add more config

cmd/e2e-setup/config.go

@@ -3,6 +3,7 @@ package main
 import (
 	"errors"
 	"fmt"
+	"github.com/zitadel/zitadel/internal/crypto"
 	"regexp"
 
 	"github.com/zitadel/zitadel/internal/id"
@@ -33,6 +34,7 @@ type Config struct {
 	InternalAuthZ  internal_authz.Config
 	Machine        *id.Config
 	SystemDefaults systemdefaults.SystemDefaults
+	EncryptionKeys *encryptionKeyConfig
 }
 
 func (c Config) Validate() error {
@@ -100,6 +102,18 @@ func (e E2EConfig) Validate() (err error) {
 	return nil
 }
 
+type encryptionKeyConfig struct {
+	DomainVerification   *crypto.KeyConfig
+	IDPConfig            *crypto.KeyConfig
+	OIDC                 *crypto.KeyConfig
+	OTP                  *crypto.KeyConfig
+	SMS                  *crypto.KeyConfig
+	SMTP                 *crypto.KeyConfig
+	User                 *crypto.KeyConfig
+	CSRFCookieKeyID      string
+	UserAgentCookieKeyID string
+}
+
 func MustNewConfig(v *viper.Viper) *Config {
 	config := new(Config)
 

cmd/e2e-setup/defaults.yaml

@@ -0,0 +1,12 @@
+E2E:
+  Org: "e2e-tests"
+  MachineKeyPath: ".keys/e2e.json"
+  ZitadelProjectResourceID: ""
+  APIURL: "http://localhost:8080"
+  IssuerURL: "http://localhost:8080/oauth/v2"
+  Audience: ""
+  OrgOwnerPassword: "Password1!"
+  OrgOwnerViewerPassword: "Password1!"
+  OrgProjectCreatorPassword: "Password1!"
+  PasswordComplexityUserPassword: "Password1!"
+  LoginPolicyUserPassword: "Password1!"

cmd/e2e-setup/encryption_keys.go

@@ -0,0 +1,106 @@
+package main
+
+import (
+	"github.com/zitadel/zitadel/internal/crypto"
+	caos_errs "github.com/zitadel/zitadel/internal/errors"
+)
+
+var (
+	defaultKeyIDs = []string{
+		"domainVerificationKey",
+		"idpConfigKey",
+		"oidcKey",
+		"otpKey",
+		"smsKey",
+		"smtpKey",
+		"userKey",
+		"csrfCookieKey",
+		"userAgentCookieKey",
+	}
+)
+
+type encryptionKeys struct {
+	DomainVerification crypto.EncryptionAlgorithm
+	IDPConfig          crypto.EncryptionAlgorithm
+	OIDC               crypto.EncryptionAlgorithm
+	OTP                crypto.EncryptionAlgorithm
+	SMS                crypto.EncryptionAlgorithm
+	SMTP               crypto.EncryptionAlgorithm
+	User               crypto.EncryptionAlgorithm
+	CSRFCookieKey      []byte
+	UserAgentCookieKey []byte
+	OIDCKey            []byte
+}
+
+func ensureEncryptionKeys(keyConfig *encryptionKeyConfig, keyStorage crypto.KeyStorage) (keys *encryptionKeys, err error) {
+	if err := verifyDefaultKeys(keyStorage); err != nil {
+		return nil, err
+	}
+	keys = new(encryptionKeys)
+	keys.DomainVerification, err = crypto.NewAESCrypto(keyConfig.DomainVerification, keyStorage)
+	if err != nil {
+		return nil, err
+	}
+	keys.IDPConfig, err = crypto.NewAESCrypto(keyConfig.IDPConfig, keyStorage)
+	if err != nil {
+		return nil, err
+	}
+	keys.OIDC, err = crypto.NewAESCrypto(keyConfig.OIDC, keyStorage)
+	if err != nil {
+		return nil, err
+	}
+	key, err := crypto.LoadKey(keyConfig.OIDC.EncryptionKeyID, keyStorage)
+	if err != nil {
+		return nil, err
+	}
+	keys.OIDCKey = []byte(key)
+	keys.OTP, err = crypto.NewAESCrypto(keyConfig.OTP, keyStorage)
+	if err != nil {
+		return nil, err
+	}
+	keys.SMS, err = crypto.NewAESCrypto(keyConfig.SMS, keyStorage)
+	if err != nil {
+		return nil, err
+	}
+	keys.SMTP, err = crypto.NewAESCrypto(keyConfig.SMTP, keyStorage)
+	if err != nil {
+		return nil, err
+	}
+	keys.User, err = crypto.NewAESCrypto(keyConfig.User, keyStorage)
+	if err != nil {
+		return nil, err
+	}
+	key, err = crypto.LoadKey(keyConfig.CSRFCookieKeyID, keyStorage)
+	if err != nil {
+		return nil, err
+	}
+	keys.CSRFCookieKey = []byte(key)
+	key, err = crypto.LoadKey(keyConfig.UserAgentCookieKeyID, keyStorage)
+	if err != nil {
+		return nil, err
+	}
+	keys.UserAgentCookieKey = []byte(key)
+	return keys, nil
+}
+
+func verifyDefaultKeys(keyStorage crypto.KeyStorage) (err error) {
+	keys := make([]*crypto.Key, 0, len(defaultKeyIDs))
+	for _, keyID := range defaultKeyIDs {
+		_, err := crypto.LoadKey(keyID, keyStorage)
+		if err == nil {
+			continue
+		}
+		key, err := crypto.NewKey(keyID)
+		if err != nil {
+			return err
+		}
+		keys = append(keys, key)
+	}
+	if len(keys) == 0 {
+		return nil
+	}
+	if err := keyStorage.CreateKeys(keys...); err != nil {
+		return caos_errs.ThrowInternal(err, "START-aGBq2", "cannot create default keys")
+	}
+	return nil
+}

