TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-22 13:27:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Instance commands (#3385)

Browse Source 
* fix: add events for domain

* fix: add/remove domain command side

* fix: add/remove domain command side

* fix: add/remove domain query side

* fix: create instance

* fix: merge v2

* fix: instance domain

* fix: instance domain

* fix: instance domain

* fix: instance domain

* fix: remove domain.IAMID from writemodels

* fix: remove domain.IAMID from writemodels

* fix: remove domain.IAMID from writemodels

* fix: remove domain.IAMID from writemodels

* fix: remove domain.IAMID from writemodels

* fix: remove domain.IAMID from writemodels

* fix: remove domain.IAMID from writemodels

* fix: remove domain.IAMID from writemodels

* fix: remove domain.IAMID from writemodels

* fix: remove domain.IAMID from api

* fix: remove domain.IAMID

* fix: remove domain.IAMID

* fix: add instance domain queries

* fix: fix after merge

* Update auth_request.go

* fix keypair

* remove unused code

* feat: read instance id from context

* feat: remove unused code

* feat: use instance id from context

* some fixes

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
This commit is contained in:
Fabi
2022-04-05 07:58:09 +02:00
committed by GitHub
parent 7d6a10015a
commit c740ee5d81
156 changed files with 6360 additions and 3951 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
internal/api/grpc/admin/custom_text.go
View File

