TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 04:57:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(api): add oidc and jwt provider template (#5290)

Browse Source 
Adds possibility to manage OIDC and JWT template based providers
This commit is contained in:
Livio Spring
2023-02-27 16:32:18 +01:00
committed by GitHub
parent 9396e8b2f5
commit 80003939ad
29 changed files with 4338 additions and 295 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
internal/command/idp.go
View File

@@ -13,6 +13,24 @@ type GenericOAuthProvider struct {
IDPOptions idp.Options
}
type GenericOIDCProvider struct {
Name string
Issuer string
ClientID string
ClientSecret string
Scopes []string
IDPOptions idp.Options
}
type JWTProvider struct {
Name string
Issuer string
JWTEndpoint string
KeyEndpoint string
HeaderName string
IDPOptions idp.Options
}
type GoogleProvider struct {
Name string
ClientID string

310
internal/command/idp_model.go
View File

@@ -122,6 +122,287 @@ func (wm *OAuthIDPWriteModel) NewChanges(
return changes, nil
}
type OIDCIDPWriteModel struct {
eventstore.WriteModel
Name string
ID string
Issuer string
ClientID string
ClientSecret *crypto.CryptoValue
Scopes []string
idp.Options
State domain.IDPState
}
func (wm *OIDCIDPWriteModel) Reduce() error {
for _, event := range wm.Events {
switch e := event.(type) {
case *idp.OIDCIDPAddedEvent:
wm.reduceAddedEvent(e)
case *idp.OIDCIDPChangedEvent:
wm.reduceChangedEvent(e)
case *idpconfig.IDPConfigAddedEvent:
wm.reduceIDPConfigAddedEvent(e)
case *idpconfig.IDPConfigChangedEvent:
wm.reduceIDPConfigChangedEvent(e)
case *idpconfig.OIDCConfigAddedEvent:
wm.reduceOIDCConfigAddedEvent(e)
case *idpconfig.OIDCConfigChangedEvent:
wm.reduceOIDCConfigChangedEvent(e)
case *idpconfig.IDPConfigRemovedEvent:
wm.State = domain.IDPStateRemoved
}
}
return wm.WriteModel.Reduce()
}
func (wm *OIDCIDPWriteModel) reduceAddedEvent(e *idp.OIDCIDPAddedEvent) {
wm.Name = e.Name
wm.Issuer = e.Issuer
wm.ClientID = e.ClientID
wm.ClientSecret = e.ClientSecret
wm.Scopes = e.Scopes
wm.Options = e.Options
wm.State = domain.IDPStateActive
}
func (wm *OIDCIDPWriteModel) reduceChangedEvent(e *idp.OIDCIDPChangedEvent) {
if e.ClientID != nil {
wm.ClientID = *e.ClientID
}
if e.ClientSecret != nil {
wm.ClientSecret = e.ClientSecret
}
if e.Name != nil {
wm.Name = *e.Name
}
if e.Issuer != nil {
wm.Issuer = *e.Issuer
}
if e.Scopes != nil {
wm.Scopes = e.Scopes
}
wm.Options.ReduceChanges(e.OptionChanges)
}
func (wm *OIDCIDPWriteModel) NewChanges(
name,
issuer,
clientID,
clientSecretString string,
secretCrypto crypto.Crypto,
scopes []string,
options idp.Options,
) ([]idp.OIDCIDPChanges, error) {
changes := make([]idp.OIDCIDPChanges, 0)
var clientSecret *crypto.CryptoValue
var err error
if clientSecretString != "" {
clientSecret, err = crypto.Crypt([]byte(clientSecretString), secretCrypto)
if err != nil {
return nil, err
}
changes = append(changes, idp.ChangeOIDCClientSecret(clientSecret))
}
if wm.ClientID != clientID {
changes = append(changes, idp.ChangeOIDCClientID(clientID))
}
if wm.Name != name {
changes = append(changes, idp.ChangeOIDCName(name))
}
if wm.Issuer != issuer {
changes = append(changes, idp.ChangeOIDCIssuer(issuer))
}
if !reflect.DeepEqual(wm.Scopes, scopes) {
changes = append(changes, idp.ChangeOIDCScopes(scopes))
}
opts := wm.Options.Changes(options)
if !opts.IsZero() {
changes = append(changes, idp.ChangeOIDCOptions(opts))
}
return changes, nil
}
// reduceIDPConfigAddedEvent handles old idpConfig events
func (wm *OIDCIDPWriteModel) reduceIDPConfigAddedEvent(e *idpconfig.IDPConfigAddedEvent) {
wm.Name = e.Name
wm.Options.IsAutoCreation = e.AutoRegister
wm.State = domain.IDPStateActive
}
// reduceIDPConfigChangedEvent handles old idpConfig changes
func (wm *OIDCIDPWriteModel) reduceIDPConfigChangedEvent(e *idpconfig.IDPConfigChangedEvent) {
if e.Name != nil {
wm.Name = *e.Name
}
if e.AutoRegister != nil {
wm.Options.IsAutoCreation = *e.AutoRegister
}
}
// reduceOIDCConfigAddedEvent handles old OIDC idpConfig events
func (wm *OIDCIDPWriteModel) reduceOIDCConfigAddedEvent(e *idpconfig.OIDCConfigAddedEvent) {
wm.Issuer = e.Issuer
wm.ClientID = e.ClientID
wm.ClientSecret = e.ClientSecret
wm.Scopes = e.Scopes
}
// reduceOIDCConfigChangedEvent handles old OIDC idpConfig changes
func (wm *OIDCIDPWriteModel) reduceOIDCConfigChangedEvent(e *idpconfig.OIDCConfigChangedEvent) {
if e.Issuer != nil {
wm.Issuer = *e.Issuer
}
if e.ClientID != nil {
wm.ClientID = *e.ClientID
}
if e.ClientSecret != nil {
wm.ClientSecret = e.ClientSecret
}
if e.Scopes != nil {
wm.Scopes = e.Scopes
}
}
type JWTIDPWriteModel struct {
eventstore.WriteModel
ID string
Name string
Issuer string
JWTEndpoint string
KeysEndpoint string
HeaderName string
idp.Options
State domain.IDPState
}
func (wm *JWTIDPWriteModel) Reduce() error {
for _, event := range wm.Events {
switch e := event.(type) {
case *idp.JWTIDPAddedEvent:
wm.reduceAddedEvent(e)
case *idp.JWTIDPChangedEvent:
wm.reduceChangedEvent(e)
case *idpconfig.IDPConfigAddedEvent:
wm.reduceIDPConfigAddedEvent(e)
case *idpconfig.IDPConfigChangedEvent:
wm.reduceIDPConfigChangedEvent(e)
case *idpconfig.JWTConfigAddedEvent:
wm.reduceJWTConfigAddedEvent(e)
case *idpconfig.JWTConfigChangedEvent:
wm.reduceJWTConfigChangedEvent(e)
case *idpconfig.IDPConfigRemovedEvent:
wm.State = domain.IDPStateRemoved
}
}
return wm.WriteModel.Reduce()
}
func (wm *JWTIDPWriteModel) reduceAddedEvent(e *idp.JWTIDPAddedEvent) {
wm.Name = e.Name
wm.Issuer = e.Issuer
wm.JWTEndpoint = e.JWTEndpoint
wm.KeysEndpoint = e.KeysEndpoint
wm.HeaderName = e.HeaderName
wm.Options = e.Options
wm.State = domain.IDPStateActive
}
func (wm *JWTIDPWriteModel) reduceChangedEvent(e *idp.JWTIDPChangedEvent) {
if e.Name != nil {
wm.Name = *e.Name
}
if e.Issuer != nil {
wm.Issuer = *e.Issuer
}
if e.JWTEndpoint != nil {
wm.JWTEndpoint = *e.JWTEndpoint
}
if e.KeysEndpoint != nil {
wm.KeysEndpoint = *e.KeysEndpoint
}
if e.HeaderName != nil {
wm.HeaderName = *e.HeaderName
}
wm.Options.ReduceChanges(e.OptionChanges)
}
func (wm *JWTIDPWriteModel) NewChanges(
name,
issuer,
jwtEndpoint,
keysEndpoint,
headerName string,
options idp.Options,
) ([]idp.JWTIDPChanges, error) {
