TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 10:07:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: update config to commands (and queries) (#1342)

Browse Source 
* fix: adaot config to commands (and queries)

* remove dependency on vv2 in v1

* add queries user to operator

* set password for queries on tests

* set password for queries on tests

* fix config
This commit is contained in:
Livio Amstutz
2021-02-24 11:17:39 +01:00
committed by GitHub
parent 438daebdb9
commit 8dcbbc87ca
101 changed files with 1122 additions and 1078 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
cmd/zitadel/main.go
View File

@@ -3,9 +3,10 @@ package main
import ( import (
"context" "context"
"flag" "flag"
"github.com/caos/zitadel/internal/eventstore/v1"
"github.com/caos/zitadel/internal/command" "github.com/caos/zitadel/internal/command"
"github.com/caos/zitadel/internal/config/types"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/query" "github.com/caos/zitadel/internal/query"
metrics "github.com/caos/zitadel/internal/telemetry/metrics/config" metrics "github.com/caos/zitadel/internal/telemetry/metrics/config"
@@ -39,6 +40,10 @@ type Config struct {
InternalAuthZ internal_authz.Config InternalAuthZ internal_authz.Config
SystemDefaults sd.SystemDefaults SystemDefaults sd.SystemDefaults
EventstoreBase types.SQLBase
Commands command.Config
Queries query.Config
AuthZ authz.Config AuthZ authz.Config
Auth auth_es.Config Auth auth_es.Config
Admin admin_es.Config Admin admin_es.Config
@@ -53,7 +58,7 @@ type Config struct {
type setupConfig struct { type setupConfig struct {
Log logging.Config Log logging.Config
Eventstore v1.Config Eventstore types.SQL
SystemDefaults sd.SystemDefaults SystemDefaults sd.SystemDefaults
SetUp setup.IAMSetUp SetUp setup.IAMSetUp
} }
@@ -97,40 +102,42 @@ func startZitadel(configPaths []string) {
logging.Log("MAIN-FaF2r").OnError(err).Fatal("cannot read config") logging.Log("MAIN-FaF2r").OnError(err).Fatal("cannot read config")
ctx := context.Background() ctx := context.Background()
//TODO: new eventstore config for command sie esCommands, err := eventstore.StartWithUser(conf.EventstoreBase, conf.Commands.Eventstore)
es, err := v1.Start(conf.Admin.Eventstore)
if err != nil { if err != nil {
return return
} }
esV2 := es.V2() commands, err := command.StartCommands(esCommands, conf.SystemDefaults)
command, err := command.StartCommandSide(&command.Config{Eventstore: esV2, SystemDefaults: conf.SystemDefaults})
if err != nil { if err != nil {
return return
} }
query, err := query.StartQuerySide(&query.Config{Eventstore: esV2, SystemDefaults: conf.SystemDefaults}) esQueries, err := eventstore.StartWithUser(conf.EventstoreBase, conf.Queries.Eventstore)
if err != nil { if err != nil {
return return
} }
authZRepo, err := authz.Start(ctx, conf.AuthZ, conf.InternalAuthZ, conf.SystemDefaults) queries, err := query.StartQueries(esQueries, conf.SystemDefaults)
if err != nil {
return
}
authZRepo, err := authz.Start(ctx, conf.AuthZ, conf.InternalAuthZ, conf.SystemDefaults, queries)
logging.Log("MAIN-s9KOw").OnError(err).Fatal("error starting authz repo") logging.Log("MAIN-s9KOw").OnError(err).Fatal("error starting authz repo")
var authRepo *auth_es.EsRepository var authRepo *auth_es.EsRepository
if *authEnabled || *oidcEnabled || *loginEnabled { if *authEnabled || *oidcEnabled || *loginEnabled {
authRepo, err = auth_es.Start(conf.Auth, conf.InternalAuthZ, conf.SystemDefaults, command, authZRepo) authRepo, err = auth_es.Start(conf.Auth, conf.InternalAuthZ, conf.SystemDefaults, commands, queries, authZRepo, esQueries)
logging.Log("MAIN-9oRw6").OnError(err).Fatal("error starting auth repo") logging.Log("MAIN-9oRw6").OnError(err).Fatal("error starting auth repo")
} }
startAPI(ctx, conf, authZRepo, authRepo, command, query) startAPI(ctx, conf, authZRepo, authRepo, commands, queries)
startUI(ctx, conf, authRepo, command, query) startUI(ctx, conf, authRepo, commands, queries)
if *notificationEnabled { if *notificationEnabled {
notification.Start(ctx, conf.Notification, conf.SystemDefaults, command) notification.Start(ctx, conf.Notification, conf.SystemDefaults, commands)
} }
<-ctx.Done() <-ctx.Done()
logging.Log("MAIN-s8d2h").Info("stopping zitadel") logging.Log("MAIN-s8d2h").Info("stopping zitadel")
} }
func startUI(ctx context.Context, conf *Config, authRepo *auth_es.EsRepository, command *command.CommandSide, query *query.QuerySide) { func startUI(ctx context.Context, conf *Config, authRepo *auth_es.EsRepository, command *command.Commands, query *query.Queries) {
uis := ui.Create(conf.UI) uis := ui.Create(conf.UI)
if *loginEnabled { if *loginEnabled {
login, prefix := login.Start(conf.UI.Login, command, query, authRepo, conf.SystemDefaults, *localDevMode) login, prefix := login.Start(conf.UI.Login, command, query, authRepo, conf.SystemDefaults, *localDevMode)
@@ -144,7 +151,7 @@ func startUI(ctx context.Context, conf *Config, authRepo *auth_es.EsRepository,
uis.Start(ctx) uis.Start(ctx)
} }
func startAPI(ctx context.Context, conf *Config, authZRepo *authz_repo.EsRepository, authRepo *auth_es.EsRepository, command *command.CommandSide, query *query.QuerySide) { func startAPI(ctx context.Context, conf *Config, authZRepo *authz_repo.EsRepository, authRepo *auth_es.EsRepository, command *command.Commands, query *query.Queries) {
roles := make([]string, len(conf.InternalAuthZ.RolePermissionMappings)) roles := make([]string, len(conf.InternalAuthZ.RolePermissionMappings))
for i, role := range conf.InternalAuthZ.RolePermissionMappings { for i, role := range conf.InternalAuthZ.RolePermissionMappings {
roles[i] = role.Role roles[i] = role.Role
@@ -158,7 +165,7 @@ func startAPI(ctx context.Context, conf *Config, authZRepo *authz_repo.EsReposit
apis.RegisterServer(ctx, admin.CreateServer(command, query, repo)) apis.RegisterServer(ctx, admin.CreateServer(command, query, repo))
} }
if *managementEnabled { if *managementEnabled {
managementRepo, err := mgmt_es.Start(conf.Mgmt, conf.SystemDefaults, roles) managementRepo, err := mgmt_es.Start(conf.Mgmt, conf.SystemDefaults, roles, query)
logging.Log("API-Gd2qq").OnError(err).Fatal("error starting management repo") logging.Log("API-Gd2qq").OnError(err).Fatal("error starting management repo")
apis.RegisterServer(ctx, management.CreateServer(command, query, managementRepo, conf.SystemDefaults)) apis.RegisterServer(ctx, management.CreateServer(command, query, managementRepo, conf.SystemDefaults))
} }
@@ -179,13 +186,10 @@ func startSetup(configPaths []string, localDevMode bool) {
ctx := context.Background() ctx := context.Background()
es, err := v1.Start(conf.Eventstore) es, err := eventstore.Start(conf.Eventstore)
logging.Log("MAIN-Ddt3").OnError(err).Fatal("cannot start eventstore") logging.Log("MAIN-Ddt3").OnError(err).Fatal("cannot start eventstore")
commands, err := command.StartCommandSide(&command.Config{ commands, err := command.StartCommands(es, conf.SystemDefaults)
Eventstore: es.V2(),
SystemDefaults: conf.SystemDefaults,
})
logging.Log("MAIN-dsjrr").OnError(err).Fatal("cannot start command side") logging.Log("MAIN-dsjrr").OnError(err).Fatal("cannot start command side")
err = setup.Execute(ctx, conf.SetUp, conf.SystemDefaults.IamID, commands) err = setup.Execute(ctx, conf.SetUp, conf.SystemDefaults.IamID, commands)

12
cmd/zitadel/setup.yaml
View File

@@ -9,18 +9,14 @@ Eventstore:
SQL: SQL:
Host: $ZITADEL_EVENTSTORE_HOST Host: $ZITADEL_EVENTSTORE_HOST
Port: $ZITADEL_EVENTSTORE_PORT Port: $ZITADEL_EVENTSTORE_PORT
User: 'adminapi' User: 'eventstore'
Database: 'eventstore' Database: 'eventstore'
Password: $CR_ADMINAPI_PASSWORD Password: $CR_EVENTSTORE_PASSWORD
SSL: SSL:
Mode: $CR_SSL_MODE Mode: $CR_SSL_MODE
RootCert: $CR_ROOT_CERT RootCert: $CR_ROOT_CERT
Cert: $CR_ADMINAPI_CERT Cert: $CR_EVENTSTORE_CERT
Key: $CR_ADMINAPI_KEY Key: $CR_EVENTSTORE_KEY
Cache:
Type: 'fastcache'
Config:
MaxCacheSizeInByte: 10485760 #10mb
SetUp: SetUp:
Step1: Step1:

25
cmd/zitadel/startup.yaml
View File

@@ -16,8 +16,31 @@ Metrics:
Config: Config:
MeterName: 'github.com/caos/zitadel' MeterName: 'github.com/caos/zitadel'
EventstoreBase:
Host: $ZITADEL_EVENTSTORE_HOST
Port: $ZITADEL_EVENTSTORE_PORT
Database: 'eventstore'
SSL:
Mode: $CR_SSL_MODE
RootCert: $CR_ROOT_CERT
Commands:
Eventstore:
User: 'eventstore'
Password: $CR_EVENTSTORE_PASSWORD
SSL:
Cert: $CR_EVENTSTORE_CERT
Key: $CR_EVENTSTORE_KEY
Queries:
Eventstore:
User: 'queries'
Password: $CR_QUERIES_PASSWORD
SSL:
Cert: $CR_QUERIES_CERT
Key: $CR_QUERIES_KEY
AuthZ: AuthZ:
Domain: $ZITADEL_DEFAULT_DOMAIN
Repository: Repository:
Eventstore: Eventstore:
ServiceName: 'AuthZ' ServiceName: 'AuthZ'

6
internal/api/grpc/admin/server.go
View File

@@ -19,8 +19,8 @@ const (
var _ admin.AdminServiceServer = (*Server)(nil) var _ admin.AdminServiceServer = (*Server)(nil)
type Server struct { type Server struct {
command *command.CommandSide command *command.Commands
query *query.QuerySide query *query.Queries
org repository.OrgRepository org repository.OrgRepository
iam repository.IAMRepository iam repository.IAMRepository
administrator repository.AdministratorRepository administrator repository.AdministratorRepository
@@ -31,7 +31,7 @@ type Config struct {
Repository eventsourcing.Config Repository eventsourcing.Config
} }
func CreateServer(command *command.CommandSide, query *query.QuerySide, repo repository.Repository) *Server { func CreateServer(command *command.Commands, query *query.Queries, repo repository.Repository) *Server {
return &Server{ return &Server{
command: command, command: command,
query: query, query: query,

6
internal/api/grpc/auth/server.go
View File

@@ -19,8 +19,8 @@ const (
) )
type Server struct { type Server struct {
command *command.CommandSide command *command.Commands
query *query.QuerySide query *query.Queries
repo repository.Repository repo repository.Repository
} }
@@ -28,7 +28,7 @@ type Config struct {
Repository eventsourcing.Config Repository eventsourcing.Config
} }
func CreateServer(command *command.CommandSide, query *query.QuerySide, authRepo repository.Repository) *Server { func CreateServer(command *command.Commands, query *query.Queries, authRepo repository.Repository) *Server {
return &Server{ return &Server{
command: command, command: command,
query: query, query: query,

6
internal/api/grpc/management/server.go
View File

@@ -20,8 +20,8 @@ const (
var _ management.ManagementServiceServer = (*Server)(nil) var _ management.ManagementServiceServer = (*Server)(nil)
type Server struct { type Server struct {
command *command.CommandSide command *command.Commands
query *query.QuerySide query *query.Queries
project repository.ProjectRepository project repository.ProjectRepository
org repository.OrgRepository org repository.OrgRepository
user repository.UserRepository user repository.UserRepository
@@ -35,7 +35,7 @@ type Config struct {
Repository eventsourcing.Config Repository eventsourcing.Config
} }
func CreateServer(command *command.CommandSide, query *query.QuerySide, repo repository.Repository, sd systemdefaults.SystemDefaults) *Server { func CreateServer(command *command.Commands, query *query.Queries, repo repository.Repository, sd systemdefaults.SystemDefaults) *Server {
return &Server{ return &Server{
command: command, command: command,
query: query, query: query,

8
internal/api/oidc/op.go
View File

@@ -49,15 +49,15 @@ type Endpoint struct {
type OPStorage struct { type OPStorage struct {
repo repository.Repository repo repository.Repository
command *command.CommandSide command *command.Commands
query *query.QuerySide query *query.Queries
defaultLoginURL string defaultLoginURL string
defaultAccessTokenLifetime time.Duration defaultAccessTokenLifetime time.Duration
defaultIdTokenLifetime time.Duration defaultIdTokenLifetime time.Duration
signingKeyAlgorithm string signingKeyAlgorithm string
} }
func NewProvider(ctx context.Context, config OPHandlerConfig, command *command.CommandSide, query *query.QuerySide, repo repository.Repository, localDevMode bool) op.OpenIDProvider { func NewProvider(ctx context.Context, config OPHandlerConfig, command *command.Commands, query *query.Queries, repo repository.Repository, localDevMode bool) op.OpenIDProvider {
cookieHandler, err := middleware.NewUserAgentHandler(config.UserAgentCookieConfig, id.SonyFlakeGenerator, localDevMode) cookieHandler, err := middleware.NewUserAgentHandler(config.UserAgentCookieConfig, id.SonyFlakeGenerator, localDevMode)
logging.Log("OIDC-sd4fd").OnError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Panic("cannot user agent handler") logging.Log("OIDC-sd4fd").OnError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Panic("cannot user agent handler")
config.OPConfig.CodeMethodS256 = true config.OPConfig.CodeMethodS256 = true
@@ -84,7 +84,7 @@ func NewProvider(ctx context.Context, config OPHandlerConfig, command *command.C
return provider return provider
} }
func newStorage(config StorageConfig, command *command.CommandSide, query *query.QuerySide, repo repository.Repository) *OPStorage { func newStorage(config StorageConfig, command *command.Commands, query *query.Queries, repo repository.Repository) *OPStorage {
return &OPStorage{ return &OPStorage{
repo: repo, repo: repo,
command: command, command: command,

2
internal/auth/repository/eventsourcing/eventstore/application.go
View File

@@ -11,7 +11,7 @@ import (
) )
type ApplicationRepo struct { type ApplicationRepo struct {
Commands *command.CommandSide Commands *command.Commands
View *view.View View *view.View
} }

2
internal/auth/repository/eventsourcing/eventstore/auth_request.go
View File

@@ -30,7 +30,7 @@ import (
) )
type AuthRequestRepo struct { type AuthRequestRepo struct {
Command *command.CommandSide Command *command.Commands
AuthRequests cache.AuthRequestCache AuthRequests cache.AuthRequestCache
View *view.View View *view.View

2
internal/auth/repository/eventsourcing/eventstore/iam.go
View File

@@ -10,7 +10,7 @@ import (
type IAMRepository struct { type IAMRepository struct {
IAMID string IAMID string
IAMV2QuerySide *query.QuerySide IAMV2QuerySide *query.Queries
} }
func (repo *IAMRepository) GetIAM(ctx context.Context) (*model.IAM, error) { func (repo *IAMRepository) GetIAM(ctx context.Context) (*model.IAM, error) {

2
internal/auth/repository/eventsourcing/eventstore/key.go
View File

@@ -20,7 +20,7 @@ import (
) )
type KeyRepository struct { type KeyRepository struct {
Commands *command.CommandSide Commands *command.Commands
Eventstore *eventstore.Eventstore Eventstore *eventstore.Eventstore
View *view.View View *view.View
SigningKeyRotationCheck time.Duration SigningKeyRotationCheck time.Duration

13
internal/auth/repository/eventsourcing/repository.go
View File

@@ -2,7 +2,6 @@ package eventsourcing
import ( import (
"context" "context"
"github.com/caos/zitadel/internal/eventstore/v1"
"github.com/caos/zitadel/internal/api/authz" "github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/auth/repository/eventsourcing/eventstore" "github.com/caos/zitadel/internal/auth/repository/eventsourcing/eventstore"
@@ -14,6 +13,8 @@ import (
sd "github.com/caos/zitadel/internal/config/systemdefaults" sd "github.com/caos/zitadel/internal/config/systemdefaults"
"github.com/caos/zitadel/internal/config/types" "github.com/caos/zitadel/internal/config/types"
"github.com/caos/zitadel/internal/crypto" "github.com/caos/zitadel/internal/crypto"
es2 "github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/v1"
es_spol "github.com/caos/zitadel/internal/eventstore/v1/spooler" es_spol "github.com/caos/zitadel/internal/eventstore/v1/spooler"
"github.com/caos/zitadel/internal/id" "github.com/caos/zitadel/internal/id"
key_model "github.com/caos/zitadel/internal/key/model" key_model "github.com/caos/zitadel/internal/key/model"
@@ -43,12 +44,11 @@ type EsRepository struct {
eventstore.IAMRepository eventstore.IAMRepository
} }
func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults, command *command.CommandSide, authZRepo *authz_repo.EsRepository) (*EsRepository, error) { func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults, command *command.Commands, queries *query.Queries, authZRepo *authz_repo.EsRepository, esV2 *es2.Eventstore) (*EsRepository, error) {
es, err := v1.Start(conf.Eventstore) es, err := v1.Start(conf.Eventstore)
if err != nil { if err != nil {
return nil, err return nil, err
} }
esV2 := es.V2()
sqlClient, err := conf.View.Start() sqlClient, err := conf.View.Start()
if err != nil { if err != nil {
@@ -71,11 +71,6 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults, co
return nil, err return nil, err
} }
iamV2Query, err := query.StartQuerySide(&query.Config{Eventstore: esV2, SystemDefaults: systemDefaults})
if err != nil {
return nil, err
}
keyChan := make(chan *key_model.KeyView) keyChan := make(chan *key_model.KeyView)
spool := spooler.StartSpooler(conf.Spooler, es, view, sqlClient, systemDefaults, keyChan) spool := spooler.StartSpooler(conf.Spooler, es, view, sqlClient, systemDefaults, keyChan)
locker := spooler.NewLocker(sqlClient) locker := spooler.NewLocker(sqlClient)
@@ -145,7 +140,7 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults, co
}, },
eventstore.IAMRepository{ eventstore.IAMRepository{
IAMID: systemDefaults.IamID, IAMID: systemDefaults.IamID,
IAMV2QuerySide: iamV2Query, IAMV2QuerySide: queries,
}, },
}, nil }, nil
} }

5
internal/authz/authz.go
View File

@@ -6,12 +6,13 @@ import (
"github.com/caos/zitadel/internal/api/authz" "github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/authz/repository/eventsourcing" "github.com/caos/zitadel/internal/authz/repository/eventsourcing"
sd "github.com/caos/zitadel/internal/config/systemdefaults" sd "github.com/caos/zitadel/internal/config/systemdefaults"
"github.com/caos/zitadel/internal/query"
) )
type Config struct { type Config struct {
Repository eventsourcing.Config Repository eventsourcing.Config
} }
func Start(ctx context.Context, config Config, authZ authz.Config, systemDefaults sd.SystemDefaults) (*eventsourcing.EsRepository, error) { func Start(ctx context.Context, config Config, authZ authz.Config, systemDefaults sd.SystemDefaults, queries *query.Queries) (*eventsourcing.EsRepository, error) {
return eventsourcing.Start(config.Repository, authZ, systemDefaults) return eventsourcing.Start(config.Repository, authZ, systemDefaults, queries)
} }

2
internal/authz/repository/eventsourcing/eventstore/iam.go
View File

@@ -10,7 +10,7 @@ import (
type IamRepo struct { type IamRepo struct {
IAMID string IAMID string
IAMV2Query *query.QuerySide IAMV2Query *query.Queries
} }
func (repo *IamRepo) Health(ctx context.Context) error { func (repo *IamRepo) Health(ctx context.Context) error {

14
internal/authz/repository/eventsourcing/repository.go
View File

@@ -2,12 +2,12 @@ package eventsourcing
import ( import (
"context" "context"
"github.com/caos/zitadel/internal/eventstore/v1" "github.com/caos/zitadel/internal/eventstore/v1"
"github.com/caos/zitadel/internal/query" "github.com/caos/zitadel/internal/query"
"github.com/caos/zitadel/internal/api/authz" "github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/auth_request/repository/cache"
"github.com/caos/zitadel/internal/authz/repository/eventsourcing/eventstore" "github.com/caos/zitadel/internal/authz/repository/eventsourcing/eventstore"
"github.com/caos/zitadel/internal/authz/repository/eventsourcing/spooler" "github.com/caos/zitadel/internal/authz/repository/eventsourcing/spooler"
authz_view "github.com/caos/zitadel/internal/authz/repository/eventsourcing/view" authz_view "github.com/caos/zitadel/internal/authz/repository/eventsourcing/view"
@@ -18,9 +18,7 @@ import (
) )
type Config struct { type Config struct {
Domain string
Eventstore v1.Config Eventstore v1.Config
AuthRequest cache.Config
View types.SQL View types.SQL
Spooler spooler.SpoolerConfig Spooler spooler.SpoolerConfig
} }
@@ -32,12 +30,11 @@ type EsRepository struct {
eventstore.TokenVerifierRepo eventstore.TokenVerifierRepo
} }
func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults) (*EsRepository, error) { func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults, queries *query.Queries) (*EsRepository, error) {
es, err := v1.Start(conf.Eventstore) es, err := v1.Start(conf.Eventstore)
if err != nil { if err != nil {
return nil, err return nil, err
} }
esV2 := es.V2()
sqlClient, err := conf.View.Start() sqlClient, err := conf.View.Start()
if err != nil { if err != nil {
@@ -50,11 +47,6 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults) (*
return nil, err return nil, err
} }
iamV2, err := query.StartQuerySide(&query.Config{Eventstore: esV2, SystemDefaults: systemDefaults})
if err != nil {
return nil, err
}
spool := spooler.StartSpooler(conf.Spooler, es, view, sqlClient, systemDefaults) spool := spooler.StartSpooler(conf.Spooler, es, view, sqlClient, systemDefaults)
return &EsRepository{ return &EsRepository{
@@ -67,7 +59,7 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults) (*
}, },
eventstore.IamRepo{ eventstore.IamRepo{
IAMID: systemDefaults.IamID, IAMID: systemDefaults.IamID,
IAMV2Query: iamV2, IAMV2Query: queries,
}, },
eventstore.TokenVerifierRepo{ eventstore.TokenVerifierRepo{
//TODO: Add Token Verification Key //TODO: Add Token Verification Key

58
internal/command/command.go
View File

@@ -2,6 +2,7 @@ package command
import ( import (
"context" "context"
"github.com/caos/zitadel/internal/config/types"
"github.com/caos/zitadel/internal/eventstore" "github.com/caos/zitadel/internal/eventstore"
"time" "time"
@@ -20,7 +21,7 @@ import (
webauthn_helper "github.com/caos/zitadel/internal/webauthn" webauthn_helper "github.com/caos/zitadel/internal/webauthn"
) )
type CommandSide struct { type Commands struct {
eventstore *eventstore.Eventstore eventstore *eventstore.Eventstore
idGenerator id.Generator idGenerator id.Generator
iamDomain string iamDomain string
@@ -50,18 +51,17 @@ type CommandSide struct {
} }
type Config struct { type Config struct {
Eventstore *eventstore.Eventstore Eventstore types.SQLUser
SystemDefaults sd.SystemDefaults
} }
func StartCommandSide(config *Config) (repo *CommandSide, err error) { func StartCommands(eventstore *eventstore.Eventstore, defaults sd.SystemDefaults) (repo *Commands, err error) {
repo = &CommandSide{ repo = &Commands{
eventstore: config.Eventstore, eventstore: eventstore,
idGenerator: id.SonyFlakeGenerator, idGenerator: id.SonyFlakeGenerator,
iamDomain: config.SystemDefaults.Domain, iamDomain: defaults.Domain,
keySize: config.SystemDefaults.KeyConfig.Size, keySize: defaults.KeyConfig.Size,
privateKeyLifetime: config.SystemDefaults.KeyConfig.PrivateKeyLifetime.Duration, privateKeyLifetime: defaults.KeyConfig.PrivateKeyLifetime.Duration,
publicKeyLifetime: config.SystemDefaults.KeyConfig.PublicKeyLifetime.Duration, publicKeyLifetime: defaults.KeyConfig.PublicKeyLifetime.Duration,
} }
iam_repo.RegisterEventMappers(repo.eventstore) iam_repo.RegisterEventMappers(repo.eventstore)
org.RegisterEventMappers(repo.eventstore) org.RegisterEventMappers(repo.eventstore)
@@ -71,49 +71,49 @@ func StartCommandSide(config *Config) (repo *CommandSide, err error) {
keypair.RegisterEventMappers(repo.eventstore) keypair.RegisterEventMappers(repo.eventstore)
//TODO: simplify!!!! //TODO: simplify!!!!
repo.idpConfigSecretCrypto, err = crypto.NewAESCrypto(config.SystemDefaults.IDPConfigVerificationKey) repo.idpConfigSecretCrypto, err = crypto.NewAESCrypto(defaults.IDPConfigVerificationKey)
if err != nil { if err != nil {
return nil, err return nil, err
} }
userEncryptionAlgorithm, err := crypto.NewAESCrypto(config.SystemDefaults.UserVerificationKey) userEncryptionAlgorithm, err := crypto.NewAESCrypto(defaults.UserVerificationKey)
if err != nil { if err != nil {
return nil, err return nil, err
} }
repo.initializeUserCode = crypto.NewEncryptionGenerator(config.SystemDefaults.SecretGenerators.InitializeUserCode, userEncryptionAlgorithm) repo.initializeUserCode = crypto.NewEncryptionGenerator(defaults.SecretGenerators.InitializeUserCode, userEncryptionAlgorithm)
repo.emailVerificationCode = crypto.NewEncryptionGenerator(config.SystemDefaults.SecretGenerators.EmailVerificationCode, userEncryptionAlgorithm) repo.emailVerificationCode = crypto.NewEncryptionGenerator(defaults.SecretGenerators.EmailVerificationCode, userEncryptionAlgorithm)
repo.phoneVerificationCode = crypto.NewEncryptionGenerator(config.SystemDefaults.SecretGenerators.PhoneVerificationCode, userEncryptionAlgorithm) repo.phoneVerificationCode = crypto.NewEncryptionGenerator(defaults.SecretGenerators.PhoneVerificationCode, userEncryptionAlgorithm)
repo.passwordVerificationCode = crypto.NewEncryptionGenerator(config.SystemDefaults.SecretGenerators.PasswordVerificationCode, userEncryptionAlgorithm) repo.passwordVerificationCode = crypto.NewEncryptionGenerator(defaults.SecretGenerators.PasswordVerificationCode, userEncryptionAlgorithm)
repo.userPasswordAlg = crypto.NewBCrypt(config.SystemDefaults.SecretGenerators.PasswordSaltCost) repo.userPasswordAlg = crypto.NewBCrypt(defaults.SecretGenerators.PasswordSaltCost)
repo.machineKeyAlg = userEncryptionAlgorithm repo.machineKeyAlg = userEncryptionAlgorithm
repo.machineKeySize = int(config.SystemDefaults.SecretGenerators.MachineKeySize) repo.machineKeySize = int(defaults.SecretGenerators.MachineKeySize)
repo.applicationKeySize = int(config.SystemDefaults.SecretGenerators.ApplicationKeySize) repo.applicationKeySize = int(defaults.SecretGenerators.ApplicationKeySize)
aesOTPCrypto, err := crypto.NewAESCrypto(config.SystemDefaults.Multifactors.OTP.VerificationKey) aesOTPCrypto, err := crypto.NewAESCrypto(defaults.Multifactors.OTP.VerificationKey)
if err != nil { if err != nil {
return nil, err return nil, err
} }
repo.multifactors = global_model.Multifactors{ repo.multifactors = global_model.Multifactors{
OTP: global_model.OTP{ OTP: global_model.OTP{
CryptoMFA: aesOTPCrypto, CryptoMFA: aesOTPCrypto,
Issuer: config.SystemDefaults.Multifactors.OTP.Issuer, Issuer: defaults.Multifactors.OTP.Issuer,
}, },
} }
passwordAlg := crypto.NewBCrypt(config.SystemDefaults.SecretGenerators.PasswordSaltCost) passwordAlg := crypto.NewBCrypt(defaults.SecretGenerators.PasswordSaltCost)
repo.applicationSecretGenerator = crypto.NewHashGenerator(config.SystemDefaults.SecretGenerators.ClientSecretGenerator, passwordAlg) repo.applicationSecretGenerator = crypto.NewHashGenerator(defaults.SecretGenerators.ClientSecretGenerator, passwordAlg)
repo.domainVerificationAlg, err = crypto.NewAESCrypto(config.SystemDefaults.DomainVerification.VerificationKey) repo.domainVerificationAlg, err = crypto.NewAESCrypto(defaults.DomainVerification.VerificationKey)
if err != nil { if err != nil {
return nil, err return nil, err
} }
repo.domainVerificationGenerator = crypto.NewEncryptionGenerator(config.SystemDefaults.DomainVerification.VerificationGenerator, repo.domainVerificationAlg) repo.domainVerificationGenerator = crypto.NewEncryptionGenerator(defaults.DomainVerification.VerificationGenerator, repo.domainVerificationAlg)
repo.domainVerificationValidator = http.ValidateDomain repo.domainVerificationValidator = http.ValidateDomain
web, err := webauthn_helper.StartServer(config.SystemDefaults.WebAuthN) web, err := webauthn_helper.StartServer(defaults.WebAuthN)
if err != nil { if err != nil {
return nil, err return nil, err
} }
repo.webauthn = web repo.webauthn = web
keyAlgorithm, err := crypto.NewAESCrypto(config.SystemDefaults.KeyConfig.EncryptionConfig) keyAlgorithm, err := crypto.NewAESCrypto(defaults.KeyConfig.EncryptionConfig)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -121,12 +121,12 @@ func StartCommandSide(config *Config) (repo *CommandSide, err error) {
return repo, nil return repo, nil
} }
func (r *CommandSide) getIAMWriteModel(ctx context.Context) (_ *IAMWriteModel, err error) { func (c *Commands) getIAMWriteModel(ctx context.Context) (_ *IAMWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
writeModel := NewIAMWriteModel() writeModel := NewIAMWriteModel()
err = r.eventstore.FilterToQueryReducer(ctx, writeModel) err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

12
internal/command/iam.go
View File

@@ -9,17 +9,17 @@ import (
) )
//TODO: private //TODO: private
func (r *CommandSide) GetIAM(ctx context.Context) (*domain.IAM, error) { func (c *Commands) GetIAM(ctx context.Context) (*domain.IAM, error) {
iamWriteModel := NewIAMWriteModel() iamWriteModel := NewIAMWriteModel()
err := r.eventstore.FilterToQueryReducer(ctx, iamWriteModel) err := c.eventstore.FilterToQueryReducer(ctx, iamWriteModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return writeModelToIAM(iamWriteModel), nil return writeModelToIAM(iamWriteModel), nil
} }
func (r *CommandSide) setGlobalOrg(ctx context.Context, iamAgg *eventstore.Aggregate, iamWriteModel *IAMWriteModel, orgID string) (eventstore.EventPusher, error) { func (c *Commands) setGlobalOrg(ctx context.Context, iamAgg *eventstore.Aggregate, iamWriteModel *IAMWriteModel, orgID string) (eventstore.EventPusher, error) {
err := r.eventstore.FilterToQueryReducer(ctx, iamWriteModel) err := c.eventstore.FilterToQueryReducer(ctx, iamWriteModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -29,8 +29,8 @@ func (r *CommandSide) setGlobalOrg(ctx context.Context, iamAgg *eventstore.Aggre
return iam.NewGlobalOrgSetEventEvent(ctx, iamAgg, orgID), nil return iam.NewGlobalOrgSetEventEvent(ctx, iamAgg, orgID), nil
} }
func (r *CommandSide) setIAMProject(ctx context.Context, iamAgg *eventstore.Aggregate, iamWriteModel *IAMWriteModel, projectID string) (eventstore.EventPusher, error) { func (c *Commands) setIAMProject(ctx context.Context, iamAgg *eventstore.Aggregate, iamWriteModel *IAMWriteModel, projectID string) (eventstore.EventPusher, error) {
err := r.eventstore.FilterToQueryReducer(ctx, iamWriteModel) err := c.eventstore.FilterToQueryReducer(ctx, iamWriteModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

40
internal/command/iam_idp_config.go
View File

@@ -12,18 +12,18 @@ import (
iam_repo "github.com/caos/zitadel/internal/repository/iam" iam_repo "github.com/caos/zitadel/internal/repository/iam"
) )
func (r *CommandSide) AddDefaultIDPConfig(ctx context.Context, config *domain.IDPConfig) (*domain.IDPConfig, error) { func (c *Commands) AddDefaultIDPConfig(ctx context.Context, config *domain.IDPConfig) (*domain.IDPConfig, error) {
if config.OIDCConfig == nil { if config.OIDCConfig == nil {
return nil, errors.ThrowInvalidArgument(nil, "IAM-eUpQU", "Errors.idp.config.notset") return nil, errors.ThrowInvalidArgument(nil, "IAM-eUpQU", "Errors.idp.config.notset")
} }
idpConfigID, err := r.idGenerator.Next() idpConfigID, err := c.idGenerator.Next()
if err != nil { if err != nil {
return nil, err return nil, err
} }
addedConfig := NewIAMIDPConfigWriteModel(idpConfigID) addedConfig := NewIAMIDPConfigWriteModel(idpConfigID)
clientSecret, err := crypto.Crypt([]byte(config.OIDCConfig.ClientSecretString), r.idpConfigSecretCrypto) clientSecret, err := crypto.Crypt([]byte(config.OIDCConfig.ClientSecretString), c.idpConfigSecretCrypto)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -51,7 +51,7 @@ func (r *CommandSide) AddDefaultIDPConfig(ctx context.Context, config *domain.ID
), ),
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, events...) pushedEvents, err := c.eventstore.PushEvents(ctx, events...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -62,8 +62,8 @@ func (r *CommandSide) AddDefaultIDPConfig(ctx context.Context, config *domain.ID
return writeModelToIDPConfig(&addedConfig.IDPConfigWriteModel), nil return writeModelToIDPConfig(&addedConfig.IDPConfigWriteModel), nil
} }
func (r *CommandSide) ChangeDefaultIDPConfig(ctx context.Context, config *domain.IDPConfig) (*domain.IDPConfig, error) { func (c *Commands) ChangeDefaultIDPConfig(ctx context.Context, config *domain.IDPConfig) (*domain.IDPConfig, error) {
existingIDP, err := r.iamIDPConfigWriteModelByID(ctx, config.IDPConfigID) existingIDP, err := c.iamIDPConfigWriteModelByID(ctx, config.IDPConfigID)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -76,7 +76,7 @@ func (r *CommandSide) ChangeDefaultIDPConfig(ctx context.Context, config *domain
if !hasChanged { if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9vs", "Errors.IAM.LabelPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9vs", "Errors.IAM.LabelPolicy.NotChanged")
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent) pushedEvents, err := c.eventstore.PushEvents(ctx, changedEvent)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -87,8 +87,8 @@ func (r *CommandSide) ChangeDefaultIDPConfig(ctx context.Context, config *domain
return writeModelToIDPConfig(&existingIDP.IDPConfigWriteModel), nil return writeModelToIDPConfig(&existingIDP.IDPConfigWriteModel), nil
} }
func (r *CommandSide) DeactivateDefaultIDPConfig(ctx context.Context, idpID string) error { func (c *Commands) DeactivateDefaultIDPConfig(ctx context.Context, idpID string) error {
existingIDP, err := r.iamIDPConfigWriteModelByID(ctx, idpID) existingIDP, err := c.iamIDPConfigWriteModelByID(ctx, idpID)
if err != nil { if err != nil {
return err return err
} }
@@ -96,12 +96,12 @@ func (r *CommandSide) DeactivateDefaultIDPConfig(ctx context.Context, idpID stri
return caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9so", "Errors.IAM.IDPConfig.NotActive") return caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9so", "Errors.IAM.IDPConfig.NotActive")
} }
iamAgg := IAMAggregateFromWriteModel(&existingIDP.WriteModel) iamAgg := IAMAggregateFromWriteModel(&existingIDP.WriteModel)
_, err = r.eventstore.PushEvents(ctx, iam_repo.NewIDPConfigDeactivatedEvent(ctx, iamAgg, idpID)) _, err = c.eventstore.PushEvents(ctx, iam_repo.NewIDPConfigDeactivatedEvent(ctx, iamAgg, idpID))
return err return err
} }
func (r *CommandSide) ReactivateDefaultIDPConfig(ctx context.Context, idpID string) error { func (c *Commands) ReactivateDefaultIDPConfig(ctx context.Context, idpID string) error {
existingIDP, err := r.iamIDPConfigWriteModelByID(ctx, idpID) existingIDP, err := c.iamIDPConfigWriteModelByID(ctx, idpID)
if err != nil { if err != nil {
return err return err
} }
@@ -109,12 +109,12 @@ func (r *CommandSide) ReactivateDefaultIDPConfig(ctx context.Context, idpID stri
return caos_errs.ThrowPreconditionFailed(nil, "IAM-5Mo0d", "Errors.IAM.IDPConfig.NotInactive") return caos_errs.ThrowPreconditionFailed(nil, "IAM-5Mo0d", "Errors.IAM.IDPConfig.NotInactive")
} }
iamAgg := IAMAggregateFromWriteModel(&existingIDP.WriteModel) iamAgg := IAMAggregateFromWriteModel(&existingIDP.WriteModel)
_, err = r.eventstore.PushEvents(ctx, iam_repo.NewIDPConfigReactivatedEvent(ctx, iamAgg, idpID)) _, err = c.eventstore.PushEvents(ctx, iam_repo.NewIDPConfigReactivatedEvent(ctx, iamAgg, idpID))
return err return err
} }
func (r *CommandSide) RemoveDefaultIDPConfig(ctx context.Context, idpID string, idpProviders []*domain.IDPProvider, externalIDPs ...*domain.ExternalIDP) error { func (c *Commands) RemoveDefaultIDPConfig(ctx context.Context, idpID string, idpProviders []*domain.IDPProvider, externalIDPs ...*domain.ExternalIDP) error {
existingIDP, err := r.iamIDPConfigWriteModelByID(ctx, idpID) existingIDP, err := c.iamIDPConfigWriteModelByID(ctx, idpID)
if err != nil { if err != nil {
return err return err
} }
@@ -129,24 +129,24 @@ func (r *CommandSide) RemoveDefaultIDPConfig(ctx context.Context, idpID string,
for _, idpProvider := range idpProviders { for _, idpProvider := range idpProviders {
if idpProvider.AggregateID == domain.IAMID { if idpProvider.AggregateID == domain.IAMID {
userEvents := r.removeIDPProviderFromDefaultLoginPolicy(ctx, iamAgg, idpProvider, true, externalIDPs...) userEvents := c.removeIDPProviderFromDefaultLoginPolicy(ctx, iamAgg, idpProvider, true, externalIDPs...)
events = append(events, userEvents...) events = append(events, userEvents...)
} }
orgAgg := OrgAggregateFromWriteModel(&NewOrgIdentityProviderWriteModel(idpProvider.AggregateID, idpID).WriteModel) orgAgg := OrgAggregateFromWriteModel(&NewOrgIdentityProviderWriteModel(idpProvider.AggregateID, idpID).WriteModel)
orgEvents := r.removeIDPProviderFromLoginPolicy(ctx, orgAgg, idpID, true) orgEvents := c.removeIDPProviderFromLoginPolicy(ctx, orgAgg, idpID, true)
events = append(events, orgEvents...) events = append(events, orgEvents...)
} }
_, err = r.eventstore.PushEvents(ctx, events...) _, err = c.eventstore.PushEvents(ctx, events...)
return err return err
} }
func (r *CommandSide) iamIDPConfigWriteModelByID(ctx context.Context, idpID string) (policy *IAMIDPConfigWriteModel, err error) { func (c *Commands) iamIDPConfigWriteModelByID(ctx context.Context, idpID string) (policy *IAMIDPConfigWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
writeModel := NewIAMIDPConfigWriteModel(idpID) writeModel := NewIAMIDPConfigWriteModel(idpID)
err = r.eventstore.FilterToQueryReducer(ctx, writeModel) err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

8
internal/command/iam_idp_oidc_config.go
View File

@@ -6,9 +6,9 @@ import (
caos_errs "github.com/caos/zitadel/internal/errors" caos_errs "github.com/caos/zitadel/internal/errors"
) )
func (r *CommandSide) ChangeDefaultIDPOIDCConfig(ctx context.Context, config *domain.OIDCIDPConfig) (*domain.OIDCIDPConfig, error) { func (c *Commands) ChangeDefaultIDPOIDCConfig(ctx context.Context, config *domain.OIDCIDPConfig) (*domain.OIDCIDPConfig, error) {
existingConfig := NewIAMIDPOIDCConfigWriteModel(config.IDPConfigID) existingConfig := NewIAMIDPOIDCConfigWriteModel(config.IDPConfigID)
err := r.eventstore.FilterToQueryReducer(ctx, existingConfig) err := c.eventstore.FilterToQueryReducer(ctx, existingConfig)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -25,7 +25,7 @@ func (r *CommandSide) ChangeDefaultIDPOIDCConfig(ctx context.Context, config *do
config.ClientID, config.ClientID,
config.Issuer, config.Issuer,
config.ClientSecretString, config.ClientSecretString,
r.idpConfigSecretCrypto, c.idpConfigSecretCrypto,
config.IDPDisplayNameMapping, config.IDPDisplayNameMapping,
config.UsernameMapping, config.UsernameMapping,
config.Scopes...) config.Scopes...)
@@ -36,7 +36,7 @@ func (r *CommandSide) ChangeDefaultIDPOIDCConfig(ctx context.Context, config *do
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9vs", "Errors.IAM.LabelPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9vs", "Errors.IAM.LabelPolicy.NotChanged")
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent) pushedEvents, err := c.eventstore.PushEvents(ctx, changedEvent)
if err != nil { if err != nil {
return nil, err return nil, err
} }

26
internal/command/iam_member.go
View File

@@ -12,15 +12,15 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
) )
func (r *CommandSide) AddIAMMember(ctx context.Context, member *domain.Member) (*domain.Member, error) { func (c *Commands) AddIAMMember(ctx context.Context, member *domain.Member) (*domain.Member, error) {
addedMember := NewIAMMemberWriteModel(member.UserID) addedMember := NewIAMMemberWriteModel(member.UserID)
iamAgg := IAMAggregateFromWriteModel(&addedMember.MemberWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&addedMember.MemberWriteModel.WriteModel)
event, err := r.addIAMMember(ctx, iamAgg, addedMember, member) event, err := c.addIAMMember(ctx, iamAgg, addedMember, member)
if err != nil { if err != nil {
return nil, err return nil, err
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, event) pushedEvents, err := c.eventstore.PushEvents(ctx, event)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -31,14 +31,14 @@ func (r *CommandSide) AddIAMMember(ctx context.Context, member *domain.Member) (
return memberWriteModelToMember(&addedMember.MemberWriteModel), nil return memberWriteModelToMember(&addedMember.MemberWriteModel), nil
} }
func (r *CommandSide) addIAMMember(ctx context.Context, iamAgg *eventstore.Aggregate, addedMember *IAMMemberWriteModel, member *domain.Member) (eventstore.EventPusher, error) { func (c *Commands) addIAMMember(ctx context.Context, iamAgg *eventstore.Aggregate, addedMember *IAMMemberWriteModel, member *domain.Member) (eventstore.EventPusher, error) {
//TODO: check if roles valid //TODO: check if roles valid
if !member.IsValid() { if !member.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-GR34U", "Errors.IAM.MemberInvalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-GR34U", "Errors.IAM.MemberInvalid")
} }
err := r.eventstore.FilterToQueryReducer(ctx, addedMember) err := c.eventstore.FilterToQueryReducer(ctx, addedMember)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -50,14 +50,14 @@ func (r *CommandSide) addIAMMember(ctx context.Context, iamAgg *eventstore.Aggre
} }
//ChangeIAMMember updates an existing member //ChangeIAMMember updates an existing member
func (r *CommandSide) ChangeIAMMember(ctx context.Context, member *domain.Member) (*domain.Member, error) { func (c *Commands) ChangeIAMMember(ctx context.Context, member *domain.Member) (*domain.Member, error) {
//TODO: check if roles valid //TODO: check if roles valid
if !member.IsValid() { if !member.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-LiaZi", "Errors.IAM.MemberInvalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-LiaZi", "Errors.IAM.MemberInvalid")
} }
existingMember, err := r.iamMemberWriteModelByID(ctx, member.UserID) existingMember, err := c.iamMemberWriteModelByID(ctx, member.UserID)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -66,7 +66,7 @@ func (r *CommandSide) ChangeIAMMember(ctx context.Context, member *domain.Member
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-LiaZi", "Errors.IAM.Member.RolesNotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-LiaZi", "Errors.IAM.Member.RolesNotChanged")
} }
iamAgg := IAMAggregateFromWriteModel(&existingMember.MemberWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&existingMember.MemberWriteModel.WriteModel)
pushedEvents, err := r.eventstore.PushEvents(ctx, iam_repo.NewMemberChangedEvent(ctx, iamAgg, member.UserID, member.Roles...)) pushedEvents, err := c.eventstore.PushEvents(ctx, iam_repo.NewMemberChangedEvent(ctx, iamAgg, member.UserID, member.Roles...))
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -78,8 +78,8 @@ func (r *CommandSide) ChangeIAMMember(ctx context.Context, member *domain.Member
return memberWriteModelToMember(&existingMember.MemberWriteModel), nil return memberWriteModelToMember(&existingMember.MemberWriteModel), nil
} }
func (r *CommandSide) RemoveIAMMember(ctx context.Context, userID string) error { func (c *Commands) RemoveIAMMember(ctx context.Context, userID string) error {
m, err := r.iamMemberWriteModelByID(ctx, userID) m, err := c.iamMemberWriteModelByID(ctx, userID)
if err != nil && !errors.IsNotFound(err) { if err != nil && !errors.IsNotFound(err) {
return err return err
} }
@@ -88,16 +88,16 @@ func (r *CommandSide) RemoveIAMMember(ctx context.Context, userID string) error
} }
iamAgg := IAMAggregateFromWriteModel(&m.MemberWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&m.MemberWriteModel.WriteModel)
_, err = r.eventstore.PushEvents(ctx, iam_repo.NewMemberRemovedEvent(ctx, iamAgg, userID)) _, err = c.eventstore.PushEvents(ctx, iam_repo.NewMemberRemovedEvent(ctx, iamAgg, userID))
return err return err
} }
func (r *CommandSide) iamMemberWriteModelByID(ctx context.Context, userID string) (member *IAMMemberWriteModel, err error) { func (c *Commands) iamMemberWriteModelByID(ctx context.Context, userID string) (member *IAMMemberWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
writeModel := NewIAMMemberWriteModel(userID) writeModel := NewIAMMemberWriteModel(userID)
err = r.eventstore.FilterToQueryReducer(ctx, writeModel) err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

20
internal/command/iam_policy_label.go
View File

@@ -9,15 +9,15 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
) )
func (r *CommandSide) AddDefaultLabelPolicy(ctx context.Context, policy *domain.LabelPolicy) (*domain.LabelPolicy, error) { func (c *Commands) AddDefaultLabelPolicy(ctx context.Context, policy *domain.LabelPolicy) (*domain.LabelPolicy, error) {
addedPolicy := NewIAMLabelPolicyWriteModel() addedPolicy := NewIAMLabelPolicyWriteModel()
iamAgg := IAMAggregateFromWriteModel(&addedPolicy.LabelPolicyWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&addedPolicy.LabelPolicyWriteModel.WriteModel)
event, err := r.addDefaultLabelPolicy(ctx, iamAgg, addedPolicy, policy) event, err := c.addDefaultLabelPolicy(ctx, iamAgg, addedPolicy, policy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, event) pushedEvents, err := c.eventstore.PushEvents(ctx, event)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -28,8 +28,8 @@ func (r *CommandSide) AddDefaultLabelPolicy(ctx context.Context, policy *domain.
return writeModelToLabelPolicy(&addedPolicy.LabelPolicyWriteModel), nil return writeModelToLabelPolicy(&addedPolicy.LabelPolicyWriteModel), nil
} }
func (r *CommandSide) addDefaultLabelPolicy(ctx context.Context, iamAgg *eventstore.Aggregate, addedPolicy *IAMLabelPolicyWriteModel, policy *domain.LabelPolicy) (eventstore.EventPusher, error) { func (c *Commands) addDefaultLabelPolicy(ctx context.Context, iamAgg *eventstore.Aggregate, addedPolicy *IAMLabelPolicyWriteModel, policy *domain.LabelPolicy) (eventstore.EventPusher, error) {
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) err := c.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -41,8 +41,8 @@ func (r *CommandSide) addDefaultLabelPolicy(ctx context.Context, iamAgg *eventst
} }
func (r *CommandSide) ChangeDefaultLabelPolicy(ctx context.Context, policy *domain.LabelPolicy) (*domain.LabelPolicy, error) { func (c *Commands) ChangeDefaultLabelPolicy(ctx context.Context, policy *domain.LabelPolicy) (*domain.LabelPolicy, error) {
existingPolicy, err := r.defaultLabelPolicyWriteModelByID(ctx) existingPolicy, err := c.defaultLabelPolicyWriteModelByID(ctx)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -56,7 +56,7 @@ func (r *CommandSide) ChangeDefaultLabelPolicy(ctx context.Context, policy *doma
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9vs", "Errors.IAM.LabelPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9vs", "Errors.IAM.LabelPolicy.NotChanged")
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent) pushedEvents, err := c.eventstore.PushEvents(ctx, changedEvent)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -67,12 +67,12 @@ func (r *CommandSide) ChangeDefaultLabelPolicy(ctx context.Context, policy *doma
return writeModelToLabelPolicy(&existingPolicy.LabelPolicyWriteModel), nil return writeModelToLabelPolicy(&existingPolicy.LabelPolicyWriteModel), nil
} }
func (r *CommandSide) defaultLabelPolicyWriteModelByID(ctx context.Context) (policy *IAMLabelPolicyWriteModel, err error) { func (c *Commands) defaultLabelPolicyWriteModelByID(ctx context.Context) (policy *IAMLabelPolicyWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
writeModel := NewIAMLabelPolicyWriteModel() writeModel := NewIAMLabelPolicyWriteModel()
err = r.eventstore.FilterToQueryReducer(ctx, writeModel) err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