@@ -3,6 +3,7 @@ package admin
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"golang.org/x/text/language"
"github.com/caos/zitadel/internal/api/grpc/object"
@@ -22,7 +23,7 @@ func (s *Server) GetDefaultInitMessageText(ctx context.Context, req *admin_pb.Ge
}
func (s *Server) GetCustomInitMessageText(ctx context.Context, req *admin_pb.GetCustomInitMessageTextRequest) (*admin_pb.GetCustomInitMessageTextResponse, error) {
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, domain.IAMID, domain.InitCodeMessageType, req.Language)
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetInstance(ctx).InstanceID(), domain.InitCodeMessageType, req.Language)
if err != nil {
return nil, err
}
@@ -32,7 +33,7 @@ func (s *Server) GetCustomInitMessageText(ctx context.Context, req *admin_pb.Get
}
func (s *Server) SetDefaultInitMessageText(ctx context.Context, req *admin_pb.SetDefaultInitMessageTextRequest) (*admin_pb.SetDefaultInitMessageTextResponse, error) {
result, err := s.command.SetDefaultMessageText(ctx, SetInitCustomTextToDomain(req))
result, err := s.command.SetDefaultMessageText(ctx, authz.GetInstance(ctx).InstanceID(), SetInitCustomTextToDomain(req))
if err != nil {
return nil, err
}
@@ -70,7 +71,7 @@ func (s *Server) GetDefaultPasswordResetMessageText(ctx context.Context, req *ad
}
func (s *Server) GetCustomPasswordResetMessageText(ctx context.Context, req *admin_pb.GetCustomPasswordResetMessageTextRequest) (*admin_pb.GetCustomPasswordResetMessageTextResponse, error) {
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, domain.IAMID, domain.PasswordResetMessageType, req.Language)
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetInstance(ctx).InstanceID(), domain.PasswordResetMessageType, req.Language)
if err != nil {
return nil, err
}
@@ -80,7 +81,7 @@ func (s *Server) GetCustomPasswordResetMessageText(ctx context.Context, req *adm
}
func (s *Server) SetDefaultPasswordResetMessageText(ctx context.Context, req *admin_pb.SetDefaultPasswordResetMessageTextRequest) (*admin_pb.SetDefaultPasswordResetMessageTextResponse, error) {
result, err := s.command.SetDefaultMessageText(ctx, SetPasswordResetCustomTextToDomain(req))
result, err := s.command.SetDefaultMessageText(ctx, authz.GetInstance(ctx).InstanceID(), SetPasswordResetCustomTextToDomain(req))
if err != nil {
return nil, err
}
@@ -118,7 +119,7 @@ func (s *Server) GetDefaultVerifyEmailMessageText(ctx context.Context, req *admi
}
func (s *Server) GetCustomVerifyEmailMessageText(ctx context.Context, req *admin_pb.GetCustomVerifyEmailMessageTextRequest) (*admin_pb.GetCustomVerifyEmailMessageTextResponse, error) {
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, domain.IAMID, domain.VerifyEmailMessageType, req.Language)
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetInstance(ctx).InstanceID(), domain.VerifyEmailMessageType, req.Language)
if err != nil {
return nil, err
}
@@ -128,7 +129,7 @@ func (s *Server) GetCustomVerifyEmailMessageText(ctx context.Context, req *admin
}
func (s *Server) SetDefaultVerifyEmailMessageText(ctx context.Context, req *admin_pb.SetDefaultVerifyEmailMessageTextRequest) (*admin_pb.SetDefaultVerifyEmailMessageTextResponse, error) {
result, err := s.command.SetDefaultMessageText(ctx, SetVerifyEmailCustomTextToDomain(req))
result, err := s.command.SetDefaultMessageText(ctx, authz.GetInstance(ctx).InstanceID(), SetVerifyEmailCustomTextToDomain(req))
if err != nil {
return nil, err
}
@@ -166,7 +167,7 @@ func (s *Server) GetDefaultVerifyPhoneMessageText(ctx context.Context, req *admi
}
func (s *Server) GetCustomVerifyPhoneMessageText(ctx context.Context, req *admin_pb.GetCustomVerifyPhoneMessageTextRequest) (*admin_pb.GetCustomVerifyPhoneMessageTextResponse, error) {
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, domain.IAMID, domain.VerifyPhoneMessageType, req.Language)
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetInstance(ctx).InstanceID(), domain.VerifyPhoneMessageType, req.Language)
if err != nil {
return nil, err
}
@@ -176,7 +177,7 @@ func (s *Server) GetCustomVerifyPhoneMessageText(ctx context.Context, req *admin
}
func (s *Server) SetDefaultVerifyPhoneMessageText(ctx context.Context, req *admin_pb.SetDefaultVerifyPhoneMessageTextRequest) (*admin_pb.SetDefaultVerifyPhoneMessageTextResponse, error) {
result, err := s.command.SetDefaultMessageText(ctx, SetVerifyPhoneCustomTextToDomain(req))
result, err := s.command.SetDefaultMessageText(ctx, authz.GetInstance(ctx).InstanceID(), SetVerifyPhoneCustomTextToDomain(req))
if err != nil {
return nil, err
}
@@ -214,7 +215,7 @@ func (s *Server) GetDefaultDomainClaimedMessageText(ctx context.Context, req *ad
}
func (s *Server) GetCustomDomainClaimedMessageText(ctx context.Context, req *admin_pb.GetCustomDomainClaimedMessageTextRequest) (*admin_pb.GetCustomDomainClaimedMessageTextResponse, error) {
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, domain.IAMID, domain.DomainClaimedMessageType, req.Language)
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetInstance(ctx).InstanceID(), domain.DomainClaimedMessageType, req.Language)
if err != nil {
return nil, err
}
@@ -224,7 +225,7 @@ func (s *Server) GetCustomDomainClaimedMessageText(ctx context.Context, req *adm
}
func (s *Server) SetDefaultDomainClaimedMessageText(ctx context.Context, req *admin_pb.SetDefaultDomainClaimedMessageTextRequest) (*admin_pb.SetDefaultDomainClaimedMessageTextResponse, error) {
result, err := s.command.SetDefaultMessageText(ctx, SetDomainClaimedCustomTextToDomain(req))
result, err := s.command.SetDefaultMessageText(ctx, authz.GetInstance(ctx).InstanceID(), SetDomainClaimedCustomTextToDomain(req))
if err != nil {
return nil, err
}
@@ -262,7 +263,7 @@ func (s *Server) GetDefaultPasswordlessRegistrationMessageText(ctx context.Conte
}
func (s *Server) GetCustomPasswordlessRegistrationMessageText(ctx context.Context, req *admin_pb.GetCustomPasswordlessRegistrationMessageTextRequest) (*admin_pb.GetCustomPasswordlessRegistrationMessageTextResponse, error) {
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, domain.IAMID, domain.PasswordlessRegistrationMessageType, req.Language)
msg, err := s.query.CustomMessageTextByTypeAndLanguage(ctx, authz.GetInstance(ctx).InstanceID(), domain.PasswordlessRegistrationMessageType, req.Language)
if err != nil {
return nil, err
}
@@ -272,7 +273,7 @@ func (s *Server) GetCustomPasswordlessRegistrationMessageText(ctx context.Contex
}
func (s *Server) SetDefaultPasswordlessRegistrationMessageText(ctx context.Context, req *admin_pb.SetDefaultPasswordlessRegistrationMessageTextRequest) (*admin_pb.SetDefaultPasswordlessRegistrationMessageTextResponse, error) {
result, err := s.command.SetDefaultMessageText(ctx, SetPasswordlessRegistrationCustomTextToDomain(req))
result, err := s.command.SetDefaultMessageText(ctx, authz.GetInstance(ctx).InstanceID(), SetPasswordlessRegistrationCustomTextToDomain(req))
if err != nil {
return nil, err
}
@@ -309,7 +310,7 @@ func (s *Server) GetDefaultLoginTexts(ctx context.Context, req *admin_pb.GetDefa
}, nil
}
func (s *Server) GetCustomLoginTexts(ctx context.Context, req *admin_pb.GetCustomLoginTextsRequest) (*admin_pb.GetCustomLoginTextsResponse, error) {
msg, err := s.query.GetCustomLoginTexts(ctx, domain.IAMID, req.Language)
msg, err := s.query.GetCustomLoginTexts(ctx, authz.GetInstance(ctx).InstanceID(), req.Language)
if err != nil {
return nil, err
}