cmd/e2e-setup/main.go

@@ -1,12 +1,15 @@
 package main
 
 import (
+	"bytes"
 	"context"
 	_ "embed"
 	"flag"
 	"fmt"
 	"time"
 
+	cryptoDB "github.com/zitadel/zitadel/internal/crypto/database"
+
 	"github.com/zitadel/zitadel/internal/id"
 
 	"github.com/spf13/viper"
@@ -25,20 +28,27 @@ import (
 	"github.com/zitadel/logging"
 )
 
+var (
+	//go:embed defaults.yaml
+	e2edefaults []byte
+)
+
 type userData struct {
 	desc, role, pw string
 }
 
 func main() {
-	//	masterkey := flag.String("materkey", "MasterkeyNeedsToHave32Characters", "the ZITADEL installations masterkey")
+	masterkey := flag.String("materkey", "MasterkeyNeedsToHave32Characters", "the ZITADEL installations masterkey")
 	debug := flag.Bool("debug", false, "print information that is helpful for debugging")
 
 	err := options.InitViper()
-	logging.OnError(err).Fatalf("unable to initialize config: %s", err)
+	logging.OnError(err).Fatalf("unable to initialize zitadel config: %s", err)
 
 	flag.Parse()
-	viper.
-		fmt.Println(x)
+
+	err = viper.MergeConfig(bytes.NewBuffer(e2edefaults))
+	logging.OnError(err).Fatalf("unable to initialize e2e config: %s", err)
+
 	conf := MustNewConfig(viper.GetViper())
 
 	if *debug {
@@ -47,10 +57,10 @@ func main() {
 
 	logging.New().OnError(err).Fatal("validating e2e config failed")
 
-	startE2ESetup(conf)
+	startE2ESetup(conf, *masterkey)
 }
 
-func startE2ESetup(conf *Config /*, masterkey string*/) {
+func startE2ESetup(conf *Config, masterkey string) {
 
 	id.Configure(conf.Machine)
 
@@ -59,14 +69,11 @@ func startE2ESetup(conf *Config /*, masterkey string*/) {
 	dbClient, err := database.Connect(conf.Database)
 	logging.New().OnError(err).Fatalf("cannot start client for projection: %s", err)
 
-	/*
-		keyStorage, err := cryptoDB.NewKeyStorage(dbClient, masterkey)
-		logging.New().OnError(err).Fatalf("cannot start key storage: %s", err)
-
-		   keys, err := ensureEncryptionKeys(conf.EncryptionKeys, keyStorage)
-		      	logging.New().OnError(err).Fatalf("failed ensuring encryption keys: %s", err)
-	*/
+	keyStorage, err := cryptoDB.NewKeyStorage(dbClient, masterkey)
+	logging.New().OnError(err).Fatalf("cannot start key storage: %s", err)
 
+	keys, err := ensureEncryptionKeys(conf.EncryptionKeys, keyStorage)
+	logging.New().OnError(err).Fatalf("failed ensuring encryption keys: %s", err)
 	eventstoreClient, err := eventstore.Start(dbClient)
 	logging.New().OnError(err).Fatalf("cannot start eventstore for queries: %s", err)
 
