diff --git a/internal/api/oidc/auth_request.go b/internal/api/oidc/auth_request.go index 313367f7f3..6739d0a1ed 100644 --- a/internal/api/oidc/auth_request.go +++ b/internal/api/oidc/auth_request.go @@ -14,6 +14,7 @@ import ( "github.com/caos/zitadel/internal/api/http/middleware" "github.com/caos/zitadel/internal/errors" proj_model "github.com/caos/zitadel/internal/project/model" + "github.com/caos/zitadel/internal/query" "github.com/caos/zitadel/internal/telemetry/tracing" grant_model "github.com/caos/zitadel/internal/usergrant/model" ) @@ -213,11 +214,15 @@ func (o *OPStorage) assertProjectRoleScopes(app *proj_model.ApplicationView, sco return scopes, nil } } - roles, err := o.repo.ProjectRolesByProjectID(app.ProjectID) + projectIDQuery, err := query.NewProjectRoleProjectIDSearchQuery(app.ProjectID) + if err != nil { + return nil, errors.ThrowInternal(err, "OIDC-Cyc78", "Errors.Internal") + } + roles, err := o.query.SearchProjectRoles(context.TODO(), &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectIDQuery}}) if err != nil { return nil, err } - for _, role := range roles { + for _, role := range roles.ProjectRoles { scopes = append(scopes, ScopeProjectRolePrefix+role.Key) } return scopes, nil diff --git a/internal/api/oidc/client.go b/internal/api/oidc/client.go index 1511c27892..920874298e 100644 --- a/internal/api/oidc/client.go +++ b/internal/api/oidc/client.go @@ -17,6 +17,7 @@ import ( "github.com/caos/zitadel/internal/crypto" "github.com/caos/zitadel/internal/errors" proj_model "github.com/caos/zitadel/internal/project/model" + "github.com/caos/zitadel/internal/query" "github.com/caos/zitadel/internal/telemetry/tracing" user_model "github.com/caos/zitadel/internal/user/model" grant_model "github.com/caos/zitadel/internal/usergrant/model" @@ -43,12 +44,16 @@ func (o *OPStorage) GetClientByClientID(ctx context.Context, id string) (_ op.Cl if client.State != proj_model.AppStateActive { return nil, errors.ThrowPreconditionFailed(nil, "OIDC-sdaGg", "client is not active") } - projectRoles, err := o.repo.ProjectRolesByProjectID(client.ProjectID) + projectIDQuery, err := query.NewProjectRoleProjectIDSearchQuery(client.ProjectID) + if err != nil { + return nil, errors.ThrowInternal(err, "OIDC-mPxqP", "Errors.Internal") + } + projectRoles, err := o.query.SearchProjectRoles(context.TODO(), &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectIDQuery}}) if err != nil { return nil, err } - allowedScopes := make([]string, len(projectRoles)) - for i, role := range projectRoles { + allowedScopes := make([]string, len(projectRoles.ProjectRoles)) + for i, role := range projectRoles.ProjectRoles { allowedScopes[i] = ScopeProjectRolePrefix + role.Key } return ClientFromBusiness(client, o.defaultLoginURL, o.defaultAccessTokenLifetime, o.defaultIdTokenLifetime, allowedScopes) diff --git a/internal/auth/repository/eventsourcing/eventstore/project.go b/internal/auth/repository/eventsourcing/eventstore/project.go deleted file mode 100644 index 37f05c8aae..0000000000 --- a/internal/auth/repository/eventsourcing/eventstore/project.go +++ /dev/null @@ -1,19 +0,0 @@ -package eventstore - -import ( - "github.com/caos/zitadel/internal/auth/repository/eventsourcing/view" - "github.com/caos/zitadel/internal/project/model" - proj_view_model "github.com/caos/zitadel/internal/project/repository/view/model" -) - -type ProjectRepo struct { - View *view.View -} - -func (a *ApplicationRepo) ProjectRolesByProjectID(projectID string) ([]*model.ProjectRoleView, error) { - roles, err := a.View.ProjectRolesByProjectID(projectID) - if err != nil { - return nil, err - } - return proj_view_model.ProjectRolesToModel(roles), nil -} diff --git a/internal/auth/repository/eventsourcing/handler/handler.go b/internal/auth/repository/eventsourcing/handler/handler.go index 81e98e831d..78251190d0 100644 --- a/internal/auth/repository/eventsourcing/handler/handler.go +++ b/internal/auth/repository/eventsourcing/handler/handler.go @@ -58,7 +58,6 @@ func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, es newExternalIDP( handler{view, bulkLimit, configs.cycleDuration("ExternalIDP"), errorCount, es}, systemDefaults), - newProjectRole(handler{view, bulkLimit, configs.cycleDuration("ProjectRole"), errorCount, es}), newLabelPolicy(handler{view, bulkLimit, configs.cycleDuration("LabelPolicy"), errorCount, es}), newFeatures(handler{view, bulkLimit, configs.cycleDuration("Features"), errorCount, es}), newRefreshToken(handler{view, bulkLimit, configs.cycleDuration("RefreshToken"), errorCount, es}), diff --git a/internal/auth/repository/eventsourcing/handler/project_role.go b/internal/auth/repository/eventsourcing/handler/project_role.go deleted file mode 100644 index a63ff34363..0000000000 --- a/internal/auth/repository/eventsourcing/handler/project_role.go +++ /dev/null @@ -1,116 +0,0 @@ -package handler - -import ( - "github.com/caos/logging" - "github.com/caos/zitadel/internal/eventstore/v1" - - es_models "github.com/caos/zitadel/internal/eventstore/v1/models" - "github.com/caos/zitadel/internal/eventstore/v1/query" - "github.com/caos/zitadel/internal/eventstore/v1/spooler" - "github.com/caos/zitadel/internal/project/repository/eventsourcing/model" - proj_view "github.com/caos/zitadel/internal/project/repository/view" - view_model "github.com/caos/zitadel/internal/project/repository/view/model" -) - -const ( - projectRoleTable = "auth.project_roles" -) - -type ProjectRole struct { - handler - subscription *v1.Subscription -} - -func newProjectRole( - handler handler, -) *ProjectRole { - h := &ProjectRole{ - handler: handler, - } - - h.subscribe() - - return h -} - -func (k *ProjectRole) subscribe() { - k.subscription = k.es.Subscribe(k.AggregateTypes()...) - go func() { - for event := range k.subscription.Events { - query.ReduceEvent(k, event) - } - }() -} - -func (p *ProjectRole) ViewModel() string { - return projectRoleTable -} - -func (p *ProjectRole) Subscription() *v1.Subscription { - return p.subscription -} - -func (_ *ProjectRole) AggregateTypes() []es_models.AggregateType { - return []es_models.AggregateType{model.ProjectAggregate} -} - -func (p *ProjectRole) CurrentSequence() (uint64, error) { - sequence, err := p.view.GetLatestProjectRoleSequence() - if err != nil { - return 0, err - } - return sequence.CurrentSequence, nil -} - -func (p *ProjectRole) EventQuery() (*es_models.SearchQuery, error) { - sequence, err := p.view.GetLatestProjectRoleSequence() - if err != nil { - return nil, err - } - return proj_view.ProjectQuery(sequence.CurrentSequence), nil -} - -func (p *ProjectRole) Reduce(event *es_models.Event) (err error) { - role := new(view_model.ProjectRoleView) - switch event.Type { - case model.ProjectRoleAdded: - err = role.AppendEvent(event) - case model.ProjectRoleChanged: - err = role.SetData(event) - if err != nil { - return err - } - role, err = p.view.ProjectRoleByIDs(event.AggregateID, event.ResourceOwner, role.Key) - if err != nil { - return err - } - role.ChangeDate = event.CreationDate - err = role.AppendEvent(event) - case model.ProjectRoleRemoved: - err = role.SetData(event) - if err != nil { - return err - } - return