changes := make([]idp.JWTIDPChanges, 0)
if wm.Name != name {
changes = append(changes, idp.ChangeJWTName(name))
}
if wm.Issuer != issuer {
changes = append(changes, idp.ChangeJWTIssuer(issuer))
}
if wm.JWTEndpoint != jwtEndpoint {
changes = append(changes, idp.ChangeJWTEndpoint(jwtEndpoint))
}
if wm.KeysEndpoint != keysEndpoint {
changes = append(changes, idp.ChangeJWTKeysEndpoint(keysEndpoint))
}
if wm.HeaderName != headerName {
changes = append(changes, idp.ChangeJWTHeaderName(headerName))
}
opts := wm.Options.Changes(options)
if !opts.IsZero() {
changes = append(changes, idp.ChangeJWTOptions(opts))
}
return changes, nil
}
// reduceIDPConfigAddedEvent handles old idpConfig events
func (wm *JWTIDPWriteModel) reduceIDPConfigAddedEvent(e *idpconfig.IDPConfigAddedEvent) {
wm.Name = e.Name
wm.Options.IsAutoCreation = e.AutoRegister
wm.State = domain.IDPStateActive
}
// reduceIDPConfigChangedEvent handles old idpConfig changes
func (wm *JWTIDPWriteModel) reduceIDPConfigChangedEvent(e *idpconfig.IDPConfigChangedEvent) {
if e.Name != nil {
wm.Name = *e.Name
}
if e.AutoRegister != nil {
wm.Options.IsAutoCreation = *e.AutoRegister
}
}
// reduceJWTConfigAddedEvent handles old JWT idpConfig events
func (wm *JWTIDPWriteModel) reduceJWTConfigAddedEvent(e *idpconfig.JWTConfigAddedEvent) {
wm.Issuer = e.Issuer
wm.JWTEndpoint = e.JWTEndpoint
wm.KeysEndpoint = e.KeysEndpoint
wm.HeaderName = e.HeaderName
}
// reduceJWTConfigChangedEvent handles old JWT idpConfig changes
func (wm *JWTIDPWriteModel) reduceJWTConfigChangedEvent(e *idpconfig.JWTConfigChangedEvent) {
if e.Issuer != nil {
wm.Issuer = *e.Issuer
}
if e.JWTEndpoint != nil {
wm.JWTEndpoint = *e.JWTEndpoint
}
if e.KeysEndpoint != nil {
wm.KeysEndpoint = *e.KeysEndpoint
}
if e.HeaderName != nil {
wm.HeaderName = *e.HeaderName
}
}
type GoogleIDPWriteModel struct {
eventstore.WriteModel
@@ -365,28 +646,25 @@ type IDPRemoveWriteModel struct {
ID string
State domain.IDPState
name string
}
func (wm *IDPRemoveWriteModel) Reduce() error {
for _, event := range wm.Events {
switch e := event.(type) {
case *idp.OAuthIDPAddedEvent:
wm.reduceAdded(e.ID, e.Name)
case *idp.OAuthIDPChangedEvent:
wm.reduceChanged(e.ID, e.Name)
wm.reduceAdded(e.ID)
case *idp.OIDCIDPAddedEvent:
wm.reduceAdded(e.ID)
case *idp.JWTIDPAddedEvent:
wm.reduceAdded(e.ID)
case *idp.GoogleIDPAddedEvent:
wm.reduceAdded(e.ID, e.Name)
case *idp.GoogleIDPChangedEvent:
wm.reduceChanged(e.ID, e.Name)
wm.reduceAdded(e.ID)
case *idp.LDAPIDPAddedEvent:
wm.reduceAdded(e.ID, e.Name)
case *idp.LDAPIDPChangedEvent:
wm.reduceChanged(e.ID, e.Name)
wm.reduceAdded(e.ID)
case *idp.RemovedEvent:
wm.reduceRemoved(e.ID)
case *idpconfig.IDPConfigAddedEvent:
wm.reduceAdded(e.ConfigID, "")
wm.reduceAdded(e.ConfigID)
case *idpconfig.IDPConfigRemovedEvent:
wm.reduceRemoved(e.ConfigID)
}
@@ -394,19 +672,11 @@ func (wm *IDPRemoveWriteModel) Reduce() error {
return wm.WriteModel.Reduce()
}
func (wm *IDPRemoveWriteModel) reduceAdded(id string, name string) {
func (wm *IDPRemoveWriteModel) reduceAdded(id string) {
if wm.ID != id {
return
}
wm.State = domain.IDPStateActive
wm.name = name
}
func (wm *IDPRemoveWriteModel) reduceChanged(id string, name *string) {
if wm.ID != id || name == nil {
return
}
wm.name = *name
}
func (wm *IDPRemoveWriteModel) reduceRemoved(id string) {

281
internal/command/instance_idp.go
View File

@@ -55,6 +55,90 @@ func (c *Commands) UpdateInstanceGenericOAuthProvider(ctx context.Context, id st
return pushedEventsToObjectDetails(pushedEvents), nil
}
func (c *Commands) AddInstanceGenericOIDCProvider(ctx context.Context, provider GenericOIDCProvider) (string, *domain.ObjectDetails, error) {
instanceID := authz.GetInstance(ctx).InstanceID()
instanceAgg := instance.NewAggregate(instanceID)
id, err := c.idGenerator.Next()
if err != nil {
return "", nil, err
}
writeModel := NewOIDCInstanceIDPWriteModel(instanceID, id)
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareAddInstanceOIDCProvider(instanceAgg, writeModel, provider))
if err != nil {
return "", nil, err
}
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
if err != nil {
return "", nil, err
}
return id, pushedEventsToObjectDetails(pushedEvents), nil
}
func (c *Commands) UpdateInstanceGenericOIDCProvider(ctx context.Context, id string, provider GenericOIDCProvider) (*domain.ObjectDetails, error) {
instanceID := authz.GetInstance(ctx).InstanceID()
instanceAgg := instance.NewAggregate(instanceID)
writeModel := NewOIDCInstanceIDPWriteModel(instanceID, id)
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareUpdateInstanceOIDCProvider(instanceAgg, writeModel, provider))
if err != nil {
return nil, err
}
if len(cmds) == 0 {
// no change, so return directly
return &domain.ObjectDetails{
Sequence: writeModel.ProcessedSequence,
EventDate: writeModel.ChangeDate,
ResourceOwner: writeModel.ResourceOwner,
}, nil
}
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
if err != nil {
return nil, err
}
return pushedEventsToObjectDetails(pushedEvents), nil
}
func (c *Commands) AddInstanceJWTProvider(ctx context.Context, provider JWTProvider) (string, *domain.ObjectDetails, error) {
instanceID := authz.GetInstance(ctx).InstanceID()
instanceAgg := instance.NewAggregate(instanceID)
id, err := c.idGenerator.Next()
if err != nil {
return "", nil, err
}
writeModel := NewJWTInstanceIDPWriteModel(instanceID, id)
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareAddInstanceJWTProvider(instanceAgg, writeModel, provider))
if err != nil {
return "", nil, err
}
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
if err != nil {
return "", nil, err
}
return id, pushedEventsToObjectDetails(pushedEvents), nil
}
func (c *Commands) UpdateInstanceJWTProvider(ctx context.Context, id string, provider JWTProvider) (*domain.ObjectDetails, error) {
instanceID := authz.GetInstance(ctx).InstanceID()
instanceAgg := instance.NewAggregate(instanceID)
writeModel := NewJWTInstanceIDPWriteModel(instanceID, id)
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareUpdateInstanceJWTProvider(instanceAgg, writeModel, provider))
if err != nil {
return nil, err
}
if len(cmds) == 0 {
// no change, so return directly
return &domain.ObjectDetails{
