diff --git a/backend/v3/storage/database/events_testing/events_test.go b/backend/v3/storage/database/events_testing/events_test.go index 8b9986e292..ce31020c40 100644 --- a/backend/v3/storage/database/events_testing/events_test.go +++ b/backend/v3/storage/database/events_testing/events_test.go @@ -15,6 +15,7 @@ import ( "github.com/zitadel/zitadel/backend/v3/storage/database/dialect/postgres" "github.com/zitadel/zitadel/internal/integration" "github.com/zitadel/zitadel/pkg/grpc/admin" + mgmt "github.com/zitadel/zitadel/pkg/grpc/management" v2beta_org "github.com/zitadel/zitadel/pkg/grpc/org/v2beta" "github.com/zitadel/zitadel/pkg/grpc/system" ) @@ -28,6 +29,7 @@ var ( SystemClient system.SystemServiceClient OrgClient v2beta_org.OrganizationServiceClient AdminClient admin.AdminServiceClient + MgmtClient mgmt.ManagementServiceClient ) var pool database.Pool @@ -43,6 +45,7 @@ func TestMain(m *testing.M) { SystemClient = integration.SystemClient() OrgClient = Instance.Client.OrgV2beta AdminClient = Instance.Client.Admin + MgmtClient = Instance.Client.Mgmt var err error dbConfig, err := pgxpool.ParseConfig(ConnString) diff --git a/backend/v3/storage/database/events_testing/id_provider_org_test.go b/backend/v3/storage/database/events_testing/id_provider_org_test.go new file mode 100644 index 0000000000..d8c91ae0d0 --- /dev/null +++ b/backend/v3/storage/database/events_testing/id_provider_org_test.go @@ -0,0 +1,1914 @@ +//go:build integration + +package events_test + +import ( + "testing" + "time" + + "github.com/brianvoe/gofakeit/v6" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "github.com/zitadel/zitadel/backend/v3/domain" + "github.com/zitadel/zitadel/backend/v3/storage/database" + "github.com/zitadel/zitadel/backend/v3/storage/database/repository" + "github.com/zitadel/zitadel/internal/integration" + "github.com/zitadel/zitadel/pkg/grpc/idp" + idp_grpc "github.com/zitadel/zitadel/pkg/grpc/idp" + "github.com/zitadel/zitadel/pkg/grpc/management" +) + +func TestServer_TestIDProviderOrgReduces(t *testing.T) { + instanceID := Instance.ID() + + orgID := Instance.DefaultOrg.Id + + t.Run("test iam idp add reduces", func(t *testing.T) { + name := gofakeit.Name() + + beforeCreate := time.Now() + addOIDC, err := MgmtClient.AddOrgOIDCIDP(CTX, &management.AddOrgOIDCIDPRequest{ + Name: name, + StylingType: idp_grpc.IDPStylingType_STYLING_TYPE_GOOGLE, + ClientId: "clientID", + ClientSecret: "clientSecret", + Issuer: "issuer", + Scopes: []string{"scope"}, + DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL, + UsernameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL, + AutoRegister: true, + }) + afterCreate := time.Now() + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + idp, err := idpRepo.Get(CTX, + idpRepo.NameCondition(name), + instanceID, + &orgID, + ) + require.NoError(t, err) + + // event iam.idp.config.added + assert.Equal(t, instanceID, idp.InstanceID) + assert.Equal(t, orgID, *idp.OrgID) + assert.Equal(t, addOIDC.IdpId, idp.ID) + assert.Equal(t, domain.IDPStateActive.String(), idp.State) + assert.Equal(t, name, idp.Name) + // assert.Equal(t, domain.IDPTypeUnspecified.String(), idp.Type) + assert.Equal(t, true, idp.AutoRegister) + assert.Equal(t, true, idp.AllowCreation) + assert.Equal(t, false, idp.AllowAutoUpdate) + assert.Equal(t, true, idp.AllowLinking) + assert.Equal(t, domain.IDPAutoLinkingOptionUnspecified.String(), idp.AllowAutoLinking) + assert.Equal(t, int16(idp_grpc.IDPStylingType_STYLING_TYPE_GOOGLE), *idp.StylingType) + assert.WithinRange(t, idp.UpdatedAt, beforeCreate, afterCreate) + assert.WithinRange(t, idp.CreatedAt, beforeCreate, afterCreate) + }, retryDuration, tick) + }) + + t.Run("test iam idp update reduces", func(t *testing.T) { + name := gofakeit.Name() + + addOIDC, err := MgmtClient.AddOrgOIDCIDP(CTX, &management.AddOrgOIDCIDPRequest{ + Name: name, + StylingType: idp_grpc.IDPStylingType_STYLING_TYPE_GOOGLE, + ClientId: "clientID", + ClientSecret: "clientSecret", + Issuer: "issuer", + Scopes: []string{"scope"}, + DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL, + UsernameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL, + AutoRegister: true, + }) + require.NoError(t, err) + + name = "new_" + name + + beforeCreate := time.Now() + // _, err = MgmtClient.UpdateIDP(CTX, &admin.UpdateIDPRequest{ + _, err = MgmtClient.UpdateOrgIDP(CTX, &management.UpdateOrgIDPRequest{ + IdpId: addOIDC.IdpId, + Name: name, + StylingType: idp_grpc.IDPStylingType_STYLING_TYPE_UNSPECIFIED, + AutoRegister: false, + }) + afterCreate := time.Now() + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + idp, err := idpRepo.Get(CTX, + idpRepo.NameCondition(name), + instanceID, + &orgID, + ) + require.NoError(t, err) + + // event iam.idp.config.changed + assert.Equal(t, addOIDC.IdpId, idp.ID) + assert.Equal(t, name, idp.Name) + assert.Equal(t, false, idp.AutoRegister) + assert.Equal(t, int16(idp_grpc.IDPStylingType_STYLING_TYPE_UNSPECIFIED), *idp.StylingType) + assert.WithinRange(t, idp.UpdatedAt, beforeCreate, afterCreate) + }, retryDuration, tick) + }) + + t.Run("test iam idp deactivate reduces", func(t *testing.T) { + name := gofakeit.Name() + + addOIDC, err := MgmtClient.AddOrgOIDCIDP(CTX, &management.AddOrgOIDCIDPRequest{ + Name: name, + StylingType: idp_grpc.IDPStylingType_STYLING_TYPE_GOOGLE, + ClientId: "clientID", + ClientSecret: "clientSecret", + Issuer: "issuer", + Scopes: []string{"scope"}, + DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL, + UsernameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL, + AutoRegister: true, + }) + require.NoError(t, err) + + // deactivate idp + beforeCreate := time.Now() + _, err = MgmtClient.DeactivateOrgIDP(CTX, &management.DeactivateOrgIDPRequest{ + IdpId: addOIDC.IdpId, + }) + afterCreate := time.Now() + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + idp, err := idpRepo.Get(CTX, + idpRepo.IDCondition(addOIDC.IdpId), + instanceID, + &orgID, + ) + require.NoError(t, err) + + // event iam.idp.config.deactivated + assert.Equal(t, addOIDC.IdpId, idp.ID) + assert.Equal(t, domain.IDPStateInactive.String(), idp.State) + assert.WithinRange(t, idp.UpdatedAt, beforeCreate, afterCreate) + }, retryDuration, tick) + }) + + t.Run("test iam idp reactivate reduces", func(t *testing.T) { + name := gofakeit.Name() + + addOIDC, err := MgmtClient.AddOrgOIDCIDP(CTX, &management.AddOrgOIDCIDPRequest{ + Name: name, + StylingType: idp_grpc.IDPStylingType_STYLING_TYPE_GOOGLE, + ClientId: "clientID", + ClientSecret: "clientSecret", + Issuer: "issuer", + Scopes: []string{"scope"}, + DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL, + UsernameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL, + AutoRegister: true, + }) + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + // deactivate idp + _, err = MgmtClient.DeactivateOrgIDP(CTX, &management.DeactivateOrgIDPRequest{ + IdpId: addOIDC.IdpId, + }) + require.NoError(t, err) + // wait for idp to be deactivated + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + idp, err := idpRepo.Get(CTX, + idpRepo.IDCondition(addOIDC.IdpId), + instanceID, + &orgID, + ) + require.NoError(t, err) + + assert.Equal(t, addOIDC.IdpId, idp.ID) + assert.Equal(t, domain.IDPStateInactive.String(), idp.State) + }, retryDuration, tick) + + // reactivate idp + beforeCreate := time.Now() + _, err = MgmtClient.ReactivateOrgIDP(CTX, &management.ReactivateOrgIDPRequest{ + IdpId: addOIDC.IdpId, + }) + afterCreate := time.Now() + require.NoError(t, err) + + retryDuration, tick = integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + idp, err := idpRepo.Get(CTX, + idpRepo.IDCondition(addOIDC.IdpId), + instanceID, + &orgID, + ) + require.NoError(t, err) + + // event iam.idp.config.reactivated + assert.Equal(t, addOIDC.IdpId, idp.ID) + assert.Equal(t, domain.IDPStateActive.String(), idp.State) + assert.WithinRange(t, idp.UpdatedAt, beforeCreate, afterCreate) + }, retryDuration, tick) + }) + + t.Run("test iam idp remove reduces", func(t *testing.T) { + name := gofakeit.Name() + + // add idp + addOIDC, err := MgmtClient.AddOrgOIDCIDP(CTX, &management.AddOrgOIDCIDPRequest{ + Name: name, + StylingType: idp_grpc.IDPStylingType_STYLING_TYPE_GOOGLE, + ClientId: "clientID", + ClientSecret: "clientSecret", + Issuer: "issuer", + Scopes: []string{"scope"}, + DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL, + UsernameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL, + AutoRegister: true, + }) + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + // remove idp + // _, err = MgmtClient.RemoveIDP(CTX, &admin.RemoveIDPRequest{ + _, err = MgmtClient.RemoveOrgIDP(CTX, &management.RemoveOrgIDPRequest{ + IdpId: addOIDC.IdpId, + }) + require.NoError(t, err) + + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*20) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + _, err := idpRepo.Get(CTX, + idpRepo.IDCondition(addOIDC.IdpId), + instanceID, + &orgID, + ) + + // event iam.idp.config.remove + require.ErrorIs(t, &database.NoRowFoundError{}, err) + }, retryDuration, tick) + }) + + t.Run("test iam idp oidc added reduces", func(t *testing.T) { + name := gofakeit.Name() + + // add oidc + addOIDC, err := MgmtClient.AddOrgOIDCIDP(CTX, &management.AddOrgOIDCIDPRequest{ + Name: name, + StylingType: idp_grpc.IDPStylingType_STYLING_TYPE_GOOGLE, + ClientId: "clientID", + ClientSecret: "clientSecret", + Issuer: "issuer", + Scopes: []string{"scope"}, + DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL, + UsernameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL, + AutoRegister: false, + }) + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + oidc, err := idpRepo.GetOIDC(CTX, + idpRepo.IDCondition(addOIDC.IdpId), + instanceID, + &orgID, + ) + require.NoError(t, err) + + // event org.idp.oidc.config.added + // idp + assert.Equal(t, instanceID, oidc.InstanceID) + assert.Equal(t, orgID, *oidc.OrgID) + assert.Equal(t, name, oidc.Name) + assert.Equal(t, addOIDC.IdpId, oidc.ID) + assert.Equal(t, domain.IDPTypeOIDC.String(), oidc.Type) + + // oidc + assert.Equal(t, "issuer", oidc.Issuer) + assert.Equal(t, "clientID", oidc.ClientID) + assert.Equal(t, []string{"scope"}, oidc.Scopes) + assert.Equal(t, int16(idp_grpc.IDPStylingType_STYLING_TYPE_GOOGLE), *oidc.StylingType) + assert.Equal(t, false, oidc.AutoRegister) + assert.Equal(t, domain.OIDCMappingField(idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL), oidc.IDPDisplayNameMapping) + assert.Equal(t, domain.OIDCMappingField(idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL), oidc.UserNameMapping) + }, retryDuration, tick) + }) + + t.Run("test iam idp oidc changed reduces", func(t *testing.T) { + name := gofakeit.Name() + + // add oidc + addOIDC, err := MgmtClient.AddOrgOIDCIDP(CTX, &management.AddOrgOIDCIDPRequest{ + Name: name, + StylingType: idp_grpc.IDPStylingType_STYLING_TYPE_GOOGLE, + ClientId: "clientID", + ClientSecret: "clientSecret", + Issuer: "issuer", + Scopes: []string{"scope"}, + DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL, + UsernameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL, + AutoRegister: true, + }) + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + // check original values for OCID + var oidc *domain.IDPOIDC + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + oidc, err = idpRepo.GetOIDC(CTX, idpRepo.IDCondition(addOIDC.IdpId), instanceID, &orgID) + require.NoError(t, err) + assert.Equal(t, addOIDC.IdpId, oidc.ID) + }, retryDuration, tick) + + // // idp + // assert.Equal(t, addOIDC.IdpId, oidc.ID) + // assert.Equal(t, domain.IDPTypeOIDC.String(), oidc.Type) + + // // oidc + // assert.Equal(t, instanceID, oidc.InstanceID) + // assert.Nil(t, oidc.OrgID) + // assert.Equal(t, "issuer", oidc.Issuer) + // assert.Equal(t, "clientID", oidc.ClientID) + // assert.Equal(t, []string{"scope"}, oidc.Scopes) + // assert.Equal(t, domain.OIDCMappingField(idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL), oidc.IDPDisplayNameMapping) + // assert.Equal(t, domain.OIDCMappingField(idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL), oidc.UserNameMapping) + + beforeCreate := time.Now() + _, err = MgmtClient.UpdateOrgIDPOIDCConfig(CTX, &management.UpdateOrgIDPOIDCConfigRequest{ + IdpId: addOIDC.IdpId, + ClientId: "new_clientID", + ClientSecret: "new_clientSecret", + Issuer: "new_issuer", + Scopes: []string{"new_scope"}, + DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_PREFERRED_USERNAME, + UsernameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_PREFERRED_USERNAME, + }) + afterCreate := time.Now() + require.NoError(t, err) + + retryDuration, tick = integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + updateOIDC, err := idpRepo.GetOIDC(CTX, + idpRepo.IDCondition(addOIDC.IdpId), + instanceID, + &orgID, + ) + require.NoError(t, err) + + // event org.idp.oidc.config.changed + // idp + assert.Equal(t, instanceID, oidc.InstanceID) + assert.Equal(t, orgID, *oidc.OrgID) + assert.Equal(t, name, oidc.Name) + assert.Equal(t, addOIDC.IdpId, updateOIDC.ID) + assert.Equal(t, domain.IDPTypeOIDC.String(), updateOIDC.Type) + assert.WithinRange(t, updateOIDC.UpdatedAt, beforeCreate, afterCreate) + + // oidc + assert.Equal(t, instanceID, oidc.InstanceID) + assert.Equal(t, orgID, *oidc.OrgID) + assert.Equal(t, "new_issuer", updateOIDC.Issuer) + assert.Equal(t, "new_clientID", updateOIDC.ClientID) + assert.NotNil(t, oidc.ClientSecret) + assert.NotEqual(t, oidc.ClientSecret, updateOIDC.ClientSecret) + assert.Equal(t, []string{"new_scope"}, updateOIDC.Scopes) + assert.Equal(t, domain.OIDCMappingField(idp.OIDCMappingField_OIDC_MAPPING_FIELD_PREFERRED_USERNAME), updateOIDC.IDPDisplayNameMapping) + assert.Equal(t, domain.OIDCMappingField(idp.OIDCMappingField_OIDC_MAPPING_FIELD_PREFERRED_USERNAME), updateOIDC.UserNameMapping) + }, retryDuration, tick) + }) + + t.Run("test iam idp jwt added reduces", func(t *testing.T) { + name := gofakeit.Name() + + // add jwt + // addJWT, err := MgmtClient.AddJWTIDP(CTX, &admin.AddJWTIDPRequest{ + addJWT, err := MgmtClient.AddOrgJWTIDP(CTX, &management.AddOrgJWTIDPRequest{ + Name: name, + StylingType: idp_grpc.IDPStylingType_STYLING_TYPE_GOOGLE, + JwtEndpoint: "jwtEndpoint", + Issuer: "issuer", + KeysEndpoint: "keyEndpoint", + HeaderName: "headerName", + AutoRegister: true, + }) + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + jwt, err := idpRepo.GetJWT(CTX, + idpRepo.IDCondition(addJWT.IdpId), + instanceID, + &orgID, + ) + require.NoError(t, err) + + // event iam.idp.jwt.config.added + // idp + assert.Equal(t, instanceID, jwt.InstanceID) + assert.Equal(t, orgID, *jwt.OrgID) + assert.Equal(t, name, jwt.Name) + assert.Equal(t, addJWT.IdpId, jwt.ID) + assert.Equal(t, domain.IDPTypeJWT.String(), jwt.Type) + assert.Equal(t, int16(idp_grpc.IDPStylingType_STYLING_TYPE_GOOGLE), *jwt.StylingType) + + // jwt + assert.Equal(t, "jwtEndpoint", jwt.JWTEndpoint) + assert.Equal(t, "issuer", jwt.Issuer) + assert.Equal(t, "keyEndpoint", jwt.KeysEndpoint) + assert.Equal(t, "headerName", jwt.HeaderName) + }, retryDuration, tick) + }) + + t.Run("test iam idp jwt changed reduces", func(t *testing.T) { + name := gofakeit.Name() + + // add jwt + addJWT, err := MgmtClient.AddOrgJWTIDP(CTX, &management.AddOrgJWTIDPRequest{ + Name: name, + StylingType: idp_grpc.IDPStylingType_STYLING_TYPE_GOOGLE, + JwtEndpoint: "jwtEndpoint", + Issuer: "issuer", + KeysEndpoint: "keyEndpoint", + HeaderName: "headerName", + AutoRegister: true, + }) + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + // check original values for jwt + // var jwt *domain.IDPJWT + // retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + // assert.EventuallyWithT(t, func(t *assert.CollectT) { + // jwt, err = idpRepo.GetJWT(CTX, idpRepo.IDCondition(addJWT.IdpId), instanceID, nil) + // require.NoError(t, err) + // assert.Equal(t, addJWT.IdpId, jwt.ID) + // }, retryDuration, tick) + + // // idp + // assert.Equal(t, addJWT.IdpId, jwt.ID) + // assert.Equal(t, domain.IDPTypeJWT.String(), jwt.Type) + + // // jwt + // assert.Equal(t, "jwtEndpoint", jwt.JWTEndpoint) + // assert.Equal(t, "issuer", jwt.Issuer) + // assert.Equal(t, "keyEndpoint", jwt.KeysEndpoint) + // assert.Equal(t, "headerName", jwt.HeaderName) + + beforeCreate := time.Now() + // _, err = MgmtClient.UpdateIDPJWTConfig(CTX, &admin.UpdateIDPJWTConfigRequest{ + _, err = MgmtClient.UpdateOrgIDPJWTConfig(CTX, &management.UpdateOrgIDPJWTConfigRequest{ + IdpId: addJWT.IdpId, + JwtEndpoint: "new_jwtEndpoint", + Issuer: "new_issuer", + KeysEndpoint: "new_keyEndpoint", + HeaderName: "new_headerName", + }) + afterCreate := time.Now() + require.NoError(t, err) + + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + updateJWT, err := idpRepo.GetJWT(CTX, + idpRepo.IDCondition(addJWT.IdpId), + instanceID, + &orgID, + ) + require.NoError(t, err) + + // event iam.idp.jwt.config.changed + // idp + assert.Equal(t, addJWT.IdpId, updateJWT.ID) + assert.Equal(t, orgID, *updateJWT.OrgID) + assert.Equal(t, domain.IDPTypeJWT.String(), updateJWT.Type) + assert.WithinRange(t, updateJWT.UpdatedAt, beforeCreate, afterCreate) + + // jwt + assert.Equal(t, "new_jwtEndpoint", updateJWT.JWTEndpoint) + assert.Equal(t, "new_issuer", updateJWT.Issuer) + assert.Equal(t, "new_keyEndpoint", updateJWT.KeysEndpoint) + assert.Equal(t, "new_headerName", updateJWT.HeaderName) + }, retryDuration, tick) + }) + + t.Run("test instance idp oauth added reduces", func(t *testing.T) { + name := gofakeit.Name() + + // add oauth + beforeCreate := time.Now() + // addOAuth, err := MgmtClient.AddGenericOAuthProvider(CTX, &admin.AddGenericOAuthProviderRequest{ + addOAuth, err := MgmtClient.AddGenericOAuthProvider(CTX, &management.AddGenericOAuthProviderRequest{ + Name: name, + ClientId: "clientId", + ClientSecret: "clientSecret", + AuthorizationEndpoint: "authoizationEndpoint", + TokenEndpoint: "tokenEndpoint", + UserEndpoint: "userEndpoint", + Scopes: []string{"scope"}, + IdAttribute: "idAttribute", + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: false, + IsCreationAllowed: false, + IsAutoCreation: false, + IsAutoUpdate: false, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_EMAIL, + }, + UsePkce: false, + }) + afterCreate := time.Now() + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + // check values for oauth + var oauth *domain.IDPOAuth + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + oauth, err = idpRepo.GetOAuth(CTX, idpRepo.IDCondition(addOAuth.Id), instanceID, &orgID) + require.NoError(t, err) + + // event instance.idp.oauth.added + // idp + assert.Equal(t, instanceID, oauth.InstanceID) + assert.Equal(t, orgID, *oauth.OrgID) + assert.Equal(t, addOAuth.Id, oauth.ID) + assert.Equal(t, name, oauth.Name) + assert.Equal(t, domain.IDPTypeOAuth.String(), oauth.Type) + assert.Equal(t, false, oauth.AllowLinking) + assert.Equal(t, false, oauth.AllowCreation) + assert.Equal(t, false, oauth.AllowAutoUpdate) + assert.Equal(t, domain.IDPAutoLinkingOptionEmail.String(), oauth.AllowAutoLinking) + assert.WithinRange(t, oauth.CreatedAt, beforeCreate, afterCreate) + assert.WithinRange(t, oauth.UpdatedAt, beforeCreate, afterCreate) + + // oauth + assert.Equal(t, "clientId", oauth.ClientID) + assert.NotNil(t, oauth.ClientSecret) + assert.Equal(t, "authoizationEndpoint", oauth.AuthorizationEndpoint) + assert.Equal(t, "tokenEndpoint", oauth.TokenEndpoint) + assert.Equal(t, "userEndpoint", oauth.UserEndpoint) + assert.Equal(t, []string{"scope"}, oauth.Scopes) + assert.Equal(t, "idAttribute", oauth.IDAttribute) + assert.Equal(t, false, oauth.UsePKCE) + }, retryDuration, tick) + }) + + t.Run("test instance idp oauth changed reduces", func(t *testing.T) { + name := gofakeit.Name() + + // add oauth + // addOAuth, err := MgmtClient.AddGenericOAuthProvider(CTX, &admin.AddGenericOAuthProviderRequest{ + addOAuth, err := MgmtClient.AddGenericOAuthProvider(CTX, &management.AddGenericOAuthProviderRequest{ + Name: name, + ClientId: "clientId", + ClientSecret: "clientSecret", + AuthorizationEndpoint: "authoizationEndpoint", + TokenEndpoint: "tokenEndpoint", + UserEndpoint: "userEndpoint", + Scopes: []string{"scope"}, + IdAttribute: "idAttribute", + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: false, + IsCreationAllowed: false, + IsAutoCreation: false, + IsAutoUpdate: false, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_EMAIL, + }, + UsePkce: false, + }) + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + // check values for oauth + var oauth *domain.IDPOAuth + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + oauth, err = idpRepo.GetOAuth(CTX, idpRepo.IDCondition(addOAuth.Id), instanceID, &orgID) + require.NoError(t, err) + assert.Equal(t, addOAuth.Id, oauth.ID) + }, retryDuration, tick) + + name = "new_" + name + beforeCreate := time.Now() + // _, err = MgmtClient.UpdateGenericOAuthProvider(CTX, &admin.UpdateGenericOAuthProviderRequest{ + _, err = MgmtClient.UpdateGenericOAuthProvider(CTX, &management.UpdateGenericOAuthProviderRequest{ + Id: addOAuth.Id, + Name: name, + ClientId: "new_clientId", + ClientSecret: "new_clientSecret", + AuthorizationEndpoint: "new_authoizationEndpoint", + TokenEndpoint: "new_tokenEndpoint", + UserEndpoint: "new_userEndpoint", + Scopes: []string{"new_scope"}, + IdAttribute: "new_idAttribute", + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: true, + IsCreationAllowed: true, + IsAutoCreation: true, + IsAutoUpdate: true, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME, + }, + UsePkce: true, + }) + afterCreate := time.Now() + require.NoError(t, err) + + retryDuration, tick = integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + updateOauth, err := idpRepo.GetOAuth(CTX, + idpRepo.IDCondition(addOAuth.Id), + instanceID, + &orgID, + ) + require.NoError(t, err) + + // event instance.idp.oauth.changed + // idp + assert.Equal(t, instanceID, updateOauth.InstanceID) + assert.Equal(t, orgID, *updateOauth.OrgID) + assert.Equal(t, addOAuth.Id, updateOauth.ID) + assert.Equal(t, name, updateOauth.Name) + assert.Equal(t, domain.IDPTypeOAuth.String(), updateOauth.Type) + assert.Equal(t, true, updateOauth.AllowLinking) + assert.Equal(t, true, updateOauth.AllowCreation) + assert.Equal(t, true, updateOauth.AllowAutoUpdate) + assert.Equal(t, domain.IDPAutoLinkingOptionUserName.String(), updateOauth.AllowAutoLinking) + assert.Equal(t, true, updateOauth.UsePKCE) + assert.WithinRange(t, updateOauth.UpdatedAt, beforeCreate, afterCreate) + + // oauth + assert.Equal(t, "new_clientId", updateOauth.ClientID) + assert.NotEqual(t, oauth.ClientSecret, updateOauth.ClientSecret) + assert.Equal(t, "new_authoizationEndpoint", updateOauth.AuthorizationEndpoint) + assert.Equal(t, "new_tokenEndpoint", updateOauth.TokenEndpoint) + assert.Equal(t, "new_userEndpoint", updateOauth.UserEndpoint) + assert.Equal(t, []string{"new_scope"}, updateOauth.Scopes) + }, retryDuration, tick) + }) + + t.Run("test instance idp oidc added reduces", func(t *testing.T) { + name := gofakeit.Name() + + // add oidc + beforeCreate := time.Now() + // addOIDC, err := MgmtClient.AddGenericOIDCProvider(CTX, &admin.AddGenericOIDCProviderRequest{ + addOIDC, err := MgmtClient.AddGenericOIDCProvider(CTX, &management.AddGenericOIDCProviderRequest{ + Name: name, + ClientId: "clientId", + ClientSecret: "clientSecret", + Scopes: []string{"scope"}, + Issuer: "issuer", + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: false, + IsCreationAllowed: false, + IsAutoCreation: false, + IsAutoUpdate: false, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_EMAIL, + }, + IsIdTokenMapping: false, + UsePkce: false, + }) + afterCreate := time.Now() + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + // check values for oidc + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + oidc, err := idpRepo.GetOIDC(CTX, idpRepo.IDCondition(addOIDC.Id), instanceID, &orgID) + require.NoError(t, err) + + // event instance.idp.oidc added + // idp + assert.Equal(t, instanceID, oidc.InstanceID) + assert.Equal(t, orgID, *oidc.OrgID) + assert.Equal(t, addOIDC.Id, oidc.ID) + assert.Equal(t, name, oidc.Name) + assert.Equal(t, domain.IDPTypeOIDC.String(), oidc.Type) + assert.Equal(t, false, oidc.AllowLinking) + assert.Equal(t, false, oidc.AllowCreation) + assert.Equal(t, false, oidc.AllowAutoUpdate) + assert.Equal(t, domain.IDPAutoLinkingOptionEmail.String(), oidc.AllowAutoLinking) + assert.WithinRange(t, oidc.CreatedAt, beforeCreate, afterCreate) + assert.WithinRange(t, oidc.UpdatedAt, beforeCreate, afterCreate) + + // oidc + assert.Equal(t, addOIDC.Id, oidc.ID) + assert.Equal(t, "clientId", oidc.ClientID) + assert.NotNil(t, oidc.ClientSecret) + assert.Equal(t, []string{"scope"}, oidc.Scopes) + assert.Equal(t, "issuer", oidc.Issuer) + assert.Equal(t, false, oidc.IsIDTokenMapping) + assert.Equal(t, false, oidc.UsePKCE) + }, retryDuration, tick) + }) + + t.Run("test instanceidp oidc changed reduces", func(t *testing.T) { + name := gofakeit.Name() + + // addOIDC, err := MgmtClient.AddGenericOIDCProvider(CTX, &admin.AddGenericOIDCProviderRequest{ + addOIDC, err := MgmtClient.AddGenericOIDCProvider(CTX, &management.AddGenericOIDCProviderRequest{ + Name: name, + ClientId: "clientId", + ClientSecret: "clientSecret", + Scopes: []string{"scope"}, + Issuer: "issuer", + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: false, + IsCreationAllowed: false, + IsAutoCreation: false, + IsAutoUpdate: false, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_EMAIL, + }, + IsIdTokenMapping: false, + UsePkce: false, + }) + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + // check values for oidc + var oidc *domain.IDPOIDC + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + oidc, err = idpRepo.GetOIDC(CTX, idpRepo.IDCondition(addOIDC.Id), instanceID, &orgID) + require.NoError(t, err) + }, retryDuration, tick) + + name = "new_" + name + beforeCreate := time.Now() + // _, err = MgmtClient.UpdateGenericOIDCProvider(CTX, &admin.UpdateGenericOIDCProviderRequest{ + _, err = MgmtClient.UpdateGenericOIDCProvider(CTX, &management.UpdateGenericOIDCProviderRequest{ + Id: addOIDC.Id, + Name: name, + Issuer: "new_issuer", + ClientId: "new_clientId", + ClientSecret: "new_clientSecret", + Scopes: []string{"new_scope"}, + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: true, + IsCreationAllowed: true, + IsAutoCreation: true, + IsAutoUpdate: true, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME, + }, + IsIdTokenMapping: true, + UsePkce: true, + }) + afterCreate := time.Now() + require.NoError(t, err) + + retryDuration, tick = integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + updateOIDC, err := idpRepo.GetOIDC(CTX, + idpRepo.IDCondition(addOIDC.Id), + instanceID, + &orgID, + ) + require.NoError(t, err) + + // event instance.idp.oidc.changed + // idp + assert.Equal(t, instanceID, updateOIDC.InstanceID) + assert.Equal(t, orgID, *updateOIDC.OrgID) + assert.Equal(t, addOIDC.Id, updateOIDC.ID) + assert.Equal(t, name, updateOIDC.Name) + assert.Equal(t, domain.IDPTypeOIDC.String(), updateOIDC.Type) + assert.Equal(t, true, updateOIDC.AllowLinking) + assert.Equal(t, true, updateOIDC.AllowCreation) + assert.Equal(t, true, updateOIDC.AllowAutoUpdate) + assert.Equal(t, domain.IDPAutoLinkingOptionUserName.String(), updateOIDC.AllowAutoLinking) + assert.WithinRange(t, updateOIDC.UpdatedAt, beforeCreate, afterCreate) + + // oidc + assert.Equal(t, "new_clientId", updateOIDC.ClientID) + assert.NotEqual(t, oidc.ClientSecret, updateOIDC.ClientSecret) + assert.Equal(t, []string{"new_scope"}, updateOIDC.Scopes) + assert.Equal(t, true, updateOIDC.IsIDTokenMapping) + assert.Equal(t, true, updateOIDC.UsePKCE) + }, retryDuration, tick) + }) + + t.Run("test instance idp oidc migrated azure migration reduces", func(t *testing.T) { + name := gofakeit.Name() + + // create OIDC + // addOIDC, err := MgmtClient.AddGenericOIDCProvider(CTX, &admin.AddGenericOIDCProviderRequest{ + addOIDC, err := MgmtClient.AddGenericOIDCProvider(CTX, &management.AddGenericOIDCProviderRequest{ + Name: name, + ClientId: "clientId", + ClientSecret: "clientSecret", + Scopes: []string{"scope"}, + Issuer: "issuer", + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: false, + IsCreationAllowed: false, + IsAutoCreation: false, + IsAutoUpdate: false, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_EMAIL, + }, + IsIdTokenMapping: false, + UsePkce: false, + }) + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + var oidc *domain.IDPOIDC + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + oidc, err = idpRepo.GetOIDC(CTX, idpRepo.IDCondition(addOIDC.Id), instanceID, &orgID) + require.NoError(t, err) + assert.Equal(t, domain.IDPTypeOIDC.String(), oidc.Type) + }, retryDuration, tick) + + beforeCreate := time.Now() + // _, err = MgmtClient.MigrateGenericOIDCProvider(CTX, &admin.MigrateGenericOIDCProviderRequest{ + _, err = MgmtClient.MigrateGenericOIDCProvider(CTX, &management.MigrateGenericOIDCProviderRequest{ + Id: addOIDC.Id, + Template: &management.MigrateGenericOIDCProviderRequest_Azure{ + Azure: &management.AddAzureADProviderRequest{ + Name: name, + ClientId: "new_clientId", + ClientSecret: "new_clientSecret", + Tenant: &idp_grpc.AzureADTenant{ + Type: &idp_grpc.AzureADTenant_TenantType{ + TenantType: idp.AzureADTenantType_AZURE_AD_TENANT_TYPE_ORGANISATIONS, + }, + }, + EmailVerified: true, + Scopes: []string{"new_scope"}, + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: true, + IsCreationAllowed: true, + IsAutoCreation: true, + IsAutoUpdate: true, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME, + }, + }, + }, + }) + afterCreate := time.Now() + require.NoError(t, err) + + retryDuration, tick = integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + azure, err := idpRepo.GetOAzureAD(CTX, idpRepo.IDCondition(addOIDC.Id), instanceID, &orgID) + require.NoError(t, err) + + // event instance.idp.oidc.migrated.azure + // idp + assert.Equal(t, instanceID, azure.InstanceID) + assert.Equal(t, orgID, *azure.OrgID) + assert.Equal(t, addOIDC.Id, azure.ID) + assert.Equal(t, name, azure.Name) + // type = azure + assert.Equal(t, domain.IDPTypeAzure.String(), azure.Type) + assert.Equal(t, true, azure.AllowLinking) + assert.Equal(t, true, azure.AllowCreation) + assert.Equal(t, true, azure.AllowAutoUpdate) + assert.Equal(t, domain.IDPAutoLinkingOptionUserName.String(), azure.AllowAutoLinking) + assert.WithinRange(t, azure.UpdatedAt, beforeCreate, afterCreate) + + // oidc + assert.Equal(t, "new_clientId", azure.ClientID) + assert.NotEqual(t, oidc.ClientSecret, azure.ClientSecret) + assert.Equal(t, domain.AzureTenantTypeOrganizations.String(), azure.Tenant) + assert.Equal(t, true, azure.IsEmailVerified) + assert.Equal(t, []string{"new_scope"}, azure.Scopes) + }, retryDuration, tick) + }) + + t.Run("test instance idp oidc migrated google migration reduces", func(t *testing.T) { + name := gofakeit.Name() + + // create OIDC + // addOIDC, err := MgmtClient.AddGenericOIDCProvider(CTX, &admin.AddGenericOIDCProviderRequest{ + addOIDC, err := MgmtClient.AddGenericOIDCProvider(CTX, &management.AddGenericOIDCProviderRequest{ + Name: name, + ClientId: "clientId", + ClientSecret: "clientSecret", + Scopes: []string{"scope"}, + Issuer: "issuer", + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: false, + IsCreationAllowed: false, + IsAutoCreation: false, + IsAutoUpdate: false, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_EMAIL, + }, + IsIdTokenMapping: false, + UsePkce: false, + }) + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + var oidc *domain.IDPOIDC + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + oidc, err = idpRepo.GetOIDC(CTX, idpRepo.IDCondition(addOIDC.Id), instanceID, &orgID) + require.NoError(t, err) + assert.Equal(t, domain.IDPTypeOIDC.String(), oidc.Type) + }, retryDuration, tick) + + beforeCreate := time.Now() + // _, err = MgmtClient.MigrateGenericOIDCProvider(CTX, &admin.MigrateGenericOIDCProviderRequest{ + _, err = MgmtClient.MigrateGenericOIDCProvider(CTX, &management.MigrateGenericOIDCProviderRequest{ + Id: addOIDC.Id, + Template: &management.MigrateGenericOIDCProviderRequest_Google{ + Google: &management.AddGoogleProviderRequest{ + Name: name, + ClientId: "new_clientId", + ClientSecret: "new_clientSecret", + Scopes: []string{"new_scope"}, + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: true, + IsCreationAllowed: true, + IsAutoCreation: true, + IsAutoUpdate: true, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME, + }, + }, + }, + }) + afterCreate := time.Now() + require.NoError(t, err) + + retryDuration, tick = integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + google, err := idpRepo.GetGoogle(CTX, idpRepo.IDCondition(addOIDC.Id), instanceID, &orgID) + require.NoError(t, err) + + // event instance.idp.oidc.migrated.google + // idp + assert.Equal(t, instanceID, google.InstanceID) + assert.Equal(t, orgID, *google.OrgID) + assert.Equal(t, addOIDC.Id, google.ID) + assert.Equal(t, name, google.Name) + // type = google + assert.Equal(t, domain.IDPTypeGoogle.String(), google.Type) + assert.Equal(t, true, google.AllowLinking) + assert.Equal(t, true, google.AllowCreation) + assert.Equal(t, true, google.AllowAutoUpdate) + assert.Equal(t, domain.IDPAutoLinkingOptionUserName.String(), google.AllowAutoLinking) + assert.WithinRange(t, google.UpdatedAt, beforeCreate, afterCreate) + + // oidc + assert.Equal(t, "new_clientId", google.ClientID) + assert.NotEqual(t, oidc.ClientSecret, google.ClientSecret) + assert.Equal(t, []string{"new_scope"}, google.Scopes) + }, retryDuration, tick) + }) + + t.Run("test instance idp jwt added reduces", func(t *testing.T) { + name := gofakeit.Name() + + // add jwt + beforeCreate := time.Now().Add(-1 * time.Second) + addJWT, err := MgmtClient.AddJWTProvider(CTX, &management.AddJWTProviderRequest{ + Name: name, + Issuer: "issuer", + JwtEndpoint: "jwtEndpoint", + KeysEndpoint: "keyEndpoint", + HeaderName: "headerName", + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: false, + IsCreationAllowed: false, + IsAutoCreation: false, + IsAutoUpdate: false, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_EMAIL, + }, + }) + afterCreate := time.Now() + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + // check values for jwt + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + jwt, err := idpRepo.GetJWT(CTX, idpRepo.IDCondition(addJWT.Id), instanceID, &orgID) + require.NoError(t, err) + + // event instance.idp.jwt.added + // idp + assert.Equal(t, instanceID, jwt.InstanceID) + assert.Equal(t, orgID, *jwt.OrgID) + assert.Equal(t, addJWT.Id, jwt.ID) + assert.Equal(t, name, jwt.Name) + assert.Equal(t, domain.IDPTypeJWT.String(), jwt.Type) + assert.Equal(t, false, jwt.AllowLinking) + assert.Equal(t, false, jwt.AllowCreation) + assert.Equal(t, false, jwt.AllowAutoUpdate) + assert.Equal(t, domain.IDPAutoLinkingOptionEmail.String(), jwt.AllowAutoLinking) + assert.WithinRange(t, jwt.CreatedAt, beforeCreate, afterCreate) + assert.WithinRange(t, jwt.UpdatedAt, beforeCreate, afterCreate) + + // jwt + assert.Equal(t, "jwtEndpoint", jwt.JWTEndpoint) + assert.Equal(t, "issuer", jwt.Issuer) + assert.Equal(t, "keyEndpoint", jwt.KeysEndpoint) + assert.Equal(t, "headerName", jwt.HeaderName) + }, retryDuration, tick) + }) + + t.Run("test instance idp jwt changed reduces", func(t *testing.T) { + name := gofakeit.Name() + + // add jwt + // addJWT, err := MgmtClient.AddJWTProvider(CTX, &admin.AddJWTProviderRequest{ + addJWT, err := MgmtClient.AddJWTProvider(CTX, &management.AddJWTProviderRequest{ + Name: name, + Issuer: "issuer", + JwtEndpoint: "jwtEndpoint", + KeysEndpoint: "keyEndpoint", + HeaderName: "headerName", + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: false, + IsCreationAllowed: false, + IsAutoCreation: false, + IsAutoUpdate: false, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_EMAIL, + }, + }) + require.NoError(t, err) + + name = "new_" + name + // change jwt + beforeCreate := time.Now().Add(-1 * time.Second) + _, err = MgmtClient.UpdateJWTProvider(CTX, &management.UpdateJWTProviderRequest{ + Id: addJWT.Id, + Name: name, + Issuer: "new_issuer", + JwtEndpoint: "new_jwtEndpoint", + KeysEndpoint: "new_keyEndpoint", + HeaderName: "new_headerName", + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: true, + IsCreationAllowed: true, + IsAutoCreation: true, + IsAutoUpdate: true, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME, + }, + }) + afterCreate := time.Now() + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + // check values for jwt + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + updateJwt, err := idpRepo.GetJWT(CTX, idpRepo.IDCondition(addJWT.Id), instanceID, &orgID) + require.NoError(t, err) + + // event instance.idp.jwt.added + // idp + assert.Equal(t, instanceID, updateJwt.InstanceID) + assert.Equal(t, orgID, *updateJwt.OrgID) + assert.Equal(t, addJWT.Id, updateJwt.ID) + assert.Equal(t, name, updateJwt.Name) + assert.Equal(t, domain.IDPTypeJWT.String(), updateJwt.Type) + assert.Equal(t, true, updateJwt.AllowLinking) + assert.Equal(t, true, updateJwt.AllowCreation) + assert.Equal(t, true, updateJwt.AllowAutoUpdate) + assert.Equal(t, domain.IDPAutoLinkingOptionUserName.String(), updateJwt.AllowAutoLinking) + assert.WithinRange(t, updateJwt.UpdatedAt, beforeCreate, afterCreate) + + // jwt + assert.Equal(t, "new_jwtEndpoint", updateJwt.JWTEndpoint) + assert.Equal(t, "new_issuer", updateJwt.Issuer) + assert.Equal(t, "new_keyEndpoint", updateJwt.KeysEndpoint) + assert.Equal(t, "new_headerName", updateJwt.HeaderName) + }, retryDuration, tick) + }) + + t.Run("test instance idp azure added reduces", func(t *testing.T) { + name := gofakeit.Name() + + // add azure + beforeCreate := time.Now() + // addAzure, err := MgmtClient.AddAzureADProvider(CTX, &admin.AddAzureADProviderRequest{ + addAzure, err := MgmtClient.AddAzureADProvider(CTX, &management.AddAzureADProviderRequest{ + Name: name, + ClientId: "clientId", + ClientSecret: "clientSecret", + Tenant: &idp_grpc.AzureADTenant{ + Type: &idp_grpc.AzureADTenant_TenantType{ + TenantType: idp.AzureADTenantType_AZURE_AD_TENANT_TYPE_ORGANISATIONS, + }, + }, + EmailVerified: true, + Scopes: []string{"scope"}, + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: true, + IsCreationAllowed: true, + IsAutoCreation: true, + IsAutoUpdate: true, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME, + }, + }) + afterCreate := time.Now() + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + // check values for azure + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + azure, err := idpRepo.GetOAzureAD(CTX, idpRepo.IDCondition(addAzure.Id), instanceID, &orgID) + require.NoError(t, err) + + // event instance.idp.azure.added + // idp + assert.Equal(t, instanceID, azure.InstanceID) + assert.Equal(t, orgID, *azure.OrgID) + assert.Equal(t, addAzure.Id, azure.ID) + assert.Equal(t, name, azure.Name) + assert.Equal(t, domain.IDPTypeAzure.String(), azure.Type) + assert.Equal(t, true, azure.AllowLinking) + assert.Equal(t, true, azure.AllowCreation) + assert.Equal(t, true, azure.AllowAutoUpdate) + assert.Equal(t, domain.IDPAutoLinkingOptionUserName.String(), azure.AllowAutoLinking) + assert.WithinRange(t, azure.UpdatedAt, beforeCreate, afterCreate) + + // azure + assert.Equal(t, "clientId", azure.ClientID) + assert.NotNil(t, azure.ClientSecret) + assert.Equal(t, domain.AzureTenantTypeOrganizations.String(), azure.Tenant) + assert.Equal(t, true, azure.IsEmailVerified) + assert.Equal(t, []string{"scope"}, azure.Scopes) + }, retryDuration, tick) + }) + + t.Run("test instance idp azure changed reduces", func(t *testing.T) { + name := gofakeit.Name() + + // add azure + // addAzure, err := MgmtClient.AddAzureADProvider(CTX, &admin.AddAzureADProviderRequest{ + addAzure, err := MgmtClient.AddAzureADProvider(CTX, &management.AddAzureADProviderRequest{ + Name: name, + ClientId: "clientId", + ClientSecret: "clientSecret", + Tenant: &idp_grpc.AzureADTenant{ + Type: &idp_grpc.AzureADTenant_TenantType{ + TenantType: idp.AzureADTenantType_AZURE_AD_TENANT_TYPE_ORGANISATIONS, + }, + }, + EmailVerified: false, + Scopes: []string{"scope"}, + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: false, + IsCreationAllowed: false, + IsAutoCreation: false, + IsAutoUpdate: false, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME, + }, + }) + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + var azure *domain.IDPOAzureAD + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + azure, err = idpRepo.GetOAzureAD(CTX, idpRepo.IDCondition(addAzure.Id), instanceID, &orgID) + require.NoError(t, err) + assert.Equal(t, addAzure.Id, azure.ID) + }, retryDuration, tick) + + name = "new_" + name + // change azure + beforeCreate := time.Now().Add(-1 * time.Second) + // _, err = MgmtClient.UpdateAzureADProvider(CTX, &admin.UpdateAzureADProviderRequest{ + _, err = MgmtClient.UpdateAzureADProvider(CTX, &management.UpdateAzureADProviderRequest{ + Id: addAzure.Id, + Name: name, + ClientId: "new_clientId", + ClientSecret: "new_clientSecret", + Tenant: &idp_grpc.AzureADTenant{ + Type: &idp_grpc.AzureADTenant_TenantType{ + TenantType: idp.AzureADTenantType_AZURE_AD_TENANT_TYPE_CONSUMERS, + }, + }, + EmailVerified: true, + Scopes: []string{"new_scope"}, + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: true, + IsCreationAllowed: true, + IsAutoCreation: true, + IsAutoUpdate: true, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_EMAIL, + }, + }) + afterCreate := time.Now() + require.NoError(t, err) + + // check values for azure + retryDuration, tick = integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + updateAzure, err := idpRepo.GetOAzureAD(CTX, idpRepo.IDCondition(addAzure.Id), instanceID, &orgID) + require.NoError(t, err) + + // event instance.idp.azure.changed + // idp + assert.Equal(t, instanceID, updateAzure.InstanceID) + assert.Equal(t, orgID, *updateAzure.OrgID) + assert.Equal(t, addAzure.Id, updateAzure.ID) + assert.Equal(t, name, updateAzure.Name) + assert.Equal(t, domain.IDPTypeAzure.String(), updateAzure.Type) + assert.Equal(t, true, updateAzure.AllowLinking) + assert.Equal(t, true, updateAzure.AllowCreation) + assert.Equal(t, true, updateAzure.AllowAutoUpdate) + assert.Equal(t, domain.IDPAutoLinkingOptionEmail.String(), updateAzure.AllowAutoLinking) + assert.WithinRange(t, updateAzure.UpdatedAt, beforeCreate, afterCreate) + + // azure + assert.Equal(t, "new_clientId", updateAzure.ClientID) + assert.NotEqual(t, azure.ClientSecret, updateAzure.ClientSecret) + assert.Equal(t, domain.AzureTenantTypeConsumers.String(), updateAzure.Tenant) + assert.Equal(t, true, updateAzure.IsEmailVerified) + assert.Equal(t, []string{"new_scope"}, updateAzure.Scopes) + }, retryDuration, tick) + }) + + t.Run("test instance idp github added reduces", func(t *testing.T) { + name := gofakeit.Name() + + // add github + beforeCreate := time.Now() + // addGithub, err := MgmtClient.AddGitHubProvider(CTX, &admin.AddGitHubProviderRequest{ + addGithub, err := MgmtClient.AddGitHubProvider(CTX, &management.AddGitHubProviderRequest{ + Name: name, + ClientId: "clientId", + ClientSecret: "clientSecret", + Scopes: []string{"scope"}, + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: false, + IsCreationAllowed: false, + IsAutoCreation: false, + IsAutoUpdate: false, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME, + }, + }) + afterCreate := time.Now() + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + // check values for github + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + github, err := idpRepo.GetGithub(CTX, idpRepo.IDCondition(addGithub.Id), instanceID, &orgID) + require.NoError(t, err) + + // event instance.idp.github.added + // idp + assert.Equal(t, instanceID, github.InstanceID) + assert.Equal(t, orgID, *github.OrgID) + assert.Equal(t, addGithub.Id, github.ID) + assert.Equal(t, name, github.Name) + assert.Equal(t, domain.IDPTypeGitHub.String(), github.Type) + assert.Equal(t, false, github.AllowLinking) + assert.Equal(t, false, github.AllowCreation) + assert.Equal(t, false, github.AllowAutoUpdate) + assert.Equal(t, domain.IDPAutoLinkingOptionUserName.String(), github.AllowAutoLinking) + assert.WithinRange(t, github.UpdatedAt, beforeCreate, afterCreate) + + assert.Equal(t, "clientId", github.ClientID) + assert.NotNil(t, github.ClientSecret) + assert.Equal(t, []string{"scope"}, github.Scopes) + }, retryDuration, tick) + }) + + t.Run("test instance idp github changed reduces", func(t *testing.T) { + name := gofakeit.Name() + + // add github + // addGithub, err := MgmtClient.AddGitHubProvider(CTX, &admin.AddGitHubProviderRequest{ + addGithub, err := MgmtClient.AddGitHubProvider(CTX, &management.AddGitHubProviderRequest{ + Name: name, + ClientId: "clientId", + ClientSecret: "clientSecret", + Scopes: []string{"scope"}, + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: false, + IsCreationAllowed: false, + IsAutoCreation: false, + IsAutoUpdate: false, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME, + }, + }) + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + var github *domain.IDPGithub + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + github, err = idpRepo.GetGithub(CTX, idpRepo.IDCondition(addGithub.Id), instanceID, &orgID) + require.NoError(t, err) + assert.Equal(t, addGithub.Id, github.ID) + }, retryDuration, tick) + + name = "new_" + name + // change github + beforeCreate := time.Now() + // _, err = MgmtClient.UpdateGitHubProvider(CTX, &admin.UpdateGitHubProviderRequest{ + _, err = MgmtClient.UpdateGitHubProvider(CTX, &management.UpdateGitHubProviderRequest{ + Id: addGithub.Id, + Name: name, + ClientId: "new_clientId", + ClientSecret: "new_clientSecret", + Scopes: []string{"new_scope"}, + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: true, + IsCreationAllowed: true, + IsAutoCreation: true, + IsAutoUpdate: true, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME, + }, + }) + afterCreate := time.Now() + require.NoError(t, err) + + // check values for azure + retryDuration, tick = integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + updateGithub, err := idpRepo.GetGithub(CTX, idpRepo.IDCondition(addGithub.Id), instanceID, &orgID) + require.NoError(t, err) + + // event instance.idp.github.changed + // idp + assert.Equal(t, instanceID, updateGithub.InstanceID) + assert.Equal(t, orgID, *updateGithub.OrgID) + assert.Equal(t, addGithub.Id, updateGithub.ID) + assert.Equal(t, name, updateGithub.Name) + assert.Equal(t, domain.IDPTypeGitHub.String(), updateGithub.Type) + assert.Equal(t, true, updateGithub.AllowLinking) + assert.Equal(t, true, updateGithub.AllowCreation) + assert.Equal(t, true, updateGithub.AllowAutoUpdate) + assert.Equal(t, domain.IDPAutoLinkingOptionUserName.String(), updateGithub.AllowAutoLinking) + assert.WithinRange(t, updateGithub.UpdatedAt, beforeCreate, afterCreate) + + // github + assert.Equal(t, "new_clientId", updateGithub.ClientID) + assert.NotEqual(t, github.ClientSecret, updateGithub.ClientSecret) + assert.Equal(t, []string{"new_scope"}, updateGithub.Scopes) + }, retryDuration, tick) + }) + + t.Run("test instance idp github enterprise added reduces", func(t *testing.T) { + name := gofakeit.Name() + + // add github enterprise + beforeCreate := time.Now() + // addGithubEnterprise, err := MgmtClient.AddGitHubEnterpriseServerProvider(CTX, &admin.AddGitHubEnterpriseServerProviderRequest{ + addGithubEnterprise, err := MgmtClient.AddGitHubEnterpriseServerProvider(CTX, &management.AddGitHubEnterpriseServerProviderRequest{ + Name: name, + ClientId: "clientId", + ClientSecret: "clientSecret", + AuthorizationEndpoint: "authoizationEndpoint", + TokenEndpoint: "tokenEndpoint", + UserEndpoint: "userEndpoint", + Scopes: []string{"scope"}, + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: false, + IsCreationAllowed: false, + IsAutoCreation: false, + IsAutoUpdate: false, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_EMAIL, + }, + }) + afterCreate := time.Now() + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + // check values for github enterprise + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + githubEnterprise, err := idpRepo.GetGithubEnterprise(CTX, idpRepo.IDCondition(addGithubEnterprise.Id), instanceID, &orgID) + require.NoError(t, err) + + // event instance.idp.github_enterprise.added + // idp + assert.Equal(t, instanceID, githubEnterprise.InstanceID) + assert.Equal(t, orgID, *githubEnterprise.OrgID) + assert.Equal(t, addGithubEnterprise.Id, githubEnterprise.ID) + assert.Equal(t, name, githubEnterprise.Name) + assert.Equal(t, domain.IDPTypeGitHubEnterprise.String(), githubEnterprise.Type) + assert.Equal(t, false, githubEnterprise.AllowLinking) + assert.Equal(t, false, githubEnterprise.AllowCreation) + assert.Equal(t, false, githubEnterprise.AllowAutoUpdate) + assert.Equal(t, domain.IDPAutoLinkingOptionEmail.String(), githubEnterprise.AllowAutoLinking) + assert.WithinRange(t, githubEnterprise.CreatedAt, beforeCreate, afterCreate) + assert.WithinRange(t, githubEnterprise.UpdatedAt, beforeCreate, afterCreate) + + // github enterprise + assert.Equal(t, "clientId", githubEnterprise.ClientID) + assert.NotNil(t, githubEnterprise.ClientSecret) + assert.Equal(t, "authoizationEndpoint", githubEnterprise.AuthorizationEndpoint) + assert.Equal(t, "tokenEndpoint", githubEnterprise.TokenEndpoint) + assert.Equal(t, "userEndpoint", githubEnterprise.UserEndpoint) + assert.Equal(t, []string{"scope"}, githubEnterprise.Scopes) + }, retryDuration, tick) + }) + + t.Run("test instance idp github enterprise changed reduces", func(t *testing.T) { + name := gofakeit.Name() + + // add github enterprise + // addGithubEnterprise, err := MgmtClient.AddGitHubEnterpriseServerProvider(CTX, &admin.AddGitHubEnterpriseServerProviderRequest{ + addGithubEnterprise, err := MgmtClient.AddGitHubEnterpriseServerProvider(CTX, &management.AddGitHubEnterpriseServerProviderRequest{ + Name: name, + ClientId: "clientId", + ClientSecret: "clientSecret", + AuthorizationEndpoint: "authoizationEndpoint", + TokenEndpoint: "tokenEndpoint", + UserEndpoint: "userEndpoint", + Scopes: []string{"scope"}, + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: true, + IsCreationAllowed: true, + IsAutoCreation: true, + IsAutoUpdate: true, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME, + }, + }) + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + var githubEnterprise *domain.IDPGithubEnterprise + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + githubEnterprise, err = idpRepo.GetGithubEnterprise(CTX, idpRepo.IDCondition(addGithubEnterprise.Id), instanceID, &orgID) + require.NoError(t, err) + assert.Equal(t, addGithubEnterprise.Id, githubEnterprise.ID) + }, retryDuration, tick) + + name = "new_" + name + // change github enterprise + beforeCreate := time.Now() + // _, err = MgmtClient.UpdateGitHubEnterpriseServerProvider(CTX, &admin.UpdateGitHubEnterpriseServerProviderRequest{ + _, err = MgmtClient.UpdateGitHubEnterpriseServerProvider(CTX, &management.UpdateGitHubEnterpriseServerProviderRequest{ + Id: addGithubEnterprise.Id, + Name: name, + ClientId: "new_clientId", + ClientSecret: "new_clientSecret", + AuthorizationEndpoint: "new_authoizationEndpoint", + TokenEndpoint: "new_tokenEndpoint", + UserEndpoint: "new_userEndpoint", + Scopes: []string{"new_scope"}, + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: false, + IsCreationAllowed: false, + IsAutoCreation: false, + IsAutoUpdate: false, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_EMAIL, + }, + }) + afterCreate := time.Now() + require.NoError(t, err) + + // check values for azure + retryDuration, tick = integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + updateGithubEnterprise, err := idpRepo.GetGithubEnterprise(CTX, idpRepo.IDCondition(addGithubEnterprise.Id), instanceID, &orgID) + require.NoError(t, err) + + // event instance.idp.github_enterprise.changed + // idp + assert.Equal(t, instanceID, githubEnterprise.InstanceID) + assert.Equal(t, orgID, *githubEnterprise.OrgID) + assert.Equal(t, addGithubEnterprise.Id, updateGithubEnterprise.ID) + assert.Equal(t, name, updateGithubEnterprise.Name) + assert.Equal(t, domain.IDPTypeGitHubEnterprise.String(), updateGithubEnterprise.Type) + assert.Equal(t, false, updateGithubEnterprise.AllowLinking) + assert.Equal(t, false, updateGithubEnterprise.AllowCreation) + assert.Equal(t, false, updateGithubEnterprise.AllowAutoUpdate) + assert.Equal(t, domain.IDPAutoLinkingOptionEmail.String(), updateGithubEnterprise.AllowAutoLinking) + assert.WithinRange(t, updateGithubEnterprise.UpdatedAt, beforeCreate, afterCreate) + + // github enterprise + assert.Equal(t, "new_clientId", updateGithubEnterprise.ClientID) + assert.NotNil(t, updateGithubEnterprise.ClientSecret) + assert.Equal(t, "new_authoizationEndpoint", updateGithubEnterprise.AuthorizationEndpoint) + assert.Equal(t, "new_tokenEndpoint", updateGithubEnterprise.TokenEndpoint) + assert.Equal(t, "new_userEndpoint", updateGithubEnterprise.UserEndpoint) + assert.Equal(t, []string{"new_scope"}, updateGithubEnterprise.Scopes) + }, retryDuration, tick) + }) + + t.Run("test instance idp gitlab added reduces", func(t *testing.T) { + name := gofakeit.Name() + + // add gitlab + beforeCreate := time.Now() + // addGithub, err := MgmtClient.AddGitLabProvider(CTX, &admin.AddGitLabProviderRequest{ + addGithub, err := MgmtClient.AddGitLabProvider(CTX, &management.AddGitLabProviderRequest{ + Name: name, + ClientId: "clientId", + ClientSecret: "clientSecret", + Scopes: []string{"scope"}, + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: false, + IsCreationAllowed: false, + IsAutoCreation: false, + IsAutoUpdate: false, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_EMAIL, + }, + }) + afterCreate := time.Now() + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + // check values for gitlab + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + gitlab, err := idpRepo.GetGitlab(CTX, idpRepo.IDCondition(addGithub.Id), instanceID, &orgID) + require.NoError(t, err) + + // event instance.idp.gitlab.added + // idp + assert.Equal(t, instanceID, gitlab.InstanceID) + assert.Equal(t, orgID, *gitlab.OrgID) + assert.Equal(t, addGithub.Id, gitlab.ID) + assert.Equal(t, name, gitlab.Name) + assert.Equal(t, domain.IDPTypeGitLab.String(), gitlab.Type) + assert.Equal(t, false, gitlab.AllowLinking) + assert.Equal(t, false, gitlab.AllowCreation) + assert.Equal(t, false, gitlab.AllowAutoUpdate) + assert.Equal(t, domain.IDPAutoLinkingOptionEmail.String(), gitlab.AllowAutoLinking) + assert.WithinRange(t, gitlab.CreatedAt, beforeCreate, afterCreate) + assert.WithinRange(t, gitlab.UpdatedAt, beforeCreate, afterCreate) + + // gitlab + assert.Equal(t, "clientId", gitlab.ClientID) + assert.NotNil(t, gitlab.ClientSecret) + assert.Equal(t, []string{"scope"}, gitlab.Scopes) + }, retryDuration, tick) + }) + + t.Run("test instance idp gitlab changed reduces", func(t *testing.T) { + name := gofakeit.Name() + + // add gitlab + // addGitlab, err := MgmtClient.AddGitLabProvider(CTX, &admin.AddGitLabProviderRequest{ + addGitlab, err := MgmtClient.AddGitLabProvider(CTX, &management.AddGitLabProviderRequest{ + Name: name, + ClientId: "clientId", + ClientSecret: "clientSecret", + Scopes: []string{"scope"}, + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: false, + IsCreationAllowed: false, + IsAutoCreation: false, + IsAutoUpdate: false, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME, + }, + }) + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + var githlab *domain.IDPGitlab + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + githlab, err = idpRepo.GetGitlab(CTX, idpRepo.IDCondition(addGitlab.Id), instanceID, &orgID) + require.NoError(t, err) + assert.Equal(t, addGitlab.Id, githlab.ID) + }, retryDuration, tick) + + name = "new_" + name + // change gitlab + beforeCreate := time.Now() + // _, err = MgmtClient.UpdateGitLabProvider(CTX, &admin.UpdateGitLabProviderRequest{ + _, err = MgmtClient.UpdateGitLabProvider(CTX, &management.UpdateGitLabProviderRequest{ + Id: addGitlab.Id, + Name: name, + ClientId: "new_clientId", + ClientSecret: "new_clientSecret", + Scopes: []string{"new_scope"}, + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: true, + IsCreationAllowed: true, + IsAutoCreation: true, + IsAutoUpdate: true, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME, + }, + }) + afterCreate := time.Now() + require.NoError(t, err) + + // check values for gitlab + retryDuration, tick = integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + updateGithlab, err := idpRepo.GetGitlab(CTX, idpRepo.IDCondition(addGitlab.Id), instanceID, &orgID) + require.NoError(t, err) + + // event instance.idp.gitlab.changed + // idp + assert.Equal(t, instanceID, updateGithlab.InstanceID) + assert.Equal(t, orgID, *updateGithlab.OrgID) + assert.Equal(t, addGitlab.Id, updateGithlab.ID) + assert.Equal(t, name, updateGithlab.Name) + assert.Equal(t, true, updateGithlab.AllowLinking) + assert.Equal(t, true, updateGithlab.AllowCreation) + assert.Equal(t, true, updateGithlab.AllowAutoUpdate) + assert.Equal(t, domain.IDPAutoLinkingOptionUserName.String(), updateGithlab.AllowAutoLinking) + assert.WithinRange(t, updateGithlab.UpdatedAt, beforeCreate, afterCreate) + + // gitlab + assert.Equal(t, "new_clientId", updateGithlab.ClientID) + assert.NotEqual(t, githlab.ClientSecret, updateGithlab.ClientSecret) + assert.Equal(t, domain.IDPTypeGitLab.String(), updateGithlab.Type) + assert.Equal(t, []string{"new_scope"}, updateGithlab.Scopes) + }, retryDuration, tick) + }) + + t.Run("test instance idp gitlab self hosted added reduces", func(t *testing.T) { + name := gofakeit.Name() + + // add gitlab self hosted + beforeCreate := time.Now() + // addGitlabSelfHosted, err := MgmtClient.AddGitLabSelfHostedProvider(CTX, &admin.AddGitLabSelfHostedProviderRequest{ + addGitlabSelfHosted, err := MgmtClient.AddGitLabSelfHostedProvider(CTX, &management.AddGitLabSelfHostedProviderRequest{ + Name: name, + Issuer: "issuer", + ClientId: "clientId", + ClientSecret: "clientSecret", + Scopes: []string{"scope"}, + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: false, + IsCreationAllowed: false, + IsAutoCreation: false, + IsAutoUpdate: false, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_EMAIL, + }, + }) + afterCreate := time.Now() + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + // check values for gitlab self hosted + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + gitlabSelfHosted, err := idpRepo.GetGitlabSelfHosting(CTX, idpRepo.IDCondition(addGitlabSelfHosted.Id), instanceID, &orgID) + require.NoError(t, err) + + // event instance.idp.gitlab_self_hosted.added + // idp + assert.Equal(t, instanceID, gitlabSelfHosted.InstanceID) + assert.Equal(t, orgID, *gitlabSelfHosted.OrgID) + assert.Equal(t, addGitlabSelfHosted.Id, gitlabSelfHosted.ID) + assert.Equal(t, name, gitlabSelfHosted.Name) + assert.Equal(t, domain.IDPTypeGitLabSelfHosted.String(), gitlabSelfHosted.Type) + assert.Equal(t, false, gitlabSelfHosted.AllowLinking) + assert.Equal(t, false, gitlabSelfHosted.AllowCreation) + assert.Equal(t, false, gitlabSelfHosted.AllowAutoUpdate) + assert.Equal(t, domain.IDPAutoLinkingOptionEmail.String(), gitlabSelfHosted.AllowAutoLinking) + assert.WithinRange(t, gitlabSelfHosted.CreatedAt, beforeCreate, afterCreate) + assert.WithinRange(t, gitlabSelfHosted.UpdatedAt, beforeCreate, afterCreate) + + // gitlab self hosted + assert.Equal(t, "clientId", gitlabSelfHosted.ClientID) + assert.Equal(t, "issuer", gitlabSelfHosted.Issuer) + assert.NotNil(t, gitlabSelfHosted.ClientSecret) + assert.Equal(t, []string{"scope"}, gitlabSelfHosted.Scopes) + }, retryDuration, tick) + }) + + t.Run("test instance idp gitlab self hosted changed reduces", func(t *testing.T) { + name := gofakeit.Name() + + // add gitlab self hosted + // addGitlabSelfHosted, err := MgmtClient.AddGitLabSelfHostedProvider(CTX, &admin.AddGitLabSelfHostedProviderRequest{ + addGitlabSelfHosted, err := MgmtClient.AddGitLabSelfHostedProvider(CTX, &management.AddGitLabSelfHostedProviderRequest{ + Name: name, + Issuer: "issuer", + ClientId: "clientId", + ClientSecret: "clientSecret", + Scopes: []string{"scope"}, + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: false, + IsCreationAllowed: false, + IsAutoCreation: false, + IsAutoUpdate: false, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_EMAIL, + }, + }) + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + var githlabSelfHosted *domain.IDPGitlabSelfHosting + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + githlabSelfHosted, err = idpRepo.GetGitlabSelfHosting(CTX, idpRepo.IDCondition(addGitlabSelfHosted.Id), instanceID, &orgID) + require.NoError(t, err) + assert.Equal(t, addGitlabSelfHosted.Id, githlabSelfHosted.ID) + }, retryDuration, tick) + + name = "new_" + name + // change gitlab self hosted + beforeCreate := time.Now() + // _, err = MgmtClient.UpdateGitLabSelfHostedProvider(CTX, &admin.UpdateGitLabSelfHostedProviderRequest{ + _, err = MgmtClient.UpdateGitLabSelfHostedProvider(CTX, &management.UpdateGitLabSelfHostedProviderRequest{ + Id: addGitlabSelfHosted.Id, + Name: name, + ClientId: "new_clientId", + Issuer: "new_issuer", + ClientSecret: "new_clientSecret", + Scopes: []string{"new_scope"}, + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: true, + IsCreationAllowed: true, + IsAutoCreation: true, + IsAutoUpdate: true, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME, + }, + }) + afterCreate := time.Now() + require.NoError(t, err) + + // check values for gitlab self hosted + retryDuration, tick = integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + updateGithlabSelfHosted, err := idpRepo.GetGitlabSelfHosting(CTX, idpRepo.IDCondition(addGitlabSelfHosted.Id), instanceID, &orgID) + require.NoError(t, err) + + // event instance.idp.gitlab_self_hosted.changed + // idp + assert.Equal(t, instanceID, updateGithlabSelfHosted.InstanceID) + assert.Equal(t, orgID, *updateGithlabSelfHosted.OrgID) + assert.Equal(t, addGitlabSelfHosted.Id, updateGithlabSelfHosted.ID) + assert.Equal(t, name, updateGithlabSelfHosted.Name) + assert.Equal(t, domain.IDPTypeGitLabSelfHosted.String(), updateGithlabSelfHosted.Type) + assert.Equal(t, true, updateGithlabSelfHosted.AllowLinking) + assert.Equal(t, true, updateGithlabSelfHosted.AllowCreation) + assert.Equal(t, true, updateGithlabSelfHosted.AllowAutoUpdate) + assert.Equal(t, domain.IDPAutoLinkingOptionUserName.String(), updateGithlabSelfHosted.AllowAutoLinking) + assert.WithinRange(t, updateGithlabSelfHosted.UpdatedAt, beforeCreate, afterCreate) + + // gitlab self hosted + assert.Equal(t, "new_clientId", updateGithlabSelfHosted.ClientID) + assert.Equal(t, "new_issuer", updateGithlabSelfHosted.Issuer) + assert.NotEqual(t, githlabSelfHosted.ClientSecret, updateGithlabSelfHosted.ClientSecret) + assert.Equal(t, []string{"new_scope"}, updateGithlabSelfHosted.Scopes) + }, retryDuration, tick) + }) + + t.Run("test instance idp google added reduces", func(t *testing.T) { + name := gofakeit.Name() + + // add google + beforeCreate := time.Now() + // addGoogle, err := MgmtClient.AddGoogleProvider(CTX, &admin.AddGoogleProviderRequest{ + addGoogle, err := MgmtClient.AddGoogleProvider(CTX, &management.AddGoogleProviderRequest{ + Name: name, + ClientId: "clientId", + ClientSecret: "clientSecret", + Scopes: []string{"scope"}, + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: false, + IsCreationAllowed: false, + IsAutoCreation: false, + IsAutoUpdate: false, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_EMAIL, + }, + }) + afterCreate := time.Now() + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + // check values for google + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + google, err := idpRepo.GetGoogle(CTX, idpRepo.IDCondition(addGoogle.Id), instanceID, &orgID) + require.NoError(t, err) + + // event instance.idp.google.added + // idp + assert.Equal(t, instanceID, google.InstanceID) + assert.Equal(t, orgID, *google.OrgID) + assert.Equal(t, addGoogle.Id, google.ID) + assert.Equal(t, name, google.Name) + assert.Equal(t, domain.IDPTypeGoogle.String(), google.Type) + assert.Equal(t, false, google.AllowLinking) + assert.Equal(t, false, google.AllowCreation) + assert.Equal(t, false, google.AllowAutoUpdate) + assert.Equal(t, domain.IDPAutoLinkingOptionEmail.String(), google.AllowAutoLinking) + assert.WithinRange(t, google.CreatedAt, beforeCreate, afterCreate) + assert.WithinRange(t, google.UpdatedAt, beforeCreate, afterCreate) + + // google + assert.Equal(t, "clientId", google.ClientID) + assert.NotNil(t, google.ClientSecret) + assert.Equal(t, []string{"scope"}, google.Scopes) + }, retryDuration, tick) + }) + + t.Run("test instance idp google changed reduces", func(t *testing.T) { + name := gofakeit.Name() + + // add google + // addGoogle, err := MgmtClient.AddGoogleProvider(CTX, &admin.AddGoogleProviderRequest{ + addGoogle, err := MgmtClient.AddGoogleProvider(CTX, &management.AddGoogleProviderRequest{ + Name: name, + ClientId: "clientId", + ClientSecret: "clientSecret", + Scopes: []string{"scope"}, + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: false, + IsCreationAllowed: false, + IsAutoCreation: false, + IsAutoUpdate: false, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_EMAIL, + }, + }) + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + var google *domain.IDPGoogle + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + google, err = idpRepo.GetGoogle(CTX, idpRepo.IDCondition(addGoogle.Id), instanceID, &orgID) + require.NoError(t, err) + assert.Equal(t, addGoogle.Id, google.ID) + }, retryDuration, tick) + + name = "new_" + name + // change google + beforeCreate := time.Now() + // _, err = MgmtClient.UpdateGoogleProvider(CTX, &admin.UpdateGoogleProviderRequest{ + _, err = MgmtClient.UpdateGoogleProvider(CTX, &management.UpdateGoogleProviderRequest{ + Id: addGoogle.Id, + Name: name, + ClientId: "new_clientId", + ClientSecret: "new_clientSecret", + Scopes: []string{"new_scope"}, + ProviderOptions: &idp_grpc.Options{ + IsLinkingAllowed: true, + IsCreationAllowed: true, + IsAutoCreation: true, + IsAutoUpdate: true, + AutoLinking: idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME, + }, + }) + afterCreate := time.Now() + require.NoError(t, err) + + // check values for google + retryDuration, tick = integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + updateGoogle, err := idpRepo.GetGoogle(CTX, idpRepo.IDCondition(addGoogle.Id), instanceID, &orgID) + require.NoError(t, err) + + // event instance.idp.google.changed + // idp + assert.Equal(t, instanceID, updateGoogle.InstanceID) + assert.Equal(t, orgID, *updateGoogle.OrgID) + assert.Equal(t, addGoogle.Id, updateGoogle.ID) + assert.Equal(t, name, updateGoogle.Name) + assert.Equal(t, domain.IDPTypeGoogle.String(), updateGoogle.Type) + assert.Equal(t, true, updateGoogle.AllowLinking) + assert.Equal(t, true, updateGoogle.AllowCreation) + assert.Equal(t, true, updateGoogle.AllowAutoUpdate) + assert.Equal(t, domain.IDPAutoLinkingOptionUserName.String(), updateGoogle.AllowAutoLinking) + assert.WithinRange(t, updateGoogle.UpdatedAt, beforeCreate, afterCreate) + + // google + assert.Equal(t, "new_clientId", updateGoogle.ClientID) + assert.NotEqual(t, google.ClientSecret, updateGoogle.ClientSecret) + assert.Equal(t, []string{"new_scope"}, updateGoogle.Scopes) + }, retryDuration, tick) + }) +} diff --git a/backend/v3/storage/database/events_testing/id_provider_test.go b/backend/v3/storage/database/events_testing/id_provider_test.go index 392d205411..e613b3227f 100644 --- a/backend/v3/storage/database/events_testing/id_provider_test.go +++ b/backend/v3/storage/database/events_testing/id_provider_test.go @@ -258,7 +258,7 @@ func TestServer_TestIDProviderReduces(t *testing.T) { }, retryDuration, tick) }) - t.Run("test iam idp oidc addded reduces", func(t *testing.T) { + t.Run("test iam idp oidc added reduces", func(t *testing.T) { name := gofakeit.Name() // add oidc @@ -390,7 +390,7 @@ func TestServer_TestIDProviderReduces(t *testing.T) { }, retryDuration, tick) }) - t.Run("test iam idp jwt addded reduces", func(t *testing.T) { + t.Run("test iam idp jwt added reduces", func(t *testing.T) { name := gofakeit.Name() // add jwt diff --git a/backend/v3/storage/database/repository/id_provider.go b/backend/v3/storage/database/repository/id_provider.go index 21418f6183..31f0634071 100644 --- a/backend/v3/storage/database/repository/id_provider.go +++ b/backend/v3/storage/database/repository/id_provider.go @@ -395,7 +395,7 @@ func (i idProvider) InstanceIDCondition(id string) database.Condition { func (i idProvider) OrgIDCondition(id *string) database.Condition { if id == nil { - return nil + return database.IsNull(i.OrgIDColumn()) } return database.NewTextCondition(i.OrgIDColumn(), database.TextOperationEqual, *id) } diff --git a/internal/eventstore/handler/v2/statement.go b/internal/eventstore/handler/v2/statement.go index 5024c8c945..e6f8e47a47 100644 --- a/internal/eventstore/handler/v2/statement.go +++ b/internal/eventstore/handler/v2/statement.go @@ -425,10 +425,9 @@ func NewArrayRemoveCol(column string, value interface{}) Column { func NewArrayIntersectCol(column string, value interface{}) Column { var arrayType string switch value.