78
internal/command/iam_policy_login.go
View File

@@ -10,9 +10,9 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
) )
func (r *CommandSide) getDefaultLoginPolicy(ctx context.Context) (*domain.LoginPolicy, error) { func (c *Commands) getDefaultLoginPolicy(ctx context.Context) (*domain.LoginPolicy, error) {
policyWriteModel := NewIAMLoginPolicyWriteModel() policyWriteModel := NewIAMLoginPolicyWriteModel()
err := r.eventstore.FilterToQueryReducer(ctx, policyWriteModel) err := c.eventstore.FilterToQueryReducer(ctx, policyWriteModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -21,14 +21,14 @@ func (r *CommandSide) getDefaultLoginPolicy(ctx context.Context) (*domain.LoginP
return policy, nil return policy, nil
} }
func (r *CommandSide) AddDefaultLoginPolicy(ctx context.Context, policy *domain.LoginPolicy) (*domain.LoginPolicy, error) { func (c *Commands) AddDefaultLoginPolicy(ctx context.Context, policy *domain.LoginPolicy) (*domain.LoginPolicy, error) {
addedPolicy := NewIAMLoginPolicyWriteModel() addedPolicy := NewIAMLoginPolicyWriteModel()
iamAgg := IAMAggregateFromWriteModel(&addedPolicy.WriteModel) iamAgg := IAMAggregateFromWriteModel(&addedPolicy.WriteModel)
event, err := r.addDefaultLoginPolicy(ctx, iamAgg, addedPolicy, policy) event, err := c.addDefaultLoginPolicy(ctx, iamAgg, addedPolicy, policy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
_, err = r.eventstore.PushEvents(ctx, event) _, err = c.eventstore.PushEvents(ctx, event)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -36,8 +36,8 @@ func (r *CommandSide) AddDefaultLoginPolicy(ctx context.Context, policy *domain.
return writeModelToLoginPolicy(&addedPolicy.LoginPolicyWriteModel), nil return writeModelToLoginPolicy(&addedPolicy.LoginPolicyWriteModel), nil
} }
func (r *CommandSide) addDefaultLoginPolicy(ctx context.Context, iamAgg *eventstore.Aggregate, addedPolicy *IAMLoginPolicyWriteModel, policy *domain.LoginPolicy) (eventstore.EventPusher, error) { func (c *Commands) addDefaultLoginPolicy(ctx context.Context, iamAgg *eventstore.Aggregate, addedPolicy *IAMLoginPolicyWriteModel, policy *domain.LoginPolicy) (eventstore.EventPusher, error) {
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) err := c.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -48,14 +48,14 @@ func (r *CommandSide) addDefaultLoginPolicy(ctx context.Context, iamAgg *eventst
return iam_repo.NewLoginPolicyAddedEvent(ctx, iamAgg, policy.AllowUsernamePassword, policy.AllowRegister, policy.AllowExternalIDP, policy.ForceMFA, policy.PasswordlessType), nil return iam_repo.NewLoginPolicyAddedEvent(ctx, iamAgg, policy.AllowUsernamePassword, policy.AllowRegister, policy.AllowExternalIDP, policy.ForceMFA, policy.PasswordlessType), nil
} }
func (r *CommandSide) ChangeDefaultLoginPolicy(ctx context.Context, policy *domain.LoginPolicy) (*domain.LoginPolicy, error) { func (c *Commands) ChangeDefaultLoginPolicy(ctx context.Context, policy *domain.LoginPolicy) (*domain.LoginPolicy, error) {
existingPolicy := NewIAMLoginPolicyWriteModel() existingPolicy := NewIAMLoginPolicyWriteModel()
iamAgg := IAMAggregateFromWriteModel(&existingPolicy.LoginPolicyWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&existingPolicy.LoginPolicyWriteModel.WriteModel)
event, err := r.changeDefaultLoginPolicy(ctx, iamAgg, existingPolicy, policy) event, err := c.changeDefaultLoginPolicy(ctx, iamAgg, existingPolicy, policy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, event) pushedEvents, err := c.eventstore.PushEvents(ctx, event)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -66,8 +66,8 @@ func (r *CommandSide) ChangeDefaultLoginPolicy(ctx context.Context, policy *doma
return writeModelToLoginPolicy(&existingPolicy.LoginPolicyWriteModel), nil return writeModelToLoginPolicy(&existingPolicy.LoginPolicyWriteModel), nil
} }
func (r *CommandSide) changeDefaultLoginPolicy(ctx context.Context, iamAgg *eventstore.Aggregate, existingPolicy *IAMLoginPolicyWriteModel, policy *domain.LoginPolicy) (eventstore.EventPusher, error) { func (c *Commands) changeDefaultLoginPolicy(ctx context.Context, iamAgg *eventstore.Aggregate, existingPolicy *IAMLoginPolicyWriteModel, policy *domain.LoginPolicy) (eventstore.EventPusher, error) {
err := r.defaultLoginPolicyWriteModelByID(ctx, existingPolicy) err := c.defaultLoginPolicyWriteModelByID(ctx, existingPolicy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -81,9 +81,9 @@ func (r *CommandSide) changeDefaultLoginPolicy(ctx context.Context, iamAgg *even
return changedEvent, nil return changedEvent, nil
} }
func (r *CommandSide) AddIDPProviderToDefaultLoginPolicy(ctx context.Context, idpProvider *domain.IDPProvider) (*domain.IDPProvider, error) { func (c *Commands) AddIDPProviderToDefaultLoginPolicy(ctx context.Context, idpProvider *domain.IDPProvider) (*domain.IDPProvider, error) {
idpModel := NewIAMIdentityProviderWriteModel(idpProvider.IDPConfigID) idpModel := NewIAMIdentityProviderWriteModel(idpProvider.IDPConfigID)
err := r.eventstore.FilterToQueryReducer(ctx, idpModel) err := c.eventstore.FilterToQueryReducer(ctx, idpModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -92,7 +92,7 @@ func (r *CommandSide) AddIDPProviderToDefaultLoginPolicy(ctx context.Context, id
} }
iamAgg := IAMAggregateFromWriteModel(&idpModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&idpModel.WriteModel)
pushedEvents, err := r.eventstore.PushEvents(ctx, iam_repo.NewIdentityProviderAddedEvent(ctx, iamAgg, idpProvider.IDPConfigID, idpProvider.Type)) pushedEvents, err := c.eventstore.PushEvents(ctx, iam_repo.NewIdentityProviderAddedEvent(ctx, iamAgg, idpProvider.IDPConfigID, idpProvider.Type))
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -103,9 +103,9 @@ func (r *CommandSide) AddIDPProviderToDefaultLoginPolicy(ctx context.Context, id
return writeModelToIDPProvider(&idpModel.IdentityProviderWriteModel), nil return writeModelToIDPProvider(&idpModel.IdentityProviderWriteModel), nil
} }
func (r *CommandSide) RemoveIDPProviderFromDefaultLoginPolicy(ctx context.Context, idpProvider *domain.IDPProvider, cascadeExternalIDPs ...*domain.ExternalIDP) error { func (c *Commands) RemoveIDPProviderFromDefaultLoginPolicy(ctx context.Context, idpProvider *domain.IDPProvider, cascadeExternalIDPs ...*domain.ExternalIDP) error {
idpModel := NewIAMIdentityProviderWriteModel(idpProvider.IDPConfigID) idpModel := NewIAMIdentityProviderWriteModel(idpProvider.IDPConfigID)
err := r.eventstore.FilterToQueryReducer(ctx, idpModel) err := c.eventstore.FilterToQueryReducer(ctx, idpModel)
if err != nil { if err != nil {
return err return err
} }
@@ -118,13 +118,13 @@ func (r *CommandSide) RemoveIDPProviderFromDefaultLoginPolicy(ctx context.Contex
iam_repo.NewIdentityProviderRemovedEvent(ctx, iamAgg, idpProvider.IDPConfigID), iam_repo.NewIdentityProviderRemovedEvent(ctx, iamAgg, idpProvider.IDPConfigID),
} }
userEvents := r.removeIDPProviderFromDefaultLoginPolicy(ctx, iamAgg, idpProvider, false, cascadeExternalIDPs...) userEvents := c.removeIDPProviderFromDefaultLoginPolicy(ctx, iamAgg, idpProvider, false, cascadeExternalIDPs...)
events = append(events, userEvents...) events = append(events, userEvents...)
_, err = r.eventstore.PushEvents(ctx, events...) _, err = c.eventstore.PushEvents(ctx, events...)
return err return err
} }
func (r *CommandSide) removeIDPProviderFromDefaultLoginPolicy(ctx context.Context, iamAgg *eventstore.Aggregate, idpProvider *domain.IDPProvider, cascade bool, cascadeExternalIDPs ...*domain.ExternalIDP) []eventstore.EventPusher { func (c *Commands) removeIDPProviderFromDefaultLoginPolicy(ctx context.Context, iamAgg *eventstore.Aggregate, idpProvider *domain.IDPProvider, cascade bool, cascadeExternalIDPs ...*domain.ExternalIDP) []eventstore.EventPusher {
var events []eventstore.EventPusher var events []eventstore.EventPusher
if cascade { if cascade {
events = append(events, iam_repo.NewIdentityProviderCascadeRemovedEvent(ctx, iamAgg, idpProvider.IDPConfigID)) events = append(events, iam_repo.NewIdentityProviderCascadeRemovedEvent(ctx, iamAgg, idpProvider.IDPConfigID))
@@ -133,7 +133,7 @@ func (r *CommandSide) removeIDPProviderFromDefaultLoginPolicy(ctx context.Contex
} }
for _, idp := range cascadeExternalIDPs { for _, idp := range cascadeExternalIDPs {
userEvent, err := r.removeHumanExternalIDP(ctx, idp, true) userEvent, err := c.removeHumanExternalIDP(ctx, idp, true)
if err != nil { if err != nil {
logging.LogWithFields("COMMAND-4nfsf", "userid", idp.AggregateID, "idp-id", idp.IDPConfigID).WithError(err).Warn("could not cascade remove externalidp in remove provider from policy") logging.LogWithFields("COMMAND-4nfsf", "userid", idp.AggregateID, "idp-id", idp.IDPConfigID).WithError(err).Warn("could not cascade remove externalidp in remove provider from policy")
continue continue
@@ -143,23 +143,23 @@ func (r *CommandSide) removeIDPProviderFromDefaultLoginPolicy(ctx context.Contex
return events return events
} }
func (r *CommandSide) AddSecondFactorToDefaultLoginPolicy(ctx context.Context, secondFactor domain.SecondFactorType) (domain.SecondFactorType, error) { func (c *Commands) AddSecondFactorToDefaultLoginPolicy(ctx context.Context, secondFactor domain.SecondFactorType) (domain.SecondFactorType, error) {
secondFactorModel := NewIAMSecondFactorWriteModel() secondFactorModel := NewIAMSecondFactorWriteModel()
iamAgg := IAMAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel)
event, err := r.addSecondFactorToDefaultLoginPolicy(ctx, iamAgg, secondFactorModel, secondFactor) event, err := c.addSecondFactorToDefaultLoginPolicy(ctx, iamAgg, secondFactorModel, secondFactor)
if err != nil { if err != nil {
return domain.SecondFactorTypeUnspecified, err return domain.SecondFactorTypeUnspecified, err
} }
if _, err = r.eventstore.PushEvents(ctx, event); err != nil { if _, err = c.eventstore.PushEvents(ctx, event); err != nil {
return domain.SecondFactorTypeUnspecified, err return domain.SecondFactorTypeUnspecified, err
} }
return secondFactorModel.MFAType, nil return secondFactorModel.MFAType, nil
} }
func (r *CommandSide) addSecondFactorToDefaultLoginPolicy(ctx context.Context, iamAgg *eventstore.Aggregate, secondFactorModel *IAMSecondFactorWriteModel, secondFactor domain.SecondFactorType) (eventstore.EventPusher, error) { func (c *Commands) addSecondFactorToDefaultLoginPolicy(ctx context.Context, iamAgg *eventstore.Aggregate, secondFactorModel *IAMSecondFactorWriteModel, secondFactor domain.SecondFactorType) (eventstore.EventPusher, error) {
err := r.eventstore.FilterToQueryReducer(ctx, secondFactorModel) err := c.eventstore.FilterToQueryReducer(ctx, secondFactorModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -170,9 +170,9 @@ func (r *CommandSide) addSecondFactorToDefaultLoginPolicy(ctx context.Context, i
return iam_repo.NewLoginPolicySecondFactorAddedEvent(ctx, iamAgg, secondFactor), nil return iam_repo.NewLoginPolicySecondFactorAddedEvent(ctx, iamAgg, secondFactor), nil
} }
func (r *CommandSide) RemoveSecondFactorFromDefaultLoginPolicy(ctx context.Context, secondFactor domain.SecondFactorType) error { func (c *Commands) RemoveSecondFactorFromDefaultLoginPolicy(ctx context.Context, secondFactor domain.SecondFactorType) error {
secondFactorModel := NewIAMSecondFactorWriteModel() secondFactorModel := NewIAMSecondFactorWriteModel()
err := r.eventstore.FilterToQueryReducer(ctx, secondFactorModel) err := c.eventstore.FilterToQueryReducer(ctx, secondFactorModel)
if err != nil { if err != nil {
return err return err
} }
@@ -180,27 +180,27 @@ func (r *CommandSide) RemoveSecondFactorFromDefaultLoginPolicy(ctx context.Conte
return caos_errs.ThrowNotFound(nil, "IAM-3M9od", "Errors.IAM.LoginPolicy.MFA.NotExisting") return caos_errs.ThrowNotFound(nil, "IAM-3M9od", "Errors.IAM.LoginPolicy.MFA.NotExisting")
} }
iamAgg := IAMAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel)
_, err = r.eventstore.PushEvents(ctx, iam_repo.NewLoginPolicySecondFactorRemovedEvent(ctx, iamAgg, secondFactor)) _, err = c.eventstore.PushEvents(ctx, iam_repo.NewLoginPolicySecondFactorRemovedEvent(ctx, iamAgg, secondFactor))
return err return err
} }
func (r *CommandSide) AddMultiFactorToDefaultLoginPolicy(ctx context.Context, multiFactor domain.MultiFactorType) (domain.MultiFactorType, error) { func (c *Commands) AddMultiFactorToDefaultLoginPolicy(ctx context.Context, multiFactor domain.MultiFactorType) (domain.MultiFactorType, error) {
multiFactorModel := NewIAMMultiFactorWriteModel() multiFactorModel := NewIAMMultiFactorWriteModel()
iamAgg := IAMAggregateFromWriteModel(&multiFactorModel.MultiFactoryWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&multiFactorModel.MultiFactoryWriteModel.WriteModel)
event, err := r.addMultiFactorToDefaultLoginPolicy(ctx, iamAgg, multiFactorModel, multiFactor) event, err := c.addMultiFactorToDefaultLoginPolicy(ctx, iamAgg, multiFactorModel, multiFactor)
if err != nil { if err != nil {
return domain.MultiFactorTypeUnspecified, err return domain.MultiFactorTypeUnspecified, err
} }
if _, err = r.eventstore.PushEvents(ctx, event); err != nil { if _, err = c.eventstore.PushEvents(ctx, event); err != nil {
return domain.MultiFactorTypeUnspecified, err return domain.MultiFactorTypeUnspecified, err
} }
return multiFactorModel.MultiFactoryWriteModel.MFAType, nil return multiFactorModel.MultiFactoryWriteModel.MFAType, nil
} }
func (r *CommandSide) addMultiFactorToDefaultLoginPolicy(ctx context.Context, iamAgg *eventstore.Aggregate, multiFactorModel *IAMMultiFactorWriteModel, multiFactor domain.MultiFactorType) (eventstore.EventPusher, error) { func (c *Commands) addMultiFactorToDefaultLoginPolicy(ctx context.Context, iamAgg *eventstore.Aggregate, multiFactorModel *IAMMultiFactorWriteModel, multiFactor domain.MultiFactorType) (eventstore.EventPusher, error) {
err := r.eventstore.FilterToQueryReducer(ctx, multiFactorModel) err := c.eventstore.FilterToQueryReducer(ctx, multiFactorModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -211,9 +211,9 @@ func (r *CommandSide) addMultiFactorToDefaultLoginPolicy(ctx context.Context, ia
return iam_repo.NewLoginPolicyMultiFactorAddedEvent(ctx, iamAgg, multiFactor), nil return iam_repo.NewLoginPolicyMultiFactorAddedEvent(ctx, iamAgg, multiFactor), nil
} }
func (r *CommandSide) RemoveMultiFactorFromDefaultLoginPolicy(ctx context.Context, multiFactor domain.MultiFactorType) error { func (c *Commands) RemoveMultiFactorFromDefaultLoginPolicy(ctx context.Context, multiFactor domain.MultiFactorType) error {
multiFactorModel := NewIAMMultiFactorWriteModel() multiFactorModel := NewIAMMultiFactorWriteModel()
err := r.eventstore.FilterToQueryReducer(ctx, multiFactorModel) err := c.eventstore.FilterToQueryReducer(ctx, multiFactorModel)
if err != nil { if err != nil {
return err return err
} }
@@ -221,15 +221,15 @@ func (r *CommandSide) RemoveMultiFactorFromDefaultLoginPolicy(ctx context.Contex
return caos_errs.ThrowNotFound(nil, "IAM-3M9df", "Errors.IAM.LoginPolicy.MFA.NotExisting") return caos_errs.ThrowNotFound(nil, "IAM-3M9df", "Errors.IAM.LoginPolicy.MFA.NotExisting")
} }
iamAgg := IAMAggregateFromWriteModel(&multiFactorModel.MultiFactoryWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&multiFactorModel.MultiFactoryWriteModel.WriteModel)
_, err = r.eventstore.PushEvents(ctx, iam_repo.NewLoginPolicyMultiFactorRemovedEvent(ctx, iamAgg, multiFactor)) _, err = c.eventstore.PushEvents(ctx, iam_repo.NewLoginPolicyMultiFactorRemovedEvent(ctx, iamAgg, multiFactor))
return err return err
} }
func (r *CommandSide) defaultLoginPolicyWriteModelByID(ctx context.Context, writeModel *IAMLoginPolicyWriteModel) (err error) { func (c *Commands) defaultLoginPolicyWriteModelByID(ctx context.Context, writeModel *IAMLoginPolicyWriteModel) (err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
err = r.eventstore.FilterToQueryReducer(ctx, writeModel) err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil { if err != nil {
return err return err
} }

20
internal/command/iam_policy_mail_template.go
View File

@@ -9,15 +9,15 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
) )
func (r *CommandSide) AddDefaultMailTemplate(ctx context.Context, policy *domain.MailTemplate) (*domain.MailTemplate, error) { func (c *Commands) AddDefaultMailTemplate(ctx context.Context, policy *domain.MailTemplate) (*domain.MailTemplate, error) {
addedPolicy := NewIAMMailTemplateWriteModel() addedPolicy := NewIAMMailTemplateWriteModel()
iamAgg := IAMAggregateFromWriteModel(&addedPolicy.MailTemplateWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&addedPolicy.MailTemplateWriteModel.WriteModel)
event, err := r.addDefaultMailTemplate(ctx, iamAgg, addedPolicy, policy) event, err := c.addDefaultMailTemplate(ctx, iamAgg, addedPolicy, policy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, event) pushedEvents, err := c.eventstore.PushEvents(ctx, event)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -28,11 +28,11 @@ func (r *CommandSide) AddDefaultMailTemplate(ctx context.Context, policy *domain
return writeModelToMailTemplatePolicy(&addedPolicy.MailTemplateWriteModel), nil return writeModelToMailTemplatePolicy(&addedPolicy.MailTemplateWriteModel), nil
} }
func (r *CommandSide) addDefaultMailTemplate(ctx context.Context, iamAgg *eventstore.Aggregate, addedPolicy *IAMMailTemplateWriteModel, policy *domain.MailTemplate) (eventstore.EventPusher, error) { func (c *Commands) addDefaultMailTemplate(ctx context.Context, iamAgg *eventstore.Aggregate, addedPolicy *IAMMailTemplateWriteModel, policy *domain.MailTemplate) (eventstore.EventPusher, error) {
if !policy.IsValid() { if !policy.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-fm9sd", "Errors.IAM.MailTemplate.Invalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-fm9sd", "Errors.IAM.MailTemplate.Invalid")
} }
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) err := c.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -43,11 +43,11 @@ func (r *CommandSide) addDefaultMailTemplate(ctx context.Context, iamAgg *events
return iam_repo.NewMailTemplateAddedEvent(ctx, iamAgg, policy.Template), nil return iam_repo.NewMailTemplateAddedEvent(ctx, iamAgg, policy.Template), nil
} }
func (r *CommandSide) ChangeDefaultMailTemplate(ctx context.Context, policy *domain.MailTemplate) (*domain.MailTemplate, error) { func (c *Commands) ChangeDefaultMailTemplate(ctx context.Context, policy *domain.MailTemplate) (*domain.MailTemplate, error) {
if !policy.IsValid() { if !policy.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4m9ds", "Errors.IAM.MailTemplate.Invalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4m9ds", "Errors.IAM.MailTemplate.Invalid")
} }
existingPolicy, err := r.defaultMailTemplateWriteModelByID(ctx) existingPolicy, err := c.defaultMailTemplateWriteModelByID(ctx)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -62,7 +62,7 @@ func (r *CommandSide) ChangeDefaultMailTemplate(ctx context.Context, policy *dom
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-3nfsG", "Errors.IAM.MailTemplate.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-3nfsG", "Errors.IAM.MailTemplate.NotChanged")
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent) pushedEvents, err := c.eventstore.PushEvents(ctx, changedEvent)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -73,12 +73,12 @@ func (r *CommandSide) ChangeDefaultMailTemplate(ctx context.Context, policy *dom
return writeModelToMailTemplatePolicy(&existingPolicy.MailTemplateWriteModel), nil return writeModelToMailTemplatePolicy(&existingPolicy.MailTemplateWriteModel), nil
} }
func (r *CommandSide) defaultMailTemplateWriteModelByID(ctx context.Context) (policy *IAMMailTemplateWriteModel, err error) { func (c *Commands) defaultMailTemplateWriteModelByID(ctx context.Context) (policy *IAMMailTemplateWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
writeModel := NewIAMMailTemplateWriteModel() writeModel := NewIAMMailTemplateWriteModel()
err = r.eventstore.FilterToQueryReducer(ctx, writeModel) err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

20
internal/command/iam_policy_mail_text.go
View File

@@ -9,15 +9,15 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
) )
func (r *CommandSide) AddDefaultMailText(ctx context.Context, policy *domain.MailText) (*domain.MailText, error) { func (c *Commands) AddDefaultMailText(ctx context.Context, policy *domain.MailText) (*domain.MailText, error) {
addedPolicy := NewIAMMailTextWriteModel(policy.MailTextType, policy.Language) addedPolicy := NewIAMMailTextWriteModel(policy.MailTextType, policy.Language)
iamAgg := IAMAggregateFromWriteModel(&addedPolicy.MailTextWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&addedPolicy.MailTextWriteModel.WriteModel)
event, err := r.addDefaultMailText(ctx, iamAgg, addedPolicy, policy) event, err := c.addDefaultMailText(ctx, iamAgg, addedPolicy, policy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, event) pushedEvents, err := c.eventstore.PushEvents(ctx, event)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -28,11 +28,11 @@ func (r *CommandSide) AddDefaultMailText(ctx context.Context, policy *domain.Mai
return writeModelToMailTextPolicy(&addedPolicy.MailTextWriteModel), nil return writeModelToMailTextPolicy(&addedPolicy.MailTextWriteModel), nil
} }
func (r *CommandSide) addDefaultMailText(ctx context.Context, iamAgg *eventstore.Aggregate, addedPolicy *IAMMailTextWriteModel, mailText *domain.MailText) (eventstore.EventPusher, error) { func (c *Commands) addDefaultMailText(ctx context.Context, iamAgg *eventstore.Aggregate, addedPolicy *IAMMailTextWriteModel, mailText *domain.MailText) (eventstore.EventPusher, error) {
if !mailText.IsValid() { if !mailText.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-3n8fs", "Errors.IAM.MailText.Invalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-3n8fs", "Errors.IAM.MailText.Invalid")
} }
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) err := c.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -53,11 +53,11 @@ func (r *CommandSide) addDefaultMailText(ctx context.Context, iamAgg *eventstore
mailText.ButtonText), nil mailText.ButtonText), nil
} }
func (r *CommandSide) ChangeDefaultMailText(ctx context.Context, mailText *domain.MailText) (*domain.MailText, error) { func (c *Commands) ChangeDefaultMailText(ctx context.Context, mailText *domain.MailText) (*domain.MailText, error) {
if !mailText.IsValid() { if !mailText.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-kd9fs", "Errors.IAM.MailText.Invalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-kd9fs", "Errors.IAM.MailText.Invalid")
} }
existingPolicy, err := r.defaultMailTextWriteModelByID(ctx, mailText.MailTextType, mailText.Language) existingPolicy, err := c.defaultMailTextWriteModelByID(ctx, mailText.MailTextType, mailText.Language)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -82,7 +82,7 @@ func (r *CommandSide) ChangeDefaultMailText(ctx context.Context, mailText *domai
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-m9L0s", "Errors.IAM.MailText.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-m9L0s", "Errors.IAM.MailText.NotChanged")
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent) pushedEvents, err := c.eventstore.PushEvents(ctx, changedEvent)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -93,12 +93,12 @@ func (r *CommandSide) ChangeDefaultMailText(ctx context.Context, mailText *domai
return writeModelToMailTextPolicy(&existingPolicy.MailTextWriteModel), nil return writeModelToMailTextPolicy(&existingPolicy.MailTextWriteModel), nil
} }
func (r *CommandSide) defaultMailTextWriteModelByID(ctx context.Context, mailTextType, language string) (policy *IAMMailTextWriteModel, err error) { func (c *Commands) defaultMailTextWriteModelByID(ctx context.Context, mailTextType, language string) (policy *IAMMailTextWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
writeModel := NewIAMMailTextWriteModel(mailTextType, language) writeModel := NewIAMMailTextWriteModel(mailTextType, language)
err = r.eventstore.FilterToQueryReducer(ctx, writeModel) err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

24
internal/command/iam_policy_org_iam.go
View File

@@ -9,15 +9,15 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
) )
func (r *CommandSide) AddDefaultOrgIAMPolicy(ctx context.Context, policy *domain.OrgIAMPolicy) (*domain.OrgIAMPolicy, error) { func (c *Commands) AddDefaultOrgIAMPolicy(ctx context.Context, policy *domain.OrgIAMPolicy) (*domain.OrgIAMPolicy, error) {
addedPolicy := NewIAMOrgIAMPolicyWriteModel() addedPolicy := NewIAMOrgIAMPolicyWriteModel()
iamAgg := IAMAggregateFromWriteModel(&addedPolicy.WriteModel) iamAgg := IAMAggregateFromWriteModel(&addedPolicy.WriteModel)
event, err := r.addDefaultOrgIAMPolicy(ctx, iamAgg, addedPolicy, policy) event, err := c.addDefaultOrgIAMPolicy(ctx, iamAgg, addedPolicy, policy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, event) pushedEvents, err := c.eventstore.PushEvents(ctx, event)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -28,8 +28,8 @@ func (r *CommandSide) AddDefaultOrgIAMPolicy(ctx context.Context, policy *domain
return writeModelToOrgIAMPolicy(addedPolicy), nil return writeModelToOrgIAMPolicy(addedPolicy), nil
} }
func (r *CommandSide) addDefaultOrgIAMPolicy(ctx context.Context, iamAgg *eventstore.Aggregate, addedPolicy *IAMOrgIAMPolicyWriteModel, policy *domain.OrgIAMPolicy) (eventstore.EventPusher, error) { func (c *Commands) addDefaultOrgIAMPolicy(ctx context.Context, iamAgg *eventstore.Aggregate, addedPolicy *IAMOrgIAMPolicyWriteModel, policy *domain.OrgIAMPolicy) (eventstore.EventPusher, error) {
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) err := c.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -39,8 +39,8 @@ func (r *CommandSide) addDefaultOrgIAMPolicy(ctx context.Context, iamAgg *events
return iam_repo.NewOrgIAMPolicyAddedEvent(ctx, iamAgg, policy.UserLoginMustBeDomain), nil return iam_repo.NewOrgIAMPolicyAddedEvent(ctx, iamAgg, policy.UserLoginMustBeDomain), nil
} }
func (r *CommandSide) ChangeDefaultOrgIAMPolicy(ctx context.Context, policy *domain.OrgIAMPolicy) (*domain.OrgIAMPolicy, error) { func (c *Commands) ChangeDefaultOrgIAMPolicy(ctx context.Context, policy *domain.OrgIAMPolicy) (*domain.OrgIAMPolicy, error) {
existingPolicy, err := r.defaultOrgIAMPolicyWriteModelByID(ctx) existingPolicy, err := c.defaultOrgIAMPolicyWriteModelByID(ctx)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -54,7 +54,7 @@ func (r *CommandSide) ChangeDefaultOrgIAMPolicy(ctx context.Context, policy *dom
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9vs", "Errors.IAM.LabelPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9vs", "Errors.IAM.LabelPolicy.NotChanged")
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent) pushedEvents, err := c.eventstore.PushEvents(ctx, changedEvent)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -65,8 +65,8 @@ func (r *CommandSide) ChangeDefaultOrgIAMPolicy(ctx context.Context, policy *dom
return writeModelToOrgIAMPolicy(existingPolicy), nil return writeModelToOrgIAMPolicy(existingPolicy), nil
} }
func (r *CommandSide) getDefaultOrgIAMPolicy(ctx context.Context) (*domain.OrgIAMPolicy, error) { func (c *Commands) getDefaultOrgIAMPolicy(ctx context.Context) (*domain.OrgIAMPolicy, error) {
policyWriteModel, err := r.defaultOrgIAMPolicyWriteModelByID(ctx) policyWriteModel, err := c.defaultOrgIAMPolicyWriteModelByID(ctx)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -75,12 +75,12 @@ func (r *CommandSide) getDefaultOrgIAMPolicy(ctx context.Context) (*domain.OrgIA
return policy, nil return policy, nil
} }
func (r *CommandSide) defaultOrgIAMPolicyWriteModelByID(ctx context.Context) (policy *IAMOrgIAMPolicyWriteModel, err error) { func (c *Commands) defaultOrgIAMPolicyWriteModelByID(ctx context.Context) (policy *IAMOrgIAMPolicyWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
writeModel := NewIAMOrgIAMPolicyWriteModel() writeModel := NewIAMOrgIAMPolicyWriteModel()
err = r.eventstore.FilterToQueryReducer(ctx, writeModel) err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

20
internal/command/iam_policy_password_age.go
View File

@@ -9,15 +9,15 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
) )
func (r *CommandSide) AddDefaultPasswordAgePolicy(ctx context.Context, policy *domain.PasswordAgePolicy) (*domain.PasswordAgePolicy, error) { func (c *Commands) AddDefaultPasswordAgePolicy(ctx context.Context, policy *domain.PasswordAgePolicy) (*domain.PasswordAgePolicy, error) {
addedPolicy := NewIAMPasswordAgePolicyWriteModel() addedPolicy := NewIAMPasswordAgePolicyWriteModel()
iamAgg := IAMAggregateFromWriteModel(&addedPolicy.WriteModel) iamAgg := IAMAggregateFromWriteModel(&addedPolicy.WriteModel)
event, err := r.addDefaultPasswordAgePolicy(ctx, iamAgg, addedPolicy, policy) event, err := c.addDefaultPasswordAgePolicy(ctx, iamAgg, addedPolicy, policy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, event) pushedEvents, err := c.eventstore.PushEvents(ctx, event)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -28,8 +28,8 @@ func (r *CommandSide) AddDefaultPasswordAgePolicy(ctx context.Context, policy *d
return writeModelToPasswordAgePolicy(&addedPolicy.PasswordAgePolicyWriteModel), nil return writeModelToPasswordAgePolicy(&addedPolicy.PasswordAgePolicyWriteModel), nil
} }
func (r *CommandSide) addDefaultPasswordAgePolicy(ctx context.Context, iamAgg *eventstore.Aggregate, addedPolicy *IAMPasswordAgePolicyWriteModel, policy *domain.PasswordAgePolicy) (eventstore.EventPusher, error) { func (c *Commands) addDefaultPasswordAgePolicy(ctx context.Context, iamAgg *eventstore.Aggregate, addedPolicy *IAMPasswordAgePolicyWriteModel, policy *domain.PasswordAgePolicy) (eventstore.EventPusher, error) {
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) err := c.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -41,8 +41,8 @@ func (r *CommandSide) addDefaultPasswordAgePolicy(ctx context.Context, iamAgg *e
} }
func (r *CommandSide) ChangeDefaultPasswordAgePolicy(ctx context.Context, policy *domain.PasswordAgePolicy) (*domain.PasswordAgePolicy, error) { func (c *Commands) ChangeDefaultPasswordAgePolicy(ctx context.Context, policy *domain.PasswordAgePolicy) (*domain.PasswordAgePolicy, error) {
existingPolicy, err := r.defaultPasswordAgePolicyWriteModelByID(ctx) existingPolicy, err := c.defaultPasswordAgePolicyWriteModelByID(ctx)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -56,7 +56,7 @@ func (r *CommandSide) ChangeDefaultPasswordAgePolicy(ctx context.Context, policy
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9vs", "Errors.IAM.LabelPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9vs", "Errors.IAM.LabelPolicy.NotChanged")
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent) pushedEvents, err := c.eventstore.PushEvents(ctx, changedEvent)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -68,12 +68,12 @@ func (r *CommandSide) ChangeDefaultPasswordAgePolicy(ctx context.Context, policy
return writeModelToPasswordAgePolicy(&existingPolicy.PasswordAgePolicyWriteModel), nil return writeModelToPasswordAgePolicy(&existingPolicy.PasswordAgePolicyWriteModel), nil
} }
func (r *CommandSide) defaultPasswordAgePolicyWriteModelByID(ctx context.Context) (policy *IAMPasswordAgePolicyWriteModel, err error) { func (c *Commands) defaultPasswordAgePolicyWriteModelByID(ctx context.Context) (policy *IAMPasswordAgePolicyWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
writeModel := NewIAMPasswordAgePolicyWriteModel() writeModel := NewIAMPasswordAgePolicyWriteModel()
err = r.eventstore.FilterToQueryReducer(ctx, writeModel) err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

24
internal/command/iam_policy_password_complexity.go
View File

@@ -9,9 +9,9 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
) )
func (r *CommandSide) getDefaultPasswordComplexityPolicy(ctx context.Context) (*domain.PasswordComplexityPolicy, error) { func (c *Commands) getDefaultPasswordComplexityPolicy(ctx context.Context) (*domain.PasswordComplexityPolicy, error) {
policyWriteModel := NewIAMPasswordComplexityPolicyWriteModel() policyWriteModel := NewIAMPasswordComplexityPolicyWriteModel()
err := r.eventstore.FilterToQueryReducer(ctx, policyWriteModel) err := c.eventstore.FilterToQueryReducer(ctx, policyWriteModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -20,15 +20,15 @@ func (r *CommandSide) getDefaultPasswordComplexityPolicy(ctx context.Context) (*
return policy, nil return policy, nil
} }
func (r *CommandSide) AddDefaultPasswordComplexityPolicy(ctx context.Context, policy *domain.PasswordComplexityPolicy) (*domain.PasswordComplexityPolicy, error) { func (c *Commands) AddDefaultPasswordComplexityPolicy(ctx context.Context, policy *domain.PasswordComplexityPolicy) (*domain.PasswordComplexityPolicy, error) {
addedPolicy := NewIAMPasswordComplexityPolicyWriteModel() addedPolicy := NewIAMPasswordComplexityPolicyWriteModel()
iamAgg := IAMAggregateFromWriteModel(&addedPolicy.WriteModel) iamAgg := IAMAggregateFromWriteModel(&addedPolicy.WriteModel)
events, err := r.addDefaultPasswordComplexityPolicy(ctx, iamAgg, addedPolicy, policy) events, err := c.addDefaultPasswordComplexityPolicy(ctx, iamAgg, addedPolicy, policy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, events) pushedEvents, err := c.eventstore.PushEvents(ctx, events)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -39,12 +39,12 @@ func (r *CommandSide) AddDefaultPasswordComplexityPolicy(ctx context.Context, po
return writeModelToPasswordComplexityPolicy(&addedPolicy.PasswordComplexityPolicyWriteModel), nil return writeModelToPasswordComplexityPolicy(&addedPolicy.PasswordComplexityPolicyWriteModel), nil
} }
func (r *CommandSide) addDefaultPasswordComplexityPolicy(ctx context.Context, iamAgg *eventstore.Aggregate, addedPolicy *IAMPasswordComplexityPolicyWriteModel, policy *domain.PasswordComplexityPolicy) (eventstore.EventPusher, error) { func (c *Commands) addDefaultPasswordComplexityPolicy(ctx context.Context, iamAgg *eventstore.Aggregate, addedPolicy *IAMPasswordComplexityPolicyWriteModel, policy *domain.PasswordComplexityPolicy) (eventstore.EventPusher, error) {
if err := policy.IsValid(); err != nil { if err := policy.IsValid(); err != nil {
return nil, err return nil, err
} }
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) err := c.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -55,12 +55,12 @@ func (r *CommandSide) addDefaultPasswordComplexityPolicy(ctx context.Context, ia
return iam_repo.NewPasswordComplexityPolicyAddedEvent(ctx, iamAgg, policy.MinLength, policy.HasLowercase, policy.HasUppercase, policy.HasNumber, policy.HasSymbol), nil return iam_repo.NewPasswordComplexityPolicyAddedEvent(ctx, iamAgg, policy.MinLength, policy.HasLowercase, policy.HasUppercase, policy.HasNumber, policy.HasSymbol), nil
} }
func (r *CommandSide) ChangeDefaultPasswordComplexityPolicy(ctx context.Context, policy *domain.PasswordComplexityPolicy) (*domain.PasswordComplexityPolicy, error) { func (c *Commands) ChangeDefaultPasswordComplexityPolicy(ctx context.Context, policy *domain.PasswordComplexityPolicy) (*domain.PasswordComplexityPolicy, error) {
if err := policy.IsValid(); err != nil { if err := policy.IsValid(); err != nil {
return nil, err return nil, err
} }
existingPolicy, err := r.defaultPasswordComplexityPolicyWriteModelByID(ctx) existingPolicy, err := c.defaultPasswordComplexityPolicyWriteModelByID(ctx)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -73,7 +73,7 @@ func (r *CommandSide) ChangeDefaultPasswordComplexityPolicy(ctx context.Context,
if !hasChanged { if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9vs", "Errors.IAM.LabelPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9vs", "Errors.IAM.LabelPolicy.NotChanged")
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent) pushedEvents, err := c.eventstore.PushEvents(ctx, changedEvent)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -84,12 +84,12 @@ func (r *CommandSide) ChangeDefaultPasswordComplexityPolicy(ctx context.Context,
return writeModelToPasswordComplexityPolicy(&existingPolicy.PasswordComplexityPolicyWriteModel), nil return writeModelToPasswordComplexityPolicy(&existingPolicy.PasswordComplexityPolicyWriteModel), nil
} }
func (r *CommandSide) defaultPasswordComplexityPolicyWriteModelByID(ctx context.Context) (policy *IAMPasswordComplexityPolicyWriteModel, err error) { func (c *Commands) defaultPasswordComplexityPolicyWriteModelByID(ctx context.Context) (policy *IAMPasswordComplexityPolicyWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
writeModel := NewIAMPasswordComplexityPolicyWriteModel() writeModel := NewIAMPasswordComplexityPolicyWriteModel()
err = r.eventstore.FilterToQueryReducer(ctx, writeModel) err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

20
internal/command/iam_policy_password_lockout.go
View File

@@ -9,14 +9,14 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
) )
func (r *CommandSide) AddDefaultPasswordLockoutPolicy(ctx context.Context, policy *domain.PasswordLockoutPolicy) (*domain.PasswordLockoutPolicy, error) { func (c *Commands) AddDefaultPasswordLockoutPolicy(ctx context.Context, policy *domain.PasswordLockoutPolicy) (*domain.PasswordLockoutPolicy, error) {
addedPolicy := NewIAMPasswordLockoutPolicyWriteModel() addedPolicy := NewIAMPasswordLockoutPolicyWriteModel()
iamAgg := IAMAggregateFromWriteModel(&addedPolicy.WriteModel) iamAgg := IAMAggregateFromWriteModel(&addedPolicy.WriteModel)
event, err := r.addDefaultPasswordLockoutPolicy(ctx, iamAgg, addedPolicy, policy) event, err := c.addDefaultPasswordLockoutPolicy(ctx, iamAgg, addedPolicy, policy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, event) pushedEvents, err := c.eventstore.PushEvents(ctx, event)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -28,8 +28,8 @@ func (r *CommandSide) AddDefaultPasswordLockoutPolicy(ctx context.Context, polic
return writeModelToPasswordLockoutPolicy(&addedPolicy.PasswordLockoutPolicyWriteModel), nil return writeModelToPasswordLockoutPolicy(&addedPolicy.PasswordLockoutPolicyWriteModel), nil
} }
func (r *CommandSide) addDefaultPasswordLockoutPolicy(ctx context.Context, iamAgg *eventstore.Aggregate, addedPolicy *IAMPasswordLockoutPolicyWriteModel, policy *domain.PasswordLockoutPolicy) (eventstore.EventPusher, error) { func (c *Commands) addDefaultPasswordLockoutPolicy(ctx context.Context, iamAgg *eventstore.Aggregate, addedPolicy *IAMPasswordLockoutPolicyWriteModel, policy *domain.PasswordLockoutPolicy) (eventstore.EventPusher, error) {
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) err := c.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -40,8 +40,8 @@ func (r *CommandSide) addDefaultPasswordLockoutPolicy(ctx context.Context, iamAg
return iam_repo.NewPasswordLockoutPolicyAddedEvent(ctx, iamAgg, policy.MaxAttempts, policy.ShowLockOutFailures), nil return iam_repo.NewPasswordLockoutPolicyAddedEvent(ctx, iamAgg, policy.MaxAttempts, policy.ShowLockOutFailures), nil
} }
func (r *CommandSide) ChangeDefaultPasswordLockoutPolicy(ctx context.Context, policy *domain.PasswordLockoutPolicy) (*domain.PasswordLockoutPolicy, error) { func (c *Commands) ChangeDefaultPasswordLockoutPolicy(ctx context.Context, policy *domain.PasswordLockoutPolicy) (*domain.PasswordLockoutPolicy, error) {
existingPolicy, err := r.defaultPasswordLockoutPolicyWriteModelByID(ctx) existingPolicy, err := c.defaultPasswordLockoutPolicyWriteModelByID(ctx)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -55,7 +55,7 @@ func (r *CommandSide) ChangeDefaultPasswordLockoutPolicy(ctx context.Context, po
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9vs", "Errors.IAM.PasswordLockoutPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9vs", "Errors.IAM.PasswordLockoutPolicy.NotChanged")
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent) pushedEvents, err := c.eventstore.PushEvents(ctx, changedEvent)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -66,12 +66,12 @@ func (r *CommandSide) ChangeDefaultPasswordLockoutPolicy(ctx context.Context, po
return writeModelToPasswordLockoutPolicy(&existingPolicy.PasswordLockoutPolicyWriteModel), nil return writeModelToPasswordLockoutPolicy(&existingPolicy.PasswordLockoutPolicyWriteModel), nil
} }
func (r *CommandSide) defaultPasswordLockoutPolicyWriteModelByID(ctx context.Context) (policy *IAMPasswordLockoutPolicyWriteModel, err error) { func (c *Commands) defaultPasswordLockoutPolicyWriteModelByID(ctx context.Context) (policy *IAMPasswordLockoutPolicyWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
writeModel := NewIAMPasswordLockoutPolicyWriteModel() writeModel := NewIAMPasswordLockoutPolicyWriteModel()
err = r.eventstore.FilterToQueryReducer(ctx, writeModel) err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

12
internal/command/key_pair.go
View File

@@ -13,23 +13,23 @@ const (
oidcUser = "OIDC" oidcUser = "OIDC"
) )
func (r *CommandSide) GenerateSigningKeyPair(ctx context.Context, algorithm string) error { func (c *Commands) GenerateSigningKeyPair(ctx context.Context, algorithm string) error {
ctx = setOIDCCtx(ctx) ctx = setOIDCCtx(ctx)
privateCrypto, publicCrypto, err := crypto.GenerateEncryptedKeyPair(r.keySize, r.keyAlgorithm) privateCrypto, publicCrypto, err := crypto.GenerateEncryptedKeyPair(c.keySize, c.keyAlgorithm)
if err != nil { if err != nil {
return err return err
} }
keyID, err := r.idGenerator.Next() keyID, err := c.idGenerator.Next()
if err != nil { if err != nil {
return err return err
} }
privateKeyExp := time.Now().UTC().Add(r.privateKeyLifetime) privateKeyExp := time.Now().UTC().Add(c.privateKeyLifetime)
publicKeyExp := time.Now().UTC().Add(r.publicKeyLifetime) publicKeyExp := time.Now().UTC().Add(c.publicKeyLifetime)
keyPairWriteModel := NewKeyPairWriteModel(keyID, domain.IAMID) keyPairWriteModel := NewKeyPairWriteModel(keyID, domain.IAMID)
keyAgg := KeyPairAggregateFromWriteModel(&keyPairWriteModel.WriteModel) keyAgg := KeyPairAggregateFromWriteModel(&keyPairWriteModel.WriteModel)
_, err = r.eventstore.PushEvents(ctx, keypair.NewAddedEvent( _, err = c.eventstore.PushEvents(ctx, keypair.NewAddedEvent(
ctx, ctx,
keyAgg, keyAgg,
domain.KeyUsageSigning, domain.KeyUsageSigning,

56
internal/command/org.go
View File

@@ -8,8 +8,8 @@ import (
"github.com/caos/zitadel/internal/repository/org" "github.com/caos/zitadel/internal/repository/org"
) )
func (r *CommandSide) getOrg(ctx context.Context, orgID string) (*domain.Org, error) { func (c *Commands) getOrg(ctx context.Context, orgID string) (*domain.Org, error) {
writeModel, err := r.getOrgWriteModelByID(ctx, orgID) writeModel, err := c.getOrgWriteModelByID(ctx, orgID)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -19,8 +19,8 @@ func (r *CommandSide) getOrg(ctx context.Context, orgID string) (*domain.Org, er
return orgWriteModelToOrg(writeModel), nil return orgWriteModelToOrg(writeModel), nil
} }
func (r *CommandSide) checkOrgExists(ctx context.Context, orgID string) error { func (c *Commands) checkOrgExists(ctx context.Context, orgID string) error {
orgWriteModel, err := r.getOrgWriteModelByID(ctx, orgID) orgWriteModel, err := c.getOrgWriteModelByID(ctx, orgID)
if err != nil { if err != nil {
return err return err
} }
@@ -30,32 +30,32 @@ func (r *CommandSide) checkOrgExists(ctx context.Context, orgID string) error {
return nil return nil
} }
func (r *CommandSide) SetUpOrg(ctx context.Context, organisation *domain.Org, admin *domain.Human) error { func (c *Commands) SetUpOrg(ctx context.Context, organisation *domain.Org, admin *domain.Human) error {
_, _, _, events, err := r.setUpOrg(ctx, organisation, admin) _, _, _, events, err := c.setUpOrg(ctx, organisation, admin)
if err != nil { if err != nil {
return err return err
} }
_, err = r.eventstore.PushEvents(ctx, events...) _, err = c.eventstore.PushEvents(ctx, events...)
return err return err
} }
func (r *CommandSide) AddOrg(ctx context.Context, name, userID, resourceOwner string) (*domain.Org, error) { func (c *Commands) AddOrg(ctx context.Context, name, userID, resourceOwner string) (*domain.Org, error) {
orgAgg, addedOrg, events, err := r.addOrg(ctx, &domain.Org{Name: name}) orgAgg, addedOrg, events, err := c.addOrg(ctx, &domain.Org{Name: name})
if err != nil { if err != nil {
return nil, err return nil, err
} }
err = r.checkUserExists(ctx, userID, resourceOwner) err = c.checkUserExists(ctx, userID, resourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
addedMember := NewOrgMemberWriteModel(addedOrg.AggregateID, userID) addedMember := NewOrgMemberWriteModel(addedOrg.AggregateID, userID)
orgMemberEvent, err := r.addOrgMember(ctx, orgAgg, addedMember, domain.NewMember(orgAgg.ID, userID, domain.RoleOrgOwner)) orgMemberEvent, err := c.addOrgMember(ctx, orgAgg, addedMember, domain.NewMember(orgAgg.ID, userID, domain.RoleOrgOwner))
if err != nil { if err != nil {
return nil, err return nil, err
} }
events = append(events, orgMemberEvent) events = append(events, orgMemberEvent)
pushedEvents, err := r.eventstore.PushEvents(ctx, events...) pushedEvents, err := c.eventstore.PushEvents(ctx, events...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -66,8 +66,8 @@ func (r *CommandSide) AddOrg(ctx context.Context, name, userID, resourceOwner st
return orgWriteModelToOrg(addedOrg), nil return orgWriteModelToOrg(addedOrg), nil
} }
func (r *CommandSide) DeactivateOrg(ctx context.Context, orgID string) error { func (c *Commands) DeactivateOrg(ctx context.Context, orgID string) error {
orgWriteModel, err := r.getOrgWriteModelByID(ctx, orgID) orgWriteModel, err := c.getOrgWriteModelByID(ctx, orgID)
if err != nil { if err != nil {
return err return err
} }
@@ -78,12 +78,12 @@ func (r *CommandSide) DeactivateOrg(ctx context.Context, orgID string) error {
return caos_errs.ThrowInvalidArgument(nil, "EVENT-Dbs2g", "Errors.Org.AlreadyDeactivated") return caos_errs.ThrowInvalidArgument(nil, "EVENT-Dbs2g", "Errors.Org.AlreadyDeactivated")
} }
orgAgg := OrgAggregateFromWriteModel(&orgWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&orgWriteModel.WriteModel)
_, err = r.eventstore.PushEvents(ctx, org.NewOrgDeactivatedEvent(ctx, orgAgg)) _, err = c.eventstore.PushEvents(ctx, org.NewOrgDeactivatedEvent(ctx, orgAgg))
return err return err
} }
func (r *CommandSide) ReactivateOrg(ctx context.Context, orgID string) error { func (c *Commands) ReactivateOrg(ctx context.Context, orgID string) error {
orgWriteModel, err := r.getOrgWriteModelByID(ctx, orgID) orgWriteModel, err := c.getOrgWriteModelByID(ctx, orgID)
if err != nil { if err != nil {
return err return err
} }
@@ -94,17 +94,17 @@ func (r *CommandSide) ReactivateOrg(ctx context.Context, orgID string) error {
return caos_errs.ThrowInvalidArgument(nil, "EVENT-bfnrh", "Errors.Org.AlreadyActive") return caos_errs.ThrowInvalidArgument(nil, "EVENT-bfnrh", "Errors.Org.AlreadyActive")
} }
orgAgg := OrgAggregateFromWriteModel(&orgWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&orgWriteModel.WriteModel)
_, err = r.eventstore.PushEvents(ctx, org.NewOrgReactivatedEvent(ctx, orgAgg)) _, err = c.eventstore.PushEvents(ctx, org.NewOrgReactivatedEvent(ctx, orgAgg))
return err return err
} }
func (r *CommandSide) setUpOrg(ctx context.Context, organisation *domain.Org, admin *domain.Human) (orgAgg *eventstore.Aggregate, human *HumanWriteModel, orgMember *OrgMemberWriteModel, events []eventstore.EventPusher, err error) { func (c *Commands) setUpOrg(ctx context.Context, organisation *domain.Org, admin *domain.Human) (orgAgg *eventstore.Aggregate, human *HumanWriteModel, orgMember *OrgMemberWriteModel, events []eventstore.EventPusher, err error) {
orgAgg, _, addOrgEvents, err := r.addOrg(ctx, organisation) orgAgg, _, addOrgEvents, err := c.addOrg(ctx, organisation)
if err != nil { if err != nil {
return nil, nil, nil, nil, err return nil, nil, nil, nil, err
} }
userEvents, human, err := r.addHuman(ctx, orgAgg.ID, admin) userEvents, human, err := c.addHuman(ctx, orgAgg.ID, admin)
if err != nil { if err != nil {
return nil, nil, nil, nil, err return nil, nil, nil, nil, err
} }
@@ -112,7 +112,7 @@ func (r *CommandSide) setUpOrg(ctx context.Context, organisation *domain.Org, ad
addedMember := NewOrgMemberWriteModel(orgAgg.ID, human.AggregateID) addedMember := NewOrgMemberWriteModel(orgAgg.ID, human.AggregateID)
orgMemberAgg := OrgAggregateFromWriteModel(&addedMember.WriteModel) orgMemberAgg := OrgAggregateFromWriteModel(&addedMember.WriteModel)
orgMemberEvent, err := r.addOrgMember(ctx, orgMemberAgg, addedMember, domain.NewMember(orgMemberAgg.ID, human.AggregateID, domain.RoleOrgOwner)) orgMemberEvent, err := c.addOrgMember(ctx, orgMemberAgg, addedMember, domain.NewMember(orgMemberAgg.ID, human.AggregateID, domain.RoleOrgOwner))
if err != nil { if err != nil {
return nil, nil, nil, nil, err return nil, nil, nil, nil, err
} }
@@ -120,16 +120,16 @@ func (r *CommandSide) setUpOrg(ctx context.Context, organisation *domain.Org, ad
return orgAgg, human, addedMember, addOrgEvents, nil return orgAgg, human, addedMember, addOrgEvents, nil
} }
func (r *CommandSide) addOrg(ctx context.Context, organisation *domain.Org, claimedUserIDs ...string) (_ *eventstore.Aggregate, _ *OrgWriteModel, _ []eventstore.EventPusher, err error) { func (c *Commands) addOrg(ctx context.Context, organisation *domain.Org, claimedUserIDs ...string) (_ *eventstore.Aggregate, _ *OrgWriteModel, _ []eventstore.EventPusher, err error) {
if organisation == nil || !organisation.IsValid() { if organisation == nil || !organisation.IsValid() {
return nil, nil, nil, caos_errs.ThrowInvalidArgument(nil, "COMM-deLSk", "Errors.Org.Invalid") return nil, nil, nil, caos_errs.ThrowInvalidArgument(nil, "COMM-deLSk", "Errors.Org.Invalid")
} }
organisation.AggregateID, err = r.idGenerator.Next() organisation.AggregateID, err = c.idGenerator.Next()
if err != nil { if err != nil {
return nil, nil, nil, caos_errs.ThrowInternal(err, "COMMA-OwciI", "Errors.Internal") return nil, nil, nil, caos_errs.ThrowInternal(err, "COMMA-OwciI", "Errors.Internal")
} }
organisation.AddIAMDomain(r.iamDomain) organisation.AddIAMDomain(c.iamDomain)
addedOrg := NewOrgWriteModel(organisation.AggregateID) addedOrg := NewOrgWriteModel(organisation.AggregateID)
orgAgg := OrgAggregateFromWriteModel(&addedOrg.WriteModel) orgAgg := OrgAggregateFromWriteModel(&addedOrg.WriteModel)
@@ -137,7 +137,7 @@ func (r *CommandSide) addOrg(ctx context.Context, organisation *domain.Org, clai
org.NewOrgAddedEvent(ctx, orgAgg, organisation.Name), org.NewOrgAddedEvent(ctx, orgAgg, organisation.Name),
} }
for _, orgDomain := range organisation.Domains { for _, orgDomain := range organisation.Domains {
orgDomainEvents, err := r.addOrgDomain(ctx, orgAgg, NewOrgDomainWriteModel(orgAgg.ID, orgDomain.Domain), orgDomain, claimedUserIDs...) orgDomainEvents, err := c.addOrgDomain(ctx, orgAgg, NewOrgDomainWriteModel(orgAgg.ID, orgDomain.Domain), orgDomain, claimedUserIDs...)
if err != nil { if err != nil {
return nil, nil, nil, err return nil, nil, nil, err
} else { } else {
@@ -147,9 +147,9 @@ func (r *CommandSide) addOrg(ctx context.Context, organisation *domain.Org, clai
return orgAgg, addedOrg, events, nil return orgAgg, addedOrg, events, nil
} }
func (r *CommandSide) getOrgWriteModelByID(ctx context.Context, orgID string) (*OrgWriteModel, error) { func (c *Commands) getOrgWriteModelByID(ctx context.Context, orgID string) (*OrgWriteModel, error) {
orgWriteModel := NewOrgWriteModel(orgID) orgWriteModel := NewOrgWriteModel(orgID)
err := r.eventstore.FilterToQueryReducer(ctx, orgWriteModel) err := c.eventstore.FilterToQueryReducer(ctx, orgWriteModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