Sequence: writeModel.ProcessedSequence,
EventDate: writeModel.ChangeDate,
ResourceOwner: writeModel.ResourceOwner,
}, nil
}
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
if err != nil {
return nil, err
}
return pushedEventsToObjectDetails(pushedEvents), nil
}
func (c *Commands) AddInstanceGoogleProvider(ctx context.Context, provider GoogleProvider) (string, *domain.ObjectDetails, error) {
instanceID := authz.GetInstance(ctx).InstanceID()
instanceAgg := instance.NewAggregate(instanceID)
@@ -247,11 +331,192 @@ func (c *Commands) prepareUpdateInstanceOAuthProvider(a *instance.Aggregate, wri
provider.Scopes,
provider.IDPOptions,
)
if err != nil || event == nil {
return nil, err
}
return []eventstore.Command{event}, nil
}, nil
}
}
func (c *Commands) prepareAddInstanceOIDCProvider(a *instance.Aggregate, writeModel *InstanceOIDCIDPWriteModel, provider GenericOIDCProvider) preparation.Validation {
return func() (preparation.CreateCommands, error) {
if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "INST-Sgtj5", "Errors.Invalid.Argument")
}
if provider.Issuer = strings.TrimSpace(provider.Issuer); provider.Issuer == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "INST-Hz6zj", "Errors.Invalid.Argument")
}
if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "INST-fb5jm", "Errors.Invalid.Argument")
}
if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "INST-Sfdf4", "Errors.Invalid.Argument")
}
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
events, err := filter(ctx, writeModel.Query())
if err != nil {
return nil, err
}
if event == nil {
return nil, nil
writeModel.AppendEvents(events...)
if err = writeModel.Reduce(); err != nil {
return nil, err
}
secret, err := crypto.Encrypt([]byte(provider.ClientSecret), c.idpConfigEncryption)
if err != nil {
return nil, err
}
return []eventstore.Command{
instance.NewOIDCIDPAddedEvent(
ctx,
&a.Aggregate,
writeModel.ID,
provider.Name,
provider.Issuer,
provider.ClientID,
secret,
provider.Scopes,
provider.IDPOptions,
),
}, nil
}, nil
}
}
func (c *Commands) prepareUpdateInstanceOIDCProvider(a *instance.Aggregate, writeModel *InstanceOIDCIDPWriteModel, provider GenericOIDCProvider) preparation.Validation {
return func() (preparation.CreateCommands, error) {
if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "INST-SAfd3", "Errors.Invalid.Argument")
}
if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "INST-Dvf4f", "Errors.Invalid.Argument")
}
if provider.Issuer = strings.TrimSpace(provider.Issuer); provider.Issuer == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "INST-BDfr3", "Errors.Invalid.Argument")
}
if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "INST-Db3bs", "Errors.Invalid.Argument")
}
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
events, err := filter(ctx, writeModel.Query())
if err != nil {
return nil, err
}
writeModel.AppendEvents(events...)
if err = writeModel.Reduce(); err != nil {
return nil, err
}
if !writeModel.State.Exists() {
return nil, caos_errs.ThrowNotFound(nil, "INST-Dg331", "Errors.Instance.IDPConfig.NotExisting")
}
event, err := writeModel.NewChangedEvent(
ctx,
&a.Aggregate,
writeModel.ID,
provider.Name,
provider.Issuer,
provider.ClientID,
provider.ClientSecret,
c.idpConfigEncryption,
provider.Scopes,
provider.IDPOptions,
)
if err != nil || event == nil {
return nil, err
}
return []eventstore.Command{event}, nil
}, nil
}
}
func (c *Commands) prepareAddInstanceJWTProvider(a *instance.Aggregate, writeModel *InstanceJWTIDPWriteModel, provider JWTProvider) preparation.Validation {
return func() (preparation.CreateCommands, error) {
if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "INST-JLKef", "Errors.Invalid.Argument")
}
if provider.Issuer = strings.TrimSpace(provider.Issuer); provider.Issuer == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "INST-WNJK3", "Errors.Invalid.Argument")
}
if provider.JWTEndpoint = strings.TrimSpace(provider.JWTEndpoint); provider.JWTEndpoint == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "INST-NJKSD", "Errors.Invalid.Argument")
}
if provider.KeyEndpoint = strings.TrimSpace(provider.KeyEndpoint); provider.KeyEndpoint == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "INST-NJKE3", "Errors.Invalid.Argument")
}
if provider.HeaderName = strings.TrimSpace(provider.HeaderName); provider.HeaderName == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "INST-2rlks", "Errors.Invalid.Argument")
}
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
events, err := filter(ctx, writeModel.Query())
if err != nil {
return nil, err
}
writeModel.AppendEvents(events...)
if err = writeModel.Reduce(); err != nil {
return nil, err
}
return []eventstore.Command{
instance.NewJWTIDPAddedEvent(
ctx,
&a.Aggregate,
writeModel.ID,
provider.Name,
provider.Issuer,
provider.JWTEndpoint,
provider.KeyEndpoint,
provider.HeaderName,
provider.IDPOptions,
),
}, nil
}, nil
}
}
func (c *Commands) prepareUpdateInstanceJWTProvider(a *instance.Aggregate, writeModel *InstanceJWTIDPWriteModel, provider JWTProvider) preparation.Validation {
return func() (preparation.CreateCommands, error) {
if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "INST-HUe3q", "Errors.Invalid.Argument")
}
if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "INST-JKLS2", "Errors.Invalid.Argument")
}
if provider.Issuer = strings.TrimSpace(provider.Issuer); provider.Issuer == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "INST-JKs3f", "Errors.Invalid.Argument")
}
if provider.JWTEndpoint = strings.TrimSpace(provider.JWTEndpoint); provider.JWTEndpoint == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "INST-NJKS2", "Errors.Invalid.Argument")
}
if provider.KeyEndpoint = strings.TrimSpace(provider.KeyEndpoint); provider.KeyEndpoint == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "INST-SJk2d", "Errors.Invalid.Argument")
}
if provider.HeaderName = strings.TrimSpace(provider.HeaderName); provider.HeaderName == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "INST-SJK2f", "Errors.Invalid.Argument")
}
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
events, err := filter(ctx, writeModel.Query())
if err != nil {
return nil, err
}
writeModel.AppendEvents(events...)
