feat: validate org domains (#3387)

* feat: validate org domain command side

* feat: validate org domain query side

* fix: create domain policy

* feat: add reading domain policy on addorg domain

internal/query/org_iam_policy.go

@@ -24,6 +24,7 @@ type DomainPolicy struct {
 	State         domain.PolicyState
 
 	UserLoginMustBeDomain bool
+	ValidateOrgDomains    bool
 
 	IsDefault bool
 }
@@ -60,6 +61,10 @@ var (
 		name:  projection.DomainPolicyUserLoginMustBeDomainCol,
 		table: domainPolicyTable,
 	}
+	DomainPolicyColValidateOrgDomains = Column{
+		name:  projection.DomainPolicyValidateOrgDomainsCol,
+		table: domainPolicyTable,
+	}
 	DomainPolicyColIsDefault = Column{
 		name:  projection.DomainPolicyIsDefaultCol,
 		table: domainPolicyTable,
@@ -120,6 +125,7 @@ func prepareDomainPolicyQuery() (sq.SelectBuilder, func(*sql.Row) (*DomainPolicy
 			DomainPolicyColChangeDate.identifier(),
 			DomainPolicyColResourceOwner.identifier(),
 			DomainPolicyColUserLoginMustBeDomain.identifier(),
+			DomainPolicyColValidateOrgDomains.identifier(),
 			DomainPolicyColIsDefault.identifier(),
 			DomainPolicyColState.identifier(),
 		).
@@ -133,6 +139,7 @@ func prepareDomainPolicyQuery() (sq.SelectBuilder, func(*sql.Row) (*DomainPolicy
 				&policy.ChangeDate,
 				&policy.ResourceOwner,
 				&policy.UserLoginMustBeDomain,
+				&policy.ValidateOrgDomains,
 				&policy.IsDefault,
 				&policy.State,
 			)

internal/query/org_iam_policy_test.go

@@ -34,6 +34,7 @@ func Test_DomainPolicyPrepares(t *testing.T) {
 						` projections.domain_policies.change_date,`+
 						` projections.domain_policies.resource_owner,`+
 						` projections.domain_policies.user_login_must_be_domain,`+
+						` projections.domain_policies.validate_org_domains,`+
 						` projections.domain_policies.is_default,`+
 						` projections.domain_policies.state`+
 						` FROM projections.domain_policies`),
@@ -60,6 +61,7 @@ func Test_DomainPolicyPrepares(t *testing.T) {
 						` projections.domain_policies.change_date,`+
 						` projections.domain_policies.resource_owner,`+
 						` projections.domain_policies.user_login_must_be_domain,`+
+						` projections.domain_policies.validate_org_domains,`+
 						` projections.domain_policies.is_default,`+
 						` projections.domain_policies.state`+
 						` FROM projections.domain_policies`),
@@ -70,6 +72,7 @@ func Test_DomainPolicyPrepares(t *testing.T) {
 						"change_date",
 						"resource_owner",
 						"user_login_must_be_domain",
+						"validate_org_domains",
 						"is_default",
 						"state",
 					},
@@ -81,6 +84,7 @@ func Test_DomainPolicyPrepares(t *testing.T) {
 						"ro",
 						true,
 						true,
+						true,
 						domain.PolicyStateActive,
 					},
 				),
@@ -93,6 +97,7 @@ func Test_DomainPolicyPrepares(t *testing.T) {
 				ResourceOwner:         "ro",
 				State:                 domain.PolicyStateActive,
 				UserLoginMustBeDomain: true,
+				ValidateOrgDomains:    true,
 				IsDefault:             true,
 			},
 		},
@@ -107,6 +112,7 @@ func Test_DomainPolicyPrepares(t *testing.T) {
 						` projections.domain_policies.change_date,`+
 						` projections.domain_policies.resource_owner,`+
 						` projections.domain_policies.user_login_must_be_domain,`+
+						` projections.domain_policies.validate_org_domains,`+
 						` projections.domain_policies.is_default,`+
 						` projections.domain_policies.state`+
 						` FROM projections.domain_policies`),

internal/query/projection/domain_policy.go

@@ -22,6 +22,7 @@ const (
 	DomainPolicySequenceCol              = "sequence"
 	DomainPolicyStateCol                 = "state"
 	DomainPolicyUserLoginMustBeDomainCol = "user_login_must_be_domain"
+	DomainPolicyValidateOrgDomainsCol    = "validate_org_domains"
 	DomainPolicyIsDefaultCol             = "is_default"
 	DomainPolicyResourceOwnerCol         = "resource_owner"
 	DomainPolicyInstanceIDCol            = "instance_id"
@@ -43,6 +44,7 @@ func NewDomainPolicyProjection(ctx context.Context, config crdb.StatementHandler
 			crdb.NewColumn(DomainPolicySequenceCol, crdb.ColumnTypeInt64),
 			crdb.NewColumn(DomainPolicyStateCol, crdb.ColumnTypeEnum),
 			crdb.NewColumn(DomainPolicyUserLoginMustBeDomainCol, crdb.ColumnTypeBool),
+			crdb.NewColumn(DomainPolicyValidateOrgDomainsCol, crdb.ColumnTypeBool),
 			crdb.NewColumn(DomainPolicyIsDefaultCol, crdb.ColumnTypeBool, crdb.Default(false)),
 			crdb.NewColumn(DomainPolicyResourceOwnerCol, crdb.ColumnTypeText),
 			crdb.NewColumn(DomainPolicyInstanceIDCol, crdb.ColumnTypeText),
@@ -111,6 +113,7 @@ func (p *DomainPolicyProjection) reduceAdded(event eventstore.Event) (*handler.S
 			handler.NewCol(DomainPolicyIDCol, policyEvent.Aggregate().ID),
 			handler.NewCol(DomainPolicyStateCol, domain.PolicyStateActive),
 			handler.NewCol(DomainPolicyUserLoginMustBeDomainCol, policyEvent.UserLoginMustBeDomain),
+			handler.NewCol(DomainPolicyValidateOrgDomainsCol, policyEvent.ValidateOrgDomains),
 			handler.NewCol(DomainPolicyIsDefaultCol, isDefault),
 			handler.NewCol(DomainPolicyResourceOwnerCol, policyEvent.Aggregate().ResourceOwner),
 			handler.NewCol(DomainPolicyInstanceIDCol, policyEvent.Aggregate().InstanceID),
@@ -134,6 +137,9 @@ func (p *DomainPolicyProjection) reduceChanged(event eventstore.Event) (*handler
 	if policyEvent.UserLoginMustBeDomain != nil {
 		cols = append(cols, handler.NewCol(DomainPolicyUserLoginMustBeDomainCol, *policyEvent.UserLoginMustBeDomain))
 	}
+	if policyEvent.ValidateOrgDomains != nil {
+		cols = append(cols, handler.NewCol(DomainPolicyValidateOrgDomainsCol, *policyEvent.ValidateOrgDomains))
+	}
 	return crdb.NewUpdateStatement(
 		&policyEvent,
 		cols,