50
internal/command/org_domain.go
View File

@@ -12,14 +12,14 @@ import (
"github.com/caos/zitadel/internal/repository/org" "github.com/caos/zitadel/internal/repository/org"
) )
func (r *CommandSide) AddOrgDomain(ctx context.Context, orgDomain *domain.OrgDomain) (*domain.OrgDomain, error) { func (c *Commands) AddOrgDomain(ctx context.Context, orgDomain *domain.OrgDomain) (*domain.OrgDomain, error) {
domainWriteModel := NewOrgDomainWriteModel(orgDomain.AggregateID, orgDomain.Domain) domainWriteModel := NewOrgDomainWriteModel(orgDomain.AggregateID, orgDomain.Domain)
orgAgg := OrgAggregateFromWriteModel(&domainWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&domainWriteModel.WriteModel)
events, err := r.addOrgDomain(ctx, orgAgg, domainWriteModel, orgDomain) events, err := c.addOrgDomain(ctx, orgAgg, domainWriteModel, orgDomain)
if err != nil { if err != nil {
return nil, err return nil, err
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, events...) pushedEvents, err := c.eventstore.PushEvents(ctx, events...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -30,7 +30,7 @@ func (r *CommandSide) AddOrgDomain(ctx context.Context, orgDomain *domain.OrgDom
return orgDomainWriteModelToOrgDomain(domainWriteModel), nil return orgDomainWriteModelToOrgDomain(domainWriteModel), nil
} }
func (r *CommandSide) GenerateOrgDomainValidation(ctx context.Context, orgDomain *domain.OrgDomain) (token, url string, err error) { func (c *Commands) GenerateOrgDomainValidation(ctx context.Context, orgDomain *domain.OrgDomain) (token, url string, err error) {
if orgDomain == nil || !orgDomain.IsValid() { if orgDomain == nil || !orgDomain.IsValid() {
return "", "", caos_errs.ThrowPreconditionFailed(nil, "ORG-R24hb", "Errors.Org.InvalidDomain") return "", "", caos_errs.ThrowPreconditionFailed(nil, "ORG-R24hb", "Errors.Org.InvalidDomain")
} }
@@ -38,7 +38,7 @@ func (r *CommandSide) GenerateOrgDomainValidation(ctx context.Context, orgDomain
if !ok { if !ok {
return "", "", caos_errs.ThrowPreconditionFailed(nil, "ORG-Gsw31", "Errors.Org.DomainVerificationTypeInvalid") return "", "", caos_errs.ThrowPreconditionFailed(nil, "ORG-Gsw31", "Errors.Org.DomainVerificationTypeInvalid")
} }
domainWriteModel, err := r.getOrgDomainWriteModel(ctx, orgDomain.AggregateID, orgDomain.Domain) domainWriteModel, err := c.getOrgDomainWriteModel(ctx, orgDomain.AggregateID, orgDomain.Domain)
if err != nil { if err != nil {
return "", "", err return "", "", err
} }
@@ -48,7 +48,7 @@ func (r *CommandSide) GenerateOrgDomainValidation(ctx context.Context, orgDomain
if domainWriteModel.Verified { if domainWriteModel.Verified {
return "", "", caos_errs.ThrowPreconditionFailed(nil, "ORG-HGw21", "Errors.Org.DomainAlreadyVerified") return "", "", caos_errs.ThrowPreconditionFailed(nil, "ORG-HGw21", "Errors.Org.DomainAlreadyVerified")
} }
token, err = orgDomain.GenerateVerificationCode(r.domainVerificationGenerator) token, err = orgDomain.GenerateVerificationCode(c.domainVerificationGenerator)
if err != nil { if err != nil {
return "", "", err return "", "", err
} }
@@ -59,7 +59,7 @@ func (r *CommandSide) GenerateOrgDomainValidation(ctx context.Context, orgDomain
orgAgg := OrgAggregateFromWriteModel(&domainWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&domainWriteModel.WriteModel)
_, err = r.eventstore.PushEvents( _, err = c.eventstore.PushEvents(
ctx, ctx,
org.NewDomainVerificationAddedEvent(ctx, orgAgg, orgDomain.Domain, orgDomain.ValidationType, orgDomain.ValidationCode)) org.NewDomainVerificationAddedEvent(ctx, orgAgg, orgDomain.Domain, orgDomain.ValidationType, orgDomain.ValidationCode))
if err != nil { if err != nil {
@@ -68,11 +68,11 @@ func (r *CommandSide) GenerateOrgDomainValidation(ctx context.Context, orgDomain
return token, url, nil return token, url, nil
} }
func (r *CommandSide) ValidateOrgDomain(ctx context.Context, orgDomain *domain.OrgDomain, claimedUserIDs ...string) error { func (c *Commands) ValidateOrgDomain(ctx context.Context, orgDomain *domain.OrgDomain, claimedUserIDs ...string) error {
if orgDomain == nil || !orgDomain.IsValid() { if orgDomain == nil || !orgDomain.IsValid() {
return caos_errs.ThrowPreconditionFailed(nil, "ORG-R24hb", "Errors.Org.InvalidDomain") return caos_errs.ThrowPreconditionFailed(nil, "ORG-R24hb", "Errors.Org.InvalidDomain")
} }
domainWriteModel, err := r.getOrgDomainWriteModel(ctx, orgDomain.AggregateID, orgDomain.Domain) domainWriteModel, err := c.getOrgDomainWriteModel(ctx, orgDomain.AggregateID, orgDomain.Domain)
if err != nil { if err != nil {
return err return err
} }
@@ -86,39 +86,39 @@ func (r *CommandSide) ValidateOrgDomain(ctx context.Context, orgDomain *domain.O
return caos_errs.ThrowPreconditionFailed(nil, "ORG-SFBB3", "Errors.Org.DomainVerificationMissing") return caos_errs.ThrowPreconditionFailed(nil, "ORG-SFBB3", "Errors.Org.DomainVerificationMissing")
} }
validationCode, err := crypto.DecryptString(domainWriteModel.ValidationCode, r.domainVerificationAlg) validationCode, err := crypto.DecryptString(domainWriteModel.ValidationCode, c.domainVerificationAlg)
if err != nil { if err != nil {
return err return err
} }
checkType, _ := domainWriteModel.ValidationType.CheckType() checkType, _ := domainWriteModel.ValidationType.CheckType()
err = r.domainVerificationValidator(domainWriteModel.Domain, validationCode, validationCode, checkType) err = c.domainVerificationValidator(domainWriteModel.Domain, validationCode, validationCode, checkType)
orgAgg := OrgAggregateFromWriteModel(&domainWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&domainWriteModel.WriteModel)
var events []eventstore.EventPusher var events []eventstore.EventPusher
if err == nil { if err == nil {
events = append(events, org.NewDomainVerifiedEvent(ctx, orgAgg, orgDomain.Domain)) events = append(events, org.NewDomainVerifiedEvent(ctx, orgAgg, orgDomain.Domain))
for _, userID := range claimedUserIDs { for _, userID := range claimedUserIDs {
userEvents, _, err := r.userDomainClaimed(ctx, userID) userEvents, _, err := c.userDomainClaimed(ctx, userID)
if err != nil { if err != nil {
logging.LogWithFields("COMMAND-5m8fs", "userid", userID).WithError(err).Warn("could not claim user") logging.LogWithFields("COMMAND-5m8fs", "userid", userID).WithError(err).Warn("could not claim user")
continue continue
} }
events = append(events, userEvents...) events = append(events, userEvents...)
} }
_, err = r.eventstore.PushEvents(ctx, events...) _, err = c.eventstore.PushEvents(ctx, events...)
return err return err
} }
events = append(events, org.NewDomainVerificationFailedEvent(ctx, orgAgg, orgDomain.Domain)) events = append(events, org.NewDomainVerificationFailedEvent(ctx, orgAgg, orgDomain.Domain))
_, err = r.eventstore.PushEvents(ctx, events...) _, err = c.eventstore.PushEvents(ctx, events...)
logging.LogWithFields("ORG-dhTE", "orgID", orgAgg.ID, "domain", orgDomain.Domain).OnError(err).Error("NewDomainVerificationFailedEvent push failed") logging.LogWithFields("ORG-dhTE", "orgID", orgAgg.ID, "domain", orgDomain.Domain).OnError(err).Error("NewDomainVerificationFailedEvent push failed")
return caos_errs.ThrowInvalidArgument(err, "ORG-GH3s", "Errors.Org.DomainVerificationFailed") return caos_errs.ThrowInvalidArgument(err, "ORG-GH3s", "Errors.Org.DomainVerificationFailed")
} }
func (r *CommandSide) SetPrimaryOrgDomain(ctx context.Context, orgDomain *domain.OrgDomain) error { func (c *Commands) SetPrimaryOrgDomain(ctx context.Context, orgDomain *domain.OrgDomain) error {
if orgDomain == nil || !orgDomain.IsValid() { if orgDomain == nil || !orgDomain.IsValid() {
return caos_errs.ThrowPreconditionFailed(nil, "ORG-SsDG2", "Errors.Org.InvalidDomain") return caos_errs.ThrowPreconditionFailed(nil, "ORG-SsDG2", "Errors.Org.InvalidDomain")
} }
domainWriteModel, err := r.getOrgDomainWriteModel(ctx, orgDomain.AggregateID, orgDomain.Domain) domainWriteModel, err := c.getOrgDomainWriteModel(ctx, orgDomain.AggregateID, orgDomain.Domain)
if err != nil { if err != nil {
return err return err
} }
@@ -129,15 +129,15 @@ func (r *CommandSide) SetPrimaryOrgDomain(ctx context.Context, orgDomain *domain
return caos_errs.ThrowPreconditionFailed(nil, "ORG-Ggd32", "Errors.Org.DomainNotVerified") return caos_errs.ThrowPreconditionFailed(nil, "ORG-Ggd32", "Errors.Org.DomainNotVerified")
} }
orgAgg := OrgAggregateFromWriteModel(&domainWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&domainWriteModel.WriteModel)
_, err = r.eventstore.PushEvents(ctx, org.NewDomainPrimarySetEvent(ctx, orgAgg, orgDomain.Domain)) _, err = c.eventstore.PushEvents(ctx, org.NewDomainPrimarySetEvent(ctx, orgAgg, orgDomain.Domain))
return err return err
} }
func (r *CommandSide) RemoveOrgDomain(ctx context.Context, orgDomain *domain.OrgDomain) error { func (c *Commands) RemoveOrgDomain(ctx context.Context, orgDomain *domain.OrgDomain) error {
if orgDomain == nil || !orgDomain.IsValid() { if orgDomain == nil || !orgDomain.IsValid() {
return caos_errs.ThrowPreconditionFailed(nil, "ORG-SJsK3", "Errors.Org.InvalidDomain") return caos_errs.ThrowPreconditionFailed(nil, "ORG-SJsK3", "Errors.Org.InvalidDomain")
} }
domainWriteModel, err := r.getOrgDomainWriteModel(ctx, orgDomain.AggregateID, orgDomain.Domain) domainWriteModel, err := c.getOrgDomainWriteModel(ctx, orgDomain.AggregateID, orgDomain.Domain)
if err != nil { if err != nil {
return err return err
} }
@@ -148,12 +148,12 @@ func (r *CommandSide) RemoveOrgDomain(ctx context.Context, orgDomain *domain.Org
return caos_errs.ThrowPreconditionFailed(nil, "ORG-Sjdi3", "Errors.Org.PrimaryDomainNotDeletable") return caos_errs.ThrowPreconditionFailed(nil, "ORG-Sjdi3", "Errors.Org.PrimaryDomainNotDeletable")
} }
orgAgg := OrgAggregateFromWriteModel(&domainWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&domainWriteModel.WriteModel)
_, err = r.eventstore.PushEvents(ctx, org.NewDomainRemovedEvent(ctx, orgAgg, orgDomain.Domain)) _, err = c.eventstore.PushEvents(ctx, org.NewDomainRemovedEvent(ctx, orgAgg, orgDomain.Domain))
return err return err
} }
func (r *CommandSide) addOrgDomain(ctx context.Context, orgAgg *eventstore.Aggregate, addedDomain *OrgDomainWriteModel, orgDomain *domain.OrgDomain, claimedUserIDs ...string) ([]eventstore.EventPusher, error) { func (c *Commands) addOrgDomain(ctx context.Context, orgAgg *eventstore.Aggregate, addedDomain *OrgDomainWriteModel, orgDomain *domain.OrgDomain, claimedUserIDs ...string) ([]eventstore.EventPusher, error) {
err := r.eventstore.FilterToQueryReducer(ctx, addedDomain) err := c.eventstore.FilterToQueryReducer(ctx, addedDomain)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -168,7 +168,7 @@ func (r *CommandSide) addOrgDomain(ctx context.Context, orgAgg *eventstore.Aggre
if orgDomain.Verified { if orgDomain.Verified {
events = append(events, org.NewDomainVerifiedEvent(ctx, orgAgg, orgDomain.Domain)) events = append(events, org.NewDomainVerifiedEvent(ctx, orgAgg, orgDomain.Domain))
for _, userID := range claimedUserIDs { for _, userID := range claimedUserIDs {
userEvents, _, err := r.userDomainClaimed(ctx, userID) userEvents, _, err := c.userDomainClaimed(ctx, userID)
if err != nil { if err != nil {
logging.LogWithFields("COMMAND-nn8Jf", "userid", userID).WithError(err).Warn("could not claim user") logging.LogWithFields("COMMAND-nn8Jf", "userid", userID).WithError(err).Warn("could not claim user")
continue continue
@@ -182,9 +182,9 @@ func (r *CommandSide) addOrgDomain(ctx context.Context, orgAgg *eventstore.Aggre
return events, nil return events, nil
} }
func (r *CommandSide) getOrgDomainWriteModel(ctx context.Context, orgID, domain string) (*OrgDomainWriteModel, error) { func (c *Commands) getOrgDomainWriteModel(ctx context.Context, orgID, domain string) (*OrgDomainWriteModel, error) {
domainWriteModel := NewOrgDomainWriteModel(orgID, domain) domainWriteModel := NewOrgDomainWriteModel(orgID, domain)
err := r.eventstore.FilterToQueryReducer(ctx, domainWriteModel) err := c.eventstore.FilterToQueryReducer(ctx, domainWriteModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

38
internal/command/org_idp_config.go
View File

@@ -12,18 +12,18 @@ import (
org_repo "github.com/caos/zitadel/internal/repository/org" org_repo "github.com/caos/zitadel/internal/repository/org"
) )
func (r *CommandSide) AddIDPConfig(ctx context.Context, config *domain.IDPConfig) (*domain.IDPConfig, error) { func (c *Commands) AddIDPConfig(ctx context.Context, config *domain.IDPConfig) (*domain.IDPConfig, error) {
if config.OIDCConfig == nil { if config.OIDCConfig == nil {
return nil, errors.ThrowInvalidArgument(nil, "Org-eUpQU", "Errors.idp.config.notset") return nil, errors.ThrowInvalidArgument(nil, "Org-eUpQU", "Errors.idp.config.notset")
} }
idpConfigID, err := r.idGenerator.Next() idpConfigID, err := c.idGenerator.Next()
if err != nil { if err != nil {
return nil, err return nil, err
} }
addedConfig := NewOrgIDPConfigWriteModel(idpConfigID, config.AggregateID) addedConfig := NewOrgIDPConfigWriteModel(idpConfigID, config.AggregateID)
clientSecret, err := crypto.Crypt([]byte(config.OIDCConfig.ClientSecretString), r.idpConfigSecretCrypto) clientSecret, err := crypto.Crypt([]byte(config.OIDCConfig.ClientSecretString), c.idpConfigSecretCrypto)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -49,7 +49,7 @@ func (r *CommandSide) AddIDPConfig(ctx context.Context, config *domain.IDPConfig
config.OIDCConfig.UsernameMapping, config.OIDCConfig.UsernameMapping,
config.OIDCConfig.Scopes...), config.OIDCConfig.Scopes...),
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, events...) pushedEvents, err := c.eventstore.PushEvents(ctx, events...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -60,8 +60,8 @@ func (r *CommandSide) AddIDPConfig(ctx context.Context, config *domain.IDPConfig
return writeModelToIDPConfig(&addedConfig.IDPConfigWriteModel), nil return writeModelToIDPConfig(&addedConfig.IDPConfigWriteModel), nil
} }
func (r *CommandSide) ChangeIDPConfig(ctx context.Context, config *domain.IDPConfig) (*domain.IDPConfig, error) { func (c *Commands) ChangeIDPConfig(ctx context.Context, config *domain.IDPConfig) (*domain.IDPConfig, error) {
existingIDP, err := r.orgIDPConfigWriteModelByID(ctx, config.IDPConfigID, config.AggregateID) existingIDP, err := c.orgIDPConfigWriteModelByID(ctx, config.IDPConfigID, config.AggregateID)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -80,7 +80,7 @@ func (r *CommandSide) ChangeIDPConfig(ctx context.Context, config *domain.IDPCon
if !hasChanged { if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-4M9vs", "Errors.Org.LabelPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-4M9vs", "Errors.Org.LabelPolicy.NotChanged")
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent) pushedEvents, err := c.eventstore.PushEvents(ctx, changedEvent)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -91,8 +91,8 @@ func (r *CommandSide) ChangeIDPConfig(ctx context.Context, config *domain.IDPCon
return writeModelToIDPConfig(&existingIDP.IDPConfigWriteModel), nil return writeModelToIDPConfig(&existingIDP.IDPConfigWriteModel), nil
} }
func (r *CommandSide) DeactivateIDPConfig(ctx context.Context, idpID, orgID string) error { func (c *Commands) DeactivateIDPConfig(ctx context.Context, idpID, orgID string) error {
existingIDP, err := r.orgIDPConfigWriteModelByID(ctx, idpID, orgID) existingIDP, err := c.orgIDPConfigWriteModelByID(ctx, idpID, orgID)
if err != nil { if err != nil {
return err return err
} }
@@ -100,12 +100,12 @@ func (r *CommandSide) DeactivateIDPConfig(ctx context.Context, idpID, orgID stri
return caos_errs.ThrowPreconditionFailed(nil, "Org-4M9so", "Errors.Org.IDPConfig.NotActive") return caos_errs.ThrowPreconditionFailed(nil, "Org-4M9so", "Errors.Org.IDPConfig.NotActive")
} }
orgAgg := OrgAggregateFromWriteModel(&existingIDP.WriteModel) orgAgg := OrgAggregateFromWriteModel(&existingIDP.WriteModel)
_, err = r.eventstore.PushEvents(ctx, org_repo.NewIDPConfigDeactivatedEvent(ctx, orgAgg, idpID)) _, err = c.eventstore.PushEvents(ctx, org_repo.NewIDPConfigDeactivatedEvent(ctx, orgAgg, idpID))
return err return err
} }
func (r *CommandSide) ReactivateIDPConfig(ctx context.Context, idpID, orgID string) error { func (c *Commands) ReactivateIDPConfig(ctx context.Context, idpID, orgID string) error {
existingIDP, err := r.orgIDPConfigWriteModelByID(ctx, idpID, orgID) existingIDP, err := c.orgIDPConfigWriteModelByID(ctx, idpID, orgID)
if err != nil { if err != nil {
return err return err
} }
@@ -113,12 +113,12 @@ func (r *CommandSide) ReactivateIDPConfig(ctx context.Context, idpID, orgID stri
return caos_errs.ThrowPreconditionFailed(nil, "Org-5Mo0d", "Errors.Org.IDPConfig.NotInactive") return caos_errs.ThrowPreconditionFailed(nil, "Org-5Mo0d", "Errors.Org.IDPConfig.NotInactive")
} }
orgAgg := OrgAggregateFromWriteModel(&existingIDP.WriteModel) orgAgg := OrgAggregateFromWriteModel(&existingIDP.WriteModel)
_, err = r.eventstore.PushEvents(ctx, org_repo.NewIDPConfigReactivatedEvent(ctx, orgAgg, idpID)) _, err = c.eventstore.PushEvents(ctx, org_repo.NewIDPConfigReactivatedEvent(ctx, orgAgg, idpID))
return err return err
} }
func (r *CommandSide) RemoveIDPConfig(ctx context.Context, idpID, orgID string, cascadeRemoveProvider bool, cascadeExternalIDPs ...*domain.ExternalIDP) error { func (c *Commands) RemoveIDPConfig(ctx context.Context, idpID, orgID string, cascadeRemoveProvider bool, cascadeExternalIDPs ...*domain.ExternalIDP) error {
existingIDP, err := r.orgIDPConfigWriteModelByID(ctx, idpID, orgID) existingIDP, err := c.orgIDPConfigWriteModelByID(ctx, idpID, orgID)
if err != nil { if err != nil {
return err return err
} }
@@ -136,19 +136,19 @@ func (r *CommandSide) RemoveIDPConfig(ctx context.Context, idpID, orgID string,
} }
if cascadeRemoveProvider { if cascadeRemoveProvider {
removeIDPEvents := r.removeIDPProviderFromLoginPolicy(ctx, orgAgg, idpID, true, cascadeExternalIDPs...) removeIDPEvents := c.removeIDPProviderFromLoginPolicy(ctx, orgAgg, idpID, true, cascadeExternalIDPs...)
events = append(events, removeIDPEvents...) events = append(events, removeIDPEvents...)
} }
_, err = r.eventstore.PushEvents(ctx, events...) _, err = c.eventstore.PushEvents(ctx, events...)
return err return err
} }
func (r *CommandSide) orgIDPConfigWriteModelByID(ctx context.Context, idpID, orgID string) (policy *OrgIDPConfigWriteModel, err error) { func (c *Commands) orgIDPConfigWriteModelByID(ctx context.Context, idpID, orgID string) (policy *OrgIDPConfigWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
writeModel := NewOrgIDPConfigWriteModel(idpID, orgID) writeModel := NewOrgIDPConfigWriteModel(idpID, orgID)
err = r.eventstore.FilterToQueryReducer(ctx, writeModel) err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

8
internal/command/org_idp_oidc_config.go
View File

@@ -6,9 +6,9 @@ import (
caos_errs "github.com/caos/zitadel/internal/errors" caos_errs "github.com/caos/zitadel/internal/errors"
) )
func (r *CommandSide) ChangeIDPOIDCConfig(ctx context.Context, config *domain.OIDCIDPConfig) (*domain.OIDCIDPConfig, error) { func (c *Commands) ChangeIDPOIDCConfig(ctx context.Context, config *domain.OIDCIDPConfig) (*domain.OIDCIDPConfig, error) {
existingConfig := NewOrgIDPOIDCConfigWriteModel(config.IDPConfigID, config.AggregateID) existingConfig := NewOrgIDPOIDCConfigWriteModel(config.IDPConfigID, config.AggregateID)
err := r.eventstore.FilterToQueryReducer(ctx, existingConfig) err := c.eventstore.FilterToQueryReducer(ctx, existingConfig)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -25,7 +25,7 @@ func (r *CommandSide) ChangeIDPOIDCConfig(ctx context.Context, config *domain.OI
config.ClientID, config.ClientID,
config.Issuer, config.Issuer,
config.ClientSecretString, config.ClientSecretString,
r.idpConfigSecretCrypto, c.idpConfigSecretCrypto,
config.IDPDisplayNameMapping, config.IDPDisplayNameMapping,
config.UsernameMapping, config.UsernameMapping,
config.Scopes...) config.Scopes...)
@@ -36,7 +36,7 @@ func (r *CommandSide) ChangeIDPOIDCConfig(ctx context.Context, config *domain.OI
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-4M9vs", "Errors.Org.LabelPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-4M9vs", "Errors.Org.LabelPolicy.NotChanged")
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent) pushedEvents, err := c.eventstore.PushEvents(ctx, changedEvent)
if err != nil { if err != nil {
return nil, err return nil, err
} }

26
internal/command/org_member.go
View File

@@ -12,15 +12,15 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
) )
func (r *CommandSide) AddOrgMember(ctx context.Context, member *domain.Member) (*domain.Member, error) { func (c *Commands) AddOrgMember(ctx context.Context, member *domain.Member) (*domain.Member, error) {
addedMember := NewOrgMemberWriteModel(member.AggregateID, member.UserID) addedMember := NewOrgMemberWriteModel(member.AggregateID, member.UserID)
orgAgg := OrgAggregateFromWriteModel(&addedMember.WriteModel) orgAgg := OrgAggregateFromWriteModel(&addedMember.WriteModel)
event, err := r.addOrgMember(ctx, orgAgg, addedMember, member) event, err := c.addOrgMember(ctx, orgAgg, addedMember, member)
if err != nil { if err != nil {
return nil, err return nil, err
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, event) pushedEvents, err := c.eventstore.PushEvents(ctx, event)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -31,14 +31,14 @@ func (r *CommandSide) AddOrgMember(ctx context.Context, member *domain.Member) (
return memberWriteModelToMember(&addedMember.MemberWriteModel), nil return memberWriteModelToMember(&addedMember.MemberWriteModel), nil
} }
func (r *CommandSide) addOrgMember(ctx context.Context, orgAgg *eventstore.Aggregate, addedMember *OrgMemberWriteModel, member *domain.Member) (eventstore.EventPusher, error) { func (c *Commands) addOrgMember(ctx context.Context, orgAgg *eventstore.Aggregate, addedMember *OrgMemberWriteModel, member *domain.Member) (eventstore.EventPusher, error) {
//TODO: check if roles valid //TODO: check if roles valid
if !member.IsValid() { if !member.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-W8m4l", "Errors.Org.MemberInvalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-W8m4l", "Errors.Org.MemberInvalid")
} }
err := r.eventstore.FilterToQueryReducer(ctx, addedMember) err := c.eventstore.FilterToQueryReducer(ctx, addedMember)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -50,14 +50,14 @@ func (r *CommandSide) addOrgMember(ctx context.Context, orgAgg *eventstore.Aggre
} }
//ChangeOrgMember updates an existing member //ChangeOrgMember updates an existing member
func (r *CommandSide) ChangeOrgMember(ctx context.Context, member *domain.Member) (*domain.Member, error) { func (c *Commands) ChangeOrgMember(ctx context.Context, member *domain.Member) (*domain.Member, error) {
//TODO: check if roles valid //TODO: check if roles valid
if !member.IsValid() { if !member.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-LiaZi", "Errors.Org.MemberInvalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-LiaZi", "Errors.Org.MemberInvalid")
} }
existingMember, err := r.orgMemberWriteModelByID(ctx, member.AggregateID, member.UserID) existingMember, err := c.orgMemberWriteModelByID(ctx, member.AggregateID, member.UserID)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -66,7 +66,7 @@ func (r *CommandSide) ChangeOrgMember(ctx context.Context, member *domain.Member
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-LiaZi", "Errors.Org.Member.RolesNotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-LiaZi", "Errors.Org.Member.RolesNotChanged")
} }
orgAgg := OrgAggregateFromWriteModel(&existingMember.MemberWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&existingMember.MemberWriteModel.WriteModel)
pushedEvents, err := r.eventstore.PushEvents(ctx, org.NewMemberChangedEvent(ctx, orgAgg, member.UserID, member.Roles...)) pushedEvents, err := c.eventstore.PushEvents(ctx, org.NewMemberChangedEvent(ctx, orgAgg, member.UserID, member.Roles...))
err = AppendAndReduce(existingMember, pushedEvents...) err = AppendAndReduce(existingMember, pushedEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
@@ -75,8 +75,8 @@ func (r *CommandSide) ChangeOrgMember(ctx context.Context, member *domain.Member
return memberWriteModelToMember(&existingMember.MemberWriteModel), nil return memberWriteModelToMember(&existingMember.MemberWriteModel), nil
} }
func (r *CommandSide) RemoveOrgMember(ctx context.Context, orgID, userID string) error { func (c *Commands) RemoveOrgMember(ctx context.Context, orgID, userID string) error {
m, err := r.orgMemberWriteModelByID(ctx, orgID, userID) m, err := c.orgMemberWriteModelByID(ctx, orgID, userID)
if err != nil && !errors.IsNotFound(err) { if err != nil && !errors.IsNotFound(err) {
return err return err
} }
@@ -85,16 +85,16 @@ func (r *CommandSide) RemoveOrgMember(ctx context.Context, orgID, userID string)
} }
orgAgg := OrgAggregateFromWriteModel(&m.MemberWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&m.MemberWriteModel.WriteModel)
_, err = r.eventstore.PushEvents(ctx, org.NewMemberRemovedEvent(ctx, orgAgg, userID)) _, err = c.eventstore.PushEvents(ctx, org.NewMemberRemovedEvent(ctx, orgAgg, userID))
return err return err
} }
func (r *CommandSide) orgMemberWriteModelByID(ctx context.Context, orgID, userID string) (member *OrgMemberWriteModel, err error) { func (c *Commands) orgMemberWriteModelByID(ctx context.Context, orgID, userID string) (member *OrgMemberWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
writeModel := NewOrgMemberWriteModel(orgID, userID) writeModel := NewOrgMemberWriteModel(orgID, userID)
err = r.eventstore.FilterToQueryReducer(ctx, writeModel) err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

18
internal/command/org_policy_label.go
View File

@@ -8,9 +8,9 @@ import (
"github.com/caos/zitadel/internal/repository/org" "github.com/caos/zitadel/internal/repository/org"
) )
func (r *CommandSide) AddLabelPolicy(ctx context.Context, resourceOwner string, policy *domain.LabelPolicy) (*domain.LabelPolicy, error) { func (c *Commands) AddLabelPolicy(ctx context.Context, resourceOwner string, policy *domain.LabelPolicy) (*domain.LabelPolicy, error) {
addedPolicy := NewOrgLabelPolicyWriteModel(resourceOwner) addedPolicy := NewOrgLabelPolicyWriteModel(resourceOwner)
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) err := c.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -19,7 +19,7 @@ func (r *CommandSide) AddLabelPolicy(ctx context.Context, resourceOwner string,
} }
orgAgg := OrgAggregateFromWriteModel(&addedPolicy.LabelPolicyWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&addedPolicy.LabelPolicyWriteModel.WriteModel)
pushedEvents, err := r.eventstore.PushEvents(ctx, org.NewLabelPolicyAddedEvent(ctx, orgAgg, policy.PrimaryColor, policy.SecondaryColor)) pushedEvents, err := c.eventstore.PushEvents(ctx, org.NewLabelPolicyAddedEvent(ctx, orgAgg, policy.PrimaryColor, policy.SecondaryColor))
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -30,9 +30,9 @@ func (r *CommandSide) AddLabelPolicy(ctx context.Context, resourceOwner string,
return writeModelToLabelPolicy(&addedPolicy.LabelPolicyWriteModel), nil return writeModelToLabelPolicy(&addedPolicy.LabelPolicyWriteModel), nil
} }
func (r *CommandSide) ChangeLabelPolicy(ctx context.Context, resourceOwner string, policy *domain.LabelPolicy) (*domain.LabelPolicy, error) { func (c *Commands) ChangeLabelPolicy(ctx context.Context, resourceOwner string, policy *domain.LabelPolicy) (*domain.LabelPolicy, error) {
existingPolicy := NewOrgLabelPolicyWriteModel(resourceOwner) existingPolicy := NewOrgLabelPolicyWriteModel(resourceOwner)
err := r.eventstore.FilterToQueryReducer(ctx, existingPolicy) err := c.eventstore.FilterToQueryReducer(ctx, existingPolicy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -46,7 +46,7 @@ func (r *CommandSide) ChangeLabelPolicy(ctx context.Context, resourceOwner strin
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-4M9vs", "Errors.Org.LabelPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-4M9vs", "Errors.Org.LabelPolicy.NotChanged")
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent) pushedEvents, err := c.eventstore.PushEvents(ctx, changedEvent)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -57,9 +57,9 @@ func (r *CommandSide) ChangeLabelPolicy(ctx context.Context, resourceOwner strin
return writeModelToLabelPolicy(&existingPolicy.LabelPolicyWriteModel), nil return writeModelToLabelPolicy(&existingPolicy.LabelPolicyWriteModel), nil
} }
func (r *CommandSide) RemoveLabelPolicy(ctx context.Context, orgID string) error { func (c *Commands) RemoveLabelPolicy(ctx context.Context, orgID string) error {
existingPolicy := NewOrgLabelPolicyWriteModel(orgID) existingPolicy := NewOrgLabelPolicyWriteModel(orgID)
err := r.eventstore.FilterToQueryReducer(ctx, existingPolicy) err := c.eventstore.FilterToQueryReducer(ctx, existingPolicy)
if err != nil { if err != nil {
return err return err
} }
@@ -67,6 +67,6 @@ func (r *CommandSide) RemoveLabelPolicy(ctx context.Context, orgID string) error
return caos_errs.ThrowNotFound(nil, "Org-3M9df", "Errors.Org.LabelPolicy.NotFound") return caos_errs.ThrowNotFound(nil, "Org-3M9df", "Errors.Org.LabelPolicy.NotFound")
} }
orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel) orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel)
_, err = r.eventstore.PushEvents(ctx, org.NewLabelPolicyRemovedEvent(ctx, orgAgg)) _, err = c.eventstore.PushEvents(ctx, org.NewLabelPolicyRemovedEvent(ctx, orgAgg))
return err return err
} }

60
internal/command/org_policy_login.go
View File

@@ -9,9 +9,9 @@ import (
"github.com/caos/zitadel/internal/repository/org" "github.com/caos/zitadel/internal/repository/org"
) )
func (r *CommandSide) AddLoginPolicy(ctx context.Context, resourceOwner string, policy *domain.LoginPolicy) (*domain.LoginPolicy, error) { func (c *Commands) AddLoginPolicy(ctx context.Context, resourceOwner string, policy *domain.LoginPolicy) (*domain.LoginPolicy, error) {
addedPolicy := NewOrgLoginPolicyWriteModel(resourceOwner) addedPolicy := NewOrgLoginPolicyWriteModel(resourceOwner)
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) err := c.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -20,7 +20,7 @@ func (r *CommandSide) AddLoginPolicy(ctx context.Context, resourceOwner string,
} }
orgAgg := OrgAggregateFromWriteModel(&addedPolicy.WriteModel) orgAgg := OrgAggregateFromWriteModel(&addedPolicy.WriteModel)
pushedEvents, err := r.eventstore.PushEvents( pushedEvents, err := c.eventstore.PushEvents(
ctx, ctx,
org.NewLoginPolicyAddedEvent( org.NewLoginPolicyAddedEvent(
ctx, ctx,
@@ -40,9 +40,9 @@ func (r *CommandSide) AddLoginPolicy(ctx context.Context, resourceOwner string,
return writeModelToLoginPolicy(&addedPolicy.LoginPolicyWriteModel), nil return writeModelToLoginPolicy(&addedPolicy.LoginPolicyWriteModel), nil
} }
func (r *CommandSide) ChangeLoginPolicy(ctx context.Context, resourceOwner string, policy *domain.LoginPolicy) (*domain.LoginPolicy, error) { func (c *Commands) ChangeLoginPolicy(ctx context.Context, resourceOwner string, policy *domain.LoginPolicy) (*domain.LoginPolicy, error) {
existingPolicy := NewOrgLoginPolicyWriteModel(resourceOwner) existingPolicy := NewOrgLoginPolicyWriteModel(resourceOwner)
err := r.eventstore.FilterToQueryReducer(ctx, existingPolicy) err := c.eventstore.FilterToQueryReducer(ctx, existingPolicy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -55,7 +55,7 @@ func (r *CommandSide) ChangeLoginPolicy(ctx context.Context, resourceOwner strin
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-5M9vdd", "Errors.Org.LoginPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-5M9vdd", "Errors.Org.LoginPolicy.NotChanged")
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent) pushedEvents, err := c.eventstore.PushEvents(ctx, changedEvent)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -66,9 +66,9 @@ func (r *CommandSide) ChangeLoginPolicy(ctx context.Context, resourceOwner strin
return writeModelToLoginPolicy(&existingPolicy.LoginPolicyWriteModel), nil return writeModelToLoginPolicy(&existingPolicy.LoginPolicyWriteModel), nil
} }
func (r *CommandSide) RemoveLoginPolicy(ctx context.Context, orgID string) error { func (c *Commands) RemoveLoginPolicy(ctx context.Context, orgID string) error {
existingPolicy := NewOrgLoginPolicyWriteModel(orgID) existingPolicy := NewOrgLoginPolicyWriteModel(orgID)
err := r.eventstore.FilterToQueryReducer(ctx, existingPolicy) err := c.eventstore.FilterToQueryReducer(ctx, existingPolicy)
if err != nil { if err != nil {
return err return err
} }
@@ -76,13 +76,13 @@ func (r *CommandSide) RemoveLoginPolicy(ctx context.Context, orgID string) error
return caos_errs.ThrowNotFound(nil, "Org-GHB37", "Errors.Org.LoginPolicy.NotFound") return caos_errs.ThrowNotFound(nil, "Org-GHB37", "Errors.Org.LoginPolicy.NotFound")
} }
orgAgg := OrgAggregateFromWriteModel(&existingPolicy.LoginPolicyWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&existingPolicy.LoginPolicyWriteModel.WriteModel)
_, err = r.eventstore.PushEvents(ctx, org.NewLoginPolicyRemovedEvent(ctx, orgAgg)) _, err = c.eventstore.PushEvents(ctx, org.NewLoginPolicyRemovedEvent(ctx, orgAgg))
return err return err
} }
func (r *CommandSide) AddIDPProviderToLoginPolicy(ctx context.Context, resourceOwner string, idpProvider *domain.IDPProvider) (*domain.IDPProvider, error) { func (c *Commands) AddIDPProviderToLoginPolicy(ctx context.Context, resourceOwner string, idpProvider *domain.IDPProvider) (*domain.IDPProvider, error) {
idpModel := NewOrgIdentityProviderWriteModel(resourceOwner, idpProvider.IDPConfigID) idpModel := NewOrgIdentityProviderWriteModel(resourceOwner, idpProvider.IDPConfigID)
err := r.eventstore.FilterToQueryReducer(ctx, idpModel) err := c.eventstore.FilterToQueryReducer(ctx, idpModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -91,7 +91,7 @@ func (r *CommandSide) AddIDPProviderToLoginPolicy(ctx context.Context, resourceO
} }
orgAgg := OrgAggregateFromWriteModel(&idpModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&idpModel.WriteModel)
pushedEvents, err := r.eventstore.PushEvents(ctx, org.NewIdentityProviderAddedEvent(ctx, orgAgg, idpProvider.IDPConfigID, idpProvider.Type)) pushedEvents, err := c.eventstore.PushEvents(ctx, org.NewIdentityProviderAddedEvent(ctx, orgAgg, idpProvider.IDPConfigID, idpProvider.Type))
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -102,9 +102,9 @@ func (r *CommandSide) AddIDPProviderToLoginPolicy(ctx context.Context, resourceO
return writeModelToIDPProvider(&idpModel.IdentityProviderWriteModel), nil return writeModelToIDPProvider(&idpModel.IdentityProviderWriteModel), nil
} }
func (r *CommandSide) RemoveIDPProviderFromLoginPolicy(ctx context.Context, resourceOwner string, idpProvider *domain.IDPProvider, cascadeExternalIDPs ...*domain.ExternalIDP) error { func (c *Commands) RemoveIDPProviderFromLoginPolicy(ctx context.Context, resourceOwner string, idpProvider *domain.IDPProvider, cascadeExternalIDPs ...*domain.ExternalIDP) error {
idpModel := NewOrgIdentityProviderWriteModel(resourceOwner, idpProvider.IDPConfigID) idpModel := NewOrgIdentityProviderWriteModel(resourceOwner, idpProvider.IDPConfigID)
err := r.eventstore.FilterToQueryReducer(ctx, idpModel) err := c.eventstore.FilterToQueryReducer(ctx, idpModel)
if err != nil { if err != nil {
return err return err
} }
@@ -113,13 +113,13 @@ func (r *CommandSide) RemoveIDPProviderFromLoginPolicy(ctx context.Context, reso
} }
orgAgg := OrgAggregateFromWriteModel(&idpModel.IdentityProviderWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&idpModel.IdentityProviderWriteModel.WriteModel)
events := r.removeIDPProviderFromLoginPolicy(ctx, orgAgg, idpProvider.IDPConfigID, false, cascadeExternalIDPs...) events := c.removeIDPProviderFromLoginPolicy(ctx, orgAgg, idpProvider.IDPConfigID, false, cascadeExternalIDPs...)
_, err = r.eventstore.PushEvents(ctx, events...) _, err = c.eventstore.PushEvents(ctx, events...)
return err return err
} }
func (r *CommandSide) removeIDPProviderFromLoginPolicy(ctx context.Context, orgAgg *eventstore.Aggregate, idpConfigID string, cascade bool, cascadeExternalIDPs ...*domain.ExternalIDP) []eventstore.EventPusher { func (c *Commands) removeIDPProviderFromLoginPolicy(ctx context.Context, orgAgg *eventstore.Aggregate, idpConfigID string, cascade bool, cascadeExternalIDPs ...*domain.ExternalIDP) []eventstore.EventPusher {
var events []eventstore.EventPusher var events []eventstore.EventPusher
if cascade { if cascade {
events = append(events, org.NewIdentityProviderCascadeRemovedEvent(ctx, orgAgg, idpConfigID)) events = append(events, org.NewIdentityProviderCascadeRemovedEvent(ctx, orgAgg, idpConfigID))
@@ -128,7 +128,7 @@ func (r *CommandSide) removeIDPProviderFromLoginPolicy(ctx context.Context, orgA
} }
for _, idp := range cascadeExternalIDPs { for _, idp := range cascadeExternalIDPs {
event, err := r.removeHumanExternalIDP(ctx, idp, true) event, err := c.removeHumanExternalIDP(ctx, idp, true)
if err != nil { if err != nil {
logging.LogWithFields("COMMAND-n8RRf", "userid", idp.AggregateID, "idpconfigid", idp.IDPConfigID).WithError(err).Warn("could not cascade remove external idp") logging.LogWithFields("COMMAND-n8RRf", "userid", idp.AggregateID, "idpconfigid", idp.IDPConfigID).WithError(err).Warn("could not cascade remove external idp")
continue continue
@@ -138,9 +138,9 @@ func (r *CommandSide) removeIDPProviderFromLoginPolicy(ctx context.Context, orgA
return events return events
} }
func (r *CommandSide) AddSecondFactorToLoginPolicy(ctx context.Context, secondFactor domain.SecondFactorType, orgID string) (domain.SecondFactorType, error) { func (c *Commands) AddSecondFactorToLoginPolicy(ctx context.Context, secondFactor domain.SecondFactorType, orgID string) (domain.SecondFactorType, error) {
secondFactorModel := NewOrgSecondFactorWriteModel(orgID) secondFactorModel := NewOrgSecondFactorWriteModel(orgID)
err := r.eventstore.FilterToQueryReducer(ctx, secondFactorModel) err := c.eventstore.FilterToQueryReducer(ctx, secondFactorModel)
if err != nil { if err != nil {
return domain.SecondFactorTypeUnspecified, err return domain.SecondFactorTypeUnspecified, err
} }
@@ -151,16 +151,16 @@ func (r *CommandSide) AddSecondFactorToLoginPolicy(ctx context.Context, secondFa
orgAgg := OrgAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel)
if _, err = r.eventstore.PushEvents(ctx, org.NewLoginPolicySecondFactorAddedEvent(ctx, orgAgg, secondFactor)); err != nil { if _, err = c.eventstore.PushEvents(ctx, org.NewLoginPolicySecondFactorAddedEvent(ctx, orgAgg, secondFactor)); err != nil {
return domain.SecondFactorTypeUnspecified, err return domain.SecondFactorTypeUnspecified, err
} }
return secondFactorModel.MFAType, nil return secondFactorModel.MFAType, nil
} }
func (r *CommandSide) RemoveSecondFactorFromLoginPolicy(ctx context.Context, secondFactor domain.SecondFactorType, orgID string) error { func (c *Commands) RemoveSecondFactorFromLoginPolicy(ctx context.Context, secondFactor domain.SecondFactorType, orgID string) error {
secondFactorModel := NewOrgSecondFactorWriteModel(orgID) secondFactorModel := NewOrgSecondFactorWriteModel(orgID)
err := r.eventstore.FilterToQueryReducer(ctx, secondFactorModel) err := c.eventstore.FilterToQueryReducer(ctx, secondFactorModel)
if err != nil { if err != nil {
return err return err
} }
@@ -169,13 +169,13 @@ func (r *CommandSide) RemoveSecondFactorFromLoginPolicy(ctx context.Context, sec
} }
orgAgg := OrgAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel)
_, err = r.eventstore.PushEvents(ctx, org.NewLoginPolicySecondFactorRemovedEvent(ctx, orgAgg, secondFactor)) _, err = c.eventstore.PushEvents(ctx, org.NewLoginPolicySecondFactorRemovedEvent(ctx, orgAgg, secondFactor))
return err return err
} }
func (r *CommandSide) AddMultiFactorToLoginPolicy(ctx context.Context, multiFactor domain.MultiFactorType, orgID string) (domain.MultiFactorType, error) { func (c *Commands) AddMultiFactorToLoginPolicy(ctx context.Context, multiFactor domain.MultiFactorType, orgID string) (domain.MultiFactorType, error) {
multiFactorModel := NewOrgMultiFactorWriteModel(orgID) multiFactorModel := NewOrgMultiFactorWriteModel(orgID)
err := r.eventstore.FilterToQueryReducer(ctx, multiFactorModel) err := c.eventstore.FilterToQueryReducer(ctx, multiFactorModel)
if err != nil { if err != nil {
return domain.MultiFactorTypeUnspecified, err return domain.MultiFactorTypeUnspecified, err
} }
@@ -185,16 +185,16 @@ func (r *CommandSide) AddMultiFactorToLoginPolicy(ctx context.Context, multiFact
orgAgg := OrgAggregateFromWriteModel(&multiFactorModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&multiFactorModel.WriteModel)
if _, err = r.eventstore.PushEvents(ctx, org.NewLoginPolicyMultiFactorAddedEvent(ctx, orgAgg, multiFactor)); err != nil { if _, err = c.eventstore.PushEvents(ctx, org.NewLoginPolicyMultiFactorAddedEvent(ctx, orgAgg, multiFactor)); err != nil {
return domain.MultiFactorTypeUnspecified, err return domain.MultiFactorTypeUnspecified, err
} }
return multiFactorModel.MFAType, nil return multiFactorModel.MFAType, nil
} }
func (r *CommandSide) RemoveMultiFactorFromLoginPolicy(ctx context.Context, multiFactor domain.MultiFactorType, orgID string) error { func (c *Commands) RemoveMultiFactorFromLoginPolicy(ctx context.Context, multiFactor domain.MultiFactorType, orgID string) error {
multiFactorModel := NewOrgMultiFactorWriteModel(orgID) multiFactorModel := NewOrgMultiFactorWriteModel(orgID)
err := r.eventstore.FilterToQueryReducer(ctx, multiFactorModel) err := c.eventstore.FilterToQueryReducer(ctx, multiFactorModel)
if err != nil { if err != nil {
return err return err
} }
@@ -203,6 +203,6 @@ func (r *CommandSide) RemoveMultiFactorFromLoginPolicy(ctx context.Context, mult
} }
orgAgg := OrgAggregateFromWriteModel(&multiFactorModel.MultiFactoryWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&multiFactorModel.MultiFactoryWriteModel.WriteModel)
_, err = r.eventstore.PushEvents(ctx, org.NewLoginPolicyMultiFactorRemovedEvent(ctx, orgAgg, multiFactor)) _, err = c.eventstore.PushEvents(ctx, org.NewLoginPolicyMultiFactorRemovedEvent(ctx, orgAgg, multiFactor))
return err return err
} }

18
internal/command/org_policy_mail_template.go
View File

@@ -8,12 +8,12 @@ import (
"github.com/caos/zitadel/internal/repository/org" "github.com/caos/zitadel/internal/repository/org"
) )
func (r *CommandSide) AddMailTemplate(ctx context.Context, resourceOwner string, policy *domain.MailTemplate) (*domain.MailTemplate, error) { func (c *Commands) AddMailTemplate(ctx context.Context, resourceOwner string, policy *domain.MailTemplate) (*domain.MailTemplate, error) {
if !policy.IsValid() { if !policy.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "ORG-3m9fs", "Errors.Org.MailTemplate.Invalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "ORG-3m9fs", "Errors.Org.MailTemplate.Invalid")
} }
addedPolicy := NewOrgMailTemplateWriteModel(resourceOwner) addedPolicy := NewOrgMailTemplateWriteModel(resourceOwner)
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) err := c.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -22,7 +22,7 @@ func (r *CommandSide) AddMailTemplate(ctx context.Context, resourceOwner string,
} }
orgAgg := OrgAggregateFromWriteModel(&addedPolicy.MailTemplateWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&addedPolicy.MailTemplateWriteModel.WriteModel)
pushedEvents, err := r.eventstore.PushEvents(ctx, org.NewMailTemplateAddedEvent(ctx, orgAgg, policy.Template)) pushedEvents, err := c.eventstore.PushEvents(ctx, org.NewMailTemplateAddedEvent(ctx, orgAgg, policy.Template))
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -33,12 +33,12 @@ func (r *CommandSide) AddMailTemplate(ctx context.Context, resourceOwner string,
return writeModelToMailTemplate(&addedPolicy.MailTemplateWriteModel), nil return writeModelToMailTemplate(&addedPolicy.MailTemplateWriteModel), nil
} }
func (r *CommandSide) ChangeMailTemplate(ctx context.Context, resourceOwner string, policy *domain.MailTemplate) (*domain.MailTemplate, error) { func (c *Commands) ChangeMailTemplate(ctx context.Context, resourceOwner string, policy *domain.MailTemplate) (*domain.MailTemplate, error) {
if !policy.IsValid() { if !policy.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "ORG-9f9ds", "Errors.Org.MailTemplate.Invalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "ORG-9f9ds", "Errors.Org.MailTemplate.Invalid")
} }
existingPolicy := NewOrgMailTemplateWriteModel(resourceOwner) existingPolicy := NewOrgMailTemplateWriteModel(resourceOwner)
err := r.eventstore.FilterToQueryReducer(ctx, existingPolicy) err := c.eventstore.FilterToQueryReducer(ctx, existingPolicy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -52,7 +52,7 @@ func (r *CommandSide) ChangeMailTemplate(ctx context.Context, resourceOwner stri
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-4M9vs", "Errors.Org.MailTemplate.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-4M9vs", "Errors.Org.MailTemplate.NotChanged")
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent) pushedEvents, err := c.eventstore.PushEvents(ctx, changedEvent)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -63,9 +63,9 @@ func (r *CommandSide) ChangeMailTemplate(ctx context.Context, resourceOwner stri
return writeModelToMailTemplate(&existingPolicy.MailTemplateWriteModel), nil return writeModelToMailTemplate(&existingPolicy.MailTemplateWriteModel), nil
} }
func (r *CommandSide) RemoveMailTemplate(ctx context.Context, orgID string) error { func (c *Commands) RemoveMailTemplate(ctx context.Context, orgID string) error {
existingPolicy := NewOrgMailTemplateWriteModel(orgID) existingPolicy := NewOrgMailTemplateWriteModel(orgID)
err := r.eventstore.FilterToQueryReducer(ctx, existingPolicy) err := c.eventstore.FilterToQueryReducer(ctx, existingPolicy)
if err != nil { if err != nil {
return err return err
} }
@@ -74,6 +74,6 @@ func (r *CommandSide) RemoveMailTemplate(ctx context.Context, orgID string) erro
} }
orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel) orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel)
_, err = r.eventstore.PushEvents(ctx, org.NewMailTemplateRemovedEvent(ctx, orgAgg)) _, err = c.eventstore.PushEvents(ctx, org.NewMailTemplateRemovedEvent(ctx, orgAgg))
return err return err
} }