if err = writeModel.Reduce(); err != nil {
return nil, err
}
if !writeModel.State.Exists() {
return nil, caos_errs.ThrowNotFound(nil, "INST-Bhju5", "Errors.Instance.IDPConfig.NotExisting")
}
event, err := writeModel.NewChangedEvent(
ctx,
&a.Aggregate,
writeModel.ID,
provider.Name,
provider.Issuer,
provider.JWTEndpoint,
provider.KeyEndpoint,
provider.HeaderName,
provider.IDPOptions,
)
if err != nil || event == nil {
return nil, err
}
return []eventstore.Command{event}, nil
}, nil
@@ -326,12 +591,9 @@ func (c *Commands) prepareUpdateInstanceGoogleProvider(a *instance.Aggregate, wr
provider.Scopes,
provider.IDPOptions,
)
if err != nil {
if err != nil || event == nil {
return nil, err
}
if event == nil {
return nil, nil
}
return []eventstore.Command{event}, nil
}, nil
}
@@ -448,12 +710,9 @@ func (c *Commands) prepareUpdateInstanceLDAPProvider(a *instance.Aggregate, writ
provider.LDAPAttributes,
provider.IDPOptions,
)
if err != nil {
if err != nil || event == nil {
return nil, err
}
if event == nil {
return nil, nil
}
return []eventstore.Command{event}, nil
}, nil
}
@@ -474,7 +733,7 @@ func (c *Commands) prepareDeleteInstanceProvider(a *instance.Aggregate, id strin
if !writeModel.State.Exists() {
return nil, caos_errs.ThrowNotFound(nil, "INST-Se3tg", "Errors.Instance.IDPConfig.NotExisting")
}
return []eventstore.Command{instance.NewIDPRemovedEvent(ctx, &a.Aggregate, id, writeModel.name)}, nil
return []eventstore.Command{instance.NewIDPRemovedEvent(ctx, &a.Aggregate, id)}, nil
}, nil
}
}

242
internal/command/instance_idp_model.go
View File

@@ -83,15 +83,212 @@ func (wm *InstanceOAuthIDPWriteModel) NewChangedEvent(
scopes,
options,
)
if err != nil {
if err != nil || len(changes) == 0 {
return nil, err
}
if len(changes) == 0 {
return nil, nil
}
return instance.NewOAuthIDPChangedEvent(ctx, aggregate, id, changes)
}
type InstanceOIDCIDPWriteModel struct {
OIDCIDPWriteModel
}
func NewOIDCInstanceIDPWriteModel(instanceID, id string) *InstanceOIDCIDPWriteModel {
return &InstanceOIDCIDPWriteModel{
OIDCIDPWriteModel{
WriteModel: eventstore.WriteModel{
AggregateID: instanceID,
ResourceOwner: instanceID,
},
ID: id,
},
}
}
func (wm *InstanceOIDCIDPWriteModel) Reduce() error {
return wm.OIDCIDPWriteModel.Reduce()
}
func (wm *InstanceOIDCIDPWriteModel) AppendEvents(events ...eventstore.Event) {
for _, event := range events {
switch e := event.(type) {
case *instance.OIDCIDPAddedEvent:
wm.OIDCIDPWriteModel.AppendEvents(&e.OIDCIDPAddedEvent)
case *instance.OIDCIDPChangedEvent:
wm.OIDCIDPWriteModel.AppendEvents(&e.OIDCIDPChangedEvent)
case *instance.IDPRemovedEvent:
wm.OIDCIDPWriteModel.AppendEvents(&e.RemovedEvent)
// old events
case *instance.IDPConfigAddedEvent:
wm.OIDCIDPWriteModel.AppendEvents(&e.IDPConfigAddedEvent)
case *instance.IDPConfigChangedEvent:
wm.OIDCIDPWriteModel.AppendEvents(&e.IDPConfigChangedEvent)
case *instance.IDPOIDCConfigAddedEvent:
wm.OIDCIDPWriteModel.AppendEvents(&e.OIDCConfigAddedEvent)
case *instance.IDPOIDCConfigChangedEvent:
wm.OIDCIDPWriteModel.AppendEvents(&e.OIDCConfigChangedEvent)
case *instance.IDPConfigRemovedEvent:
wm.OIDCIDPWriteModel.AppendEvents(&e.IDPConfigRemovedEvent)
default:
wm.OIDCIDPWriteModel.AppendEvents(e)
}
}
}
func (wm *InstanceOIDCIDPWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
ResourceOwner(wm.ResourceOwner).
AddQuery().
AggregateTypes(instance.AggregateType).
AggregateIDs(wm.AggregateID).
EventTypes(
instance.OIDCIDPAddedEventType,
instance.OIDCIDPChangedEventType,
instance.IDPRemovedEventType,
).
EventData(map[string]interface{}{"id": wm.ID}).
Or(). // old events
AggregateTypes(instance.AggregateType).
AggregateIDs(wm.AggregateID).
EventTypes(
instance.IDPConfigAddedEventType,
instance.IDPConfigChangedEventType,
instance.IDPOIDCConfigAddedEventType,
instance.IDPOIDCConfigChangedEventType,
instance.IDPConfigRemovedEventType,
).
EventData(map[string]interface{}{"idpConfigId": wm.ID}).
