feat: add exclusion of criteria for active idp query (#9040)

# Which Problems Are Solved To list IDPs for potential linking, we need to filter them. The GetActiveIdentityProviderResponse should therefore be extended to provide the IDPConfig or information about whether the IDP is allowed to be linked or created. # How the Problems Are Solved Add parameters to the request to exclude CreationDisallowed and/or LinkingDisallowed in the query. # Additional Changes Added integration tests for the GetGetActiveIdentityProvider endpoint. # Additional Context Closes #8981 --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-12 01:47:33 +00:00 · 2024-12-18 17:19:05 +01:00
parent da706a8b30
commit 870e3b1b26
11 changed files with 494 additions and 32 deletions
--- a/internal/query/idp_login_policy_link.go
+++ b/internal/query/idp_login_policy_link.go
@@ -15,10 +15,15 @@ import (
 )

 type IDPLoginPolicyLink struct {
-	IDPID     string
-	IDPName   string
-	IDPType   domain.IDPType
-	OwnerType domain.IdentityProviderType
+	IDPID             string
+	IDPName           string
+	IDPType           domain.IDPType
+	OwnerType         domain.IdentityProviderType
+	IsCreationAllowed bool
+	IsLinkingAllowed  bool
+	IsAutoCreation    bool
+	IsAutoUpdate      bool
+	AutoLinking       domain.AutoLinkingOption
 }

 type IDPLoginPolicyLinks struct {
@@ -127,6 +132,11 @@ func prepareIDPLoginPolicyLinksQuery(ctx context.Context, db prepareDatabase, re
 			IDPTemplateNameCol.identifier(),
 			IDPTemplateTypeCol.identifier(),
 			IDPTemplateOwnerTypeCol.identifier(),
+			IDPTemplateIsCreationAllowedCol.identifier(),
+			IDPTemplateIsLinkingAllowedCol.identifier(),
+			IDPTemplateIsAutoCreationCol.identifier(),
+			IDPTemplateIsAutoUpdateCol.identifier(),
+			IDPTemplateAutoLinkingCol.identifier(),
 			countColumn.identifier()).
 			From(idpLoginPolicyLinkTable.identifier()).
 			LeftJoin(join(IDPTemplateIDCol, IDPLoginPolicyLinkIDPIDCol)).
@@ -141,29 +151,60 @@ func prepareIDPLoginPolicyLinksQuery(ctx context.Context, db prepareDatabase, re
 			var count uint64
 			for rows.Next() {
 				var (
-					idpName      = sql.NullString{}
-					idpType      = sql.NullInt16{}
-					idpOwnerType = sql.NullInt16{}
-					link         = new(IDPLoginPolicyLink)
+					idpName           = sql.NullString{}
+					idpType           = sql.NullInt16{}
+					idpOwnerType      = sql.NullInt16{}
+					link              = new(IDPLoginPolicyLink)
+					isCreationAllowed = sql.NullBool{}
+					isLinkingAllowed  = sql.NullBool{}
+					isAutoCreation    = sql.NullBool{}
+					isAutoUpdate      = sql.NullBool{}
+					autoLinking       = sql.NullInt16{}
 				)
 				err := rows.Scan(
 					&link.IDPID,
 					&idpName,
 					&idpType,
 					&idpOwnerType,
+					&isCreationAllowed,
+					&isLinkingAllowed,
+					&isAutoCreation,
+					&isAutoUpdate,
+					&autoLinking,
 					&count,
 				)
 				if err != nil {
 					return nil, err
 				}
-				link.IDPName = idpName.String
+				if idpName.Valid {
+					link.IDPName = idpName.String
+				}
 				//IDPType 0 is oidc so we have to set unspecified manually
 				if idpType.Valid {
 					link.IDPType = domain.IDPType(idpType.Int16)
 				} else {
 					link.IDPType = domain.IDPTypeUnspecified
 				}
-				link.OwnerType = domain.IdentityProviderType(idpOwnerType.Int16)
+				if idpOwnerType.Valid {
+					link.OwnerType = domain.IdentityProviderType(idpOwnerType.Int16)
+				}
+				if isCreationAllowed.Valid {
+					link.IsCreationAllowed = isCreationAllowed.Bool
+				}
+				if isLinkingAllowed.Valid {
+					link.IsLinkingAllowed = isLinkingAllowed.Bool
+				}
+				if isAutoCreation.Valid {
+					link.IsAutoCreation = isAutoCreation.Bool
+				}
+				if isAutoUpdate.Valid {
+					link.IsAutoUpdate = isAutoUpdate.Bool
+				}
+				if autoLinking.Valid {
+					link.AutoLinking = domain.AutoLinkingOption(autoLinking.Int16)
+				} else {
+					link.AutoLinking = domain.AutoLinkingOptionUnspecified
+				}
 				links = append(links, link)
 			}

