diff --git a/backend/v3/domain/errors.go b/backend/v3/domain/errors.go index a11c31c07d..6f77570e29 100644 --- a/backend/v3/domain/errors.go +++ b/backend/v3/domain/errors.go @@ -1,7 +1,29 @@ package domain -import "errors" - -var ( - ErrNoAdminSpecified = errors.New("at least one admin must be specified") +import ( + "errors" + "fmt" ) + +var ErrNoAdminSpecified = errors.New("at least one admin must be specified") + +type wrongIDPTypeError struct { + expected IDPType + got string +} + +func NewWrongTypeError(expected IDPType, got string) error { + return &wrongIDPTypeError{ + expected: expected, + got: got, + } +} + +func (e *wrongIDPTypeError) Error() string { + return fmt.Sprintf("wrong idp type returned, expecgted: %v, got: %v", e.expected, e.got) +} + +func (e *wrongIDPTypeError) Is(target error) bool { + _, ok := target.(*wrongIDPTypeError) + return ok +} diff --git a/backend/v3/storage/database/events_testing/id_provider_org_test.go b/backend/v3/storage/database/events_testing/id_provider_org_test.go index 384141cbc8..8cf336b177 100644 --- a/backend/v3/storage/database/events_testing/id_provider_org_test.go +++ b/backend/v3/storage/database/events_testing/id_provider_org_test.go @@ -61,7 +61,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { assert.Equal(t, addOIDC.IdpId, idp.ID) assert.Equal(t, domain.IDPStateActive.String(), idp.State) assert.Equal(t, name, idp.Name) - // assert.Equal(t, domain.IDPTypeUnspecified.String(), idp.Type) assert.Equal(t, true, idp.AutoRegister) assert.Equal(t, true, idp.AllowCreation) assert.Equal(t, false, idp.AllowAutoUpdate) @@ -92,7 +91,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { name = "new_" + name beforeCreate := time.Now() - // _, err = MgmtClient.UpdateIDP(CTX, &admin.UpdateIDPRequest{ _, err = MgmtClient.UpdateOrgIDP(CTX, &management.UpdateOrgIDPRequest{ IdpId: addOIDC.IdpId, Name: name, @@ -245,7 +243,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { idpRepo := repository.IDProviderRepository(pool) // remove idp - // _, err = MgmtClient.RemoveIDP(CTX, &admin.RemoveIDPRequest{ _, err = MgmtClient.RemoveOrgIDP(CTX, &management.RemoveOrgIDPRequest{ IdpId: addOIDC.IdpId, }) @@ -339,19 +336,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { assert.Equal(t, addOIDC.IdpId, oidc.ID) }, retryDuration, tick) - // // idp - // assert.Equal(t, addOIDC.IdpId, oidc.ID) - // assert.Equal(t, domain.IDPTypeOIDC.String(), oidc.Type) - - // // oidc - // assert.Equal(t, instanceID, oidc.InstanceID) - // assert.Nil(t, oidc.OrgID) - // assert.Equal(t, "issuer", oidc.Issuer) - // assert.Equal(t, "clientID", oidc.ClientID) - // assert.Equal(t, []string{"scope"}, oidc.Scopes) - // assert.Equal(t, domain.OIDCMappingField(idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL), oidc.IDPDisplayNameMapping) - // assert.Equal(t, domain.OIDCMappingField(idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL), oidc.UserNameMapping) - beforeCreate := time.Now() _, err = MgmtClient.UpdateOrgIDPOIDCConfig(CTX, &management.UpdateOrgIDPOIDCConfigRequest{ IdpId: addOIDC.IdpId, @@ -400,7 +384,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { name := gofakeit.Name() // add jwt - // addJWT, err := MgmtClient.AddJWTIDP(CTX, &admin.AddJWTIDPRequest{ addJWT, err := MgmtClient.AddOrgJWTIDP(CTX, &management.AddOrgJWTIDPRequest{ Name: name, StylingType: idp_grpc.IDPStylingType_STYLING_TYPE_GOOGLE, @@ -457,27 +440,7 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { idpRepo := repository.IDProviderRepository(pool) - // check original values for jwt - // var jwt *domain.IDPJWT - // retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) - // assert.EventuallyWithT(t, func(t *assert.CollectT) { - // jwt, err = idpRepo.GetJWT(CTX, idpRepo.IDCondition(addJWT.IdpId), instanceID, nil) - // require.NoError(t, err) - // assert.Equal(t, addJWT.IdpId, jwt.ID) - // }, retryDuration, tick) - - // // idp - // assert.Equal(t, addJWT.IdpId, jwt.ID) - // assert.Equal(t, domain.IDPTypeJWT.String(), jwt.Type) - - // // jwt - // assert.Equal(t, "jwtEndpoint", jwt.JWTEndpoint) - // assert.Equal(t, "issuer", jwt.Issuer) - // assert.Equal(t, "keyEndpoint", jwt.KeysEndpoint) - // assert.Equal(t, "headerName", jwt.HeaderName) - beforeCreate := time.Now() - // _, err = MgmtClient.UpdateIDPJWTConfig(CTX, &admin.UpdateIDPJWTConfigRequest{ _, err = MgmtClient.UpdateOrgIDPJWTConfig(CTX, &management.UpdateOrgIDPJWTConfigRequest{ IdpId: addJWT.IdpId, JwtEndpoint: "new_jwtEndpoint", @@ -517,7 +480,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { // add oauth beforeCreate := time.Now() - // addOAuth, err := MgmtClient.AddGenericOAuthProvider(CTX, &admin.AddGenericOAuthProviderRequest{ addOAuth, err := MgmtClient.AddGenericOAuthProvider(CTX, &management.AddGenericOAuthProviderRequest{ Name: name, ClientId: "clientId", @@ -578,7 +540,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { name := gofakeit.Name() // add oauth - // addOAuth, err := MgmtClient.AddGenericOAuthProvider(CTX, &admin.AddGenericOAuthProviderRequest{ addOAuth, err := MgmtClient.AddGenericOAuthProvider(CTX, &management.AddGenericOAuthProviderRequest{ Name: name, ClientId: "clientId", @@ -612,7 +573,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { name = "new_" + name beforeCreate := time.Now() - // _, err = MgmtClient.UpdateGenericOAuthProvider(CTX, &admin.UpdateGenericOAuthProviderRequest{ _, err = MgmtClient.UpdateGenericOAuthProvider(CTX, &management.UpdateGenericOAuthProviderRequest{ Id: addOAuth.Id, Name: name, @@ -673,7 +633,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { // add oidc beforeCreate := time.Now() - // addOIDC, err := MgmtClient.AddGenericOIDCProvider(CTX, &admin.AddGenericOIDCProviderRequest{ addOIDC, err := MgmtClient.AddGenericOIDCProvider(CTX, &management.AddGenericOIDCProviderRequest{ Name: name, ClientId: "clientId", @@ -729,7 +688,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { t.Run("test instanceidp oidc changed reduces", func(t *testing.T) { name := gofakeit.Name() - // addOIDC, err := MgmtClient.AddGenericOIDCProvider(CTX, &admin.AddGenericOIDCProviderRequest{ addOIDC, err := MgmtClient.AddGenericOIDCProvider(CTX, &management.AddGenericOIDCProviderRequest{ Name: name, ClientId: "clientId", @@ -760,7 +718,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { name = "new_" + name beforeCreate := time.Now() - // _, err = MgmtClient.UpdateGenericOIDCProvider(CTX, &admin.UpdateGenericOIDCProviderRequest{ _, err = MgmtClient.UpdateGenericOIDCProvider(CTX, &management.UpdateGenericOIDCProviderRequest{ Id: addOIDC.Id, Name: name, @@ -816,7 +773,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { name := gofakeit.Name() // create OIDC - // addOIDC, err := MgmtClient.AddGenericOIDCProvider(CTX, &admin.AddGenericOIDCProviderRequest{ addOIDC, err := MgmtClient.AddGenericOIDCProvider(CTX, &management.AddGenericOIDCProviderRequest{ Name: name, ClientId: "clientId", @@ -846,7 +802,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { }, retryDuration, tick) beforeCreate := time.Now() - // _, err = MgmtClient.MigrateGenericOIDCProvider(CTX, &admin.MigrateGenericOIDCProviderRequest{ _, err = MgmtClient.MigrateGenericOIDCProvider(CTX, &management.MigrateGenericOIDCProviderRequest{ Id: addOIDC.Id, Template: &management.MigrateGenericOIDCProviderRequest_Azure{ @@ -906,7 +861,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { name := gofakeit.Name() // create OIDC - // addOIDC, err := MgmtClient.AddGenericOIDCProvider(CTX, &admin.AddGenericOIDCProviderRequest{ addOIDC, err := MgmtClient.AddGenericOIDCProvider(CTX, &management.AddGenericOIDCProviderRequest{ Name: name, ClientId: "clientId", @@ -936,7 +890,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { }, retryDuration, tick) beforeCreate := time.Now() - // _, err = MgmtClient.MigrateGenericOIDCProvider(CTX, &admin.MigrateGenericOIDCProviderRequest{ _, err = MgmtClient.MigrateGenericOIDCProvider(CTX, &management.MigrateGenericOIDCProviderRequest{ Id: addOIDC.Id, Template: &management.MigrateGenericOIDCProviderRequest_Google{ @@ -1040,7 +993,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { name := gofakeit.Name() // add jwt - // addJWT, err := MgmtClient.AddJWTProvider(CTX, &admin.AddJWTProviderRequest{ addJWT, err := MgmtClient.AddJWTProvider(CTX, &management.AddJWTProviderRequest{ Name: name, Issuer: "issuer", @@ -1112,7 +1064,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { // add azure beforeCreate := time.Now() - // addAzure, err := MgmtClient.AddAzureADProvider(CTX, &admin.AddAzureADProviderRequest{ addAzure, err := MgmtClient.AddAzureADProvider(CTX, &management.AddAzureADProviderRequest{ Name: name, ClientId: "clientId", @@ -1169,7 +1120,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { name := gofakeit.Name() // add azure - // addAzure, err := MgmtClient.AddAzureADProvider(CTX, &admin.AddAzureADProviderRequest{ addAzure, err := MgmtClient.AddAzureADProvider(CTX, &management.AddAzureADProviderRequest{ Name: name, ClientId: "clientId", @@ -1204,7 +1154,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { name = "new_" + name // change azure beforeCreate := time.Now().Add(-1 * time.Second) - // _, err = MgmtClient.UpdateAzureADProvider(CTX, &admin.UpdateAzureADProviderRequest{ _, err = MgmtClient.UpdateAzureADProvider(CTX, &management.UpdateAzureADProviderRequest{ Id: addAzure.Id, Name: name, @@ -1261,7 +1210,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { // add github beforeCreate := time.Now() - // addGithub, err := MgmtClient.AddGitHubProvider(CTX, &admin.AddGitHubProviderRequest{ addGithub, err := MgmtClient.AddGitHubProvider(CTX, &management.AddGitHubProviderRequest{ Name: name, ClientId: "clientId", @@ -1309,7 +1257,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { name := gofakeit.Name() // add github - // addGithub, err := MgmtClient.AddGitHubProvider(CTX, &admin.AddGitHubProviderRequest{ addGithub, err := MgmtClient.AddGitHubProvider(CTX, &management.AddGitHubProviderRequest{ Name: name, ClientId: "clientId", @@ -1338,7 +1285,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { name = "new_" + name // change github beforeCreate := time.Now() - // _, err = MgmtClient.UpdateGitHubProvider(CTX, &admin.UpdateGitHubProviderRequest{ _, err = MgmtClient.UpdateGitHubProvider(CTX, &management.UpdateGitHubProviderRequest{ Id: addGithub.Id, Name: name, @@ -1387,7 +1333,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { // add github enterprise beforeCreate := time.Now() - // addGithubEnterprise, err := MgmtClient.AddGitHubEnterpriseServerProvider(CTX, &admin.AddGitHubEnterpriseServerProviderRequest{ addGithubEnterprise, err := MgmtClient.AddGitHubEnterpriseServerProvider(CTX, &management.AddGitHubEnterpriseServerProviderRequest{ Name: name, ClientId: "clientId", @@ -1443,7 +1388,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { name := gofakeit.Name() // add github enterprise - // addGithubEnterprise, err := MgmtClient.AddGitHubEnterpriseServerProvider(CTX, &admin.AddGitHubEnterpriseServerProviderRequest{ addGithubEnterprise, err := MgmtClient.AddGitHubEnterpriseServerProvider(CTX, &management.AddGitHubEnterpriseServerProviderRequest{ Name: name, ClientId: "clientId", @@ -1475,7 +1419,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { name = "new_" + name // change github enterprise beforeCreate := time.Now() - // _, err = MgmtClient.UpdateGitHubEnterpriseServerProvider(CTX, &admin.UpdateGitHubEnterpriseServerProviderRequest{ _, err = MgmtClient.UpdateGitHubEnterpriseServerProvider(CTX, &management.UpdateGitHubEnterpriseServerProviderRequest{ Id: addGithubEnterprise.Id, Name: name, @@ -1530,7 +1473,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { // add gitlab beforeCreate := time.Now() - // addGithub, err := MgmtClient.AddGitLabProvider(CTX, &admin.AddGitLabProviderRequest{ addGithub, err := MgmtClient.AddGitLabProvider(CTX, &management.AddGitLabProviderRequest{ Name: name, ClientId: "clientId", @@ -1580,7 +1522,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { name := gofakeit.Name() // add gitlab - // addGitlab, err := MgmtClient.AddGitLabProvider(CTX, &admin.AddGitLabProviderRequest{ addGitlab, err := MgmtClient.AddGitLabProvider(CTX, &management.AddGitLabProviderRequest{ Name: name, ClientId: "clientId", @@ -1609,7 +1550,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { name = "new_" + name // change gitlab beforeCreate := time.Now() - // _, err = MgmtClient.UpdateGitLabProvider(CTX, &admin.UpdateGitLabProviderRequest{ _, err = MgmtClient.UpdateGitLabProvider(CTX, &management.UpdateGitLabProviderRequest{ Id: addGitlab.Id, Name: name, @@ -1658,7 +1598,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { // add gitlab self hosted beforeCreate := time.Now() - // addGitlabSelfHosted, err := MgmtClient.AddGitLabSelfHostedProvider(CTX, &admin.AddGitLabSelfHostedProviderRequest{ addGitlabSelfHosted, err := MgmtClient.AddGitLabSelfHostedProvider(CTX, &management.AddGitLabSelfHostedProviderRequest{ Name: name, Issuer: "issuer", @@ -1710,7 +1649,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { name := gofakeit.Name() // add gitlab self hosted - // addGitlabSelfHosted, err := MgmtClient.AddGitLabSelfHostedProvider(CTX, &admin.AddGitLabSelfHostedProviderRequest{ addGitlabSelfHosted, err := MgmtClient.AddGitLabSelfHostedProvider(CTX, &management.AddGitLabSelfHostedProviderRequest{ Name: name, Issuer: "issuer", @@ -1740,7 +1678,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { name = "new_" + name // change gitlab self hosted beforeCreate := time.Now() - // _, err = MgmtClient.UpdateGitLabSelfHostedProvider(CTX, &admin.UpdateGitLabSelfHostedProviderRequest{ _, err = MgmtClient.UpdateGitLabSelfHostedProvider(CTX, &management.UpdateGitLabSelfHostedProviderRequest{ Id: addGitlabSelfHosted.Id, Name: name, @@ -1791,7 +1728,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { // add google beforeCreate := time.Now() - // addGoogle, err := MgmtClient.AddGoogleProvider(CTX, &admin.AddGoogleProviderRequest{ addGoogle, err := MgmtClient.AddGoogleProvider(CTX, &management.AddGoogleProviderRequest{ Name: name, ClientId: "clientId", @@ -1841,7 +1777,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { name := gofakeit.Name() // add google - // addGoogle, err := MgmtClient.AddGoogleProvider(CTX, &admin.AddGoogleProviderRequest{ addGoogle, err := MgmtClient.AddGoogleProvider(CTX, &management.AddGoogleProviderRequest{ Name: name, ClientId: "clientId", @@ -1870,7 +1805,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { name = "new_" + name // change google beforeCreate := time.Now() - // _, err = MgmtClient.UpdateGoogleProvider(CTX, &admin.UpdateGoogleProviderRequest{ _, err = MgmtClient.UpdateGoogleProvider(CTX, &management.UpdateGoogleProviderRequest{ Id: addGoogle.Id, Name: name, @@ -1919,7 +1853,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { // add ldap beforeCreate := time.Now() - // addLdap, err := AdminClient.AddLDAPProvider(CTX, &admin.AddLDAPProviderRequest{ addLdap, err := MgmtClient.AddLDAPProvider(CTX, &management.AddLDAPProviderRequest{ Name: name, Servers: []string{"servers"}, @@ -2008,7 +1941,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { name := gofakeit.Name() // add ldap - // addLdap, err := AdminClient.AddLDAPProvider(CTX, &admin.AddLDAPProviderRequest{ addLdap, err := MgmtClient.AddLDAPProvider(CTX, &management.AddLDAPProviderRequest{ Name: name, Servers: []string{"servers"}, @@ -2058,7 +1990,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { name = "new_" + name // change ldap beforeCreate := time.Now() - // _, err = AdminClient.UpdateLDAPProvider(CTX, &admin.UpdateLDAPProviderRequest{ _, err = MgmtClient.UpdateLDAPProvider(CTX, &management.UpdateLDAPProviderRequest{ Id: addLdap.Id, Name: name, @@ -2147,7 +2078,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { // add apple beforeCreate := time.Now() - // addApple, err := AdminClient.AddAppleProvider(CTX, &admin.AddAppleProviderRequest{ addApple, err := MgmtClient.AddAppleProvider(CTX, &management.AddAppleProviderRequest{ Name: name, ClientId: "clientID", @@ -2230,7 +2160,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { name = "new_" + name // change apple beforeCreate := time.Now() - // _, err = AdminClient.UpdateAppleProvider(CTX, &admin.UpdateAppleProviderRequest{ _, err = MgmtClient.UpdateAppleProvider(CTX, &management.UpdateAppleProviderRequest{ Id: addApple.Id, Name: name, @@ -2345,7 +2274,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { // add saml addSAML, err := MgmtClient.AddSAMLProvider(CTX, &management.AddSAMLProviderRequest{ Name: name, - // Metadata: &admin.AddSAMLProviderRequest_MetadataXml{ Metadata: &management.AddSAMLProviderRequest_MetadataXml{ MetadataXml: validSAMLMetadata1, }, @@ -2381,7 +2309,6 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { _, err = MgmtClient.UpdateSAMLProvider(CTX, &management.UpdateSAMLProviderRequest{ Id: addSAML.Id, Name: name, - // Metadata: &admin.UpdateSAMLProviderRequest_MetadataXml{ Metadata: &management.UpdateSAMLProviderRequest_MetadataXml{ MetadataXml: validSAMLMetadata2, }, @@ -2434,4 +2361,52 @@ func TestServer_TestIDProviderOrgReduces(t *testing.T) { assert.Equal(t, true, updateSAML.FederatedLogoutEnabled) }, retryDuration, tick) }) + + t.Run("test instance iam remove reduces", func(t *testing.T) { + name := gofakeit.Name() + + // add idp + addOIDC, err := MgmtClient.AddOrgOIDCIDP(CTX, &management.AddOrgOIDCIDPRequest{ + Name: name, + StylingType: idp_grpc.IDPStylingType_STYLING_TYPE_GOOGLE, + ClientId: "clientID", + ClientSecret: "clientSecret", + Issuer: "issuer", + Scopes: []string{"scope"}, + DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL, + UsernameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL, + AutoRegister: true, + }) + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + // check idp exists + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + _, err := idpRepo.Get(CTX, + idpRepo.IDCondition(addOIDC.IdpId), + instanceID, + &orgID, + ) + require.NoError(t, err) + }, retryDuration, tick) + + // remove idp + _, err = MgmtClient.DeleteProvider(CTX, &management.DeleteProviderRequest{ + Id: addOIDC.IdpId, + }) + require.NoError(t, err) + + // check idp is removed + retryDuration, tick = integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + _, err := idpRepo.Get(CTX, + idpRepo.IDCondition(addOIDC.IdpId), + instanceID, + &orgID, + ) + require.ErrorIs(t, &database.NoRowFoundError{}, err) + }, retryDuration, tick) + }) } diff --git a/backend/v3/storage/database/events_testing/id_provider_test.go b/backend/v3/storage/database/events_testing/id_provider_test.go index ff44d80b1c..5ce4cf8ebd 100644 --- a/backend/v3/storage/database/events_testing/id_provider_test.go +++ b/backend/v3/storage/database/events_testing/id_provider_test.go @@ -3,6 +3,7 @@ package events_test import ( + "fmt" "testing" "time" @@ -278,7 +279,7 @@ func TestServer_TestIDProviderReduces(t *testing.T) { }, retryDuration, tick) }) - t.Run("test iam idp reactivate reduces", func(t *testing.T) { + t.Run("test iam idp config reactivate reduces", func(t *testing.T) { name := gofakeit.Name() addOIDC, err := AdminClient.AddOIDCIDP(CTX, &admin.AddOIDCIDPRequest{ @@ -339,7 +340,7 @@ func TestServer_TestIDProviderReduces(t *testing.T) { }, retryDuration, tick) }) - t.Run("test iam idp remove reduces", func(t *testing.T) { + t.Run("test iam idp config remove reduces", func(t *testing.T) { name := gofakeit.Name() // add idp @@ -2509,4 +2510,53 @@ func TestServer_TestIDProviderReduces(t *testing.T) { assert.Equal(t, true, updateSAML.FederatedLogoutEnabled) }, retryDuration, tick) }) + + t.Run("test instance iam remove reduces", func(t *testing.T) { + name := gofakeit.Name() + + // add idp + addOIDC, err := AdminClient.AddOIDCIDP(CTX, &admin.AddOIDCIDPRequest{ + Name: name, + StylingType: idp_grpc.IDPStylingType_STYLING_TYPE_GOOGLE, + ClientId: "clientID", + ClientSecret: "clientSecret", + Issuer: "issuer", + Scopes: []string{"scope"}, + DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL, + UsernameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL, + AutoRegister: true, + }) + require.NoError(t, err) + + idpRepo := repository.IDProviderRepository(pool) + + // check idp exists + retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + _, err := idpRepo.Get(CTX, + idpRepo.IDCondition(addOIDC.IdpId), + instanceID, + nil, + ) + require.NoError(t, err) + }, retryDuration, tick) + + // remove idp + _, err = AdminClient.DeleteProvider(CTX, &admin.DeleteProviderRequest{ + Id: addOIDC.IdpId, + }) + require.NoError(t, err) + + // check idp is removed + retryDuration, tick = integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5) + assert.EventuallyWithT(t, func(t *assert.CollectT) { + _, err := idpRepo.Get(CTX, + idpRepo.IDCondition(addOIDC.IdpId), + instanceID, + nil, + ) + fmt.Printf("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> err = %+v\n", err) + require.ErrorIs(t, &database.NoRowFoundError{}, err) + }, retryDuration, tick) + }) } diff --git a/backend/v3/storage/database/repository/id_provider.go b/backend/v3/storage/database/repository/id_provider.go index 