCallback(ctx context.Context, t *testing.T, c
|
||||
}
|
||||
|
||||
func createOIDCApplication(ctx context.Context, t *testing.T, projectRoleCheck, hasProjectCheck bool) (string, string) {
|
||||
project, err := Instance.CreateProjectWithPermissionCheck(ctx, projectRoleCheck, hasProjectCheck)
|
||||
require.NoError(t, err)
|
||||
project := Instance.CreateProject(ctx, t, "", gofakeit.AppName(), projectRoleCheck, hasProjectCheck)
|
||||
clientV2, err := Instance.CreateOIDCClientLoginVersion(ctx, redirectURI, logoutRedirectURI, project.GetId(), app.OIDCAppType_OIDC_APP_TYPE_NATIVE, app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_NONE, false, loginV2)
|
||||
require.NoError(t, err)
|
||||
return project.GetId(), clientV2.GetClientId()
|
||||
|
||||
@@ -23,8 +23,7 @@ import (
|
||||
)
|
||||
|
||||
func TestServer_GetAuthRequest(t *testing.T) {
|
||||
project, err := Instance.CreateProject(CTX)
|
||||
require.NoError(t, err)
|
||||
project := Instance.CreateProject(CTX, t, "", gofakeit.AppName(), false, false)
|
||||
client, err := Instance.CreateOIDCNativeClient(CTX, redirectURI, logoutRedirectURI, project.GetId(), false)
|
||||
require.NoError(t, err)
|
||||
|
||||
@@ -97,8 +96,7 @@ func TestServer_GetAuthRequest(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestServer_CreateCallback(t *testing.T) {
|
||||
project, err := Instance.CreateProject(CTX)
|
||||
require.NoError(t, err)
|
||||
project := Instance.CreateProject(CTX, t, "", gofakeit.AppName(), false, false)
|
||||
client, err := Instance.CreateOIDCNativeClient(CTX, redirectURI, logoutRedirectURI, project.GetId(), false)
|
||||
require.NoError(t, err)
|
||||
clientV2, err := Instance.CreateOIDCClientLoginVersion(CTX, redirectURI, logoutRedirectURI, project.GetId(), app.OIDCAppType_OIDC_APP_TYPE_NATIVE, app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_NONE, false, loginV2)
|
||||
@@ -289,7 +287,7 @@ func TestServer_CreateCallback(t *testing.T) {
|
||||
ctx: CTX,
|
||||
req: &oidc_pb.CreateCallbackRequest{
|
||||
AuthRequestId: func() string {
|
||||
client, err := Instance.CreateOIDCImplicitFlowClient(CTX, redirectURIImplicit, nil)
|
||||
client, err := Instance.CreateOIDCImplicitFlowClient(CTX, t, redirectURIImplicit, nil)
|
||||
require.NoError(t, err)
|
||||
authRequestID, err := Instance.CreateOIDCAuthRequestImplicit(CTX, client.GetClientId(), Instance.Users.Get(integration.UserTypeOrgOwner).ID, redirectURIImplicit)
|
||||
require.NoError(t, err)
|
||||
@@ -316,7 +314,7 @@ func TestServer_CreateCallback(t *testing.T) {
|
||||
ctx: CTXLoginClient,
|
||||
req: &oidc_pb.CreateCallbackRequest{
|
||||
AuthRequestId: func() string {
|
||||
clientV2, err := Instance.CreateOIDCImplicitFlowClient(CTX, redirectURIImplicit, loginV2)
|
||||
clientV2, err := Instance.CreateOIDCImplicitFlowClient(CTX, t, redirectURIImplicit, loginV2)
|
||||
require.NoError(t, err)
|
||||
authRequestID, err := Instance.CreateOIDCAuthRequestImplicitWithoutLoginClientHeader(CTX, clientV2.GetClientId(), redirectURIImplicit)
|
||||
require.NoError(t, err)
|
||||
@@ -372,7 +370,7 @@ func TestServer_CreateCallback_Permission(t *testing.T) {
|
||||
projectID2, _ := createOIDCApplication(ctx, t, true, true)
|
||||
|
||||
orgResp := Instance.CreateOrganization(ctx, "oidc-permission-"+gofakeit.AppName(), gofakeit.Email())
|
||||
Instance.CreateProjectGrant(ctx, projectID2, orgResp.GetOrganizationId())
|
||||
Instance.CreateProjectGrant(ctx, t, projectID2, orgResp.GetOrganizationId())
|
||||
user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
|
||||
Instance.CreateProjectUserGrant(t, ctx, projectID, user.GetUserId())
|
||||
|
||||
@@ -387,7 +385,7 @@ func TestServer_CreateCallback_Permission(t *testing.T) {
|
||||
projectID, clientID := createOIDCApplication(ctx, t, true, true)
|
||||
|
||||
orgResp := Instance.CreateOrganization(ctx, "oidc-permission-"+gofakeit.AppName(), gofakeit.Email())
|
||||
Instance.CreateProjectGrant(ctx, projectID, orgResp.GetOrganizationId())
|
||||
Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
|
||||
user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
|
||||