--- a/internal/query/idp_login_policy_link_test.go
+++ b/internal/query/idp_login_policy_link_test.go
@@ -19,6 +19,11 @@ var (
 		` projections.idp_templates6.name,` +
 		` projections.idp_templates6.type,` +
 		` projections.idp_templates6.owner_type,` +
+		` projections.idp_templates6.is_creation_allowed,` +
+		` projections.idp_templates6.is_linking_allowed,` +
+		` projections.idp_templates6.is_auto_creation,` +
+		` projections.idp_templates6.is_auto_update,` +
+		` projections.idp_templates6.auto_linking,` +
 		` COUNT(*) OVER ()` +
 		` FROM projections.idp_login_policy_links5` +
 		` LEFT JOIN projections.idp_templates6 ON projections.idp_login_policy_links5.idp_id = projections.idp_templates6.id AND projections.idp_login_policy_links5.instance_id = projections.idp_templates6.instance_id` +
@@ -31,6 +36,11 @@ var (
 		"name",
 		"type",
 		"owner_type",
+		"is_creation_allowed",
+		"is_linking_allowed",
+		"is_auto_creation",
+		"is_auto_update",
+		"auto_linking",
 		"count",
 	}
 )
@@ -61,6 +71,11 @@ func Test_IDPLoginPolicyLinkPrepares(t *testing.T) {
 							"idp-name",
 							domain.IDPTypeJWT,
 							domain.IdentityProviderTypeSystem,
+							true,
+							true,
+							true,
+							true,
+							domain.AutoLinkingOptionUsername,
 						},
 					},
 				),
@@ -71,10 +86,15 @@ func Test_IDPLoginPolicyLinkPrepares(t *testing.T) {
 				},
 				Links: []*IDPLoginPolicyLink{
 					{
-						IDPID:     "idp-id",
-						IDPName:   "idp-name",
-						IDPType:   domain.IDPTypeJWT,
-						OwnerType: domain.IdentityProviderTypeSystem,
+						IDPID:             "idp-id",
+						IDPName:           "idp-name",
+						IDPType:           domain.IDPTypeJWT,
+						OwnerType:         domain.IdentityProviderTypeSystem,
+						IsCreationAllowed: true,
+						IsLinkingAllowed:  true,
+						IsAutoCreation:    true,
+						IsAutoUpdate:      true,
+						AutoLinking:       domain.AutoLinkingOptionUsername,
 					},
 				},
 			},
@@ -94,6 +114,11 @@ func Test_IDPLoginPolicyLinkPrepares(t *testing.T) {
 							nil,
 							nil,
 							nil,
+							false,
+							false,
+							false,
+							false,
+							0,
 						},
 					},
 				),
@@ -104,9 +129,14 @@ func Test_IDPLoginPolicyLinkPrepares(t *testing.T) {
 				},
 				Links: []*IDPLoginPolicyLink{
 					{
-						IDPID:   "idp-id",
-						IDPName: "",
-						IDPType: domain.IDPTypeUnspecified,
+						IDPID:             "idp-id",
+						IDPName:           "",
+						IDPType:           domain.IDPTypeUnspecified,
+						IsCreationAllowed: false,
+						IsLinkingAllowed:  false,
+						IsAutoCreation:    false,
+						IsAutoUpdate:      false,
+						AutoLinking:       domain.AutoLinkingOptionUnspecified,
 					},
 				},
 			},
--- a/internal/query/idp_template.go
+++ b/internal/query/idp_template.go
@@ -825,6 +825,22 @@ func NewIDPTemplateResourceOwnerListSearchQuery(ids ...string) (SearchQuery, err
 	return NewListQuery(IDPTemplateResourceOwnerCol, list, ListIn)
 }

+func NewIDPTemplateIsCreationAllowedSearchQuery(value bool) (SearchQuery, error) {
+	return NewBoolQuery(IDPTemplateIsCreationAllowedCol, value)
+}
+
+func NewIDPTemplateIsLinkingAllowedSearchQuery(value bool) (SearchQuery, error) {
+	return NewBoolQuery(IDPTemplateIsLinkingAllowedCol, value)
+}
+
+func NewIDPTemplateIsAutoCreationSearchQuery(value bool) (SearchQuery, error) {
+	return NewBoolQuery(IDPTemplateIsAutoCreationCol, value)
+}
+
+func NewIDPTemplateAutoLinkingSearchQuery(value int, method NumberComparison) (SearchQuery, error) {
+	return NewNumberQuery(IDPTemplateAutoLinkingCol, value, method)
+}
+
 func (q *IDPTemplateSearchQueries) toQuery(query sq.SelectBuilder) sq.SelectBuilder {
 	query = q.SearchRequest.toQuery(query)
 	for _, q := range q.Queries {