@@ -87,13 +94,13 @@ func startE2ESetup(conf *Config /*, masterkey string*/) {
 		conf.ExternalDomain,
 		conf.ExternalSecure,
 		conf.ExternalPort,
-		nil, //keys.IDPConfig,
-		nil, //keys.OTP,
-		nil, //keys.SMTP,
-		nil, //keys.SMS,
-		nil, //keys.User,
-		nil, //keys.DomainVerification,
-		nil, //keys.OIDC,
+		keys.IDPConfig,
+		keys.OTP,
+		keys.SMTP,
+		keys.SMS,
+		keys.User,
+		keys.DomainVerification,
+		keys.OIDC,
 	)
 	logging.New().OnError(err).Errorf("cannot start commands: %s", err)
 
@@ -118,7 +125,7 @@ func startE2ESetup(conf *Config /*, masterkey string*/) {
 	}}
 
 	err = execute(ctx, commands, *conf.E2E, users)
-	logging.New().OnError(err).Errorf("failed to execute commands steps")
+	logging.New().OnError(err).Fatalf("failed to execute commands steps")
 
 	eventualConsistencyCtx, cancel := context.WithTimeout(ctx, 5*time.Minute)
 	defer cancel()

cmd/start/start_from_init.go

@@ -4,8 +4,6 @@ import (
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"github.com/zitadel/logging"
-	"github.com/zitadel/zitadel/internal/config/options"
-
 	"github.com/zitadel/zitadel/cmd/initialise"
 	"github.com/zitadel/zitadel/cmd/key"
 	"github.com/zitadel/zitadel/cmd/setup"
@@ -36,7 +34,7 @@ Requirements:
 			setupSteps := setup.MustNewSteps(viper.New())
 			setup.Setup(setupConfig, setupSteps, masterKey)
 
-			startConfig := options.MustNewConfig(viper.GetViper())
+			startConfig := MustNewConfig(viper.GetViper())
 
 			err = startZitadel(startConfig, masterKey)
 			logging.OnError(err).Fatal("unable to start zitadel")

e2e/local.env

@@ -1,14 +1,14 @@
 ZITADEL_E2E_CYPRESS_PORT=5000
 ZITADEL_E2E_ORG=e2e-tests
-ZITADEL_E2E_ORG_OWNER_PW=Password1!
-ZITADEL_E2E_ORG_OWNER_VIEWER_PW=Password1!
-ZITADEL_E2E_ORG_PROJECT_CREATOR_PW=Password1!
-ZITADEL_E2E_PASSWORD_COMPLEXITY_USER_PW=Password1!
-ZITADEL_E2E_LOGIN_POLICY_USER_PW=Password1!
-ZITADEL_E2E_MACHINE_KEY_PATH="${projectRoot}/.keys/e2e.json"
-ZITADEL_E2E_CONSOLE_URL="http://localhost:8080"
-ZITADEL_E2E_API_URL="http://localhost:8080"
-ZITADEL_E2E_ACCOUNTS_URL="http://localhost:8080"
-ZITADEL_E2E_ISSUER_URL="http://localhost:8080/oauth/v2"
-ZITADEL_E2E_OTHER_ZITADEL_IDP_INSTANCE=false
-ZITADEL_E2E_ZITADEL_PROJECT_RESOURCE_ID="bignumber-$(echo -n $(./e2e/docker-compose.sh exec --no-TTY db cockroach sql --database zitadel --insecure --execute "select aggregate_id from eventstore.events where event_type = 'project.added' and event_data = '{\"name\": \"ZITADEL\"}';" --format tsv) | cut -d " " -f 2)"
+ZITADEL_E2E_ORGOWNERPW=Password1!
+ZITADEL_E2E_ORGOWNERVIEWERPW=Password1!
+ZITADEL_E2E_ORGPROJECTCREATORPW=Password1!
+ZITADEL_E2E_PASSWORDCOMPLEXITYUSERPW=Password1!
+ZITADEL_E2E_LOGINPOLICYUSERPW=Password1!
+ZITADEL_E2E_MACHINEKEYPATH="${projectRoot}/.keys/e2e.json"
+ZITADEL_E2E_CONSOLEURL="http://localhost:8080"
+ZITADEL_E2E_APIURL="http://localhost:8080"
+ZITADEL_E2E_ACCOUNTSURL="http://localhost:8080"
+ZITADEL_E2E_ISSUERURL="http://localhost:8080/oauth/v2"
+ZITADEL_E2E_OTHERZITADELIDPINSTANCE=false
+ZITADEL_E2E_ZITADELPROJECTRESOURCEID="bignumber-$(echo -n $(./e2e/docker-compose.sh exec --no-TTY db cockroach sql --database zitadel --insecure --execute "select aggregate_id from eventstore.events where event_type = 'project.added' and event_data = '{\"name\": \"ZITADEL\"}';" --format tsv) | cut -d " " -f 2)"