feat: permit all features to every instance and organisation (#3566)

2025-08-11 21:37:32 +00:00 · 2022-05-02 11:18:17 +02:00
parent a9f71ba08e
commit 861cf07700
71 changed files with 90 additions and 6589 deletions
--- a/cmd/admin/setup/03.go
+++ b/cmd/admin/setup/03.go
@@ -50,7 +50,6 @@ func (mig *DefaultInstance) Execute(ctx context.Context) error {
 		mig.zitadelRoles,
 		nil,
 		nil,
-		nil,
 		mig.externalDomain,
 		mig.externalSecure,
 		mig.externalPort,
--- a/cmd/admin/start/config.go
+++ b/cmd/admin/start/config.go
@@ -1,6 +1,8 @@
 package start

 import (
+	"time"
+
 	"github.com/mitchellh/mapstructure"
 	"github.com/spf13/viper"
 	"github.com/zitadel/logging"
@@ -25,30 +27,31 @@ import (
 )

 type Config struct {
-	Log             *logging.Config
-	Port            uint16
-	ExternalPort    uint16
-	ExternalDomain  string
-	ExternalSecure  bool
-	HTTP2HostHeader string
-	HTTP1HostHeader string
-	WebAuthNName    string
-	Database        database.Config
-	Tracing         tracing.Config
-	Projections     projection.Config
-	AuthZ           authz.Config
-	Auth            auth_es.Config
-	Admin           admin_es.Config
-	UserAgentCookie *middleware.UserAgentCookieConfig
-	OIDC            oidc.Config
-	Login           login.Config
-	Console         console.Config
-	Notification    notification.Config
-	AssetStorage    static_config.AssetStorageConfig
-	InternalAuthZ   internal_authz.Config
-	SystemDefaults  systemdefaults.SystemDefaults
-	EncryptionKeys  *encryptionKeyConfig
-	DefaultInstance command.InstanceSetup
+	Log               *logging.Config
+	Port              uint16
+	ExternalPort      uint16
+	ExternalDomain    string
+	ExternalSecure    bool
+	HTTP2HostHeader   string
+	HTTP1HostHeader   string
+	WebAuthNName      string
+	Database          database.Config
+	Tracing           tracing.Config
+	Projections       projection.Config
+	AuthZ             authz.Config
+	Auth              auth_es.Config
+	Admin             admin_es.Config
+	UserAgentCookie   *middleware.UserAgentCookieConfig
+	OIDC              oidc.Config
+	Login             login.Config
+	Console           console.Config
+	Notification      notification.Config
+	AssetStorage      static_config.AssetStorageConfig
+	InternalAuthZ     internal_authz.Config
+	SystemDefaults    systemdefaults.SystemDefaults
+	EncryptionKeys    *encryptionKeyConfig
+	DefaultInstance   command.InstanceSetup
+	AuditLogRetention time.Duration
 }

 func MustNewConfig(v *viper.Viper) *Config {
--- a/cmd/admin/start/start.go
+++ b/cmd/admin/start/start.go
@@ -116,7 +116,6 @@ func startZitadel(config *Config, masterKey string) error {
 		config.SystemDefaults,
 		config.InternalAuthZ.RolePermissionMappings,
 		storage,
-		authZRepo,
 		webAuthNConfig,
 		config.ExternalDomain,
 		config.ExternalSecure,
@@ -168,10 +167,10 @@ func startAPIs(ctx context.Context, router *mux.Router, commands *command.Comman
 	if err := authenticatedAPIs.RegisterServer(ctx, admin.CreateServer(commands, queries, adminRepo, assets.HandlerPrefix, keys.User)); err != nil {
 		return err
 	}
-	if err := authenticatedAPIs.RegisterServer(ctx, management.CreateServer(commands, queries, config.SystemDefaults, assets.HandlerPrefix, keys.User, config.ExternalSecure, oidc.HandlerPrefix)); err != nil {
+	if err := authenticatedAPIs.RegisterServer(ctx, management.CreateServer(commands, queries, config.SystemDefaults, assets.HandlerPrefix, keys.User, config.ExternalSecure, oidc.HandlerPrefix, config.AuditLogRetention)); err != nil {
 		return err
 	}
-	if err := authenticatedAPIs.RegisterServer(ctx, auth.CreateServer(commands, queries, authRepo, config.SystemDefaults, assets.HandlerPrefix, keys.User, config.ExternalSecure)); err != nil {
+	if err := authenticatedAPIs.RegisterServer(ctx, auth.CreateServer(commands, queries, authRepo, config.SystemDefaults, assets.HandlerPrefix, keys.User, config.ExternalSecure, config.AuditLogRetention)); err != nil {
 		return err
 	}