18
internal/command/org_policy_mail_text.go
View File

@@ -8,12 +8,12 @@ import (
"github.com/caos/zitadel/internal/repository/org" "github.com/caos/zitadel/internal/repository/org"
) )
func (r *CommandSide) AddMailText(ctx context.Context, resourceOwner string, mailText *domain.MailText) (*domain.MailText, error) { func (c *Commands) AddMailText(ctx context.Context, resourceOwner string, mailText *domain.MailText) (*domain.MailText, error) {
if !mailText.IsValid() { if !mailText.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-4778u", "Errors.Org.MailText.Invalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-4778u", "Errors.Org.MailText.Invalid")
} }
addedPolicy := NewOrgMailTextWriteModel(resourceOwner, mailText.MailTextType, mailText.Language) addedPolicy := NewOrgMailTextWriteModel(resourceOwner, mailText.MailTextType, mailText.Language)
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) err := c.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -22,7 +22,7 @@ func (r *CommandSide) AddMailText(ctx context.Context, resourceOwner string, mai
} }
orgAgg := OrgAggregateFromWriteModel(&addedPolicy.MailTextWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&addedPolicy.MailTextWriteModel.WriteModel)
pushedEvents, err := r.eventstore.PushEvents( pushedEvents, err := c.eventstore.PushEvents(
ctx, ctx,
org.NewMailTextAddedEvent( org.NewMailTextAddedEvent(
ctx, ctx,
@@ -46,12 +46,12 @@ func (r *CommandSide) AddMailText(ctx context.Context, resourceOwner string, mai
return writeModelToMailText(&addedPolicy.MailTextWriteModel), nil return writeModelToMailText(&addedPolicy.MailTextWriteModel), nil
} }
func (r *CommandSide) ChangeMailText(ctx context.Context, resourceOwner string, mailText *domain.MailText) (*domain.MailText, error) { func (c *Commands) ChangeMailText(ctx context.Context, resourceOwner string, mailText *domain.MailText) (*domain.MailText, error) {
if !mailText.IsValid() { if !mailText.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-3m9fs", "Errors.Org.MailText.Invalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-3m9fs", "Errors.Org.MailText.Invalid")
} }
existingPolicy := NewOrgMailTextWriteModel(resourceOwner, mailText.MailTextType, mailText.Language) existingPolicy := NewOrgMailTextWriteModel(resourceOwner, mailText.MailTextType, mailText.Language)
err := r.eventstore.FilterToQueryReducer(ctx, existingPolicy) err := c.eventstore.FilterToQueryReducer(ctx, existingPolicy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -75,7 +75,7 @@ func (r *CommandSide) ChangeMailText(ctx context.Context, resourceOwner string,
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-2n9fs", "Errors.Org.MailText.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-2n9fs", "Errors.Org.MailText.NotChanged")
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent) pushedEvents, err := c.eventstore.PushEvents(ctx, changedEvent)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -87,9 +87,9 @@ func (r *CommandSide) ChangeMailText(ctx context.Context, resourceOwner string,
return writeModelToMailText(&existingPolicy.MailTextWriteModel), nil return writeModelToMailText(&existingPolicy.MailTextWriteModel), nil
} }
func (r *CommandSide) RemoveMailText(ctx context.Context, resourceOwner, mailTextType, language string) error { func (c *Commands) RemoveMailText(ctx context.Context, resourceOwner, mailTextType, language string) error {
existingPolicy := NewOrgMailTextWriteModel(resourceOwner, mailTextType, language) existingPolicy := NewOrgMailTextWriteModel(resourceOwner, mailTextType, language)
err := r.eventstore.FilterToQueryReducer(ctx, existingPolicy) err := c.eventstore.FilterToQueryReducer(ctx, existingPolicy)
if err != nil { if err != nil {
return err return err
} }
@@ -97,6 +97,6 @@ func (r *CommandSide) RemoveMailText(ctx context.Context, resourceOwner, mailTex
return caos_errs.ThrowNotFound(nil, "Org-3b8Jf", "Errors.Org.MailText.NotFound") return caos_errs.ThrowNotFound(nil, "Org-3b8Jf", "Errors.Org.MailText.NotFound")
} }
orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel) orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel)
_, err = r.eventstore.PushEvents(ctx, org.NewMailTextRemovedEvent(ctx, orgAgg, mailTextType, language)) _, err = c.eventstore.PushEvents(ctx, org.NewMailTextRemovedEvent(ctx, orgAgg, mailTextType, language))
return err return err
} }

32
internal/command/org_policy_org_iam.go
View File

@@ -9,14 +9,14 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
) )
func (r *CommandSide) AddOrgIAMPolicy(ctx context.Context, resourceOwner string, policy *domain.OrgIAMPolicy) (*domain.OrgIAMPolicy, error) { func (c *Commands) AddOrgIAMPolicy(ctx context.Context, resourceOwner string, policy *domain.OrgIAMPolicy) (*domain.OrgIAMPolicy, error) {
addedPolicy := NewORGOrgIAMPolicyWriteModel(resourceOwner) addedPolicy := NewORGOrgIAMPolicyWriteModel(resourceOwner)
orgAgg := OrgAggregateFromWriteModel(&addedPolicy.PolicyOrgIAMWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&addedPolicy.PolicyOrgIAMWriteModel.WriteModel)
event, err := r.addOrgIAMPolicy(ctx, orgAgg, addedPolicy, policy) event, err := c.addOrgIAMPolicy(ctx, orgAgg, addedPolicy, policy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, event) pushedEvents, err := c.eventstore.PushEvents(ctx, event)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -27,8 +27,8 @@ func (r *CommandSide) AddOrgIAMPolicy(ctx context.Context, resourceOwner string,
return orgWriteModelToOrgIAMPolicy(addedPolicy), nil return orgWriteModelToOrgIAMPolicy(addedPolicy), nil
} }
func (r *CommandSide) addOrgIAMPolicy(ctx context.Context, orgAgg *eventstore.Aggregate, addedPolicy *ORGOrgIAMPolicyWriteModel, policy *domain.OrgIAMPolicy) (eventstore.EventPusher, error) { func (c *Commands) addOrgIAMPolicy(ctx context.Context, orgAgg *eventstore.Aggregate, addedPolicy *ORGOrgIAMPolicyWriteModel, policy *domain.OrgIAMPolicy) (eventstore.EventPusher, error) {
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) err := c.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -38,8 +38,8 @@ func (r *CommandSide) addOrgIAMPolicy(ctx context.Context, orgAgg *eventstore.Ag
return org.NewOrgIAMPolicyAddedEvent(ctx, orgAgg, policy.UserLoginMustBeDomain), nil return org.NewOrgIAMPolicyAddedEvent(ctx, orgAgg, policy.UserLoginMustBeDomain), nil
} }
func (r *CommandSide) ChangeOrgIAMPolicy(ctx context.Context, resourceOwner string, policy *domain.OrgIAMPolicy) (*domain.OrgIAMPolicy, error) { func (c *Commands) ChangeOrgIAMPolicy(ctx context.Context, resourceOwner string, policy *domain.OrgIAMPolicy) (*domain.OrgIAMPolicy, error) {
existingPolicy, err := r.orgIAMPolicyWriteModelByID(ctx, resourceOwner) existingPolicy, err := c.orgIAMPolicyWriteModelByID(ctx, resourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -53,7 +53,7 @@ func (r *CommandSide) ChangeOrgIAMPolicy(ctx context.Context, resourceOwner stri
return nil, caos_errs.ThrowPreconditionFailed(nil, "ORG-3M9ds", "Errors.Org.LabelPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "ORG-3M9ds", "Errors.Org.LabelPolicy.NotChanged")
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent) pushedEvents, err := c.eventstore.PushEvents(ctx, changedEvent)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -64,8 +64,8 @@ func (r *CommandSide) ChangeOrgIAMPolicy(ctx context.Context, resourceOwner stri
return orgWriteModelToOrgIAMPolicy(existingPolicy), nil return orgWriteModelToOrgIAMPolicy(existingPolicy), nil
} }
func (r *CommandSide) RemoveOrgIAMPolicy(ctx context.Context, orgID string) error { func (c *Commands) RemoveOrgIAMPolicy(ctx context.Context, orgID string) error {
existingPolicy, err := r.orgIAMPolicyWriteModelByID(ctx, orgID) existingPolicy, err := c.orgIAMPolicyWriteModelByID(ctx, orgID)
if err != nil { if err != nil {
return err return err
} }
@@ -74,27 +74,27 @@ func (r *CommandSide) RemoveOrgIAMPolicy(ctx context.Context, orgID string) erro
} }
orgAgg := OrgAggregateFromWriteModel(&existingPolicy.PolicyOrgIAMWriteModel.WriteModel) orgAgg := OrgAggregateFromWriteModel(&existingPolicy.PolicyOrgIAMWriteModel.WriteModel)
_, err = r.eventstore.PushEvents(ctx, org.NewOrgIAMPolicyRemovedEvent(ctx, orgAgg)) _, err = c.eventstore.PushEvents(ctx, org.NewOrgIAMPolicyRemovedEvent(ctx, orgAgg))
return err return err
} }
func (r *CommandSide) getOrgIAMPolicy(ctx context.Context, orgID string) (*domain.OrgIAMPolicy, error) { func (c *Commands) getOrgIAMPolicy(ctx context.Context, orgID string) (*domain.OrgIAMPolicy, error) {
policy, err := r.orgIAMPolicyWriteModelByID(ctx, orgID) policy, err := c.orgIAMPolicyWriteModelByID(ctx, orgID)
if err != nil { if err != nil {
return nil, err return nil, err
} }
if policy.State == domain.PolicyStateActive { if policy.State == domain.PolicyStateActive {
return orgWriteModelToOrgIAMPolicy(policy), nil return orgWriteModelToOrgIAMPolicy(policy), nil
} }
return r.getDefaultOrgIAMPolicy(ctx) return c.getDefaultOrgIAMPolicy(ctx)
} }
func (r *CommandSide) orgIAMPolicyWriteModelByID(ctx context.Context, orgID string) (policy *ORGOrgIAMPolicyWriteModel, err error) { func (c *Commands) orgIAMPolicyWriteModelByID(ctx context.Context, orgID string) (policy *ORGOrgIAMPolicyWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
writeModel := NewORGOrgIAMPolicyWriteModel(orgID) writeModel := NewORGOrgIAMPolicyWriteModel(orgID)
err = r.eventstore.FilterToQueryReducer(ctx, writeModel) err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

18
internal/command/org_policy_password_age.go
View File

@@ -8,9 +8,9 @@ import (
"github.com/caos/zitadel/internal/repository/org" "github.com/caos/zitadel/internal/repository/org"
) )
func (r *CommandSide) AddPasswordAgePolicy(ctx context.Context, resourceOwner string, policy *domain.PasswordAgePolicy) (*domain.PasswordAgePolicy, error) { func (c *Commands) AddPasswordAgePolicy(ctx context.Context, resourceOwner string, policy *domain.PasswordAgePolicy) (*domain.PasswordAgePolicy, error) {
addedPolicy := NewOrgPasswordAgePolicyWriteModel(resourceOwner) addedPolicy := NewOrgPasswordAgePolicyWriteModel(resourceOwner)
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) err := c.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -19,7 +19,7 @@ func (r *CommandSide) AddPasswordAgePolicy(ctx context.Context, resourceOwner st
} }
orgAgg := OrgAggregateFromWriteModel(&addedPolicy.WriteModel) orgAgg := OrgAggregateFromWriteModel(&addedPolicy.WriteModel)
pushedEvents, err := r.eventstore.PushEvents(ctx, org.NewPasswordAgePolicyAddedEvent(ctx, orgAgg, policy.ExpireWarnDays, policy.MaxAgeDays)) pushedEvents, err := c.eventstore.PushEvents(ctx, org.NewPasswordAgePolicyAddedEvent(ctx, orgAgg, policy.ExpireWarnDays, policy.MaxAgeDays))
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -30,9 +30,9 @@ func (r *CommandSide) AddPasswordAgePolicy(ctx context.Context, resourceOwner st
return writeModelToPasswordAgePolicy(&addedPolicy.PasswordAgePolicyWriteModel), nil return writeModelToPasswordAgePolicy(&addedPolicy.PasswordAgePolicyWriteModel), nil
} }
func (r *CommandSide) ChangePasswordAgePolicy(ctx context.Context, resourceOwner string, policy *domain.PasswordAgePolicy) (*domain.PasswordAgePolicy, error) { func (c *Commands) ChangePasswordAgePolicy(ctx context.Context, resourceOwner string, policy *domain.PasswordAgePolicy) (*domain.PasswordAgePolicy, error) {
existingPolicy := NewOrgPasswordAgePolicyWriteModel(resourceOwner) existingPolicy := NewOrgPasswordAgePolicyWriteModel(resourceOwner)
err := r.eventstore.FilterToQueryReducer(ctx, existingPolicy) err := c.eventstore.FilterToQueryReducer(ctx, existingPolicy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -46,7 +46,7 @@ func (r *CommandSide) ChangePasswordAgePolicy(ctx context.Context, resourceOwner
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-dsgjR", "Errors.ORg.LabelPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-dsgjR", "Errors.ORg.LabelPolicy.NotChanged")
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent) pushedEvents, err := c.eventstore.PushEvents(ctx, changedEvent)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -57,9 +57,9 @@ func (r *CommandSide) ChangePasswordAgePolicy(ctx context.Context, resourceOwner
return writeModelToPasswordAgePolicy(&existingPolicy.PasswordAgePolicyWriteModel), nil return writeModelToPasswordAgePolicy(&existingPolicy.PasswordAgePolicyWriteModel), nil
} }
func (r *CommandSide) RemovePasswordAgePolicy(ctx context.Context, orgID string) error { func (c *Commands) RemovePasswordAgePolicy(ctx context.Context, orgID string) error {
existingPolicy := NewOrgPasswordAgePolicyWriteModel(orgID) existingPolicy := NewOrgPasswordAgePolicyWriteModel(orgID)
err := r.eventstore.FilterToQueryReducer(ctx, existingPolicy) err := c.eventstore.FilterToQueryReducer(ctx, existingPolicy)
if err != nil { if err != nil {
return err return err
} }
@@ -67,6 +67,6 @@ func (r *CommandSide) RemovePasswordAgePolicy(ctx context.Context, orgID string)
return caos_errs.ThrowNotFound(nil, "ORG-Dgs1g", "Errors.Org.PasswordAgePolicy.NotFound") return caos_errs.ThrowNotFound(nil, "ORG-Dgs1g", "Errors.Org.PasswordAgePolicy.NotFound")
} }
orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel) orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel)
_, err = r.eventstore.PushEvents(ctx, org.NewPasswordAgePolicyRemovedEvent(ctx, orgAgg)) _, err = c.eventstore.PushEvents(ctx, org.NewPasswordAgePolicyRemovedEvent(ctx, orgAgg))
return err return err
} }

24
internal/command/org_policy_password_complexity.go
View File

@@ -8,24 +8,24 @@ import (
"github.com/caos/zitadel/internal/repository/org" "github.com/caos/zitadel/internal/repository/org"
) )
func (r *CommandSide) getOrgPasswordComplexityPolicy(ctx context.Context, orgID string) (*domain.PasswordComplexityPolicy, error) { func (c *Commands) getOrgPasswordComplexityPolicy(ctx context.Context, orgID string) (*domain.PasswordComplexityPolicy, error) {
policy := NewOrgPasswordComplexityPolicyWriteModel(orgID) policy := NewOrgPasswordComplexityPolicyWriteModel(orgID)
err := r.eventstore.FilterToQueryReducer(ctx, policy) err := c.eventstore.FilterToQueryReducer(ctx, policy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
if policy.State == domain.PolicyStateActive { if policy.State == domain.PolicyStateActive {
return orgWriteModelToPasswordComplexityPolicy(policy), nil return orgWriteModelToPasswordComplexityPolicy(policy), nil
} }
return r.getDefaultPasswordComplexityPolicy(ctx) return c.getDefaultPasswordComplexityPolicy(ctx)
} }
func (r *CommandSide) AddPasswordComplexityPolicy(ctx context.Context, resourceOwner string, policy *domain.PasswordComplexityPolicy) (*domain.PasswordComplexityPolicy, error) { func (c *Commands) AddPasswordComplexityPolicy(ctx context.Context, resourceOwner string, policy *domain.PasswordComplexityPolicy) (*domain.PasswordComplexityPolicy, error) {
if err := policy.IsValid(); err != nil { if err := policy.IsValid(); err != nil {
return nil, err return nil, err
} }
addedPolicy := NewOrgPasswordComplexityPolicyWriteModel(resourceOwner) addedPolicy := NewOrgPasswordComplexityPolicyWriteModel(resourceOwner)
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) err := c.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -34,7 +34,7 @@ func (r *CommandSide) AddPasswordComplexityPolicy(ctx context.Context, resourceO
} }
orgAgg := OrgAggregateFromWriteModel(&addedPolicy.WriteModel) orgAgg := OrgAggregateFromWriteModel(&addedPolicy.WriteModel)
pushedEvents, err := r.eventstore.PushEvents( pushedEvents, err := c.eventstore.PushEvents(
ctx, ctx,
org.NewPasswordComplexityPolicyAddedEvent( org.NewPasswordComplexityPolicyAddedEvent(
ctx, ctx,
@@ -54,13 +54,13 @@ func (r *CommandSide) AddPasswordComplexityPolicy(ctx context.Context, resourceO
return writeModelToPasswordComplexityPolicy(&addedPolicy.PasswordComplexityPolicyWriteModel), nil return writeModelToPasswordComplexityPolicy(&addedPolicy.PasswordComplexityPolicyWriteModel), nil
} }
func (r *CommandSide) ChangePasswordComplexityPolicy(ctx context.Context, resourceOwner string, policy *domain.PasswordComplexityPolicy) (*domain.PasswordComplexityPolicy, error) { func (c *Commands) ChangePasswordComplexityPolicy(ctx context.Context, resourceOwner string, policy *domain.PasswordComplexityPolicy) (*domain.PasswordComplexityPolicy, error) {
if err := policy.IsValid(); err != nil { if err := policy.IsValid(); err != nil {
return nil, err return nil, err
} }
existingPolicy := NewOrgPasswordComplexityPolicyWriteModel(resourceOwner) existingPolicy := NewOrgPasswordComplexityPolicyWriteModel(resourceOwner)
err := r.eventstore.FilterToQueryReducer(ctx, existingPolicy) err := c.eventstore.FilterToQueryReducer(ctx, existingPolicy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -74,7 +74,7 @@ func (r *CommandSide) ChangePasswordComplexityPolicy(ctx context.Context, resour
return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-DAs21", "Errors.Org.PasswordComplexityPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-DAs21", "Errors.Org.PasswordComplexityPolicy.NotChanged")
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent) pushedEvents, err := c.eventstore.PushEvents(ctx, changedEvent)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -85,9 +85,9 @@ func (r *CommandSide) ChangePasswordComplexityPolicy(ctx context.Context, resour
return writeModelToPasswordComplexityPolicy(&existingPolicy.PasswordComplexityPolicyWriteModel), nil return writeModelToPasswordComplexityPolicy(&existingPolicy.PasswordComplexityPolicyWriteModel), nil
} }
func (r *CommandSide) RemovePasswordComplexityPolicy(ctx context.Context, orgID string) error { func (c *Commands) RemovePasswordComplexityPolicy(ctx context.Context, orgID string) error {
existingPolicy := NewOrgPasswordComplexityPolicyWriteModel(orgID) existingPolicy := NewOrgPasswordComplexityPolicyWriteModel(orgID)
err := r.eventstore.FilterToQueryReducer(ctx, existingPolicy) err := c.eventstore.FilterToQueryReducer(ctx, existingPolicy)
if err != nil { if err != nil {
return err return err
} }
@@ -95,6 +95,6 @@ func (r *CommandSide) RemovePasswordComplexityPolicy(ctx context.Context, orgID
return caos_errs.ThrowNotFound(nil, "ORG-ADgs2", "Errors.Org.PasswordComplexityPolicy.NotFound") return caos_errs.ThrowNotFound(nil, "ORG-ADgs2", "Errors.Org.PasswordComplexityPolicy.NotFound")
} }
orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel) orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel)
_, err = r.eventstore.PushEvents(ctx, org.NewPasswordComplexityPolicyRemovedEvent(ctx, orgAgg)) _, err = c.eventstore.PushEvents(ctx, org.NewPasswordComplexityPolicyRemovedEvent(ctx, orgAgg))
return err return err
} }

18
internal/command/org_policy_password_lockout.go
View File

@@ -7,9 +7,9 @@ import (
"github.com/caos/zitadel/internal/repository/org" "github.com/caos/zitadel/internal/repository/org"
) )
func (r *CommandSide) AddPasswordLockoutPolicy(ctx context.Context, resourceOwner string, policy *domain.PasswordLockoutPolicy) (*domain.PasswordLockoutPolicy, error) { func (c *Commands) AddPasswordLockoutPolicy(ctx context.Context, resourceOwner string, policy *domain.PasswordLockoutPolicy) (*domain.PasswordLockoutPolicy, error) {
addedPolicy := NewOrgPasswordLockoutPolicyWriteModel(resourceOwner) addedPolicy := NewOrgPasswordLockoutPolicyWriteModel(resourceOwner)
err := r.eventstore.FilterToQueryReducer(ctx, addedPolicy) err := c.eventstore.FilterToQueryReducer(ctx, addedPolicy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -18,7 +18,7 @@ func (r *CommandSide) AddPasswordLockoutPolicy(ctx context.Context, resourceOwne
} }
orgAgg := OrgAggregateFromWriteModel(&addedPolicy.WriteModel) orgAgg := OrgAggregateFromWriteModel(&addedPolicy.WriteModel)
pushedEvents, err := r.eventstore.PushEvents(ctx, org.NewPasswordLockoutPolicyAddedEvent(ctx, orgAgg, policy.MaxAttempts, policy.ShowLockOutFailures)) pushedEvents, err := c.eventstore.PushEvents(ctx, org.NewPasswordLockoutPolicyAddedEvent(ctx, orgAgg, policy.MaxAttempts, policy.ShowLockOutFailures))
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -29,9 +29,9 @@ func (r *CommandSide) AddPasswordLockoutPolicy(ctx context.Context, resourceOwne
return writeModelToPasswordLockoutPolicy(&addedPolicy.PasswordLockoutPolicyWriteModel), nil return writeModelToPasswordLockoutPolicy(&addedPolicy.PasswordLockoutPolicyWriteModel), nil
} }
func (r *CommandSide) ChangePasswordLockoutPolicy(ctx context.Context, resourceOwner string, policy *domain.PasswordLockoutPolicy) (*domain.PasswordLockoutPolicy, error) { func (c *Commands) ChangePasswordLockoutPolicy(ctx context.Context, resourceOwner string, policy *domain.PasswordLockoutPolicy) (*domain.PasswordLockoutPolicy, error) {
existingPolicy := NewOrgPasswordLockoutPolicyWriteModel(resourceOwner) existingPolicy := NewOrgPasswordLockoutPolicyWriteModel(resourceOwner)
err := r.eventstore.FilterToQueryReducer(ctx, existingPolicy) err := c.eventstore.FilterToQueryReducer(ctx, existingPolicy)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -45,7 +45,7 @@ func (r *CommandSide) ChangePasswordLockoutPolicy(ctx context.Context, resourceO
return nil, caos_errs.ThrowPreconditionFailed(nil, "ORG-4M9vs", "Errors.Org.PasswordLockoutPolicy.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "ORG-4M9vs", "Errors.Org.PasswordLockoutPolicy.NotChanged")
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent) pushedEvents, err := c.eventstore.PushEvents(ctx, changedEvent)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -56,9 +56,9 @@ func (r *CommandSide) ChangePasswordLockoutPolicy(ctx context.Context, resourceO
return writeModelToPasswordLockoutPolicy(&existingPolicy.PasswordLockoutPolicyWriteModel), nil return writeModelToPasswordLockoutPolicy(&existingPolicy.PasswordLockoutPolicyWriteModel), nil
} }
func (r *CommandSide) RemovePasswordLockoutPolicy(ctx context.Context, orgID string) error { func (c *Commands) RemovePasswordLockoutPolicy(ctx context.Context, orgID string) error {
existingPolicy := NewOrgPasswordLockoutPolicyWriteModel(orgID) existingPolicy := NewOrgPasswordLockoutPolicyWriteModel(orgID)
err := r.eventstore.FilterToQueryReducer(ctx, existingPolicy) err := c.eventstore.FilterToQueryReducer(ctx, existingPolicy)
if err != nil { if err != nil {
return err return err
} }
@@ -67,6 +67,6 @@ func (r *CommandSide) RemovePasswordLockoutPolicy(ctx context.Context, orgID str
} }
orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel) orgAgg := OrgAggregateFromWriteModel(&existingPolicy.WriteModel)
_, err = r.eventstore.PushEvents(ctx, org.NewPasswordLockoutPolicyRemovedEvent(ctx, orgAgg)) _, err = c.eventstore.PushEvents(ctx, org.NewPasswordLockoutPolicyRemovedEvent(ctx, orgAgg))
return err return err
} }

50
internal/command/project.go
View File

@@ -9,12 +9,12 @@ import (
"github.com/caos/zitadel/internal/repository/project" "github.com/caos/zitadel/internal/repository/project"
) )
func (r *CommandSide) AddProject(ctx context.Context, project *domain.Project, resourceOwner, ownerUserID string) (_ *domain.Project, err error) { func (c *Commands) AddProject(ctx context.Context, project *domain.Project, resourceOwner, ownerUserID string) (_ *domain.Project, err error) {
events, addedProject, err := r.addProject(ctx, project, resourceOwner, ownerUserID) events, addedProject, err := c.addProject(ctx, project, resourceOwner, ownerUserID)
if err != nil { if err != nil {
return nil, err return nil, err
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, events...) pushedEvents, err := c.eventstore.PushEvents(ctx, events...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -25,11 +25,11 @@ func (r *CommandSide) AddProject(ctx context.Context, project *domain.Project, r
return projectWriteModelToProject(addedProject), nil return projectWriteModelToProject(addedProject), nil
} }
func (r *CommandSide) addProject(ctx context.Context, projectAdd *domain.Project, resourceOwner, ownerUserID string) (_ []eventstore.EventPusher, _ *ProjectWriteModel, err error) { func (c *Commands) addProject(ctx context.Context, projectAdd *domain.Project, resourceOwner, ownerUserID string) (_ []eventstore.EventPusher, _ *ProjectWriteModel, err error) {
if !projectAdd.IsValid() { if !projectAdd.IsValid() {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-IOVCC", "Errors.Project.Invalid") return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-IOVCC", "Errors.Project.Invalid")
} }
projectAdd.AggregateID, err = r.idGenerator.Next() projectAdd.AggregateID, err = c.idGenerator.Next()
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
@@ -37,7 +37,7 @@ func (r *CommandSide) addProject(ctx context.Context, projectAdd *domain.Project
projectAgg := ProjectAggregateFromWriteModel(&addedProject.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&addedProject.WriteModel)
projectRole := domain.RoleProjectOwner projectRole := domain.RoleProjectOwner
iam, err := r.GetIAM(ctx) iam, err := c.GetIAM(ctx)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
@@ -51,8 +51,8 @@ func (r *CommandSide) addProject(ctx context.Context, projectAdd *domain.Project
return events, addedProject, nil return events, addedProject, nil
} }
func (r *CommandSide) getProjectByID(ctx context.Context, projectID, resourceOwner string) (*domain.Project, error) { func (c *Commands) getProjectByID(ctx context.Context, projectID, resourceOwner string) (*domain.Project, error) {
projectWriteModel, err := r.getProjectWriteModelByID(ctx, projectID, resourceOwner) projectWriteModel, err := c.getProjectWriteModelByID(ctx, projectID, resourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -62,8 +62,8 @@ func (r *CommandSide) getProjectByID(ctx context.Context, projectID, resourceOwn
return projectWriteModelToProject(projectWriteModel), nil return projectWriteModelToProject(projectWriteModel), nil
} }
func (r *CommandSide) checkProjectExists(ctx context.Context, projectID, resourceOwner string) error { func (c *Commands) checkProjectExists(ctx context.Context, projectID, resourceOwner string) error {
projectWriteModel, err := r.getProjectWriteModelByID(ctx, projectID, resourceOwner) projectWriteModel, err := c.getProjectWriteModelByID(ctx, projectID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
@@ -73,12 +73,12 @@ func (r *CommandSide) checkProjectExists(ctx context.Context, projectID, resourc
return nil return nil
} }
func (r *CommandSide) ChangeProject(ctx context.Context, projectChange *domain.Project, resourceOwner string) (*domain.Project, error) { func (c *Commands) ChangeProject(ctx context.Context, projectChange *domain.Project, resourceOwner string) (*domain.Project, error) {
if !projectChange.IsValid() && projectChange.AggregateID != "" { if !projectChange.IsValid() && projectChange.AggregateID != "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4m9vS", "Errors.Project.Invalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4m9vS", "Errors.Project.Invalid")
} }
existingProject, err := r.getProjectWriteModelByID(ctx, projectChange.AggregateID, resourceOwner) existingProject, err := c.getProjectWriteModelByID(ctx, projectChange.AggregateID, resourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -94,7 +94,7 @@ func (r *CommandSide) ChangeProject(ctx context.Context, projectChange *domain.P
if !hasChanged { if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M0fs", "Errors.NoChangesFound") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M0fs", "Errors.NoChangesFound")
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent) pushedEvents, err := c.eventstore.PushEvents(ctx, changedEvent)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -105,12 +105,12 @@ func (r *CommandSide) ChangeProject(ctx context.Context, projectChange *domain.P
return projectWriteModelToProject(existingProject), nil return projectWriteModelToProject(existingProject), nil
} }
func (r *CommandSide) DeactivateProject(ctx context.Context, projectID string, resourceOwner string) error { func (c *Commands) DeactivateProject(ctx context.Context, projectID string, resourceOwner string) error {
if projectID == "" || resourceOwner == "" { if projectID == "" || resourceOwner == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-88iF0", "Errors.Project.ProjectIDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-88iF0", "Errors.Project.ProjectIDMissing")
} }
existingProject, err := r.getProjectWriteModelByID(ctx, projectID, resourceOwner) existingProject, err := c.getProjectWriteModelByID(ctx, projectID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
@@ -122,16 +122,16 @@ func (r *CommandSide) DeactivateProject(ctx context.Context, projectID string, r
} }
projectAgg := ProjectAggregateFromWriteModel(&existingProject.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&existingProject.WriteModel)
_, err = r.eventstore.PushEvents(ctx, project.NewProjectDeactivatedEvent(ctx, projectAgg)) _, err = c.eventstore.PushEvents(ctx, project.NewProjectDeactivatedEvent(ctx, projectAgg))
return err return err
} }
func (r *CommandSide) ReactivateProject(ctx context.Context, projectID string, resourceOwner string) error { func (c *Commands) ReactivateProject(ctx context.Context, projectID string, resourceOwner string) error {
if projectID == "" || resourceOwner == "" { if projectID == "" || resourceOwner == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4m9vS", "Errors.Project.ProjectIDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4m9vS", "Errors.Project.ProjectIDMissing")
} }
existingProject, err := r.getProjectWriteModelByID(ctx, projectID, resourceOwner) existingProject, err := c.getProjectWriteModelByID(ctx, projectID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
@@ -143,16 +143,16 @@ func (r *CommandSide) ReactivateProject(ctx context.Context, projectID string, r
} }
projectAgg := ProjectAggregateFromWriteModel(&existingProject.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&existingProject.WriteModel)
_, err = r.eventstore.PushEvents(ctx, project.NewProjectReactivatedEvent(ctx, projectAgg)) _, err = c.eventstore.PushEvents(ctx, project.NewProjectReactivatedEvent(ctx, projectAgg))
return err return err
} }
func (r *CommandSide) RemoveProject(ctx context.Context, projectID, resourceOwner string, cascadingUserGrantIDs ...string) error { func (c *Commands) RemoveProject(ctx context.Context, projectID, resourceOwner string, cascadingUserGrantIDs ...string) error {
if projectID == "" || resourceOwner == "" { if projectID == "" || resourceOwner == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-66hM9", "Errors.Project.ProjectIDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-66hM9", "Errors.Project.ProjectIDMissing")
} }
existingProject, err := r.getProjectWriteModelByID(ctx, projectID, resourceOwner) existingProject, err := c.getProjectWriteModelByID(ctx, projectID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
@@ -165,7 +165,7 @@ func (r *CommandSide) RemoveProject(ctx context.Context, projectID, resourceOwne
} }
for _, grantID := range cascadingUserGrantIDs { for _, grantID := range cascadingUserGrantIDs {
event, err := r.removeUserGrant(ctx, grantID, "", true) event, err := c.removeUserGrant(ctx, grantID, "", true)
if err != nil { if err != nil {
logging.LogWithFields("COMMAND-b8Djf", "usergrantid", grantID).WithError(err).Warn("could not cascade remove user grant") logging.LogWithFields("COMMAND-b8Djf", "usergrantid", grantID).WithError(err).Warn("could not cascade remove user grant")
continue continue
@@ -173,13 +173,13 @@ func (r *CommandSide) RemoveProject(ctx context.Context, projectID, resourceOwne
events = append(events, event) events = append(events, event)
} }
_, err = r.eventstore.PushEvents(ctx, events...) _, err = c.eventstore.PushEvents(ctx, events...)
return err return err
} }
func (r *CommandSide) getProjectWriteModelByID(ctx context.Context, projectID, resourceOwner string) (*ProjectWriteModel, error) { func (c *Commands) getProjectWriteModelByID(ctx context.Context, projectID, resourceOwner string) (*ProjectWriteModel, error) {
projectWriteModel := NewProjectWriteModel(projectID, resourceOwner) projectWriteModel := NewProjectWriteModel(projectID, resourceOwner)
err := r.eventstore.FilterToQueryReducer(ctx, projectWriteModel) err := c.eventstore.FilterToQueryReducer(ctx, projectWriteModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

28
internal/command/project_application.go
View File

@@ -7,12 +7,12 @@ import (
"github.com/caos/zitadel/internal/repository/project" "github.com/caos/zitadel/internal/repository/project"
) )
func (r *CommandSide) ChangeApplication(ctx context.Context, projectID string, appChange domain.Application, resourceOwner string) (domain.Application, error) { func (c *Commands) ChangeApplication(ctx context.Context, projectID string, appChange domain.Application, resourceOwner string) (domain.Application, error) {
if appChange.GetAppID() == "" || appChange.GetApplicationName() == "" { if appChange.GetAppID() == "" || appChange.GetApplicationName() == "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4m9vS", "Errors.Project.App.Invalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4m9vS", "Errors.Project.App.Invalid")
} }
existingApp, err := r.getApplicationWriteModel(ctx, projectID, appChange.GetAppID(), resourceOwner) existingApp, err := c.getApplicationWriteModel(ctx, projectID, appChange.GetAppID(), resourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -23,7 +23,7 @@ func (r *CommandSide) ChangeApplication(ctx context.Context, projectID string, a
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2m8vx", "Errors.NoChangesFound") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2m8vx", "Errors.NoChangesFound")
} }
projectAgg := ProjectAggregateFromWriteModel(&existingApp.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&existingApp.WriteModel)
pushedEvents, err := r.eventstore.PushEvents( pushedEvents, err := c.eventstore.PushEvents(
ctx, ctx,
project.NewApplicationChangedEvent(ctx, projectAgg, appChange.GetAppID(), existingApp.Name, appChange.GetApplicationName(), projectID)) project.NewApplicationChangedEvent(ctx, projectAgg, appChange.GetAppID(), existingApp.Name, appChange.GetApplicationName(), projectID))
if err != nil { if err != nil {
@@ -36,12 +36,12 @@ func (r *CommandSide) ChangeApplication(ctx context.Context, projectID string, a
return applicationWriteModelToApplication(existingApp), nil return applicationWriteModelToApplication(existingApp), nil
} }
func (r *CommandSide) DeactivateApplication(ctx context.Context, projectID, appID, resourceOwner string) error { func (c *Commands) DeactivateApplication(ctx context.Context, projectID, appID, resourceOwner string) error {
if projectID == "" || appID == "" { if projectID == "" || appID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-88fi0", "Errors.IDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-88fi0", "Errors.IDMissing")
} }
existingApp, err := r.getApplicationWriteModel(ctx, projectID, appID, resourceOwner) existingApp, err := c.getApplicationWriteModel(ctx, projectID, appID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
@@ -52,16 +52,16 @@ func (r *CommandSide) DeactivateApplication(ctx context.Context, projectID, appI
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-dsh35", "Errors.Project.App.NotActive") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-dsh35", "Errors.Project.App.NotActive")
} }
projectAgg := ProjectAggregateFromWriteModel(&existingApp.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&existingApp.WriteModel)
_, err = r.eventstore.PushEvents(ctx, project.NewApplicationDeactivatedEvent(ctx, projectAgg, appID)) _, err = c.eventstore.PushEvents(ctx, project.NewApplicationDeactivatedEvent(ctx, projectAgg, appID))
return err return err
} }
func (r *CommandSide) ReactivateApplication(ctx context.Context, projectID, appID, resourceOwner string) error { func (c *Commands) ReactivateApplication(ctx context.Context, projectID, appID, resourceOwner string) error {
if projectID == "" || appID == "" { if projectID == "" || appID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-983dF", "Errors.IDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-983dF", "Errors.IDMissing")
} }
existingApp, err := r.getApplicationWriteModel(ctx, projectID, appID, resourceOwner) existingApp, err := c.getApplicationWriteModel(ctx, projectID, appID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
@@ -73,16 +73,16 @@ func (r *CommandSide) ReactivateApplication(ctx context.Context, projectID, appI
} }
projectAgg := ProjectAggregateFromWriteModel(&existingApp.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&existingApp.WriteModel)
_, err = r.eventstore.PushEvents(ctx, project.NewApplicationReactivatedEvent(ctx, projectAgg, appID)) _, err = c.eventstore.PushEvents(ctx, project.NewApplicationReactivatedEvent(ctx, projectAgg, appID))
return err return err
} }
func (r *CommandSide) RemoveApplication(ctx context.Context, projectID, appID, resourceOwner string) error { func (c *Commands) RemoveApplication(ctx context.Context, projectID, appID, resourceOwner string) error {
if projectID == "" || appID == "" { if projectID == "" || appID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-1b7Jf", "Errors.IDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-1b7Jf", "Errors.IDMissing")
} }
existingApp, err := r.getApplicationWriteModel(ctx, projectID, appID, resourceOwner) existingApp, err := c.getApplicationWriteModel(ctx, projectID, appID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
@@ -91,13 +91,13 @@ func (r *CommandSide) RemoveApplication(ctx context.Context, projectID, appID, r
} }
projectAgg := ProjectAggregateFromWriteModel(&existingApp.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&existingApp.WriteModel)
_, err = r.eventstore.PushEvents(ctx, project.NewApplicationRemovedEvent(ctx, projectAgg, appID, existingApp.Name, projectID)) _, err = c.eventstore.PushEvents(ctx, project.NewApplicationRemovedEvent(ctx, projectAgg, appID, existingApp.Name, projectID))
return err return err
} }
func (r *CommandSide) getApplicationWriteModel(ctx context.Context, projectID, appID, resourceOwner string) (*ApplicationWriteModel, error) { func (c *Commands) getApplicationWriteModel(ctx context.Context, projectID, appID, resourceOwner string) (*ApplicationWriteModel, error) {
appWriteModel := NewApplicationWriteModelWithAppIDC(projectID, appID, resourceOwner) appWriteModel := NewApplicationWriteModelWithAppIDC(projectID, appID, resourceOwner)
err := r.eventstore.FilterToQueryReducer(ctx, appWriteModel) err := c.eventstore.FilterToQueryReducer(ctx, appWriteModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

34
internal/command/project_application_api.go
View File

@@ -8,19 +8,19 @@ import (
"github.com/caos/zitadel/internal/repository/project" "github.com/caos/zitadel/internal/repository/project"
) )
func (r *CommandSide) AddAPIApplication(ctx context.Context, application *domain.APIApp, resourceOwner string) (_ *domain.APIApp, err error) { func (c *Commands) AddAPIApplication(ctx context.Context, application *domain.APIApp, resourceOwner string) (_ *domain.APIApp, err error) {
project, err := r.getProjectByID(ctx, application.AggregateID, resourceOwner) project, err := c.getProjectByID(ctx, application.AggregateID, resourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
addedApplication := NewAPIApplicationWriteModel(application.AggregateID, resourceOwner) addedApplication := NewAPIApplicationWriteModel(application.AggregateID, resourceOwner)
projectAgg := ProjectAggregateFromWriteModel(&addedApplication.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&addedApplication.WriteModel)
events, stringPw, err := r.addAPIApplication(ctx, projectAgg, project, application, resourceOwner) events, stringPw, err := c.addAPIApplication(ctx, projectAgg, project, application, resourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
addedApplication.AppID = application.AppID addedApplication.AppID = application.AppID
pushedEvents, err := r.eventstore.PushEvents(ctx, events...) pushedEvents, err := c.eventstore.PushEvents(ctx, events...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -33,11 +33,11 @@ func (r *CommandSide) AddAPIApplication(ctx context.Context, application *domain
return result, nil return result, nil
} }
func (r *CommandSide) addAPIApplication(ctx context.Context, projectAgg *eventstore.Aggregate, proj *domain.Project, apiAppApp *domain.APIApp, resourceOwner string) (events []eventstore.EventPusher, stringPW string, err error) { func (c *Commands) addAPIApplication(ctx context.Context, projectAgg *eventstore.Aggregate, proj *domain.Project, apiAppApp *domain.APIApp, resourceOwner string) (events []eventstore.EventPusher, stringPW string, err error) {
if !apiAppApp.IsValid() { if !apiAppApp.IsValid() {
return nil, "", caos_errs.ThrowPreconditionFailed(nil, "PROJECT-Bff2g", "Errors.Application.Invalid") return nil, "", caos_errs.ThrowPreconditionFailed(nil, "PROJECT-Bff2g", "Errors.Application.Invalid")
} }
apiAppApp.AppID, err = r.idGenerator.Next() apiAppApp.AppID, err = c.idGenerator.Next()
if err != nil { if err != nil {
return nil, "", err return nil, "", err
} }
@@ -47,11 +47,11 @@ func (r *CommandSide) addAPIApplication(ctx context.Context, projectAgg *eventst
} }
var stringPw string var stringPw string
err = domain.SetNewClientID(apiAppApp, r.idGenerator, proj) err = domain.SetNewClientID(apiAppApp, c.idGenerator, proj)
if err != nil { if err != nil {
return nil, "", err return nil, "", err
} }
stringPw, err = domain.SetNewClientSecretIfNeeded(apiAppApp, r.applicationSecretGenerator) stringPw, err = domain.SetNewClientSecretIfNeeded(apiAppApp, c.applicationSecretGenerator)
if err != nil { if err != nil {
return nil, "", err return nil, "", err
} }
@@ -65,12 +65,12 @@ func (r *CommandSide) addAPIApplication(ctx context.Context, projectAgg *eventst
return events, stringPw, nil return events, stringPw, nil
} }
func (r *CommandSide) ChangeAPIApplication(ctx context.Context, apiApp *domain.APIApp, resourceOwner string) (*domain.APIApp, error) { func (c *Commands) ChangeAPIApplication(ctx context.Context, apiApp *domain.APIApp, resourceOwner string) (*domain.APIApp, error) {
if !apiApp.IsValid() { if !apiApp.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-1m900", "Errors.Project.App.APIConfigInvalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-1m900", "Errors.Project.App.APIConfigInvalid")
} }
existingAPI, err := r.getAPIAppWriteModel(ctx, apiApp.AggregateID, apiApp.AppID, resourceOwner) existingAPI, err := c.getAPIAppWriteModel(ctx, apiApp.AggregateID, apiApp.AppID, resourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -90,7 +90,7 @@ func (r *CommandSide) ChangeAPIApplication(ctx context.Context, apiApp *domain.A
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-1m88i", "Errors.NoChangesFound") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-1m88i", "Errors.NoChangesFound")
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent) pushedEvents, err := c.eventstore.PushEvents(ctx, changedEvent)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -103,26 +103,26 @@ func (r *CommandSide) ChangeAPIApplication(ctx context.Context, apiApp *domain.A
return result, nil return result, nil
} }
func (r *CommandSide) ChangeAPIApplicationSecret(ctx context.Context, projectID, appID, resourceOwner string) (*domain.APIApp, error) { func (c *Commands) ChangeAPIApplicationSecret(ctx context.Context, projectID, appID, resourceOwner string) (*domain.APIApp, error) {
if projectID == "" || appID == "" { if projectID == "" || appID == "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-99i83", "Errors.IDMissing") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-99i83", "Errors.IDMissing")
} }
existingAPI, err := r.getAPIAppWriteModel(ctx, projectID, appID, resourceOwner) existingAPI, err := c.getAPIAppWriteModel(ctx, projectID, appID, resourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
if existingAPI.State == domain.AppStateUnspecified || existingAPI.State == domain.AppStateRemoved { if existingAPI.State == domain.AppStateUnspecified || existingAPI.State == domain.AppStateRemoved {
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-2g66f", "Errors.Project.App.NotExisting") return nil, caos_errs.ThrowNotFound(nil, "COMMAND-2g66f", "Errors.Project.App.NotExisting")
} }
cryptoSecret, stringPW, err := domain.NewClientSecret(r.applicationSecretGenerator) cryptoSecret, stringPW, err := domain.NewClientSecret(c.applicationSecretGenerator)
if err != nil { if err != nil {
return nil, err return nil, err
} }
projectAgg := ProjectAggregateFromWriteModel(&existingAPI.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&existingAPI.WriteModel)
pushedEvents, err := r.eventstore.PushEvents(ctx, project.NewAPIConfigSecretChangedEvent(ctx, projectAgg, appID, cryptoSecret)) pushedEvents, err := c.eventstore.PushEvents(ctx, project.NewAPIConfigSecretChangedEvent(ctx, projectAgg, appID, cryptoSecret))
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -135,9 +135,9 @@ func (r *CommandSide) ChangeAPIApplicationSecret(ctx context.Context, projectID,
result.ClientSecretString = stringPW result.ClientSecretString = stringPW
return result, err return result, err
} }
func (r *CommandSide) getAPIAppWriteModel(ctx context.Context, projectID, appID, resourceOwner string) (*APIApplicationWriteModel, error) { func (c *Commands) getAPIAppWriteModel(ctx context.Context, projectID, appID, resourceOwner string) (*APIApplicationWriteModel, error) {
appWriteModel := NewAPIApplicationWriteModelWithAppID(projectID, appID, resourceOwner) appWriteModel := NewAPIApplicationWriteModelWithAppID(projectID, appID, resourceOwner)
err := r.eventstore.FilterToQueryReducer(ctx, appWriteModel) err := c.eventstore.FilterToQueryReducer(ctx, appWriteModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

18
internal/command/project_application_key.go
View File

@@ -8,20 +8,20 @@ import (
"github.com/caos/zitadel/internal/repository/project" "github.com/caos/zitadel/internal/repository/project"
) )
func (r *CommandSide) AddApplicationKey(ctx context.Context, key *domain.ApplicationKey, resourceOwner string) (_ *domain.ApplicationKey, err error) { func (c *Commands) AddApplicationKey(ctx context.Context, key *domain.ApplicationKey, resourceOwner string) (_ *domain.ApplicationKey, err error) {
application, err := r.getApplicationWriteModel(ctx, key.AggregateID, key.ApplicationID, resourceOwner) application, err := c.getApplicationWriteModel(ctx, key.AggregateID, key.ApplicationID, resourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
if !application.State.Exists() { if !application.State.Exists() {
return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-sak25", "Errors.Application.NotFound") return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-sak25", "Errors.Application.NotFound")
} }
key.KeyID, err = r.idGenerator.Next() key.KeyID, err = c.idGenerator.Next()
if err != nil { if err != nil {
return nil, err return nil, err
} }
keyWriteModel := NewApplicationKeyWriteModel(key.AggregateID, key.ApplicationID, key.KeyID, resourceOwner) keyWriteModel := NewApplicationKeyWriteModel(key.AggregateID, key.ApplicationID, key.KeyID, resourceOwner)
err = r.eventstore.FilterToQueryReducer(ctx, keyWriteModel) err = c.eventstore.FilterToQueryReducer(ctx, keyWriteModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -34,13 +34,13 @@ func (r *CommandSide) AddApplicationKey(ctx context.Context, key *domain.Applica
return nil, err return nil, err
} }
err = domain.SetNewAuthNKeyPair(key, r.applicationKeySize) err = domain.SetNewAuthNKeyPair(key, c.applicationKeySize)
if err != nil { if err != nil {
return nil, err return nil, err
} }
key.ClientID = keyWriteModel.ClientID key.ClientID = keyWriteModel.ClientID
pushedEvents, err := r.eventstore.PushEvents(ctx, pushedEvents, err := c.eventstore.PushEvents(ctx,
project.NewApplicationKeyAddedEvent( project.NewApplicationKeyAddedEvent(
ctx, ctx,
ProjectAggregateFromWriteModel(&keyWriteModel.WriteModel), ProjectAggregateFromWriteModel(&keyWriteModel.WriteModel),
@@ -62,9 +62,9 @@ func (r *CommandSide) AddApplicationKey(ctx context.Context, key *domain.Applica
return result, nil return result, nil
} }
func (r *CommandSide) RemoveApplicationKey(ctx context.Context, projectID, applicationID, keyID, resourceOwner string) error { func (c *Commands) RemoveApplicationKey(ctx context.Context, projectID, applicationID, keyID, resourceOwner string) error {
keyWriteModel := NewApplicationKeyWriteModel(projectID, applicationID, keyID, resourceOwner) keyWriteModel := NewApplicationKeyWriteModel(projectID, applicationID, keyID, resourceOwner)
err := r.eventstore.FilterToQueryReducer(ctx, keyWriteModel) err := c.eventstore.FilterToQueryReducer(ctx, keyWriteModel)
if err != nil { if err != nil {
return err return err
} }
@@ -72,6 +72,6 @@ func (r *CommandSide) RemoveApplicationKey(ctx context.Context, projectID, appli
return errors.ThrowNotFound(nil, "COMMAND-4m77G", "Errors.Application.Key.NotFound") return errors.ThrowNotFound(nil, "COMMAND-4m77G", "Errors.Application.Key.NotFound")
} }
_, err = r.eventstore.PushEvents(ctx, project.NewApplicationKeyRemovedEvent(ctx, ProjectAggregateFromWriteModel(&keyWriteModel.WriteModel), keyID)) _, err = c.eventstore.PushEvents(ctx, project.NewApplicationKeyRemovedEvent(ctx, ProjectAggregateFromWriteModel(&keyWriteModel.WriteModel), keyID))
return err return err
} }

