TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 08:57:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add exclusion of criteria for active idp query (#9040)

Browse Source 
# Which Problems Are Solved

To list IDPs for potential linking, we need to filter them. The
GetActiveIdentityProviderResponse should therefore be extended to
provide the IDPConfig or information about whether the IDP is allowed to
be linked or created.

# How the Problems Are Solved

Add parameters to the request to exclude CreationDisallowed and/or
LinkingDisallowed in the query.

# Additional Changes

Added integration tests for the GetGetActiveIdentityProvider endpoint.

# Additional Context

Closes #8981

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
This commit is contained in:
Stefan Benz
2024-12-18 17:19:05 +01:00
committed by GitHub
parent da706a8b30
commit 870e3b1b26
11 changed files with 494 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

282
internal/api/grpc/settings/v2/integration_test/settings_test.go
View File

@@ -7,11 +7,15 @@ import (
"testing"
"time"
"github.com/brianvoe/gofakeit/v6"
"github.com/muhlemmer/gu"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"google.golang.org/protobuf/types/known/timestamppb"
"github.com/zitadel/zitadel/internal/integration"
"github.com/zitadel/zitadel/pkg/grpc/idp"
idp_pb "github.com/zitadel/zitadel/pkg/grpc/idp/v2"
object_pb "github.com/zitadel/zitadel/pkg/grpc/object/v2"
"github.com/zitadel/zitadel/pkg/grpc/settings/v2"
)
@@ -178,3 +182,281 @@ func TestServer_SetSecuritySettings(t *testing.T) {
})
}
}
func idpResponse(id, name string, linking, creation, autoCreation, autoUpdate bool, autoLinking idp_pb.AutoLinkingOption) *settings.IdentityProvider {
return &settings.IdentityProvider{
Id: id,
Name: name,
Type: settings.IdentityProviderType_IDENTITY_PROVIDER_TYPE_OAUTH,
Options: &idp_pb.Options{
IsLinkingAllowed: linking,
IsCreationAllowed: creation,
IsAutoCreation: autoCreation,
IsAutoUpdate: autoUpdate,
AutoLinking: autoLinking,
},
}
}
func TestServer_GetActiveIdentityProviders(t *testing.T) {
instance := integration.NewInstance(CTX)
isolatedIAMOwnerCTX := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
instance.AddGenericOAuthProvider(isolatedIAMOwnerCTX, gofakeit.AppName()) // inactive
idpActiveName := gofakeit.AppName()
idpActiveResp := instance.AddGenericOAuthProvider(isolatedIAMOwnerCTX, idpActiveName)
instance.AddProviderToDefaultLoginPolicy(isolatedIAMOwnerCTX, idpActiveResp.GetId())
idpActiveResponse := idpResponse(idpActiveResp.GetId(), idpActiveName, true, true, true, true, idp_pb.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
idpLinkingDisallowedName := gofakeit.AppName()
idpLinkingDisallowedResp := instance.AddGenericOAuthProviderWithOptions(isolatedIAMOwnerCTX, idpLinkingDisallowedName, false, true, true, idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
instance.AddProviderToDefaultLoginPolicy(isolatedIAMOwnerCTX, idpLinkingDisallowedResp.GetId())
idpLinkingDisallowedResponse := idpResponse(idpLinkingDisallowedResp.GetId(), idpLinkingDisallowedName, false, true, true, true, idp_pb.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
idpCreationDisallowedName := gofakeit.AppName()