Builder()
}
func (wm *InstanceOIDCIDPWriteModel) NewChangedEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
id,
name,
issuer,
clientID,
clientSecretString string,
secretCrypto crypto.Crypto,
scopes []string,
options idp.Options,
) (*instance.OIDCIDPChangedEvent, error) {
changes, err := wm.OIDCIDPWriteModel.NewChanges(
name,
issuer,
clientID,
clientSecretString,
secretCrypto,
scopes,
options,
)
if err != nil || len(changes) == 0 {
return nil, err
}
return instance.NewOIDCIDPChangedEvent(ctx, aggregate, id, changes)
}
type InstanceJWTIDPWriteModel struct {
JWTIDPWriteModel
}
func NewJWTInstanceIDPWriteModel(instanceID, id string) *InstanceJWTIDPWriteModel {
return &InstanceJWTIDPWriteModel{
JWTIDPWriteModel{
WriteModel: eventstore.WriteModel{
AggregateID: instanceID,
ResourceOwner: instanceID,
},
ID: id,
},
}
}
func (wm *InstanceJWTIDPWriteModel) Reduce() error {
return wm.JWTIDPWriteModel.Reduce()
}
func (wm *InstanceJWTIDPWriteModel) AppendEvents(events ...eventstore.Event) {
for _, event := range events {
switch e := event.(type) {
case *instance.JWTIDPAddedEvent:
wm.JWTIDPWriteModel.AppendEvents(&e.JWTIDPAddedEvent)
case *instance.JWTIDPChangedEvent:
wm.JWTIDPWriteModel.AppendEvents(&e.JWTIDPChangedEvent)
case *instance.IDPRemovedEvent:
wm.JWTIDPWriteModel.AppendEvents(&e.RemovedEvent)
// old events
case *instance.IDPConfigAddedEvent:
wm.JWTIDPWriteModel.AppendEvents(&e.IDPConfigAddedEvent)
case *instance.IDPConfigChangedEvent:
wm.JWTIDPWriteModel.AppendEvents(&e.IDPConfigChangedEvent)
case *instance.IDPJWTConfigAddedEvent:
wm.JWTIDPWriteModel.AppendEvents(&e.JWTConfigAddedEvent)
case *instance.IDPJWTConfigChangedEvent:
wm.JWTIDPWriteModel.AppendEvents(&e.JWTConfigChangedEvent)
case *instance.IDPConfigRemovedEvent:
wm.JWTIDPWriteModel.AppendEvents(&e.IDPConfigRemovedEvent)
default:
wm.JWTIDPWriteModel.AppendEvents(e)
}
}
}
func (wm *InstanceJWTIDPWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
ResourceOwner(wm.ResourceOwner).
AddQuery().
AggregateTypes(instance.AggregateType).
AggregateIDs(wm.AggregateID).
EventTypes(
instance.JWTIDPAddedEventType,
instance.JWTIDPChangedEventType,
instance.IDPRemovedEventType,
).
EventData(map[string]interface{}{"id": wm.ID}).
Or(). // old events
AggregateTypes(instance.AggregateType).
AggregateIDs(wm.AggregateID).
EventTypes(
instance.IDPConfigAddedEventType,
instance.IDPConfigChangedEventType,
instance.IDPJWTConfigAddedEventType,
instance.IDPJWTConfigChangedEventType,
instance.IDPConfigRemovedEventType,
).
EventData(map[string]interface{}{"idpConfigId": wm.ID}).
Builder()
}
func (wm *InstanceJWTIDPWriteModel) NewChangedEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
id,
name,
issuer,
jwtEndpoint,
keysEndpoint,
headerName string,
options idp.Options,
) (*instance.JWTIDPChangedEvent, error) {
changes, err := wm.JWTIDPWriteModel.NewChanges(
name,
issuer,
jwtEndpoint,
keysEndpoint,
headerName,
options,
)
if err != nil || len(changes) == 0 {
return nil, err
}
return instance.NewJWTIDPChangedEvent(ctx, aggregate, id, changes)
}
type InstanceGoogleIDPWriteModel struct {
GoogleIDPWriteModel
}
@@ -153,12 +350,9 @@ func (wm *InstanceGoogleIDPWriteModel) NewChangedEvent(
) (*instance.GoogleIDPChangedEvent, error) {
changes, err := wm.GoogleIDPWriteModel.NewChanges(name, clientID, clientSecretString, secretCrypto, scopes, options)
if err != nil {
if err != nil || len(changes) == 0 {
return nil, err
}
if len(changes) == 0 {
return nil, nil
}
return instance.NewGoogleIDPChangedEvent(ctx, aggregate, id, changes)
}
@@ -245,12 +439,9 @@ func (wm *InstanceLDAPIDPWriteModel) NewChangedEvent(
attributes,
options,
)
if err != nil {
if err != nil || len(changes) == 0 {
return nil, err
}
if len(changes) == 0 {
return nil, nil
}
return instance.NewLDAPIDPChangedEvent(ctx, aggregate, id, oldName, changes)
}
@@ -279,18 +470,20 @@ func (wm *InstanceIDPRemoveWriteModel) AppendEvents(events ...eventstore.Event)
switch e := event.(type) {
case *instance.OAuthIDPAddedEvent:
wm.IDPRemoveWriteModel.AppendEvents(&e.OAuthIDPAddedEvent)
case *instance.OAuthIDPChangedEvent:
wm.IDPRemoveWriteModel.AppendEvents(&e.OAuthIDPChangedEvent)
case *instance.OIDCIDPAddedEvent:
wm.IDPRemoveWriteModel.AppendEvents(&e.OIDCIDPAddedEvent)
case *instance.JWTIDPAddedEvent:
wm.IDPRemoveWriteModel.AppendEvents(&e.JWTIDPAddedEvent)
case *instance.GoogleIDPAddedEvent:
wm.IDPRemoveWriteModel.AppendEvents(&e.GoogleIDPAddedEvent)
case *instance.GoogleIDPChangedEvent:
wm.IDPRemoveWriteModel.AppendEvents(&e.GoogleIDPChangedEvent)
case *instance.LDAPIDPAddedEvent:
wm.IDPRemoveWriteModel.AppendEvents(&e.LDAPIDPAddedEvent)
case *instance.LDAPIDPChangedEvent:
wm.IDPRemoveWriteModel.AppendEvents(&e.LDAPIDPChangedEvent)
case *instance.IDPRemovedEvent:
wm.IDPRemoveWriteModel.AppendEvents(&e.RemovedEvent)
case *instance.IDPConfigAddedEvent:
wm.IDPRemoveWriteModel.AppendEvents(&e.IDPConfigAddedEvent)
case *instance.IDPConfigRemovedEvent:
wm.IDPRemoveWriteModel.AppendEvents(&e.IDPConfigRemovedEvent)
default:
wm.IDPRemoveWriteModel.AppendEvents(e)
}
@@ -305,13 +498,20 @@ func (wm *InstanceIDPRemoveWriteModel) Query() *eventstore.SearchQueryBuilder {
AggregateIDs(wm.AggregateID).
EventTypes(
instance.OAuthIDPAddedEventType,
instance.OAuthIDPChangedEventType,
instance.OIDCIDPAddedEventType,
instance.JWTIDPAddedEventType,
instance.GoogleIDPAddedEventType,
instance.GoogleIDPChangedEventType,
instance.LDAPIDPAddedEventType,
instance.LDAPIDPChangedEventType,
instance.IDPRemovedEventType,
).
EventData(map[string]interface{}{"id": wm.ID}).
Or(). // old events
AggregateTypes(instance.AggregateType).
AggregateIDs(wm.AggregateID).
EventTypes(
instance.IDPConfigAddedEventType,
instance.IDPConfigRemovedEventType,
).
EventData(map[string]interface{}{"idpConfigId": wm.ID}).