internal/query/projection/domain_policy_test.go

@@ -29,7 +29,8 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
 					repository.EventType(org.DomainPolicyAddedEventType),
 					org.AggregateType,
 					[]byte(`{
-						"userLoginMustBeDomain": true
+						"userLoginMustBeDomain": true,
+						"validateOrgDomains": true
 }`),
 				), org.DomainPolicyAddedEventMapper),
 			},
@@ -42,7 +43,7 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
 				executer: &testExecuter{
 					executions: []execution{
 						{
-							expectedStmt: "INSERT INTO projections.domain_policies (creation_date, change_date, sequence, id, state, user_login_must_be_domain, is_default, resource_owner, instance_id) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
+							expectedStmt: "INSERT INTO projections.domain_policies (creation_date, change_date, sequence, id, state, user_login_must_be_domain, validate_org_domains, is_default, resource_owner, instance_id) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)",
 							expectedArgs: []interface{}{
 								anyArg{},
 								anyArg{},
@@ -50,6 +51,7 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
 								"agg-id",
 								domain.PolicyStateActive,
 								true,
+								true,
 								false,
 								"ro-id",
 								"instance-id",
@@ -67,7 +69,8 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
 					repository.EventType(org.DomainPolicyChangedEventType),
 					org.AggregateType,
 					[]byte(`{
-						"userLoginMustBeDomain": true
+						"userLoginMustBeDomain": true,
+						"validateOrgDomains": true
 		}`),
 				), org.DomainPolicyChangedEventMapper),
 			},
@@ -79,11 +82,12 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
 				executer: &testExecuter{
 					executions: []execution{
 						{
-							expectedStmt: "UPDATE projections.domain_policies SET (change_date, sequence, user_login_must_be_domain) = ($1, $2, $3) WHERE (id = $4)",
+							expectedStmt: "UPDATE projections.domain_policies SET (change_date, sequence, user_login_must_be_domain, validate_org_domains) = ($1, $2, $3, $4) WHERE (id = $5)",
 							expectedArgs: []interface{}{
 								anyArg{},
 								uint64(15),
 								true,
+								true,
 								"agg-id",
 							},
 						},
@@ -126,7 +130,8 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
 					repository.EventType(instance.DomainPolicyAddedEventType),
 					instance.AggregateType,
 					[]byte(`{
-						"userLoginMustBeDomain": true
+						"userLoginMustBeDomain": true,
+						"validateOrgDomains": true
 					}`),
 				), instance.DomainPolicyAddedEventMapper),
 			},
@@ -138,7 +143,7 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
 				executer: &testExecuter{
 					executions: []execution{
 						{
-							expectedStmt: "INSERT INTO projections.domain_policies (creation_date, change_date, sequence, id, state, user_login_must_be_domain, is_default, resource_owner, instance_id) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
+							expectedStmt: "INSERT INTO projections.domain_policies (creation_date, change_date, sequence, id, state, user_login_must_be_domain, validate_org_domains, is_default, resource_owner, instance_id) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)",
 							expectedArgs: []interface{}{
 								anyArg{},
 								anyArg{},
@@ -147,6 +152,7 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
 								domain.PolicyStateActive,
 								true,
 								true,
+								true,
 								"ro-id",
 								"instance-id",
 							},
@@ -163,7 +169,8 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
 					repository.EventType(instance.DomainPolicyChangedEventType),
 					instance.AggregateType,
 					[]byte(`{
-						"userLoginMustBeDomain": true
+						"userLoginMustBeDomain": true,
+						"validateOrgDomains": true
 					}`),
 				), instance.DomainPolicyChangedEventMapper),
 			},
@@ -175,11 +182,12 @@ func TestDomainPolicyProjection_reduces(t *testing.T) {
 				executer: &testExecuter{
 					executions: []execution{
 						{
-							expectedStmt: "UPDATE projections.domain_policies SET (change_date, sequence, user_login_must_be_domain) = ($1, $2, $3) WHERE (id = $4)",
+							expectedStmt: "UPDATE projections.domain_policies SET (change_date, sequence, user_login_must_be_domain, validate_org_domains) = ($1, $2, $3, $4) WHERE (id = $5)",
 							expectedArgs: []interface{}{
 								anyArg{},
 								uint64(15),
 								true,
+								true,
 								"agg-id",
 							},
 						},