p.view.DeleteProjectRole(event.AggregateID, event.ResourceOwner, role.Key, event) - case model.ProjectRemoved: - err := p.view.DeleteProjectRolesByProjectID(event.AggregateID) - if err == nil { - return p.view.ProcessedProjectRoleSequence(event) - } - default: - return p.view.ProcessedProjectRoleSequence(event) - } - if err != nil { - return err - } - return p.view.PutProjectRole(role, event) -} - -func (p *ProjectRole) OnError(event *es_models.Event, err error) error { - logging.LogWithFields("SPOOL-lso9w", "id", event.AggregateID).WithError(err).Warn("something went wrong in project role handler") - return spooler.HandleError(event, err, p.view.GetLatestProjectRoleFailedEvent, p.view.ProcessedProjectRoleFailedEvent, p.view.ProcessedProjectRoleSequence, p.errorCountUntilSkip) -} - -func (p *ProjectRole) OnSuccess() error { - return spooler.HandleSuccess(p.view.UpdateProjectRoleSpoolerRunTimestamp) -} diff --git a/internal/auth/repository/project.go b/internal/auth/repository/project.go deleted file mode 100644 index fdfba50064..0000000000 --- a/internal/auth/repository/project.go +++ /dev/null @@ -1,9 +0,0 @@ -package repository - -import ( - "github.com/caos/zitadel/internal/project/model" -) - -type ProjectRepository interface { - ProjectRolesByProjectID(projectID string) ([]*model.ProjectRoleView, error) -} diff --git a/internal/auth/repository/repository.go b/internal/auth/repository/repository.go index 6a78027e03..03c3a2e898 100644 --- a/internal/auth/repository/repository.go +++ b/internal/auth/repository/repository.go @@ -10,7 +10,6 @@ type Repository interface { AuthRequestRepository TokenRepository ApplicationRepository - ProjectRepository KeyRepository UserSessionRepository UserGrantRepository diff --git a/internal/management/repository/eventsourcing/handler/handler.go b/internal/management/repository/eventsourcing/handler/handler.go index 398bd223bc..c0b444735e 100644 --- a/internal/management/repository/eventsourcing/handler/handler.go +++ b/internal/management/repository/eventsourcing/handler/handler.go @@ -33,7 +33,6 @@ func (h *handler) Eventstore() v1.Eventstore { func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, es v1.Eventstore, defaults systemdefaults.SystemDefaults, staticStorage static.Storage) []query.Handler { return []query.Handler{ - newProjectRole(handler{view, bulkLimit, configs.cycleDuration("ProjectRole"), errorCount, es}), newProjectMember(handler{view, bulkLimit, configs.cycleDuration("ProjectMember"), errorCount, es}), newProjectGrantMember(handler{view, bulkLimit, configs.cycleDuration("ProjectGrantMember"), errorCount, es}), newApplication(handler{view, bulkLimit, configs.cycleDuration("Application"), errorCount, es}), diff --git a/internal/management/repository/eventsourcing/handler/project_role.go b/internal/management/repository/eventsourcing/handler/project_role.go deleted file mode 100644 index 5cb259c213..0000000000 --- a/internal/management/repository/eventsourcing/handler/project_role.go +++ /dev/null @@ -1,112 +0,0 @@ -package handler - -import ( - "github.com/caos/logging" - "github.com/caos/zitadel/internal/eventstore/v1" - - "github.com/caos/zitadel/internal/eventstore/v1/models" - "github.com/caos/zitadel/internal/eventstore/v1/query" - "github.com/caos/zitadel/internal/eventstore/v1/spooler" - es_model "github.com/caos/zitadel/internal/project/repository/eventsourcing/model" - proj_view "github.com/caos/zitadel/internal/project/repository/view" - view_model "github.com/caos/zitadel/internal/project/repository/view/model" -) - -const ( - projectRoleTable = "management.project_roles" -) - -type