Builder()
}

277
internal/command/org_idp.go
View File

@@ -52,6 +52,86 @@ func (c *Commands) UpdateOrgGenericOAuthProvider(ctx context.Context, resourceOw
return pushedEventsToObjectDetails(pushedEvents), nil
}
func (c *Commands) AddOrgGenericOIDCProvider(ctx context.Context, resourceOwner string, provider GenericOIDCProvider) (string, *domain.ObjectDetails, error) {
orgAgg := org.NewAggregate(resourceOwner)
id, err := c.idGenerator.Next()
if err != nil {
return "", nil, err
}
writeModel := NewOIDCOrgIDPWriteModel(resourceOwner, id)
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareAddOrgOIDCProvider(orgAgg, writeModel, provider))
if err != nil {
return "", nil, err
}
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
if err != nil {
return "", nil, err
}
return id, pushedEventsToObjectDetails(pushedEvents), nil
}
func (c *Commands) UpdateOrgGenericOIDCProvider(ctx context.Context, resourceOwner, id string, provider GenericOIDCProvider) (*domain.ObjectDetails, error) {
orgAgg := org.NewAggregate(resourceOwner)
writeModel := NewOIDCOrgIDPWriteModel(resourceOwner, id)
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareUpdateOrgOIDCProvider(orgAgg, writeModel, provider))
if err != nil {
return nil, err
}
if len(cmds) == 0 {
// no change, so return directly
return &domain.ObjectDetails{
Sequence: writeModel.ProcessedSequence,
EventDate: writeModel.ChangeDate,
ResourceOwner: writeModel.ResourceOwner,
}, nil
}
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
if err != nil {
return nil, err
}
return pushedEventsToObjectDetails(pushedEvents), nil
}
func (c *Commands) AddOrgJWTProvider(ctx context.Context, resourceOwner string, provider JWTProvider) (string, *domain.ObjectDetails, error) {
orgAgg := org.NewAggregate(resourceOwner)
id, err := c.idGenerator.Next()
if err != nil {
return "", nil, err
}
writeModel := NewJWTOrgIDPWriteModel(resourceOwner, id)
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareAddOrgJWTProvider(orgAgg, writeModel, provider))
if err != nil {
return "", nil, err
}
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
if err != nil {
return "", nil, err
}
return id, pushedEventsToObjectDetails(pushedEvents), nil
}
func (c *Commands) UpdateOrgJWTProvider(ctx context.Context, resourceOwner, id string, provider JWTProvider) (*domain.ObjectDetails, error) {
orgAgg := org.NewAggregate(resourceOwner)
writeModel := NewJWTOrgIDPWriteModel(resourceOwner, id)
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareUpdateOrgJWTProvider(orgAgg, writeModel, provider))
if err != nil {
return nil, err
}
if len(cmds) == 0 {
// no change, so return directly
return &domain.ObjectDetails{
Sequence: writeModel.ProcessedSequence,
EventDate: writeModel.ChangeDate,
ResourceOwner: writeModel.ResourceOwner,
}, nil
}
pushedEvents, err := c.eventstore.Push(ctx, cmds...)
if err != nil {
return nil, err
}
return pushedEventsToObjectDetails(pushedEvents), nil
}
func (c *Commands) AddOrgGoogleProvider(ctx context.Context, resourceOwner string, provider GoogleProvider) (string, *domain.ObjectDetails, error) {
orgAgg := org.NewAggregate(resourceOwner)
id, err := c.idGenerator.Next()
@@ -243,11 +323,192 @@ func (c *Commands) prepareUpdateOrgOAuthProvider(a *org.Aggregate, writeModel *O
provider.Scopes,
provider.IDPOptions,
)
if err != nil || event == nil {
return nil, err
}
return []eventstore.Command{event}, nil
}, nil
}
}
func (c *Commands) prepareAddOrgOIDCProvider(a *org.Aggregate, writeModel *OrgOIDCIDPWriteModel, provider GenericOIDCProvider) preparation.Validation {
return func() (preparation.CreateCommands, error) {
if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-Sgtj5", "Errors.Invalid.Argument")
}
if provider.Issuer = strings.TrimSpace(provider.Issuer); provider.Issuer == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-Hz6zj", "Errors.Invalid.Argument")
}
if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-fb5jm", "Errors.Invalid.Argument")
}
if provider.ClientSecret = strings.TrimSpace(provider.ClientSecret); provider.ClientSecret == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-Sfdf4", "Errors.Invalid.Argument")
}
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
events, err := filter(ctx, writeModel.Query())
if err != nil {
return nil, err
}
if event == nil {
return nil, nil
writeModel.AppendEvents(events...)
if err = writeModel.Reduce(); err != nil {
return nil, err
}
secret, err := crypto.Encrypt([]byte(provider.ClientSecret), c.idpConfigEncryption)
if err != nil {
return nil, err
}
return []eventstore.Command{
org.NewOIDCIDPAddedEvent(
ctx,
&a.Aggregate,
writeModel.ID,
provider.Name,
provider.Issuer,
provider.ClientID,
secret,
provider.Scopes,
provider.IDPOptions,
),
}, nil
}, nil
}
}
func (c *Commands) prepareUpdateOrgOIDCProvider(a *org.Aggregate, writeModel *OrgOIDCIDPWriteModel, provider GenericOIDCProvider) preparation.Validation {
return func() (preparation.CreateCommands, error) {
if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-SAfd3", "Errors.Invalid.Argument")
}
if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-Dvf4f", "Errors.Invalid.Argument")
}
if provider.Issuer = strings.TrimSpace(provider.Issuer); provider.Issuer == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-BDfr3", "Errors.Invalid.Argument")
}
if provider.ClientID = strings.TrimSpace(provider.ClientID); provider.ClientID == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-Db3bs", "Errors.Invalid.Argument")
}
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
events, err := filter(ctx, writeModel.Query())
if err != nil {
return nil, err
}
writeModel.AppendEvents(events...)
if err = writeModel.Reduce(); err != nil {
return nil, err
}
if !writeModel.State.Exists() {
return nil, caos_errs.ThrowNotFound(nil, "ORG-Dg331", "Errors.Org.IDPConfig.NotExisting")
}
event, err := writeModel.NewChangedEvent(
ctx,
&a.Aggregate,
writeModel.ID,
provider.Name,
provider.Issuer,
provider.ClientID,
provider.ClientSecret,
c.idpConfigEncryption,
provider.Scopes,
provider.IDPOptions,
)
if err != nil || event == nil {
return nil, err
}
return []eventstore.Command{event}, nil
}, nil
}
}
func (c *Commands) prepareAddOrgJWTProvider(a *org.Aggregate, writeModel *OrgJWTIDPWriteModel, provider JWTProvider) preparation.Validation {
return func() (preparation.CreateCommands, error) {
if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-JLKef", "Errors.Invalid.Argument")
}
if provider.Issuer = strings.TrimSpace(provider.Issuer); provider.Issuer == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-WNJK3", "Errors.Invalid.Argument")
}
if provider.JWTEndpoint = strings.TrimSpace(provider.JWTEndpoint); provider.JWTEndpoint == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-NJKSD", "Errors.Invalid.Argument")
}
if provider.KeyEndpoint = strings.TrimSpace(provider.KeyEndpoint); provider.KeyEndpoint == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-NJKE3", "Errors.Invalid.Argument")
}
if provider.HeaderName = strings.TrimSpace(provider.HeaderName); provider.HeaderName == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-2rlks", "Errors.Invalid.Argument")
}
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
events, err := filter(ctx, writeModel.Query())
if err != nil {
return nil, err
}
writeModel.AppendEvents(events...)
