fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! added first event

backend/v3/domain/id_provider.go

@@ -19,9 +19,9 @@ const (
 	IDPTypeLDAP
 	IDPTypeAzure
 	IDPTypeGithub
-	IDPTypeGitHubEnterprise
-	IDPTypeGitLab
-	IDPTypeGitLabSelfHosted
+	IDPTypeGithubEnterprise
+	IDPTypeGitlab
+	IDPTypeGitlabSelfHosted
 	IDPTypeGoogle
 	IDPTypeApple
 	IDPTypeSAML
@@ -164,6 +164,20 @@ type IDPGithub struct {
 	Github
 }
 
+type GithubEnterprise struct {
+	ClientID              string              `json:"clientId,omitempty"`
+	ClientSecret          *crypto.CryptoValue `json:"clientSecret,omitempty"`
+	AuthorizationEndpoint string              `json:"authorizationEndpoint,omitempty"`
+	TokenEndpoint         string              `json:"tokenEndpoint,omitempty"`
+	UserEndpoint          string              `json:"userEndpoint,omitempty"`
+	Scopes                []string            `json:"scopes,omitempty"`
+}
+
+type IDPGithubEnterprise struct {
+	*IdentityProvider
+	GithubEnterprise
+}
+
 // IDPIdentifierCondition is used to help specify a single identity_provider,
 // it will either be used as the  identity_provider ID or identity_provider name,
 // as identity_provider can be identified either using (instanceID + OrgID + ID) OR (instanceID + OrgID + name)
@@ -240,4 +254,5 @@ type IDProviderRepository interface {
 	GetOAzureAD(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IDPOAzureAD, error)
 	GetGoogle(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IDPGoogle, error)
 	GetGithub(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IDPGithub, error)
+	GetGithubEnterprise(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IDPGithubEnterprise, error)
 }

backend/v3/domain/idptype_enumer.go

@@ -31,15 +31,15 @@ func _IDPTypeNoOp() {
 	_ = x[IDPTypeLDAP-(4)]
 	_ = x[IDPTypeAzure-(5)]
 	_ = x[IDPTypeGithub-(6)]
-	_ = x[IDPTypeGitHubEnterprise-(7)]
-	_ = x[IDPTypeGitLab-(8)]
-	_ = x[IDPTypeGitLabSelfHosted-(9)]
+	_ = x[IDPTypeGithubEnterprise-(7)]
+	_ = x[IDPTypeGitlab-(8)]
+	_ = x[IDPTypeGitlabSelfHosted-(9)]
 	_ = x[IDPTypeGoogle-(10)]
 	_ = x[IDPTypeApple-(11)]
 	_ = x[IDPTypeSAML-(12)]
 }
 
-var _IDPTypeValues = []IDPType{IDPTypeUnspecified, IDPTypeOIDC, IDPTypeJWT, IDPTypeOAuth, IDPTypeLDAP, IDPTypeAzure, IDPTypeGithub, IDPTypeGitHubEnterprise, IDPTypeGitLab, IDPTypeGitLabSelfHosted, IDPTypeGoogle, IDPTypeApple, IDPTypeSAML}
+var _IDPTypeValues = []IDPType{IDPTypeUnspecified, IDPTypeOIDC, IDPTypeJWT, IDPTypeOAuth, IDPTypeLDAP, IDPTypeAzure, IDPTypeGithub, IDPTypeGithubEnterprise, IDPTypeGitlab, IDPTypeGitlabSelfHosted, IDPTypeGoogle, IDPTypeApple, IDPTypeSAML}
 