idpCreationDisallowedResp := instance.AddGenericOAuthProviderWithOptions(isolatedIAMOwnerCTX, idpCreationDisallowedName, true, false, true, idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
instance.AddProviderToDefaultLoginPolicy(isolatedIAMOwnerCTX, idpCreationDisallowedResp.GetId())
idpCreationDisallowedResponse := idpResponse(idpCreationDisallowedResp.GetId(), idpCreationDisallowedName, true, false, true, true, idp_pb.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
idpNoAutoCreationName := gofakeit.AppName()
idpNoAutoCreationResp := instance.AddGenericOAuthProviderWithOptions(isolatedIAMOwnerCTX, idpNoAutoCreationName, true, true, false, idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
instance.AddProviderToDefaultLoginPolicy(isolatedIAMOwnerCTX, idpNoAutoCreationResp.GetId())
idpNoAutoCreationResponse := idpResponse(idpNoAutoCreationResp.GetId(), idpNoAutoCreationName, true, true, false, true, idp_pb.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
idpNoAutoLinkingName := gofakeit.AppName()
idpNoAutoLinkingResp := instance.AddGenericOAuthProviderWithOptions(isolatedIAMOwnerCTX, idpNoAutoLinkingName, true, true, true, idp.AutoLinkingOption_AUTO_LINKING_OPTION_UNSPECIFIED)
instance.AddProviderToDefaultLoginPolicy(isolatedIAMOwnerCTX, idpNoAutoLinkingResp.GetId())
idpNoAutoLinkingResponse := idpResponse(idpNoAutoLinkingResp.GetId(), idpNoAutoLinkingName, true, true, true, true, idp_pb.AutoLinkingOption_AUTO_LINKING_OPTION_UNSPECIFIED)
type args struct {
ctx context.Context
req *settings.GetActiveIdentityProvidersRequest
}
tests := []struct {
name string
args args
want *settings.GetActiveIdentityProvidersResponse
wantErr bool
}{
{
name: "permission error",
args: args{
ctx: instance.WithAuthorization(CTX, integration.UserTypeLogin),
req: &settings.GetActiveIdentityProvidersRequest{},
},
wantErr: true,
},
{
name: "success, all",
args: args{
ctx: isolatedIAMOwnerCTX,
req: &settings.GetActiveIdentityProvidersRequest{},
},
want: &settings.GetActiveIdentityProvidersResponse{
Details: &object_pb.ListDetails{
TotalResult: 5,
Timestamp: timestamppb.Now(),
},
IdentityProviders: []*settings.IdentityProvider{
idpActiveResponse,
idpLinkingDisallowedResponse,
idpCreationDisallowedResponse,
idpNoAutoCreationResponse,
idpNoAutoLinkingResponse,
},
},
},
{
name: "success, exclude linking disallowed",
args: args{
ctx: isolatedIAMOwnerCTX,
req: &settings.GetActiveIdentityProvidersRequest{
LinkingAllowed: gu.Ptr(true),
},
},
want: &settings.GetActiveIdentityProvidersResponse{
Details: &object_pb.ListDetails{
TotalResult: 4,
Timestamp: timestamppb.Now(),
},
IdentityProviders: []*settings.IdentityProvider{
idpActiveResponse,
idpCreationDisallowedResponse,
idpNoAutoCreationResponse,
idpNoAutoLinkingResponse,
},
},
},
{
name: "success, only linking disallowed",
args: args{
ctx: isolatedIAMOwnerCTX,
req: &settings.GetActiveIdentityProvidersRequest{
LinkingAllowed: gu.Ptr(false),
},
},
want: &settings.GetActiveIdentityProvidersResponse{
Details: &object_pb.ListDetails{
TotalResult: 1,
Timestamp: timestamppb.Now(),
},
IdentityProviders: []*settings.IdentityProvider{
idpLinkingDisallowedResponse,
},
},
},
{
name: "success, exclude creation disallowed",
args: args{
ctx: isolatedIAMOwnerCTX,
req: &settings.GetActiveIdentityProvidersRequest{
CreationAllowed: gu.Ptr(true),
},
},