if err = writeModel.Reduce(); err != nil {
return nil, err
}
return []eventstore.Command{
org.NewJWTIDPAddedEvent(
ctx,
&a.Aggregate,
writeModel.ID,
provider.Name,
provider.Issuer,
provider.JWTEndpoint,
provider.KeyEndpoint,
provider.HeaderName,
provider.IDPOptions,
),
}, nil
}, nil
}
}
func (c *Commands) prepareUpdateOrgJWTProvider(a *org.Aggregate, writeModel *OrgJWTIDPWriteModel, provider JWTProvider) preparation.Validation {
return func() (preparation.CreateCommands, error) {
if writeModel.ID = strings.TrimSpace(writeModel.ID); writeModel.ID == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-HUe3q", "Errors.Invalid.Argument")
}
if provider.Name = strings.TrimSpace(provider.Name); provider.Name == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-JKLS2", "Errors.Invalid.Argument")
}
if provider.Issuer = strings.TrimSpace(provider.Issuer); provider.Issuer == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-JKs3f", "Errors.Invalid.Argument")
}
if provider.JWTEndpoint = strings.TrimSpace(provider.JWTEndpoint); provider.JWTEndpoint == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-NJKS2", "Errors.Invalid.Argument")
}
if provider.KeyEndpoint = strings.TrimSpace(provider.KeyEndpoint); provider.KeyEndpoint == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-SJk2d", "Errors.Invalid.Argument")
}
if provider.HeaderName = strings.TrimSpace(provider.HeaderName); provider.HeaderName == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "ORG-SJK2f", "Errors.Invalid.Argument")
}
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
events, err := filter(ctx, writeModel.Query())
if err != nil {
return nil, err
}
writeModel.AppendEvents(events...)
if err = writeModel.Reduce(); err != nil {
return nil, err
}
if !writeModel.State.Exists() {
return nil, caos_errs.ThrowNotFound(nil, "ORG-Bhju5", "Errors.Org.IDPConfig.NotExisting")
}
event, err := writeModel.NewChangedEvent(
ctx,
&a.Aggregate,
writeModel.ID,
provider.Name,
provider.Issuer,
provider.JWTEndpoint,
provider.KeyEndpoint,
provider.HeaderName,
provider.IDPOptions,
)
if err != nil || event == nil {
return nil, err
}
return []eventstore.Command{event}, nil
}, nil
@@ -322,12 +583,9 @@ func (c *Commands) prepareUpdateOrgGoogleProvider(a *org.Aggregate, writeModel *
provider.Scopes,
provider.IDPOptions,
)
if err != nil {
if err != nil || event == nil {
return nil, err
}
if event == nil {
return nil, nil
}
return []eventstore.Command{event}, nil
}, nil
}
@@ -444,12 +702,9 @@ func (c *Commands) prepareUpdateOrgLDAPProvider(a *org.Aggregate, writeModel *Or
provider.LDAPAttributes,
provider.IDPOptions,
)
if err != nil {
if err != nil || event == nil {
return nil, err
}
if event == nil {
return nil, nil
}
return []eventstore.Command{event}, nil
}, nil
}
@@ -470,7 +725,7 @@ func (c *Commands) prepareDeleteOrgProvider(a *org.Aggregate, resourceOwner, id
if !writeModel.State.Exists() {
return nil, caos_errs.ThrowNotFound(nil, "ORG-Se3tg", "Errors.Org.IDPConfig.NotExisting")
}
return []eventstore.Command{org.NewIDPRemovedEvent(ctx, &a.Aggregate, id, writeModel.name)}, nil
return []eventstore.Command{org.NewIDPRemovedEvent(ctx, &a.Aggregate, id)}, nil
}, nil
}
}

242
internal/command/org_idp_model.go
View File

@@ -85,15 +85,212 @@ func (wm *OrgOAuthIDPWriteModel) NewChangedEvent(
scopes,
options,
)
if err != nil {
if err != nil || len(changes) == 0 {
return nil, err
}
if len(changes) == 0 {
return nil, nil
}
return org.NewOAuthIDPChangedEvent(ctx, aggregate, id, changes)
}
type OrgOIDCIDPWriteModel struct {
OIDCIDPWriteModel
}
func NewOIDCOrgIDPWriteModel(orgID, id string) *OrgOIDCIDPWriteModel {
return &OrgOIDCIDPWriteModel{
OIDCIDPWriteModel{
WriteModel: eventstore.WriteModel{
AggregateID: orgID,
ResourceOwner: orgID,
},
ID: id,
},
}
}
func (wm *OrgOIDCIDPWriteModel) Reduce() error {
return wm.OIDCIDPWriteModel.Reduce()
}
func (wm *OrgOIDCIDPWriteModel) AppendEvents(events ...eventstore.Event) {
for _, event := range events {
switch e := event.(type) {
case *org.OIDCIDPAddedEvent:
wm.OIDCIDPWriteModel.AppendEvents(&e.OIDCIDPAddedEvent)
case *org.OIDCIDPChangedEvent:
wm.OIDCIDPWriteModel.AppendEvents(&e.OIDCIDPChangedEvent)
case *org.IDPRemovedEvent:
wm.OIDCIDPWriteModel.AppendEvents(&e.RemovedEvent)
// old events
case *org.IDPConfigAddedEvent:
wm.OIDCIDPWriteModel.AppendEvents(&e.IDPConfigAddedEvent)
case *org.IDPConfigChangedEvent:
wm.OIDCIDPWriteModel.AppendEvents(&e.IDPConfigChangedEvent)
case *org.IDPOIDCConfigAddedEvent:
wm.OIDCIDPWriteModel.AppendEvents(&e.OIDCConfigAddedEvent)
case *org.IDPOIDCConfigChangedEvent:
wm.OIDCIDPWriteModel.AppendEvents(&e.OIDCConfigChangedEvent)
case *org.IDPConfigRemovedEvent:
wm.OIDCIDPWriteModel.AppendEvents(&e.IDPConfigRemovedEvent)
default:
wm.OIDCIDPWriteModel.AppendEvents(e)
}
}
}
func (wm *OrgOIDCIDPWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
ResourceOwner(wm.ResourceOwner).
AddQuery().
AggregateTypes(org.AggregateType).
AggregateIDs(wm.AggregateID).
EventTypes(
org.OIDCIDPAddedEventType,
org.OIDCIDPChangedEventType,
org.IDPRemovedEventType,
).
EventData(map[string]interface{}{"id": wm.ID}).
Or(). // old events
AggregateTypes(org.AggregateType).
AggregateIDs(wm.AggregateID).
EventTypes(
org.IDPConfigAddedEventType,
org.IDPConfigChangedEventType,
org.IDPOIDCConfigAddedEventType,
org.IDPOIDCConfigChangedEventType,
org.IDPConfigRemovedEventType,
).
EventData(map[string]interface{}{"idpConfigId": wm.ID}).