Instance.CreateProjectUserGrant(t, ctx, projectID, user.GetUserId())
|
||||
|
||||
@@ -408,9 +406,9 @@ func TestServer_CreateCallback_Permission(t *testing.T) {
|
||||
projectID, clientID := createOIDCApplication(ctx, t, true, true)
|
||||
|
||||
orgResp := Instance.CreateOrganization(ctx, "oidc-permission-"+gofakeit.AppName(), gofakeit.Email())
|
||||
projectGrantResp := Instance.CreateProjectGrant(ctx, projectID, orgResp.GetOrganizationId())
|
||||
Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
|
||||
user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
|
||||
Instance.CreateProjectGrantUserGrant(ctx, orgResp.GetOrganizationId(), projectID, projectGrantResp.GetGrantId(), user.GetUserId())
|
||||
Instance.CreateProjectGrantUserGrant(ctx, orgResp.GetOrganizationId(), projectID, orgResp.GetOrganizationId(), user.GetUserId())
|
||||
|
||||
return createSessionAndAuthRequestForCallback(ctx, t, clientID, Instance.Users.Get(integration.UserTypeOrgOwner).ID, user.GetUserId())
|
||||
},
|
||||
@@ -545,9 +543,9 @@ func TestServer_CreateCallback_Permission(t *testing.T) {
|
||||
projectID, clientID := createOIDCApplication(ctx, t, true, false)
|
||||
|
||||
orgResp := Instance.CreateOrganization(ctx, "oidc-permission-"+gofakeit.AppName(), gofakeit.Email())
|
||||
projectGrantResp := Instance.CreateProjectGrant(ctx, projectID, orgResp.GetOrganizationId())
|
||||
Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
|
||||
user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
|
||||
Instance.CreateProjectGrantUserGrant(ctx, orgResp.GetOrganizationId(), projectID, projectGrantResp.GetGrantId(), user.GetUserId())
|
||||
Instance.CreateProjectGrantUserGrant(ctx, orgResp.GetOrganizationId(), projectID, orgResp.GetOrganizationId(), user.GetUserId())
|
||||
return createSessionAndAuthRequestForCallback(ctx, t, clientID, Instance.Users.Get(integration.UserTypeOrgOwner).ID, user.GetUserId())
|
||||
},
|
||||
want: &oidc_pb.CreateCallbackResponse{
|
||||
@@ -565,7 +563,7 @@ func TestServer_CreateCallback_Permission(t *testing.T) {
|
||||
projectID, clientID := createOIDCApplication(ctx, t, true, false)
|
||||
|
||||
orgResp := Instance.CreateOrganization(ctx, "oidc-permission-"+gofakeit.AppName(), gofakeit.Email())
|
||||
Instance.CreateProjectGrant(ctx, projectID, orgResp.GetOrganizationId())
|
||||
Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
|
||||
user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
|
||||
return createSessionAndAuthRequestForCallback(ctx, t, clientID, Instance.Users.Get(integration.UserTypeOrgOwner).ID, user.GetUserId())
|
||||
},
|
||||
@@ -607,7 +605,7 @@ func TestServer_CreateCallback_Permission(t *testing.T) {
|
||||
projectID, clientID := createOIDCApplication(ctx, t, false, true)
|
||||
|
||||
orgResp := Instance.CreateOrganization(ctx, "oidc-permission-"+gofakeit.AppName(), gofakeit.Email())
|
||||
Instance.CreateProjectGrant(ctx, projectID, orgResp.GetOrganizationId())
|
||||
Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
|
||||
user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), gofakeit.Email(), gofakeit.Phone())
|
||||
|
||||
return createSessionAndAuthRequestForCallback(ctx, t, clientID, Instance.Users.Get(integration.UserTypeOrgOwner).ID, user.GetUserId())
|
||||
@@ -669,8 +667,7 @@ func createSessionAndAuthRequestForCallback(ctx context.Context, t *testing.T, c
|
||||
}
|
||||
|
||||
func createOIDCApplication(ctx context.Context, t *testing.T, projectRoleCheck, hasProjectCheck bool) (string, string) {
|
||||
project, err := Instance.CreateProjectWithPermissionCheck(ctx, projectRoleCheck, hasProjectCheck)
|
||||
require.NoError(t, err)
|
||||
project := Instance.CreateProject(ctx, t, "", gofakeit.AppName(), projectRoleCheck, hasProjectCheck)
|
||||
clientV2, err := Instance.CreateOIDCClientLoginVersion(ctx, redirectURI, logoutRedirectURI, project.GetId(), app.OIDCAppType_OIDC_APP_TYPE_NATIVE, app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_NONE, false, loginV2)
|
||||
require.NoError(t, err)
|
||||
return project.GetId(), clientV2.GetClientId()
|
||||
|
||||
Reference in New Issue
Block a user