 var _IDPTypeNameToValueMap = map[string]IDPType{
 	_IDPTypeName[0:11]:       IDPTypeUnspecified,
@@ -56,12 +56,12 @@ var _IDPTypeNameToValueMap = map[string]IDPType{
 	_IDPTypeLowerName[27:32]: IDPTypeAzure,
 	_IDPTypeName[32:38]:      IDPTypeGithub,
 	_IDPTypeLowerName[32:38]: IDPTypeGithub,
-	_IDPTypeName[38:54]:      IDPTypeGitHubEnterprise,
-	_IDPTypeLowerName[38:54]: IDPTypeGitHubEnterprise,
-	_IDPTypeName[54:60]:      IDPTypeGitLab,
-	_IDPTypeLowerName[54:60]: IDPTypeGitLab,
-	_IDPTypeName[60:76]:      IDPTypeGitLabSelfHosted,
-	_IDPTypeLowerName[60:76]: IDPTypeGitLabSelfHosted,
+	_IDPTypeName[38:54]:      IDPTypeGithubEnterprise,
+	_IDPTypeLowerName[38:54]: IDPTypeGithubEnterprise,
+	_IDPTypeName[54:60]:      IDPTypeGitlab,
+	_IDPTypeLowerName[54:60]: IDPTypeGitlab,
+	_IDPTypeName[60:76]:      IDPTypeGitlabSelfHosted,
+	_IDPTypeLowerName[60:76]: IDPTypeGitlabSelfHosted,
 	_IDPTypeName[76:82]:      IDPTypeGoogle,
 	_IDPTypeLowerName[76:82]: IDPTypeGoogle,
 	_IDPTypeName[82:87]:      IDPTypeApple,

backend/v3/storage/database/dialect/postgres/migration/003_identity_providers_table/up.sql

@@ -10,6 +10,7 @@ CREATE TYPE zitadel.idp_type AS ENUM (
     'saml',
     'ldap',
     'github',
+    'githubenterprise',
     'azure',
     'google',
     'microsoft',