44
internal/command/project_application_oidc.go
View File

@@ -13,19 +13,19 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
) )
func (r *CommandSide) AddOIDCApplication(ctx context.Context, application *domain.OIDCApp, resourceOwner string) (_ *domain.OIDCApp, err error) { func (c *Commands) AddOIDCApplication(ctx context.Context, application *domain.OIDCApp, resourceOwner string) (_ *domain.OIDCApp, err error) {
project, err := r.getProjectByID(ctx, application.AggregateID, resourceOwner) project, err := c.getProjectByID(ctx, application.AggregateID, resourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
addedApplication := NewOIDCApplicationWriteModel(application.AggregateID, resourceOwner) addedApplication := NewOIDCApplicationWriteModel(application.AggregateID, resourceOwner)
projectAgg := ProjectAggregateFromWriteModel(&addedApplication.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&addedApplication.WriteModel)
events, stringPw, err := r.addOIDCApplication(ctx, projectAgg, project, application, resourceOwner) events, stringPw, err := c.addOIDCApplication(ctx, projectAgg, project, application, resourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
addedApplication.AppID = application.AppID addedApplication.AppID = application.AppID
pushedEvents, err := r.eventstore.PushEvents(ctx, events...) pushedEvents, err := c.eventstore.PushEvents(ctx, events...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -39,11 +39,11 @@ func (r *CommandSide) AddOIDCApplication(ctx context.Context, application *domai
return result, nil return result, nil
} }
func (r *CommandSide) addOIDCApplication(ctx context.Context, projectAgg *eventstore.Aggregate, proj *domain.Project, oidcApp *domain.OIDCApp, resourceOwner string) (events []eventstore.EventPusher, stringPW string, err error) { func (c *Commands) addOIDCApplication(ctx context.Context, projectAgg *eventstore.Aggregate, proj *domain.Project, oidcApp *domain.OIDCApp, resourceOwner string) (events []eventstore.EventPusher, stringPW string, err error) {
if !oidcApp.IsValid() { if !oidcApp.IsValid() {
return nil, "", caos_errs.ThrowPreconditionFailed(nil, "PROJECT-Bff2g", "Errors.Application.Invalid") return nil, "", caos_errs.ThrowPreconditionFailed(nil, "PROJECT-Bff2g", "Errors.Application.Invalid")
} }
oidcApp.AppID, err = r.idGenerator.Next() oidcApp.AppID, err = c.idGenerator.Next()
if err != nil { if err != nil {
return nil, "", err return nil, "", err
} }
@@ -53,11 +53,11 @@ func (r *CommandSide) addOIDCApplication(ctx context.Context, projectAgg *events
} }
var stringPw string var stringPw string
err = domain.SetNewClientID(oidcApp, r.idGenerator, proj) err = domain.SetNewClientID(oidcApp, c.idGenerator, proj)
if err != nil { if err != nil {
return nil, "", err return nil, "", err
} }
stringPw, err = domain.SetNewClientSecretIfNeeded(oidcApp, r.applicationSecretGenerator) stringPw, err = domain.SetNewClientSecretIfNeeded(oidcApp, c.applicationSecretGenerator)
if err != nil { if err != nil {
return nil, "", err return nil, "", err
} }
@@ -83,12 +83,12 @@ func (r *CommandSide) addOIDCApplication(ctx context.Context, projectAgg *events
return events, stringPw, nil return events, stringPw, nil
} }
func (r *CommandSide) ChangeOIDCApplication(ctx context.Context, oidc *domain.OIDCApp, resourceOwner string) (*domain.OIDCApp, error) { func (c *Commands) ChangeOIDCApplication(ctx context.Context, oidc *domain.OIDCApp, resourceOwner string) (*domain.OIDCApp, error) {
if !oidc.IsValid() { if !oidc.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-1m900", "Errors.Project.App.OIDCConfigInvalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-1m900", "Errors.Project.App.OIDCConfigInvalid")
} }
existingOIDC, err := r.getOIDCAppWriteModel(ctx, oidc.AggregateID, oidc.AppID, resourceOwner) existingOIDC, err := c.getOIDCAppWriteModel(ctx, oidc.AggregateID, oidc.AppID, resourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -120,7 +120,7 @@ func (r *CommandSide) ChangeOIDCApplication(ctx context.Context, oidc *domain.OI
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-1m88i", "Errors.NoChangesFound") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-1m88i", "Errors.NoChangesFound")
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent) pushedEvents, err := c.eventstore.PushEvents(ctx, changedEvent)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -134,26 +134,26 @@ func (r *CommandSide) ChangeOIDCApplication(ctx context.Context, oidc *domain.OI
return result, nil return result, nil
} }
func (r *CommandSide) ChangeOIDCApplicationSecret(ctx context.Context, projectID, appID, resourceOwner string) (*domain.OIDCApp, error) { func (c *Commands) ChangeOIDCApplicationSecret(ctx context.Context, projectID, appID, resourceOwner string) (*domain.OIDCApp, error) {
if projectID == "" || appID == "" { if projectID == "" || appID == "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-99i83", "Errors.IDMissing") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-99i83", "Errors.IDMissing")
} }
existingOIDC, err := r.getOIDCAppWriteModel(ctx, projectID, appID, resourceOwner) existingOIDC, err := c.getOIDCAppWriteModel(ctx, projectID, appID, resourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
if existingOIDC.State == domain.AppStateUnspecified || existingOIDC.State == domain.AppStateRemoved { if existingOIDC.State == domain.AppStateUnspecified || existingOIDC.State == domain.AppStateRemoved {
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-2g66f", "Errors.Project.App.NotExisting") return nil, caos_errs.ThrowNotFound(nil, "COMMAND-2g66f", "Errors.Project.App.NotExisting")
} }
cryptoSecret, stringPW, err := domain.NewClientSecret(r.applicationSecretGenerator) cryptoSecret, stringPW, err := domain.NewClientSecret(c.applicationSecretGenerator)
if err != nil { if err != nil {
return nil, err return nil, err
} }
projectAgg := ProjectAggregateFromWriteModel(&existingOIDC.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&existingOIDC.WriteModel)
pushedEvents, err := r.eventstore.PushEvents(ctx, project.NewOIDCConfigSecretChangedEvent(ctx, projectAgg, appID, cryptoSecret)) pushedEvents, err := c.eventstore.PushEvents(ctx, project.NewOIDCConfigSecretChangedEvent(ctx, projectAgg, appID, cryptoSecret))
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -167,8 +167,8 @@ func (r *CommandSide) ChangeOIDCApplicationSecret(ctx context.Context, projectID
return result, err return result, err
} }
func (r *CommandSide) VerifyOIDCClientSecret(ctx context.Context, projectID, appID, secret string) error { func (c *Commands) VerifyOIDCClientSecret(ctx context.Context, projectID, appID, secret string) error {
app, err := r.getOIDCAppWriteModel(ctx, projectID, appID, "") app, err := c.getOIDCAppWriteModel(ctx, projectID, appID, "")
if err != nil { if err != nil {
return err return err
} }
@@ -181,20 +181,20 @@ func (r *CommandSide) VerifyOIDCClientSecret(ctx context.Context, projectID, app
projectAgg := ProjectAggregateFromWriteModel(&app.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&app.WriteModel)
ctx, spanPasswordComparison := tracing.NewNamedSpan(ctx, "crypto.CompareHash") ctx, spanPasswordComparison := tracing.NewNamedSpan(ctx, "crypto.CompareHash")
err = crypto.CompareHash(app.ClientSecret, []byte(secret), r.userPasswordAlg) err = crypto.CompareHash(app.ClientSecret, []byte(secret), c.userPasswordAlg)
spanPasswordComparison.EndWithError(err) spanPasswordComparison.EndWithError(err)
if err == nil { if err == nil {
_, err = r.eventstore.PushEvents(ctx, project.NewOIDCConfigSecretCheckSucceededEvent(ctx, projectAgg, app.AppID)) _, err = c.eventstore.PushEvents(ctx, project.NewOIDCConfigSecretCheckSucceededEvent(ctx, projectAgg, app.AppID))
return err return err
} }
_, err = r.eventstore.PushEvents(ctx, project.NewOIDCConfigSecretCheckFailedEvent(ctx, projectAgg, app.AppID)) _, err = c.eventstore.PushEvents(ctx, project.NewOIDCConfigSecretCheckFailedEvent(ctx, projectAgg, app.AppID))
logging.Log("COMMAND-ADfhz").OnError(err).Error("could not push event OIDCClientSecretCheckFailed") logging.Log("COMMAND-ADfhz").OnError(err).Error("could not push event OIDCClientSecretCheckFailed")
return caos_errs.ThrowInvalidArgument(nil, "COMMAND-Bz542", "Errors.Project.App.OIDCSecretInvalid") return caos_errs.ThrowInvalidArgument(nil, "COMMAND-Bz542", "Errors.Project.App.OIDCSecretInvalid")
} }
func (r *CommandSide) getOIDCAppWriteModel(ctx context.Context, projectID, appID, resourceOwner string) (*OIDCApplicationWriteModel, error) { func (c *Commands) getOIDCAppWriteModel(ctx context.Context, projectID, appID, resourceOwner string) (*OIDCApplicationWriteModel, error) {
appWriteModel := NewOIDCApplicationWriteModelWithAppID(projectID, appID, resourceOwner) appWriteModel := NewOIDCApplicationWriteModelWithAppID(projectID, appID, resourceOwner)
err := r.eventstore.FilterToQueryReducer(ctx, appWriteModel) err := c.eventstore.FilterToQueryReducer(ctx, appWriteModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

56
internal/command/project_grant.go
View File

@@ -11,25 +11,25 @@ import (
"reflect" "reflect"
) )
func (r *CommandSide) AddProjectGrant(ctx context.Context, grant *domain.ProjectGrant, resourceOwner string) (_ *domain.ProjectGrant, err error) { func (c *Commands) AddProjectGrant(ctx context.Context, grant *domain.ProjectGrant, resourceOwner string) (_ *domain.ProjectGrant, err error) {
if !grant.IsValid() { if !grant.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-Bff2g", "Errors.Project.Grant.Invalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-Bff2g", "Errors.Project.Grant.Invalid")
} }
grant.GrantID, err = r.idGenerator.Next() grant.GrantID, err = c.idGenerator.Next()
if err != nil { if err != nil {
return nil, err return nil, err
} }
err = r.checkProjectExists(ctx, grant.AggregateID, resourceOwner) err = c.checkProjectExists(ctx, grant.AggregateID, resourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
err = r.checkOrgExists(ctx, grant.GrantedOrgID) err = c.checkOrgExists(ctx, grant.GrantedOrgID)
if err != nil { if err != nil {
return nil, err return nil, err
} }
addedGrant := NewProjectGrantWriteModel(grant.GrantID, grant.AggregateID, resourceOwner) addedGrant := NewProjectGrantWriteModel(grant.GrantID, grant.AggregateID, resourceOwner)
projectAgg := ProjectAggregateFromWriteModel(&addedGrant.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&addedGrant.WriteModel)
pushedEvents, err := r.eventstore.PushEvents( pushedEvents, err := c.eventstore.PushEvents(
ctx, ctx,
project.NewGrantAddedEvent(ctx, projectAgg, grant.GrantID, grant.GrantedOrgID, grant.AggregateID, grant.RoleKeys)) project.NewGrantAddedEvent(ctx, projectAgg, grant.GrantID, grant.GrantedOrgID, grant.AggregateID, grant.RoleKeys))
if err != nil { if err != nil {
@@ -42,15 +42,15 @@ func (r *CommandSide) AddProjectGrant(ctx context.Context, grant *domain.Project
return projectGrantWriteModelToProjectGrant(addedGrant), nil return projectGrantWriteModelToProjectGrant(addedGrant), nil
} }
func (r *CommandSide) ChangeProjectGrant(ctx context.Context, grant *domain.ProjectGrant, resourceOwner string, cascadeUserGrantIDs ...string) (_ *domain.ProjectGrant, err error) { func (c *Commands) ChangeProjectGrant(ctx context.Context, grant *domain.ProjectGrant, resourceOwner string, cascadeUserGrantIDs ...string) (_ *domain.ProjectGrant, err error) {
if grant.GrantID == "" { if grant.GrantID == "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-1j83s", "Errors.IDMissing") return nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-1j83s", "Errors.IDMissing")
} }
err = r.checkProjectExists(ctx, grant.AggregateID, resourceOwner) err = c.checkProjectExists(ctx, grant.AggregateID, resourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
existingGrant, err := r.projectGrantWriteModelByID(ctx, grant.GrantID, grant.AggregateID, resourceOwner) existingGrant, err := c.projectGrantWriteModelByID(ctx, grant.GrantID, grant.AggregateID, resourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -66,7 +66,7 @@ func (r *CommandSide) ChangeProjectGrant(ctx context.Context, grant *domain.Proj
removedRoles := domain.GetRemovedRoles(existingGrant.RoleKeys, grant.RoleKeys) removedRoles := domain.GetRemovedRoles(existingGrant.RoleKeys, grant.RoleKeys)
if len(removedRoles) == 0 { if len(removedRoles) == 0 {
pushedEvents, err := r.eventstore.PushEvents(ctx, events...) pushedEvents, err := c.eventstore.PushEvents(ctx, events...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -78,13 +78,13 @@ func (r *CommandSide) ChangeProjectGrant(ctx context.Context, grant *domain.Proj
} }
for _, userGrantID := range cascadeUserGrantIDs { for _, userGrantID := range cascadeUserGrantIDs {
event, err := r.removeRoleFromUserGrant(ctx, userGrantID, removedRoles, true) event, err := c.removeRoleFromUserGrant(ctx, userGrantID, removedRoles, true)
if err != nil { if err != nil {
continue continue
} }
events = append(events, event) events = append(events, event)
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, events...) pushedEvents, err := c.eventstore.PushEvents(ctx, events...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -95,8 +95,8 @@ func (r *CommandSide) ChangeProjectGrant(ctx context.Context, grant *domain.Proj
return projectGrantWriteModelToProjectGrant(existingGrant), nil return projectGrantWriteModelToProjectGrant(existingGrant), nil
} }
func (r *CommandSide) removeRoleFromProjectGrant(ctx context.Context, projectAgg *eventstore.Aggregate, projectID, projectGrantID, roleKey string, cascade bool) (_ eventstore.EventPusher, _ *ProjectGrantWriteModel, err error) { func (c *Commands) removeRoleFromProjectGrant(ctx context.Context, projectAgg *eventstore.Aggregate, projectID, projectGrantID, roleKey string, cascade bool) (_ eventstore.EventPusher, _ *ProjectGrantWriteModel, err error) {
existingProjectGrant, err := r.projectGrantWriteModelByID(ctx, projectID, projectGrantID, "") existingProjectGrant, err := c.projectGrantWriteModelByID(ctx, projectID, projectGrantID, "")
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
@@ -125,15 +125,15 @@ func (r *CommandSide) removeRoleFromProjectGrant(ctx context.Context, projectAgg
return project.NewGrantChangedEvent(ctx, projectAgg, projectGrantID, existingProjectGrant.RoleKeys), changedProjectGrant, nil return project.NewGrantChangedEvent(ctx, projectAgg, projectGrantID, existingProjectGrant.RoleKeys), changedProjectGrant, nil
} }
func (r *CommandSide) DeactivateProjectGrant(ctx context.Context, projectID, grantID, resourceOwner string) (err error) { func (c *Commands) DeactivateProjectGrant(ctx context.Context, projectID, grantID, resourceOwner string) (err error) {
if grantID == "" || projectID == "" { if grantID == "" || projectID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "PROJECT-p0s4V", "Errors.IDMissing") return caos_errs.ThrowPreconditionFailed(nil, "PROJECT-p0s4V", "Errors.IDMissing")
} }
err = r.checkProjectExists(ctx, projectID, resourceOwner) err = c.checkProjectExists(ctx, projectID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
existingGrant, err := r.projectGrantWriteModelByID(ctx, grantID, projectID, resourceOwner) existingGrant, err := c.projectGrantWriteModelByID(ctx, grantID, projectID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
@@ -142,19 +142,19 @@ func (r *CommandSide) DeactivateProjectGrant(ctx context.Context, projectID, gra
} }
projectAgg := ProjectAggregateFromWriteModel(&existingGrant.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&existingGrant.WriteModel)
_, err = r.eventstore.PushEvents(ctx, project.NewGrantDeactivateEvent(ctx, projectAgg, grantID)) _, err = c.eventstore.PushEvents(ctx, project.NewGrantDeactivateEvent(ctx, projectAgg, grantID))
return err return err
} }
func (r *CommandSide) ReactivateProjectGrant(ctx context.Context, projectID, grantID, resourceOwner string) (err error) { func (c *Commands) ReactivateProjectGrant(ctx context.Context, projectID, grantID, resourceOwner string) (err error) {
if grantID == "" || projectID == "" { if grantID == "" || projectID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "PROJECT-p0s4V", "Errors.IDMissing") return caos_errs.ThrowPreconditionFailed(nil, "PROJECT-p0s4V", "Errors.IDMissing")
} }
err = r.checkProjectExists(ctx, projectID, resourceOwner) err = c.checkProjectExists(ctx, projectID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
existingGrant, err := r.projectGrantWriteModelByID(ctx, grantID, projectID, resourceOwner) existingGrant, err := c.projectGrantWriteModelByID(ctx, grantID, projectID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
@@ -162,19 +162,19 @@ func (r *CommandSide) ReactivateProjectGrant(ctx context.Context, projectID, gra
return caos_errs.ThrowPreconditionFailed(nil, "PROJECT-47fu8", "Errors.Project.Grant.NotInactive") return caos_errs.ThrowPreconditionFailed(nil, "PROJECT-47fu8", "Errors.Project.Grant.NotInactive")
} }
projectAgg := ProjectAggregateFromWriteModel(&existingGrant.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&existingGrant.WriteModel)
_, err = r.eventstore.PushEvents(ctx, project.NewGrantReactivatedEvent(ctx, projectAgg, grantID)) _, err = c.eventstore.PushEvents(ctx, project.NewGrantReactivatedEvent(ctx, projectAgg, grantID))
return err return err
} }
func (r *CommandSide) RemoveProjectGrant(ctx context.Context, projectID, grantID, resourceOwner string, cascadeUserGrantIDs ...string) (err error) { func (c *Commands) RemoveProjectGrant(ctx context.Context, projectID, grantID, resourceOwner string, cascadeUserGrantIDs ...string) (err error) {
if grantID == "" || projectID == "" { if grantID == "" || projectID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "PROJECT-1m9fJ", "Errors.IDMissing") return caos_errs.ThrowPreconditionFailed(nil, "PROJECT-1m9fJ", "Errors.IDMissing")
} }
err = r.checkProjectExists(ctx, projectID, resourceOwner) err = c.checkProjectExists(ctx, projectID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
existingGrant, err := r.projectGrantWriteModelByID(ctx, grantID, projectID, resourceOwner) existingGrant, err := c.projectGrantWriteModelByID(ctx, grantID, projectID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
@@ -183,23 +183,23 @@ func (r *CommandSide) RemoveProjectGrant(ctx context.Context, projectID, grantID
events = append(events, project.NewGrantRemovedEvent(ctx, projectAgg, grantID, existingGrant.GrantedOrgID, projectID)) events = append(events, project.NewGrantRemovedEvent(ctx, projectAgg, grantID, existingGrant.GrantedOrgID, projectID))
for _, userGrantID := range cascadeUserGrantIDs { for _, userGrantID := range cascadeUserGrantIDs {
event, err := r.removeUserGrant(ctx, userGrantID, "", true) event, err := c.removeUserGrant(ctx, userGrantID, "", true)
if err != nil { if err != nil {
logging.LogWithFields("COMMAND-3m8sG", "usergrantid", grantID).WithError(err).Warn("could not cascade remove user grant") logging.LogWithFields("COMMAND-3m8sG", "usergrantid", grantID).WithError(err).Warn("could not cascade remove user grant")
continue continue
} }
events = append(events, event) events = append(events, event)
} }
_, err = r.eventstore.PushEvents(ctx, events...) _, err = c.eventstore.PushEvents(ctx, events...)
return err return err
} }
func (r *CommandSide) projectGrantWriteModelByID(ctx context.Context, grantID, projectID, resourceOwner string) (member *ProjectGrantWriteModel, err error) { func (c *Commands) projectGrantWriteModelByID(ctx context.Context, grantID, projectID, resourceOwner string) (member *ProjectGrantWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
writeModel := NewProjectGrantWriteModel(grantID, projectID, resourceOwner) writeModel := NewProjectGrantWriteModel(grantID, projectID, resourceOwner)
err = r.eventstore.FilterToQueryReducer(ctx, writeModel) err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

24
internal/command/project_grant_member.go
View File

@@ -11,16 +11,16 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
) )
func (r *CommandSide) AddProjectGrantMember(ctx context.Context, member *domain.ProjectGrantMember, resourceOwner string) (*domain.ProjectGrantMember, error) { func (c *Commands) AddProjectGrantMember(ctx context.Context, member *domain.ProjectGrantMember, resourceOwner string) (*domain.ProjectGrantMember, error) {
if !member.IsValid() { if !member.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-8fi7G", "Errors.Project.Member.Invalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-8fi7G", "Errors.Project.Member.Invalid")
} }
err := r.checkUserExists(ctx, member.UserID, "") err := c.checkUserExists(ctx, member.UserID, "")
if err != nil { if err != nil {
return nil, err return nil, err
} }
addedMember := NewProjectGrantMemberWriteModel(member.AggregateID, member.UserID, member.GrantID) addedMember := NewProjectGrantMemberWriteModel(member.AggregateID, member.UserID, member.GrantID)
err = r.eventstore.FilterToQueryReducer(ctx, addedMember) err = c.eventstore.FilterToQueryReducer(ctx, addedMember)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -28,7 +28,7 @@ func (r *CommandSide) AddProjectGrantMember(ctx context.Context, member *domain.
return nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-16dVN", "Errors.Project.Member.AlreadyExists") return nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-16dVN", "Errors.Project.Member.AlreadyExists")
} }
projectAgg := ProjectAggregateFromWriteModel(&addedMember.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&addedMember.WriteModel)
pushedEvents, err := r.eventstore.PushEvents( pushedEvents, err := c.eventstore.PushEvents(
ctx, ctx,
project.NewProjectGrantMemberAddedEvent(ctx, projectAgg, member.AggregateID, member.UserID, member.GrantID, member.Roles...)) project.NewProjectGrantMemberAddedEvent(ctx, projectAgg, member.AggregateID, member.UserID, member.GrantID, member.Roles...))
if err != nil { if err != nil {
@@ -43,14 +43,14 @@ func (r *CommandSide) AddProjectGrantMember(ctx context.Context, member *domain.
} }
//ChangeProjectGrantMember updates an existing member //ChangeProjectGrantMember updates an existing member
func (r *CommandSide) ChangeProjectGrantMember(ctx context.Context, member *domain.ProjectGrantMember, resourceOwner string) (*domain.ProjectGrantMember, error) { func (c *Commands) ChangeProjectGrantMember(ctx context.Context, member *domain.ProjectGrantMember, resourceOwner string) (*domain.ProjectGrantMember, error) {
//TODO: check if roles valid //TODO: check if roles valid
if !member.IsValid() { if !member.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-109fs", "Errors.Project.Member.Invalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-109fs", "Errors.Project.Member.Invalid")
} }
existingMember, err := r.projectGrantMemberWriteModelByID(ctx, member.AggregateID, member.UserID, member.GrantID) existingMember, err := c.projectGrantMemberWriteModelByID(ctx, member.AggregateID, member.UserID, member.GrantID)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -59,7 +59,7 @@ func (r *CommandSide) ChangeProjectGrantMember(ctx context.Context, member *doma
return nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-2n8vx", "Errors.Project.Member.RolesNotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-2n8vx", "Errors.Project.Member.RolesNotChanged")
} }
projectAgg := ProjectAggregateFromWriteModel(&existingMember.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&existingMember.WriteModel)
pushedEvents, err := r.eventstore.PushEvents( pushedEvents, err := c.eventstore.PushEvents(
ctx, ctx,
project.NewProjectGrantMemberChangedEvent(ctx, projectAgg, member.UserID, member.GrantID, member.Roles...)) project.NewProjectGrantMemberChangedEvent(ctx, projectAgg, member.UserID, member.GrantID, member.Roles...))
if err != nil { if err != nil {
@@ -73,23 +73,23 @@ func (r *CommandSide) ChangeProjectGrantMember(ctx context.Context, member *doma
return memberWriteModelToProjectGrantMember(existingMember), nil return memberWriteModelToProjectGrantMember(existingMember), nil
} }
func (r *CommandSide) RemoveProjectGrantMember(ctx context.Context, projectID, userID, grantID, resourceOwner string) error { func (c *Commands) RemoveProjectGrantMember(ctx context.Context, projectID, userID, grantID, resourceOwner string) error {
m, err := r.projectGrantMemberWriteModelByID(ctx, projectID, userID, grantID) m, err := c.projectGrantMemberWriteModelByID(ctx, projectID, userID, grantID)
if err != nil { if err != nil {
return err return err
} }
projectAgg := ProjectAggregateFromWriteModel(&m.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&m.WriteModel)
_, err = r.eventstore.PushEvents(ctx, project.NewProjectGrantMemberRemovedEvent(ctx, projectAgg, projectID, userID, grantID)) _, err = c.eventstore.PushEvents(ctx, project.NewProjectGrantMemberRemovedEvent(ctx, projectAgg, projectID, userID, grantID))
return err return err
} }
func (r *CommandSide) projectGrantMemberWriteModelByID(ctx context.Context, projectID, userID, grantID string) (member *ProjectGrantMemberWriteModel, err error) { func (c *Commands) projectGrantMemberWriteModelByID(ctx context.Context, projectID, userID, grantID string) (member *ProjectGrantMemberWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
writeModel := NewProjectGrantMemberWriteModel(projectID, userID, grantID) writeModel := NewProjectGrantMemberWriteModel(projectID, userID, grantID)
err = r.eventstore.FilterToQueryReducer(ctx, writeModel) err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

28
internal/command/project_member.go
View File

@@ -12,15 +12,15 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
) )
func (r *CommandSide) AddProjectMember(ctx context.Context, member *domain.Member, resourceOwner string) (*domain.Member, error) { func (c *Commands) AddProjectMember(ctx context.Context, member *domain.Member, resourceOwner string) (*domain.Member, error) {
addedMember := NewProjectMemberWriteModel(member.AggregateID, member.UserID, resourceOwner) addedMember := NewProjectMemberWriteModel(member.AggregateID, member.UserID, resourceOwner)
projectAgg := ProjectAggregateFromWriteModel(&addedMember.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&addedMember.WriteModel)
event, err := r.addProjectMember(ctx, projectAgg, addedMember, member) event, err := c.addProjectMember(ctx, projectAgg, addedMember, member)
if err != nil { if err != nil {
return nil, err return nil, err
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, event) pushedEvents, err := c.eventstore.PushEvents(ctx, event)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -32,18 +32,18 @@ func (r *CommandSide) AddProjectMember(ctx context.Context, member *domain.Membe
return memberWriteModelToMember(&addedMember.MemberWriteModel), nil return memberWriteModelToMember(&addedMember.MemberWriteModel), nil
} }
func (r *CommandSide) addProjectMember(ctx context.Context, projectAgg *eventstore.Aggregate, addedMember *ProjectMemberWriteModel, member *domain.Member) (eventstore.EventPusher, error) { func (c *Commands) addProjectMember(ctx context.Context, projectAgg *eventstore.Aggregate, addedMember *ProjectMemberWriteModel, member *domain.Member) (eventstore.EventPusher, error) {
//TODO: check if roles valid //TODO: check if roles valid
if !member.IsValid() { if !member.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-W8m4l", "Errors.Project.Member.Invalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-W8m4l", "Errors.Project.Member.Invalid")
} }
err := r.checkUserExists(ctx, addedMember.UserID, "") err := c.checkUserExists(ctx, addedMember.UserID, "")
if err != nil { if err != nil {
return nil, err return nil, err
} }
err = r.eventstore.FilterToQueryReducer(ctx, addedMember) err = c.eventstore.FilterToQueryReducer(ctx, addedMember)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -55,14 +55,14 @@ func (r *CommandSide) addProjectMember(ctx context.Context, projectAgg *eventsto
} }
//ChangeProjectMember updates an existing member //ChangeProjectMember updates an existing member
func (r *CommandSide) ChangeProjectMember(ctx context.Context, member *domain.Member, resourceOwner string) (*domain.Member, error) { func (c *Commands) ChangeProjectMember(ctx context.Context, member *domain.Member, resourceOwner string) (*domain.Member, error) {
//TODO: check if roles valid //TODO: check if roles valid
if !member.IsValid() { if !member.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-LiaZi", "Errors.Project.Member.Invalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-LiaZi", "Errors.Project.Member.Invalid")
} }
existingMember, err := r.projectMemberWriteModelByID(ctx, member.AggregateID, member.UserID, resourceOwner) existingMember, err := c.projectMemberWriteModelByID(ctx, member.AggregateID, member.UserID, resourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -71,7 +71,7 @@ func (r *CommandSide) ChangeProjectMember(ctx context.Context, member *domain.Me
return nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-LiaZi", "Errors.Project.Member.RolesNotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-LiaZi", "Errors.Project.Member.RolesNotChanged")
} }
projectAgg := ProjectAggregateFromWriteModel(&existingMember.MemberWriteModel.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&existingMember.MemberWriteModel.WriteModel)
pushedEvents, err := r.eventstore.PushEvents(ctx, project.NewProjectMemberChangedEvent(ctx, projectAgg, member.UserID, member.Roles...)) pushedEvents, err := c.eventstore.PushEvents(ctx, project.NewProjectMemberChangedEvent(ctx, projectAgg, member.UserID, member.Roles...))
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -84,8 +84,8 @@ func (r *CommandSide) ChangeProjectMember(ctx context.Context, member *domain.Me
return memberWriteModelToMember(&existingMember.MemberWriteModel), nil return memberWriteModelToMember(&existingMember.MemberWriteModel), nil
} }
func (r *CommandSide) RemoveProjectMember(ctx context.Context, projectID, userID, resourceOwner string) error { func (c *Commands) RemoveProjectMember(ctx context.Context, projectID, userID, resourceOwner string) error {
m, err := r.projectMemberWriteModelByID(ctx, projectID, userID, resourceOwner) m, err := c.projectMemberWriteModelByID(ctx, projectID, userID, resourceOwner)
if err != nil && !errors.IsNotFound(err) { if err != nil && !errors.IsNotFound(err) {
return err return err
} }
@@ -94,16 +94,16 @@ func (r *CommandSide) RemoveProjectMember(ctx context.Context, projectID, userID
} }
projectAgg := ProjectAggregateFromWriteModel(&m.MemberWriteModel.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&m.MemberWriteModel.WriteModel)
_, err = r.eventstore.PushEvents(ctx, project.NewProjectMemberRemovedEvent(ctx, projectAgg, userID)) _, err = c.eventstore.PushEvents(ctx, project.NewProjectMemberRemovedEvent(ctx, projectAgg, userID))
return err return err
} }
func (r *CommandSide) projectMemberWriteModelByID(ctx context.Context, projectID, userID, resourceOwner string) (member *ProjectMemberWriteModel, err error) { func (c *Commands) projectMemberWriteModelByID(ctx context.Context, projectID, userID, resourceOwner string) (member *ProjectMemberWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
writeModel := NewProjectMemberWriteModel(projectID, userID, resourceOwner) writeModel := NewProjectMemberWriteModel(projectID, userID, resourceOwner)
err = r.eventstore.FilterToQueryReducer(ctx, writeModel) err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

40
internal/command/project_role.go
View File

@@ -9,19 +9,19 @@ import (
"github.com/caos/zitadel/internal/repository/project" "github.com/caos/zitadel/internal/repository/project"
) )
func (r *CommandSide) AddProjectRole(ctx context.Context, projectRole *domain.ProjectRole, resourceOwner string) (_ *domain.ProjectRole, err error) { func (c *Commands) AddProjectRole(ctx context.Context, projectRole *domain.ProjectRole, resourceOwner string) (_ *domain.ProjectRole, err error) {
err = r.checkProjectExists(ctx, projectRole.AggregateID, resourceOwner) err = c.checkProjectExists(ctx, projectRole.AggregateID, resourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
roleWriteModel := NewProjectRoleWriteModelWithKey(projectRole.Key, projectRole.AggregateID, resourceOwner) roleWriteModel := NewProjectRoleWriteModelWithKey(projectRole.Key, projectRole.AggregateID, resourceOwner)
projectAgg := ProjectAggregateFromWriteModel(&roleWriteModel.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&roleWriteModel.WriteModel)
events, err := r.addProjectRoles(ctx, projectAgg, projectRole.AggregateID, projectRole) events, err := c.addProjectRoles(ctx, projectAgg, projectRole.AggregateID, projectRole)
if err != nil { if err != nil {
return nil, err return nil, err
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, events...) pushedEvents, err := c.eventstore.PushEvents(ctx, events...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -32,24 +32,24 @@ func (r *CommandSide) AddProjectRole(ctx context.Context, projectRole *domain.Pr
return roleWriteModelToRole(roleWriteModel), nil return roleWriteModelToRole(roleWriteModel), nil
} }
func (r *CommandSide) BulkAddProjectRole(ctx context.Context, projectID, resourceOwner string, projectRoles []*domain.ProjectRole) (err error) { func (c *Commands) BulkAddProjectRole(ctx context.Context, projectID, resourceOwner string, projectRoles []*domain.ProjectRole) (err error) {
err = r.checkProjectExists(ctx, projectID, resourceOwner) err = c.checkProjectExists(ctx, projectID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
roleWriteModel := NewProjectRoleWriteModel(projectID, resourceOwner) roleWriteModel := NewProjectRoleWriteModel(projectID, resourceOwner)
projectAgg := ProjectAggregateFromWriteModel(&roleWriteModel.WriteModel) projectAgg := ProjectAggregateFromWriteModel(&roleWriteModel.WriteModel)
events, err := r.addProjectRoles(ctx, projectAgg, projectID, projectRoles...) events, err := c.addProjectRoles(ctx, projectAgg, projectID, projectRoles...)
if err != nil { if err != nil {
return err return err
} }
_, err = r.eventstore.PushEvents(ctx, events...) _, err = c.eventstore.PushEvents(ctx, events...)
return err return err
} }
func (r *CommandSide) addProjectRoles(ctx context.Context, projectAgg *eventstore.Aggregate, projectID string, projectRoles ...*domain.ProjectRole) ([]eventstore.EventPusher, error) { func (c *Commands) addProjectRoles(ctx context.Context, projectAgg *eventstore.Aggregate, projectID string, projectRoles ...*domain.ProjectRole) ([]eventstore.EventPusher, error) {
var events []eventstore.EventPusher var events []eventstore.EventPusher
for _, projectRole := range projectRoles { for _, projectRole := range projectRoles {
if !projectRole.IsValid() { if !projectRole.IsValid() {
@@ -68,16 +68,16 @@ func (r *CommandSide) addProjectRoles(ctx context.Context, projectAgg *eventstor
return events, nil return events, nil
} }
func (r *CommandSide) ChangeProjectRole(ctx context.Context, projectRole *domain.ProjectRole, resourceOwner string) (_ *domain.ProjectRole, err error) { func (c *Commands) ChangeProjectRole(ctx context.Context, projectRole *domain.ProjectRole, resourceOwner string) (_ *domain.ProjectRole, err error) {
if !projectRole.IsValid() { if !projectRole.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4m9vS", "Errors.Project.Invalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4m9vS", "Errors.Project.Invalid")
} }
err = r.checkProjectExists(ctx, projectRole.AggregateID, resourceOwner) err = c.checkProjectExists(ctx, projectRole.AggregateID, resourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
existingRole, err := r.getProjectRoleWriteModelByID(ctx, projectRole.Key, projectRole.AggregateID, resourceOwner) existingRole, err := c.getProjectRoleWriteModelByID(ctx, projectRole.Key, projectRole.AggregateID, resourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -95,7 +95,7 @@ func (r *CommandSide) ChangeProjectRole(ctx context.Context, projectRole *domain
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-5M0cs", "Errors.NoChangesFound") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-5M0cs", "Errors.NoChangesFound")
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, changeEvent) pushedEvents, err := c.eventstore.PushEvents(ctx, changeEvent)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -106,11 +106,11 @@ func (r *CommandSide) ChangeProjectRole(ctx context.Context, projectRole *domain
return roleWriteModelToRole(existingRole), nil return roleWriteModelToRole(existingRole), nil
} }
func (r *CommandSide) RemoveProjectRole(ctx context.Context, projectID, key, resourceOwner string, cascadingProjectGrantIds []string, cascadeUserGrantIDs ...string) (err error) { func (c *Commands) RemoveProjectRole(ctx context.Context, projectID, key, resourceOwner string, cascadingProjectGrantIds []string, cascadeUserGrantIDs ...string) (err error) {
if projectID == "" || key == "" { if projectID == "" || key == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4m9vS", "Errors.Project.Role.Invalid") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4m9vS", "Errors.Project.Role.Invalid")
} }
existingRole, err := r.getProjectRoleWriteModelByID(ctx, key, projectID, resourceOwner) existingRole, err := c.getProjectRoleWriteModelByID(ctx, key, projectID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
@@ -123,7 +123,7 @@ func (r *CommandSide) RemoveProjectRole(ctx context.Context, projectID, key, res
} }
for _, projectGrantID := range cascadingProjectGrantIds { for _, projectGrantID := range cascadingProjectGrantIds {
event, _, err := r.removeRoleFromProjectGrant(ctx, projectAgg, projectID, projectGrantID, key, true) event, _, err := c.removeRoleFromProjectGrant(ctx, projectAgg, projectID, projectGrantID, key, true)
if err != nil { if err != nil {
logging.LogWithFields("COMMAND-6n77g", "projectgrantid", projectGrantID).WithError(err).Warn("could not cascade remove role from project grant") logging.LogWithFields("COMMAND-6n77g", "projectgrantid", projectGrantID).WithError(err).Warn("could not cascade remove role from project grant")
continue continue
@@ -132,7 +132,7 @@ func (r *CommandSide) RemoveProjectRole(ctx context.Context, projectID, key, res
} }
for _, grantID := range cascadeUserGrantIDs { for _, grantID := range cascadeUserGrantIDs {
event, err := r.removeRoleFromUserGrant(ctx, grantID, []string{key}, true) event, err := c.removeRoleFromUserGrant(ctx, grantID, []string{key}, true)
if err != nil { if err != nil {
logging.LogWithFields("COMMAND-mK0of", "usergrantid", grantID).WithError(err).Warn("could not cascade remove role on user grant") logging.LogWithFields("COMMAND-mK0of", "usergrantid", grantID).WithError(err).Warn("could not cascade remove role on user grant")
continue continue
@@ -140,13 +140,13 @@ func (r *CommandSide) RemoveProjectRole(ctx context.Context, projectID, key, res
events = append(events, event) events = append(events, event)
} }
_, err = r.eventstore.PushEvents(ctx, events...) _, err = c.eventstore.PushEvents(ctx, events...)
return err return err
} }
func (r *CommandSide) getProjectRoleWriteModelByID(ctx context.Context, key, projectID, resourceOwner string) (*ProjectRoleWriteModel, error) { func (c *Commands) getProjectRoleWriteModelByID(ctx context.Context, key, projectID, resourceOwner string) (*ProjectRoleWriteModel, error) {
projectRoleWriteModel := NewProjectRoleWriteModelWithKey(key, projectID, resourceOwner) projectRoleWriteModel := NewProjectRoleWriteModelWithKey(key, projectID, resourceOwner)
err := r.eventstore.FilterToQueryReducer(ctx, projectRoleWriteModel) err := c.eventstore.FilterToQueryReducer(ctx, projectRoleWriteModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

22
internal/command/setup.go
View File

@@ -14,15 +14,15 @@ import (
type Step interface { type Step interface {
Step() domain.Step Step() domain.Step
execute(context.Context, *CommandSide) error execute(context.Context, *Commands) error
} }
const ( const (
SetupUser = "SETUP" SetupUser = "SETUP"
) )
func (r *CommandSide) ExecuteSetupSteps(ctx context.Context, steps []Step) error { func (c *Commands) ExecuteSetupSteps(ctx context.Context, steps []Step) error {
iam, err := r.GetIAM(ctx) iam, err := c.GetIAM(ctx)
if err != nil && !caos_errs.IsNotFound(err) { if err != nil && !caos_errs.IsNotFound(err) {
return err return err
} }
@@ -38,12 +38,12 @@ func (r *CommandSide) ExecuteSetupSteps(ctx context.Context, steps []Step) error
ctx = setSetUpContextData(ctx) ctx = setSetUpContextData(ctx)
for _, step := range steps { for _, step := range steps {
iam, err = r.StartSetup(ctx, step.Step()) iam, err = c.StartSetup(ctx, step.Step())
if err != nil { if err != nil {
return err return err
} }
err = step.execute(ctx, r) err = step.execute(ctx, c)
if err != nil { if err != nil {
return err return err
} }
@@ -55,8 +55,8 @@ func setSetUpContextData(ctx context.Context) context.Context {
return authz.SetCtxData(ctx, authz.CtxData{UserID: SetupUser}) return authz.SetCtxData(ctx, authz.CtxData{UserID: SetupUser})
} }
func (r *CommandSide) StartSetup(ctx context.Context, step domain.Step) (*domain.IAM, error) { func (c *Commands) StartSetup(ctx context.Context, step domain.Step) (*domain.IAM, error) {
iamWriteModel, err := r.getIAMWriteModel(ctx) iamWriteModel, err := c.getIAMWriteModel(ctx)
if err != nil && !caos_errs.IsNotFound(err) { if err != nil && !caos_errs.IsNotFound(err) {
return nil, err return nil, err
} }
@@ -64,7 +64,7 @@ func (r *CommandSide) StartSetup(ctx context.Context, step domain.Step) (*domain
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-9so34", "setup error") return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-9so34", "setup error")
} }
aggregate := IAMAggregateFromWriteModel(&iamWriteModel.WriteModel) aggregate := IAMAggregateFromWriteModel(&iamWriteModel.WriteModel)
pushedEvents, err := r.eventstore.PushEvents(ctx, iam_repo.NewSetupStepStartedEvent(ctx, aggregate, step)) pushedEvents, err := c.eventstore.PushEvents(ctx, iam_repo.NewSetupStepStartedEvent(ctx, aggregate, step))
if err != nil { if err != nil {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Grgh1", "Setup start failed") return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Grgh1", "Setup start failed")
} }
@@ -76,8 +76,8 @@ func (r *CommandSide) StartSetup(ctx context.Context, step domain.Step) (*domain
return writeModelToIAM(iamWriteModel), nil return writeModelToIAM(iamWriteModel), nil
} }
func (r *CommandSide) setup(ctx context.Context, step Step, iamAggregateProvider func(*IAMWriteModel) ([]eventstore.EventPusher, error)) error { func (c *Commands) setup(ctx context.Context, step Step, iamAggregateProvider func(*IAMWriteModel) ([]eventstore.EventPusher, error)) error {
iam, err := r.getIAMWriteModel(ctx) iam, err := c.getIAMWriteModel(ctx)
if err != nil && !caos_errs.IsNotFound(err) { if err != nil && !caos_errs.IsNotFound(err) {
return err return err
} }
@@ -91,7 +91,7 @@ func (r *CommandSide) setup(ctx context.Context, step Step, iamAggregateProvider
iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel) iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel)
events = append(events, iam_repo.NewSetupStepDoneEvent(ctx, iamAgg, step.Step())) events = append(events, iam_repo.NewSetupStepDoneEvent(ctx, iamAgg, step.Step()))
_, err = r.eventstore.PushEvents(ctx, events...) _, err = c.eventstore.PushEvents(ctx, events...)
if err != nil { if err != nil {
return caos_errs.ThrowPreconditionFailedf(nil, "EVENT-dbG31", "Setup %v failed", step.Step()) return caos_errs.ThrowPreconditionFailedf(nil, "EVENT-dbG31", "Setup %v failed", step.Step())
} }

24
internal/command/setup_step1.go
View File

@@ -39,7 +39,7 @@ func (s *Step1) Step() domain.Step {
return domain.Step1 return domain.Step1
} }
func (s *Step1) execute(ctx context.Context, commandSide *CommandSide) error { func (s *Step1) execute(ctx context.Context, commandSide *Commands) error {
return commandSide.SetupStep1(ctx, s) return commandSide.SetupStep1(ctx, s)
} }
@@ -83,12 +83,12 @@ type OIDCApp struct {
DevMode bool DevMode bool
} }
func (r *CommandSide) SetupStep1(ctx context.Context, step1 *Step1) error { func (c *Commands) SetupStep1(ctx context.Context, step1 *Step1) error {
var events []eventstore.EventPusher var events []eventstore.EventPusher
iamWriteModel := NewIAMWriteModel() iamWriteModel := NewIAMWriteModel()
iamAgg := IAMAggregateFromWriteModel(&iamWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&iamWriteModel.WriteModel)
//create default login policy //create default login policy
loginPolicyEvent, err := r.addDefaultLoginPolicy(ctx, iamAgg, NewIAMLoginPolicyWriteModel(), loginPolicyEvent, err := c.addDefaultLoginPolicy(ctx, iamAgg, NewIAMLoginPolicyWriteModel(),
&domain.LoginPolicy{ &domain.LoginPolicy{
AllowUsernamePassword: step1.DefaultLoginPolicy.AllowUsernamePassword, AllowUsernamePassword: step1.DefaultLoginPolicy.AllowUsernamePassword,
AllowRegister: step1.DefaultLoginPolicy.AllowRegister, AllowRegister: step1.DefaultLoginPolicy.AllowRegister,
@@ -101,7 +101,7 @@ func (r *CommandSide) SetupStep1(ctx context.Context, step1 *Step1) error {
logging.Log("SETUP-sd2hj").Info("default login policy set up") logging.Log("SETUP-sd2hj").Info("default login policy set up")
//create orgs //create orgs
for _, organisation := range step1.Orgs { for _, organisation := range step1.Orgs {
orgAgg, humanWriteModel, _, setUpOrgEvents, err := r.setUpOrg(ctx, orgAgg, humanWriteModel, _, setUpOrgEvents, err := c.setUpOrg(ctx,
&domain.Org{ &domain.Org{
Name: organisation.Name, Name: organisation.Name,
Domains: []*domain.OrgDomain{{Domain: organisation.Domain}}, Domains: []*domain.OrgDomain{{Domain: organisation.Domain}},
@@ -127,14 +127,14 @@ func (r *CommandSide) SetupStep1(ctx context.Context, step1 *Step1) error {
logging.LogWithFields("SETUP-Gdsfg", "id", orgAgg.ID, "name", organisation.Name).Info("org set up") logging.LogWithFields("SETUP-Gdsfg", "id", orgAgg.ID, "name", organisation.Name).Info("org set up")
if organisation.OrgIamPolicy { if organisation.OrgIamPolicy {
orgIAMPolicyEvent, err := r.addOrgIAMPolicy(ctx, orgAgg, NewORGOrgIAMPolicyWriteModel(orgAgg.ID), &domain.OrgIAMPolicy{UserLoginMustBeDomain: false}) orgIAMPolicyEvent, err := c.addOrgIAMPolicy(ctx, orgAgg, NewORGOrgIAMPolicyWriteModel(orgAgg.ID), &domain.OrgIAMPolicy{UserLoginMustBeDomain: false})
if err != nil { if err != nil {
return err return err
} }
events = append(events, orgIAMPolicyEvent) events = append(events, orgIAMPolicyEvent)
} }
if organisation.Name == step1.GlobalOrg { if organisation.Name == step1.GlobalOrg {
globalOrgEvent, err := r.setGlobalOrg(ctx, iamAgg, iamWriteModel, orgAgg.ID) globalOrgEvent, err := c.setGlobalOrg(ctx, iamAgg, iamWriteModel, orgAgg.ID)
if err != nil { if err != nil {
return err return err
} }
@@ -144,19 +144,19 @@ func (r *CommandSide) SetupStep1(ctx context.Context, step1 *Step1) error {
//projects //projects
for _, proj := range organisation.Projects { for _, proj := range organisation.Projects {
project := &domain.Project{Name: proj.Name} project := &domain.Project{Name: proj.Name}
projectEvents, projectWriteModel, err := r.addProject(ctx, project, orgAgg.ID, humanWriteModel.AggregateID) projectEvents, projectWriteModel, err := c.addProject(ctx, project, orgAgg.ID, humanWriteModel.AggregateID)
if err != nil { if err != nil {
return err return err
} }
events = append(events, projectEvents...) events = append(events, projectEvents...)
if project.Name == step1.IAMProject { if project.Name == step1.IAMProject {
iamProjectEvent, err := r.setIAMProject(ctx, iamAgg, iamWriteModel, projectWriteModel.AggregateID) iamProjectEvent, err := c.setIAMProject(ctx, iamAgg, iamWriteModel, projectWriteModel.AggregateID)
if err != nil { if err != nil {
return err return err
} }
events = append(events, iamProjectEvent) events = append(events, iamProjectEvent)
logging.Log("SETUP-Bdfs1").Info("IAM project set") logging.Log("SETUP-Bdfs1").Info("IAM project set")
iamEvent, err := r.addIAMMember(ctx, iamAgg, NewIAMMemberWriteModel(humanWriteModel.AggregateID), domain.NewMember(iamAgg.ID, humanWriteModel.AggregateID, domain.RoleIAMOwner)) iamEvent, err := c.addIAMMember(ctx, iamAgg, NewIAMMemberWriteModel(humanWriteModel.AggregateID), domain.NewMember(iamAgg.ID, humanWriteModel.AggregateID, domain.RoleIAMOwner))
if err != nil { if err != nil {
return err return err
} }
@@ -165,7 +165,7 @@ func (r *CommandSide) SetupStep1(ctx context.Context, step1 *Step1) error {
} }
//create applications //create applications
for _, app := range proj.OIDCApps { for _, app := range proj.OIDCApps {
applicationEvents, err := setUpApplication(ctx, r, projectWriteModel, project, app, orgAgg.ID) applicationEvents, err := setUpApplication(ctx, c, projectWriteModel, project, app, orgAgg.ID)
if err != nil { if err != nil {
return err return err
} }
@@ -176,14 +176,14 @@ func (r *CommandSide) SetupStep1(ctx context.Context, step1 *Step1) error {
events = append(events, iam_repo.NewSetupStepDoneEvent(ctx, iamAgg, domain.Step1)) events = append(events, iam_repo.NewSetupStepDoneEvent(ctx, iamAgg, domain.Step1))
_, err = r.eventstore.PushEvents(ctx, events...) _, err = c.eventstore.PushEvents(ctx, events...)
if err != nil { if err != nil {
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-Gr2hh", "Setup Step1 failed") return caos_errs.ThrowPreconditionFailed(nil, "EVENT-Gr2hh", "Setup Step1 failed")
} }
return nil return nil
} }
func setUpApplication(ctx context.Context, r *CommandSide, projectWriteModel *ProjectWriteModel, project *domain.Project, oidcApp OIDCApp, resourceOwner string) ([]eventstore.EventPusher, error) { func setUpApplication(ctx context.Context, r *Commands, projectWriteModel *ProjectWriteModel, project *domain.Project, oidcApp OIDCApp, resourceOwner string) ([]eventstore.EventPusher, error) {
app := &domain.OIDCApp{ app := &domain.OIDCApp{
ObjectRoot: models.ObjectRoot{ ObjectRoot: models.ObjectRoot{
AggregateID: projectWriteModel.AggregateID, AggregateID: projectWriteModel.AggregateID,

10
internal/command/setup_step10.go
View File

@@ -16,14 +16,14 @@ func (s *Step10) Step() domain.Step {
return domain.Step10 return domain.Step10
} }
func (s *Step10) execute(ctx context.Context, commandSide *CommandSide) error { func (s *Step10) execute(ctx context.Context, commandSide *Commands) error {
return commandSide.SetupStep10(ctx, s) return commandSide.SetupStep10(ctx, s)
} }
func (r *CommandSide) SetupStep10(ctx context.Context, step *Step10) error { func (c *Commands) SetupStep10(ctx context.Context, step *Step10) error {
fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) { fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) {
iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel) iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel)
mailTemplateEvent, err := r.addDefaultMailTemplate(ctx, iamAgg, NewIAMMailTemplateWriteModel(), &step.DefaultMailTemplate) mailTemplateEvent, err := c.addDefaultMailTemplate(ctx, iamAgg, NewIAMMailTemplateWriteModel(), &step.DefaultMailTemplate)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -31,7 +31,7 @@ func (r *CommandSide) SetupStep10(ctx context.Context, step *Step10) error {
mailTemplateEvent, mailTemplateEvent,
} }
for _, text := range step.DefaultMailTexts { for _, text := range step.DefaultMailTexts {
defaultTextEvent, err := r.addDefaultMailText(ctx, iamAgg, NewIAMMailTextWriteModel(text.MailTextType, text.Language), &text) defaultTextEvent, err := c.addDefaultMailText(ctx, iamAgg, NewIAMMailTextWriteModel(text.MailTextType, text.Language), &text)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -40,5 +40,5 @@ func (r *CommandSide) SetupStep10(ctx context.Context, step *Step10) error {
logging.Log("SETUP-3N9fs").Info("default mail template/text set up") logging.Log("SETUP-3N9fs").Info("default mail template/text set up")
return events, nil return events, nil
} }
return r.setup(ctx, step, fn) return c.setup(ctx, step, fn)
} }

10
internal/command/setup_step11.go
View File

@@ -16,17 +16,17 @@ func (s *Step11) Step() domain.Step {
return domain.Step11 return domain.Step11
} }
func (s *Step11) execute(ctx context.Context, commandSide *CommandSide) error { func (s *Step11) execute(ctx context.Context, commandSide *Commands) error {
return commandSide.SetupStep11(ctx, s) return commandSide.SetupStep11(ctx, s)
} }
func (r *CommandSide) SetupStep11(ctx context.Context, step *Step11) error { func (c *Commands) SetupStep11(ctx context.Context, step *Step11) error {
fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) { fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) {
iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel) iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel)
var uniqueContraintMigrations []*domain.UniqueConstraintMigration var uniqueContraintMigrations []*domain.UniqueConstraintMigration
if step.MigrateV1EventstoreToV2 { if step.MigrateV1EventstoreToV2 {
uniqueConstraints := NewUniqueConstraintReadModel(ctx, r) uniqueConstraints := NewUniqueConstraintReadModel(ctx, c)
err := r.eventstore.FilterToQueryReducer(ctx, uniqueConstraints) err := c.eventstore.FilterToQueryReducer(ctx, uniqueConstraints)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -35,5 +35,5 @@ func (r *CommandSide) SetupStep11(ctx context.Context, step *Step11) error {
logging.Log("SETUP-M9fsd").Info("migrate v1 eventstore to v2") logging.Log("SETUP-M9fsd").Info("migrate v1 eventstore to v2")
return []eventstore.EventPusher{iam_repo.NewMigrateUniqueConstraintEvent(ctx, iamAgg, uniqueContraintMigrations)}, nil return []eventstore.EventPusher{iam_repo.NewMigrateUniqueConstraintEvent(ctx, iamAgg, uniqueContraintMigrations)}, nil
} }
return r.setup(ctx, step, fn) return c.setup(ctx, step, fn)
} }

8
internal/command/setup_step2.go
View File

@@ -17,14 +17,14 @@ func (s *Step2) Step() domain.Step {
return domain.Step2 return domain.Step2
} }
func (s *Step2) execute(ctx context.Context, commandSide *CommandSide) error { func (s *Step2) execute(ctx context.Context, commandSide *Commands) error {
return commandSide.SetupStep2(ctx, s) return commandSide.SetupStep2(ctx, s)
} }
func (r *CommandSide) SetupStep2(ctx context.Context, step *Step2) error { func (c *Commands) SetupStep2(ctx context.Context, step *Step2) error {
fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) { fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) {
iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel) iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel)
event, err := r.addDefaultPasswordComplexityPolicy(ctx, iamAgg, NewIAMPasswordComplexityPolicyWriteModel(), &domain.PasswordComplexityPolicy{ event, err := c.addDefaultPasswordComplexityPolicy(ctx, iamAgg, NewIAMPasswordComplexityPolicyWriteModel(), &domain.PasswordComplexityPolicy{
MinLength: step.DefaultPasswordComplexityPolicy.MinLength, MinLength: step.DefaultPasswordComplexityPolicy.MinLength,
HasLowercase: step.DefaultPasswordComplexityPolicy.HasLowercase, HasLowercase: step.DefaultPasswordComplexityPolicy.HasLowercase,
HasUppercase: step.DefaultPasswordComplexityPolicy.HasUppercase, HasUppercase: step.DefaultPasswordComplexityPolicy.HasUppercase,
@@ -37,5 +37,5 @@ func (r *CommandSide) SetupStep2(ctx context.Context, step *Step2) error {
logging.Log("SETUP-ADgd2").Info("default password complexity policy set up") logging.Log("SETUP-ADgd2").Info("default password complexity policy set up")
return []eventstore.EventPusher{event}, nil return []eventstore.EventPusher{event}, nil
} }
return r.setup(ctx, step, fn) return c.setup(ctx, step, fn)
} }

