mirror of
https://github.com/zitadel/zitadel.git
synced 2025-12-24 06:27:19 +00:00
fix: generated project grant id (#10747)
# Which Problems Are Solved Project Grant ID would have needed to be unique to be handled properly on the projections, but was defined as the organization ID the project was granted to, so could be non-unique. # How the Problems Are Solved Generate the Project Grant ID even in the v2 APIs, which also includes fixes in the integration tests. Additionally to that, the logic for some functionality had to be extended as the Project Grant ID is not provided anymore in the API, so had to be queried before creating events for Project Grants. # Additional Changes Included fix for authorizations, when an authorization was intended to be created for a project, without providing any organization information, which also showed some faulty integration tests. # Additional Context Partially closes #10745 --------- Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com>
This commit is contained in:
Stefan Benz
@@ -239,7 +239,7 @@ func TestServer_CreateAdministrator(t *testing.T) {
|
||||
Resource: &internal_permission.ResourceType_ProjectGrant_{
|
||||
ProjectGrant: &internal_permission.ResourceType_ProjectGrant{
|
||||
ProjectId: projectResp.GetId(),
|
||||
ProjectGrantId: "notexisting",
|
||||
OrganizationId: "notexisting",
|
||||
},
|
||||
},
|
||||
}
|
||||
@@ -263,7 +263,7 @@ func TestServer_CreateAdministrator(t *testing.T) {
|
||||
Resource: &internal_permission.ResourceType_ProjectGrant_{
|
||||
ProjectGrant: &internal_permission.ResourceType_ProjectGrant{
|
||||
ProjectId: projectResp.GetId(),
|
||||
ProjectGrantId: orgResp.GetOrganizationId(),
|
||||
OrganizationId: orgResp.GetOrganizationId(),
|
||||
},
|
||||
},
|
||||
}
|
||||
@@ -289,7 +289,7 @@ func TestServer_CreateAdministrator(t *testing.T) {
|
||||
Resource: &internal_permission.ResourceType_ProjectGrant_{
|
||||
ProjectGrant: &internal_permission.ResourceType_ProjectGrant{
|
||||
ProjectId: projectResp.GetId(),
|
||||
ProjectGrantId: orgResp.GetOrganizationId(),
|
||||
OrganizationId: orgResp.GetOrganizationId(),
|
||||
},
|
||||
},
|
||||
}
|
||||
@@ -334,6 +334,13 @@ func TestServer_CreateAdministrator_Permission(t *testing.T) {
|
||||
patProjectGrantResp := instance.CreatePersonalAccessToken(iamOwnerCtx, userProjectGrantResp.GetUserId())
|
||||
projectGrantOwnerCtx := integration.WithAuthorizationToken(CTX, patProjectGrantResp.Token)
|
||||
|
||||
grantedProjectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), integration.ProjectName(), false, false)
|
||||
userGrantedProjectResp := instance.CreateMachineUser(iamOwnerCtx)
|
||||
instance.CreateProjectMembership(t, iamOwnerCtx, grantedProjectResp.GetId(), userGrantedProjectResp.GetUserId())
|
||||
patGrantedProjectResp := instance.CreatePersonalAccessToken(iamOwnerCtx, userGrantedProjectResp.GetUserId())
|
||||
grantedProjectOwnerCtx := integration.WithAuthorizationToken(CTX, patGrantedProjectResp.Token)
|
||||
instance.CreateProjectGrant(iamOwnerCtx, t, grantedProjectResp.GetId(), instance.DefaultOrg.GetId())
|
||||
|
||||
type want struct {
|
||||
creationDate bool
|
||||
}
|
||||
@@ -508,6 +515,50 @@ func TestServer_CreateAdministrator_Permission(t *testing.T) {
|
||||
},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "project grant, org owner, ok",
|
||||
ctx: instance.WithAuthorizationToken(CTX, integration.UserTypeOrgOwner),
|
||||
prepare: func(request *internal_permission.CreateAdministratorRequest) {
|
||||
userResp := instance.CreateUserTypeHuman(iamOwnerCtx, integration.Email())
|
||||
|
||||
request.UserId = userResp.GetId()
|
||||
},
|
||||
req: &internal_permission.CreateAdministratorRequest{
|
||||
Resource: &internal_permission.ResourceType{
|
||||
Resource: &internal_permission.ResourceType_ProjectGrant_{
|
||||
ProjectGrant: &internal_permission.ResourceType_ProjectGrant{
|
||||
ProjectId: grantedProjectResp.GetId(),
|
||||
OrganizationId: instance.DefaultOrg.GetId(),
|
||||
},
|
||||
},
|
||||
},
|
||||
Roles: []string{"PROJECT_GRANT_OWNER"},
|
||||
},
|
||||
want: want{
|
||||
creationDate: true,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "project grant, project owner, error",