(type) { - case []string, database.TextArray[string]: arrayType = "TEXT" - //TODO: handle more types if necessary + // TODO: handle more types if necessary } return Column{ Name: column, @@ -598,6 +597,10 @@ type NamespacedCondition func(namespace string) Condition func NewCond(name string, value interface{}) Condition { return func(param string) (string, []any) { + nilStrPtr, ok := value.(*string) + if ok && nilStrPtr == nil { + return name + " IS NULL", nil + } return name + " = " + param, []any{value} } } @@ -659,13 +662,15 @@ type Executer interface { Exec(string, ...interface{}) (sql.Result, error) } -type execOption func(*execConfig) -type execConfig struct { - tableName string +type ( + execOption func(*execConfig) + execConfig struct { + tableName string - args []interface{} - err error -} + args []interface{} + err error + } +) type query func(config execConfig) string diff --git a/internal/query/projection/idp_relational.go b/internal/query/projection/idp_relational.go index c5297cb13c..ee0ecf7945 100644 --- a/internal/query/projection/idp_relational.go +++ b/internal/query/projection/idp_relational.go @@ -3,12 +3,14 @@ package projection import ( "context" "encoding/json" + "fmt" "github.com/zitadel/zitadel/backend/v3/domain" "github.com/zitadel/zitadel/backend/v3/storage/database/dialect/postgres" "github.com/zitadel/zitadel/backend/v3/storage/database/repository" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/eventstore/handler/v2" + "github.com/zitadel/zitadel/internal/repository/idpconfig" "github.com/zitadel/zitadel/internal/repository/instance" "github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/zerrors" @@ -77,7 +79,7 @@ func (p *idpRelationalProjection) Reducers() []handler.AggregateReducer { }, { Event: instance.IDPJWTConfigChangedEventType, - Reduce: p.reduceJWTConfigChanged, + Reduce: p.reduceJWTRelationalConfigChanged, }, // { // Event: instance.InstanceRemovedEventType, @@ -85,251 +87,402 @@ func (p *idpRelationalProjection) Reducers() []handler.AggregateReducer { // }, }, }, + { + Aggregate: org.AggregateType, + EventReducers: []handler.EventReducer{ + { + Event: org.IDPConfigAddedEventType, + Reduce: p.reduceIDPRelationalAdded, + }, + { + Event: org.IDPConfigChangedEventType, + Reduce: p.reduceIDPRelationalChanged, + }, + { + Event: org.IDPConfigDeactivatedEventType, + Reduce: p.reduceIDRelationalPDeactivated, + }, + { + Event: org.IDPConfigReactivatedEventType, + Reduce: p.reduceIDPRelationalReactivated, + }, + { + Event: org.IDPConfigRemovedEventType, + Reduce: p.reduceIDPRelationalRemoved, + }, + { + Event: org.IDPOIDCConfigAddedEventType, + Reduce: p.reduceOIDCRelationalConfigAdded, + }, + { + Event: org.IDPOIDCConfigChangedEventType, + Reduce: p.reduceOIDCRelationalConfigChanged, + }, + { + Event: org.IDPJWTConfigAddedEventType, + Reduce: p.reduceJWTRelationalConfigAdded, + }, + { + Event: org.IDPJWTConfigChangedEventType, + Reduce: p.reduceJWTRelationalConfigChanged, + }, + // { + // Event: org.OrgRemovedEventType, + // Reduce: p.reduceOwnerRemoved, + // }, + }, + }, } } func (p *idpRelationalProjection) reduceIDPRelationalAdded(event eventstore.Event) (*handler.Statement, error) { - e, ok := event.(*instance.IDPConfigAddedEvent) - if !ok { - return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-fcUdQ", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigAddedEventType, instance.IDPConfigAddedEventType}) + var idpEvent idpconfig.IDPConfigAddedEvent + switch e := event.(type) { + case *org.IDPConfigAddedEvent: + idpEvent = e.IDPConfigAddedEvent + case *instance.IDPConfigAddedEvent: + idpEvent = e.IDPConfigAddedEvent + default: + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-YcUdQ", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigAddedEventType, instance.IDPConfigAddedEventType}) } + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner + } + fmt.Printf("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> idpEvent.Aggregate().InstanceID = %+v\n", idpEvent.Aggregate().InstanceID) + fmt.Printf("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> idpEvent.Aggregate().ResourceOwner = %+v\n", idpEvent.Aggregate().ResourceOwner) + fmt.Printf("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> idpEvent.Aggregate() = %+v\n", idpEvent.Aggregate()) + fmt.Printf("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> REDUCE ADD orgId = %+v\n", orgId) + return handler.NewCreateStatement( - e, + &idpEvent, []handler.Column{ - handler.NewCol(IDPInstanceIDCol, e.Aggregate().InstanceID), - handler.NewCol(IDPRelationalOrgIdCol, nil), - handler.NewCol(IDPIDCol, e.ConfigID), + handler.NewCol(IDPInstanceIDCol, idpEvent.Aggregate().InstanceID), + handler.NewCol(IDPRelationalOrgIdCol, orgId), + handler.NewCol(IDPIDCol, idpEvent.ConfigID), handler.NewCol(IDPStateCol, domain.IDPStateActive.String()), - handler.NewCol(IDPNameCol, e.Name), + handler.NewCol(IDPNameCol, idpEvent.Name), handler.NewCol(IDPTemplateTypeCol, domain.IDPTypeUnspecified.String()), - handler.NewCol(IDPRelationalAutoRegisterCol, e.AutoRegister), + handler.NewCol(IDPRelationalAutoRegisterCol, idpEvent.AutoRegister), handler.NewCol(IDPRelationalAllowCreationCol, true), handler.NewCol(IDPRelationalAllowAutoUpdateCol, false), handler.NewCol(IDPRelationalAllowLinkingCol, true), handler.NewCol(IDPRelationalAllowAutoLinkingCol, domain.IDPAutoLinkingOptionUnspecified.String()), - handler.NewCol(IDPStylingTypeCol, e.StylingType), - handler.NewCol(CreatedAt, e.CreationDate()), + handler.NewCol(IDPStylingTypeCol, idpEvent.StylingType), + handler.NewCol(CreatedAt, idpEvent.CreationDate()), }, ), nil } func (p *idpRelationalProjection) reduceIDPRelationalChanged(event eventstore.Event) (*handler.Statement, error) { - e, ok := event.(*instance.IDPConfigChangedEvent) - if !ok { - return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-NVvJD", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigChangedEventType, instance.IDPConfigChangedEventType}) + var idpEvent idpconfig.IDPConfigChangedEvent + switch e := event.(type) { + case *org.IDPConfigChangedEvent: + idpEvent = e.IDPConfigChangedEvent + case *instance.IDPConfigChangedEvent: + idpEvent = e.IDPConfigChangedEvent + default: + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-YVvJD", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigChangedEventType, instance.IDPConfigChangedEventType}) + } + + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner } cols := make([]handler.Column, 0, 5) - if e.Name != nil { - cols = append(cols, handler.NewCol(IDPNameCol, *e.Name)) + if idpEvent.Name != nil { + cols = append(cols, handler.NewCol(IDPNameCol, *idpEvent.Name)) } - if e.StylingType != nil { - cols = append(cols, handler.NewCol(IDPStylingTypeCol, *e.StylingType)) + if idpEvent.StylingType != nil { + cols = append(cols, handler.NewCol(IDPStylingTypeCol, *idpEvent.StylingType)) } - if e.AutoRegister != nil { - cols = append(cols, handler.NewCol(IDPRelationalAutoRegisterCol, *e.AutoRegister)) + if idpEvent.AutoRegister != nil { + cols = append(cols, handler.NewCol(IDPRelationalAutoRegisterCol, *idpEvent.AutoRegister)) } if len(cols) == 0 { - return handler.NewNoOpStatement(e), nil + return handler.NewNoOpStatement(&idpEvent), nil } return handler.NewUpdateStatement( - e, + &idpEvent, cols, []handler.Condition{ - handler.NewCond(IDPIDCol, e.ConfigID), - handler.NewCond(IDPInstanceIDCol, e.Aggregate().InstanceID), + handler.NewCond(IDPIDCol, idpEvent.ConfigID), + handler.NewCond(IDPInstanceIDCol, idpEvent.Aggregate().InstanceID), + handler.NewCond(IDPRelationalOrgId, orgId), }, ), nil } func (p *idpRelationalProjection) reduceIDRelationalPDeactivated(event eventstore.Event) (*handler.Statement, error) { - e, ok := event.(*instance.IDPConfigDeactivatedEvent) - if !ok { - return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-94O5l", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigDeactivatedEventType, instance.IDPConfigDeactivatedEventType}) + var idpEvent idpconfig.IDPConfigDeactivatedEvent + switch e := event.(type) { + case *org.IDPConfigDeactivatedEvent: + idpEvent = e.IDPConfigDeactivatedEvent + case *instance.IDPConfigDeactivatedEvent: + idpEvent = e.IDPConfigDeactivatedEvent + default: + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Y4O5l", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigDeactivatedEventType, instance.IDPConfigDeactivatedEventType}) + } + + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner } return handler.NewUpdateStatement( - e, + &idpEvent, []handler.Column{ handler.NewCol(IDPStateCol, domain.IDPStateInactive.String()), }, []handler.Condition{ - handler.NewCond(IDPIDCol, e.ConfigID), - handler.NewCond(IDPInstanceIDCol, e.Aggregate().InstanceID), + handler.NewCond(IDPIDCol, idpEvent.ConfigID), + handler.NewCond(IDPInstanceIDCol, idpEvent.Aggregate().InstanceID), + handler.NewCond(IDPRelationalOrgId, orgId), }, ), nil } func (p *idpRelationalProjection) reduceIDPRelationalReactivated(event eventstore.Event) (*handler.Statement, error) { - e, ok := event.(*instance.IDPConfigReactivatedEvent) - if !ok { - return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-I8QyS", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigReactivatedEventType, instance.IDPConfigReactivatedEventType}) + var idpEvent idpconfig.IDPConfigReactivatedEvent + switch e := event.(type) { + case *org.IDPConfigReactivatedEvent: + idpEvent = e.IDPConfigReactivatedEvent + case *instance.IDPConfigReactivatedEvent: + idpEvent = e.IDPConfigReactivatedEvent + default: + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Y8QyS", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigReactivatedEventType, instance.IDPConfigReactivatedEventType}) + } + + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner } return handler.NewUpdateStatement( - e, + &idpEvent, []handler.Column{ handler.NewCol(IDPStateCol, domain.IDPStateActive.String()), }, []handler.Condition{ - handler.NewCond(IDPIDCol, e.ConfigID), - handler.NewCond(IDPInstanceIDCol, e.Aggregate().InstanceID), + handler.NewCond(IDPIDCol, idpEvent.ConfigID), + handler.NewCond(IDPInstanceIDCol, idpEvent.Aggregate().InstanceID), + handler.NewCond(IDPRelationalOrgId, orgId), }, ), nil } func (p *idpRelationalProjection) reduceIDPRelationalRemoved(event eventstore.Event) (*handler.Statement, error) { - e, ok := event.(*instance.IDPConfigRemovedEvent) - if !ok { - return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-B4zy8", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigRemovedEventType, instance.IDPConfigRemovedEventType}) + var idpEvent idpconfig.IDPConfigRemovedEvent + switch e := event.(type) { + case *org.IDPConfigRemovedEvent: + idpEvent = e.IDPConfigRemovedEvent + case *instance.IDPConfigRemovedEvent: + idpEvent = e.IDPConfigRemovedEvent + default: + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Y4zy8", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPConfigRemovedEventType, instance.IDPConfigRemovedEventType}) + } + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner } return handler.NewDeleteStatement( - e, + &idpEvent, []handler.Condition{ - handler.NewCond(IDPIDCol, e.ConfigID), - handler.NewCond(IDPInstanceIDCol, e.Aggregate().InstanceID), + handler.NewCond(IDPIDCol, idpEvent.ConfigID), + handler.NewCond(IDPInstanceIDCol, idpEvent.Aggregate().InstanceID), + handler.NewCond(IDPRelationalOrgId, orgId), }, ), nil } func (p *idpRelationalProjection) reduceOIDCRelationalConfigAdded(event eventstore.Event) (*handler.Statement, error) { - e, ok := event.(*instance.IDPOIDCConfigAddedEvent) - if !ok { - return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-2FuAA", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPOIDCConfigAddedEventType, instance.IDPOIDCConfigAddedEventType}) + var idpEvent idpconfig.OIDCConfigAddedEvent + switch e := event.(type) { + case *org.IDPOIDCConfigAddedEvent: + idpEvent = e.OIDCConfigAddedEvent + case *instance.IDPOIDCConfigAddedEvent: + idpEvent = e.OIDCConfigAddedEvent + default: + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-YFuAA", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPOIDCConfigAddedEventType, instance.IDPOIDCConfigAddedEventType}) } - payload, err := json.Marshal(e) + payload, err := json.Marshal(idpEvent) if err != nil { return nil, err } + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner + } + return handler.NewUpdateStatement( - e, + &idpEvent, []handler.Column{ handler.NewCol(IDPRelationalPayloadCol, payload), handler.NewCol(IDPTypeCol, domain.IDPTypeOIDC.String()), }, []handler.Condition{ - handler.NewCond(IDPIDCol, e.IDPConfigID), + handler.NewCond(IDPIDCol, idpEvent.IDPConfigID), + handler.NewCond(IDPInstanceIDCol, idpEvent.Aggregate().InstanceID), + handler.NewCond(IDPRelationalOrgId, orgId), }, ), nil } func (p *idpRelationalProjection) reduceOIDCRelationalConfigChanged(event eventstore.Event) (*handler.Statement, error) { - e, ok := event.(*instance.IDPOIDCConfigChangedEvent) - if !ok { - return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-x2IBI", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPOIDCConfigChangedEventType, instance.IDPOIDCConfigChangedEventType}) + var idpEvent idpconfig.OIDCConfigChangedEvent + switch e := event.