8
internal/command/setup_step3.go
View File

@@ -17,14 +17,14 @@ func (s *Step3) Step() domain.Step {
return domain.Step3 return domain.Step3
} }
func (s *Step3) execute(ctx context.Context, commandSide *CommandSide) error { func (s *Step3) execute(ctx context.Context, commandSide *Commands) error {
return commandSide.SetupStep3(ctx, s) return commandSide.SetupStep3(ctx, s)
} }
func (r *CommandSide) SetupStep3(ctx context.Context, step *Step3) error { func (c *Commands) SetupStep3(ctx context.Context, step *Step3) error {
fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) { fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) {
iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel) iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel)
event, err := r.addDefaultPasswordAgePolicy(ctx, iamAgg, NewIAMPasswordAgePolicyWriteModel(), &domain.PasswordAgePolicy{ event, err := c.addDefaultPasswordAgePolicy(ctx, iamAgg, NewIAMPasswordAgePolicyWriteModel(), &domain.PasswordAgePolicy{
MaxAgeDays: step.DefaultPasswordAgePolicy.MaxAgeDays, MaxAgeDays: step.DefaultPasswordAgePolicy.MaxAgeDays,
ExpireWarnDays: step.DefaultPasswordAgePolicy.ExpireWarnDays, ExpireWarnDays: step.DefaultPasswordAgePolicy.ExpireWarnDays,
}) })
@@ -34,5 +34,5 @@ func (r *CommandSide) SetupStep3(ctx context.Context, step *Step3) error {
logging.Log("SETUP-DBqgq").Info("default password age policy set up") logging.Log("SETUP-DBqgq").Info("default password age policy set up")
return []eventstore.EventPusher{event}, nil return []eventstore.EventPusher{event}, nil
} }
return r.setup(ctx, step, fn) return c.setup(ctx, step, fn)
} }

8
internal/command/setup_step4.go
View File

@@ -17,14 +17,14 @@ func (s *Step4) Step() domain.Step {
return domain.Step4 return domain.Step4
} }
func (s *Step4) execute(ctx context.Context, commandSide *CommandSide) error { func (s *Step4) execute(ctx context.Context, commandSide *Commands) error {
return commandSide.SetupStep4(ctx, s) return commandSide.SetupStep4(ctx, s)
} }
func (r *CommandSide) SetupStep4(ctx context.Context, step *Step4) error { func (c *Commands) SetupStep4(ctx context.Context, step *Step4) error {
fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) { fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) {
iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel) iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel)
event, err := r.addDefaultPasswordLockoutPolicy(ctx, iamAgg, NewIAMPasswordLockoutPolicyWriteModel(), &domain.PasswordLockoutPolicy{ event, err := c.addDefaultPasswordLockoutPolicy(ctx, iamAgg, NewIAMPasswordLockoutPolicyWriteModel(), &domain.PasswordLockoutPolicy{
MaxAttempts: step.DefaultPasswordLockoutPolicy.MaxAttempts, MaxAttempts: step.DefaultPasswordLockoutPolicy.MaxAttempts,
ShowLockOutFailures: step.DefaultPasswordLockoutPolicy.ShowLockOutFailures, ShowLockOutFailures: step.DefaultPasswordLockoutPolicy.ShowLockOutFailures,
}) })
@@ -34,5 +34,5 @@ func (r *CommandSide) SetupStep4(ctx context.Context, step *Step4) error {
logging.Log("SETUP-Bfnge").Info("default password lockout policy set up") logging.Log("SETUP-Bfnge").Info("default password lockout policy set up")
return []eventstore.EventPusher{event}, nil return []eventstore.EventPusher{event}, nil
} }
return r.setup(ctx, step, fn) return c.setup(ctx, step, fn)
} }

8
internal/command/setup_step5.go
View File

@@ -17,14 +17,14 @@ func (s *Step5) Step() domain.Step {
return domain.Step5 return domain.Step5
} }
func (s *Step5) execute(ctx context.Context, commandSide *CommandSide) error { func (s *Step5) execute(ctx context.Context, commandSide *Commands) error {
return commandSide.SetupStep5(ctx, s) return commandSide.SetupStep5(ctx, s)
} }
func (r *CommandSide) SetupStep5(ctx context.Context, step *Step5) error { func (c *Commands) SetupStep5(ctx context.Context, step *Step5) error {
fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) { fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) {
iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel) iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel)
event, err := r.addDefaultOrgIAMPolicy(ctx, iamAgg, NewIAMOrgIAMPolicyWriteModel(), &domain.OrgIAMPolicy{ event, err := c.addDefaultOrgIAMPolicy(ctx, iamAgg, NewIAMOrgIAMPolicyWriteModel(), &domain.OrgIAMPolicy{
UserLoginMustBeDomain: step.DefaultOrgIAMPolicy.UserLoginMustBeDomain, UserLoginMustBeDomain: step.DefaultOrgIAMPolicy.UserLoginMustBeDomain,
}) })
if err != nil { if err != nil {
@@ -33,5 +33,5 @@ func (r *CommandSide) SetupStep5(ctx context.Context, step *Step5) error {
logging.Log("SETUP-ADgd2").Info("default org iam policy set up") logging.Log("SETUP-ADgd2").Info("default org iam policy set up")
return []eventstore.EventPusher{event}, nil return []eventstore.EventPusher{event}, nil
} }
return r.setup(ctx, step, fn) return c.setup(ctx, step, fn)
} }

8
internal/command/setup_step6.go
View File

@@ -17,14 +17,14 @@ func (s *Step6) Step() domain.Step {
return domain.Step6 return domain.Step6
} }
func (s *Step6) execute(ctx context.Context, commandSide *CommandSide) error { func (s *Step6) execute(ctx context.Context, commandSide *Commands) error {
return commandSide.SetupStep6(ctx, s) return commandSide.SetupStep6(ctx, s)
} }
func (r *CommandSide) SetupStep6(ctx context.Context, step *Step6) error { func (c *Commands) SetupStep6(ctx context.Context, step *Step6) error {
fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) { fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) {
iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel) iamAgg := IAMAggregateFromWriteModel(&iam.WriteModel)
event, err := r.addDefaultLabelPolicy(ctx, iamAgg, NewIAMLabelPolicyWriteModel(), &domain.LabelPolicy{ event, err := c.addDefaultLabelPolicy(ctx, iamAgg, NewIAMLabelPolicyWriteModel(), &domain.LabelPolicy{
PrimaryColor: step.DefaultLabelPolicy.PrimaryColor, PrimaryColor: step.DefaultLabelPolicy.PrimaryColor,
SecondaryColor: step.DefaultLabelPolicy.SecondaryColor, SecondaryColor: step.DefaultLabelPolicy.SecondaryColor,
}) })
@@ -34,5 +34,5 @@ func (r *CommandSide) SetupStep6(ctx context.Context, step *Step6) error {
logging.Log("SETUP-ADgd2").Info("default label policy set up") logging.Log("SETUP-ADgd2").Info("default label policy set up")
return []eventstore.EventPusher{event}, nil return []eventstore.EventPusher{event}, nil
} }
return r.setup(ctx, step, fn) return c.setup(ctx, step, fn)
} }

8
internal/command/setup_step7.go
View File

@@ -16,23 +16,23 @@ func (s *Step7) Step() domain.Step {
return domain.Step7 return domain.Step7
} }
func (s *Step7) execute(ctx context.Context, commandSide *CommandSide) error { func (s *Step7) execute(ctx context.Context, commandSide *Commands) error {
return commandSide.SetupStep7(ctx, s) return commandSide.SetupStep7(ctx, s)
} }
func (r *CommandSide) SetupStep7(ctx context.Context, step *Step7) error { func (c *Commands) SetupStep7(ctx context.Context, step *Step7) error {
fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) { fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) {
secondFactorModel := NewIAMSecondFactorWriteModel() secondFactorModel := NewIAMSecondFactorWriteModel()
iamAgg := IAMAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel)
if !step.OTP { if !step.OTP {
return []eventstore.EventPusher{}, nil return []eventstore.EventPusher{}, nil
} }
event, err := r.addSecondFactorToDefaultLoginPolicy(ctx, iamAgg, secondFactorModel, domain.SecondFactorTypeOTP) event, err := c.addSecondFactorToDefaultLoginPolicy(ctx, iamAgg, secondFactorModel, domain.SecondFactorTypeOTP)
if err != nil { if err != nil {
return nil, err return nil, err
} }
logging.Log("SETUP-Dggsg").Info("added OTP to 2FA login policy") logging.Log("SETUP-Dggsg").Info("added OTP to 2FA login policy")
return []eventstore.EventPusher{event}, nil return []eventstore.EventPusher{event}, nil
} }
return r.setup(ctx, step, fn) return c.setup(ctx, step, fn)
} }

8
internal/command/setup_step8.go
View File

@@ -16,23 +16,23 @@ func (s *Step8) Step() domain.Step {
return domain.Step8 return domain.Step8
} }
func (s *Step8) execute(ctx context.Context, commandSide *CommandSide) error { func (s *Step8) execute(ctx context.Context, commandSide *Commands) error {
return commandSide.SetupStep8(ctx, s) return commandSide.SetupStep8(ctx, s)
} }
func (r *CommandSide) SetupStep8(ctx context.Context, step *Step8) error { func (c *Commands) SetupStep8(ctx context.Context, step *Step8) error {
fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) { fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) {
secondFactorModel := NewIAMSecondFactorWriteModel() secondFactorModel := NewIAMSecondFactorWriteModel()
iamAgg := IAMAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel)
if !step.U2F { if !step.U2F {
return []eventstore.EventPusher{}, nil return []eventstore.EventPusher{}, nil
} }
event, err := r.addSecondFactorToDefaultLoginPolicy(ctx, iamAgg, secondFactorModel, domain.SecondFactorTypeU2F) event, err := c.addSecondFactorToDefaultLoginPolicy(ctx, iamAgg, secondFactorModel, domain.SecondFactorTypeU2F)
if err != nil { if err != nil {
return nil, err return nil, err
} }
logging.Log("SETUP-BDhne").Info("added U2F to 2FA login policy") logging.Log("SETUP-BDhne").Info("added U2F to 2FA login policy")
return []eventstore.EventPusher{event}, nil return []eventstore.EventPusher{event}, nil
} }
return r.setup(ctx, step, fn) return c.setup(ctx, step, fn)
} }

12
internal/command/setup_step9.go
View File

@@ -16,33 +16,33 @@ func (s *Step9) Step() domain.Step {
return domain.Step9 return domain.Step9
} }
func (s *Step9) execute(ctx context.Context, commandSide *CommandSide) error { func (s *Step9) execute(ctx context.Context, commandSide *Commands) error {
return commandSide.SetupStep9(ctx, s) return commandSide.SetupStep9(ctx, s)
} }
func (r *CommandSide) SetupStep9(ctx context.Context, step *Step9) error { func (c *Commands) SetupStep9(ctx context.Context, step *Step9) error {
fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) { fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) {
multiFactorModel := NewIAMMultiFactorWriteModel() multiFactorModel := NewIAMMultiFactorWriteModel()
iamAgg := IAMAggregateFromWriteModel(&multiFactorModel.MultiFactoryWriteModel.WriteModel) iamAgg := IAMAggregateFromWriteModel(&multiFactorModel.MultiFactoryWriteModel.WriteModel)
if !step.Passwordless { if !step.Passwordless {
return []eventstore.EventPusher{}, nil return []eventstore.EventPusher{}, nil
} }
passwordlessEvent, err := setPasswordlessAllowedInPolicy(ctx, r, iamAgg) passwordlessEvent, err := setPasswordlessAllowedInPolicy(ctx, c, iamAgg)
if err != nil { if err != nil {
return nil, err return nil, err
} }
logging.Log("SETUP-AEG2t").Info("allowed passwordless in login policy") logging.Log("SETUP-AEG2t").Info("allowed passwordless in login policy")
multifactorEvent, err := r.addMultiFactorToDefaultLoginPolicy(ctx, iamAgg, multiFactorModel, domain.MultiFactorTypeU2FWithPIN) multifactorEvent, err := c.addMultiFactorToDefaultLoginPolicy(ctx, iamAgg, multiFactorModel, domain.MultiFactorTypeU2FWithPIN)
if err != nil { if err != nil {
return nil, err return nil, err
} }
logging.Log("SETUP-ADfng").Info("added passwordless to MFA login policy") logging.Log("SETUP-ADfng").Info("added passwordless to MFA login policy")
return []eventstore.EventPusher{passwordlessEvent, multifactorEvent}, nil return []eventstore.EventPusher{passwordlessEvent, multifactorEvent}, nil
} }
return r.setup(ctx, step, fn) return c.setup(ctx, step, fn)
} }
func setPasswordlessAllowedInPolicy(ctx context.Context, c *CommandSide, iamAgg *eventstore.Aggregate) (eventstore.EventPusher, error) { func setPasswordlessAllowedInPolicy(ctx context.Context, c *Commands, iamAgg *eventstore.Aggregate) (eventstore.EventPusher, error) {
policy, err := c.getDefaultLoginPolicy(ctx) policy, err := c.getDefaultLoginPolicy(ctx)
if err != nil { if err != nil {
return nil, err return nil, err

76
internal/command/user.go
View File

@@ -15,12 +15,12 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
) )
func (cs *CommandSide) ChangeUsername(ctx context.Context, orgID, userID, userName string) error { func (c *Commands) ChangeUsername(ctx context.Context, orgID, userID, userName string) error {
if orgID == "" || userID == "" || userName == "" { if orgID == "" || userID == "" || userName == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2N9fs", "Errors.IDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2N9fs", "Errors.IDMissing")
} }
existingUser, err := cs.userWriteModelByID(ctx, userID, orgID) existingUser, err := c.userWriteModelByID(ctx, userID, orgID)
if err != nil { if err != nil {
return err return err
} }
@@ -33,7 +33,7 @@ func (cs *CommandSide) ChangeUsername(ctx context.Context, orgID, userID, userNa
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-6m9gs", "Errors.User.UsernameNotChanged") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-6m9gs", "Errors.User.UsernameNotChanged")
} }
orgIAMPolicy, err := cs.getOrgIAMPolicy(ctx, orgID) orgIAMPolicy, err := c.getOrgIAMPolicy(ctx, orgID)
if err != nil { if err != nil {
return err return err
} }
@@ -43,18 +43,18 @@ func (cs *CommandSide) ChangeUsername(ctx context.Context, orgID, userID, userNa
} }
userAgg := UserAggregateFromWriteModel(&existingUser.WriteModel) userAgg := UserAggregateFromWriteModel(&existingUser.WriteModel)
_, err = cs.eventstore.PushEvents(ctx, _, err = c.eventstore.PushEvents(ctx,
user.NewUsernameChangedEvent(ctx, userAgg, existingUser.UserName, userName, orgIAMPolicy.UserLoginMustBeDomain)) user.NewUsernameChangedEvent(ctx, userAgg, existingUser.UserName, userName, orgIAMPolicy.UserLoginMustBeDomain))
return err return err
} }
func (r *CommandSide) DeactivateUser(ctx context.Context, userID, resourceOwner string) error { func (c *Commands) DeactivateUser(ctx context.Context, userID, resourceOwner string) error {
if userID == "" { if userID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-m0gDf", "Errors.User.UserIDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-m0gDf", "Errors.User.UserIDMissing")
} }
existingUser, err := r.userWriteModelByID(ctx, userID, resourceOwner) existingUser, err := c.userWriteModelByID(ctx, userID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
@@ -65,17 +65,17 @@ func (r *CommandSide) DeactivateUser(ctx context.Context, userID, resourceOwner
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-5M0sf", "Errors.User.AlreadyInactive") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-5M0sf", "Errors.User.AlreadyInactive")
} }
_, err = r.eventstore.PushEvents(ctx, _, err = c.eventstore.PushEvents(ctx,
user.NewUserDeactivatedEvent(ctx, UserAggregateFromWriteModel(&existingUser.WriteModel))) user.NewUserDeactivatedEvent(ctx, UserAggregateFromWriteModel(&existingUser.WriteModel)))
return err return err
} }
func (r *CommandSide) ReactivateUser(ctx context.Context, userID, resourceOwner string) error { func (c *Commands) ReactivateUser(ctx context.Context, userID, resourceOwner string) error {
if userID == "" { if userID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4M9ds", "Errors.User.UserIDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4M9ds", "Errors.User.UserIDMissing")
} }
existingUser, err := r.userWriteModelByID(ctx, userID, resourceOwner) existingUser, err := c.userWriteModelByID(ctx, userID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
@@ -86,17 +86,17 @@ func (r *CommandSide) ReactivateUser(ctx context.Context, userID, resourceOwner
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-6M0sf", "Errors.User.NotInactive") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-6M0sf", "Errors.User.NotInactive")
} }
_, err = r.eventstore.PushEvents(ctx, _, err = c.eventstore.PushEvents(ctx,
user.NewUserReactivatedEvent(ctx, UserAggregateFromWriteModel(&existingUser.WriteModel))) user.NewUserReactivatedEvent(ctx, UserAggregateFromWriteModel(&existingUser.WriteModel)))
return err return err
} }
func (r *CommandSide) LockUser(ctx context.Context, userID, resourceOwner string) error { func (c *Commands) LockUser(ctx context.Context, userID, resourceOwner string) error {
if userID == "" { if userID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M0sd", "Errors.User.UserIDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M0sd", "Errors.User.UserIDMissing")
} }
existingUser, err := r.userWriteModelByID(ctx, userID, resourceOwner) existingUser, err := c.userWriteModelByID(ctx, userID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
@@ -107,17 +107,17 @@ func (r *CommandSide) LockUser(ctx context.Context, userID, resourceOwner string
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3NN8v", "Errors.User.ShouldBeActiveOrInitial") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3NN8v", "Errors.User.ShouldBeActiveOrInitial")
} }
_, err = r.eventstore.PushEvents(ctx, _, err = c.eventstore.PushEvents(ctx,
user.NewUserLockedEvent(ctx, UserAggregateFromWriteModel(&existingUser.WriteModel))) user.NewUserLockedEvent(ctx, UserAggregateFromWriteModel(&existingUser.WriteModel)))
return err return err
} }
func (r *CommandSide) UnlockUser(ctx context.Context, userID, resourceOwner string) error { func (c *Commands) UnlockUser(ctx context.Context, userID, resourceOwner string) error {
if userID == "" { if userID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-M0dse", "Errors.User.UserIDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-M0dse", "Errors.User.UserIDMissing")
} }
existingUser, err := r.userWriteModelByID(ctx, userID, resourceOwner) existingUser, err := c.userWriteModelByID(ctx, userID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
@@ -128,17 +128,17 @@ func (r *CommandSide) UnlockUser(ctx context.Context, userID, resourceOwner stri
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4M0ds", "Errors.User.NotLocked") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4M0ds", "Errors.User.NotLocked")
} }
_, err = r.eventstore.PushEvents(ctx, _, err = c.eventstore.PushEvents(ctx,
user.NewUserUnlockedEvent(ctx, UserAggregateFromWriteModel(&existingUser.WriteModel))) user.NewUserUnlockedEvent(ctx, UserAggregateFromWriteModel(&existingUser.WriteModel)))
return err return err
} }
func (r *CommandSide) RemoveUser(ctx context.Context, userID, resourceOwner string, cascadingGrantIDs ...string) error { func (c *Commands) RemoveUser(ctx context.Context, userID, resourceOwner string, cascadingGrantIDs ...string) error {
if userID == "" { if userID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M0ds", "Errors.User.UserIDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M0ds", "Errors.User.UserIDMissing")
} }
existingUser, err := r.userWriteModelByID(ctx, userID, resourceOwner) existingUser, err := c.userWriteModelByID(ctx, userID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
@@ -146,7 +146,7 @@ func (r *CommandSide) RemoveUser(ctx context.Context, userID, resourceOwner stri
return caos_errs.ThrowNotFound(nil, "COMMAND-5M0od", "Errors.User.NotFound") return caos_errs.ThrowNotFound(nil, "COMMAND-5M0od", "Errors.User.NotFound")
} }
orgIAMPolicy, err := r.getOrgIAMPolicy(ctx, existingUser.ResourceOwner) orgIAMPolicy, err := c.getOrgIAMPolicy(ctx, existingUser.ResourceOwner)
if err != nil { if err != nil {
return err return err
} }
@@ -155,7 +155,7 @@ func (r *CommandSide) RemoveUser(ctx context.Context, userID, resourceOwner stri
events = append(events, user.NewUserRemovedEvent(ctx, userAgg, existingUser.UserName, orgIAMPolicy.UserLoginMustBeDomain)) events = append(events, user.NewUserRemovedEvent(ctx, userAgg, existingUser.UserName, orgIAMPolicy.UserLoginMustBeDomain))
for _, grantID := range cascadingGrantIDs { for _, grantID := range cascadingGrantIDs {
removeEvent, err := r.removeUserGrant(ctx, grantID, "", true) removeEvent, err := c.removeUserGrant(ctx, grantID, "", true)
if err != nil { if err != nil {
logging.LogWithFields("COMMAND-5m9oL", "usergrantid", grantID).WithError(err).Warn("could not cascade remove role on user grant") logging.LogWithFields("COMMAND-5m9oL", "usergrantid", grantID).WithError(err).Warn("could not cascade remove role on user grant")
continue continue
@@ -163,16 +163,16 @@ func (r *CommandSide) RemoveUser(ctx context.Context, userID, resourceOwner stri
events = append(events, removeEvent) events = append(events, removeEvent)
} }
_, err = r.eventstore.PushEvents(ctx, events...) _, err = c.eventstore.PushEvents(ctx, events...)
return err return err
} }
func (r *CommandSide) AddUserToken(ctx context.Context, orgID, agentID, clientID, userID string, audience, scopes []string, lifetime time.Duration) (*domain.Token, error) { func (c *Commands) AddUserToken(ctx context.Context, orgID, agentID, clientID, userID string, audience, scopes []string, lifetime time.Duration) (*domain.Token, error) {
if orgID == "" || userID == "" { if orgID == "" || userID == "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-55n8M", "Errors.IDMissing") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-55n8M", "Errors.IDMissing")
} }
existingUser, err := r.userWriteModelByID(ctx, userID, orgID) existingUser, err := c.userWriteModelByID(ctx, userID, orgID)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -183,18 +183,18 @@ func (r *CommandSide) AddUserToken(ctx context.Context, orgID, agentID, clientID
audience = domain.AddAudScopeToAudience(audience, scopes) audience = domain.AddAudScopeToAudience(audience, scopes)
preferredLanguage := "" preferredLanguage := ""
existingHuman, err := r.getHumanWriteModelByID(ctx, userID, orgID) existingHuman, err := c.getHumanWriteModelByID(ctx, userID, orgID)
if existingHuman != nil { if existingHuman != nil {
preferredLanguage = existingHuman.PreferredLanguage.String() preferredLanguage = existingHuman.PreferredLanguage.String()
} }
expiration := time.Now().UTC().Add(lifetime) expiration := time.Now().UTC().Add(lifetime)
tokenID, err := r.idGenerator.Next() tokenID, err := c.idGenerator.Next()
if err != nil { if err != nil {
return nil, err return nil, err
} }
userAgg := UserAggregateFromWriteModel(&existingUser.WriteModel) userAgg := UserAggregateFromWriteModel(&existingUser.WriteModel)
_, err = r.eventstore.PushEvents(ctx, _, err = c.eventstore.PushEvents(ctx,
user.NewUserTokenAddedEvent(ctx, userAgg, tokenID, clientID, agentID, preferredLanguage, audience, scopes, expiration)) user.NewUserTokenAddedEvent(ctx, userAgg, tokenID, clientID, agentID, preferredLanguage, audience, scopes, expiration))
if err != nil { if err != nil {
return nil, err return nil, err
@@ -214,8 +214,8 @@ func (r *CommandSide) AddUserToken(ctx context.Context, orgID, agentID, clientID
}, nil }, nil
} }
func (r *CommandSide) userDomainClaimed(ctx context.Context, userID string) (events []eventstore.EventPusher, _ *UserWriteModel, err error) { func (c *Commands) userDomainClaimed(ctx context.Context, userID string) (events []eventstore.EventPusher, _ *UserWriteModel, err error) {
existingUser, err := r.userWriteModelByID(ctx, userID, "") existingUser, err := c.userWriteModelByID(ctx, userID, "")
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
@@ -225,12 +225,12 @@ func (r *CommandSide) userDomainClaimed(ctx context.Context, userID string) (eve
changedUserGrant := NewUserWriteModel(userID, existingUser.ResourceOwner) changedUserGrant := NewUserWriteModel(userID, existingUser.ResourceOwner)
userAgg := UserAggregateFromWriteModel(&changedUserGrant.WriteModel) userAgg := UserAggregateFromWriteModel(&changedUserGrant.WriteModel)
orgIAMPolicy, err := r.getOrgIAMPolicy(ctx, existingUser.ResourceOwner) orgIAMPolicy, err := c.getOrgIAMPolicy(ctx, existingUser.ResourceOwner)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
id, err := r.idGenerator.Next() id, err := c.idGenerator.Next()
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
@@ -238,14 +238,14 @@ func (r *CommandSide) userDomainClaimed(ctx context.Context, userID string) (eve
user.NewDomainClaimedEvent( user.NewDomainClaimedEvent(
ctx, ctx,
userAgg, userAgg,
fmt.Sprintf("%s@temporary.%s", id, r.iamDomain), fmt.Sprintf("%s@temporary.%s", id, c.iamDomain),
existingUser.UserName, existingUser.UserName,
orgIAMPolicy.UserLoginMustBeDomain), orgIAMPolicy.UserLoginMustBeDomain),
}, changedUserGrant, nil }, changedUserGrant, nil
} }
func (r *CommandSide) UserDomainClaimedSent(ctx context.Context, orgID, userID string) (err error) { func (c *Commands) UserDomainClaimedSent(ctx context.Context, orgID, userID string) (err error) {
existingUser, err := r.userWriteModelByID(ctx, userID, orgID) existingUser, err := c.userWriteModelByID(ctx, userID, orgID)
if err != nil { if err != nil {
return err return err
} }
@@ -253,13 +253,13 @@ func (r *CommandSide) UserDomainClaimedSent(ctx context.Context, orgID, userID s
return caos_errs.ThrowNotFound(nil, "COMMAND-5m9gK", "Errors.User.NotFound") return caos_errs.ThrowNotFound(nil, "COMMAND-5m9gK", "Errors.User.NotFound")
} }
_, err = r.eventstore.PushEvents(ctx, _, err = c.eventstore.PushEvents(ctx,
user.NewDomainClaimedSentEvent(ctx, UserAggregateFromWriteModel(&existingUser.WriteModel))) user.NewDomainClaimedSentEvent(ctx, UserAggregateFromWriteModel(&existingUser.WriteModel)))
return err return err
} }
func (r *CommandSide) checkUserExists(ctx context.Context, userID, resourceOwner string) error { func (c *Commands) checkUserExists(ctx context.Context, userID, resourceOwner string) error {
existingUser, err := r.userWriteModelByID(ctx, userID, resourceOwner) existingUser, err := c.userWriteModelByID(ctx, userID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
@@ -269,12 +269,12 @@ func (r *CommandSide) checkUserExists(ctx context.Context, userID, resourceOwner
return nil return nil
} }
func (r *CommandSide) userWriteModelByID(ctx context.Context, userID, resourceOwner string) (writeModel *UserWriteModel, err error) { func (c *Commands) userWriteModelByID(ctx context.Context, userID, resourceOwner string) (writeModel *UserWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
writeModel = NewUserWriteModel(userID, resourceOwner) writeModel = NewUserWriteModel(userID, resourceOwner)
err = r.eventstore.FilterToQueryReducer(ctx, writeModel) err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

60
internal/command/user_grant.go
View File

@@ -11,12 +11,12 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
) )
func (r *CommandSide) AddUserGrant(ctx context.Context, usergrant *domain.UserGrant, resourceOwner string) (_ *domain.UserGrant, err error) { func (c *Commands) AddUserGrant(ctx context.Context, usergrant *domain.UserGrant, resourceOwner string) (_ *domain.UserGrant, err error) {
event, addedUserGrant, err := r.addUserGrant(ctx, usergrant, resourceOwner) event, addedUserGrant, err := c.addUserGrant(ctx, usergrant, resourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, event) pushedEvents, err := c.eventstore.PushEvents(ctx, event)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -28,7 +28,7 @@ func (r *CommandSide) AddUserGrant(ctx context.Context, usergrant *domain.UserGr
return userGrantWriteModelToUserGrant(addedUserGrant), nil return userGrantWriteModelToUserGrant(addedUserGrant), nil
} }
func (r *CommandSide) addUserGrant(ctx context.Context, userGrant *domain.UserGrant, resourceOwner string) (pusher eventstore.EventPusher, _ *UserGrantWriteModel, err error) { func (c *Commands) addUserGrant(ctx context.Context, userGrant *domain.UserGrant, resourceOwner string) (pusher eventstore.EventPusher, _ *UserGrantWriteModel, err error) {
err = checkExplicitProjectPermission(ctx, userGrant.ProjectGrantID, userGrant.ProjectID) err = checkExplicitProjectPermission(ctx, userGrant.ProjectGrantID, userGrant.ProjectID)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
@@ -36,15 +36,15 @@ func (r *CommandSide) addUserGrant(ctx context.Context, userGrant *domain.UserGr
if !userGrant.IsValid() { if !userGrant.IsValid() {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4M0fs", "Errors.UserGrant.Invalid") return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4M0fs", "Errors.UserGrant.Invalid")
} }
err = r.checkUserExists(ctx, userGrant.UserID, "") err = c.checkUserExists(ctx, userGrant.UserID, "")
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
err = r.checkProjectExists(ctx, userGrant.ProjectID, resourceOwner) err = c.checkProjectExists(ctx, userGrant.ProjectID, resourceOwner)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
userGrant.AggregateID, err = r.idGenerator.Next() userGrant.AggregateID, err = c.idGenerator.Next()
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
@@ -62,12 +62,12 @@ func (r *CommandSide) addUserGrant(ctx context.Context, userGrant *domain.UserGr
return pusher, addedUserGrant, nil return pusher, addedUserGrant, nil
} }
func (r *CommandSide) ChangeUserGrant(ctx context.Context, userGrant *domain.UserGrant, resourceOwner string) (_ *domain.UserGrant, err error) { func (c *Commands) ChangeUserGrant(ctx context.Context, userGrant *domain.UserGrant, resourceOwner string) (_ *domain.UserGrant, err error) {
event, changedUserGrant, err := r.changeUserGrant(ctx, userGrant, resourceOwner, false) event, changedUserGrant, err := c.changeUserGrant(ctx, userGrant, resourceOwner, false)
if err != nil { if err != nil {
return nil, err return nil, err
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, event) pushedEvents, err := c.eventstore.PushEvents(ctx, event)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -78,7 +78,7 @@ func (r *CommandSide) ChangeUserGrant(ctx context.Context, userGrant *domain.Use
return userGrantWriteModelToUserGrant(changedUserGrant), nil return userGrantWriteModelToUserGrant(changedUserGrant), nil
} }
func (r *CommandSide) changeUserGrant(ctx context.Context, userGrant *domain.UserGrant, resourceOwner string, cascade bool) (_ eventstore.EventPusher, _ *UserGrantWriteModel, err error) { func (c *Commands) changeUserGrant(ctx context.Context, userGrant *domain.UserGrant, resourceOwner string, cascade bool) (_ eventstore.EventPusher, _ *UserGrantWriteModel, err error) {
err = checkExplicitProjectPermission(ctx, userGrant.ProjectGrantID, userGrant.ProjectID) err = checkExplicitProjectPermission(ctx, userGrant.ProjectGrantID, userGrant.ProjectID)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
@@ -87,7 +87,7 @@ func (r *CommandSide) changeUserGrant(ctx context.Context, userGrant *domain.Use
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3M0sd", "Errors.UserGrant.Invalid") return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3M0sd", "Errors.UserGrant.Invalid")
} }
existingUserGrant, err := r.userGrantWriteModelByID(ctx, userGrant.AggregateID, userGrant.ResourceOwner) existingUserGrant, err := c.userGrantWriteModelByID(ctx, userGrant.AggregateID, userGrant.ResourceOwner)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
@@ -107,8 +107,8 @@ func (r *CommandSide) changeUserGrant(ctx context.Context, userGrant *domain.Use
return usergrant.NewUserGrantChangedEvent(ctx, userGrantAgg, userGrant.RoleKeys), existingUserGrant, nil return usergrant.NewUserGrantChangedEvent(ctx, userGrantAgg, userGrant.RoleKeys), existingUserGrant, nil
} }
func (r *CommandSide) removeRoleFromUserGrant(ctx context.Context, userGrantID string, roleKeys []string, cascade bool) (_ eventstore.EventPusher, err error) { func (c *Commands) removeRoleFromUserGrant(ctx context.Context, userGrantID string, roleKeys []string, cascade bool) (_ eventstore.EventPusher, err error) {
existingUserGrant, err := r.userGrantWriteModelByID(ctx, userGrantID, "") existingUserGrant, err := c.userGrantWriteModelByID(ctx, userGrantID, "")
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -140,12 +140,12 @@ func (r *CommandSide) removeRoleFromUserGrant(ctx context.Context, userGrantID s
return usergrant.NewUserGrantChangedEvent(ctx, userGrantAgg, existingUserGrant.RoleKeys), nil return usergrant.NewUserGrantChangedEvent(ctx, userGrantAgg, existingUserGrant.RoleKeys), nil
} }
func (r *CommandSide) DeactivateUserGrant(ctx context.Context, grantID, resourceOwner string) (err error) { func (c *Commands) DeactivateUserGrant(ctx context.Context, grantID, resourceOwner string) (err error) {
if grantID == "" || resourceOwner == "" { if grantID == "" || resourceOwner == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-M0dsf", "Errors.UserGrant.IDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-M0dsf", "Errors.UserGrant.IDMissing")
} }
existingUserGrant, err := r.userGrantWriteModelByID(ctx, grantID, resourceOwner) existingUserGrant, err := c.userGrantWriteModelByID(ctx, grantID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
@@ -162,16 +162,16 @@ func (r *CommandSide) DeactivateUserGrant(ctx context.Context, grantID, resource
deactivateUserGrant := NewUserGrantWriteModel(grantID, resourceOwner) deactivateUserGrant := NewUserGrantWriteModel(grantID, resourceOwner)
userGrantAgg := UserGrantAggregateFromWriteModel(&deactivateUserGrant.WriteModel) userGrantAgg := UserGrantAggregateFromWriteModel(&deactivateUserGrant.WriteModel)
_, err = r.eventstore.PushEvents(ctx, usergrant.NewUserGrantDeactivatedEvent(ctx, userGrantAgg)) _, err = c.eventstore.PushEvents(ctx, usergrant.NewUserGrantDeactivatedEvent(ctx, userGrantAgg))
return err return err
} }
func (r *CommandSide) ReactivateUserGrant(ctx context.Context, grantID, resourceOwner string) (err error) { func (c *Commands) ReactivateUserGrant(ctx context.Context, grantID, resourceOwner string) (err error) {
if grantID == "" || resourceOwner == "" { if grantID == "" || resourceOwner == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Qxy8v", "Errors.UserGrant.IDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Qxy8v", "Errors.UserGrant.IDMissing")
} }
existingUserGrant, err := r.userGrantWriteModelByID(ctx, grantID, resourceOwner) existingUserGrant, err := c.userGrantWriteModelByID(ctx, grantID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
@@ -188,39 +188,39 @@ func (r *CommandSide) ReactivateUserGrant(ctx context.Context, grantID, resource
deactivateUserGrant := NewUserGrantWriteModel(grantID, resourceOwner) deactivateUserGrant := NewUserGrantWriteModel(grantID, resourceOwner)
userGrantAgg := UserGrantAggregateFromWriteModel(&deactivateUserGrant.WriteModel) userGrantAgg := UserGrantAggregateFromWriteModel(&deactivateUserGrant.WriteModel)
_, err = r.eventstore.PushEvents(ctx, usergrant.NewUserGrantReactivatedEvent(ctx, userGrantAgg)) _, err = c.eventstore.PushEvents(ctx, usergrant.NewUserGrantReactivatedEvent(ctx, userGrantAgg))
return err return err
} }
func (r *CommandSide) RemoveUserGrant(ctx context.Context, grantID, resourceOwner string) (err error) { func (c *Commands) RemoveUserGrant(ctx context.Context, grantID, resourceOwner string) (err error) {
event, err := r.removeUserGrant(ctx, grantID, resourceOwner, false) event, err := c.removeUserGrant(ctx, grantID, resourceOwner, false)
if err != nil { if err != nil {
return nil return nil
} }
_, err = r.eventstore.PushEvents(ctx, event) _, err = c.eventstore.PushEvents(ctx, event)
return err return err
} }
func (r *CommandSide) BulkRemoveUserGrant(ctx context.Context, grantIDs []string, resourceOwner string) (err error) { func (c *Commands) BulkRemoveUserGrant(ctx context.Context, grantIDs []string, resourceOwner string) (err error) {
events := make([]eventstore.EventPusher, len(grantIDs)) events := make([]eventstore.EventPusher, len(grantIDs))
for i, grantID := range grantIDs { for i, grantID := range grantIDs {
event, err := r.removeUserGrant(ctx, grantID, resourceOwner, false) event, err := c.removeUserGrant(ctx, grantID, resourceOwner, false)
if err != nil { if err != nil {
return nil return nil
} }
events[i] = event events[i] = event
} }
_, err = r.eventstore.PushEvents(ctx, events...) _, err = c.eventstore.PushEvents(ctx, events...)
return err return err
} }
func (r *CommandSide) removeUserGrant(ctx context.Context, grantID, resourceOwner string, cascade bool) (_ eventstore.EventPusher, err error) { func (c *Commands) removeUserGrant(ctx context.Context, grantID, resourceOwner string, cascade bool) (_ eventstore.EventPusher, err error) {
if grantID == "" { if grantID == "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-J9sc5", "Errors.UserGrant.IDMissing") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-J9sc5", "Errors.UserGrant.IDMissing")
} }
existingUserGrant, err := r.userGrantWriteModelByID(ctx, grantID, resourceOwner) existingUserGrant, err := c.userGrantWriteModelByID(ctx, grantID, resourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -252,12 +252,12 @@ func (r *CommandSide) removeUserGrant(ctx context.Context, grantID, resourceOwne
existingUserGrant.ProjectID, existingUserGrant.ProjectID,
existingUserGrant.ProjectGrantID), nil existingUserGrant.ProjectGrantID), nil
} }
func (r *CommandSide) userGrantWriteModelByID(ctx context.Context, userGrantID, resourceOwner string) (writeModel *UserGrantWriteModel, err error) { func (c *Commands) userGrantWriteModelByID(ctx context.Context, userGrantID, resourceOwner string) (writeModel *UserGrantWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
writeModel = NewUserGrantWriteModel(userGrantID, resourceOwner) writeModel = NewUserGrantWriteModel(userGrantID, resourceOwner)
err = r.eventstore.FilterToQueryReducer(ctx, writeModel) err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

58
internal/command/user_human.go
View File

@@ -10,8 +10,8 @@ import (
"github.com/caos/zitadel/internal/repository/user" "github.com/caos/zitadel/internal/repository/user"
) )
func (r *CommandSide) getHuman(ctx context.Context, userID, resourceowner string) (*domain.Human, error) { func (c *Commands) getHuman(ctx context.Context, userID, resourceowner string) (*domain.Human, error) {
human, err := r.getHumanWriteModelByID(ctx, userID, resourceowner) human, err := c.getHumanWriteModelByID(ctx, userID, resourceowner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -21,12 +21,12 @@ func (r *CommandSide) getHuman(ctx context.Context, userID, resourceowner string
return writeModelToHuman(human), nil return writeModelToHuman(human), nil
} }
func (r *CommandSide) AddHuman(ctx context.Context, orgID string, human *domain.Human) (*domain.Human, error) { func (c *Commands) AddHuman(ctx context.Context, orgID string, human *domain.Human) (*domain.Human, error) {
events, addedHuman, err := r.addHuman(ctx, orgID, human) events, addedHuman, err := c.addHuman(ctx, orgID, human)
if err != nil { if err != nil {
return nil, err return nil, err
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, events...) pushedEvents, err := c.eventstore.PushEvents(ctx, events...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -39,15 +39,15 @@ func (r *CommandSide) AddHuman(ctx context.Context, orgID string, human *domain.
return writeModelToHuman(addedHuman), nil return writeModelToHuman(addedHuman), nil
} }
func (r *CommandSide) addHuman(ctx context.Context, orgID string, human *domain.Human) ([]eventstore.EventPusher, *HumanWriteModel, error) { func (c *Commands) addHuman(ctx context.Context, orgID string, human *domain.Human) ([]eventstore.EventPusher, *HumanWriteModel, error) {
if !human.IsValid() { if !human.IsValid() {
return nil, nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-4M90d", "Errors.User.Invalid") return nil, nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-4M90d", "Errors.User.Invalid")
} }
return r.createHuman(ctx, orgID, human, nil, false) return c.createHuman(ctx, orgID, human, nil, false)
} }
func (r *CommandSide) RegisterHuman(ctx context.Context, orgID string, human *domain.Human, externalIDP *domain.ExternalIDP, orgMemberRoles []string) (*domain.Human, error) { func (c *Commands) RegisterHuman(ctx context.Context, orgID string, human *domain.Human, externalIDP *domain.ExternalIDP, orgMemberRoles []string) (*domain.Human, error) {
userEvents, registeredHuman, err := r.registerHuman(ctx, orgID, human, externalIDP) userEvents, registeredHuman, err := c.registerHuman(ctx, orgID, human, externalIDP)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -62,14 +62,14 @@ func (r *CommandSide) RegisterHuman(ctx context.Context, orgID string, human *do
UserID: human.AggregateID, UserID: human.AggregateID,
Roles: orgMemberRoles, Roles: orgMemberRoles,
} }
memberEvent, err := r.addOrgMember(ctx, orgAgg, orgMemberWriteModel, orgMember) memberEvent, err := c.addOrgMember(ctx, orgAgg, orgMemberWriteModel, orgMember)
if err != nil { if err != nil {
return nil, err return nil, err
} }
userEvents = append(userEvents, memberEvent) userEvents = append(userEvents, memberEvent)
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, userEvents...) pushedEvents, err := c.eventstore.PushEvents(ctx, userEvents...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -81,24 +81,24 @@ func (r *CommandSide) RegisterHuman(ctx context.Context, orgID string, human *do
return writeModelToHuman(registeredHuman), nil return writeModelToHuman(registeredHuman), nil
} }
func (r *CommandSide) registerHuman(ctx context.Context, orgID string, human *domain.Human, externalIDP *domain.ExternalIDP) ([]eventstore.EventPusher, *HumanWriteModel, error) { func (c *Commands) registerHuman(ctx context.Context, orgID string, human *domain.Human, externalIDP *domain.ExternalIDP) ([]eventstore.EventPusher, *HumanWriteModel, error) {
if !human.IsValid() || externalIDP == nil && (human.Password == nil || human.SecretString == "") { if !human.IsValid() || externalIDP == nil && (human.Password == nil || human.SecretString == "") {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-9dk45", "Errors.User.Invalid") return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-9dk45", "Errors.User.Invalid")
} }
return r.createHuman(ctx, orgID, human, externalIDP, true) return c.createHuman(ctx, orgID, human, externalIDP, true)
} }
func (r *CommandSide) createHuman(ctx context.Context, orgID string, human *domain.Human, externalIDP *domain.ExternalIDP, selfregister bool) ([]eventstore.EventPusher, *HumanWriteModel, error) { func (c *Commands) createHuman(ctx context.Context, orgID string, human *domain.Human, externalIDP *domain.ExternalIDP, selfregister bool) ([]eventstore.EventPusher, *HumanWriteModel, error) {
userID, err := r.idGenerator.Next() userID, err := c.idGenerator.Next()
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
human.AggregateID = userID human.AggregateID = userID
orgIAMPolicy, err := r.getOrgIAMPolicy(ctx, orgID) orgIAMPolicy, err := c.getOrgIAMPolicy(ctx, orgID)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
pwPolicy, err := r.getOrgPasswordComplexityPolicy(ctx, orgID) pwPolicy, err := c.getOrgPasswordComplexityPolicy(ctx, orgID)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
@@ -106,7 +106,7 @@ func (r *CommandSide) createHuman(ctx context.Context, orgID string, human *doma
return nil, nil, err return nil, nil, err
} }
human.SetNamesAsDisplayname() human.SetNamesAsDisplayname()
if err := human.HashPasswordIfExisting(pwPolicy, r.userPasswordAlg, true); err != nil { if err := human.HashPasswordIfExisting(pwPolicy, c.userPasswordAlg, true); err != nil {
return nil, nil, err return nil, nil, err
} }
addedHuman := NewHumanWriteModel(human.AggregateID, orgID) addedHuman := NewHumanWriteModel(human.AggregateID, orgID)
@@ -121,7 +121,7 @@ func (r *CommandSide) createHuman(ctx context.Context, orgID string, human *doma
} }
if externalIDP != nil { if externalIDP != nil {
event, err := r.addHumanExternalIDP(ctx, userAgg, externalIDP) event, err := c.addHumanExternalIDP(ctx, userAgg, externalIDP)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
@@ -129,7 +129,7 @@ func (r *CommandSide) createHuman(ctx context.Context, orgID string, human *doma
} }
if human.IsInitialState() { if human.IsInitialState() {
initCode, err := domain.NewInitUserCode(r.initializeUserCode) initCode, err := domain.NewInitUserCode(c.initializeUserCode)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
@@ -141,7 +141,7 @@ func (r *CommandSide) createHuman(ctx context.Context, orgID string, human *doma
} }
if human.Phone != nil && human.PhoneNumber != "" && !human.IsPhoneVerified { if human.Phone != nil && human.PhoneNumber != "" && !human.IsPhoneVerified {
phoneCode, err := domain.NewPhoneCode(r.phoneVerificationCode) phoneCode, err := domain.NewPhoneCode(c.phoneVerificationCode)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
@@ -153,12 +153,12 @@ func (r *CommandSide) createHuman(ctx context.Context, orgID string, human *doma
return events, addedHuman, nil return events, addedHuman, nil
} }
func (r *CommandSide) HumanSkipMFAInit(ctx context.Context, userID, resourceowner string) (err error) { func (c *Commands) HumanSkipMFAInit(ctx context.Context, userID, resourceowner string) (err error) {
if userID == "" { if userID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2xpX9", "Errors.User.UserIDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2xpX9", "Errors.User.UserIDMissing")
} }
existingHuman, err := r.getHumanWriteModelByID(ctx, userID, resourceowner) existingHuman, err := c.getHumanWriteModelByID(ctx, userID, resourceowner)
if err != nil { if err != nil {
return err return err
} }
@@ -166,7 +166,7 @@ func (r *CommandSide) HumanSkipMFAInit(ctx context.Context, userID, resourceowne
return caos_errs.ThrowNotFound(nil, "COMMAND-m9cV8", "Errors.User.NotFound") return caos_errs.ThrowNotFound(nil, "COMMAND-m9cV8", "Errors.User.NotFound")
} }
_, err = r.eventstore.PushEvents(ctx, _, err = c.eventstore.PushEvents(ctx,
user.NewHumanMFAInitSkippedEvent(ctx, UserAggregateFromWriteModel(&existingHuman.WriteModel))) user.NewHumanMFAInitSkippedEvent(ctx, UserAggregateFromWriteModel(&existingHuman.WriteModel)))
return err return err
} }
@@ -234,13 +234,13 @@ func createRegisterHumanEvent(ctx context.Context, aggregate *eventstore.Aggrega
return addEvent return addEvent
} }
func (r *CommandSide) HumansSignOut(ctx context.Context, agentID string, userIDs []string) error { func (c *Commands) HumansSignOut(ctx context.Context, agentID string, userIDs []string) error {
if agentID == "" { if agentID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M0ds", "Errors.User.UserIDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M0ds", "Errors.User.UserIDMissing")
} }
events := make([]eventstore.EventPusher, len(userIDs)) events := make([]eventstore.EventPusher, len(userIDs))
for i, userID := range userIDs { for i, userID := range userIDs {
existingUser, err := r.getHumanWriteModelByID(ctx, userID, "") existingUser, err := c.getHumanWriteModelByID(ctx, userID, "")
if err != nil { if err != nil {
return err return err
} }
@@ -253,13 +253,13 @@ func (r *CommandSide) HumansSignOut(ctx context.Context, agentID string, userIDs
agentID) agentID)
} }
_, err := r.eventstore.PushEvents(ctx, events...) _, err := c.eventstore.PushEvents(ctx, events...)
return err return err
} }
func (r *CommandSide) getHumanWriteModelByID(ctx context.Context, userID, resourceowner string) (*HumanWriteModel, error) { func (c *Commands) getHumanWriteModelByID(ctx context.Context, userID, resourceowner string) (*HumanWriteModel, error) {
humanWriteModel := NewHumanWriteModel(userID, resourceowner) humanWriteModel := NewHumanWriteModel(userID, resourceowner)
err := r.eventstore.FilterToQueryReducer(ctx, humanWriteModel) err := c.eventstore.FilterToQueryReducer(ctx, humanWriteModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

10
internal/command/user_human_address.go
View File

@@ -7,8 +7,8 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
) )
func (r *CommandSide) ChangeHumanAddress(ctx context.Context, address *domain.Address) (*domain.Address, error) { func (c *Commands) ChangeHumanAddress(ctx context.Context, address *domain.Address) (*domain.Address, error) {
existingAddress, err := r.addressWriteModel(ctx, address.AggregateID, address.ResourceOwner) existingAddress, err := c.addressWriteModel(ctx, address.AggregateID, address.ResourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -20,7 +20,7 @@ func (r *CommandSide) ChangeHumanAddress(ctx context.Context, address *domain.Ad
if !hasChanged { if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3M0cs", "Errors.User.Address.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3M0cs", "Errors.User.Address.NotChanged")
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, changedEvent) pushedEvents, err := c.eventstore.PushEvents(ctx, changedEvent)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -31,12 +31,12 @@ func (r *CommandSide) ChangeHumanAddress(ctx context.Context, address *domain.Ad
return writeModelToAddress(existingAddress), nil return writeModelToAddress(existingAddress), nil
} }
func (r *CommandSide) addressWriteModel(ctx context.Context, userID, resourceOwner string) (writeModel *HumanAddressWriteModel, err error) { func (c *Commands) addressWriteModel(ctx context.Context, userID, resourceOwner string) (writeModel *HumanAddressWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
writeModel = NewHumanAddressWriteModel(userID, resourceOwner) writeModel = NewHumanAddressWriteModel(userID, resourceOwner)
err = r.eventstore.FilterToQueryReducer(ctx, writeModel) err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