3152eacad4..1a66686a0b 100644 --- a/backend/v3/storage/database/repository/id_provider.go +++ b/backend/v3/storage/database/repository/id_provider.go @@ -129,8 +129,7 @@ func (i *idProvider) GetOIDC(ctx context.Context, id domain.IDPIdentifierConditi } if idpOIDC.Type != domain.IDPTypeOIDC.String() { - // TODO - return nil, nil + return nil, domain.NewWrongTypeError(domain.IDPTypeOIDC, idpOIDC.Type) } err = json.Unmarshal([]byte(*idpOIDC.Payload), idpOIDC) @@ -151,8 +150,7 @@ func (i *idProvider) GetJWT(ctx context.Context, id domain.IDPIdentifierConditio } if idpJWT.Type != domain.IDPTypeJWT.String() { - // TODO - return nil, nil + return nil, domain.NewWrongTypeError(domain.IDPTypeJWT, idpJWT.Type) } err = json.Unmarshal([]byte(*idpJWT.Payload), idpJWT) @@ -173,8 +171,7 @@ func (i *idProvider) GetOAuth(ctx context.Context, id domain.IDPIdentifierCondit } if idpOAuth.Type != domain.IDPTypeOAuth.String() { - // TODO - return nil, errors.New("WRONG TYPE") + return nil, domain.NewWrongTypeError(domain.IDPTypeOAuth, idpOAuth.Type) } err = json.Unmarshal([]byte(*idpOAuth.Payload), idpOAuth) @@ -195,8 +192,7 @@ func (i *idProvider) GetOAzureAD(ctx context.Context, id domain.IDPIdentifierCon } if idpAzure.Type != domain.IDPTypeAzure.String() { - // TODO - return nil, errors.New("WRONG TYPE") + return nil, domain.NewWrongTypeError(domain.IDPTypeAzure, idpAzure.Type) } err = json.Unmarshal([]byte(*idpAzure.Payload), idpAzure) @@ -217,8 +213,7 @@ func (i *idProvider) GetGoogle(ctx context.Context, id domain.IDPIdentifierCondi } if idpGoogle.Type != domain.IDPTypeGoogle.String() { - // TODO - return nil, errors.New("WRONG TYPE") + return nil, domain.NewWrongTypeError(domain.IDPTypeGoogle, idpGoogle.Type) } err = json.Unmarshal([]byte(*idpGoogle.Payload), idpGoogle) @@ -239,8 +234,7 @@ func (i *idProvider) GetGithub(ctx context.Context, id domain.IDPIdentifierCondi } if idpGithub.Type != domain.IDPTypeGitHub.String() { - // TODO - return nil, errors.New("WRONG TYPE") + return nil, domain.NewWrongTypeError(domain.IDPTypeGitHub, idpGithub.Type) } err = json.Unmarshal([]byte(*idpGithub.Payload), idpGithub) @@ -261,8 +255,7 @@ func (i *idProvider) GetGithubEnterprise(ctx context.Context, id domain.IDPIdent } if idpGithubEnterprise.Type != domain.IDPTypeGitHubEnterprise.String() { - // TODO - return nil, errors.New("WRONG TYPE") + return nil, domain.NewWrongTypeError(domain.IDPTypeGitHubEnterprise, idpGithubEnterprise.Type) } err = json.Unmarshal([]byte(*idpGithubEnterprise.Payload), idpGithubEnterprise) @@ -283,8 +276,7 @@ func (i *idProvider) GetGitlab(ctx context.Context, id domain.IDPIdentifierCondi } if idpGitlab.Type != domain.IDPTypeGitLab.String() { - // TODO - return nil, errors.New("WRONG TYPE") + return nil, domain.NewWrongTypeError(domain.IDPTypeGitLab, idpGitlab.Type) } err = json.Unmarshal([]byte(*idpGitlab.Payload), idpGitlab) @@ -305,8 +297,7 @@ func (i *idProvider) GetGitlabSelfHosting(ctx context.Context, id domain.IDPIden } if idpGitlabSelfHosting.Type != domain.IDPTypeGitLabSelfHosted.String() { - // TODO - return nil, errors.New("WRONG TYPE") + return nil, domain.NewWrongTypeError(domain.IDPTypeGitLabSelfHosted, idpGitlabSelfHosting.Type) } err = json.Unmarshal([]byte(*idpGitlabSelfHosting.Payload), idpGitlabSelfHosting) @@ -327,8 +318,7 @@ func (i *idProvider) GetLDAP(ctx context.Context, id domain.IDPIdentifierConditi } if ldap.Type != domain.IDPTypeLDAP.String() { - // TODO - return nil, errors.New("WRONG TYPE") + return nil, domain.NewWrongTypeError(domain.IDPTypeLDAP, ldap.Type) } err = json.Unmarshal([]byte(*ldap.Payload), ldap) @@ -349,8 +339,7 @@ func (i *idProvider) GetApple(ctx context.Context, id domain.IDPIdentifierCondit } if apple.Type != domain.IDPTypeApple.String() { - // TODO - return nil, errors.New("WRONG TYPE") + return nil, domain.NewWrongTypeError(domain.IDPTypeApple, apple.Type) } err = json.Unmarshal([]byte(*apple.Payload), apple) @@ -371,8 +360,7 @@ func (i *idProvider) GetSAML(ctx context.Context, id domain.IDPIdentifierConditi } if saml.Type != domain.IDPTypeSAML.String() { - // TODO - return nil, errors.New("WRONG TYPE") + return nil, domain.NewWrongTypeError(domain.IDPTypeSAML, saml.Type) } err = json.Unmarshal([]byte(*saml.Payload), saml) diff --git a/internal/query/projection/idp_relational.go b/internal/query/projection/idp_relational.go index ee0ecf7945..24cd390f9f 100644 --- a/internal/query/projection/idp_relational.go +++ b/internal/query/projection/idp_relational.go @@ -3,7 +3,6 @@ package projection import ( "context" "encoding/json" - "fmt" "github.com/zitadel/zitadel/backend/v3/domain" "github.com/zitadel/zitadel/backend/v3/storage/database/dialect/postgres" @@ -81,10 +80,6 @@ func (p *idpRelationalProjection) Reducers() []handler.AggregateReducer { Event: instance.IDPJWTConfigChangedEventType, Reduce: p.reduceJWTRelationalConfigChanged, }, - // { - // Event: instance.InstanceRemovedEventType, - // Reduce: reduceInstanceRemovedHelper(IDPInstanceIDCol), - // }, }, }, { @@ -126,10 +121,6 @@ func (p *idpRelationalProjection) Reducers() []handler.AggregateReducer { Event: org.IDPJWTConfigChangedEventType, Reduce: p.reduceJWTRelationalConfigChanged, }, - // { - // Event: org.OrgRemovedEventType, - // Reduce: p.reduceOwnerRemoved, - // }, }, }, } @@ -150,10 +141,6 @@ func (p *idpRelationalProjection) reduceIDPRelationalAdded(event eventstore.Even if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { orgId = &idpEvent.Aggregate().ResourceOwner } - fmt.Printf("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> idpEvent.Aggregate().InstanceID = %+v\n", idpEvent.Aggregate().InstanceID) - fmt.Printf("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> idpEvent.Aggregate().ResourceOwner = %+v\n", idpEvent.Aggregate().ResourceOwner) - fmt.Printf("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> idpEvent.Aggregate() = %+v\n", idpEvent.Aggregate()) - fmt.Printf("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> REDUCE ADD orgId = %+v\n", orgId) return handler.NewCreateStatement( &idpEvent, diff --git a/internal/query/projection/idp_template_relational.go b/internal/query/projection/idp_template_relational.go index ef9b20151c..fc34223150 100644 --- a/internal/query/projection/idp_template_relational.go +++ b/internal/query/projection/idp_template_relational.go @@ -48,36 +48,6 @@ func (p *idpTemplateRelationalProjection) Reducers() []handler.AggregateReducer { Aggregate: instance.AggregateType, EventReducers: []handler.EventReducer{ - // TODO - // { - // Event: instance.IDPConfigAddedEventType, - // Reduce: p.reduceOldConfigAdded, - // }, - // TODO - // { - // Event: instance.IDPConfigChangedEventType, - // Reduce: p.reduceOldConfigChanged, - // }, - // TODO - // { - // Event: instance.IDPOIDCConfigAddedEventType, - // Reduce: p.reduceOldOIDCConfigAdded, - // }, - // TODO - // { - // Event: instance.IDPOIDCConfigChangedEventType, - // Reduce: p.reduceOldOIDCConfigChanged, - // }, - // TODO - // { - // Event: instance.IDPJWTConfigAddedEventType, - // Reduce: p.reduceOldJWTConfigAdded, - // }, - // TODO - // { - // Event: instance.IDPJWTConfigChangedEventType, - // Reduce: p.reduceOldJWTConfigChanged, - // }, { Event: instance.OAuthIDPAddedEventType, Reduce: p.reduceOAuthIDPRelationalAdded, @@ -182,18 +152,10 @@ func (p *idpTemplateRelationalProjection) Reducers() []handler.AggregateReducer Event: instance.SAMLIDPChangedEventType, Reduce: p.reduceSAMLIDPChanged, }, - // { - // Event: instance.IDPConfigRemovedEventType, - // Reduce: p.reduceIDPConfigRemoved, - // }, { Event: instance.IDPRemovedEventType, Reduce: p.reduceIDPRemoved, }, - // { - // Event: instance.InstanceRemovedEventType, - // Reduce: reduceInstanceRemovedHelper(IDPTemplateInstanceIDCol), - // }, }, }, { @@ -2115,6 +2077,9 @@ func (p *idpTemplateRelationalProjection) reduceSAMLIDPChanged(event eventstore. // } func (p *idpTemplateRelationalProjection) reduceIDPRemoved(event eventstore.Event) (*handler.Statement, error) { + fmt.Println("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> REMOVE IDPPPPPPPPPPPPPPPP") + fmt.Println("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> REMOVE IDPPPPPPPPPPPPPPPP") + fmt.Println("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> REMOVE IDPPPPPPPPPPPPPPPP") var idpEvent idp.RemovedEvent switch e := event.