mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 00:47:33 +00:00
fix(queries): authn keys (#2820)
* begin authn keys * single table for state change * add key type * begin authn keys query * query * tests * fix merge * remove wrong migration version * improve filter * Update projection.go * cleanup
This commit is contained in:
Livio Amstutz
@@ -1,58 +1,38 @@
|
||||
package authn
|
||||
|
||||
import (
|
||||
"github.com/caos/logging"
|
||||
"github.com/golang/protobuf/ptypes"
|
||||
"google.golang.org/protobuf/types/known/timestamppb"
|
||||
|
||||
"github.com/caos/zitadel/internal/api/grpc/object"
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
key_model "github.com/caos/zitadel/internal/key/model"
|
||||
"github.com/caos/zitadel/internal/query"
|
||||
"github.com/caos/zitadel/pkg/grpc/authn"
|
||||
)
|
||||
|
||||
func KeyViewsToPb(keys []*key_model.AuthNKeyView) []*authn.Key {
|
||||
func KeysToPb(keys []*query.AuthNKey) []*authn.Key {
|
||||
k := make([]*authn.Key, len(keys))
|
||||
for i, key := range keys {
|
||||
k[i] = KeyViewToPb(key)
|
||||
k[i] = KeyToPb(key)
|
||||
}
|
||||
return k
|
||||
}
|
||||
|
||||
func KeyViewToPb(key *key_model.AuthNKeyView) *authn.Key {
|
||||
expDate, err := ptypes.TimestampProto(key.ExpirationDate)
|
||||
logging.Log("AUTHN-uhYmM").OnError(err).Debug("unable to parse expiry")
|
||||
|
||||
return &authn.Key{
|
||||
Id: key.ID,
|
||||
Type: authn.KeyType_KEY_TYPE_JSON,
|
||||
ExpirationDate: expDate,
|
||||
Details: object.ToViewDetailsPb(
|
||||
key.Sequence,
|
||||
key.CreationDate,
|
||||
key.CreationDate,
|
||||
"", //TODO: details
|
||||
),
|
||||
}
|
||||
}
|
||||
|
||||
func KeyToPb(key *key_model.AuthNKeyView) *authn.Key {
|
||||
expDate, err := ptypes.TimestampProto(key.ExpirationDate)
|
||||
logging.Log("AUTHN-4n12g").OnError(err).Debug("unable to parse expiration date")
|
||||
|
||||
func KeyToPb(key *query.AuthNKey) *authn.Key {
|
||||
return &authn.Key{
|
||||
Id: key.ID,
|
||||
Type: KeyTypeToPb(key.Type),
|
||||
ExpirationDate: expDate,
|
||||
ExpirationDate: timestamppb.New(key.Expiration),
|
||||
Details: object.ToViewDetailsPb(
|
||||
key.Sequence,
|
||||
key.CreationDate,
|
||||
key.CreationDate,
|
||||
"", //TODO: details
|
||||
key.ResourceOwner,
|
||||
),
|
||||
}
|
||||
}
|
||||
|
||||
func KeyTypeToPb(typ key_model.AuthNKeyType) authn.KeyType {
|
||||
func KeyTypeToPb(typ domain.AuthNKeyType) authn.KeyType {
|
||||
switch typ {
|
||||
case key_model.AuthNKeyTypeJSON:
|
||||
return authn.KeyType_KEY_TYPE_JSON
|
||||
|
||||
@@ -8,6 +8,7 @@ import (
|
||||
change_grpc "github.com/caos/zitadel/internal/api/grpc/change"
|
||||
object_grpc "github.com/caos/zitadel/internal/api/grpc/object"
|
||||
project_grpc "github.com/caos/zitadel/internal/api/grpc/project"
|
||||
"github.com/caos/zitadel/internal/query"
|
||||
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
|
||||
)
|
||||
|
||||
@@ -182,7 +183,19 @@ func (s *Server) RegenerateAPIClientSecret(ctx context.Context, req *mgmt_pb.Reg
|
||||
}
|
||||
|
||||
func (s *Server) GetAppKey(ctx context.Context, req *mgmt_pb.GetAppKeyRequest) (*mgmt_pb.GetAppKeyResponse, error) {
|
||||
key, err := s.project.GetClientKey(ctx, req.ProjectId, req.AppId, req.KeyId)
|
||||
resourceOwner, err := query.NewAuthNKeyResourceOwnerQuery(authz.GetCtxData(ctx).OrgID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
aggregateID, err := query.NewAuthNKeyAggregateIDQuery(req.ProjectId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
objectID, err := query.NewAuthNKeyObjectIDQuery(req.AppId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
key, err := s.query.GetAuthNKeyByID(ctx, req.KeyId, resourceOwner, aggregateID, objectID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -192,18 +205,18 @@ func (s *Server) GetAppKey(ctx context.Context, req *mgmt_pb.GetAppKeyRequest) (