--- a/cmd/defaults.yaml
+++ b/cmd/defaults.yaml
@@ -228,29 +228,6 @@ DefaultInstance:
      IncludeUpperLetters: true
      IncludeDigits: true
      IncludeSymbols: false
-  Features:
-    TierName: Default Tier
-    TierDescription: ""
-    State: 1 #active
-    StateDescription: ""
-    Retention: 8760h #1year
-    LoginPolicyFactors: true
-    LoginPolicyIDP: true
-    LoginPolicyPasswordless: true
-    LoginPolicyRegistration: true
-    LoginPolicyUsernameLogin: true
-    LoginPolicyPasswordReset: true
-    PasswordComplexityPolicy: true
-    LabelPolicyPrivateLabel: true
-    LabelPolicyWatermark: true
-    CustomDomain: true
-    PrivacyPolicy: true
-    MetadataUser: true
-    CustomTextMessage: true
-    CustomTextLogin: true
-    LockoutPolicy: true
-    ActionsAllowed: 2 #ActionsAllowedUnlimited
-    MaxActions: #not necessary because of ActionsAllowedUnlimited
  PasswordComplexityPolicy:
    MinLength: 8
    HasLowercase: true
@@ -383,8 +360,6 @@ InternalAuthZ:
      Permissions:
        - "iam.read"
        - "iam.write"
-        - "iam.features.read"
-        - "iam.features.write"
        - "iam.policy.read"
        - "iam.policy.write"
        - "iam.policy.delete"
@@ -425,7 +400,6 @@ InternalAuthZ:
        - "user.grant.delete"
        - "user.membership.read"
        - "user.credential.write"
-        - "features.read"
        - "policy.read"
        - "policy.write"
        - "policy.delete"
@@ -451,7 +425,6 @@ InternalAuthZ:
    - Role: "IAM_OWNER_VIEWER"
      Permissions:
        - "iam.read"
-        - "iam.features.read"
        - "iam.policy.read"
        - "iam.member.read"
        - "iam.idp.read"
@@ -466,7 +439,6 @@ InternalAuthZ:
        - "user.global.read"
        - "user.grant.read"
        - "user.membership.read"
-        - "features.read"
        - "policy.read"
        - "project.read"
        - "project.member.read"
@@ -501,7 +473,6 @@ InternalAuthZ:
        - "user.grant.delete"
        - "user.membership.read"
        - "user.credential.write"
-        - "features.read"
        - "policy.read"
        - "policy.write"
        - "policy.delete"
@@ -538,7 +509,6 @@ InternalAuthZ:
        - "user.grant.write"
        - "user.grant.delete"
        - "user.membership.read"
-        - "features.read"
        - "project.read"
        - "project.member.read"
        - "project.role.read"
@@ -574,7 +544,6 @@ InternalAuthZ:
        - "user.grant.delete"
        - "user.membership.read"
        - "user.credential.write"
-        - "features.read"
        - "policy.read"
        - "policy.write"
        - "policy.delete"
@@ -619,7 +588,6 @@ InternalAuthZ:
        - "user.global.read"
        - "user.grant.read"
        - "user.membership.read"
-        - "features.read"
        - "policy.read"
        - "project.read"
        - "project.member.read"