backend/v3/storage/database/events_testing/id_provider_test.go

@@ -528,7 +528,6 @@ func TestServer_TestIDProviderReduces(t *testing.T) {
 			assert.Equal(t, "authoizationEndpoint", oauth.AuthorizationEndpoint)
 			assert.Equal(t, "tokenEndpoint", oauth.TokenEndpoint)
 			assert.Equal(t, "userEndpoint", oauth.UserEndpoint)
-			assert.Equal(t, "userEndpoint", oauth.UserEndpoint)
 			assert.Equal(t, []string{"scope"}, oauth.Scopes)
 			assert.Equal(t, false, oauth.AllowLinking)
 			assert.Equal(t, false, oauth.AllowCreation)
@@ -673,7 +672,6 @@ func TestServer_TestIDProviderReduces(t *testing.T) {
 			// assert.Equal(t, "authoizationEndpoint", oidc.AuthorizationEndpoint)
 			// assert.Equal(t, "tokenEndpoint", oidc.TokenEndpoint)
 			// assert.Equal(t, "userEndpoint", oidc.UserEndpoint)
-			// assert.Equal(t, "userEndpoint", oidc.UserEndpoint)
 			assert.Equal(t, []string{"scope"}, oidc.Scopes)
 			assert.Equal(t, "issuer", oidc.Issuer)
 			assert.Equal(t, false, oidc.IsIDTokenMapping)
@@ -1312,4 +1310,138 @@ func TestServer_TestIDProviderReduces(t *testing.T) {
 			assert.WithinRange(t, updateGithub.UpdatedAt, beforeCreate, afterCreate)
 		}, retryDuration, tick)
 	})
+
+	t.Run("test instance idp github enterprise added reduces", func(t *testing.T) {
+		name := gofakeit.Name()
+
+		// add github enterprise
+		beforeCreate := time.Now()
+		addGithubEnterprise, err := AdminClient.AddGitHubEnterpriseServerProvider(CTX, &admin.AddGitHubEnterpriseServerProviderRequest{
+			Name:                  name,
+			ClientId:              "clientId",
+			ClientSecret:          "clientSecret",
+			AuthorizationEndpoint: "authoizationEndpoint",
+			TokenEndpoint:         "tokenEndpoint",
+			UserEndpoint:          "userEndpoint",
+			Scopes:                []string{"scope"},
+			ProviderOptions: &idp_grpc.Options{
+				IsLinkingAllowed:  false,
+				IsCreationAllowed: false,
+				IsAutoCreation:    false,
+				IsAutoUpdate:      false,
+				AutoLinking:       idp.AutoLinkingOption_AUTO_LINKING_OPTION_EMAIL,
+			},
+		})
+		afterCreate := time.Now()
+		require.NoError(t, err)
+
+		idpRepo := repository.IDProviderRepository(pool)
+
+		// check values for github enterprise
+		retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5)
+		assert.EventuallyWithT(t, func(t *assert.CollectT) {
+			githubEnterprise, err := idpRepo.GetGithubEnterprise(CTX, idpRepo.IDCondition(addGithubEnterprise.Id), instanceID, nil)
+			require.NoError(t, err)
+
+			// event instance.idp.github_enterprise.added
+			// idp
+			assert.Equal(t, addGithubEnterprise.Id, githubEnterprise.ID)
+			assert.Equal(t, name, githubEnterprise.Name)
+
+			assert.Equal(t, domain.IDPTypeGithubEnterprise.String(), githubEnterprise.Type)
+			assert.Equal(t, "clientId", githubEnterprise.ClientID)
+			assert.NotNil(t, githubEnterprise.ClientSecret)
+			assert.Equal(t, "authoizationEndpoint", githubEnterprise.AuthorizationEndpoint)
+			assert.Equal(t, "tokenEndpoint", githubEnterprise.TokenEndpoint)
+			assert.Equal(t, "userEndpoint", githubEnterprise.UserEndpoint)
+			assert.Equal(t, []string{"scope"}, githubEnterprise.Scopes)
+			assert.Equal(t, false, githubEnterprise.AllowLinking)
+			assert.Equal(t, false, githubEnterprise.AllowCreation)
+			assert.Equal(t, false, githubEnterprise.AllowAutoUpdate)
+			assert.Equal(t, domain.IDPAutoLinkingOptionEmail.String(), githubEnterprise.AllowAutoLinking)
+			assert.WithinRange(t, githubEnterprise.CreatedAt, beforeCreate, afterCreate)
+			assert.WithinRange(t, githubEnterprise.UpdatedAt, beforeCreate, afterCreate)
+		}, retryDuration, tick)
+	})
+
+	t.Run("test instance idp github enterprise changed reduces", func(t *testing.T) {
+		name := gofakeit.Name()
+
+		// add github enterprise
+		addGithubEnterprise, err := AdminClient.AddGitHubEnterpriseServerProvider(CTX, &admin.AddGitHubEnterpriseServerProviderRequest{
+			Name:                  name,
+			ClientId:              "clientId",
+			ClientSecret:          "clientSecret",
+			AuthorizationEndpoint: "authoizationEndpoint",
+			TokenEndpoint:         "tokenEndpoint",
+			UserEndpoint:          "userEndpoint",
+			Scopes:                []string{"scope"},