|
||||
}
|
||||
|
||||
func (s *Server) ListAppKeys(ctx context.Context, req *mgmt_pb.ListAppKeysRequest) (*mgmt_pb.ListAppKeysResponse, error) {
|
||||
queries, err := ListAPIClientKeysRequestToModel(req)
|
||||
queries, err := ListAPIClientKeysRequestToQuery(ctx, req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
keys, err := s.project.SearchClientKeys(ctx, queries)
|
||||
keys, err := s.query.SearchAuthNKeys(ctx, queries)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &mgmt_pb.ListAppKeysResponse{
|
||||
Result: authn_grpc.KeyViewsToPb(keys.Result),
|
||||
Result: authn_grpc.KeysToPb(keys.AuthNKeys),
|
||||
Details: object_grpc.ToListDetails(
|
||||
keys.TotalResult,
|
||||
keys.Count,
|
||||
keys.Sequence,
|
||||
keys.Timestamp,
|
||||
),
|
||||
|
||||
@@ -1,14 +1,15 @@
|
||||
package management
|
||||
|
||||
import (
|
||||
"context"
|
||||
"time"
|
||||
|
||||
"github.com/caos/zitadel/internal/api/authz"
|
||||
authn_grpc "github.com/caos/zitadel/internal/api/grpc/authn"
|
||||
"github.com/caos/zitadel/internal/api/grpc/object"
|
||||
app_grpc "github.com/caos/zitadel/internal/api/grpc/project"
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
"github.com/caos/zitadel/internal/eventstore/v1/models"
|
||||
key_model "github.com/caos/zitadel/internal/key/model"
|
||||
"github.com/caos/zitadel/internal/query"
|
||||
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
|
||||
)
|
||||
@@ -123,19 +124,30 @@ func AddAPIClientKeyRequestToDomain(key *mgmt_pb.AddAppKeyRequest) *domain.Appli
|
||||
}
|
||||
}
|
||||
|
||||
func ListAPIClientKeysRequestToModel(req *mgmt_pb.ListAppKeysRequest) (*key_model.AuthNKeySearchRequest, error) {
|
||||
func ListAPIClientKeysRequestToQuery(ctx context.Context, req *mgmt_pb.ListAppKeysRequest) (*query.AuthNKeySearchQueries, error) {
|
||||
resourcOwner, err := query.NewAuthNKeyResourceOwnerQuery(authz.GetCtxData(ctx).OrgID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
projectID, err := query.NewAuthNKeyAggregateIDQuery(req.ProjectId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
appID, err := query.NewAuthNKeyObjectIDQuery(req.AppId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
offset, limit, asc := object.ListQueryToModel(req.Query)
|
||||
queries := make([]*key_model.AuthNKeySearchQuery, 0)
|
||||
queries = append(queries, &key_model.AuthNKeySearchQuery{
|
||||
Key: key_model.AuthNKeyObjectID,
|
||||
Method: domain.SearchMethodEquals,
|
||||
Value: req.AppId,
|
||||
})
|
||||
return &key_model.AuthNKeySearchRequest{
|
||||
Offset: offset,
|
||||
Limit: limit,
|
||||
Asc: asc,
|
||||
//SortingColumn: //TODO: sorting
|
||||
Queries: queries,
|
||||
return &query.AuthNKeySearchQueries{
|
||||
SearchRequest: query.SearchRequest{
|
||||
Offset: offset,
|
||||
Limit: limit,
|
||||
Asc: asc,
|
||||
},
|
||||
Queries: []query.SearchQuery{
|
||||
resourcOwner,
|
||||
projectID,
|
||||
appID,
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
|
||||
@@ -15,6 +15,7 @@ import (
|
||||
"github.com/caos/zitadel/internal/api/grpc/user"
|
||||
user_grpc "github.com/caos/zitadel/internal/api/grpc/user"
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
"github.com/caos/zitadel/internal/query"
|
||||
grant_model "github.com/caos/zitadel/internal/usergrant/model"
|
||||
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
|
||||
)
|
||||
@@ -551,7 +552,15 @@ func (s *Server) UpdateMachine(ctx context.Context, req *mgmt_pb.UpdateMachineRe
|
||||
}
|
||||
|
||||
func (s *Server) GetMachineKeyByIDs(ctx context.Context, req *mgmt_pb.GetMachineKeyByIDsRequest) (*mgmt_pb.GetMachineKeyByIDsResponse, error) {
|
||||
key, err := s.user.GetMachineKey(ctx, req.UserId, req.KeyId)
|
||||