36
internal/command/user_human_email.go
View File

@@ -11,12 +11,12 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
) )
func (r *CommandSide) ChangeHumanEmail(ctx context.Context, email *domain.Email) (*domain.Email, error) { func (c *Commands) ChangeHumanEmail(ctx context.Context, email *domain.Email) (*domain.Email, error) {
if !email.IsValid() || email.AggregateID == "" { if !email.IsValid() || email.AggregateID == "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4M9sf", "Errors.Email.Invalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4M9sf", "Errors.Email.Invalid")
} }
existingEmail, err := r.emailWriteModel(ctx, email.AggregateID, email.ResourceOwner) existingEmail, err := c.emailWriteModel(ctx, email.AggregateID, email.ResourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -34,14 +34,14 @@ func (r *CommandSide) ChangeHumanEmail(ctx context.Context, email *domain.Email)
if email.IsEmailVerified { if email.IsEmailVerified {
events = append(events, user.NewHumanEmailVerifiedEvent(ctx, userAgg)) events = append(events, user.NewHumanEmailVerifiedEvent(ctx, userAgg))
} else { } else {
emailCode, err := domain.NewEmailCode(r.emailVerificationCode) emailCode, err := domain.NewEmailCode(c.emailVerificationCode)
if err != nil { if err != nil {
return nil, err return nil, err
} }
events = append(events, user.NewHumanEmailCodeAddedEvent(ctx, userAgg, emailCode.Code, emailCode.Expiry)) events = append(events, user.NewHumanEmailCodeAddedEvent(ctx, userAgg, emailCode.Code, emailCode.Expiry))
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, events...) pushedEvents, err := c.eventstore.PushEvents(ctx, events...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -52,7 +52,7 @@ func (r *CommandSide) ChangeHumanEmail(ctx context.Context, email *domain.Email)
return writeModelToEmail(existingEmail), nil return writeModelToEmail(existingEmail), nil
} }
func (r *CommandSide) VerifyHumanEmail(ctx context.Context, userID, code, resourceowner string) error { func (c *Commands) VerifyHumanEmail(ctx context.Context, userID, code, resourceowner string) error {
if userID == "" { if userID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4M0ds", "Errors.User.UserIDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4M0ds", "Errors.User.UserIDMissing")
} }
@@ -60,7 +60,7 @@ func (r *CommandSide) VerifyHumanEmail(ctx context.Context, userID, code, resour
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-çm0ds", "Errors.User.Code.Empty") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-çm0ds", "Errors.User.Code.Empty")
} }
existingCode, err := r.emailWriteModel(ctx, userID, resourceowner) existingCode, err := c.emailWriteModel(ctx, userID, resourceowner)
if err != nil { if err != nil {
return err return err
} }
@@ -69,23 +69,23 @@ func (r *CommandSide) VerifyHumanEmail(ctx context.Context, userID, code, resour
} }
userAgg := UserAggregateFromWriteModel(&existingCode.WriteModel) userAgg := UserAggregateFromWriteModel(&existingCode.WriteModel)
err = crypto.VerifyCode(existingCode.CodeCreationDate, existingCode.CodeExpiry, existingCode.Code, code, r.emailVerificationCode) err = crypto.VerifyCode(existingCode.CodeCreationDate, existingCode.CodeExpiry, existingCode.Code, code, c.emailVerificationCode)
if err == nil { if err == nil {
_, err = r.eventstore.PushEvents(ctx, user.NewHumanEmailVerifiedEvent(ctx, userAgg)) _, err = c.eventstore.PushEvents(ctx, user.NewHumanEmailVerifiedEvent(ctx, userAgg))
return err return err
} }
_, err = r.eventstore.PushEvents(ctx, user.NewHumanEmailVerificationFailedEvent(ctx, userAgg)) _, err = c.eventstore.PushEvents(ctx, user.NewHumanEmailVerificationFailedEvent(ctx, userAgg))
logging.LogWithFields("COMMAND-Dg2z5", "userID", userAgg.ID).OnError(err).Error("NewHumanEmailVerificationFailedEvent push failed") logging.LogWithFields("COMMAND-Dg2z5", "userID", userAgg.ID).OnError(err).Error("NewHumanEmailVerificationFailedEvent push failed")
return caos_errs.ThrowInvalidArgument(err, "COMMAND-Gdsgs", "Errors.User.Code.Invalid") return caos_errs.ThrowInvalidArgument(err, "COMMAND-Gdsgs", "Errors.User.Code.Invalid")
} }
func (r *CommandSide) CreateHumanEmailVerificationCode(ctx context.Context, userID, resourceOwner string) error { func (c *Commands) CreateHumanEmailVerificationCode(ctx context.Context, userID, resourceOwner string) error {
if userID == "" { if userID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4M0ds", "Errors.User.UserIDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4M0ds", "Errors.User.UserIDMissing")
} }
existingEmail, err := r.emailWriteModel(ctx, userID, resourceOwner) existingEmail, err := c.emailWriteModel(ctx, userID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
@@ -99,16 +99,16 @@ func (r *CommandSide) CreateHumanEmailVerificationCode(ctx context.Context, user
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3M9ds", "Errors.User.Email.AlreadyVerified") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3M9ds", "Errors.User.Email.AlreadyVerified")
} }
userAgg := UserAggregateFromWriteModel(&existingEmail.WriteModel) userAgg := UserAggregateFromWriteModel(&existingEmail.WriteModel)
emailCode, err := domain.NewEmailCode(r.emailVerificationCode) emailCode, err := domain.NewEmailCode(c.emailVerificationCode)
if err != nil { if err != nil {
return err return err
} }
_, err = r.eventstore.PushEvents(ctx, user.NewHumanEmailCodeAddedEvent(ctx, userAgg, emailCode.Code, emailCode.Expiry)) _, err = c.eventstore.PushEvents(ctx, user.NewHumanEmailCodeAddedEvent(ctx, userAgg, emailCode.Code, emailCode.Expiry))
return err return err
} }
func (r *CommandSide) HumanEmailVerificationCodeSent(ctx context.Context, orgID, userID string) (err error) { func (c *Commands) HumanEmailVerificationCodeSent(ctx context.Context, orgID, userID string) (err error) {
existingEmail, err := r.emailWriteModel(ctx, userID, orgID) existingEmail, err := c.emailWriteModel(ctx, userID, orgID)
if err != nil { if err != nil {
return err return err
} }
@@ -116,16 +116,16 @@ func (r *CommandSide) HumanEmailVerificationCodeSent(ctx context.Context, orgID,
return caos_errs.ThrowNotFound(nil, "COMMAND-6n8uH", "Errors.User.Email.NotFound") return caos_errs.ThrowNotFound(nil, "COMMAND-6n8uH", "Errors.User.Email.NotFound")
} }
userAgg := UserAggregateFromWriteModel(&existingEmail.WriteModel) userAgg := UserAggregateFromWriteModel(&existingEmail.WriteModel)
_, err = r.eventstore.PushEvents(ctx, user.NewHumanEmailCodeSentEvent(ctx, userAgg)) _, err = c.eventstore.PushEvents(ctx, user.NewHumanEmailCodeSentEvent(ctx, userAgg))
return err return err
} }
func (r *CommandSide) emailWriteModel(ctx context.Context, userID, resourceOwner string) (writeModel *HumanEmailWriteModel, err error) { func (c *Commands) emailWriteModel(ctx context.Context, userID, resourceOwner string) (writeModel *HumanEmailWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
writeModel = NewHumanEmailWriteModel(userID, resourceOwner) writeModel = NewHumanEmailWriteModel(userID, resourceOwner)
err = r.eventstore.FilterToQueryReducer(ctx, writeModel) err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

28
internal/command/user_human_externalidp.go
View File

@@ -10,7 +10,7 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
) )
func (r *CommandSide) BulkAddedHumanExternalIDP(ctx context.Context, userID, resourceOwner string, externalIDPs []*domain.ExternalIDP) (err error) { func (c *Commands) BulkAddedHumanExternalIDP(ctx context.Context, userID, resourceOwner string, externalIDPs []*domain.ExternalIDP) (err error) {
if len(externalIDPs) == 0 { if len(externalIDPs) == 0 {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Ek9s", "Errors.User.ExternalIDP.MinimumExternalIDPNeeded") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Ek9s", "Errors.User.ExternalIDP.MinimumExternalIDPNeeded")
} }
@@ -20,17 +20,17 @@ func (r *CommandSide) BulkAddedHumanExternalIDP(ctx context.Context, userID, res
externalIDPWriteModel := NewHumanExternalIDPWriteModel(userID, externalIDP.IDPConfigID, externalIDP.ExternalUserID, resourceOwner) externalIDPWriteModel := NewHumanExternalIDPWriteModel(userID, externalIDP.IDPConfigID, externalIDP.ExternalUserID, resourceOwner)
userAgg := UserAggregateFromWriteModel(&externalIDPWriteModel.WriteModel) userAgg := UserAggregateFromWriteModel(&externalIDPWriteModel.WriteModel)
events[i], err = r.addHumanExternalIDP(ctx, userAgg, externalIDP) events[i], err = c.addHumanExternalIDP(ctx, userAgg, externalIDP)
if err != nil { if err != nil {
return err return err
} }
} }
_, err = r.eventstore.PushEvents(ctx, events...) _, err = c.eventstore.PushEvents(ctx, events...)
return err return err
} }
func (r *CommandSide) addHumanExternalIDP(ctx context.Context, aggregate *eventstore.Aggregate, externalIDP *domain.ExternalIDP) (eventstore.EventPusher, error) { func (c *Commands) addHumanExternalIDP(ctx context.Context, aggregate *eventstore.Aggregate, externalIDP *domain.ExternalIDP) (eventstore.EventPusher, error) {
if !externalIDP.IsValid() { if !externalIDP.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-6m9Kd", "Errors.User.ExternalIDP.Invalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-6m9Kd", "Errors.User.ExternalIDP.Invalid")
} }
@@ -38,21 +38,21 @@ func (r *CommandSide) addHumanExternalIDP(ctx context.Context, aggregate *events
return user.NewHumanExternalIDPAddedEvent(ctx, aggregate, externalIDP.IDPConfigID, externalIDP.DisplayName, externalIDP.ExternalUserID), nil return user.NewHumanExternalIDPAddedEvent(ctx, aggregate, externalIDP.IDPConfigID, externalIDP.DisplayName, externalIDP.ExternalUserID), nil
} }
func (r *CommandSide) RemoveHumanExternalIDP(ctx context.Context, externalIDP *domain.ExternalIDP) error { func (c *Commands) RemoveHumanExternalIDP(ctx context.Context, externalIDP *domain.ExternalIDP) error {
event, err := r.removeHumanExternalIDP(ctx, externalIDP, false) event, err := c.removeHumanExternalIDP(ctx, externalIDP, false)
if err != nil { if err != nil {
return err return err
} }
_, err = r.eventstore.PushEvents(ctx, event) _, err = c.eventstore.PushEvents(ctx, event)
return err return err
} }
func (r *CommandSide) removeHumanExternalIDP(ctx context.Context, externalIDP *domain.ExternalIDP, cascade bool) (eventstore.EventPusher, error) { func (c *Commands) removeHumanExternalIDP(ctx context.Context, externalIDP *domain.ExternalIDP, cascade bool) (eventstore.EventPusher, error) {
if externalIDP.IsValid() { if externalIDP.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3M9ds", "Errors.IDMissing") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3M9ds", "Errors.IDMissing")
} }
existingExternalIDP, err := r.externalIDPWriteModelByID(ctx, externalIDP.AggregateID, externalIDP.IDPConfigID, externalIDP.ExternalUserID, externalIDP.ResourceOwner) existingExternalIDP, err := c.externalIDPWriteModelByID(ctx, externalIDP.AggregateID, externalIDP.IDPConfigID, externalIDP.ExternalUserID, externalIDP.ResourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -66,12 +66,12 @@ func (r *CommandSide) removeHumanExternalIDP(ctx context.Context, externalIDP *d
return user.NewHumanExternalIDPRemovedEvent(ctx, userAgg, externalIDP.IDPConfigID, externalIDP.ExternalUserID), nil return user.NewHumanExternalIDPRemovedEvent(ctx, userAgg, externalIDP.IDPConfigID, externalIDP.ExternalUserID), nil
} }
func (r *CommandSide) HumanExternalLoginChecked(ctx context.Context, orgID, userID string, authRequest *domain.AuthRequest) (err error) { func (c *Commands) HumanExternalLoginChecked(ctx context.Context, orgID, userID string, authRequest *domain.AuthRequest) (err error) {
if userID == "" { if userID == "" {
return caos_errs.ThrowNotFound(nil, "COMMAND-5n8sM", "Errors.IDMissing") return caos_errs.ThrowNotFound(nil, "COMMAND-5n8sM", "Errors.IDMissing")
} }
existingHuman, err := r.getHumanWriteModelByID(ctx, userID, orgID) existingHuman, err := c.getHumanWriteModelByID(ctx, userID, orgID)
if err != nil { if err != nil {
return err return err
} }
@@ -80,16 +80,16 @@ func (r *CommandSide) HumanExternalLoginChecked(ctx context.Context, orgID, user
} }
userAgg := UserAggregateFromWriteModel(&existingHuman.WriteModel) userAgg := UserAggregateFromWriteModel(&existingHuman.WriteModel)
_, err = r.eventstore.PushEvents(ctx, user.NewHumanExternalIDPCheckSucceededEvent(ctx, userAgg, authRequestDomainToAuthRequestInfo(authRequest))) _, err = c.eventstore.PushEvents(ctx, user.NewHumanExternalIDPCheckSucceededEvent(ctx, userAgg, authRequestDomainToAuthRequestInfo(authRequest)))
return err return err
} }
func (r *CommandSide) externalIDPWriteModelByID(ctx context.Context, userID, idpConfigID, externalUserID, resourceOwner string) (writeModel *HumanExternalIDPWriteModel, err error) { func (c *Commands) externalIDPWriteModelByID(ctx context.Context, userID, idpConfigID, externalUserID, resourceOwner string) (writeModel *HumanExternalIDPWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
writeModel = NewHumanExternalIDPWriteModel(userID, idpConfigID, externalUserID, resourceOwner) writeModel = NewHumanExternalIDPWriteModel(userID, idpConfigID, externalUserID, resourceOwner)
err = r.eventstore.FilterToQueryReducer(ctx, writeModel) err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

30
internal/command/user_human_init.go
View File

@@ -11,12 +11,12 @@ import (
) )
//ResendInitialMail resend inital mail and changes email if provided //ResendInitialMail resend inital mail and changes email if provided
func (r *CommandSide) ResendInitialMail(ctx context.Context, userID, email, resourceOwner string) (err error) { func (c *Commands) ResendInitialMail(ctx context.Context, userID, email, resourceOwner string) (err error) {
if userID == "" { if userID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2n8vs", "Errors.User.UserIDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2n8vs", "Errors.User.UserIDMissing")
} }
existingCode, err := r.getHumanInitWriteModelByID(ctx, userID, resourceOwner) existingCode, err := c.getHumanInitWriteModelByID(ctx, userID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
@@ -32,16 +32,16 @@ func (r *CommandSide) ResendInitialMail(ctx context.Context, userID, email, reso
changedEvent, _ := existingCode.NewChangedEvent(ctx, userAgg, email) changedEvent, _ := existingCode.NewChangedEvent(ctx, userAgg, email)
events = append(events, changedEvent) events = append(events, changedEvent)
} }
initCode, err := domain.NewInitUserCode(r.initializeUserCode) initCode, err := domain.NewInitUserCode(c.initializeUserCode)
if err != nil { if err != nil {
return err return err
} }
events = append(events, user.NewHumanInitialCodeAddedEvent(ctx, userAgg, initCode.Code, initCode.Expiry)) events = append(events, user.NewHumanInitialCodeAddedEvent(ctx, userAgg, initCode.Code, initCode.Expiry))
_, err = r.eventstore.PushEvents(ctx, events...) _, err = c.eventstore.PushEvents(ctx, events...)
return err return err
} }
func (r *CommandSide) HumanVerifyInitCode(ctx context.Context, userID, resourceOwner, code, passwordString string) error { func (c *Commands) HumanVerifyInitCode(ctx context.Context, userID, resourceOwner, code, passwordString string) error {
if userID == "" { if userID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-mkM9f", "Errors.User.UserIDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-mkM9f", "Errors.User.UserIDMissing")
} }
@@ -49,7 +49,7 @@ func (r *CommandSide) HumanVerifyInitCode(ctx context.Context, userID, resourceO
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-44G8s", "Errors.User.Code.Empty") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-44G8s", "Errors.User.Code.Empty")
} }
existingCode, err := r.getHumanInitWriteModelByID(ctx, userID, resourceOwner) existingCode, err := c.getHumanInitWriteModelByID(ctx, userID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
@@ -58,9 +58,9 @@ func (r *CommandSide) HumanVerifyInitCode(ctx context.Context, userID, resourceO
} }
userAgg := UserAggregateFromWriteModel(&existingCode.WriteModel) userAgg := UserAggregateFromWriteModel(&existingCode.WriteModel)
err = crypto.VerifyCode(existingCode.CodeCreationDate, existingCode.CodeExpiry, existingCode.Code, code, r.initializeUserCode) err = crypto.VerifyCode(existingCode.CodeCreationDate, existingCode.CodeExpiry, existingCode.Code, code, c.initializeUserCode)
if err != nil { if err != nil {
_, err = r.eventstore.PushEvents(ctx, user.NewHumanInitializedCheckFailedEvent(ctx, userAgg)) _, err = c.eventstore.PushEvents(ctx, user.NewHumanInitializedCheckFailedEvent(ctx, userAgg))
logging.LogWithFields("COMMAND-Dg2z5", "userID", userAgg.ID).OnError(err).Error("NewHumanInitializedCheckFailedEvent push failed") logging.LogWithFields("COMMAND-Dg2z5", "userID", userAgg.ID).OnError(err).Error("NewHumanInitializedCheckFailedEvent push failed")
return caos_errs.ThrowInvalidArgument(err, "COMMAND-11v6G", "Errors.User.Code.Invalid") return caos_errs.ThrowInvalidArgument(err, "COMMAND-11v6G", "Errors.User.Code.Invalid")
} }
@@ -76,19 +76,19 @@ func (r *CommandSide) HumanVerifyInitCode(ctx context.Context, userID, resourceO
SecretString: passwordString, SecretString: passwordString,
ChangeRequired: false, ChangeRequired: false,
} }
passwordEvent, err := r.changePassword(ctx, "", password, userAgg, passwordWriteModel) passwordEvent, err := c.changePassword(ctx, "", password, userAgg, passwordWriteModel)
if err != nil { if err != nil {
return err return err
} }
events = append(events, passwordEvent) events = append(events, passwordEvent)
} }
events = append(events, user.NewHumanInitialCodeSentEvent(ctx, userAgg)) events = append(events, user.NewHumanInitialCodeSentEvent(ctx, userAgg))
_, err = r.eventstore.PushEvents(ctx, events...) _, err = c.eventstore.PushEvents(ctx, events...)
return err return err
} }
func (r *CommandSide) HumanInitCodeSent(ctx context.Context, orgID, userID string) (err error) { func (c *Commands) HumanInitCodeSent(ctx context.Context, orgID, userID string) (err error) {
existingInitCode, err := r.getHumanInitWriteModelByID(ctx, userID, orgID) existingInitCode, err := c.getHumanInitWriteModelByID(ctx, userID, orgID)
if err != nil { if err != nil {
return err return err
} }
@@ -96,13 +96,13 @@ func (r *CommandSide) HumanInitCodeSent(ctx context.Context, orgID, userID strin
return caos_errs.ThrowNotFound(nil, "COMMAND-556zg", "Errors.User.Code.NotFound") return caos_errs.ThrowNotFound(nil, "COMMAND-556zg", "Errors.User.Code.NotFound")
} }
userAgg := UserAggregateFromWriteModel(&existingInitCode.WriteModel) userAgg := UserAggregateFromWriteModel(&existingInitCode.WriteModel)
_, err = r.eventstore.PushEvents(ctx, user.NewHumanInitialCodeSentEvent(ctx, userAgg)) _, err = c.eventstore.PushEvents(ctx, user.NewHumanInitialCodeSentEvent(ctx, userAgg))
return err return err
} }
func (r *CommandSide) getHumanInitWriteModelByID(ctx context.Context, userID, resourceowner string) (*HumanInitCodeWriteModel, error) { func (c *Commands) getHumanInitWriteModelByID(ctx context.Context, userID, resourceowner string) (*HumanInitCodeWriteModel, error) {
initWriteModel := NewHumanInitCodeWriteModel(userID, resourceowner) initWriteModel := NewHumanInitCodeWriteModel(userID, resourceowner)
err := r.eventstore.FilterToQueryReducer(ctx, initWriteModel) err := c.eventstore.FilterToQueryReducer(ctx, initWriteModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

42
internal/command/user_human_otp.go
View File

@@ -10,26 +10,26 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
) )
func (r *CommandSide) AddHumanOTP(ctx context.Context, userID, resourceowner string) (*domain.OTP, error) { func (c *Commands) AddHumanOTP(ctx context.Context, userID, resourceowner string) (*domain.OTP, error) {
if userID == "" { if userID == "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-5M0sd", "Errors.User.UserIDMissing") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-5M0sd", "Errors.User.UserIDMissing")
} }
human, err := r.getHuman(ctx, userID, resourceowner) human, err := c.getHuman(ctx, userID, resourceowner)
if err != nil { if err != nil {
logging.Log("COMMAND-DAqe1").WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("unable to get human for loginname") logging.Log("COMMAND-DAqe1").WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("unable to get human for loginname")
return nil, err return nil, err
} }
org, err := r.getOrg(ctx, human.ResourceOwner) org, err := c.getOrg(ctx, human.ResourceOwner)
if err != nil { if err != nil {
logging.Log("COMMAND-Cm0ds").WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("unable to get org for loginname") logging.Log("COMMAND-Cm0ds").WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("unable to get org for loginname")
return nil, err return nil, err
} }
orgPolicy, err := r.getOrgIAMPolicy(ctx, org.AggregateID) orgPolicy, err := c.getOrgIAMPolicy(ctx, org.AggregateID)
if err != nil { if err != nil {
logging.Log("COMMAND-y5zv9").WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("unable to get org policy for loginname") logging.Log("COMMAND-y5zv9").WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("unable to get org policy for loginname")
return nil, err return nil, err
} }
otpWriteModel, err := r.otpWriteModelByID(ctx, userID, resourceowner) otpWriteModel, err := c.otpWriteModelByID(ctx, userID, resourceowner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -41,11 +41,11 @@ func (r *CommandSide) AddHumanOTP(ctx context.Context, userID, resourceowner str
if accountName == "" { if accountName == "" {
accountName = human.EmailAddress accountName = human.EmailAddress
} }
key, secret, err := domain.NewOTPKey(r.multifactors.OTP.Issuer, accountName, r.multifactors.OTP.CryptoMFA) key, secret, err := domain.NewOTPKey(c.multifactors.OTP.Issuer, accountName, c.multifactors.OTP.CryptoMFA)
if err != nil { if err != nil {
return nil, err return nil, err
} }
_, err = r.eventstore.PushEvents(ctx, user.NewHumanOTPAddedEvent(ctx, userAgg, secret)) _, err = c.eventstore.PushEvents(ctx, user.NewHumanOTPAddedEvent(ctx, userAgg, secret))
if err != nil { if err != nil {
return nil, err return nil, err
@@ -59,12 +59,12 @@ func (r *CommandSide) AddHumanOTP(ctx context.Context, userID, resourceowner str
}, nil }, nil
} }
func (r *CommandSide) HumanCheckMFAOTPSetup(ctx context.Context, userID, code, userAgentID, resourceowner string) error { func (c *Commands) HumanCheckMFAOTPSetup(ctx context.Context, userID, code, userAgentID, resourceowner string) error {
if userID == "" { if userID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-8N9ds", "Errors.User.UserIDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-8N9ds", "Errors.User.UserIDMissing")
} }
existingOTP, err := r.otpWriteModelByID(ctx, userID, resourceowner) existingOTP, err := c.otpWriteModelByID(ctx, userID, resourceowner)
if err != nil { if err != nil {
return err return err
} }
@@ -74,20 +74,20 @@ func (r *CommandSide) HumanCheckMFAOTPSetup(ctx context.Context, userID, code, u
if existingOTP.State == domain.MFAStateReady { if existingOTP.State == domain.MFAStateReady {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-qx4ls", "Errors.Users.MFA.OTP.AlreadyReady") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-qx4ls", "Errors.Users.MFA.OTP.AlreadyReady")
} }
if err := domain.VerifyMFAOTP(code, existingOTP.Secret, r.multifactors.OTP.CryptoMFA); err != nil { if err := domain.VerifyMFAOTP(code, existingOTP.Secret, c.multifactors.OTP.CryptoMFA); err != nil {
return err return err
} }
userAgg := UserAggregateFromWriteModel(&existingOTP.WriteModel) userAgg := UserAggregateFromWriteModel(&existingOTP.WriteModel)
_, err = r.eventstore.PushEvents(ctx, user.NewHumanOTPVerifiedEvent(ctx, userAgg, userAgentID)) _, err = c.eventstore.PushEvents(ctx, user.NewHumanOTPVerifiedEvent(ctx, userAgg, userAgentID))
return err return err
} }
func (r *CommandSide) HumanCheckMFAOTP(ctx context.Context, userID, code, resourceowner string, authRequest *domain.AuthRequest) error { func (c *Commands) HumanCheckMFAOTP(ctx context.Context, userID, code, resourceowner string, authRequest *domain.AuthRequest) error {
if userID == "" { if userID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-8N9ds", "Errors.User.UserIDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-8N9ds", "Errors.User.UserIDMissing")
} }
existingOTP, err := r.otpWriteModelByID(ctx, userID, resourceowner) existingOTP, err := c.otpWriteModelByID(ctx, userID, resourceowner)
if err != nil { if err != nil {
return err return err
} }
@@ -95,22 +95,22 @@ func (r *CommandSide) HumanCheckMFAOTP(ctx context.Context, userID, code, resour
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3Mif9s", "Errors.User.MFA.OTP.NotReady") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3Mif9s", "Errors.User.MFA.OTP.NotReady")
} }
userAgg := UserAggregateFromWriteModel(&existingOTP.WriteModel) userAgg := UserAggregateFromWriteModel(&existingOTP.WriteModel)
err = domain.VerifyMFAOTP(code, existingOTP.Secret, r.multifactors.OTP.CryptoMFA) err = domain.VerifyMFAOTP(code, existingOTP.Secret, c.multifactors.OTP.CryptoMFA)
if err == nil { if err == nil {
_, err = r.eventstore.PushEvents(ctx, user.NewHumanOTPCheckSucceededEvent(ctx, userAgg, authRequestDomainToAuthRequestInfo(authRequest))) _, err = c.eventstore.PushEvents(ctx, user.NewHumanOTPCheckSucceededEvent(ctx, userAgg, authRequestDomainToAuthRequestInfo(authRequest)))
return err return err
} }
_, pushErr := r.eventstore.PushEvents(ctx, user.NewHumanOTPCheckFailedEvent(ctx, userAgg, authRequestDomainToAuthRequestInfo(authRequest))) _, pushErr := c.eventstore.PushEvents(ctx, user.NewHumanOTPCheckFailedEvent(ctx, userAgg, authRequestDomainToAuthRequestInfo(authRequest)))
logging.Log("COMMAND-9fj7s").OnError(pushErr).Error("error create password check failed event") logging.Log("COMMAND-9fj7s").OnError(pushErr).Error("error create password check failed event")
return err return err
} }
func (r *CommandSide) HumanRemoveOTP(ctx context.Context, userID, resourceOwner string) error { func (c *Commands) HumanRemoveOTP(ctx context.Context, userID, resourceOwner string) error {
if userID == "" { if userID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-5M0sd", "Errors.User.UserIDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-5M0sd", "Errors.User.UserIDMissing")
} }
existingOTP, err := r.otpWriteModelByID(ctx, userID, resourceOwner) existingOTP, err := c.otpWriteModelByID(ctx, userID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
@@ -118,16 +118,16 @@ func (r *CommandSide) HumanRemoveOTP(ctx context.Context, userID, resourceOwner
return caos_errs.ThrowNotFound(nil, "COMMAND-Hd9sd", "Errors.User.MFA.OTP.NotExisting") return caos_errs.ThrowNotFound(nil, "COMMAND-Hd9sd", "Errors.User.MFA.OTP.NotExisting")
} }
userAgg := UserAggregateFromWriteModel(&existingOTP.WriteModel) userAgg := UserAggregateFromWriteModel(&existingOTP.WriteModel)
_, err = r.eventstore.PushEvents(ctx, user.NewHumanOTPRemovedEvent(ctx, userAgg)) _, err = c.eventstore.PushEvents(ctx, user.NewHumanOTPRemovedEvent(ctx, userAgg))
return err return err
} }
func (r *CommandSide) otpWriteModelByID(ctx context.Context, userID, resourceOwner string) (writeModel *HumanOTPWriteModel, err error) { func (c *Commands) otpWriteModelByID(ctx context.Context, userID, resourceOwner string) (writeModel *HumanOTPWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
writeModel = NewHumanOTPWriteModel(userID, resourceOwner) writeModel = NewHumanOTPWriteModel(userID, resourceOwner)
err = r.eventstore.FilterToQueryReducer(ctx, writeModel) err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

62
internal/command/user_human_password.go
View File

@@ -11,11 +11,11 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
) )
func (r *CommandSide) SetOneTimePassword(ctx context.Context, orgID, userID, passwordString string) (err error) { func (c *Commands) SetOneTimePassword(ctx context.Context, orgID, userID, passwordString string) (err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
existingPassword, err := r.passwordWriteModel(ctx, userID, orgID) existingPassword, err := c.passwordWriteModel(ctx, userID, orgID)
if err != nil { if err != nil {
return err return err
} }
@@ -24,19 +24,19 @@ func (r *CommandSide) SetOneTimePassword(ctx context.Context, orgID, userID, pas
ChangeRequired: true, ChangeRequired: true,
} }
userAgg := UserAggregateFromWriteModel(&existingPassword.WriteModel) userAgg := UserAggregateFromWriteModel(&existingPassword.WriteModel)
passwordEvent, err := r.changePassword(ctx, "", password, userAgg, existingPassword) passwordEvent, err := c.changePassword(ctx, "", password, userAgg, existingPassword)
if err != nil { if err != nil {
return err return err
} }
_, err = r.eventstore.PushEvents(ctx, passwordEvent) _, err = c.eventstore.PushEvents(ctx, passwordEvent)
return err return err
} }
func (r *CommandSide) SetPassword(ctx context.Context, orgID, userID, code, passwordString, userAgentID string) (err error) { func (c *Commands) SetPassword(ctx context.Context, orgID, userID, code, passwordString, userAgentID string) (err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
existingCode, err := r.passwordWriteModel(ctx, userID, orgID) existingCode, err := c.passwordWriteModel(ctx, userID, orgID)
if err != nil { if err != nil {
return err return err
} }
@@ -45,7 +45,7 @@ func (r *CommandSide) SetPassword(ctx context.Context, orgID, userID, code, pass
return caos_errs.ThrowNotFound(nil, "COMMAND-2M9fs", "Errors.User.Code.NotFound") return caos_errs.ThrowNotFound(nil, "COMMAND-2M9fs", "Errors.User.Code.NotFound")
} }
err = crypto.VerifyCode(existingCode.CodeCreationDate, existingCode.CodeExpiry, existingCode.Code, code, r.emailVerificationCode) err = crypto.VerifyCode(existingCode.CodeCreationDate, existingCode.CodeExpiry, existingCode.Code, code, c.emailVerificationCode)
if err != nil { if err != nil {
return err return err
} }
@@ -55,19 +55,19 @@ func (r *CommandSide) SetPassword(ctx context.Context, orgID, userID, code, pass
ChangeRequired: false, ChangeRequired: false,
} }
userAgg := UserAggregateFromWriteModel(&existingCode.WriteModel) userAgg := UserAggregateFromWriteModel(&existingCode.WriteModel)
passwordEvent, err := r.changePassword(ctx, userAgentID, password, userAgg, existingCode) passwordEvent, err := c.changePassword(ctx, userAgentID, password, userAgg, existingCode)
if err != nil { if err != nil {
return err return err
} }
_, err = r.eventstore.PushEvents(ctx, passwordEvent) _, err = c.eventstore.PushEvents(ctx, passwordEvent)
return err return err
} }
func (r *CommandSide) ChangePassword(ctx context.Context, orgID, userID, oldPassword, newPassword, userAgentID string) (err error) { func (c *Commands) ChangePassword(ctx context.Context, orgID, userID, oldPassword, newPassword, userAgentID string) (err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
existingPassword, err := r.passwordWriteModel(ctx, userID, orgID) existingPassword, err := c.passwordWriteModel(ctx, userID, orgID)
if err != nil { if err != nil {
return err return err
} }
@@ -75,7 +75,7 @@ func (r *CommandSide) ChangePassword(ctx context.Context, orgID, userID, oldPass
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Fds3s", "Errors.User.Password.Empty") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Fds3s", "Errors.User.Password.Empty")
} }
ctx, spanPasswordComparison := tracing.NewNamedSpan(ctx, "crypto.CompareHash") ctx, spanPasswordComparison := tracing.NewNamedSpan(ctx, "crypto.CompareHash")
err = crypto.CompareHash(existingPassword.Secret, []byte(oldPassword), r.userPasswordAlg) err = crypto.CompareHash(existingPassword.Secret, []byte(oldPassword), c.userPasswordAlg)
spanPasswordComparison.EndWithError(err) spanPasswordComparison.EndWithError(err)
if err != nil { if err != nil {
@@ -87,15 +87,15 @@ func (r *CommandSide) ChangePassword(ctx context.Context, orgID, userID, oldPass
} }
userAgg := UserAggregateFromWriteModel(&existingPassword.WriteModel) userAgg := UserAggregateFromWriteModel(&existingPassword.WriteModel)
eventPusher, err := r.changePassword(ctx, userAgentID, password, userAgg, existingPassword) eventPusher, err := c.changePassword(ctx, userAgentID, password, userAgg, existingPassword)
if err != nil { if err != nil {
return err return err
} }
_, err = r.eventstore.PushEvents(ctx, eventPusher) _, err = c.eventstore.PushEvents(ctx, eventPusher)
return err return err
} }
func (r *CommandSide) changePassword(ctx context.Context, userAgentID string, password *domain.Password, userAgg *eventstore.Aggregate, existingPassword *HumanPasswordWriteModel) (event eventstore.EventPusher, err error) { func (c *Commands) changePassword(ctx context.Context, userAgentID string, password *domain.Password, userAgg *eventstore.Aggregate, existingPassword *HumanPasswordWriteModel) (event eventstore.EventPusher, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
@@ -105,18 +105,18 @@ func (r *CommandSide) changePassword(ctx context.Context, userAgentID string, pa
if existingPassword.UserState == domain.UserStateInitial { if existingPassword.UserState == domain.UserStateInitial {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-M9dse", "Errors.User.NotInitialised") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-M9dse", "Errors.User.NotInitialised")
} }
pwPolicy, err := r.getOrgPasswordComplexityPolicy(ctx, userAgg.ResourceOwner) pwPolicy, err := c.getOrgPasswordComplexityPolicy(ctx, userAgg.ResourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
if err := password.HashPasswordIfExisting(pwPolicy, r.userPasswordAlg); err != nil { if err := password.HashPasswordIfExisting(pwPolicy, c.userPasswordAlg); err != nil {
return nil, err return nil, err
} }
return user.NewHumanPasswordChangedEvent(ctx, userAgg, password.SecretCrypto, password.ChangeRequired, userAgentID), nil return user.NewHumanPasswordChangedEvent(ctx, userAgg, password.SecretCrypto, password.ChangeRequired, userAgentID), nil
} }
func (r *CommandSide) RequestSetPassword(ctx context.Context, userID, resourceOwner string, notifyType domain.NotificationType) (err error) { func (c *Commands) RequestSetPassword(ctx context.Context, userID, resourceOwner string, notifyType domain.NotificationType) (err error) {
existingHuman, err := r.userWriteModelByID(ctx, userID, resourceOwner) existingHuman, err := c.userWriteModelByID(ctx, userID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
@@ -127,16 +127,16 @@ func (r *CommandSide) RequestSetPassword(ctx context.Context, userID, resourceOw
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M9sd", "Errors.User.NotInitialised") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M9sd", "Errors.User.NotInitialised")
} }
userAgg := UserAggregateFromWriteModel(&existingHuman.WriteModel) userAgg := UserAggregateFromWriteModel(&existingHuman.WriteModel)
passwordCode, err := domain.NewPasswordCode(r.passwordVerificationCode) passwordCode, err := domain.NewPasswordCode(c.passwordVerificationCode)
if err != nil { if err != nil {
return err return err
} }
_, err = r.eventstore.PushEvents(ctx, user.NewHumanPasswordCodeAddedEvent(ctx, userAgg, passwordCode.Code, passwordCode.Expiry, notifyType)) _, err = c.eventstore.PushEvents(ctx, user.NewHumanPasswordCodeAddedEvent(ctx, userAgg, passwordCode.Code, passwordCode.Expiry, notifyType))
return err return err
} }
func (r *CommandSide) PasswordCodeSent(ctx context.Context, orgID, userID string) (err error) { func (c *Commands) PasswordCodeSent(ctx context.Context, orgID, userID string) (err error) {
existingPassword, err := r.passwordWriteModel(ctx, userID, orgID) existingPassword, err := c.passwordWriteModel(ctx, userID, orgID)
if err != nil { if err != nil {
return err return err
} }
@@ -144,11 +144,11 @@ func (r *CommandSide) PasswordCodeSent(ctx context.Context, orgID, userID string
return caos_errs.ThrowNotFound(nil, "COMMAND-3n77z", "Errors.User.NotFound") return caos_errs.ThrowNotFound(nil, "COMMAND-3n77z", "Errors.User.NotFound")
} }
userAgg := UserAggregateFromWriteModel(&existingPassword.WriteModel) userAgg := UserAggregateFromWriteModel(&existingPassword.WriteModel)
_, err = r.eventstore.PushEvents(ctx, user.NewHumanPasswordCodeSentEvent(ctx, userAgg)) _, err = c.eventstore.PushEvents(ctx, user.NewHumanPasswordCodeSentEvent(ctx, userAgg))
return err return err
} }
func (r *CommandSide) HumanCheckPassword(ctx context.Context, orgID, userID, password string, authRequest *domain.AuthRequest) (err error) { func (c *Commands) HumanCheckPassword(ctx context.Context, orgID, userID, password string, authRequest *domain.AuthRequest) (err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
@@ -156,7 +156,7 @@ func (r *CommandSide) HumanCheckPassword(ctx context.Context, orgID, userID, pas
return caos_errs.ThrowNotFound(nil, "COMMAND-3n8fs", "Errors.User.Password.Empty") return caos_errs.ThrowNotFound(nil, "COMMAND-3n8fs", "Errors.User.Password.Empty")
} }
existingPassword, err := r.passwordWriteModel(ctx, userID, orgID) existingPassword, err := c.passwordWriteModel(ctx, userID, orgID)
if err != nil { if err != nil {
return err return err
} }
@@ -170,23 +170,23 @@ func (r *CommandSide) HumanCheckPassword(ctx context.Context, orgID, userID, pas
userAgg := UserAggregateFromWriteModel(&existingPassword.WriteModel) userAgg := UserAggregateFromWriteModel(&existingPassword.WriteModel)
ctx, spanPasswordComparison := tracing.NewNamedSpan(ctx, "crypto.CompareHash") ctx, spanPasswordComparison := tracing.NewNamedSpan(ctx, "crypto.CompareHash")
err = crypto.CompareHash(existingPassword.Secret, []byte(password), r.userPasswordAlg) err = crypto.CompareHash(existingPassword.Secret, []byte(password), c.userPasswordAlg)
spanPasswordComparison.EndWithError(err) spanPasswordComparison.EndWithError(err)
if err == nil { if err == nil {
_, err = r.eventstore.PushEvents(ctx, user.NewHumanPasswordCheckSucceededEvent(ctx, userAgg, authRequestDomainToAuthRequestInfo(authRequest))) _, err = c.eventstore.PushEvents(ctx, user.NewHumanPasswordCheckSucceededEvent(ctx, userAgg, authRequestDomainToAuthRequestInfo(authRequest)))
return err return err
} }
_, err = r.eventstore.PushEvents(ctx, user.NewHumanPasswordCheckFailedEvent(ctx, userAgg, authRequestDomainToAuthRequestInfo(authRequest))) _, err = c.eventstore.PushEvents(ctx, user.NewHumanPasswordCheckFailedEvent(ctx, userAgg, authRequestDomainToAuthRequestInfo(authRequest)))
logging.Log("COMMAND-9fj7s").OnError(err).Error("error create password check failed event") logging.Log("COMMAND-9fj7s").OnError(err).Error("error create password check failed event")
return caos_errs.ThrowInvalidArgument(nil, "COMMAND-452ad", "Errors.User.Password.Invalid") return caos_errs.ThrowInvalidArgument(nil, "COMMAND-452ad", "Errors.User.Password.Invalid")
} }
func (r *CommandSide) passwordWriteModel(ctx context.Context, userID, resourceOwner string) (writeModel *HumanPasswordWriteModel, err error) { func (c *Commands) passwordWriteModel(ctx context.Context, userID, resourceOwner string) (writeModel *HumanPasswordWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
writeModel = NewHumanPasswordWriteModel(userID, resourceOwner) writeModel = NewHumanPasswordWriteModel(userID, resourceOwner)
err = r.eventstore.FilterToQueryReducer(ctx, writeModel) err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

42
internal/command/user_human_phone.go
View File

@@ -12,12 +12,12 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
) )
func (r *CommandSide) ChangeHumanPhone(ctx context.Context, phone *domain.Phone) (*domain.Phone, error) { func (c *Commands) ChangeHumanPhone(ctx context.Context, phone *domain.Phone) (*domain.Phone, error) {
if !phone.IsValid() { if !phone.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-6M0ds", "Errors.Phone.Invalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-6M0ds", "Errors.Phone.Invalid")
} }
existingPhone, err := r.phoneWriteModelByID(ctx, phone.AggregateID, phone.ResourceOwner) existingPhone, err := c.phoneWriteModelByID(ctx, phone.AggregateID, phone.ResourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -35,14 +35,14 @@ func (r *CommandSide) ChangeHumanPhone(ctx context.Context, phone *domain.Phone)
if phone.IsPhoneVerified { if phone.IsPhoneVerified {
events = append(events, user.NewHumanPhoneVerifiedEvent(ctx, userAgg)) events = append(events, user.NewHumanPhoneVerifiedEvent(ctx, userAgg))
} else { } else {
phoneCode, err := domain.NewPhoneCode(r.phoneVerificationCode) phoneCode, err := domain.NewPhoneCode(c.phoneVerificationCode)
if err != nil { if err != nil {
return nil, err return nil, err
} }
events = append(events, user.NewHumanPhoneCodeAddedEvent(ctx, userAgg, phoneCode.Code, phoneCode.Expiry)) events = append(events, user.NewHumanPhoneCodeAddedEvent(ctx, userAgg, phoneCode.Code, phoneCode.Expiry))
} }
pushedEvents, err := r.eventstore.PushEvents(ctx, events...) pushedEvents, err := c.eventstore.PushEvents(ctx, events...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -54,7 +54,7 @@ func (r *CommandSide) ChangeHumanPhone(ctx context.Context, phone *domain.Phone)
return writeModelToPhone(existingPhone), nil return writeModelToPhone(existingPhone), nil
} }
func (r *CommandSide) VerifyHumanPhone(ctx context.Context, userID, code, resourceowner string) error { func (c *Commands) VerifyHumanPhone(ctx context.Context, userID, code, resourceowner string) error {
if userID == "" { if userID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Km9ds", "Errors.User.UserIDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Km9ds", "Errors.User.UserIDMissing")
} }
@@ -62,7 +62,7 @@ func (r *CommandSide) VerifyHumanPhone(ctx context.Context, userID, code, resour
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-wMe9f", "Errors.User.Code.Empty") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-wMe9f", "Errors.User.Code.Empty")
} }
existingCode, err := r.phoneWriteModelByID(ctx, userID, resourceowner) existingCode, err := c.phoneWriteModelByID(ctx, userID, resourceowner)
if err != nil { if err != nil {
return err return err
} }
@@ -71,23 +71,23 @@ func (r *CommandSide) VerifyHumanPhone(ctx context.Context, userID, code, resour
} }
userAgg := UserAggregateFromWriteModel(&existingCode.WriteModel) userAgg := UserAggregateFromWriteModel(&existingCode.WriteModel)
err = crypto.VerifyCode(existingCode.CodeCreationDate, existingCode.CodeExpiry, existingCode.Code, code, r.phoneVerificationCode) err = crypto.VerifyCode(existingCode.CodeCreationDate, existingCode.CodeExpiry, existingCode.Code, code, c.phoneVerificationCode)
if err == nil { if err == nil {
_, err = r.eventstore.PushEvents(ctx, user.NewHumanPhoneVerifiedEvent(ctx, userAgg)) _, err = c.eventstore.PushEvents(ctx, user.NewHumanPhoneVerifiedEvent(ctx, userAgg))
return err return err
} }
_, err = r.eventstore.PushEvents(ctx, user.NewHumanPhoneVerificationFailedEvent(ctx, userAgg)) _, err = c.eventstore.PushEvents(ctx, user.NewHumanPhoneVerificationFailedEvent(ctx, userAgg))
logging.LogWithFields("COMMAND-5M9ds", "userID", userAgg.ID).OnError(err).Error("NewHumanPhoneVerificationFailedEvent push failed") logging.LogWithFields("COMMAND-5M9ds", "userID", userAgg.ID).OnError(err).Error("NewHumanPhoneVerificationFailedEvent push failed")
return caos_errs.ThrowInvalidArgument(err, "COMMAND-sM0cs", "Errors.User.Code.Invalid") return caos_errs.ThrowInvalidArgument(err, "COMMAND-sM0cs", "Errors.User.Code.Invalid")
} }
func (r *CommandSide) CreateHumanPhoneVerificationCode(ctx context.Context, userID, resourceowner string) error { func (c *Commands) CreateHumanPhoneVerificationCode(ctx context.Context, userID, resourceowner string) error {
if userID == "" { if userID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4M0ds", "Errors.User.UserIDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4M0ds", "Errors.User.UserIDMissing")
} }
existingPhone, err := r.phoneWriteModelByID(ctx, userID, resourceowner) existingPhone, err := c.phoneWriteModelByID(ctx, userID, resourceowner)
if err != nil { if err != nil {
return err return err
} }
@@ -100,18 +100,18 @@ func (r *CommandSide) CreateHumanPhoneVerificationCode(ctx context.Context, user
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M9sf", "Errors.User.Phone.AlreadyVerified") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M9sf", "Errors.User.Phone.AlreadyVerified")
} }
phoneCode, err := domain.NewPhoneCode(r.phoneVerificationCode) phoneCode, err := domain.NewPhoneCode(c.phoneVerificationCode)
if err != nil { if err != nil {
return err return err
} }
userAgg := UserAggregateFromWriteModel(&existingPhone.WriteModel) userAgg := UserAggregateFromWriteModel(&existingPhone.WriteModel)
_, err = r.eventstore.PushEvents(ctx, user.NewHumanPhoneCodeAddedEvent(ctx, userAgg, phoneCode.Code, phoneCode.Expiry)) _, err = c.eventstore.PushEvents(ctx, user.NewHumanPhoneCodeAddedEvent(ctx, userAgg, phoneCode.Code, phoneCode.Expiry))
return err return err
} }
func (r *CommandSide) HumanPhoneVerificationCodeSent(ctx context.Context, orgID, userID string) (err error) { func (c *Commands) HumanPhoneVerificationCodeSent(ctx context.Context, orgID, userID string) (err error) {
existingPhone, err := r.phoneWriteModelByID(ctx, userID, orgID) existingPhone, err := c.phoneWriteModelByID(ctx, userID, orgID)
if err != nil { if err != nil {
return err return err
} }
@@ -120,16 +120,16 @@ func (r *CommandSide) HumanPhoneVerificationCodeSent(ctx context.Context, orgID,
} }
userAgg := UserAggregateFromWriteModel(&existingPhone.WriteModel) userAgg := UserAggregateFromWriteModel(&existingPhone.WriteModel)
_, err = r.eventstore.PushEvents(ctx, user.NewHumanPhoneCodeSentEvent(ctx, userAgg)) _, err = c.eventstore.PushEvents(ctx, user.NewHumanPhoneCodeSentEvent(ctx, userAgg))
return err return err
} }
func (r *CommandSide) RemoveHumanPhone(ctx context.Context, userID, resourceOwner string) error { func (c *Commands) RemoveHumanPhone(ctx context.Context, userID, resourceOwner string) error {
if userID == "" { if userID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-6M0ds", "Errors.User.UserIDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-6M0ds", "Errors.User.UserIDMissing")
} }
existingPhone, err := r.phoneWriteModelByID(ctx, userID, resourceOwner) existingPhone, err := c.phoneWriteModelByID(ctx, userID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
@@ -138,16 +138,16 @@ func (r *CommandSide) RemoveHumanPhone(ctx context.Context, userID, resourceOwne
} }
userAgg := UserAggregateFromWriteModel(&existingPhone.WriteModel) userAgg := UserAggregateFromWriteModel(&existingPhone.WriteModel)
_, err = r.eventstore.PushEvents(ctx, user.NewHumanPhoneRemovedEvent(ctx, userAgg)) _, err = c.eventstore.PushEvents(ctx, user.NewHumanPhoneRemovedEvent(ctx, userAgg))
return err return err
} }
func (r *CommandSide) phoneWriteModelByID(ctx context.Context, userID, resourceOwner string) (writeModel *HumanPhoneWriteModel, err error) { func (c *Commands) phoneWriteModelByID(ctx context.Context, userID, resourceOwner string) (writeModel *HumanPhoneWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
writeModel = NewHumanPhoneWriteModel(userID, resourceOwner) writeModel = NewHumanPhoneWriteModel(userID, resourceOwner)
err = r.eventstore.FilterToQueryReducer(ctx, writeModel) err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

10
internal/command/user_human_profile.go
View File

@@ -8,12 +8,12 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
) )
func (r *CommandSide) ChangeHumanProfile(ctx context.Context, profile *domain.Profile) (*domain.Profile, error) { func (c *Commands) ChangeHumanProfile(ctx context.Context, profile *domain.Profile) (*domain.Profile, error) {
if !profile.IsValid() && profile.AggregateID != "" { if !profile.IsValid() && profile.AggregateID != "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-8io0d", "Errors.User.Profile.Invalid") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-8io0d", "Errors.User.Profile.Invalid")
} }
existingProfile, err := r.profileWriteModelByID(ctx, profile.AggregateID, profile.ResourceOwner) existingProfile, err := c.profileWriteModelByID(ctx, profile.AggregateID, profile.ResourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -25,7 +25,7 @@ func (r *CommandSide) ChangeHumanProfile(ctx context.Context, profile *domain.Pr
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M0fs", "Errors.User.Profile.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M0fs", "Errors.User.Profile.NotChanged")
} }
events, err := r.eventstore.PushEvents(ctx, changedEvent) events, err := c.eventstore.PushEvents(ctx, changedEvent)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -37,12 +37,12 @@ func (r *CommandSide) ChangeHumanProfile(ctx context.Context, profile *domain.Pr
return writeModelToProfile(existingProfile), nil return writeModelToProfile(existingProfile), nil
} }
func (r *CommandSide) profileWriteModelByID(ctx context.Context, userID, resourceOwner string) (writeModel *HumanProfileWriteModel, err error) { func (c *Commands) profileWriteModelByID(ctx context.Context, userID, resourceOwner string) (writeModel *HumanProfileWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
writeModel = NewHumanProfileWriteModel(userID, resourceOwner) writeModel = NewHumanProfileWriteModel(userID, resourceOwner)
err = r.eventstore.FilterToQueryReducer(ctx, writeModel) err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