(type) { + case *org.IDPOIDCConfigChangedEvent: + idpEvent = e.OIDCConfigChangedEvent + case *instance.IDPOIDCConfigChangedEvent: + idpEvent = e.OIDCConfigChangedEvent + default: + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Y2IVI", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPOIDCConfigChangedEventType, instance.IDPOIDCConfigChangedEventType}) } - oidc, err := p.idpRepo.GetOIDC(context.Background(), p.idpRepo.IDCondition(e.IDPConfigID), e.Agg.InstanceID, nil) + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner + } + + oidc, err := p.idpRepo.GetOIDC(context.Background(), p.idpRepo.IDCondition(idpEvent.IDPConfigID), idpEvent.Agg.InstanceID, orgId) if err != nil { return nil, err } - if e.ClientID != nil { - oidc.ClientID = *e.ClientID + if idpEvent.ClientID != nil { + oidc.ClientID = *idpEvent.ClientID } - if e.ClientSecret != nil { - oidc.ClientSecret = *e.ClientSecret + if idpEvent.ClientSecret != nil { + oidc.ClientSecret = *idpEvent.ClientSecret } - if e.Issuer != nil { - oidc.Issuer = *e.Issuer + if idpEvent.Issuer != nil { + oidc.Issuer = *idpEvent.Issuer } - if e.AuthorizationEndpoint != nil { - oidc.AuthorizationEndpoint = *e.AuthorizationEndpoint + if idpEvent.AuthorizationEndpoint != nil { + oidc.AuthorizationEndpoint = *idpEvent.AuthorizationEndpoint } - if e.TokenEndpoint != nil { - oidc.TokenEndpoint = *e.TokenEndpoint + if idpEvent.TokenEndpoint != nil { + oidc.TokenEndpoint = *idpEvent.TokenEndpoint } - if e.Scopes != nil { - oidc.Scopes = e.Scopes + if idpEvent.Scopes != nil { + oidc.Scopes = idpEvent.Scopes } - if e.IDPDisplayNameMapping != nil { - oidc.IDPDisplayNameMapping = domain.OIDCMappingField(*e.IDPDisplayNameMapping) + if idpEvent.IDPDisplayNameMapping != nil { + oidc.IDPDisplayNameMapping = domain.OIDCMappingField(*idpEvent.IDPDisplayNameMapping) } - if e.UserNameMapping != nil { - oidc.UserNameMapping = domain.OIDCMappingField(*e.UserNameMapping) + if idpEvent.UserNameMapping != nil { + oidc.UserNameMapping = domain.OIDCMappingField(*idpEvent.UserNameMapping) } - payload, err := json.Marshal(e) + payload, err := json.Marshal(idpEvent) if err != nil { return nil, err } return handler.NewUpdateStatement( - e, + &idpEvent, []handler.Column{ handler.NewCol(IDPRelationalPayloadCol, payload), handler.NewCol(IDPTypeCol, domain.IDPTypeOIDC.String()), }, []handler.Condition{ - handler.NewCond(IDPIDCol, e.IDPConfigID), + handler.NewCond(IDPIDCol, idpEvent.IDPConfigID), + handler.NewCond(IDPInstanceIDCol, idpEvent.Aggregate().InstanceID), + handler.NewCond(IDPRelationalOrgId, orgId), }, ), nil } func (p *idpRelationalProjection) reduceJWTRelationalConfigAdded(event eventstore.Event) (*handler.Statement, error) { - e, ok := event.(*instance.IDPJWTConfigAddedEvent) - if !ok { - return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-qvPdb", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPJWTConfigAddedEventType, instance.IDPJWTConfigAddedEventType}) + var idpEvent idpconfig.JWTConfigAddedEvent + switch e := event.(type) { + case *org.IDPJWTConfigAddedEvent: + idpEvent = e.JWTConfigAddedEvent + case *instance.IDPJWTConfigAddedEvent: + idpEvent = e.JWTConfigAddedEvent + default: + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-YvPdb", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPJWTConfigAddedEventType, instance.IDPJWTConfigAddedEventType}) } - payload, err := json.Marshal(e) + + payload, err := json.Marshal(idpEvent) if err != nil { return nil, err } + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner + } + return handler.NewUpdateStatement( - e, + &idpEvent, []handler.Column{ handler.NewCol(IDPRelationalPayloadCol, payload), handler.NewCol(IDPTypeCol, domain.IDPTypeJWT.String()), }, []handler.Condition{ - handler.NewCond(IDPIDCol, e.IDPConfigID), + handler.NewCond(IDPIDCol, idpEvent.IDPConfigID), + handler.NewCond(IDPInstanceIDCol, idpEvent.Aggregate().InstanceID), + handler.NewCond(IDPRelationalOrgId, orgId), }, ), nil } -func (p *idpRelationalProjection) reduceJWTConfigChanged(event eventstore.Event) (*handler.Statement, error) { - e, ok := event.(*instance.IDPJWTConfigChangedEvent) - if !ok { - return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-P2I9I", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPJWTConfigChangedEventType, instance.IDPJWTConfigChangedEventType}) +func (p *idpRelationalProjection) reduceJWTRelationalConfigChanged(event eventstore.Event) (*handler.Statement, error) { + var idpEvent idpconfig.JWTConfigChangedEvent + switch e := event.(type) { + case *org.IDPJWTConfigChangedEvent: + idpEvent = e.JWTConfigChangedEvent + case *instance.IDPJWTConfigChangedEvent: + idpEvent = e.JWTConfigChangedEvent + default: + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Y2IVI", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPJWTConfigChangedEventType, instance.IDPJWTConfigChangedEventType}) } - jwt, err := p.idpRepo.GetJWT(context.Background(), p.idpRepo.IDCondition(e.IDPConfigID), e.Agg.InstanceID, nil) + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner + } + + jwt, err := p.idpRepo.GetJWT(context.Background(), p.idpRepo.IDCondition(idpEvent.IDPConfigID), idpEvent.Agg.InstanceID, orgId) if err != nil { return nil, err } - if e.JWTEndpoint != nil { - jwt.JWTEndpoint = *e.JWTEndpoint + if idpEvent.JWTEndpoint != nil { + jwt.JWTEndpoint = *idpEvent.JWTEndpoint } - if e.Issuer != nil { - jwt.Issuer = *e.Issuer + if idpEvent.Issuer != nil { + jwt.Issuer = *idpEvent.Issuer } - if e.KeysEndpoint != nil { - jwt.KeysEndpoint = *e.KeysEndpoint + if idpEvent.KeysEndpoint != nil { + jwt.KeysEndpoint = *idpEvent.KeysEndpoint } - if e.HeaderName != nil { - jwt.HeaderName = *e.HeaderName + if idpEvent.HeaderName != nil { + jwt.HeaderName = *idpEvent.HeaderName } - payload, err := json.Marshal(e) + payload, err := json.Marshal(idpEvent) if err != nil { return nil, err } return handler.NewUpdateStatement( - e, + &idpEvent, []handler.Column{ handler.NewCol(IDPRelationalPayloadCol, payload), handler.NewCol(IDPTypeCol, domain.IDPTypeJWT.String()), }, []handler.Condition{ - handler.NewCond(IDPIDCol, e.IDPConfigID), + handler.NewCond(IDPIDCol, idpEvent.IDPConfigID), + handler.NewCond(IDPInstanceIDCol, idpEvent.Aggregate().InstanceID), + handler.NewCond(IDPRelationalOrgId, orgId), }, ), nil } diff --git a/internal/query/projection/idp_template_relational.go b/internal/query/projection/idp_template_relational.go index 1b4ff04800..c1a8ba7977 100644 --- a/internal/query/projection/idp_template_relational.go +++ b/internal/query/projection/idp_template_relational.go @@ -17,6 +17,7 @@ import ( ) const ( + IDPRelationalOrgId = "org_id" IDPRelationalAllowCreationCol = "allow_creation" IDPRelationalAllowLinkingCol = "allow_linking" IDPRelationalAllowAutoCreationCol = "allow_auto_creation" @@ -101,7 +102,7 @@ func (p *idpTemplateRelationalProjection) Reducers() []handler.AggregateReducer }, { Event: instance.JWTIDPAddedEventType, - Reduce: p.reduceJWTIDPReducedAdded, + Reduce: p.reduceJWTIDPRelationalAdded, }, { Event: instance.JWTIDPChangedEventType, @@ -191,51 +192,51 @@ func (p *idpTemplateRelationalProjection) Reducers() []handler.AggregateReducer // Event: instance.InstanceRemovedEventType, // Reduce: reduceInstanceRemovedHelper(IDPTemplateInstanceIDCol), // }, - // }, + }, + }, + { + Aggregate: org.AggregateType, + EventReducers: []handler.EventReducer{ + { + Event: org.OAuthIDPAddedEventType, + Reduce: p.reduceOAuthIDPRelationalAdded, + }, + { + Event: org.OAuthIDPChangedEventType, + Reduce: p.reduceOAuthIDPRelationalChanged, + }, + { + Event: org.OIDCIDPAddedEventType, + Reduce: p.reduceOIDCIDPRelationalAdded, + }, + { + Event: org.OIDCIDPChangedEventType, + Reduce: p.reduceOIDCIDPRelationalChanged, + }, + { + Event: org.OIDCIDPMigratedAzureADEventType, + Reduce: p.reduceOIDCIDPRelationalMigratedAzureAD, + }, + { + Event: org.OIDCIDPMigratedGoogleEventType, + Reduce: p.reduceOIDCIDPRelationalMigratedGoogle, + }, + { + Event: org.JWTIDPAddedEventType, + Reduce: p.reduceJWTIDPRelationalAdded, + }, + { + Event: org.JWTIDPChangedEventType, + Reduce: p.reduceJWTIDPRelationalChanged, + }, + // { + // Event: org.IDPConfigAddedEventType, + // Reduce: p.reduceOldConfigAdded, // }, // { - // Aggregate: org.AggregateType, - // EventReducers: []handler.EventReducer{ - // { - // Event: org.OAuthIDPAddedEventType, - // Reduce: p.reduceOAuthIDPAdded, - // }, - // { - // Event: org.OAuthIDPChangedEventType, - // Reduce: p.reduceOAuthIDPChanged, - // }, - // { - // Event: org.OIDCIDPAddedEventType, - // Reduce: p.reduceOIDCIDPAdded, - // }, - // { - // Event: org.OIDCIDPChangedEventType, - // Reduce: p.reduceOIDCIDPChanged, - // }, - // { - // Event: org.OIDCIDPMigratedAzureADEventType, - // Reduce: p.reduceOIDCIDPMigratedAzureAD, - // }, - // { - // Event: org.OIDCIDPMigratedGoogleEventType, - // Reduce: p.reduceOIDCIDPMigratedGoogle, - // }, - // { - // Event: org.JWTIDPAddedEventType, - // Reduce: p.reduceJWTIDPAdded, - // }, - // { - // Event: org.JWTIDPChangedEventType, - // Reduce: p.reduceJWTIDPChanged, - // }, - // { - // Event: org.IDPConfigAddedEventType, - // Reduce: p.reduceOldConfigAdded, - // }, - // { - // Event: org.IDPConfigChangedEventType, - // Reduce: p.reduceOldConfigChanged, - // }, + // Event: org.IDPConfigChangedEventType, + // Reduce: p.reduceOldConfigChanged, + // }, // { // Event: org.IDPOIDCConfigAddedEventType, // Reduce: p.reduceOldOIDCConfigAdded, @@ -252,58 +253,58 @@ func (p *idpTemplateRelationalProjection) Reducers() []handler.AggregateReducer // Event: org.IDPJWTConfigChangedEventType, // Reduce: p.reduceOldJWTConfigChanged, // }, - // { - // Event: org.AzureADIDPAddedEventType, - // Reduce: p.reduceAzureADIDPAdded, - // }, - // { - // Event: org.AzureADIDPChangedEventType, - // Reduce: p.reduceAzureADIDPChanged, - // }, - // { - // Event: org.GitHubIDPAddedEventType, - // Reduce: p.reduceGitHubIDPAdded, - // }, - // { - // Event: org.GitHubIDPChangedEventType, - // Reduce: p.reduceGitHubIDPChanged, - // }, - // { - // Event: org.GitHubEnterpriseIDPAddedEventType, - // Reduce: p.reduceGitHubEnterpriseIDPAdded, - // }, - // { - // Event: org.GitHubEnterpriseIDPChangedEventType, - // Reduce: p.reduceGitHubEnterpriseIDPChanged, - // }, - // { - // Event: org.GitLabIDPAddedEventType, - // Reduce: p.reduceGitLabIDPAdded, - // }, - // { - // Event: org.GitLabIDPChangedEventType, - // Reduce: p.reduceGitLabIDPChanged, - // }, - // { - // Event: org.GitLabSelfHostedIDPAddedEventType, - // Reduce: p.reduceGitLabSelfHostedIDPAdded, - // }, - // { - // Event: org.GitLabSelfHostedIDPChangedEventType, - // Reduce: p.reduceGitLabSelfHostedIDPChanged, - // }, - // { - // Event: org.GoogleIDPAddedEventType, - // Reduce: p.reduceGoogleIDPAdded, - // }, - // { - // Event: org.GoogleIDPChangedEventType, - // Reduce: p.reduceGoogleIDPChanged, - // }, - // { - // Event: org.LDAPIDPAddedEventType, - // Reduce: p.reduceLDAPIDPAdded, - // }, + { + Event: org.AzureADIDPAddedEventType, + Reduce: p.reduceAzureADIDPRelationalAdded, + }, + { + Event: org.AzureADIDPChangedEventType, + Reduce: p.reduceAzureADIDPRelationalChanged, + }, + { + Event: org.GitHubIDPAddedEventType, + Reduce: p.reduceGitHubIDPRelationalAdded, + }, + { + Event: org.GitHubIDPChangedEventType, + Reduce: p.reduceGitHubIDPRelationalChanged, + }, + { + Event: org.GitHubEnterpriseIDPAddedEventType, + Reduce: p.reduceGitHubEnterpriseIDPRelationalAdded, + }, + { + Event: org.GitHubEnterpriseIDPChangedEventType, + Reduce: p.reduceGitHubEnterpriseIDPRelationalChanged, + }, + { + Event: org.GitLabIDPAddedEventType, + Reduce: p.reduceGitLabIDPRelationalAdded, + }, + { + Event: org.GitLabIDPChangedEventType, + Reduce: p.reduceGitLabIDPRelationalChanged, + }, + { + Event: org.GitLabSelfHostedIDPAddedEventType, + Reduce: p.reduceGitLabSelfHostedIDPRelationalAdded, + }, + { + Event: org.GitLabSelfHostedIDPChangedEventType, + Reduce: p.reduceGitLabSelfHostedIDPRelationalChanged, + }, + { + Event: org.GoogleIDPAddedEventType, + Reduce: p.reduceGoogleIDPRelationalAdded, + }, + { + Event: org.GoogleIDPChangedEventType, + Reduce: p.reduceGoogleIDPRelationalChanged, + }, + // { + // Event: org.LDAPIDPAddedEventType, + // Reduce: p.reduceLDAPIDPAdded, + // }, // { // Event: org.LDAPIDPChangedEventType, // Reduce: p.reduceLDAPIDPChanged, @@ -368,11 +369,17 @@ func (p *idpTemplateRelationalProjection) reduceOAuthIDPRelationalAdded(event ev return nil, err } + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner + } + return handler.NewMultiStatement( &idpEvent, handler.AddCreateStatement( []handler.Column{ handler.NewCol(IDPTemplateIDCol, idpEvent.ID), + handler.NewCol(IDPRelationalOrgId, orgId), handler.NewCol(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID), handler.NewCol(IDPTemplateStateCol, db_domain.IDPStateActive.String()), handler.NewCol(IDPTemplateNameCol, idpEvent.Name), @@ -400,7 +407,12 @@ func (p *idpTemplateRelationalProjection) reduceOAuthIDPRelationalChanged(event return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Y1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.OAuthIDPChangedEventType, instance.OAuthIDPChangedEventType}) } - oauth, err := p.idpRepo.GetOAuth(context.Background(), p.idpRepo.IDCondition(idpEvent.ID), idpEvent.Agg.InstanceID, nil) + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner + } + + oauth, err := p.idpRepo.GetOAuth(context.Background(), p.idpRepo.IDCondition(idpEvent.ID), idpEvent.Agg.InstanceID, orgId) if err != nil { return nil, err } @@ -425,6 +437,7 @@ func (p *idpTemplateRelationalProjection) reduceOAuthIDPRelationalChanged(event []handler.Condition{ handler.NewCond(IDPTemplateIDCol, idpEvent.ID), handler.NewCond(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID), + handler.NewCond(IDPRelationalOrgId, orgId), }, ), ), nil @@ -451,13 +464,18 @@ func (p *idpTemplateRelationalProjection) reduceOIDCIDPRelationalAdded(event eve return nil, err } + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner + } + return handler.NewMultiStatement( &idpEvent, handler.AddCreateStatement( []handler.Column{ handler.NewCol(IDPTemplateIDCol, idpEvent.ID), - handler.NewCol(CreatedAt, idpEvent.CreationDate()), handler.NewCol(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID), + handler.NewCol(IDPRelationalOrgId, orgId), handler.NewCol(IDPTemplateStateCol, db_domain.IDPStateActive), handler.NewCol(IDPTemplateNameCol, idpEvent.Name), handler.NewCol(IDPTemplateTypeCol, db_domain.IDPTypeOIDC.String()), @@ -467,6 +485,7 @@ func (p *idpTemplateRelationalProjection) reduceOIDCIDPRelationalAdded(event eve handler.NewCol(IDPRelationalAllowAutoUpdateCol, idpEvent.IsAutoUpdate), handler.NewCol(IDPRelationalAllowAutoLinkingCol, db_domain.IDPAutoLinkingOption(idpEvent.AutoLinkingOption).String()), handler.NewCol(IDPRelationalPayloadCol, payload), + handler.NewCol(CreatedAt, idpEvent.CreationDate()), }, ), ), nil @@ -488,7 +507,12 @@ func (p *idpTemplateRelationalProjection) reduceOIDCIDPRelationalChanged(event e // return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.OIDCIDPChangedEventType, instance.OIDCIDPChangedEventType}) // } - oidc, err := p.idpRepo.GetOIDC(context.Background(), p.idpRepo.IDCondition(idpEvent.ID), idpEvent.Agg.InstanceID, nil) + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner + } + + oidc, err := p.idpRepo.GetOIDC(context.Background(), p.idpRepo.IDCondition(idpEvent.ID), idpEvent.Agg.InstanceID, orgId) if err != nil { return nil, err } @@ -513,6 +537,7 @@ func (p *idpTemplateRelationalProjection) reduceOIDCIDPRelationalChanged(event e []handler.Condition{ handler.NewCond(IDPTemplateIDCol, idpEvent.ID), handler.NewCond(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID), + handler.NewCond(IDPRelationalOrgId, orgId), }, ), ), nil @@ -547,6 +572,11 @@ func (p *idpTemplateRelationalProjection) reduceOIDCIDPRelationalMigratedAzureAD return nil, err } + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner + } + return handler.NewMultiStatement( &idpEvent, handler.AddUpdateStatement( @@ -563,6 +593,7 @@ func (p *idpTemplateRelationalProjection) reduceOIDCIDPRelationalMigratedAzureAD []handler.Condition{ handler.NewCond(IDPTemplateIDCol, idpEvent.ID), handler.NewCond(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID), + handler.NewCond(IDPRelationalOrgId, orgId), }, ), ), nil @@ -595,6 +626,11 @@ func (p *idpTemplateRelationalProjection) reduceOIDCIDPRelationalMigratedGoogle( return nil, err } + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner + } + return handler.NewMultiStatement( &idpEvent, handler.AddUpdateStatement( @@ -611,12 +647,13 @@ func (p *idpTemplateRelationalProjection) reduceOIDCIDPRelationalMigratedGoogle( []handler.Condition{ handler.NewCond(IDPTemplateIDCol, idpEvent.ID), handler.NewCond(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID), + handler.NewCond(IDPRelationalOrgId, orgId), }, ), ), nil } -func (p *idpTemplateRelationalProjection) reduceJWTIDPReducedAdded(event eventstore.Event) (*handler.Statement, error) { +func (p *idpTemplateRelationalProjection) reduceJWTIDPRelationalAdded(event eventstore.Event) (*handler.Statement, error) { var idpEvent idp.JWTIDPAddedEvent switch e := event.(type) { case *org.JWTIDPAddedEvent: @@ -644,14 +681,20 @@ func (p *idpTemplateRelationalProjection) reduceJWTIDPReducedAdded(event eventst return nil, err } + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner + } + return handler.NewMultiStatement( &idpEvent, handler.AddCreateStatement( []handler.Column{ handler.NewCol(IDPTemplateIDCol, idpEvent.ID), handler.NewCol(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID), - handler.NewCol(IDPTemplateStateCol, db_domain.IDPStateActive.String()), + handler.NewCol(IDPRelationalOrgId, orgId), handler.NewCol(IDPTemplateNameCol, idpEvent.Name), + handler.NewCol(IDPTemplateStateCol, db_domain.IDPStateActive.String()), handler.NewCol(IDPTemplateTypeCol, db_domain.IDPTypeJWT.String()), handler.NewCol(IDPRelationalAllowCreationCol, idpEvent.IsCreationAllowed), handler.NewCol(IDPRelationalAllowLinkingCol, idpEvent.IsLinkingAllowed), @@ -680,8 +723,12 @@ func (p *idpTemplateRelationalProjection) reduceJWTIDPRelationalChanged(event ev // if !ok { // return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.JWTIDPChangedEventType, instance.JWTIDPChangedEventType}) // } + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner + } - jwt, err := p.idpRepo.GetJWT(context.Background(), p.idpRepo.IDCondition(idpEvent.ID), idpEvent.Agg.InstanceID, nil) + jwt, err := p.idpRepo.GetJWT(context.Background(), p.idpRepo.IDCondition(idpEvent.ID), idpEvent.Agg.InstanceID, orgId) if err != nil { return nil, err } @@ -706,6 +753,7 @@ func (p *idpTemplateRelationalProjection) reduceJWTIDPRelationalChanged(event ev []handler.Condition{ handler.NewCond(IDPTemplateIDCol, idpEvent.ID), handler.NewCond(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID), + handler.NewCond(IDPRelationalOrgId, orgId), }, ), ), nil @@ -999,12 +1047,18 @@ func (p *idpTemplateRelationalProjection) reduceAzureADIDPRelationalAdded(event return nil, err } + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner + } + return handler.NewMultiStatement( &idpEvent, handler.AddCreateStatement( []handler.Column{ handler.NewCol(IDPTemplateIDCol, idpEvent.ID), handler.NewCol(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID), + handler.NewCol(IDPRelationalOrgId, orgId), handler.NewCol(IDPTemplateNameCol, idpEvent.Name), handler.NewCol(IDPTemplateTypeCol, db_domain.IDPTypeAzure.String()), handler.NewCol(IDPTemplateStateCol, db_domain.IDPStateActive.String()), @@ -1035,8 +1089,12 @@ func (p *idpTemplateRelationalProjection) reduceAzureADIDPRelationalChanged(even // if !ok { // return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.AzureADIDPChangedEventType, instance.AzureADIDPChangedEventType}) // } + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner + } - oauth, err := p.idpRepo.GetOAzureAD(context.Background(), p.idpRepo.IDCondition(idpEvent.ID), idpEvent.Agg.InstanceID, nil) + oauth, err := p.idpRepo.GetOAzureAD(context.Background(), p.idpRepo.IDCondition(idpEvent.ID), idpEvent.Agg.InstanceID, orgId) if err != nil { return nil, err } @@ -1061,6 +1119,7 @@ func (p *idpTemplateRelationalProjection) reduceAzureADIDPRelationalChanged(even []handler.Condition{ handler.NewCond(IDPTemplateIDCol, idpEvent.ID), handler.NewCond(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID), + handler.NewCond(IDPRelationalOrgId, orgId), }, ), ), nil @@ -1093,12 +1152,18 @@ func (p *idpTemplateRelationalProjection) reduceGitHubIDPRelationalAdded(event e return nil, err } + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner + } + return handler.NewMultiStatement( &idpEvent, handler.AddCreateStatement( []handler.Column{ handler.NewCol(IDPTemplateIDCol, idpEvent.ID), handler.NewCol(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID), + handler.NewCol(IDPRelationalOrgId, orgId), handler.NewCol(IDPTemplateNameCol, idpEvent.Name), handler.NewCol(IDPTemplateTypeCol, db_domain.IDPTypeGitHub.String()), handler.NewCol(IDPTemplateStateCol, db_domain.IDPStateActive.String()), @@ -1162,8 +1227,12 @@ func (p *idpTemplateRelationalProjection) reduceGitHubIDPRelationalChanged(event // if !ok { // return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitHubIDPChangedEventType, instance.GitHubIDPChangedEventType}) // } + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner + } - github, err := p.idpRepo.GetGithub(context.Background(), p.idpRepo.IDCondition(idpEvent.ID), idpEvent.Agg.InstanceID, nil) + github, err := p.idpRepo.GetGithub(context.Background(), p.idpRepo.IDCondition(idpEvent.ID), idpEvent.Agg.InstanceID, orgId) if err != nil { return nil, err } @@ -1188,6 +1257,7 @@ func (p *idpTemplateRelationalProjection) reduceGitHubIDPRelationalChanged(event []handler.Condition{ handler.NewCond(IDPTemplateIDCol, idpEvent.ID), handler.NewCond(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID), + handler.NewCond(IDPRelationalOrgId, orgId), }, ), ), nil @@ -1223,12 +1293,18 @@ func (p *idpTemplateRelationalProjection) reduceGitHubEnterpriseIDPRelationalAdd return nil, err } + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner + } + return handler.NewMultiStatement( &idpEvent, handler.AddCreateStatement( []handler.Column{ handler.NewCol(IDPTemplateIDCol, idpEvent.ID), handler.NewCol(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID), + handler.NewCol(IDPRelationalOrgId, orgId), handler.NewCol(IDPTemplateStateCol, db_domain.IDPStateActive.String()), handler.NewCol(IDPTemplateNameCol, idpEvent.Name), handler.NewCol(IDPTemplateTypeCol, db_domain.IDPTypeGitHubEnterprise.String()), @@ -1259,8 +1335,12 @@ func (p *idpTemplateRelationalProjection) reduceGitHubEnterpriseIDPRelationalCha // if !ok { // return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-SDg3g", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitHubEnterpriseIDPChangedEventType, instance.GitHubEnterpriseIDPChangedEventType}) // } + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner + } - githubEnterprise, err := p.idpRepo.GetGithubEnterprise(context.Background(), p.idpRepo.IDCondition(idpEvent.ID), idpEvent.Agg.InstanceID, nil) + githubEnterprise, err := p.idpRepo.GetGithubEnterprise(context.Background(), p.idpRepo.IDCondition(idpEvent.ID), idpEvent.Agg.InstanceID, orgId) if err != nil { return nil, err } @@ -1285,6 +1365,7 @@ func (p *idpTemplateRelationalProjection) reduceGitHubEnterpriseIDPRelationalCha []handler.Condition{ handler.NewCond(IDPTemplateIDCol, idpEvent.ID), handler.NewCond(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID), + handler.NewCond(IDPRelationalOrgId, orgId), }, ), ), nil @@ -1317,12 +1398,18 @@ func (p *idpTemplateRelationalProjection) reduceGitLabIDPRelationalAdded(event e return nil, err } + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner + } + return handler.NewMultiStatement( &idpEvent, handler.AddCreateStatement( []handler.Column{ handler.NewCol(IDPTemplateIDCol, idpEvent.ID), handler.NewCol(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID), + handler.NewCol(IDPRelationalOrgId, orgId), handler.NewCol(IDPTemplateNameCol, idpEvent.Name), handler.NewCol(IDPTemplateTypeCol, db_domain.IDPTypeGitLab.String()), handler.NewCol(IDPTemplateStateCol, db_domain.IDPStateActive.String()), @@ -1353,8 +1440,12 @@ func (p *idpTemplateRelationalProjection) reduceGitLabIDPRelationalChanged(event // if !ok { // return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitLabIDPChangedEventType, instance.GitLabIDPChangedEventType}) // } + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner + } - oauth, err := p.idpRepo.GetGitlab(context.Background(), p.idpRepo.IDCondition(idpEvent.ID), idpEvent.Agg.InstanceID, nil) + oauth, err := p.idpRepo.GetGitlab(context.Background(), p.idpRepo.IDCondition(idpEvent.ID), idpEvent.Agg.InstanceID, orgId) if err != nil { return nil, err } @@ -1379,6 +1470,7 @@ func (p *idpTemplateRelationalProjection) reduceGitLabIDPRelationalChanged(event []handler.Condition{ handler.NewCond(IDPTemplateIDCol, idpEvent.ID), handler.NewCond(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID), + handler.NewCond(IDPRelationalOrgId, orgId), }, ), ), nil @@ -1412,12 +1504,18 @@ func (p *idpTemplateRelationalProjection) reduceGitLabSelfHostedIDPRelationalAdd return nil, err } + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner + } + return handler.NewMultiStatement( &idpEvent, handler.AddCreateStatement( []handler.Column{ handler.NewCol(IDPTemplateIDCol, idpEvent.ID), handler.NewCol(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID), + handler.NewCol(IDPRelationalOrgId, orgId), handler.NewCol(IDPTemplateNameCol, idpEvent.Name), handler.NewCol(IDPTemplateTypeCol, db_domain.IDPTypeGitLabSelfHosted.String()), handler.NewCol(IDPTemplateStateCol, db_domain.IDPStateActive.String()), @@ -1448,8 +1546,12 @@ func (p *idpTemplateRelationalProjection) reduceGitLabSelfHostedIDPRelationalCha // if !ok { // return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-SAf3g2", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitLabSelfHostedIDPChangedEventType, instance.GitLabSelfHostedIDPChangedEventType}) // } + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner + } - gitlabSelfHosted, err := p.idpRepo.GetGitlabSelfHosting(context.Background(), p.idpRepo.IDCondition(idpEvent.ID), idpEvent.Agg.InstanceID, nil) + gitlabSelfHosted, err := p.idpRepo.GetGitlabSelfHosting(context.Background(), p.idpRepo.IDCondition(idpEvent.ID), idpEvent.Agg.InstanceID, orgId) if err != nil { return nil, err } @@ -1474,6 +1576,7 @@ func (p *idpTemplateRelationalProjection) reduceGitLabSelfHostedIDPRelationalCha []handler.Condition{ handler.NewCond(IDPTemplateIDCol, idpEvent.ID), handler.NewCond(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID), + handler.NewCond(IDPRelationalOrgId, orgId), }, ), ), nil @@ -1535,12 +1638,17 @@ func (p *idpTemplateRelationalProjection) reduceGoogleIDPRelationalAdded(event e return nil, err } + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner + } return handler.NewMultiStatement( &idpEvent, handler.AddCreateStatement( []handler.Column{ handler.NewCol(IDPTemplateIDCol, idpEvent.ID), handler.NewCol(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID), + handler.NewCol(IDPRelationalOrgId, orgId), handler.NewCol(IDPTemplateNameCol, idpEvent.Name), handler.NewCol(IDPTemplateTypeCol, db_domain.IDPTypeGoogle.String()), handler.NewCol(IDPTemplateStateCol, db_domain.IDPStateActive.String()), @@ -1571,8 +1679,12 @@ func (p *idpTemplateRelationalProjection) reduceGoogleIDPRelationalChanged(event // if !ok { // return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.GoogleIDPChangedEventType, instance.GoogleIDPChangedEventType}) // } + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner + } - oauth, err := p.idpRepo.GetGoogle(context.Background(), p.idpRepo.IDCondition(idpEvent.ID), idpEvent.Agg.InstanceID, nil) + oauth, err := p.idpRepo.GetGoogle(context.Background(), p.idpRepo.IDCondition(idpEvent.ID), idpEvent.Agg.InstanceID, orgId) if err != nil { return nil, err } @@ -1597,6 +1709,7 @@ func (p *idpTemplateRelationalProjection) reduceGoogleIDPRelationalChanged(event []handler.Condition{ handler.NewCond(IDPTemplateIDCol, idpEvent.ID), handler.NewCond(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID), + handler.NewCond(IDPRelationalOrgId, orgId), }, ), ), nil