resourceOwner, err := query.NewAuthNKeyResourceOwnerQuery(authz.GetCtxData(ctx).OrgID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
aggregateID, err := query.NewAuthNKeyAggregateIDQuery(req.UserId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
key, err := s.query.GetAuthNKeyByID(ctx, req.KeyId, resourceOwner, aggregateID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -561,14 +570,18 @@ func (s *Server) GetMachineKeyByIDs(ctx context.Context, req *mgmt_pb.GetMachine
|
||||
}
|
||||
|
||||
func (s *Server) ListMachineKeys(ctx context.Context, req *mgmt_pb.ListMachineKeysRequest) (*mgmt_pb.ListMachineKeysResponse, error) {
|
||||
result, err := s.user.SearchMachineKeys(ctx, ListMachineKeysRequestToModel(req))
|
||||
query, err := ListMachineKeysRequestToQuery(ctx, req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
result, err := s.query.SearchAuthNKeys(ctx, query)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &mgmt_pb.ListMachineKeysResponse{
|
||||
Result: authn.KeyViewsToPb(result.Result),
|
||||
Result: authn.KeysToPb(result.AuthNKeys),
|
||||
Details: obj_grpc.ToListDetails(
|
||||
result.TotalResult,
|
||||
result.Count,
|
||||
result.Sequence,
|
||||
result.Timestamp,
|
||||
),
|
||||
|
||||
@@ -5,7 +5,6 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/caos/logging"
|
||||
"github.com/golang/protobuf/ptypes"
|
||||
"golang.org/x/text/language"
|
||||
|
||||
"github.com/caos/zitadel/internal/api/authz"
|
||||
@@ -15,7 +14,6 @@ import (
|
||||
user_grpc "github.com/caos/zitadel/internal/api/grpc/user"
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
"github.com/caos/zitadel/internal/eventstore/v1/models"
|
||||
key_model "github.com/caos/zitadel/internal/key/model"
|
||||
"github.com/caos/zitadel/internal/query"
|
||||
user_model "github.com/caos/zitadel/internal/user/model"
|
||||
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
|
||||
@@ -187,32 +185,34 @@ func UpdateMachineRequestToDomain(ctx context.Context, req *mgmt_pb.UpdateMachin
|
||||
}
|
||||
}
|
||||
|
||||
func ListMachineKeysRequestToModel(req *mgmt_pb.ListMachineKeysRequest) *key_model.AuthNKeySearchRequest {
|
||||
offset, limit, asc := object.ListQueryToModel(req.Query)
|
||||
return &key_model.AuthNKeySearchRequest{
|
||||
Offset: offset,
|
||||
Limit: limit,
|
||||
Asc: asc,
|
||||
Queries: []*key_model.AuthNKeySearchQuery{
|
||||
{
|
||||
Key: key_model.AuthNKeyObjectType,
|
||||
Method: domain.SearchMethodEquals,
|
||||
Value: key_model.AuthNKeyObjectTypeUser,
|
||||
}, {
|
||||
Key: key_model.AuthNKeyObjectID,
|
||||
Method: domain.SearchMethodEquals,
|
||||
Value: req.UserId,
|
||||
},
|
||||
},
|
||||
func ListMachineKeysRequestToQuery(ctx context.Context, req *mgmt_pb.ListMachineKeysRequest) (*query.AuthNKeySearchQueries, error) {
|
||||
resourcOwner, err := query.NewAuthNKeyResourceOwnerQuery(authz.GetCtxData(ctx).OrgID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
userID, err := query.NewAuthNKeyAggregateIDQuery(req.UserId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
offset, limit, asc := object.ListQueryToModel(req.Query)
|
||||
return &query.AuthNKeySearchQueries{
|
||||
SearchRequest: query.SearchRequest{
|
||||
Offset: offset,
|
||||
Limit: limit,
|
||||
Asc: asc,
|
||||
},
|
||||
Queries: []query.SearchQuery{
|
||||
resourcOwner,
|
||||
userID,
|
||||
},
|
||||
}, nil
|
||||
|
||||
}
|
||||
|
||||
func AddMachineKeyRequestToDomain(req *mgmt_pb.AddMachineKeyRequest) *domain.MachineKey {
|
||||
expDate := time.Time{}
|
||||
if req.ExpirationDate != nil {
|
||||
var err error
|
||||
expDate, err = ptypes.Timestamp(req.ExpirationDate)
|
||||
logging.Log("MANAG-iNshR").OnError(err).Debug("unable to parse expiration date")
|
||||
expDate = req.ExpirationDate.AsTime()
|
||||
}
|
||||
|
||||
return &domain.MachineKey{
|
||||
|
||||
Reference in New Issue
Block a user