want: &settings.GetActiveIdentityProvidersResponse{
Details: &object_pb.ListDetails{
TotalResult: 4,
Timestamp: timestamppb.Now(),
},
IdentityProviders: []*settings.IdentityProvider{
idpActiveResponse,
idpLinkingDisallowedResponse,
idpNoAutoCreationResponse,
idpNoAutoLinkingResponse,
},
},
},
{
name: "success, only creation disallowed",
args: args{
ctx: isolatedIAMOwnerCTX,
req: &settings.GetActiveIdentityProvidersRequest{
CreationAllowed: gu.Ptr(false),
},
},
want: &settings.GetActiveIdentityProvidersResponse{
Details: &object_pb.ListDetails{
TotalResult: 1,
Timestamp: timestamppb.Now(),
},
IdentityProviders: []*settings.IdentityProvider{
idpCreationDisallowedResponse,
},
},
},
{
name: "success, auto creation",
args: args{
ctx: isolatedIAMOwnerCTX,
req: &settings.GetActiveIdentityProvidersRequest{
AutoCreation: gu.Ptr(true),
},
},
want: &settings.GetActiveIdentityProvidersResponse{
Details: &object_pb.ListDetails{
TotalResult: 4,
Timestamp: timestamppb.Now(),
},
IdentityProviders: []*settings.IdentityProvider{
idpActiveResponse,
idpLinkingDisallowedResponse,
idpCreationDisallowedResponse,
idpNoAutoLinkingResponse,
},
},
},
{
name: "success, no auto creation",
args: args{
ctx: isolatedIAMOwnerCTX,
req: &settings.GetActiveIdentityProvidersRequest{
AutoCreation: gu.Ptr(false),
},
},
want: &settings.GetActiveIdentityProvidersResponse{
Details: &object_pb.ListDetails{
TotalResult: 1,
Timestamp: timestamppb.Now(),
},
IdentityProviders: []*settings.IdentityProvider{
idpNoAutoCreationResponse,
},
},
},
{
name: "success, auto linking",
args: args{
ctx: isolatedIAMOwnerCTX,
req: &settings.GetActiveIdentityProvidersRequest{
AutoLinking: gu.Ptr(true),
},
},
want: &settings.GetActiveIdentityProvidersResponse{
Details: &object_pb.ListDetails{
TotalResult: 4,
Timestamp: timestamppb.Now(),
},
IdentityProviders: []*settings.IdentityProvider{
idpActiveResponse,
idpLinkingDisallowedResponse,
idpCreationDisallowedResponse,
idpNoAutoCreationResponse,
},
},
},
{
name: "success, no auto linking",
args: args{
ctx: isolatedIAMOwnerCTX,
req: &settings.GetActiveIdentityProvidersRequest{
AutoLinking: gu.Ptr(false),
},
},
want: &settings.GetActiveIdentityProvidersResponse{
Details: &object_pb.ListDetails{
TotalResult: 1,
Timestamp: timestamppb.Now(),
},
IdentityProviders: []*settings.IdentityProvider{
idpNoAutoLinkingResponse,
},
},
},
{
name: "success, exclude all",
args: args{
ctx: isolatedIAMOwnerCTX,
req: &settings.GetActiveIdentityProvidersRequest{
LinkingAllowed: gu.Ptr(true),
CreationAllowed: gu.Ptr(true),
AutoCreation: gu.Ptr(true),
AutoLinking: gu.Ptr(true),
},
},
want: &settings.GetActiveIdentityProvidersResponse{
Details: &object_pb.ListDetails{
TotalResult: 1,
Timestamp: timestamppb.Now(),
},
IdentityProviders: []*settings.IdentityProvider{
idpActiveResponse,
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(tt.args.ctx, time.Minute)
assert.EventuallyWithT(t, func(ct *assert.CollectT) {
got, err := instance.Client.SettingsV2.GetActiveIdentityProviders(tt.args.ctx, tt.args.req)
if tt.wantErr {
assert.Error(ct, err)
return
}
if !assert.NoError(ct, err) {
return
}
for i, result := range tt.want.GetIdentityProviders() {
assert.EqualExportedValues(ct, result, got.GetIdentityProviders()[i])
}
integration.AssertListDetails(ct, tt.want, got)
}, retryDuration, tick)
})
}
}