Builder()
}
func (wm *OrgOIDCIDPWriteModel) NewChangedEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
id,
name,
issuer,
clientID,
clientSecretString string,
secretCrypto crypto.Crypto,
scopes []string,
options idp.Options,
) (*org.OIDCIDPChangedEvent, error) {
changes, err := wm.OIDCIDPWriteModel.NewChanges(
name,
issuer,
clientID,
clientSecretString,
secretCrypto,
scopes,
options,
)
if err != nil || len(changes) == 0 {
return nil, err
}
return org.NewOIDCIDPChangedEvent(ctx, aggregate, id, changes)
}
type OrgJWTIDPWriteModel struct {
JWTIDPWriteModel
}
func NewJWTOrgIDPWriteModel(orgID, id string) *OrgJWTIDPWriteModel {
return &OrgJWTIDPWriteModel{
JWTIDPWriteModel{
WriteModel: eventstore.WriteModel{
AggregateID: orgID,
ResourceOwner: orgID,
},
ID: id,
},
}
}
func (wm *OrgJWTIDPWriteModel) Reduce() error {
return wm.JWTIDPWriteModel.Reduce()
}
func (wm *OrgJWTIDPWriteModel) AppendEvents(events ...eventstore.Event) {
for _, event := range events {
switch e := event.(type) {
case *org.JWTIDPAddedEvent:
wm.JWTIDPWriteModel.AppendEvents(&e.JWTIDPAddedEvent)
case *org.JWTIDPChangedEvent:
wm.JWTIDPWriteModel.AppendEvents(&e.JWTIDPChangedEvent)
case *org.IDPRemovedEvent:
wm.JWTIDPWriteModel.AppendEvents(&e.RemovedEvent)
// old events
case *org.IDPConfigAddedEvent:
wm.JWTIDPWriteModel.AppendEvents(&e.IDPConfigAddedEvent)
case *org.IDPConfigChangedEvent:
wm.JWTIDPWriteModel.AppendEvents(&e.IDPConfigChangedEvent)
case *org.IDPJWTConfigAddedEvent:
wm.JWTIDPWriteModel.AppendEvents(&e.JWTConfigAddedEvent)
case *org.IDPJWTConfigChangedEvent:
wm.JWTIDPWriteModel.AppendEvents(&e.JWTConfigChangedEvent)
case *org.IDPConfigRemovedEvent:
wm.JWTIDPWriteModel.AppendEvents(&e.IDPConfigRemovedEvent)
default:
wm.JWTIDPWriteModel.AppendEvents(e)
}
}
}
func (wm *OrgJWTIDPWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
ResourceOwner(wm.ResourceOwner).
AddQuery().
AggregateTypes(org.AggregateType).
AggregateIDs(wm.AggregateID).
EventTypes(
org.JWTIDPAddedEventType,
org.JWTIDPChangedEventType,
org.IDPRemovedEventType,
).
EventData(map[string]interface{}{"id": wm.ID}).
Or(). // old events
AggregateTypes(org.AggregateType).
AggregateIDs(wm.AggregateID).
EventTypes(
org.IDPConfigAddedEventType,
org.IDPConfigChangedEventType,
org.IDPJWTConfigAddedEventType,
org.IDPJWTConfigChangedEventType,
org.IDPConfigRemovedEventType,
).
EventData(map[string]interface{}{"idpConfigId": wm.ID}).
Builder()
}
func (wm *OrgJWTIDPWriteModel) NewChangedEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
id,
name,
issuer,
jwtEndpoint,
keysEndpoint,
headerName string,
options idp.Options,
) (*org.JWTIDPChangedEvent, error) {
changes, err := wm.JWTIDPWriteModel.NewChanges(
name,
issuer,
jwtEndpoint,
keysEndpoint,
headerName,
options,
)
if err != nil || len(changes) == 0 {
return nil, err
}
return org.NewJWTIDPChangedEvent(ctx, aggregate, id, changes)
}
type OrgGoogleIDPWriteModel struct {
GoogleIDPWriteModel
}
@@ -157,12 +354,9 @@ func (wm *OrgGoogleIDPWriteModel) NewChangedEvent(
) (*org.GoogleIDPChangedEvent, error) {
changes, err := wm.GoogleIDPWriteModel.NewChanges(name, clientID, clientSecretString, secretCrypto, scopes, options)
if err != nil {
if err != nil || len(changes) == 0 {
return nil, err
}
if len(changes) == 0 {
return nil, nil
}
return org.NewGoogleIDPChangedEvent(ctx, aggregate, id, changes)
}
@@ -249,12 +443,9 @@ func (wm *OrgLDAPIDPWriteModel) NewChangedEvent(
attributes,
options,
)
if err != nil {
if err != nil || len(changes) == 0 {
return nil, err
}
if len(changes) == 0 {
return nil, nil
}
return org.NewLDAPIDPChangedEvent(ctx, aggregate, id, oldName, changes)
}
@@ -283,18 +474,20 @@ func (wm *OrgIDPRemoveWriteModel) AppendEvents(events ...eventstore.Event) {
switch e := event.(type) {
case *org.OAuthIDPAddedEvent:
wm.IDPRemoveWriteModel.AppendEvents(&e.OAuthIDPAddedEvent)
case *org.OAuthIDPChangedEvent:
wm.IDPRemoveWriteModel.AppendEvents(&e.OAuthIDPChangedEvent)
case *org.OIDCIDPAddedEvent:
wm.IDPRemoveWriteModel.AppendEvents(&e.OIDCIDPAddedEvent)
case *org.JWTIDPAddedEvent:
wm.IDPRemoveWriteModel.AppendEvents(&e.JWTIDPAddedEvent)
case *org.GoogleIDPAddedEvent:
wm.IDPRemoveWriteModel.AppendEvents(&e.GoogleIDPAddedEvent)
case *org.GoogleIDPChangedEvent:
wm.IDPRemoveWriteModel.AppendEvents(&e.GoogleIDPChangedEvent)
case *org.LDAPIDPAddedEvent:
wm.IDPRemoveWriteModel.AppendEvents(&e.LDAPIDPAddedEvent)
case *org.LDAPIDPChangedEvent:
wm.IDPRemoveWriteModel.AppendEvents(&e.LDAPIDPChangedEvent)
case *org.IDPRemovedEvent:
wm.IDPRemoveWriteModel.AppendEvents(&e.RemovedEvent)
case *org.IDPConfigAddedEvent:
wm.IDPRemoveWriteModel.AppendEvents(&e.IDPConfigAddedEvent)
case *org.IDPConfigRemovedEvent:
wm.IDPRemoveWriteModel.AppendEvents(&e.IDPConfigRemovedEvent)
default:
wm.IDPRemoveWriteModel.AppendEvents(e)
}
@@ -309,13 +502,20 @@ func (wm *OrgIDPRemoveWriteModel) Query() *eventstore.SearchQueryBuilder {
AggregateIDs(wm.AggregateID).
EventTypes(
org.OAuthIDPAddedEventType,
org.OAuthIDPChangedEventType,
org.OIDCIDPAddedEventType,
org.JWTIDPAddedEventType,
org.GoogleIDPAddedEventType,
org.GoogleIDPChangedEventType,
org.LDAPIDPAddedEventType,
org.LDAPIDPChangedEventType,
org.IDPRemovedEventType,
).
EventData(map[string]interface{}{"id": wm.ID}).
Or(). // old events
AggregateTypes(org.AggregateType).
AggregateIDs(wm.AggregateID).
EventTypes(
org.IDPConfigAddedEventType,
org.IDPConfigRemovedEventType,
).
EventData(map[string]interface{}{"idpConfigId": wm.ID}).
Builder()
}