(type) { case *org.IDPRemovedEvent: @@ -2122,14 +2087,34 @@ func (p *idpTemplateRelationalProjection) reduceIDPRemoved(event eventstore.Even case *instance.IDPRemovedEvent: idpEvent = e.RemovedEvent default: - return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-xbcvwin2", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPRemovedEventType, instance.IDPRemovedEventType}) + return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Ybcvwin2", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPRemovedEventType, instance.IDPRemovedEventType}) } + var orgId *string + if idpEvent.Aggregate().ResourceOwner != idpEvent.Agg.InstanceID { + orgId = &idpEvent.Aggregate().ResourceOwner + } + + fmt.Println("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> REMOVE IDPPPPPPPPPPPPPPPP") + fmt.Println("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> REMOVE IDPPPPPPPPPPPPPPPP") + fmt.Println("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> REMOVE IDPPPPPPPPPPPPPPPP") + fmt.Println("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> REMOVE IDPPPPPPPPPPPPPPPP") + fmt.Println("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> REMOVE IDPPPPPPPPPPPPPPPP") + fmt.Println("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> REMOVE IDPPPPPPPPPPPPPPPP") + fmt.Println("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> REMOVE IDPPPPPPPPPPPPPPPP") + fmt.Println("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> REMOVE IDPPPPPPPPPPPPPPPP") + fmt.Println("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> REMOVE IDPPPPPPPPPPPPPPPP") + fmt.Println("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> REMOVE IDPPPPPPPPPPPPPPPP") + fmt.Println("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> REMOVE IDPPPPPPPPPPPPPPPP") + fmt.Println("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> REMOVE IDPPPPPPPPPPPPPPPP") + fmt.Println("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> REMOVE IDPPPPPPPPPPPPPPPP") + return handler.NewDeleteStatement( &idpEvent, []handler.Condition{ handler.NewCond(IDPTemplateIDCol, idpEvent.ID), handler.NewCond(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID), + handler.NewCond(IDPRelationalOrgId, orgId), }, ), nil } @@ -2830,12 +2815,10 @@ func reduceSAMLIDPRelationalChangedColumns(payload *domain.SAML, idpEvent *idp.S if idpEvent.Metadata != nil { payloadChange = true payload.Metadata = idpEvent.Metadata - fmt.Println("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> METTTADATA") } if idpEvent.Key != nil { payloadChange = true payload.Key = idpEvent.Key - fmt.Println("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> KEEEEEEEEEEEEEEY") } if idpEvent.Certificate != nil { payloadChange = true @@ -2844,7 +2827,6 @@ func reduceSAMLIDPRelationalChangedColumns(payload *domain.SAML, idpEvent *idp.S if idpEvent.Binding != nil { payloadChange = true payload.Binding = *idpEvent.Binding - fmt.Println("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> BINDING") } if idpEvent.WithSignedRequest != nil { payloadChange = true diff --git a/internal/query/projection/projection.go b/internal/query/projection/projection.go index 1f4ca89c6d..38731170c9 100644 --- a/internal/query/projection/projection.go +++ b/internal/query/projection/projection.go @@ -144,7 +144,7 @@ func Create(ctx context.Context, sqlClient *database.DB, es handler.EventStore, IDPUserLinkProjection = newIDPUserLinkProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["idp_user_links"])) IDPLoginPolicyLinkProjection = newIDPLoginPolicyLinkProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["idp_login_policy_links"])) IDPTemplateProjection = newIDPTemplateProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["idp_templates"])) - IDPTemplateRelationalProjection = newIDPTemplateRelationalProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["idp_templates-relational"])) + IDPTemplateRelationalProjection = newIDPTemplateRelationalProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["idp_templates_relational"])) MailTemplateProjection = newMailTemplateProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["mail_templates"])) MessageTextProjection = newMessageTextProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["message_texts"])) CustomTextProjection = newCustomTextProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["custom_texts"]))