+			ProviderOptions: &idp_grpc.Options{
+				IsLinkingAllowed:  true,
+				IsCreationAllowed: true,
+				IsAutoCreation:    true,
+				IsAutoUpdate:      true,
+				AutoLinking:       idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME,
+			},
+		})
+		require.NoError(t, err)
+
+		idpRepo := repository.IDProviderRepository(pool)
+
+		var githubEnterprise *domain.IDPGithubEnterprise
+		retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5)
+		assert.EventuallyWithT(t, func(t *assert.CollectT) {
+			githubEnterprise, err = idpRepo.GetGithubEnterprise(CTX, idpRepo.IDCondition(addGithubEnterprise.Id), instanceID, nil)
+			require.NoError(t, err)
+			assert.Equal(t, addGithubEnterprise.Id, githubEnterprise.ID)
+		}, retryDuration, tick)
+
+		name = "new_" + name
+		// change github enterprise
+		beforeCreate := time.Now()
+		_, err = AdminClient.UpdateGitHubEnterpriseServerProvider(CTX, &admin.UpdateGitHubEnterpriseServerProviderRequest{
+			Id:                    addGithubEnterprise.Id,
+			Name:                  name,
+			ClientId:              "new_clientId",
+			ClientSecret:          "new_clientSecret",
+			AuthorizationEndpoint: "new_authoizationEndpoint",
+			TokenEndpoint:         "new_tokenEndpoint",
+			UserEndpoint:          "new_userEndpoint",
+			Scopes:                []string{"new_scope"},
+			ProviderOptions: &idp_grpc.Options{
+				IsLinkingAllowed:  false,
+				IsCreationAllowed: false,
+				IsAutoCreation:    false,
+				IsAutoUpdate:      false,
+				AutoLinking:       idp.AutoLinkingOption_AUTO_LINKING_OPTION_EMAIL,
+			},
+		})
+		afterCreate := time.Now()
+		require.NoError(t, err)
+
+		// check values for azure
+		retryDuration, tick = integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5)
+		assert.EventuallyWithT(t, func(t *assert.CollectT) {
+			updateGithubEnterprise, err := idpRepo.GetGithubEnterprise(CTX, idpRepo.IDCondition(addGithubEnterprise.Id), instanceID, nil)
+			require.NoError(t, err)
+
+			// event instance.idp.github_enterprise.changed
+			// idp
+			assert.Equal(t, addGithubEnterprise.Id, updateGithubEnterprise.ID)
+			assert.Equal(t, name, updateGithubEnterprise.Name)
+
+			assert.Equal(t, domain.IDPTypeGithubEnterprise.String(), updateGithubEnterprise.Type)
+			assert.Equal(t, "new_clientId", updateGithubEnterprise.ClientID)
+			assert.NotNil(t, updateGithubEnterprise.ClientSecret)
+			assert.Equal(t, "new_authoizationEndpoint", updateGithubEnterprise.AuthorizationEndpoint)
+			assert.Equal(t, "new_tokenEndpoint", updateGithubEnterprise.TokenEndpoint)
+			assert.Equal(t, "new_userEndpoint", updateGithubEnterprise.UserEndpoint)
+			assert.Equal(t, []string{"new_scope"}, updateGithubEnterprise.Scopes)
+			assert.Equal(t, false, updateGithubEnterprise.AllowLinking)
+			assert.Equal(t, false, updateGithubEnterprise.AllowCreation)
+			assert.Equal(t, false, updateGithubEnterprise.AllowAutoUpdate)
+			assert.Equal(t, domain.IDPAutoLinkingOptionEmail.String(), updateGithubEnterprise.AllowAutoLinking)
+			assert.WithinRange(t, updateGithubEnterprise.UpdatedAt, beforeCreate, afterCreate)
+		}, retryDuration, tick)
+	})
 }

backend/v3/storage/database/repository/id_provider.go

@@ -251,6 +251,28 @@ func (i *idProvider) GetGithub(ctx context.Context, id domain.IDPIdentifierCondi
 	return idpGithub, nil
 }
 
+func (i *idProvider) GetGithubEnterprise(ctx context.Context, id domain.IDPIdentifierCondition, instnaceID string, orgID *string) (*domain.IDPGithubEnterprise, error) {
+	idpGithubEnterprise := &domain.IDPGithubEnterprise{}
+	var err error
+
+	idpGithubEnterprise.IdentityProvider, err = i.Get(ctx, id, instnaceID, orgID)
+	if err != nil {
+		return nil, err
+	}
+
+	if idpGithubEnterprise.Type != domain.IDPTypeGithubEnterprise.String() {
+		// TODO
+		return nil, errors.New("WRONG TYPE")
+	}
+
+	err = json.Unmarshal([]byte(*idpGithubEnterprise.Payload), idpGithubEnterprise)
+	if err != nil {
+		return nil, err
+	}
+
+	return idpGithubEnterprise, nil
+}
+
 // -------------------------------------------------------------
 // columns
 // -------------------------------------------------------------