|
||||
ctx: grantedProjectOwnerCtx,
|
||||
prepare: func(request *internal_permission.CreateAdministratorRequest) {
|
||||
userResp := instance.CreateUserTypeHuman(iamOwnerCtx, integration.Email())
|
||||
|
||||
request.UserId = userResp.GetId()
|
||||
},
|
||||
req: &internal_permission.CreateAdministratorRequest{
|
||||
Resource: &internal_permission.ResourceType{
|
||||
Resource: &internal_permission.ResourceType_ProjectGrant_{
|
||||
ProjectGrant: &internal_permission.ResourceType_ProjectGrant{
|
||||
ProjectId: grantedProjectResp.GetId(),
|
||||
OrganizationId: instance.DefaultOrg.GetId(),
|
||||
},
|
||||
},
|
||||
},
|
||||
Roles: []string{"PROJECT_GRANT_OWNER"},
|
||||
},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "project grant, project grant owner, ok",
|
||||
ctx: projectGrantOwnerCtx,
|
||||
@@ -521,7 +572,7 @@ func TestServer_CreateAdministrator_Permission(t *testing.T) {
|
||||
Resource: &internal_permission.ResourceType_ProjectGrant_{
|
||||
ProjectGrant: &internal_permission.ResourceType_ProjectGrant{
|
||||
ProjectId: projectResp.GetId(),
|
||||
ProjectGrantId: orgResp.GetOrganizationId(),
|
||||
OrganizationId: orgResp.GetOrganizationId(),
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -544,7 +595,7 @@ func TestServer_CreateAdministrator_Permission(t *testing.T) {
|
||||
Resource: &internal_permission.ResourceType_ProjectGrant_{
|
||||
ProjectGrant: &internal_permission.ResourceType_ProjectGrant{
|
||||
ProjectId: projectResp.GetId(),
|
||||
ProjectGrantId: orgResp.GetOrganizationId(),
|
||||
OrganizationId: orgResp.GetOrganizationId(),
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -869,7 +920,7 @@ func TestServer_UpdateAdministrator(t *testing.T) {
|
||||
Resource: &internal_permission.ResourceType_ProjectGrant_{
|
||||
ProjectGrant: &internal_permission.ResourceType_ProjectGrant{
|
||||
ProjectId: projectResp.GetId(),
|
||||
ProjectGrantId: "notexisting",
|
||||
OrganizationId: "notexisting",
|
||||
},
|
||||
},
|
||||
}
|
||||
@@ -894,7 +945,7 @@ func TestServer_UpdateAdministrator(t *testing.T) {
|
||||
Resource: &internal_permission.ResourceType_ProjectGrant_{
|
||||
ProjectGrant: &internal_permission.ResourceType_ProjectGrant{
|
||||
ProjectId: projectResp.GetId(),
|
||||
ProjectGrantId: orgResp.GetOrganizationId(),
|
||||
OrganizationId: orgResp.GetOrganizationId(),
|
||||
},
|
||||
},
|
||||
}
|
||||
@@ -922,7 +973,7 @@ func TestServer_UpdateAdministrator(t *testing.T) {
|
||||
Resource: &internal_permission.ResourceType_ProjectGrant_{
|
||||
ProjectGrant: &internal_permission.ResourceType_ProjectGrant{
|
||||
ProjectId: projectResp.GetId(),
|
||||
ProjectGrantId: orgResp.GetOrganizationId(),
|
||||
OrganizationId: orgResp.GetOrganizationId(),
|
||||
},
|
||||
},
|
||||
}
|
||||
@@ -949,7 +1000,7 @@ func TestServer_UpdateAdministrator(t *testing.T) {
|
||||
Resource: &internal_permission.ResourceType_ProjectGrant_{
|
||||
ProjectGrant: &internal_permission.ResourceType_ProjectGrant{
|
||||
ProjectId: projectResp.GetId(),
|
||||
ProjectGrantId: orgResp.GetOrganizationId(),
|
||||
OrganizationId: orgResp.GetOrganizationId(),
|
||||
},
|
||||
},
|
||||
}
|
||||
@@ -1192,7 +1243,7 @@ func TestServer_UpdateAdministrator_Permission(t *testing.T) {
|
||||
Resource: &internal_permission.ResourceType_ProjectGrant_{
|
||||
ProjectGrant: &internal_permission.ResourceType_ProjectGrant{
|
||||
ProjectId: projectResp.GetId(),
|
||||
ProjectGrantId: orgResp.GetOrganizationId(),
|
||||
OrganizationId: orgResp.GetOrganizationId(),
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -1215,7 +1266,7 @@ func TestServer_UpdateAdministrator_Permission(t *testing.T) {
|
||||
Resource: &internal_permission.ResourceType_ProjectGrant_{
|
||||
ProjectGrant: &internal_permission.ResourceType_ProjectGrant{
|
||||
ProjectId: projectResp.GetId(),
|
||||
ProjectGrantId: orgResp.GetOrganizationId(),
|
||||
OrganizationId: orgResp.GetOrganizationId(),
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -1236,7 +1287,7 @@ func TestServer_UpdateAdministrator_Permission(t *testing.T) {
|
||||
Resource: &internal_permission.ResourceType_ProjectGrant_{
|
||||
ProjectGrant: &internal_permission.ResourceType_ProjectGrant{
