feat: setup as separate command (#604)

* feat: separate setup from startup * health * move setup config * add env vars to caos_local.sh * fix domain and set devMode explicit
2025-08-11 21:37:32 +00:00 · 2020-08-18 10:04:56 +02:00
parent 1a00faf132
commit 8830896199
11 changed files with 311 additions and 143 deletions
--- a/cmd/zitadel/caos_local.sh
+++ b/cmd/zitadel/caos_local.sh
@@ -65,4 +65,9 @@ export ZITADEL_CONSOLE_ENV_DIR=../../console/src/assets/
 export ZITADEL_DEFAULT_DOMAIN=zitadel.ch

 #Tracing
-export TRACING_TYPE=google
+export TRACING_TYPE=google
+
+#Setup
+export ZITADEL_CONSOLE_RESPONSE_TYPE=ID_TOKEN TOKEN
+export ZITADEL_CONSOLE_GRANT_TYPE=IMPLICIT
+export ZITADEL_CONSOLE_DEV_MODE=true
--- a/cmd/zitadel/main.go
+++ b/cmd/zitadel/main.go
@@ -18,8 +18,10 @@ import (
 	authz_repo "github.com/caos/zitadel/internal/authz/repository/eventsourcing"
 	"github.com/caos/zitadel/internal/config"
 	sd "github.com/caos/zitadel/internal/config/systemdefaults"
+	es_int "github.com/caos/zitadel/internal/eventstore"
 	mgmt_es "github.com/caos/zitadel/internal/management/repository/eventsourcing"
 	"github.com/caos/zitadel/internal/notification"
+	"github.com/caos/zitadel/internal/setup"
 	tracing "github.com/caos/zitadel/internal/tracing/config"
 	"github.com/caos/zitadel/internal/ui"
 	"github.com/caos/zitadel/internal/ui/console"
@@ -43,8 +45,17 @@ type Config struct {
 	Notification notification.Config
 }

+type setupConfig struct {
+	Log logging.Config
+
+	Eventstore     es_int.Config
+	SystemDefaults sd.SystemDefaults
+	SetUp          setup.IAMSetUp
+}
+
 var (
 	configPaths         = config.NewArrayFlags("authz.yaml", "startup.yaml", "system-defaults.yaml")
+	setupPaths          = config.NewArrayFlags("system-defaults.yaml", "setup.yaml")
 	adminEnabled        = flag.Bool("admin", true, "enable admin api")
 	managementEnabled   = flag.Bool("management", true, "enable management api")
 	authEnabled         = flag.Bool("auth", true, "enable auth api")
@@ -55,12 +66,29 @@ var (
 	localDevMode        = flag.Bool("localDevMode", false, "enable local development specific configs")
 )

+const (
+	cmdStart = "start"
+	cmdSetup = "setup"
+)
+
 func main() {
 	flag.Var(configPaths, "config-files", "paths to the config files")
+	flag.Var(configPaths, "setup-files", "paths to the setup files")
 	flag.Parse()
+	arg := flag.Arg(0)
+	switch arg {
+	case cmdStart:
+		startZitadel(configPaths.Values())
+	case cmdSetup:
+		startSetup(setupPaths.Values(), *localDevMode)
+	default:
+		logging.Log("MAIN-afEQ2").Fatal("please provide an valid argument [start, setup]")
+	}
+}

+func startZitadel(configPaths []string) {
 	conf := new(Config)
-	err := config.Read(conf, configPaths.Values()...)
+	err := config.Read(conf, configPaths...)
 	logging.Log("MAIN-FaF2r").OnError(err).Fatal("cannot read config")