ProjectRole struct { - handler - subscription *v1.Subscription -} - -func newProjectRole( - handler handler, -) *ProjectRole { - h := &ProjectRole{ - handler: handler, - } - - h.subscribe() - - return h -} - -func (m *ProjectRole) subscribe() { - m.subscription = m.es.Subscribe(m.AggregateTypes()...) - go func() { - for event := range m.subscription.Events { - query.ReduceEvent(m, event) - } - }() -} - -func (p *ProjectRole) ViewModel() string { - return projectRoleTable -} - -func (p *ProjectRole) Subscription() *v1.Subscription { - return p.subscription -} - -func (_ *ProjectRole) AggregateTypes() []models.AggregateType { - return []models.AggregateType{es_model.ProjectAggregate} -} - -func (p *ProjectRole) CurrentSequence() (uint64, error) { - sequence, err := p.view.GetLatestProjectRoleSequence() - if err != nil { - return 0, err - } - return sequence.CurrentSequence, nil -} - -func (p *ProjectRole) EventQuery() (*models.SearchQuery, error) { - sequence, err := p.view.GetLatestProjectRoleSequence() - if err != nil { - return nil, err - } - return proj_view.ProjectQuery(sequence.CurrentSequence), nil -} - -func (p *ProjectRole) Reduce(event *models.Event) (err error) { - role := new(view_model.ProjectRoleView) - switch event.Type { - case es_model.ProjectRoleAdded: - err = role.AppendEvent(event) - case es_model.ProjectRoleChanged: - err = role.SetData(event) - if err != nil { - return err - } - role, err = p.view.ProjectRoleByIDs(event.AggregateID, event.ResourceOwner, role.Key) - if err != nil { - return err - } - err = role.AppendEvent(event) - case es_model.ProjectRoleRemoved: - err = role.SetData(event) - if err != nil { - return err - } - return p.view.DeleteProjectRole(event.AggregateID, event.ResourceOwner, role.Key, event) - case es_model.ProjectRemoved: - return p.view.DeleteProjectRolesByProjectID(event.AggregateID) - default: - return p.view.ProcessedProjectRoleSequence(event) - } - if err != nil { - return err - } - return p.view.PutProjectRole(role, event) -} - -func (p *ProjectRole) OnError(event *models.Event, err error) error { - logging.LogWithFields("SPOOL-lso9w", "id", event.AggregateID).WithError(err).Warn("something went wrong in project role handler") - return spooler.HandleError(event, err, p.view.GetLatestProjectRoleFailedEvent, p.view.ProcessedProjectRoleFailedEvent, p.view.ProcessedProjectRoleSequence, p.errorCountUntilSkip) -} - -func (p *ProjectRole) OnSuccess() error { - return spooler.HandleSuccess(p.view.UpdateProjectRoleSpoolerRunTimestamp) -} diff --git a/internal/query/project_role.go b/internal/query/project_role.go index 172d36223c..7acbd62efe 100644 --- a/internal/query/project_role.go +++ b/internal/query/project_role.go @@ -141,8 +141,8 @@ func (q *Queries) SearchGrantedProjectRoles(ctx context.Context, grantID, grante return projects, err } -func NewProjectRoleProjectIDSearchQuery(method TextComparison, value string) (SearchQuery, error) { - return NewTextQuery(ProjectRoleColumnProjectID, value, method) +func NewProjectRoleProjectIDSearchQuery(value string) (SearchQuery, error) { + return NewTextQuery(ProjectRoleColumnProjectID, value, TextEquals) } func NewProjectRoleResourceOwnerSearchQuery(value string) (SearchQuery, error) { @@ -170,7 +170,7 @@ func NewProjectRoleGroupSearchQuery(method TextComparison, value string) (Search } func (r *ProjectRoleSearchQueries) AppendProjectIDQuery(projectID string) error { - query, err := NewProjectRoleProjectIDSearchQuery(TextEquals, projectID) + query, err := NewProjectRoleProjectIDSearchQuery(projectID) if err != nil { return err }