|
||||
ProjectId: projectResp.GetId(),
|
||||
ProjectGrantId: orgResp.GetOrganizationId(),
|
||||
OrganizationId: orgResp.GetOrganizationId(),
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -1487,7 +1538,7 @@ func TestServer_DeleteAdministrator(t *testing.T) {
|
||||
Resource: &internal_permission.ResourceType_ProjectGrant_{
|
||||
ProjectGrant: &internal_permission.ResourceType_ProjectGrant{
|
||||
ProjectId: projectResp.GetId(),
|
||||
ProjectGrantId: "notexisting",
|
||||
OrganizationId: "notexisting",
|
||||
},
|
||||
},
|
||||
}
|
||||
@@ -1512,7 +1563,7 @@ func TestServer_DeleteAdministrator(t *testing.T) {
|
||||
Resource: &internal_permission.ResourceType_ProjectGrant_{
|
||||
ProjectGrant: &internal_permission.ResourceType_ProjectGrant{
|
||||
ProjectId: projectResp.GetId(),
|
||||
ProjectGrantId: orgResp.GetOrganizationId(),
|
||||
OrganizationId: orgResp.GetOrganizationId(),
|
||||
},
|
||||
},
|
||||
}
|
||||
@@ -1538,7 +1589,7 @@ func TestServer_DeleteAdministrator(t *testing.T) {
|
||||
Resource: &internal_permission.ResourceType_ProjectGrant_{
|
||||
ProjectGrant: &internal_permission.ResourceType_ProjectGrant{
|
||||
ProjectId: projectResp.GetId(),
|
||||
ProjectGrantId: orgResp.GetOrganizationId(),
|
||||
OrganizationId: orgResp.GetOrganizationId(),
|
||||
},
|
||||
},
|
||||
}
|
||||
@@ -1766,7 +1817,7 @@ func TestServer_DeleteAdministrator_Permission(t *testing.T) {
|
||||
Resource: &internal_permission.ResourceType_ProjectGrant_{
|
||||
ProjectGrant: &internal_permission.ResourceType_ProjectGrant{
|
||||
ProjectId: projectResp.GetId(),
|
||||
ProjectGrantId: orgResp.GetOrganizationId(),
|
||||
OrganizationId: orgResp.GetOrganizationId(),
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -1788,7 +1839,7 @@ func TestServer_DeleteAdministrator_Permission(t *testing.T) {
|
||||
Resource: &internal_permission.ResourceType_ProjectGrant_{
|
||||
ProjectGrant: &internal_permission.ResourceType_ProjectGrant{
|
||||
ProjectId: projectResp.GetId(),
|
||||
ProjectGrantId: orgResp.GetOrganizationId(),
|
||||
OrganizationId: orgResp.GetOrganizationId(),
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -1808,7 +1859,7 @@ func TestServer_DeleteAdministrator_Permission(t *testing.T) {
|
||||
Resource: &internal_permission.ResourceType_ProjectGrant_{
|
||||
ProjectGrant: &internal_permission.ResourceType_ProjectGrant{
|
||||
ProjectId: projectResp.GetId(),
|
||||
ProjectGrantId: orgResp.GetOrganizationId(),
|
||||
OrganizationId: orgResp.GetOrganizationId(),
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
@@ -535,6 +535,10 @@ func TestServer_ListAdministrators(t *testing.T) {
|
||||
// always first check length, otherwise its failed anyway
|
||||
if assert.Len(ttt, got.Administrators, len(tt.want.Administrators)) {
|
||||
for i := range tt.want.Administrators {
|
||||
// need to set the project grant ID as it is generated
|
||||
if grant := got.Administrators[i].GetProjectGrant(); grant != nil {
|
||||
tt.want.Administrators[i].GetProjectGrant().Id = grant.Id
|
||||
}
|
||||
assert.EqualExportedValues(ttt, tt.want.Administrators[i], got.Administrators[i])
|
||||
}
|
||||
}
|
||||
@@ -631,7 +635,8 @@ func createProjectGrantAdministrator(ctx context.Context, instance *integration.
|
||||
},
|
||||
Resource: &internal_permission.Administrator_ProjectGrant{
|
||||
ProjectGrant: &internal_permission.ProjectGrant{
|
||||
Id: grantedOrgID,
|
||||
// left empty as generated
|
||||
Id: "",
|
||||
ProjectId: projectID,
|
||||
ProjectName: projectName,
|
||||
OrganizationId: orgID,
|
||||
@@ -1162,6 +1167,10 @@ func TestServer_ListAdministrators_PermissionV2(t *testing.T) {
|
||||
// always first check length, otherwise its failed anyway
|
||||
if assert.Len(ttt, got.Administrators, len(tt.want.Administrators)) {
|
||||
for i := range tt.want.Administrators {
|
||||
// set as project grant id is generated
|
||||
if grant := got.Administrators[i].GetProjectGrant(); grant != nil {
|
||||
tt.want.Administrators[i].GetProjectGrant().Id = grant.Id
|
||||
}
|
||||
assert.EqualExportedValues(ttt, tt.want.Administrators[i], got.Administrators[i])
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user