140
internal/command/user_human_webauthn.go
View File

@@ -10,9 +10,9 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
) )
func (r *CommandSide) getHumanU2FTokens(ctx context.Context, userID, resourceowner string) ([]*domain.WebAuthNToken, error) { func (c *Commands) getHumanU2FTokens(ctx context.Context, userID, resourceowner string) ([]*domain.WebAuthNToken, error) {
tokenReadModel := NewHumanU2FTokensReadModel(userID, resourceowner) tokenReadModel := NewHumanU2FTokensReadModel(userID, resourceowner)
err := r.eventstore.FilterToQueryReducer(ctx, tokenReadModel) err := c.eventstore.FilterToQueryReducer(ctx, tokenReadModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -22,9 +22,9 @@ func (r *CommandSide) getHumanU2FTokens(ctx context.Context, userID, resourceown
return readModelToU2FTokens(tokenReadModel), nil return readModelToU2FTokens(tokenReadModel), nil
} }
func (r *CommandSide) getHumanPasswordlessTokens(ctx context.Context, userID, resourceowner string) ([]*domain.WebAuthNToken, error) { func (c *Commands) getHumanPasswordlessTokens(ctx context.Context, userID, resourceowner string) ([]*domain.WebAuthNToken, error) {
tokenReadModel := NewHumanPasswordlessTokensReadModel(userID, resourceowner) tokenReadModel := NewHumanPasswordlessTokensReadModel(userID, resourceowner)
err := r.eventstore.FilterToQueryReducer(ctx, tokenReadModel) err := c.eventstore.FilterToQueryReducer(ctx, tokenReadModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -34,9 +34,9 @@ func (r *CommandSide) getHumanPasswordlessTokens(ctx context.Context, userID, re
return readModelToPasswordlessTokens(tokenReadModel), nil return readModelToPasswordlessTokens(tokenReadModel), nil
} }
func (r *CommandSide) getHumanU2FLogin(ctx context.Context, userID, authReqID, resourceowner string) (*domain.WebAuthNLogin, error) { func (c *Commands) getHumanU2FLogin(ctx context.Context, userID, authReqID, resourceowner string) (*domain.WebAuthNLogin, error) {
tokenReadModel := NewHumanU2FLoginReadModel(userID, authReqID, resourceowner) tokenReadModel := NewHumanU2FLoginReadModel(userID, authReqID, resourceowner)
err := r.eventstore.FilterToQueryReducer(ctx, tokenReadModel) err := c.eventstore.FilterToQueryReducer(ctx, tokenReadModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -48,9 +48,9 @@ func (r *CommandSide) getHumanU2FLogin(ctx context.Context, userID, authReqID, r
}, nil }, nil
} }
func (r *CommandSide) getHumanPasswordlessLogin(ctx context.Context, userID, authReqID, resourceowner string) (*domain.WebAuthNLogin, error) { func (c *Commands) getHumanPasswordlessLogin(ctx context.Context, userID, authReqID, resourceowner string) (*domain.WebAuthNLogin, error) {
tokenReadModel := NewHumanPasswordlessLoginReadModel(userID, authReqID, resourceowner) tokenReadModel := NewHumanPasswordlessLoginReadModel(userID, authReqID, resourceowner)
err := r.eventstore.FilterToQueryReducer(ctx, tokenReadModel) err := c.eventstore.FilterToQueryReducer(ctx, tokenReadModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -62,17 +62,17 @@ func (r *CommandSide) getHumanPasswordlessLogin(ctx context.Context, userID, aut
}, nil }, nil
} }
func (r *CommandSide) HumanAddU2FSetup(ctx context.Context, userID, resourceowner string, isLoginUI bool) (*domain.WebAuthNToken, error) { func (c *Commands) HumanAddU2FSetup(ctx context.Context, userID, resourceowner string, isLoginUI bool) (*domain.WebAuthNToken, error) {
u2fTokens, err := r.getHumanU2FTokens(ctx, userID, resourceowner) u2fTokens, err := c.getHumanU2FTokens(ctx, userID, resourceowner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
addWebAuthN, userAgg, webAuthN, err := r.addHumanWebAuthN(ctx, userID, resourceowner, isLoginUI, u2fTokens) addWebAuthN, userAgg, webAuthN, err := c.addHumanWebAuthN(ctx, userID, resourceowner, isLoginUI, u2fTokens)
if err != nil { if err != nil {
return nil, err return nil, err
} }
events, err := r.eventstore.PushEvents(ctx, usr_repo.NewHumanU2FAddedEvent(ctx, userAgg, addWebAuthN.WebauthNTokenID, webAuthN.Challenge)) events, err := c.eventstore.PushEvents(ctx, usr_repo.NewHumanU2FAddedEvent(ctx, userAgg, addWebAuthN.WebauthNTokenID, webAuthN.Challenge))
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -88,17 +88,17 @@ func (r *CommandSide) HumanAddU2FSetup(ctx context.Context, userID, resourceowne
return createdWebAuthN, nil return createdWebAuthN, nil
} }
func (r *CommandSide) HumanAddPasswordlessSetup(ctx context.Context, userID, resourceowner string, isLoginUI bool) (*domain.WebAuthNToken, error) { func (c *Commands) HumanAddPasswordlessSetup(ctx context.Context, userID, resourceowner string, isLoginUI bool) (*domain.WebAuthNToken, error) {
passwordlessTokens, err := r.getHumanPasswordlessTokens(ctx, userID, resourceowner) passwordlessTokens, err := c.getHumanPasswordlessTokens(ctx, userID, resourceowner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
addWebAuthN, userAgg, webAuthN, err := r.addHumanWebAuthN(ctx, userID, resourceowner, isLoginUI, passwordlessTokens) addWebAuthN, userAgg, webAuthN, err := c.addHumanWebAuthN(ctx, userID, resourceowner, isLoginUI, passwordlessTokens)
if err != nil { if err != nil {
return nil, err return nil, err
} }
events, err := r.eventstore.PushEvents(ctx, usr_repo.NewHumanPasswordlessAddedEvent(ctx, userAgg, addWebAuthN.WebauthNTokenID, webAuthN.Challenge)) events, err := c.eventstore.PushEvents(ctx, usr_repo.NewHumanPasswordlessAddedEvent(ctx, userAgg, addWebAuthN.WebauthNTokenID, webAuthN.Challenge))
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -114,19 +114,19 @@ func (r *CommandSide) HumanAddPasswordlessSetup(ctx context.Context, userID, res
return createdWebAuthN, nil return createdWebAuthN, nil
} }
func (r *CommandSide) addHumanWebAuthN(ctx context.Context, userID, resourceowner string, isLoginUI bool, tokens []*domain.WebAuthNToken) (*HumanWebAuthNWriteModel, *eventstore.Aggregate, *domain.WebAuthNToken, error) { func (c *Commands) addHumanWebAuthN(ctx context.Context, userID, resourceowner string, isLoginUI bool, tokens []*domain.WebAuthNToken) (*HumanWebAuthNWriteModel, *eventstore.Aggregate, *domain.WebAuthNToken, error) {
if userID == "" || resourceowner == "" { if userID == "" || resourceowner == "" {
return nil, nil, nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3M0od", "Errors.IDMissing") return nil, nil, nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3M0od", "Errors.IDMissing")
} }
user, err := r.getHuman(ctx, userID, resourceowner) user, err := c.getHuman(ctx, userID, resourceowner)
if err != nil { if err != nil {
return nil, nil, nil, err return nil, nil, nil, err
} }
org, err := r.getOrg(ctx, user.ResourceOwner) org, err := c.getOrg(ctx, user.ResourceOwner)
if err != nil { if err != nil {
return nil, nil, nil, err return nil, nil, nil, err
} }
orgPolicy, err := r.getOrgIAMPolicy(ctx, org.AggregateID) orgPolicy, err := c.getOrgIAMPolicy(ctx, org.AggregateID)
if err != nil { if err != nil {
return nil, nil, nil, err return nil, nil, nil, err
} }
@@ -134,15 +134,15 @@ func (r *CommandSide) addHumanWebAuthN(ctx context.Context, userID, resourceowne
if accountName == "" { if accountName == "" {
accountName = user.EmailAddress accountName = user.EmailAddress
} }
webAuthN, err := r.webauthn.BeginRegistration(user, accountName, domain.AuthenticatorAttachmentUnspecified, domain.UserVerificationRequirementDiscouraged, isLoginUI, tokens...) webAuthN, err := c.webauthn.BeginRegistration(user, accountName, domain.AuthenticatorAttachmentUnspecified, domain.UserVerificationRequirementDiscouraged, isLoginUI, tokens...)
if err != nil { if err != nil {
return nil, nil, nil, err return nil, nil, nil, err
} }
tokenID, err := r.idGenerator.Next() tokenID, err := c.idGenerator.Next()
if err != nil { if err != nil {
return nil, nil, nil, err return nil, nil, nil, err
} }
addWebAuthN, err := r.webauthNWriteModelByID(ctx, userID, tokenID, resourceowner) addWebAuthN, err := c.webauthNWriteModelByID(ctx, userID, tokenID, resourceowner)
if err != nil { if err != nil {
return nil, nil, nil, err return nil, nil, nil, err
} }
@@ -151,17 +151,17 @@ func (r *CommandSide) addHumanWebAuthN(ctx context.Context, userID, resourceowne
return addWebAuthN, userAgg, webAuthN, nil return addWebAuthN, userAgg, webAuthN, nil
} }
func (r *CommandSide) HumanVerifyU2FSetup(ctx context.Context, userID, resourceowner, tokenName, userAgentID string, credentialData []byte) error { func (c *Commands) HumanVerifyU2FSetup(ctx context.Context, userID, resourceowner, tokenName, userAgentID string, credentialData []byte) error {
u2fTokens, err := r.getHumanU2FTokens(ctx, userID, resourceowner) u2fTokens, err := c.getHumanU2FTokens(ctx, userID, resourceowner)
if err != nil { if err != nil {
return err return err
} }
userAgg, webAuthN, verifyWebAuthN, err := r.verifyHumanWebAuthN(ctx, userID, resourceowner, tokenName, userAgentID, credentialData, u2fTokens) userAgg, webAuthN, verifyWebAuthN, err := c.verifyHumanWebAuthN(ctx, userID, resourceowner, tokenName, userAgentID, credentialData, u2fTokens)
if err != nil { if err != nil {
return err return err
} }
_, err = r.eventstore.PushEvents(ctx, _, err = c.eventstore.PushEvents(ctx,
usr_repo.NewHumanU2FVerifiedEvent( usr_repo.NewHumanU2FVerifiedEvent(
ctx, ctx,
userAgg, userAgg,
@@ -177,17 +177,17 @@ func (r *CommandSide) HumanVerifyU2FSetup(ctx context.Context, userID, resourceo
return err return err
} }
func (r *CommandSide) HumanHumanPasswordlessSetup(ctx context.Context, userID, resourceowner, tokenName, userAgentID string, credentialData []byte) error { func (c *Commands) HumanHumanPasswordlessSetup(ctx context.Context, userID, resourceowner, tokenName, userAgentID string, credentialData []byte) error {
u2fTokens, err := r.getHumanPasswordlessTokens(ctx, userID, resourceowner) u2fTokens, err := c.getHumanPasswordlessTokens(ctx, userID, resourceowner)
if err != nil { if err != nil {
return err return err
} }
userAgg, webAuthN, verifyWebAuthN, err := r.verifyHumanWebAuthN(ctx, userID, resourceowner, tokenName, userAgentID, credentialData, u2fTokens) userAgg, webAuthN, verifyWebAuthN, err := c.verifyHumanWebAuthN(ctx, userID, resourceowner, tokenName, userAgentID, credentialData, u2fTokens)
if err != nil { if err != nil {
return err return err
} }
_, err = r.eventstore.PushEvents(ctx, _, err = c.eventstore.PushEvents(ctx,
usr_repo.NewHumanPasswordlessVerifiedEvent( usr_repo.NewHumanPasswordlessVerifiedEvent(
ctx, ctx,
userAgg, userAgg,
@@ -203,21 +203,21 @@ func (r *CommandSide) HumanHumanPasswordlessSetup(ctx context.Context, userID, r
return err return err
} }
func (r *CommandSide) verifyHumanWebAuthN(ctx context.Context, userID, resourceowner, tokenName, userAgentID string, credentialData []byte, tokens []*domain.WebAuthNToken) (*eventstore.Aggregate, *domain.WebAuthNToken, *HumanWebAuthNWriteModel, error) { func (c *Commands) verifyHumanWebAuthN(ctx context.Context, userID, resourceowner, tokenName, userAgentID string, credentialData []byte, tokens []*domain.WebAuthNToken) (*eventstore.Aggregate, *domain.WebAuthNToken, *HumanWebAuthNWriteModel, error) {
if userID == "" || resourceowner == "" { if userID == "" || resourceowner == "" {
return nil, nil, nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3M0od", "Errors.IDMissing") return nil, nil, nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3M0od", "Errors.IDMissing")
} }
user, err := r.getHuman(ctx, userID, resourceowner) user, err := c.getHuman(ctx, userID, resourceowner)
if err != nil { if err != nil {
return nil, nil, nil, err return nil, nil, nil, err
} }
_, token := domain.GetTokenToVerify(tokens) _, token := domain.GetTokenToVerify(tokens)
webAuthN, err := r.webauthn.FinishRegistration(user, token, tokenName, credentialData, userAgentID != "") webAuthN, err := c.webauthn.FinishRegistration(user, token, tokenName, credentialData, userAgentID != "")
if err != nil { if err != nil {
return nil, nil, nil, err return nil, nil, nil, err
} }
verifyWebAuthN, err := r.webauthNWriteModelByID(ctx, userID, token.WebAuthNTokenID, resourceowner) verifyWebAuthN, err := c.webauthNWriteModelByID(ctx, userID, token.WebAuthNTokenID, resourceowner)
if err != nil { if err != nil {
return nil, nil, nil, err return nil, nil, nil, err
} }
@@ -226,18 +226,18 @@ func (r *CommandSide) verifyHumanWebAuthN(ctx context.Context, userID, resourceo
return userAgg, webAuthN, verifyWebAuthN, nil return userAgg, webAuthN, verifyWebAuthN, nil
} }
func (r *CommandSide) HumanBeginU2FLogin(ctx context.Context, userID, resourceOwner string, authRequest *domain.AuthRequest, isLoginUI bool) (*domain.WebAuthNLogin, error) { func (c *Commands) HumanBeginU2FLogin(ctx context.Context, userID, resourceOwner string, authRequest *domain.AuthRequest, isLoginUI bool) (*domain.WebAuthNLogin, error) {
u2fTokens, err := r.getHumanU2FTokens(ctx, userID, resourceOwner) u2fTokens, err := c.getHumanU2FTokens(ctx, userID, resourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
userAgg, webAuthNLogin, err := r.beginWebAuthNLogin(ctx, userID, resourceOwner, u2fTokens, isLoginUI) userAgg, webAuthNLogin, err := c.beginWebAuthNLogin(ctx, userID, resourceOwner, u2fTokens, isLoginUI)
if err != nil { if err != nil {
return nil, err return nil, err
} }
_, err = r.eventstore.PushEvents(ctx, _, err = c.eventstore.PushEvents(ctx,
usr_repo.NewHumanU2FBeginLoginEvent( usr_repo.NewHumanU2FBeginLoginEvent(
ctx, ctx,
userAgg, userAgg,
@@ -249,17 +249,17 @@ func (r *CommandSide) HumanBeginU2FLogin(ctx context.Context, userID, resourceOw
return webAuthNLogin, err return webAuthNLogin, err
} }
func (r *CommandSide) HumanBeginPasswordlessLogin(ctx context.Context, userID, resourceOwner string, authRequest *domain.AuthRequest, isLoginUI bool) (*domain.WebAuthNLogin, error) { func (c *Commands) HumanBeginPasswordlessLogin(ctx context.Context, userID, resourceOwner string, authRequest *domain.AuthRequest, isLoginUI bool) (*domain.WebAuthNLogin, error) {
u2fTokens, err := r.getHumanPasswordlessTokens(ctx, userID, resourceOwner) u2fTokens, err := c.getHumanPasswordlessTokens(ctx, userID, resourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
userAgg, webAuthNLogin, err := r.beginWebAuthNLogin(ctx, userID, resourceOwner, u2fTokens, isLoginUI) userAgg, webAuthNLogin, err := c.beginWebAuthNLogin(ctx, userID, resourceOwner, u2fTokens, isLoginUI)
if err != nil { if err != nil {
return nil, err return nil, err
} }
_, err = r.eventstore.PushEvents(ctx, _, err = c.eventstore.PushEvents(ctx,
usr_repo.NewHumanPasswordlessBeginLoginEvent( usr_repo.NewHumanPasswordlessBeginLoginEvent(
ctx, ctx,
userAgg, userAgg,
@@ -270,21 +270,21 @@ func (r *CommandSide) HumanBeginPasswordlessLogin(ctx context.Context, userID, r
return webAuthNLogin, err return webAuthNLogin, err
} }
func (r *CommandSide) beginWebAuthNLogin(ctx context.Context, userID, resourceOwner string, tokens []*domain.WebAuthNToken, isLoginUI bool) (*eventstore.Aggregate, *domain.WebAuthNLogin, error) { func (c *Commands) beginWebAuthNLogin(ctx context.Context, userID, resourceOwner string, tokens []*domain.WebAuthNToken, isLoginUI bool) (*eventstore.Aggregate, *domain.WebAuthNLogin, error) {
if userID == "" { if userID == "" {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-hh8K9", "Errors.IDMissing") return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-hh8K9", "Errors.IDMissing")
} }
human, err := r.getHuman(ctx, userID, resourceOwner) human, err := c.getHuman(ctx, userID, resourceOwner)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
webAuthNLogin, err := r.webauthn.BeginLogin(human, domain.UserVerificationRequirementDiscouraged, isLoginUI, tokens...) webAuthNLogin, err := c.webauthn.BeginLogin(human, domain.UserVerificationRequirementDiscouraged, isLoginUI, tokens...)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
writeModel, err := r.webauthNWriteModelByID(ctx, userID, "", resourceOwner) writeModel, err := c.webauthNWriteModelByID(ctx, userID, "", resourceOwner)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
@@ -293,22 +293,22 @@ func (r *CommandSide) beginWebAuthNLogin(ctx context.Context, userID, resourceOw
return userAgg, webAuthNLogin, nil return userAgg, webAuthNLogin, nil
} }
func (r *CommandSide) HumanFinishU2FLogin(ctx context.Context, userID, resourceOwner string, credentialData []byte, authRequest *domain.AuthRequest, isLoginUI bool) error { func (c *Commands) HumanFinishU2FLogin(ctx context.Context, userID, resourceOwner string, credentialData []byte, authRequest *domain.AuthRequest, isLoginUI bool) error {
webAuthNLogin, err := r.getHumanU2FLogin(ctx, userID, authRequest.ID, resourceOwner) webAuthNLogin, err := c.getHumanU2FLogin(ctx, userID, authRequest.ID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
u2fTokens, err := r.getHumanU2FTokens(ctx, userID, resourceOwner) u2fTokens, err := c.getHumanU2FTokens(ctx, userID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
userAgg, token, signCount, err := r.finishWebAuthNLogin(ctx, userID, resourceOwner, credentialData, webAuthNLogin, u2fTokens, isLoginUI) userAgg, token, signCount, err := c.finishWebAuthNLogin(ctx, userID, resourceOwner, credentialData, webAuthNLogin, u2fTokens, isLoginUI)
if err != nil { if err != nil {
return err return err
} }
_, err = r.eventstore.PushEvents(ctx, _, err = c.eventstore.PushEvents(ctx,
usr_repo.NewHumanU2FSignCountChangedEvent( usr_repo.NewHumanU2FSignCountChangedEvent(
ctx, ctx,
userAgg, userAgg,
@@ -320,23 +320,23 @@ func (r *CommandSide) HumanFinishU2FLogin(ctx context.Context, userID, resourceO
return err return err
} }
func (r *CommandSide) HumanFinishPasswordlessLogin(ctx context.Context, userID, resourceOwner string, credentialData []byte, authRequest *domain.AuthRequest, isLoginUI bool) error { func (c *Commands) HumanFinishPasswordlessLogin(ctx context.Context, userID, resourceOwner string, credentialData []byte, authRequest *domain.AuthRequest, isLoginUI bool) error {
webAuthNLogin, err := r.getHumanPasswordlessLogin(ctx, userID, authRequest.ID, resourceOwner) webAuthNLogin, err := c.getHumanPasswordlessLogin(ctx, userID, authRequest.ID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
passwordlessTokens, err := r.getHumanPasswordlessTokens(ctx, userID, resourceOwner) passwordlessTokens, err := c.getHumanPasswordlessTokens(ctx, userID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
userAgg, token, signCount, err := r.finishWebAuthNLogin(ctx, userID, resourceOwner, credentialData, webAuthNLogin, passwordlessTokens, isLoginUI) userAgg, token, signCount, err := c.finishWebAuthNLogin(ctx, userID, resourceOwner, credentialData, webAuthNLogin, passwordlessTokens, isLoginUI)
if err != nil { if err != nil {
return err return err
} }
_, err = r.eventstore.PushEvents(ctx, _, err = c.eventstore.PushEvents(ctx,
usr_repo.NewHumanPasswordlessSignCountChangedEvent( usr_repo.NewHumanPasswordlessSignCountChangedEvent(
ctx, ctx,
userAgg, userAgg,
@@ -347,16 +347,16 @@ func (r *CommandSide) HumanFinishPasswordlessLogin(ctx context.Context, userID,
return err return err
} }
func (r *CommandSide) finishWebAuthNLogin(ctx context.Context, userID, resourceOwner string, credentialData []byte, webAuthN *domain.WebAuthNLogin, tokens []*domain.WebAuthNToken, isLoginUI bool) (*eventstore.Aggregate, *domain.WebAuthNToken, uint32, error) { func (c *Commands) finishWebAuthNLogin(ctx context.Context, userID, resourceOwner string, credentialData []byte, webAuthN *domain.WebAuthNLogin, tokens []*domain.WebAuthNToken, isLoginUI bool) (*eventstore.Aggregate, *domain.WebAuthNToken, uint32, error) {
if userID == "" { if userID == "" {
return nil, nil, 0, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-hh8K9", "Errors.IDMissing") return nil, nil, 0, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-hh8K9", "Errors.IDMissing")
} }
human, err := r.getHuman(ctx, userID, resourceOwner) human, err := c.getHuman(ctx, userID, resourceOwner)
if err != nil { if err != nil {
return nil, nil, 0, err return nil, nil, 0, err
} }
keyID, signCount, err := r.webauthn.FinishLogin(human, webAuthN, credentialData, isLoginUI, tokens...) keyID, signCount, err := c.webauthn.FinishLogin(human, webAuthN, credentialData, isLoginUI, tokens...)
if err != nil && keyID == nil { if err != nil && keyID == nil {
return nil, nil, 0, err return nil, nil, 0, err
} }
@@ -366,7 +366,7 @@ func (r *CommandSide) finishWebAuthNLogin(ctx context.Context, userID, resourceO
return nil, nil, 0, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3b7zs", "Errors.User.WebAuthN.NotFound") return nil, nil, 0, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3b7zs", "Errors.User.WebAuthN.NotFound")
} }
writeModel, err := r.webauthNWriteModelByID(ctx, userID, "", resourceOwner) writeModel, err := c.webauthNWriteModelByID(ctx, userID, "", resourceOwner)
if err != nil { if err != nil {
return nil, nil, 0, err return nil, nil, 0, err
} }
@@ -375,22 +375,22 @@ func (r *CommandSide) finishWebAuthNLogin(ctx context.Context, userID, resourceO
return userAgg, token, signCount, nil return userAgg, token, signCount, nil
} }
func (r *CommandSide) HumanRemoveU2F(ctx context.Context, userID, webAuthNID, resourceOwner string) error { func (c *Commands) HumanRemoveU2F(ctx context.Context, userID, webAuthNID, resourceOwner string) error {
event := usr_repo.PrepareHumanU2FRemovedEvent(ctx, webAuthNID) event := usr_repo.PrepareHumanU2FRemovedEvent(ctx, webAuthNID)
return r.removeHumanWebAuthN(ctx, userID, webAuthNID, resourceOwner, event) return c.removeHumanWebAuthN(ctx, userID, webAuthNID, resourceOwner, event)
} }
func (r *CommandSide) HumanRemovePasswordless(ctx context.Context, userID, webAuthNID, resourceOwner string) error { func (c *Commands) HumanRemovePasswordless(ctx context.Context, userID, webAuthNID, resourceOwner string) error {
event := usr_repo.PrepareHumanPasswordlessRemovedEvent(ctx, webAuthNID) event := usr_repo.PrepareHumanPasswordlessRemovedEvent(ctx, webAuthNID)
return r.removeHumanWebAuthN(ctx, userID, webAuthNID, resourceOwner, event) return c.removeHumanWebAuthN(ctx, userID, webAuthNID, resourceOwner, event)
} }
func (r *CommandSide) removeHumanWebAuthN(ctx context.Context, userID, webAuthNID, resourceOwner string, preparedEvent func(*eventstore.Aggregate) eventstore.EventPusher) error { func (c *Commands) removeHumanWebAuthN(ctx context.Context, userID, webAuthNID, resourceOwner string, preparedEvent func(*eventstore.Aggregate) eventstore.EventPusher) error {
if userID == "" || webAuthNID == "" { if userID == "" || webAuthNID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-6M9de", "Errors.IDMissing") return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-6M9de", "Errors.IDMissing")
} }
existingWebAuthN, err := r.webauthNWriteModelByID(ctx, userID, webAuthNID, resourceOwner) existingWebAuthN, err := c.webauthNWriteModelByID(ctx, userID, webAuthNID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
@@ -399,16 +399,16 @@ func (r *CommandSide) removeHumanWebAuthN(ctx context.Context, userID, webAuthNI
} }
userAgg := UserAggregateFromWriteModel(&existingWebAuthN.WriteModel) userAgg := UserAggregateFromWriteModel(&existingWebAuthN.WriteModel)
_, err = r.eventstore.PushEvents(ctx, preparedEvent(userAgg)) _, err = c.eventstore.PushEvents(ctx, preparedEvent(userAgg))
return err return err
} }
func (r *CommandSide) webauthNWriteModelByID(ctx context.Context, userID, webAuthNID, resourceOwner string) (writeModel *HumanWebAuthNWriteModel, err error) { func (c *Commands) webauthNWriteModelByID(ctx context.Context, userID, webAuthNID, resourceOwner string) (writeModel *HumanWebAuthNWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
writeModel = NewHumanWebAuthNWriteModel(userID, webAuthNID, resourceOwner) writeModel = NewHumanWebAuthNWriteModel(userID, webAuthNID, resourceOwner)
err = r.eventstore.FilterToQueryReducer(ctx, writeModel) err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

18
internal/command/user_machine.go
View File

@@ -9,18 +9,18 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
) )
func (r *CommandSide) AddMachine(ctx context.Context, orgID string, machine *domain.Machine) (*domain.Machine, error) { func (c *Commands) AddMachine(ctx context.Context, orgID string, machine *domain.Machine) (*domain.Machine, error) {
if !machine.IsValid() { if !machine.IsValid() {
return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-bm9Ds", "Errors.User.Invalid") return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-bm9Ds", "Errors.User.Invalid")
} }
userID, err := r.idGenerator.Next() userID, err := c.idGenerator.Next()
if err != nil { if err != nil {
return nil, err return nil, err
} }
machine.AggregateID = userID machine.AggregateID = userID
orgIAMPolicy, err := r.getOrgIAMPolicy(ctx, orgID) orgIAMPolicy, err := c.getOrgIAMPolicy(ctx, orgID)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -31,7 +31,7 @@ func (r *CommandSide) AddMachine(ctx context.Context, orgID string, machine *dom
addedMachine := NewMachineWriteModel(machine.AggregateID, orgID) addedMachine := NewMachineWriteModel(machine.AggregateID, orgID)
userAgg := UserAggregateFromWriteModel(&addedMachine.WriteModel) userAgg := UserAggregateFromWriteModel(&addedMachine.WriteModel)
events, err := r.eventstore.PushEvents(ctx, user.NewMachineAddedEvent( events, err := c.eventstore.PushEvents(ctx, user.NewMachineAddedEvent(
ctx, ctx,
userAgg, userAgg,
machine.Username, machine.Username,
@@ -49,8 +49,8 @@ func (r *CommandSide) AddMachine(ctx context.Context, orgID string, machine *dom
return writeModelToMachine(addedMachine), nil return writeModelToMachine(addedMachine), nil
} }
func (r *CommandSide) ChangeMachine(ctx context.Context, machine *domain.Machine) (*domain.Machine, error) { func (c *Commands) ChangeMachine(ctx context.Context, machine *domain.Machine) (*domain.Machine, error) {
existingMachine, err := r.machineWriteModelByID(ctx, machine.AggregateID, machine.ResourceOwner) existingMachine, err := c.machineWriteModelByID(ctx, machine.AggregateID, machine.ResourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -64,7 +64,7 @@ func (r *CommandSide) ChangeMachine(ctx context.Context, machine *domain.Machine
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2n8vs", "Errors.User.NotChanged") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2n8vs", "Errors.User.NotChanged")
} }
events, err := r.eventstore.PushEvents(ctx, changedEvent) events, err := c.eventstore.PushEvents(ctx, changedEvent)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -76,7 +76,7 @@ func (r *CommandSide) ChangeMachine(ctx context.Context, machine *domain.Machine
} }
//TODO: adlerhurst we should check userID on the same level, in user.go userID is checked in public funcs //TODO: adlerhurst we should check userID on the same level, in user.go userID is checked in public funcs
func (r *CommandSide) machineWriteModelByID(ctx context.Context, userID, resourceOwner string) (writeModel *MachineWriteModel, err error) { func (c *Commands) machineWriteModelByID(ctx context.Context, userID, resourceOwner string) (writeModel *MachineWriteModel, err error) {
if userID == "" { if userID == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-0Plof", "Errors.User.UserIDMissing") return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-0Plof", "Errors.User.UserIDMissing")
} }
@@ -84,7 +84,7 @@ func (r *CommandSide) machineWriteModelByID(ctx context.Context, userID, resourc
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
writeModel = NewMachineWriteModel(userID, resourceOwner) writeModel = NewMachineWriteModel(userID, resourceOwner)
err = r.eventstore.FilterToQueryReducer(ctx, writeModel) err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

22
internal/command/user_machine_key.go
View File

@@ -9,17 +9,17 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
) )
func (r *CommandSide) AddUserMachineKey(ctx context.Context, machineKey *domain.MachineKey, resourceOwner string) (*domain.MachineKey, error) { func (c *Commands) AddUserMachineKey(ctx context.Context, machineKey *domain.MachineKey, resourceOwner string) (*domain.MachineKey, error) {
err := r.checkUserExists(ctx, machineKey.AggregateID, resourceOwner) err := c.checkUserExists(ctx, machineKey.AggregateID, resourceOwner)
if err != nil { if err != nil {
return nil, err return nil, err
} }
keyID, err := r.idGenerator.Next() keyID, err := c.idGenerator.Next()
if err != nil { if err != nil {
return nil, err return nil, err
} }
keyWriteModel := NewMachineKeyWriteModel(machineKey.AggregateID, keyID, resourceOwner) keyWriteModel := NewMachineKeyWriteModel(machineKey.AggregateID, keyID, resourceOwner)
err = r.eventstore.FilterToQueryReducer(ctx, keyWriteModel) err = c.eventstore.FilterToQueryReducer(ctx, keyWriteModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -28,11 +28,11 @@ func (r *CommandSide) AddUserMachineKey(ctx context.Context, machineKey *domain.
return nil, err return nil, err
} }
if err = domain.SetNewAuthNKeyPair(machineKey, r.machineKeySize); err != nil { if err = domain.SetNewAuthNKeyPair(machineKey, c.machineKeySize); err != nil {
return nil, err return nil, err
} }
events, err := r.eventstore.PushEvents(ctx, events, err := c.eventstore.PushEvents(ctx,
user.NewMachineKeyAddedEvent( user.NewMachineKeyAddedEvent(
ctx, ctx,
UserAggregateFromWriteModel(&keyWriteModel.WriteModel), UserAggregateFromWriteModel(&keyWriteModel.WriteModel),
@@ -53,8 +53,8 @@ func (r *CommandSide) AddUserMachineKey(ctx context.Context, machineKey *domain.
return key, nil return key, nil
} }
func (r *CommandSide) RemoveUserMachineKey(ctx context.Context, userID, keyID, resourceOwner string) error { func (c *Commands) RemoveUserMachineKey(ctx context.Context, userID, keyID, resourceOwner string) error {
keyWriteModel, err := r.machineKeyWriteModelByID(ctx, userID, keyID, resourceOwner) keyWriteModel, err := c.machineKeyWriteModelByID(ctx, userID, keyID, resourceOwner)
if err != nil { if err != nil {
return err return err
} }
@@ -62,12 +62,12 @@ func (r *CommandSide) RemoveUserMachineKey(ctx context.Context, userID, keyID, r
return errors.ThrowNotFound(nil, "COMMAND-4m77G", "Errors.User.Machine.Key.NotFound") return errors.ThrowNotFound(nil, "COMMAND-4m77G", "Errors.User.Machine.Key.NotFound")
} }
_, err = r.eventstore.PushEvents(ctx, _, err = c.eventstore.PushEvents(ctx,
user.NewMachineKeyRemovedEvent(ctx, UserAggregateFromWriteModel(&keyWriteModel.WriteModel), keyID)) user.NewMachineKeyRemovedEvent(ctx, UserAggregateFromWriteModel(&keyWriteModel.WriteModel), keyID))
return err return err
} }
func (r *CommandSide) machineKeyWriteModelByID(ctx context.Context, userID, keyID, resourceOwner string) (writeModel *MachineKeyWriteModel, err error) { func (c *Commands) machineKeyWriteModelByID(ctx context.Context, userID, keyID, resourceOwner string) (writeModel *MachineKeyWriteModel, err error) {
if userID == "" { if userID == "" {
return nil, errors.ThrowInvalidArgument(nil, "COMMAND-4n8vs", "Errors.User.UserIDMissing") return nil, errors.ThrowInvalidArgument(nil, "COMMAND-4n8vs", "Errors.User.UserIDMissing")
} }
@@ -75,7 +75,7 @@ func (r *CommandSide) machineKeyWriteModelByID(ctx context.Context, userID, keyI
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
writeModel = NewMachineKeyWriteModel(userID, keyID, resourceOwner) writeModel = NewMachineKeyWriteModel(userID, keyID, resourceOwner)
err = r.eventstore.FilterToQueryReducer(ctx, writeModel) err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil { if err != nil {
return nil, err return nil, err
} }

44
internal/config/types/sql.go
View File

@@ -5,6 +5,7 @@ import (
"strings" "strings"
"github.com/caos/logging" "github.com/caos/logging"
"github.com/caos/zitadel/internal/errors" "github.com/caos/zitadel/internal/errors"
) )
@@ -21,11 +22,32 @@ type SQL struct {
SSL *ssl SSL *ssl
} }
type SQLBase struct {
Host string
Port string
Database string
SSL sslBase
}
type SQLUser struct {
User string
Password string
SSL sslUser
}
type ssl struct { type ssl struct {
sslBase
sslUser
}
type sslBase struct {
// type of connection security // type of connection security
Mode string Mode string
// RootCert Path to the CA certificate // RootCert Path to the CA certificate
RootCert string RootCert string
}
type sslUser struct {
// Cert Path to the client certificate // Cert Path to the client certificate
Cert string Cert string
// Key Path to the client private key // Key Path to the client private key
@@ -71,7 +93,7 @@ func (s *SQL) Start() (*sql.DB, error) {
func (s *SQL) checkSSL() { func (s *SQL) checkSSL() {
if s.SSL == nil || s.SSL.Mode == sslDisabledMode || s.SSL.Mode == "" { if s.SSL == nil || s.SSL.Mode == sslDisabledMode || s.SSL.Mode == "" {
s.SSL = &ssl{Mode: sslDisabledMode} s.SSL = &ssl{sslBase: sslBase{Mode: sslDisabledMode}}
return return
} }
if s.SSL.Cert == "" || s.SSL.Key == "" || s.SSL.RootCert == "" { if s.SSL.Cert == "" || s.SSL.Key == "" || s.SSL.RootCert == "" {
@@ -82,3 +104,23 @@ func (s *SQL) checkSSL() {
).Fatal("fields for secure connection missing") ).Fatal("fields for secure connection missing")
} }
} }
func (u SQLUser) Start(base SQLBase) (*sql.DB, error) {
return (&SQL{
Host: base.Host,
Port: base.Port,
User: u.User,
Password: u.Password,
Database: base.Database,
SSL: &ssl{
sslBase: sslBase{
Mode: base.SSL.Mode,
RootCert: base.SSL.RootCert,
},
sslUser: sslUser{
Cert: u.SSL.Cert,
Key: u.SSL.Key,
},
},
}).Start()
}

24
internal/eventstore/config.go Normal file
View File

@@ -0,0 +1,24 @@
package eventstore
import (
"github.com/caos/zitadel/internal/config/types"
"github.com/caos/zitadel/internal/eventstore/repository/sql"
)
func Start(sqlConfig types.SQL) (*Eventstore, error) {
sqlClient, err := sqlConfig.Start()
if err != nil {
return nil, err
}
return NewEventstore(sql.NewCRDB(sqlClient)), nil
}
func StartWithUser(baseConfig types.SQLBase, userConfig types.SQLUser) (*Eventstore, error) {
sqlClient, err := userConfig.Start(baseConfig)
if err != nil {
return nil, err
}
return NewEventstore(sql.NewCRDB(sqlClient)), nil
}

1
internal/eventstore/local_crdb_test.go
View File

@@ -95,6 +95,7 @@ func setPasswordNULL() error {
"authpassword", "authpassword",
"notificationpassword", "notificationpassword",
"authzpassword", "authzpassword",
"queriespassword",
} }
for _, name := range passwordNames { for _, name := range passwordNames {
if err := os.Setenv(name, "NULL"); err != nil { if err := os.Setenv(name, "NULL"); err != nil {

1
internal/eventstore/repository/sql/local_crdb_test.go
View File

@@ -99,6 +99,7 @@ func setPasswordNULL() error {
"authpassword", "authpassword",
"notificationpassword", "notificationpassword",
"authzpassword", "authzpassword",
"queriespassword",
} }
for _, name := range passwordNames { for _, name := range passwordNames {
if err := os.Setenv(name, "NULL"); err != nil { if err := os.Setenv(name, "NULL"); err != nil {

7
internal/eventstore/v1/config.go
View File

@@ -2,10 +2,7 @@ package v1
import ( import (
"github.com/caos/zitadel/internal/cache/config" "github.com/caos/zitadel/internal/cache/config"
eventstore2 "github.com/caos/zitadel/internal/eventstore"
sql_v2 "github.com/caos/zitadel/internal/eventstore/repository/sql"
"github.com/caos/zitadel/internal/eventstore/v1/internal/repository/sql" "github.com/caos/zitadel/internal/eventstore/v1/internal/repository/sql"
"github.com/caos/zitadel/internal/eventstore/v1/models"
) )
type Config struct { type Config struct {
@@ -15,14 +12,12 @@ type Config struct {
} }
func Start(conf Config) (Eventstore, error) { func Start(conf Config) (Eventstore, error) {
repo, sqlClient, err := sql.Start(conf.Repository) repo, _, err := sql.Start(conf.Repository)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return &eventstore{ return &eventstore{
repo: repo, repo: repo,
aggregateCreator: models.NewAggregateCreator(conf.ServiceName),
esV2: eventstore2.NewEventstore(sql_v2.NewCRDB(sqlClient)),
}, nil }, nil
} }

36
internal/eventstore/v1/eventstore.go
View File

@@ -2,20 +2,15 @@ package v1
import ( import (
"context" "context"
eventstore2 "github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v1/internal/repository" "github.com/caos/zitadel/internal/eventstore/v1/internal/repository"
"github.com/caos/zitadel/internal/eventstore/v1/models" "github.com/caos/zitadel/internal/eventstore/v1/models"
) )
type Eventstore interface { type Eventstore interface {
AggregateCreator() *models.AggregateCreator
Health(ctx context.Context) error Health(ctx context.Context) error
PushAggregates(ctx context.Context, aggregates ...*models.Aggregate) error
FilterEvents(ctx context.Context, searchQuery *models.SearchQuery) (events []*models.Event, err error) FilterEvents(ctx context.Context, searchQuery *models.SearchQuery) (events []*models.Event, err error)
LatestSequence(ctx context.Context, searchQuery *models.SearchQueryFactory) (uint64, error) LatestSequence(ctx context.Context, searchQuery *models.SearchQueryFactory) (uint64, error)
V2() *eventstore2.Eventstore
Subscribe(aggregates ...models.AggregateType) *Subscription Subscribe(aggregates ...models.AggregateType) *Subscription
} }
@@ -23,33 +18,6 @@ var _ Eventstore = (*eventstore)(nil)
type eventstore struct { type eventstore struct {
repo repository.Repository repo repository.Repository
aggregateCreator *models.AggregateCreator
esV2 *eventstore2.Eventstore
}
func (es *eventstore) AggregateCreator() *models.AggregateCreator {
return es.aggregateCreator
}
func (es *eventstore) PushAggregates(ctx context.Context, aggregates ...*models.Aggregate) (err error) {
for _, aggregate := range aggregates {
if len(aggregate.Events) == 0 {
return errors.ThrowInvalidArgument(nil, "EVENT-cNhIj", "no events in aggregate")
}
for _, event := range aggregate.Events {
if err = event.Validate(); err != nil {
return errors.ThrowInvalidArgument(err, "EVENT-tzIhl", "validate event failed")
}
}
}
err = es.repo.PushAggregates(ctx, aggregates...)
if err != nil {
return err
}
go notify(aggregates)
return nil
} }
func (es *eventstore) FilterEvents(ctx context.Context, searchQuery *models.SearchQuery) ([]*models.Event, error) { func (es *eventstore) FilterEvents(ctx context.Context, searchQuery *models.SearchQuery) ([]*models.Event, error) {
@@ -69,7 +37,3 @@ func (es *eventstore) LatestSequence(ctx context.Context, queryFactory *models.S
func (es *eventstore) Health(ctx context.Context) error { func (es *eventstore) Health(ctx context.Context) error {
return es.repo.Health(ctx) return es.repo.Health(ctx)
} }
func (es *eventstore) V2() *eventstore2.Eventstore {
return es.esV2
}

2
internal/management/repository/eventsourcing/eventstore/iam.go
View File

@@ -8,7 +8,7 @@ import (
) )
type IAMRepository struct { type IAMRepository struct {
IAMV2Query *query.QuerySide IAMV2Query *query.Queries
} }
func (repo *IAMRepository) IAMByID(ctx context.Context, id string) (*iam_model.IAM, error) { func (repo *IAMRepository) IAMByID(ctx context.Context, id string) (*iam_model.IAM, error) {

9
internal/management/repository/eventsourcing/repository.go
View File

@@ -30,13 +30,12 @@ type EsRepository struct {
view *mgmt_view.View view *mgmt_view.View
} }
func Start(conf Config, systemDefaults sd.SystemDefaults, roles []string) (*EsRepository, error) { func Start(conf Config, systemDefaults sd.SystemDefaults, roles []string, queries *query.Queries) (*EsRepository, error) {
es, err := v1.Start(conf.Eventstore) es, err := v1.Start(conf.Eventstore)
if err != nil { if err != nil {
return nil, err return nil, err
} }
esV2 := es.V2()
sqlClient, err := conf.View.Start() sqlClient, err := conf.View.Start()
if err != nil { if err != nil {
@@ -47,10 +46,6 @@ func Start(conf Config, systemDefaults sd.SystemDefaults, roles []string) (*EsRe
return nil, err return nil, err
} }
iamV2Query, err := query.StartQuerySide(&query.Config{Eventstore: esV2, SystemDefaults: systemDefaults})
if err != nil {
return nil, err
}
spool := spooler.StartSpooler(conf.Spooler, es, view, sqlClient, systemDefaults) spool := spooler.StartSpooler(conf.Spooler, es, view, sqlClient, systemDefaults)
return &EsRepository{ return &EsRepository{
@@ -60,7 +55,7 @@ func Start(conf Config, systemDefaults sd.SystemDefaults, roles []string) (*EsRe
UserRepo: eventstore.UserRepo{es, conf.SearchLimit, view, systemDefaults}, UserRepo: eventstore.UserRepo{es, conf.SearchLimit, view, systemDefaults},
UserGrantRepo: eventstore.UserGrantRepo{conf.SearchLimit, view}, UserGrantRepo: eventstore.UserGrantRepo{conf.SearchLimit, view},
IAMRepository: eventstore.IAMRepository{ IAMRepository: eventstore.IAMRepository{
IAMV2Query: iamV2Query, IAMV2Query: queries,
}, },
view: view, view: view,
}, nil }, nil

2
internal/notification/notification.go
View File

@@ -15,7 +15,7 @@ type Config struct {
Repository eventsourcing.Config Repository eventsourcing.Config
} }
func Start(ctx context.Context, config Config, systemDefaults sd.SystemDefaults, command *command.CommandSide) { func Start(ctx context.Context, config Config, systemDefaults sd.SystemDefaults, command *command.Commands) {
statikFS, err := fs.NewWithNamespace("notification") statikFS, err := fs.NewWithNamespace("notification")
logging.Log("CONFI-7usEW").OnError(err).Panic("unable to start listener") logging.Log("CONFI-7usEW").OnError(err).Panic("unable to start listener")

2
internal/notification/repository/eventsourcing/handler/handler.go
View File

@@ -34,7 +34,7 @@ func (h *handler) Eventstore() v1.Eventstore {
return h.es return h.es
} }
func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, es v1.Eventstore, command *command.CommandSide, systemDefaults sd.SystemDefaults, i18n *i18n.Translator, dir http.FileSystem) []query.Handler { func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, es v1.Eventstore, command *command.Commands, systemDefaults sd.SystemDefaults, i18n *i18n.Translator, dir http.FileSystem) []query.Handler {
aesCrypto, err := crypto.NewAESCrypto(systemDefaults.UserVerificationKey) aesCrypto, err := crypto.NewAESCrypto(systemDefaults.UserVerificationKey)
if err != nil { if err != nil {
logging.Log("HANDL-s90ew").WithError(err).Debug("error create new aes crypto") logging.Log("HANDL-s90ew").WithError(err).Debug("error create new aes crypto")

4
internal/notification/repository/eventsourcing/handler/notification.go
View File

@@ -46,7 +46,7 @@ const (
type Notification struct { type Notification struct {
handler handler
command *command.CommandSide command *command.Commands
systemDefaults sd.SystemDefaults systemDefaults sd.SystemDefaults
AesCrypto crypto.EncryptionAlgorithm AesCrypto crypto.EncryptionAlgorithm
i18n *i18n.Translator i18n *i18n.Translator
@@ -56,7 +56,7 @@ type Notification struct {
func newNotification( func newNotification(
handler handler, handler handler,
command *command.CommandSide, command *command.Commands,
defaults sd.SystemDefaults, defaults sd.SystemDefaults,
aesCrypto crypto.EncryptionAlgorithm, aesCrypto crypto.EncryptionAlgorithm,
translator *i18n.Translator, translator *i18n.Translator,

2
internal/notification/repository/eventsourcing/repository.go
View File

@@ -26,7 +26,7 @@ type EsRepository struct {
spooler *es_spol.Spooler spooler *es_spol.Spooler
} }
func Start(conf Config, dir http.FileSystem, systemDefaults sd.SystemDefaults, command *command.CommandSide) (*EsRepository, error) { func Start(conf Config, dir http.FileSystem, systemDefaults sd.SystemDefaults, command *command.Commands) (*EsRepository, error) {
es, err := v1.Start(conf.Eventstore) es, err := v1.Start(conf.Eventstore)
if err != nil { if err != nil {
return nil, err return nil, err

2
internal/notification/repository/eventsourcing/spooler/spooler.go
View File

@@ -20,7 +20,7 @@ type SpoolerConfig struct {
Handlers handler.Configs Handlers handler.Configs
} }
func StartSpooler(c SpoolerConfig, es v1.Eventstore, view *view.View, sql *sql.DB, command *command.CommandSide, systemDefaults sd.SystemDefaults, i18n *i18n.Translator, dir http.FileSystem) *spooler.Spooler { func StartSpooler(c SpoolerConfig, es v1.Eventstore, view *view.View, sql *sql.DB, command *command.Commands, systemDefaults sd.SystemDefaults, i18n *i18n.Translator, dir http.FileSystem) *spooler.Spooler {
spoolerConfig := spooler.Config{ spoolerConfig := spooler.Config{
Eventstore: es, Eventstore: es,
Locker: &locker{dbClient: sql}, Locker: &locker{dbClient: sql},

2
internal/query/iam_idp_config.go
View File

@@ -5,7 +5,7 @@ import (
"github.com/caos/zitadel/internal/domain" "github.com/caos/zitadel/internal/domain"
) )
func (r *QuerySide) DefaultIDPConfigByID(ctx context.Context, idpConfigID string) (*domain.IDPConfigView, error) { func (r *Queries) DefaultIDPConfigByID(ctx context.Context, idpConfigID string) (*domain.IDPConfigView, error) {
idpConfig := NewIAMIDPConfigReadModel(r.iamID, idpConfigID) idpConfig := NewIAMIDPConfigReadModel(r.iamID, idpConfigID)
err := r.eventstore.FilterToQueryReducer(ctx, idpConfig) err := r.eventstore.FilterToQueryReducer(ctx, idpConfig)
if err != nil { if err != nil {

2
internal/query/member.go
View File

@@ -5,7 +5,7 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
) )
func (r *QuerySide) IAMMemberByID(ctx context.Context, iamID, userID string) (member *IAMMemberReadModel, err error) { func (r *Queries) IAMMemberByID(ctx context.Context, iamID, userID string) (member *IAMMemberReadModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()

21
internal/query/query.go
View File

@@ -2,6 +2,8 @@ package query
import ( import (
"context" "context"
"github.com/caos/zitadel/internal/config/types"
"github.com/caos/zitadel/internal/eventstore" "github.com/caos/zitadel/internal/eventstore"
usr_repo "github.com/caos/zitadel/internal/repository/user" usr_repo "github.com/caos/zitadel/internal/repository/user"
@@ -13,7 +15,7 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing" "github.com/caos/zitadel/internal/telemetry/tracing"
) )
type QuerySide struct { type Queries struct {
iamID string iamID string
eventstore *eventstore.Eventstore eventstore *eventstore.Eventstore
idGenerator id.Generator idGenerator id.Generator
@@ -21,27 +23,26 @@ type QuerySide struct {
} }
type Config struct { type Config struct {
Eventstore *eventstore.Eventstore Eventstore types.SQLUser
SystemDefaults sd.SystemDefaults
} }
func StartQuerySide(config *Config) (repo *QuerySide, err error) { func StartQueries(eventstore *eventstore.Eventstore, defaults sd.SystemDefaults) (repo *Queries, err error) {
repo = &QuerySide{ repo = &Queries{
iamID: config.SystemDefaults.IamID, iamID: defaults.IamID,
eventstore: config.Eventstore, eventstore: eventstore,
idGenerator: id.SonyFlakeGenerator, idGenerator: id.SonyFlakeGenerator,
} }
iam_repo.RegisterEventMappers(repo.eventstore) iam_repo.RegisterEventMappers(repo.eventstore)
usr_repo.RegisterEventMappers(repo.eventstore) usr_repo.RegisterEventMappers(repo.eventstore)
repo.secretCrypto, err = crypto.NewAESCrypto(config.SystemDefaults.IDPConfigVerificationKey) repo.secretCrypto, err = crypto.NewAESCrypto(defaults.IDPConfigVerificationKey)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return repo, nil return repo, nil
} }
func (r *QuerySide) IAMByID(ctx context.Context, id string) (_ *iam_model.IAM, err error) { func (r *Queries) IAMByID(ctx context.Context, id string) (_ *iam_model.IAM, err error) {
readModel, err := r.iamByID(ctx, id) readModel, err := r.iamByID(ctx, id)
if err != nil { if err != nil {
return nil, err return nil, err
@@ -50,7 +51,7 @@ func (r *QuerySide) IAMByID(ctx context.Context, id string) (_ *iam_model.IAM, e
return readModelToIAM(readModel), nil return readModelToIAM(readModel), nil
} }
func (r *QuerySide) iamByID(ctx context.Context, id string) (_ *ReadModel, err error) { func (r *Queries) iamByID(ctx context.Context, id string) (_ *ReadModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()

2
internal/query/user.go
View File

@@ -5,7 +5,7 @@ import (
"github.com/caos/zitadel/internal/eventstore" "github.com/caos/zitadel/internal/eventstore"
) )
func (q *QuerySide) UserEvents(ctx context.Context, orgID, userID string, sequence uint64) ([]eventstore.EventReader, error) { func (q *Queries) UserEvents(ctx context.Context, orgID, userID string, sequence uint64) ([]eventstore.EventReader, error) {
query := NewUserEventSearchQuery(userID, orgID, sequence) query := NewUserEventSearchQuery(userID, orgID, sequence)
return q.eventstore.FilterEvents(ctx, query) return q.eventstore.FilterEvents(ctx, query)
} }

2
internal/setup/setup.go
View File

@@ -16,7 +16,7 @@ const (
SetupUser = "SETUP" SetupUser = "SETUP"
) )
func Execute(ctx context.Context, setUpConfig IAMSetUp, iamID string, commands *command.CommandSide) error { func Execute(ctx context.Context, setUpConfig IAMSetUp, iamID string, commands *command.Commands) error {
logging.Log("SETUP-JAK2q").Info("starting setup") logging.Log("SETUP-JAK2q").Info("starting setup")
iam, err := commands.GetIAM(ctx) iam, err := commands.GetIAM(ctx)

6
internal/ui/login/handler/login.go
View File

@@ -29,8 +29,8 @@ type Login struct {
router http.Handler router http.Handler
renderer *Renderer renderer *Renderer
parser *form.Parser parser *form.Parser
command *command.CommandSide command *command.Commands
query *query.QuerySide query *query.Queries
authRepo auth_repository.Repository authRepo auth_repository.Repository
baseURL string baseURL string
zitadelURL string zitadelURL string
@@ -60,7 +60,7 @@ const (
handlerPrefix = "/login" handlerPrefix = "/login"
) )
func CreateLogin(config Config, command *command.CommandSide, query *query.QuerySide, authRepo *eventsourcing.EsRepository, systemDefaults systemdefaults.SystemDefaults, localDevMode bool) (*Login, string) { func CreateLogin(config Config, command *command.Commands, query *query.Queries, authRepo *eventsourcing.EsRepository, systemDefaults systemdefaults.SystemDefaults, localDevMode bool) (*Login, string) {
aesCrypto, err := crypto.NewAESCrypto(systemDefaults.IDPConfigVerificationKey) aesCrypto, err := crypto.NewAESCrypto(systemDefaults.IDPConfigVerificationKey)
if err != nil { if err != nil {
logging.Log("HANDL-s90ew").WithError(err).Debug("error create new aes crypto") logging.Log("HANDL-s90ew").WithError(err).Debug("error create new aes crypto")

2
internal/ui/login/login.go
View File

@@ -12,6 +12,6 @@ type Config struct {
Handler handler.Config Handler handler.Config
} }
func Start(config Config, command *command.CommandSide, query *query.QuerySide, authRepo *eventsourcing.EsRepository, systemdefaults systemdefaults.SystemDefaults, localDevMode bool) (*handler.Login, string) { func Start(config Config, command *command.Commands, query *query.Queries, authRepo *eventsourcing.EsRepository, systemdefaults systemdefaults.SystemDefaults, localDevMode bool) (*handler.Login, string) {
return handler.CreateLogin(config.Handler, command, query, authRepo, systemdefaults, localDevMode) return handler.CreateLogin(config.Handler, command, query, authRepo, systemdefaults, localDevMode)
} }

2
migrations/cockroach/V1.35__queries.sql Normal file
View File

@@ -0,0 +1,2 @@
CREATE USER queries WITH PASSWORD ${queriespassword};
GRANT SELECT ON DATABASE eventstore TO queries;

2
migrations/cockroach/migrate_local.go
View File

@@ -2,4 +2,4 @@
package migrations package migrations
//go:generate flyway -url=jdbc:postgresql://localhost:26257/defaultdb -user=root -password= -locations=filesystem:./ -placeholders.eventstorepassword=NULL -placeholders.managementpassword=NULL -placeholders.adminapipassword=NULL -placeholders.authpassword=NULL -placeholders.notificationpassword=NULL -placeholders.authzpassword=NULL migrate //go:generate flyway -url=jdbc:postgresql://localhost:26257/defaultdb -user=root -password= -locations=filesystem:./ -placeholders.eventstorepassword=NULL -placeholders.managementpassword=NULL -placeholders.adminapipassword=NULL -placeholders.authpassword=NULL -placeholders.notificationpassword=NULL -placeholders.authzpassword=NULL -placeholders.queriespassword=NULL migrate

1
operator/zitadel/kinds/iam/zitadel/configuration/desired.go
View File

@@ -34,6 +34,7 @@ type Passwords struct {
Adminapi *secret.Secret `yaml:"adminapi"` Adminapi *secret.Secret `yaml:"adminapi"`
Notification *secret.Secret `yaml:"notification"` Notification *secret.Secret `yaml:"notification"`
Eventstore *secret.Secret `yaml:"eventstore"` Eventstore *secret.Secret `yaml:"eventstore"`
Queries *secret.Secret `yaml:"queries"`
} }
type Secrets struct { type Secrets struct {

Some files were not shown because too many files have changed in this diff Show More