 	ctx := context.Background()
@@ -125,3 +153,16 @@ func startAPI(ctx context.Context, conf *Config, authZRepo *authz_repo.EsReposit
 	}
 	apis.Start(ctx)
 }
+
+func startSetup(configPaths []string, localDevMode bool) {
+	conf := new(setupConfig)
+	err := config.Read(conf, configPaths...)
+	logging.Log("MAIN-FaF2r").OnError(err).Fatal("cannot read config")
+
+	ctx := context.Background()
+
+	setup, err := setup.StartSetup(conf.Eventstore, conf.SystemDefaults)
+	logging.Log("SERVE-fD252").OnError(err).Panic("failed to start setup")
+	err = setup.Execute(ctx, conf.SetUp)
+	logging.Log("SERVE-djs3R").OnError(err).Panic("failed to execute setup")
+}
--- a/cmd/zitadel/setup.yaml
+++ b/cmd/zitadel/setup.yaml
@@ -0,0 +1,70 @@
+Log:
+  Level: $ZITADEL_LOG_LEVEL
+  Formatter:
+    Format: text
+
+Eventstore:
+  ServiceName: 'Admin'
+  Repository:
+    SQL:
+      Host: $ZITADEL_EVENTSTORE_HOST
+      Port: $ZITADEL_EVENTSTORE_PORT
+      User: 'adminapi'
+      Database: 'eventstore'
+      Password: $CR_ADMINAPI_PASSWORD
+      SSL:
+        Mode: $CR_SSL_MODE
+        RootCert: $CR_ROOT_CERT
+        Cert: $CR_ADMINAPI_CERT
+        Key: $CR_ADMINAPI_KEY
+  Cache:
+    Type: 'fastcache'
+    Config:
+      MaxCacheSizeInByte: 10485760 #10mb
+
+SetUp:
+  GlobalOrg: 'Global'
+  IAMProject: 'Zitadel'
+  Orgs:
+    - Name: 'Global'
+      Domain: 'global.caos.ch'
+      Default: true
+      OrgIamPolicy: true
+      Users:
+        - FirstName: 'Global Org'
+          LastName: 'Administrator'
+          UserName: 'zitadel-global-org-admin@caos.ch'
+          Email: 'zitadel-global-org-admin@caos.ch'
+          Password: 'Password1!'
+      Owners:
+        - 'zitadel-global-org-admin@caos.ch'
+    - Name: 'CAOS AG'
+      Domain: 'caos.ch'
+      Users:
+        - FirstName: 'Zitadel'
+          LastName: 'Administrator'
+          UserName: 'zitadel-admin'
+          Email: 'zitadel-admin@caos.ch'
+          Password: 'Password1!'
+      Owners:
+        - 'zitadel-admin@caos.ch'
+      Projects:
+        - Name: 'Zitadel'
+          OIDCApps:
+            - Name: 'Management-API'
+            - Name: 'Auth-API'
+            - Name: 'Admin-API'
+            - Name: 'Zitadel Console'
+              RedirectUris:
+                - '$ZITADEL_CONSOLE/auth/callback'
+              PostLogoutRedirectUris:
+                - '$ZITADEL_CONSOLE/signedout'
+              ResponseTypes:
+                - '$ZITADEL_CONSOLE_RESPONSE_TYPE'
+              GrantTypes:
+                - '$ZITADEL_CONSOLE_GRANT_TYPE'
+              ApplicationType: 'USER_AGENT'
+              AuthMethodType: 'NONE'
+              DevMode: '$ZITADEL_CONSOLE_DEV_MODE'
+  Owners:
+    - 'zitadel-admin@caos.ch'
--- a/cmd/zitadel/system-defaults.yaml
+++ b/cmd/zitadel/system-defaults.yaml
@@ -1,6 +1,6 @@
 SystemDefaults:
  DefaultLanguage: 'de'
-  DefaultDomain: $ZITADEL_DEFAULT_DOMAIN
+  Domain: $ZITADEL_DEFAULT_DOMAIN
  ZitadelDocs:
    Issuer: $ZITADEL_ISSUER
    DiscoveryEndpoint: '$ZITADEL_ISSUER/.well-known/openid-configuration'
@@ -81,51 +81,6 @@ SystemDefaults:
      IncludeUpperLetters: true
      IncludeDigits: true
      IncludeSymbols: false
-  SetUp:
-    GlobalOrg: 'Global'
-    IAMProject: 'Zitadel'
-    Orgs:
-      - Name: 'Global'
-        Domain: 'global.caos.ch'
-        Default: true
-        OrgIamPolicy: true
-        Users:
-          - FirstName: 'Global Org'
-            LastName: 'Administrator'
-            UserName: 'zitadel-global-org-admin@caos.ch'
-            Email: 'zitadel-global-org-admin@caos.ch'
-            Password: 'Password1!'
-        Owners:
-          - 'zitadel-global-org-admin@caos.ch'
-      - Name: 'CAOS AG'
-        Domain: 'caos.ch'
-        Users:
-          - FirstName: 'Zitadel'
-            LastName: 'Administrator'
-            UserName: 'zitadel-admin'
-            Email: 'zitadel-admin@caos.ch'
-            Password: 'Password1!'
-        Owners:
-          - 'zitadel-admin@caos.ch'
-        Projects:
-          - Name: 'Zitadel'
-            OIDCApps:
-              - Name: 'Management-API'
-              - Name: 'Auth-API'
-              - Name: 'Admin-API'
-              - Name: 'Zitadel Console'
-                RedirectUris:
-                  - '$ZITADEL_CONSOLE/auth/callback'
-                PostLogoutRedirectUris:
-                  - '$ZITADEL_CONSOLE/signedout'
-                ResponseTypes:
-                  - 'CODE'
-                GrantTypes:
-                  - 'AUTHORIZATION_CODE'
-                ApplicationType: 'NATIVE'
-                AuthMethodType: 'AUTH_TYPE_NONE'
-    Owners:
-      - 'zitadel-admin@caos.ch'
  Notifications:
    DebugMode: $DEBUG_MODE
    Endpoints: