fix(queries): password age policy (#2418)

* job queue

* wg improvements

* start handler

* statement

* statements

* imporve handler

* improve statement

* statement in seperate file

* move handlers

* move query/old to query

* handler

* read models

* bulk works

* cleanup

* contrib

* rename readmodel to projection

* rename read_models schema to projections

* rename read_models schema to projections

* search query as func,
bulk iterates as long as new events

* add event sequence less query

* update checks for events between current sequence and sequence of first statement if it has previous sequence 0

* cleanup crdb projection

* refactor projection handler

* start with testing

* tests for handler

* remove todo

* refactor statement: remove table name,
add tests

* improve projection handler shutdown,
no savepoint if noop stmt,
tests for stmt handler

* tests

* start failed events

* seperate branch for contrib

* move statement constructors to crdb pkg

* correct import

* Subscribe for eventtypes (#1800)

* fix: is default (#1737)

* fix: use email as username on global org (#1738)

* fix: use email as username on global org

* Update user_human.go

* Update register_handler.go

* chore(deps): update docusaurus (#1739)

* chore: remove PAT and use GH Token (#1716)

* chore: remove PAT and use GH Token

* fix env

* fix env

* fix env

* md lint

* trigger ci

* change user

* fix GH bug

* replace login part

* chore: add GH Token to sem rel (#1746)

* chore: add GH Token to sem rel

* try branch

* add GH Token

* remove test branch again

* docs: changes acme to acme-caos (#1744)

* changes acme to acme-caos

* Apply suggestions from code review

Co-authored-by: Florian Forster <florian@caos.ch>

Co-authored-by: Maximilian Panne <maximilian.panne@gmail.com>
Co-authored-by: Florian Forster <florian@caos.ch>

* feat: add additional origins on applications (#1691)

* feat: add additional origins on applications

* app additional redirects

* chore(deps-dev): bump @angular/cli from 11.2.8 to 11.2.11 in /console (#1706)

* fix: show org with regex (#1688)

* fix: flag mapping (#1699)

* chore(deps-dev): bump @angular/cli from 11.2.8 to 11.2.11 in /console

Bumps [@angular/cli](https://github.com/angular/angular-cli) from 11.2.8 to 11.2.11.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/compare/v11.2.8...v11.2.11)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump stylelint from 13.10.0 to 13.13.1 in /console (#1703)

* fix: show org with regex (#1688)

* fix: flag mapping (#1699)

* chore(deps-dev): bump stylelint from 13.10.0 to 13.13.1 in /console

Bumps [stylelint](https://github.com/stylelint/stylelint) from 13.10.0 to 13.13.1.
- [Release notes](https://github.com/stylelint/stylelint/releases)
- [Changelog](https://github.com/stylelint/stylelint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/stylelint/stylelint/compare/13.10.0...13.13.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump @types/node from 14.14.37 to 15.0.1 in /console (#1702)

* fix: show org with regex (#1688)

* fix: flag mapping (#1699)

* chore(deps-dev): bump @types/node from 14.14.37 to 15.0.1 in /console

Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 14.14.37 to 15.0.1.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump ts-protoc-gen from 0.14.0 to 0.15.0 in /console (#1701)

* fix: show org with regex (#1688)

* fix: flag mapping (#1699)

* chore(deps): bump ts-protoc-gen from 0.14.0 to 0.15.0 in /console

Bumps [ts-protoc-gen](https://github.com/improbable-eng/ts-protoc-gen) from 0.14.0 to 0.15.0.
- [Release notes](https://github.com/improbable-eng/ts-protoc-gen/releases)
- [Changelog](https://github.com/improbable-eng/ts-protoc-gen/blob/master/CHANGELOG.md)
- [Commits](https://github.com/improbable-eng/ts-protoc-gen/compare/0.14.0...0.15.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump @types/jasmine from 3.6.9 to 3.6.10 in /console (#1682)

Bumps [@types/jasmine](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jasmine) from 3.6.9 to 3.6.10.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jasmine)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump @types/google-protobuf in /console (#1681)

Bumps [@types/google-protobuf](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/google-protobuf) from 3.7.4 to 3.15.2.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/google-protobuf)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump grpc from 1.24.5 to 1.24.7 in /console (#1666)

Bumps [grpc](https://github.com/grpc/grpc-node) from 1.24.5 to 1.24.7.
- [Release notes](https://github.com/grpc/grpc-node/releases)
- [Commits](https://github.com/grpc/grpc-node/compare/grpc@1.24.5...grpc@1.24.7)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* lock

* chore(deps-dev): bump @angular/language-service from 11.2.9 to 11.2.12 in /console (#1704)

* fix: show org with regex (#1688)

* fix: flag mapping (#1699)

* chore(deps-dev): bump @angular/language-service in /console

Bumps [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service) from 11.2.9 to 11.2.12.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/master/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/11.2.12/packages/language-service)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* package lock

* downgrade grpc

* downgrade protobuf types

* revert npm packs 🥸

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Silvan <silvan.reusser@gmail.com>

* docs: update run and start section texts (#1745)

* update run and start section texts

* adds showcase

Co-authored-by: Maximilian Panne <maximilian.panne@gmail.com>

* fix: additional origin list (#1753)

* fix: handle api configs in authz handler (#1755)

* fix(console): add model for api keys, fix toast, binding (#1757)

* fix: add model for api keys, fix toast, binding

* show api clientid

* fix: missing patchvalue (#1758)

* feat: refresh token (#1728)

* begin refresh tokens

* refresh tokens

* list and revoke refresh tokens

* handle remove

* tests for refresh tokens

* uniqueness and default expiration

* rename oidc token methods

* cleanup

* migration version

* Update internal/static/i18n/en.yaml

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* fixes

* feat: update oidc pkg for refresh tokens

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* fix: correct json name of clientId in key.json (#1760)

* fix: migration version (#1767)

* start subscription

* eventtypes

* fix(login): links (#1778)

* fix(login): href for help

* fix(login): correct link to tos

* fix: access tokens for service users and refresh token infos (#1779)

* fix: access token for service user

* handle info from refresh request

* uniqueness

* postpone access token uniqueness change

* chore(coc): recommend code of conduct (#1782)

* subscribe for events

* feat(console): refresh toggle out of granttype context (#1785)

* refresh toggle

* disable if not code flow, lint

* lint

* fix: change oidc config order

* accept refresh option within flow

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix: refresh token activation (#1795)

* fix: oidc grant type check

* docs: add offline_access scope

* docs: update refresh token status in supported grant types

* fix: update oidc pkg

* fix: check refresh token grant type (#1796)

* configuration structs

* org admins

* failed events

* fixes

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: mffap <mpa@caos.ch>
Co-authored-by: Maximilian Panne <maximilian.panne@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* remove comment

* aggregate reducer

* remove eventtypes

* add protoc-get-validate to mod

* fix transaltion

* upsert

* add gender on org admins,
allow to retry failed stmts after configurable time

* remove if

* sub queries

* fix: tests

* add builder to tests

* new search query

* rename searchquerybuilder to builder

* remove comment from code

* test with multiple queries

* add filters test

* current sequences

* make org and org_admins work again

* add aggregate type to current sequence

* fix(contibute): listing

* add validate module

* fix: search queries

* feat(eventstore): previous aggregate root sequence (#1810)

* feat(eventstore): previous aggregate root sequence

* fix tests

* fix: eventstore v1 test

* add col to all mocked rows

* next try

* fix mig

* rename aggregate root to aggregate type

* update comment

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* small refactorings

* allow update multiple current sequences

* unique log id

* fix migrations

* rename org admin to org owner

* improve error handling and logging

* fix(migration): optimize prev agg root seq

* fix: projection handler test

* fix: sub queries

* small fixes

* additional event types

* correct org owner projection

* fix primary key

* feat(eventstore): jobs for projections (#2026)

* fix: template names in login (#1974)

* fix: template names in login

* fix: error.html

* fix: check for features on mgmt only (#1976)

* fix: add sentry in ui, http and projection handlers (#1977)

* fix: add sentry in ui, http and projection handlers

* fix test

* fix(eventstore): sub queries (#1805)

* sub queries

* fix: tests

* add builder to tests

* new search query

* rename searchquerybuilder to builder

* remove comment from code

* test with multiple queries

* add filters test

* fix(contibute): listing

* add validate module

* fix: search queries

* remove unused event type in query

* ignore query if error in marshal

* go mod tidy

* update privacy policy query

* update queries

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* feat: Extend oidc idp with oauth endpoints (#1980)

* feat: add oauth attributes to oidc idp configuration

* feat: return idpconfig id on create idp

* feat: tests

* feat: descriptions

* feat: docs

* feat: tests

* docs: update to beta 3 (#1984)

* fix: role assertion (#1986)

* fix: enum to display access token role assertion

* improve assertion descriptions

* fix nil pointer

* docs: eventstore (#1982)

* docs: eventstore

* Apply suggestions from code review

Co-authored-by: Florian Forster <florian@caos.ch>

Co-authored-by: Florian Forster <florian@caos.ch>

* fix(sentry): trigger sentry release (#1989)

* feat(send sentry release): send sentry release

* fix(moved step and added releasetag): moved step and added releasetag

* fix: set version for sentry release (#1990)

* feat(send sentry release): send sentry release

* fix(moved step and added releasetag): moved step and added releasetag

* fix(corrected var name): corrected var name

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix: log error reason on terminate session (#1973)

* fix: return default language file, if requested lang does not exist for default login texts (#1988)

* fix: return default language file, if requested lang doesnt exists

* feat: read default translation file

* feat: docs

* fix: race condition in auth request unmarshalling (#1993)

* feat: handle ui_locales in login (#1994)

* fix: handle ui_locales in login

* move supportedlanguage func into i18n package

* update oidc pkg

* fix: handle closed channels on unsubscribe (#1995)

* fix: give restore more time (#1997)

* fix: translation file read (#2009)

* feat: translation file read

* feat: readme

* fix: enable idp add button for iam users (#2010)

* fix: filter event_data (#2011)

* feat: Custom message files (#1992)

* feat: add get custom message text to admin api

* feat: read custom message texts from files

* feat: get languages in apis

* feat: get languages in apis

* feat: get languages in apis

* feat: pr feedback

* feat: docs

* feat: merge main

* fix: sms notification (#2013)

* fix: phone verifications

* feat: fix password reset as sms

* fix: phone verification

* fix: grpc status in sentry and validation interceptors (#2012)

* fix: remove oauth endpoints from oidc config proto (#2014)

* try with view

* fix(console): disable sw (#2021)

* fix: disable sw

* angular.json disable sw

* project projections

* fix typos

* customize projections

* customizable projections,
add change date to projects

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: mffap <mpa@caos.ch>
Co-authored-by: Christian Jakob <47860090+thesephirot@users.noreply.github.com>
Co-authored-by: Elio Bischof <eliobischof@gmail.com>

* env file

* typo

* correct users

* correct migration

* fix: merge fail

* fix test

* fix(tests): unordered matcher

* improve currentSequenceMatcher

* correct certs

* correct certs

* add zitadel database on database list

* refctor switch in match

* enable all handlers

* Delete io.env

* cleanup

* add handlers

* rename view to projection

* rename view to projection

* fix type typo

* remove unnecessary logs

* refactor stmts

* simplify interval calculation

* fix tests

* fix unlock test

* fix migration

* migs

* fix(operator): update cockroach and flyway versions (#2138)

* chore(deps): bump k8s.io/apiextensions-apiserver from 0.19.2 to 0.21.3

Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) from 0.19.2 to 0.21.3.
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases)
- [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.19.2...v0.21.3)

---
updated-dependencies:
- dependency-name: k8s.io/apiextensions-apiserver
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): bump google.golang.org/api from 0.34.0 to 0.52.0

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.34.0 to 0.52.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.34.0...v0.52.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* start update dependencies

* update mods and otlp

* fix(build): update to go 1.16

* old version for k8s mods

* update k8s versions

* update orbos

* fix(operator): update cockroach and flyway version

* Update images.go

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stefan Benz <stefan@caos.ch>

* fix import

* fix typo

* fix(migration): add org projection

* fix(projection): correct table for org events in org owners

* better insert stmt

* fix typo

* fix typo

* set max connection lifetime

* set max conns and conn lifetime in eventstore v1

* configure sql connection settings

* add mig for agg type index

* fix replace tab in yaml

* handler interfaces

* subscription

* first try

* handler

* move sql client initialization

* first part implemented

* removed all occurencies of org by id and search orgs

* fix merge issues

* cleanup code

* fix: queries implements orgviewprovider

* cleanup

* refactor text comparison

* remove unused file

* remove unused code

* log

* remove unused code

* remove unused field

* remove unused file

* refactor

* tests for search query

* remove try

* simplify state change mappers

* projection tests

* query functions

* move reusable objects to separate files

* rename domain column to primar_domain

* fix tests

* add current sequence

* remove log prints

* fix tests

* fix: verifier

* fix test

* rename domain col migrations

* simplify search response

* add custom column constructors

* fix: org projection table const

* fix: full column name

* feat: text query extension

* fix: tests for query

* number query

* add deprection message

* projection

* correct migration

* projection

* column in a single place (#2416)

* column in a single place

* use projection for columns

* query column with aliases

* rename methods

* remove unused code

* column for current sequences

* global counter column

* fix is org unique

* query

* fix wrong code

* remove unused code

* query

* remove unused code

* remove unused code

* remove unused code

* remove unused code

* tests

* tests

* fix: tests

* migrations

* fixes

* errors

* fix test

* add converter option

* fix(auth-repo): add queries to struct

* error messages

* rename method,
correct log message

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: mffap <mpa@caos.ch>
Co-authored-by: Maximilian Panne <maximilian.panne@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Christian Jakob <47860090+thesephirot@users.noreply.github.com>
Co-authored-by: Elio Bischof <eliobischof@gmail.com>
Co-authored-by: Stefan Benz <stefan@caos.ch>
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
This commit is contained in:
Silvan 2021-10-20 15:02:58 +02:00 committed by GitHub
parent b3867fa637
commit 9571dc51db
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
28 changed files with 525 additions and 618 deletions

View File

@ -167,32 +167,6 @@ func (repo *IAMRepository) SearchDefaultIDPProviders(ctx context.Context, reques
return result, nil
}
func (repo *IAMRepository) GetDefaultPasswordAgePolicy(ctx context.Context) (*iam_model.PasswordAgePolicyView, error) {
policy, viewErr := repo.View.PasswordAgePolicyByAggregateID(repo.SystemDefaults.IamID)
if viewErr != nil && !caos_errs.IsNotFound(viewErr) {
return nil, viewErr
}
if caos_errs.IsNotFound(viewErr) {
policy = new(iam_es_model.PasswordAgePolicyView)
}
events, esErr := repo.getIAMEvents(ctx, policy.Sequence)
if caos_errs.IsNotFound(viewErr) && len(events) == 0 {
return nil, caos_errs.ThrowNotFound(nil, "EVENT-vMyS3", "Errors.IAM.PasswordAgePolicy.NotFound")
}
if esErr != nil {
logging.Log("EVENT-3M0xs").WithError(esErr).Debug("error retrieving new events")
return iam_es_model.PasswordAgeViewToModel(policy), nil
}
policyCopy := *policy
for _, event := range events {
if err := policyCopy.AppendEvent(event); err != nil {
return iam_es_model.PasswordAgeViewToModel(policy), nil
}
}
return iam_es_model.PasswordAgeViewToModel(policy), nil
}
func (repo *IAMRepository) GetDefaultLockoutPolicy(ctx context.Context) (*iam_model.LockoutPolicyView, error) {
policy, viewErr := repo.View.LockoutPolicyByAggregateID(repo.SystemDefaults.IamID)
if viewErr != nil && !caos_errs.IsNotFound(viewErr) {

View File

@ -45,8 +45,6 @@ func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, es
newUser(
handler{view, bulkLimit, configs.cycleDuration("User"), errorCount, es},
defaults),
newPasswordAgePolicy(
handler{view, bulkLimit, configs.cycleDuration("PasswordAgePolicy"), errorCount, es}),
newLockoutPolicy(
handler{view, bulkLimit, configs.cycleDuration("LockoutPolicy"), errorCount, es}),
newOrgIAMPolicy(

View File

@ -1,111 +0,0 @@
package handler
import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore/v1"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/eventstore/v1/query"
"github.com/caos/zitadel/internal/eventstore/v1/spooler"
iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
const (
passwordAgePolicyTable = "adminapi.password_age_policies"
)
type PasswordAgePolicy struct {
handler
subscription *v1.Subscription
}
func newPasswordAgePolicy(handler handler) *PasswordAgePolicy {
h := &PasswordAgePolicy{
handler: handler,
}
h.subscribe()
return h
}
func (p *PasswordAgePolicy) subscribe() {
p.subscription = p.es.Subscribe(p.AggregateTypes()...)
go func() {
for event := range p.subscription.Events {
query.ReduceEvent(p, event)
}
}()
}
func (p *PasswordAgePolicy) ViewModel() string {
return passwordAgePolicyTable
}
func (p *PasswordAgePolicy) Subscription() *v1.Subscription {
return p.subscription
}
func (p *PasswordAgePolicy) AggregateTypes() []es_models.AggregateType {
return []es_models.AggregateType{model.OrgAggregate, iam_es_model.IAMAggregate}
}
func (p *PasswordAgePolicy) CurrentSequence() (uint64, error) {
sequence, err := p.view.GetLatestPasswordAgePolicySequence()
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (p *PasswordAgePolicy) EventQuery() (*es_models.SearchQuery, error) {
sequence, err := p.view.GetLatestPasswordAgePolicySequence()
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(p.AggregateTypes()...).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
func (p *PasswordAgePolicy) Reduce(event *es_models.Event) (err error) {
switch event.AggregateType {
case model.OrgAggregate, iam_es_model.IAMAggregate:
err = p.processPasswordAgePolicy(event)
}
return err
}
func (p *PasswordAgePolicy) processPasswordAgePolicy(event *es_models.Event) (err error) {
policy := new(iam_model.PasswordAgePolicyView)
switch event.Type {
case iam_es_model.PasswordAgePolicyAdded, model.PasswordAgePolicyAdded:
err = policy.AppendEvent(event)
case iam_es_model.PasswordAgePolicyChanged, model.PasswordAgePolicyChanged:
policy, err = p.view.PasswordAgePolicyByAggregateID(event.AggregateID)
if err != nil {
return err
}
err = policy.AppendEvent(event)
case model.PasswordAgePolicyRemoved:
return p.view.DeletePasswordAgePolicy(event.AggregateID, event)
default:
return p.view.ProcessedPasswordAgePolicySequence(event)
}
if err != nil {
return err
}
return p.view.PutPasswordAgePolicy(policy, event)
}
func (p *PasswordAgePolicy) OnError(event *es_models.Event, err error) error {
logging.LogWithFields("SPOOL-nD8sie", "id", event.AggregateID).WithError(err).Warn("something went wrong in passwordAge policy handler")
return spooler.HandleError(event, err, p.view.GetLatestPasswordAgePolicyFailedEvent, p.view.ProcessedPasswordAgePolicyFailedEvent, p.view.ProcessedPasswordAgePolicySequence, p.errorCountUntilSkip)
}
func (p *PasswordAgePolicy) OnSuccess() error {
return spooler.HandleSuccess(p.view.UpdateProcessedPasswordAgePolicySpoolerRunTimestamp)
}

View File

@ -1,53 +0,0 @@
package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/iam/repository/view"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_view "github.com/caos/zitadel/internal/view/repository"
)
const (
passwordAgePolicyTable = "adminapi.password_age_policies"
)
func (v *View) PasswordAgePolicyByAggregateID(aggregateID string) (*model.PasswordAgePolicyView, error) {
return view.GetPasswordAgePolicyByAggregateID(v.Db, passwordAgePolicyTable, aggregateID)
}
func (v *View) PutPasswordAgePolicy(policy *model.PasswordAgePolicyView, event *models.Event) error {
err := view.PutPasswordAgePolicy(v.Db, passwordAgePolicyTable, policy)
if err != nil {
return err
}
return v.ProcessedPasswordAgePolicySequence(event)
}
func (v *View) DeletePasswordAgePolicy(aggregateID string, event *models.Event) error {
err := view.DeletePasswordAgePolicy(v.Db, passwordAgePolicyTable, aggregateID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedPasswordAgePolicySequence(event)
}
func (v *View) GetLatestPasswordAgePolicySequence() (*global_view.CurrentSequence, error) {
return v.latestSequence(passwordAgePolicyTable)
}
func (v *View) ProcessedPasswordAgePolicySequence(event *models.Event) error {
return v.saveCurrentSequence(passwordAgePolicyTable, event)
}
func (v *View) UpdateProcessedPasswordAgePolicySpoolerRunTimestamp() error {
return v.updateSpoolerRunSequence(passwordAgePolicyTable)
}
func (v *View) GetLatestPasswordAgePolicyFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
return v.latestFailedEvent(passwordAgePolicyTable, sequence)
}
func (v *View) ProcessedPasswordAgePolicyFailedEvent(failedEvent *global_view.FailedEvent) error {
return v.saveFailedEvent(failedEvent)
}

View File

@ -35,8 +35,6 @@ type IAMRepository interface {
GetDefaultLoginTexts(ctx context.Context, lang string) (*domain.CustomLoginText, error)
GetCustomLoginTexts(ctx context.Context, lang string) (*domain.CustomLoginText, error)
GetDefaultPasswordAgePolicy(ctx context.Context) (*iam_model.PasswordAgePolicyView, error)
GetDefaultLockoutPolicy(ctx context.Context) (*iam_model.LockoutPolicyView, error)
GetDefaultPrivacyPolicy(ctx context.Context) (*iam_model.PrivacyPolicyView, error)

View File

@ -9,7 +9,7 @@ import (
)
func (s *Server) GetPasswordAgePolicy(ctx context.Context, req *admin_pb.GetPasswordAgePolicyRequest) (*admin_pb.GetPasswordAgePolicyResponse, error) {
policy, err := s.iam.GetDefaultPasswordAgePolicy(ctx)
policy, err := s.query.DefaultPasswordAgePolicy(ctx)
if err != nil {
return nil, err
}

View File

@ -2,6 +2,7 @@ package management
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/api/grpc/object"
policy_grpc "github.com/caos/zitadel/internal/api/grpc/policy"
@ -9,18 +10,18 @@ import (
)
func (s *Server) GetPasswordAgePolicy(ctx context.Context, req *mgmt_pb.GetPasswordAgePolicyRequest) (*mgmt_pb.GetPasswordAgePolicyResponse, error) {
policy, err := s.org.GetPasswordAgePolicy(ctx)
policy, err := s.query.PasswordAgePolicyByOrg(ctx, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.GetPasswordAgePolicyResponse{
Policy: policy_grpc.ModelPasswordAgePolicyToPb(policy),
IsDefault: policy.Default,
IsDefault: policy.IsDefault,
}, nil
}
func (s *Server) GetDefaultPasswordAgePolicy(ctx context.Context, req *mgmt_pb.GetDefaultPasswordAgePolicyRequest) (*mgmt_pb.GetDefaultPasswordAgePolicyResponse, error) {
policy, err := s.org.GetDefaultPasswordAgePolicy(ctx)
policy, err := s.query.DefaultPasswordAgePolicy(ctx)
if err != nil {
return nil, err
}

View File

@ -2,20 +2,20 @@ package policy
import (
"github.com/caos/zitadel/internal/api/grpc/object"
"github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/query"
policy_pb "github.com/caos/zitadel/pkg/grpc/policy"
)
func ModelPasswordAgePolicyToPb(policy *model.PasswordAgePolicyView) *policy_pb.PasswordAgePolicy {
func ModelPasswordAgePolicyToPb(policy *query.PasswordAgePolicy) *policy_pb.PasswordAgePolicy {
return &policy_pb.PasswordAgePolicy{
IsDefault: policy.Default,
IsDefault: policy.IsDefault,
MaxAgeDays: policy.MaxAgeDays,
ExpireWarnDays: policy.ExpireWarnDays,
Details: object.ToViewDetailsPb(
policy.Sequence,
policy.CreationDate,
policy.ChangeDate,
"", //TODO: resourceowner
policy.ResourceOwner,
),
}
}

View File

@ -16,15 +16,6 @@ type PasswordAgePolicy struct {
ExpireWarnDays uint64 `json:"expireWarnDays"`
}
func PasswordAgePolicyFromModel(policy *iam_model.PasswordAgePolicy) *PasswordAgePolicy {
return &PasswordAgePolicy{
ObjectRoot: policy.ObjectRoot,
State: int32(policy.State),
MaxAgeDays: policy.MaxAgeDays,
ExpireWarnDays: policy.ExpireWarnDays,
}
}
func PasswordAgePolicyToModel(policy *PasswordAgePolicy) *iam_model.PasswordAgePolicy {
return &iam_model.PasswordAgePolicy{
ObjectRoot: policy.ObjectRoot,

View File

@ -1,81 +0,0 @@
package model
import (
"encoding/json"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
"time"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/logging"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/iam/model"
)
const (
PasswordAgeKeyAggregateID = "aggregate_id"
)
type PasswordAgePolicyView struct {
AggregateID string `json:"-" gorm:"column:aggregate_id;primary_key"`
CreationDate time.Time `json:"-" gorm:"column:creation_date"`
ChangeDate time.Time `json:"-" gorm:"column:change_date"`
State int32 `json:"-" gorm:"column:age_policy_state"`
MaxAgeDays uint64 `json:"maxAgeDays" gorm:"column:max_age_days"`
ExpireWarnDays uint64 `json:"expireWarnDays" gorm:"column:expire_warn_days"`
Default bool `json:"-" gorm:"-"`
Sequence uint64 `json:"-" gorm:"column:sequence"`
}
func PasswordAgeViewFromModel(policy *model.PasswordAgePolicyView) *PasswordAgePolicyView {
return &PasswordAgePolicyView{
AggregateID: policy.AggregateID,
Sequence: policy.Sequence,
CreationDate: policy.CreationDate,
ChangeDate: policy.ChangeDate,
MaxAgeDays: policy.MaxAgeDays,
ExpireWarnDays: policy.ExpireWarnDays,
Default: policy.Default,
}
}
func PasswordAgeViewToModel(policy *PasswordAgePolicyView) *model.PasswordAgePolicyView {
return &model.PasswordAgePolicyView{
AggregateID: policy.AggregateID,
Sequence: policy.Sequence,
CreationDate: policy.CreationDate,
ChangeDate: policy.ChangeDate,
MaxAgeDays: policy.MaxAgeDays,
ExpireWarnDays: policy.ExpireWarnDays,
Default: policy.Default,
}
}
func (i *PasswordAgePolicyView) AppendEvent(event *models.Event) (err error) {
i.Sequence = event.Sequence
i.ChangeDate = event.CreationDate
switch event.Type {
case iam_es_model.PasswordAgePolicyAdded, org_es_model.PasswordAgePolicyAdded:
i.setRootData(event)
i.CreationDate = event.CreationDate
err = i.SetData(event)
case iam_es_model.PasswordAgePolicyChanged, org_es_model.PasswordAgePolicyChanged:
err = i.SetData(event)
}
return err
}
func (r *PasswordAgePolicyView) setRootData(event *models.Event) {
r.AggregateID = event.AggregateID
}
func (r *PasswordAgePolicyView) SetData(event *models.Event) error {
if err := json.Unmarshal(event.Data, r); err != nil {
logging.Log("EVEN-gH9os").WithError(err).Error("could not unmarshal event data")
return caos_errs.ThrowInternal(err, "MODEL-Hs8uf", "Could not unmarshal data")
}
return nil
}

View File

@ -1,59 +0,0 @@
package model
import (
"github.com/caos/zitadel/internal/domain"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/view/repository"
)
type PasswordAgePolicySearchRequest iam_model.PasswordAgePolicySearchRequest
type PasswordAgePolicySearchQuery iam_model.PasswordAgePolicySearchQuery
type PasswordAgePolicySearchKey iam_model.PasswordAgePolicySearchKey
func (req PasswordAgePolicySearchRequest) GetLimit() uint64 {
return req.Limit
}
func (req PasswordAgePolicySearchRequest) GetOffset() uint64 {
return req.Offset
}
func (req PasswordAgePolicySearchRequest) GetSortingColumn() repository.ColumnKey {
if req.SortingColumn == iam_model.PasswordAgePolicySearchKeyUnspecified {
return nil
}
return PasswordAgePolicySearchKey(req.SortingColumn)
}
func (req PasswordAgePolicySearchRequest) GetAsc() bool {
return req.Asc
}
func (req PasswordAgePolicySearchRequest) GetQueries() []repository.SearchQuery {
result := make([]repository.SearchQuery, len(req.Queries))
for i, q := range req.Queries {
result[i] = PasswordAgePolicySearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
}
return result
}
func (req PasswordAgePolicySearchQuery) GetKey() repository.ColumnKey {
return PasswordAgePolicySearchKey(req.Key)
}
func (req PasswordAgePolicySearchQuery) GetMethod() domain.SearchMethod {
return req.Method
}
func (req PasswordAgePolicySearchQuery) GetValue() interface{} {
return req.Value
}
func (key PasswordAgePolicySearchKey) ToColumnName() string {
switch iam_model.PasswordAgePolicySearchKey(key) {
case iam_model.PasswordAgePolicySearchKeyAggregateID:
return PasswordAgeKeyAggregateID
default:
return ""
}
}

View File

@ -1,32 +0,0 @@
package view
import (
"github.com/caos/zitadel/internal/domain"
caos_errs "github.com/caos/zitadel/internal/errors"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/iam/repository/view/model"
"github.com/caos/zitadel/internal/view/repository"
"github.com/jinzhu/gorm"
)
func GetPasswordAgePolicyByAggregateID(db *gorm.DB, table, aggregateID string) (*model.PasswordAgePolicyView, error) {
policy := new(model.PasswordAgePolicyView)
aggregateIDQuery := &model.PasswordAgePolicySearchQuery{Key: iam_model.PasswordAgePolicySearchKeyAggregateID, Value: aggregateID, Method: domain.SearchMethodEquals}
query := repository.PrepareGetByQuery(table, aggregateIDQuery)
err := query(db, policy)
if caos_errs.IsNotFound(err) {
return nil, caos_errs.ThrowNotFound(nil, "VIEW-6M9vs", "Errors.IAM.PasswordAgePolicy.NotExisting")
}
return policy, err
}
func PutPasswordAgePolicy(db *gorm.DB, table string, policy *model.PasswordAgePolicyView) error {
save := repository.PrepareSave(table)
return save(db, policy)
}
func DeletePasswordAgePolicy(db *gorm.DB, table, aggregateID string) error {
delete := repository.PrepareDeleteByKey(table, model.PasswordAgePolicySearchKey(iam_model.PasswordAgePolicySearchKeyAggregateID), aggregateID)
return delete(db)
}

View File

@ -285,57 +285,6 @@ func (repo *OrgRepository) SearchIDPProviders(ctx context.Context, request *iam_
return result, nil
}
func (repo *OrgRepository) GetPasswordAgePolicy(ctx context.Context) (*iam_model.PasswordAgePolicyView, error) {
policy, viewErr := repo.View.PasswordAgePolicyByAggregateID(authz.GetCtxData(ctx).OrgID)
if viewErr != nil && !errors.IsNotFound(viewErr) {
return nil, viewErr
}
if errors.IsNotFound(viewErr) {
policy = new(iam_view_model.PasswordAgePolicyView)
}
events, esErr := repo.getOrgEvents(ctx, repo.SystemDefaults.IamID, policy.Sequence)
if errors.IsNotFound(viewErr) && len(events) == 0 {
return repo.GetDefaultPasswordAgePolicy(ctx)
}
if esErr != nil {
logging.Log("EVENT-5Mx7s").WithError(esErr).Debug("error retrieving new events")
return iam_view_model.PasswordAgeViewToModel(policy), nil
}
policyCopy := *policy
for _, event := range events {
if err := policyCopy.AppendEvent(event); err != nil {
return iam_view_model.PasswordAgeViewToModel(policy), nil
}
}
return iam_view_model.PasswordAgeViewToModel(policy), nil
}
func (repo *OrgRepository) GetDefaultPasswordAgePolicy(ctx context.Context) (*iam_model.PasswordAgePolicyView, error) {
policy, viewErr := repo.View.PasswordAgePolicyByAggregateID(repo.SystemDefaults.IamID)
if viewErr != nil && !errors.IsNotFound(viewErr) {
return nil, viewErr
}
if errors.IsNotFound(viewErr) {
policy = new(iam_view_model.PasswordAgePolicyView)
}
events, esErr := repo.getIAMEvents(ctx, policy.Sequence)
if errors.IsNotFound(viewErr) && len(events) == 0 {
return nil, errors.ThrowNotFound(nil, "EVENT-cmO9s", "Errors.IAM.PasswordAgePolicy.NotFound")
}
if esErr != nil {
logging.Log("EVENT-3I90s").WithError(esErr).Debug("error retrieving new events")
return iam_view_model.PasswordAgeViewToModel(policy), nil
}
policyCopy := *policy
for _, event := range events {
if err := policyCopy.AppendEvent(event); err != nil {
return iam_view_model.PasswordAgeViewToModel(policy), nil
}
}
policy.Default = true
return iam_view_model.PasswordAgeViewToModel(policy), nil
}
func (repo *OrgRepository) GetLockoutPolicy(ctx context.Context) (*iam_model.LockoutPolicyView, error) {
policy, viewErr := repo.View.LockoutPolicyByAggregateID(authz.GetCtxData(ctx).OrgID)
if viewErr != nil && !errors.IsNotFound(viewErr) {

View File

@ -57,8 +57,6 @@ func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, es
newExternalIDP(
handler{view, bulkLimit, configs.cycleDuration("ExternalIDP"), errorCount, es},
defaults),
newPasswordAgePolicy(
handler{view, bulkLimit, configs.cycleDuration("PasswordAgePolicy"), errorCount, es}),
newLockoutPolicy(
handler{view, bulkLimit, configs.cycleDuration("LockoutPolicy"), errorCount, es}),
newOrgIAMPolicy(

View File

@ -1,109 +0,0 @@
package handler
import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore/v1"
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/eventstore/v1/query"
"github.com/caos/zitadel/internal/eventstore/v1/spooler"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
const (
passwordAgePolicyTable = "management.password_age_policies"
)
type PasswordAgePolicy struct {
handler
subscription *v1.Subscription
}
func newPasswordAgePolicy(handler handler) *PasswordAgePolicy {
h := &PasswordAgePolicy{
handler: handler,
}
h.subscribe()
return h
}
func (m *PasswordAgePolicy) subscribe() {
m.subscription = m.es.Subscribe(m.AggregateTypes()...)
go func() {
for event := range m.subscription.Events {
query.ReduceEvent(m, event)
}
}()
}
func (m *PasswordAgePolicy) ViewModel() string {
return passwordAgePolicyTable
}
func (p *PasswordAgePolicy) Subscription() *v1.Subscription {
return p.subscription
}
func (_ *PasswordAgePolicy) AggregateTypes() []es_models.AggregateType {
return []es_models.AggregateType{model.OrgAggregate, iam_es_model.IAMAggregate}
}
func (o *PasswordAgePolicy) CurrentSequence() (uint64, error) {
sequence, err := o.view.GetLatestPasswordAgePolicySequence()
if err != nil {
return 0, err
}
return sequence.CurrentSequence, nil
}
func (p *PasswordAgePolicy) EventQuery() (*es_models.SearchQuery, error) {
sequence, err := p.view.GetLatestPasswordAgePolicySequence()
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(p.AggregateTypes()...).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
func (m *PasswordAgePolicy) Reduce(event *es_models.Event) (err error) {
switch event.AggregateType {
case model.OrgAggregate, iam_es_model.IAMAggregate:
err = m.processPasswordAgePolicy(event)
}
return err
}
func (m *PasswordAgePolicy) processPasswordAgePolicy(event *es_models.Event) (err error) {
policy := new(iam_model.PasswordAgePolicyView)
switch event.Type {
case iam_es_model.PasswordAgePolicyAdded, model.PasswordAgePolicyAdded:
err = policy.AppendEvent(event)
case iam_es_model.PasswordAgePolicyChanged, model.PasswordAgePolicyChanged:
policy, err = m.view.PasswordAgePolicyByAggregateID(event.AggregateID)
if err != nil {
return err
}
err = policy.AppendEvent(event)
case model.PasswordAgePolicyRemoved:
return m.view.DeletePasswordAgePolicy(event.AggregateID, event)
default:
return m.view.ProcessedPasswordAgePolicySequence(event)
}
if err != nil {
return err
}
return m.view.PutPasswordAgePolicy(policy, event)
}
func (m *PasswordAgePolicy) OnError(event *es_models.Event, err error) error {
logging.LogWithFields("SPOOL-Bs89f", "id", event.AggregateID).WithError(err).Warn("something went wrong in passwordAge policy handler")
return spooler.HandleError(event, err, m.view.GetLatestPasswordAgePolicyFailedEvent, m.view.ProcessedPasswordAgePolicyFailedEvent, m.view.ProcessedPasswordAgePolicySequence, m.errorCountUntilSkip)
}
func (m *PasswordAgePolicy) OnSuccess() error {
return spooler.HandleSuccess(m.view.UpdatePasswordAgePolicySpoolerRunTimestamp)
}

View File

@ -1,53 +0,0 @@
package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v1/models"
"github.com/caos/zitadel/internal/iam/repository/view"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_view "github.com/caos/zitadel/internal/view/repository"
)
const (
passwordAgePolicyTable = "management.password_age_policies"
)
func (v *View) PasswordAgePolicyByAggregateID(aggregateID string) (*model.PasswordAgePolicyView, error) {
return view.GetPasswordAgePolicyByAggregateID(v.Db, passwordAgePolicyTable, aggregateID)
}
func (v *View) PutPasswordAgePolicy(policy *model.PasswordAgePolicyView, event *models.Event) error {
err := view.PutPasswordAgePolicy(v.Db, passwordAgePolicyTable, policy)
if err != nil {
return err
}
return v.ProcessedPasswordAgePolicySequence(event)
}
func (v *View) DeletePasswordAgePolicy(aggregateID string, event *models.Event) error {
err := view.DeletePasswordAgePolicy(v.Db, passwordAgePolicyTable, aggregateID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedPasswordAgePolicySequence(event)
}
func (v *View) GetLatestPasswordAgePolicySequence() (*global_view.CurrentSequence, error) {
return v.latestSequence(passwordAgePolicyTable)
}
func (v *View) ProcessedPasswordAgePolicySequence(event *models.Event) error {
return v.saveCurrentSequence(passwordAgePolicyTable, event)
}
func (v *View) UpdatePasswordAgePolicySpoolerRunTimestamp() error {
return v.updateSpoolerRunSequence(passwordAgePolicyTable)
}
func (v *View) GetLatestPasswordAgePolicyFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
return v.latestFailedEvent(passwordAgePolicyTable, sequence)
}
func (v *View) ProcessedPasswordAgePolicyFailedEvent(failedEvent *global_view.FailedEvent) error {
return v.saveFailedEvent(failedEvent)
}

View File

@ -28,9 +28,6 @@ type OrgRepository interface {
SearchIDPProviders(ctx context.Context, request *iam_model.IDPProviderSearchRequest) (*iam_model.IDPProviderSearchResponse, error)
GetIDPProvidersByIDPConfigID(ctx context.Context, aggregateID, idpConfigID string) ([]*iam_model.IDPProviderView, error)
GetPasswordAgePolicy(ctx context.Context) (*iam_model.PasswordAgePolicyView, error)
GetDefaultPasswordAgePolicy(ctx context.Context) (*iam_model.PasswordAgePolicyView, error)
GetLockoutPolicy(ctx context.Context) (*iam_model.LockoutPolicyView, error)
GetDefaultLockoutPolicy(ctx context.Context) (*iam_model.LockoutPolicyView, error)

View File

@ -0,0 +1,125 @@
package query
import (
"context"
"database/sql"
errs "errors"
"time"
sq "github.com/Masterminds/squirrel"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/query/projection"
)
type PasswordAgePolicy struct {
ID string
Sequence uint64
CreationDate time.Time
ChangeDate time.Time
ResourceOwner string
ExpireWarnDays uint64
MaxAgeDays uint64
IsDefault bool
}
var (
passwordAgeTable = table{
name: projection.PasswordAgeTable,
}
PasswordAgeColID = Column{
name: projection.AgePolicyIDCol,
}
PasswordAgeColSequence = Column{
name: projection.AgePolicySequenceCol,
}
PasswordAgeColCreationDate = Column{
name: projection.AgePolicyCreationDateCol,
}
PasswordAgeColChangeDate = Column{
name: projection.AgePolicyChangeDateCol,
}
PasswordAgeColResourceOwner = Column{
name: projection.AgePolicyResourceOwnerCol,
}
PasswordAgeColWarnDays = Column{
name: projection.AgePolicyExpireWarnDaysCol,
}
PasswordAgeColMaxAge = Column{
name: projection.AgePolicyMaxAgeDaysCol,
}
PasswordAgeColIsDefault = Column{
name: projection.AgePolicyIsDefaultCol,
}
)
func (q *Queries) PasswordAgePolicyByOrg(ctx context.Context, orgID string) (*PasswordAgePolicy, error) {
stmt, scan := preparePasswordAgePolicyQuery()
query, args, err := stmt.Where(
sq.Or{
sq.Eq{
PasswordAgeColID.identifier(): orgID,
},
sq.Eq{
PasswordAgeColID.identifier(): q.iamID,
},
}).
OrderBy(PasswordAgeColIsDefault.identifier()).
Limit(1).ToSql()
if err != nil {
return nil, errors.ThrowInternal(err, "QUERY-SKR6X", "Errors.Query.SQLStatement")
}
row := q.client.QueryRowContext(ctx, query, args...)
return scan(row)
}
func (q *Queries) DefaultPasswordAgePolicy(ctx context.Context) (*PasswordAgePolicy, error) {
stmt, scan := preparePasswordAgePolicyQuery()
query, args, err := stmt.Where(sq.Eq{
PasswordAgeColID.identifier(): q.iamID,
}).
OrderBy(PasswordAgeColIsDefault.identifier()).
Limit(1).ToSql()
if err != nil {
return nil, errors.ThrowInternal(err, "QUERY-mN0Ci", "Errors.Query.SQLStatement")
}
row := q.client.QueryRowContext(ctx, query, args...)
return scan(row)
}
func preparePasswordAgePolicyQuery() (sq.SelectBuilder, func(*sql.Row) (*PasswordAgePolicy, error)) {
return sq.Select(
PasswordAgeColID.identifier(),
PasswordAgeColSequence.identifier(),
PasswordAgeColCreationDate.identifier(),
PasswordAgeColChangeDate.identifier(),
PasswordAgeColResourceOwner.identifier(),
PasswordAgeColWarnDays.identifier(),
PasswordAgeColMaxAge.identifier(),
PasswordAgeColIsDefault.identifier(),
).
From(passwordAgeTable.identifier()).PlaceholderFormat(sq.Dollar),
func(row *sql.Row) (*PasswordAgePolicy, error) {
policy := new(PasswordAgePolicy)
err := row.Scan(
&policy.ID,
&policy.Sequence,
&policy.CreationDate,
&policy.ChangeDate,
&policy.ResourceOwner,
&policy.ExpireWarnDays,
&policy.MaxAgeDays,
&policy.IsDefault,
)
if err != nil {
if errs.Is(err, sql.ErrNoRows) {
return nil, errors.ThrowNotFound(err, "QUERY-63mtI", "Errors.Org.PasswordComplexity.NotFound")
}
return nil, errors.ThrowInternal(err, "QUERY-uulCZ", "Errors.Internal")
}
return policy, nil
}
}

View File

@ -75,7 +75,7 @@ const (
func (p *OrgProjection) reduceOrgAdded(event eventstore.EventReader) (*handler.Statement, error) {
e, ok := event.(*org.OrgAddedEvent)
if !ok {
logging.LogWithFields("HANDL-zWCk3", "seq", event.Sequence(), "expectedType", org.OrgAddedEventType).Error("was not an event")
logging.LogWithFields("HANDL-zWCk3", "seq", event.Sequence(), "expectedType", org.OrgAddedEventType).Error("wrong event type")
return nil, errors.ThrowInvalidArgument(nil, "HANDL-uYq4r", "reduce.wrong.event.type")
}
return crdb.NewCreateStatement(

View File

@ -0,0 +1,149 @@
package projection
import (
"context"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/handler"
"github.com/caos/zitadel/internal/eventstore/handler/crdb"
"github.com/caos/zitadel/internal/repository/iam"
"github.com/caos/zitadel/internal/repository/org"
"github.com/caos/zitadel/internal/repository/policy"
)
type PasswordAgeProjection struct {
crdb.StatementHandler
}
const (
PasswordAgeTable = "zitadel.projections.password_age_policies"
)
func NewPasswordAgeProjection(ctx context.Context, config crdb.StatementHandlerConfig) *PasswordAgeProjection {
p := &PasswordAgeProjection{}
config.ProjectionName = PasswordAgeTable
config.Reducers = p.reducers()
p.StatementHandler = crdb.NewStatementHandler(ctx, config)
return p
}
func (p *PasswordAgeProjection) reducers() []handler.AggregateReducer {
return []handler.AggregateReducer{
{
Aggregate: org.AggregateType,
EventRedusers: []handler.EventReducer{
{
Event: org.PasswordAgePolicyAddedEventType,
Reduce: p.reduceAdded,
},
{
Event: org.PasswordAgePolicyChangedEventType,
Reduce: p.reduceChanged,
},
{
Event: org.PasswordAgePolicyRemovedEventType,
Reduce: p.reduceRemoved,
},
},
},
{
Aggregate: iam.AggregateType,
EventRedusers: []handler.EventReducer{
{
Event: iam.PasswordAgePolicyAddedEventType,
Reduce: p.reduceAdded,
},
{
Event: iam.PasswordAgePolicyChangedEventType,
Reduce: p.reduceChanged,
},
},
},
}
}
func (p *PasswordAgeProjection) reduceAdded(event eventstore.EventReader) (*handler.Statement, error) {
var policyEvent policy.PasswordAgePolicyAddedEvent
var isDefault bool
switch e := event.(type) {
case *org.PasswordAgePolicyAddedEvent:
policyEvent = e.PasswordAgePolicyAddedEvent
isDefault = false
case *iam.PasswordAgePolicyAddedEvent:
policyEvent = e.PasswordAgePolicyAddedEvent
isDefault = true
default:
logging.LogWithFields("PROJE-stxcL", "seq", event.Sequence(), "expectedTypes", []eventstore.EventType{org.PasswordAgePolicyAddedEventType, iam.PasswordAgePolicyAddedEventType}).Error("wrong event type")
return nil, errors.ThrowInvalidArgument(nil, "PROJE-CJqF0", "reduce.wrong.event.type")
}
return crdb.NewCreateStatement(
&policyEvent,
[]handler.Column{
handler.NewCol(AgePolicyCreationDateCol, policyEvent.CreationDate()),
handler.NewCol(AgePolicyChangeDateCol, policyEvent.CreationDate()),
handler.NewCol(AgePolicySequenceCol, policyEvent.Sequence()),
handler.NewCol(AgePolicyIDCol, policyEvent.Aggregate().ID),
handler.NewCol(AgePolicyStateCol, domain.PolicyStateActive),
handler.NewCol(AgePolicyExpireWarnDaysCol, policyEvent.ExpireWarnDays),
handler.NewCol(AgePolicyMaxAgeDaysCol, policyEvent.MaxAgeDays),
handler.NewCol(AgePolicyIsDefaultCol, isDefault),
handler.NewCol(AgePolicyResourceOwnerCol, policyEvent.Aggregate().ResourceOwner),
}), nil
}
func (p *PasswordAgeProjection) reduceChanged(event eventstore.EventReader) (*handler.Statement, error) {
var policyEvent policy.PasswordAgePolicyChangedEvent
switch e := event.(type) {
case *org.PasswordAgePolicyChangedEvent:
policyEvent = e.PasswordAgePolicyChangedEvent
case *iam.PasswordAgePolicyChangedEvent:
policyEvent = e.PasswordAgePolicyChangedEvent
default:
logging.LogWithFields("PROJE-EZ53p", "seq", event.Sequence(), "expectedTypes", []eventstore.EventType{org.PasswordAgePolicyChangedEventType, iam.PasswordAgePolicyChangedEventType}).Error("wrong event type")
return nil, errors.ThrowInvalidArgument(nil, "PROJE-i7FZt", "reduce.wrong.event.type")
}
cols := []handler.Column{
handler.NewCol(AgePolicyChangeDateCol, policyEvent.CreationDate()),
handler.NewCol(AgePolicySequenceCol, policyEvent.Sequence()),
}
if policyEvent.ExpireWarnDays != nil {
cols = append(cols, handler.NewCol(AgePolicyExpireWarnDaysCol, *policyEvent.ExpireWarnDays))
}
if policyEvent.MaxAgeDays != nil {
cols = append(cols, handler.NewCol(AgePolicyMaxAgeDaysCol, *policyEvent.MaxAgeDays))
}
return crdb.NewUpdateStatement(
&policyEvent,
cols,
[]handler.Condition{
handler.NewCond(AgePolicyIDCol, policyEvent.Aggregate().ID),
}), nil
}
func (p *PasswordAgeProjection) reduceRemoved(event eventstore.EventReader) (*handler.Statement, error) {
policyEvent, ok := event.(*org.PasswordAgePolicyRemovedEvent)
if !ok {
logging.LogWithFields("PROJE-iwqfN", "seq", event.Sequence(), "expectedType", org.PasswordAgePolicyRemovedEventType).Error("wrong event type")
return nil, errors.ThrowInvalidArgument(nil, "PROJE-EtHWB", "reduce.wrong.event.type")
}
return crdb.NewDeleteStatement(
policyEvent,
[]handler.Condition{
handler.NewCond(AgePolicyIDCol, policyEvent.Aggregate().ID),
}), nil
}
const (
AgePolicyCreationDateCol = "creation_date"
AgePolicyChangeDateCol = "change_date"
AgePolicySequenceCol = "sequence"
AgePolicyIDCol = "id"
AgePolicyStateCol = "state"
AgePolicyExpireWarnDaysCol = "expire_warn_days"
AgePolicyMaxAgeDaysCol = "max_age_days"
AgePolicyIsDefaultCol = "is_default"
AgePolicyResourceOwnerCol = "resource_owner"
)

View File

@ -0,0 +1,210 @@
package projection
import (
"testing"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/handler"
"github.com/caos/zitadel/internal/eventstore/repository"
"github.com/caos/zitadel/internal/repository/iam"
"github.com/caos/zitadel/internal/repository/org"
)
func TestPasswordAgeProjection_reduces(t *testing.T) {
type args struct {
event func(t *testing.T) eventstore.EventReader
}
tests := []struct {
name string
args args
reduce func(event eventstore.EventReader) (*handler.Statement, error)
want wantReduce
}{
{
name: "org.reduceAdded",
args: args{
event: getEvent(testEvent(
repository.EventType(org.PasswordAgePolicyAddedEventType),
org.AggregateType,
[]byte(`{
"expireWarnDays": 10,
"maxAgeDays": 13
}`),
), org.PasswordAgePolicyAddedEventMapper),
},
reduce: (&PasswordAgeProjection{}).reduceAdded,
want: wantReduce{
aggregateType: eventstore.AggregateType("org"),
sequence: 15,
previousSequence: 10,
projection: PasswordAgeTable,
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "INSERT INTO zitadel.projections.password_age_policies (creation_date, change_date, sequence, id, state, expire_warn_days, max_age_days, is_default, resource_owner) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
expectedArgs: []interface{}{
anyArg{},
anyArg{},
uint64(15),
"agg-id",
domain.PolicyStateActive,
uint64(10),
uint64(13),
false,
"ro-id",
},
},
},
},
},
},
{
name: "org.reduceChanged",
reduce: (&PasswordAgeProjection{}).reduceChanged,
args: args{
event: getEvent(testEvent(
repository.EventType(org.PasswordAgePolicyChangedEventType),
org.AggregateType,
[]byte(`{
"expireWarnDays": 10,
"maxAgeDays": 13
}`),
), org.PasswordAgePolicyChangedEventMapper),
},
want: wantReduce{
aggregateType: eventstore.AggregateType("org"),
sequence: 15,
previousSequence: 10,
projection: PasswordAgeTable,
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE zitadel.projections.password_age_policies SET (change_date, sequence, expire_warn_days, max_age_days) = ($1, $2, $3, $4) WHERE (id = $5)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
uint64(10),
uint64(13),
"agg-id",
},
},
},
},
},
},
{
name: "org.reduceRemoved",
reduce: (&PasswordAgeProjection{}).reduceRemoved,
args: args{
event: getEvent(testEvent(
repository.EventType(org.PasswordAgePolicyRemovedEventType),
org.AggregateType,
nil,
), org.PasswordAgePolicyRemovedEventMapper),
},
want: wantReduce{
aggregateType: eventstore.AggregateType("org"),
sequence: 15,
previousSequence: 10,
projection: PasswordAgeTable,
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "DELETE FROM zitadel.projections.password_age_policies WHERE (id = $1)",
expectedArgs: []interface{}{
"agg-id",
},
},
},
},
},
},
{
name: "iam.reduceAdded",
reduce: (&PasswordAgeProjection{}).reduceAdded,
args: args{
event: getEvent(testEvent(
repository.EventType(iam.PasswordAgePolicyAddedEventType),
iam.AggregateType,
[]byte(`{
"expireWarnDays": 10,
"maxAgeDays": 13
}`),
), iam.PasswordAgePolicyAddedEventMapper),
},
want: wantReduce{
aggregateType: eventstore.AggregateType("iam"),
sequence: 15,
previousSequence: 10,
projection: PasswordAgeTable,
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "INSERT INTO zitadel.projections.password_age_policies (creation_date, change_date, sequence, id, state, expire_warn_days, max_age_days, is_default, resource_owner) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
expectedArgs: []interface{}{
anyArg{},
anyArg{},
uint64(15),
"agg-id",
domain.PolicyStateActive,
uint64(10),
uint64(13),
true,
"ro-id",
},
},
},
},
},
},
{
name: "iam.reduceChanged",
reduce: (&PasswordAgeProjection{}).reduceChanged,
args: args{
event: getEvent(testEvent(
repository.EventType(iam.PasswordAgePolicyChangedEventType),
iam.AggregateType,
[]byte(`{
"expireWarnDays": 10,
"maxAgeDays": 13
}`),
), iam.PasswordAgePolicyChangedEventMapper),
},
want: wantReduce{
aggregateType: eventstore.AggregateType("iam"),
sequence: 15,
previousSequence: 10,
projection: PasswordAgeTable,
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE zitadel.projections.password_age_policies SET (change_date, sequence, expire_warn_days, max_age_days) = ($1, $2, $3, $4) WHERE (id = $5)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
uint64(10),
uint64(13),
"agg-id",
},
},
},
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
event := baseEvent(t)
got, err := tt.reduce(event)
if _, ok := err.(errors.InvalidArgument); !ok {
t.Errorf("no wrong event mapping: %v, got: %v", err, got)
}
event = tt.args.event(t)
got, err = tt.reduce(event)
assertReduce(t, got, err, tt.want)
})
}
}

View File

@ -76,7 +76,7 @@ func (p *PasswordComplexityProjection) reduceAdded(event eventstore.EventReader)
policyEvent = e.PasswordComplexityPolicyAddedEvent
isDefault = true
default:
logging.LogWithFields("PROJE-mP8AR", "seq", event.Sequence(), "expectedTypes", []eventstore.EventType{org.PasswordComplexityPolicyAddedEventType, iam.PasswordComplexityPolicyAddedEventType}).Error("was not an event")
logging.LogWithFields("PROJE-mP8AR", "seq", event.Sequence(), "expectedTypes", []eventstore.EventType{org.PasswordComplexityPolicyAddedEventType, iam.PasswordComplexityPolicyAddedEventType}).Error("wrong event type")
return nil, errors.ThrowInvalidArgument(nil, "PROJE-KTHmJ", "reduce.wrong.event.type")
}
return crdb.NewCreateStatement(
@ -105,7 +105,7 @@ func (p *PasswordComplexityProjection) reduceChanged(event eventstore.EventReade
case *iam.PasswordComplexityPolicyChangedEvent:
policyEvent = e.PasswordComplexityPolicyChangedEvent
default:
logging.LogWithFields("PROJE-L4UHn", "seq", event.Sequence(), "expectedTypes", []eventstore.EventType{org.PasswordComplexityPolicyChangedEventType, iam.PasswordComplexityPolicyChangedEventType}).Error("was not an event")
logging.LogWithFields("PROJE-L4UHn", "seq", event.Sequence(), "expectedTypes", []eventstore.EventType{org.PasswordComplexityPolicyChangedEventType, iam.PasswordComplexityPolicyChangedEventType}).Error("wrong event type")
return nil, errors.ThrowInvalidArgument(nil, "PROJE-cf3Xb", "reduce.wrong.event.type")
}
cols := []handler.Column{
@ -138,7 +138,7 @@ func (p *PasswordComplexityProjection) reduceChanged(event eventstore.EventReade
func (p *PasswordComplexityProjection) reduceRemoved(event eventstore.EventReader) (*handler.Statement, error) {
policyEvent, ok := event.(*org.PasswordComplexityPolicyRemovedEvent)
if !ok {
logging.LogWithFields("PROJE-ibd0c", "seq", event.Sequence(), "expectedType", org.PasswordComplexityPolicyRemovedEventType).Error("was not an event")
logging.LogWithFields("PROJE-ibd0c", "seq", event.Sequence(), "expectedType", org.PasswordComplexityPolicyRemovedEventType).Error("wrong event type")
return nil, errors.ThrowInvalidArgument(nil, "PROJE-wttCd", "reduce.wrong.event.type")
}
return crdb.NewDeleteStatement(

View File

@ -76,7 +76,7 @@ const (
func (p *ProjectProjection) reduceProjectAdded(event eventstore.EventReader) (*handler.Statement, error) {
e, ok := event.(*project.ProjectAddedEvent)
if !ok {
logging.LogWithFields("HANDL-MFOsd", "seq", event.Sequence(), "expectedType", project.ProjectAddedType).Error("was not an event")
logging.LogWithFields("HANDL-MFOsd", "seq", event.Sequence(), "expectedType", project.ProjectAddedType).Error("wrong event type")
return nil, errors.ThrowInvalidArgument(nil, "HANDL-l000S", "reduce.wrong.event.type")
}
return crdb.NewCreateStatement(

View File

@ -81,7 +81,7 @@ const (
func (p *ProjectGrantProjection) reduceProjectGrantAdded(event eventstore.EventReader) (*handler.Statement, error) {
e, ok := event.(*project.GrantAddedEvent)
if !ok {
logging.LogWithFields("HANDL-Mi4g9", "seq", event.Sequence(), "expectedType", project.GrantAddedType).Error("was not an event")
logging.LogWithFields("HANDL-Mi4g9", "seq", event.Sequence(), "expectedType", project.GrantAddedType).Error("wrong event type")
return nil, errors.ThrowInvalidArgument(nil, "HANDL-g92Fg", "reduce.wrong.event.type")
}
return crdb.NewCreateStatement(
@ -104,7 +104,7 @@ func (p *ProjectGrantProjection) reduceProjectGrantAdded(event eventstore.EventR
func (p *ProjectGrantProjection) reduceProjectGrantChanged(event eventstore.EventReader) (*handler.Statement, error) {
e, ok := event.(*project.GrantChangedEvent)
if !ok {
logging.LogWithFields("HANDL-M00fH", "seq", event.Sequence(), "expectedType", project.GrantChangedType).Error("was not an event")
logging.LogWithFields("HANDL-M00fH", "seq", event.Sequence(), "expectedType", project.GrantChangedType).Error("wrong event type")
return nil, errors.ThrowInvalidArgument(nil, "HANDL-g0fg4", "reduce.wrong.event.type")
}
return crdb.NewUpdateStatement(
@ -124,7 +124,7 @@ func (p *ProjectGrantProjection) reduceProjectGrantChanged(event eventstore.Even
func (p *ProjectGrantProjection) reduceProjectGrantCascadeChanged(event eventstore.EventReader) (*handler.Statement, error) {
e, ok := event.(*project.GrantCascadeChangedEvent)
if !ok {
logging.LogWithFields("HANDL-K0fwR", "seq", event.Sequence(), "expectedType", project.GrantCascadeChangedType).Error("was not an event")
logging.LogWithFields("HANDL-K0fwR", "seq", event.Sequence(), "expectedType", project.GrantCascadeChangedType).Error("wrong event type")
return nil, errors.ThrowInvalidArgument(nil, "HANDL-ll9Ts", "reduce.wrong.event.type")
}
return crdb.NewUpdateStatement(
@ -144,7 +144,7 @@ func (p *ProjectGrantProjection) reduceProjectGrantCascadeChanged(event eventsto
func (p *ProjectGrantProjection) reduceProjectGrantDeactivated(event eventstore.EventReader) (*handler.Statement, error) {
e, ok := event.(*project.GrantDeactivateEvent)
if !ok {
logging.LogWithFields("HANDL-Ple9f", "seq", event.Sequence(), "expectedType", project.GrantDeactivatedType).Error("was not an event")
logging.LogWithFields("HANDL-Ple9f", "seq", event.Sequence(), "expectedType", project.GrantDeactivatedType).Error("wrong event type")
return nil, errors.ThrowInvalidArgument(nil, "HANDL-0fj2f", "reduce.wrong.event.type")
}
return crdb.NewUpdateStatement(
@ -164,7 +164,7 @@ func (p *ProjectGrantProjection) reduceProjectGrantDeactivated(event eventstore.
func (p *ProjectGrantProjection) reduceProjectGrantReactivated(event eventstore.EventReader) (*handler.Statement, error) {
e, ok := event.(*project.GrantReactivatedEvent)
if !ok {
logging.LogWithFields("HANDL-Ip0hr", "seq", event.Sequence(), "expectedType", project.GrantReactivatedType).Error("was not an event")
logging.LogWithFields("HANDL-Ip0hr", "seq", event.Sequence(), "expectedType", project.GrantReactivatedType).Error("wrong event type")
return nil, errors.ThrowInvalidArgument(nil, "HANDL-2M0ve", "reduce.wrong.event.type")
}
return crdb.NewUpdateStatement(
@ -184,7 +184,7 @@ func (p *ProjectGrantProjection) reduceProjectGrantReactivated(event eventstore.
func (p *ProjectGrantProjection) reduceProjectGrantRemoved(event eventstore.EventReader) (*handler.Statement, error) {
e, ok := event.(*project.GrantRemovedEvent)
if !ok {
logging.LogWithFields("HANDL-M0pfs", "seq", event.Sequence(), "expectedType", project.GrantRemovedType).Error("was not an event")
logging.LogWithFields("HANDL-M0pfs", "seq", event.Sequence(), "expectedType", project.GrantRemovedType).Error("wrong event type")
return nil, errors.ThrowInvalidArgument(nil, "HANDL-o0w4f", "reduce.wrong.event.type")
}
return crdb.NewDeleteStatement(
@ -199,7 +199,7 @@ func (p *ProjectGrantProjection) reduceProjectGrantRemoved(event eventstore.Even
func (p *ProjectGrantProjection) reduceProjectRemoved(event eventstore.EventReader) (*handler.Statement, error) {
e, ok := event.(*project.ProjectRemovedEvent)
if !ok {
logging.LogWithFields("HANDL-Ms0fe", "seq", event.Sequence(), "expectedType", project.ProjectRemovedType).Error("was not an event")
logging.LogWithFields("HANDL-Ms0fe", "seq", event.Sequence(), "expectedType", project.ProjectRemovedType).Error("wrong event type")
return nil, errors.ThrowInvalidArgument(nil, "HANDL-gn9rw", "reduce.wrong.event.type")
}
return crdb.NewDeleteStatement(

View File

@ -66,7 +66,7 @@ const (
func (p *ProjectRoleProjection) reduceProjectRoleAdded(event eventstore.EventReader) (*handler.Statement, error) {
e, ok := event.(*project.RoleAddedEvent)
if !ok {
logging.LogWithFields("HANDL-Fmre5", "seq", event.Sequence(), "expectedType", project.RoleAddedType).Error("was not an event")
logging.LogWithFields("HANDL-Fmre5", "seq", event.Sequence(), "expectedType", project.RoleAddedType).Error("wrong event type")
return nil, errors.ThrowInvalidArgument(nil, "HANDL-g92Fg", "reduce.wrong.event.type")
}
return crdb.NewCreateStatement(
@ -88,7 +88,7 @@ func (p *ProjectRoleProjection) reduceProjectRoleAdded(event eventstore.EventRea
func (p *ProjectRoleProjection) reduceProjectRoleChanged(event eventstore.EventReader) (*handler.Statement, error) {
e, ok := event.(*project.RoleChangedEvent)
if !ok {
logging.LogWithFields("HANDL-M0fwg", "seq", event.Sequence(), "expectedType", project.GrantChangedType).Error("was not an event")
logging.LogWithFields("HANDL-M0fwg", "seq", event.Sequence(), "expectedType", project.GrantChangedType).Error("wrong event type")
return nil, errors.ThrowInvalidArgument(nil, "HANDL-sM0f", "reduce.wrong.event.type")
}
if e.DisplayName == nil && e.Group == nil {
@ -116,7 +116,7 @@ func (p *ProjectRoleProjection) reduceProjectRoleChanged(event eventstore.EventR
func (p *ProjectRoleProjection) reduceProjectRoleRemoved(event eventstore.EventReader) (*handler.Statement, error) {
e, ok := event.(*project.RoleRemovedEvent)
if !ok {
logging.LogWithFields("HANDL-MlokF", "seq", event.Sequence(), "expectedType", project.GrantRemovedType).Error("was not an event")
logging.LogWithFields("HANDL-MlokF", "seq", event.Sequence(), "expectedType", project.GrantRemovedType).Error("wrong event type")
return nil, errors.ThrowInvalidArgument(nil, "HANDL-L0fJf", "reduce.wrong.event.type")
}
return crdb.NewDeleteStatement(
@ -131,7 +131,7 @@ func (p *ProjectRoleProjection) reduceProjectRoleRemoved(event eventstore.EventR
func (p *ProjectRoleProjection) reduceProjectRemoved(event eventstore.EventReader) (*handler.Statement, error) {
e, ok := event.(*project.ProjectRemovedEvent)
if !ok {
logging.LogWithFields("HANDL-hm90R", "seq", event.Sequence(), "expectedType", project.ProjectRemovedType).Error("was not an event")
logging.LogWithFields("HANDL-hm90R", "seq", event.Sequence(), "expectedType", project.ProjectRemovedType).Error("wrong event type")
return nil, errors.ThrowInvalidArgument(nil, "HANDL-l0geG", "reduce.wrong.event.type")
}
return crdb.NewDeleteStatement(

View File

@ -38,6 +38,7 @@ func Start(ctx context.Context, sqlClient *sql.DB, es *eventstore.Eventstore, co
NewFlowProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["flows"]))
NewProjectProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["projects"]))
NewPasswordComplexityProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["password_complexities"]))
NewPasswordAgeProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["password_age_policy"]))
NewProjectGrantProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["project_grants"]))
NewProjectRoleProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["project_roles"]))
// owner.NewOrgOwnerProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["org_owners"]))

View File

@ -169,7 +169,7 @@ Errors:
AlreadyExists: Default Message Text already exists
Invalid: Default Message Text is invalid
PasswordComplexity:
NotFound: Password Complexity Policy not found
NotFound: Password Complexity Policy not found
Empty: Password Complexity Policy is empty
NotExisting: Password Complexity Policy doesn't exist
AlreadyExists: Password Complexity Policy already exists

View File

@ -0,0 +1,14 @@
CREATE TABLE zitadel.projections.password_age_policies (
id STRING NOT NULL,
creation_date TIMESTAMPTZ NULL,
change_date TIMESTAMPTZ NULL,
sequence INT8 NULL,
state INT2 NULL,
resource_owner TEXT,
is_default BOOLEAN,
max_age_days INT8 NULL,
expire_warn_days INT8 NULL,
PRIMARY KEY (id)
);