8
internal/api/grpc/admin/iam_settings.go
View File

@@ -3,8 +3,8 @@ package admin
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/api/grpc/object"
"github.com/caos/zitadel/internal/domain"
admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
)
@@ -46,7 +46,7 @@ func (s *Server) UpdateSecretGenerator(ctx context.Context, req *admin_pb.Update
}
func (s *Server) GetSMTPConfig(ctx context.Context, req *admin_pb.GetSMTPConfigRequest) (*admin_pb.GetSMTPConfigResponse, error) {
smtp, err := s.query.SMTPConfigByAggregateID(ctx, domain.IAMID)
smtp, err := s.query.SMTPConfigByAggregateID(ctx, authz.GetInstance(ctx).InstanceID())
if err != nil {
return nil, err
}
@@ -56,7 +56,7 @@ func (s *Server) GetSMTPConfig(ctx context.Context, req *admin_pb.GetSMTPConfigR
}
func (s *Server) UpdateSMTPConfig(ctx context.Context, req *admin_pb.UpdateSMTPConfigRequest) (*admin_pb.UpdateSMTPConfigResponse, error) {
details, err := s.command.ChangeSMTPConfig(ctx, UpdateSMTPToConfig(req))
details, err := s.command.ChangeSMTPConfig(ctx, authz.GetInstance(ctx).InstanceID(), UpdateSMTPToConfig(req))
if err != nil {
return nil, err
}
@@ -69,7 +69,7 @@ func (s *Server) UpdateSMTPConfig(ctx context.Context, req *admin_pb.UpdateSMTPC
}
func (s *Server) UpdateSMTPConfigPassword(ctx context.Context, req *admin_pb.UpdateSMTPConfigPasswordRequest) (*admin_pb.UpdateSMTPConfigPasswordResponse, error) {
details, err := s.command.ChangeSMTPConfigPassword(ctx, req.Password)
details, err := s.command.ChangeSMTPConfigPassword(ctx, authz.GetInstance(ctx).InstanceID(), req.Password)
if err != nil {
return nil, err
}

6
internal/api/grpc/admin/idp.go
View File

@@ -3,15 +3,15 @@ package admin
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
idp_grpc "github.com/caos/zitadel/internal/api/grpc/idp"
object_pb "github.com/caos/zitadel/internal/api/grpc/object"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/query"
admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
)
func (s *Server) GetIDPByID(ctx context.Context, req *admin_pb.GetIDPByIDRequest) (*admin_pb.GetIDPByIDResponse, error) {
idp, err := s.query.IDPByIDAndResourceOwner(ctx, req.Id, domain.IAMID)
idp, err := s.query.IDPByIDAndResourceOwner(ctx, req.Id, authz.GetInstance(ctx).InstanceID())
if err != nil {
return nil, err
}
@@ -19,7 +19,7 @@ func (s *Server) GetIDPByID(ctx context.Context, req *admin_pb.GetIDPByIDRequest
}
func (s *Server) ListIDPs(ctx context.Context, req *admin_pb.ListIDPsRequest) (*admin_pb.ListIDPsResponse, error) {
queries, err := listIDPsToModel(req)
queries, err := listIDPsToModel(authz.GetInstance(ctx).InstanceID(), req)
if err != nil {
return nil, err
}

4
internal/api/grpc/admin/idp_converter.go
View File

@@ -81,13 +81,13 @@ func updateJWTConfigToDomain(req *admin_pb.UpdateIDPJWTConfigRequest) *domain.JW
}
}
func listIDPsToModel(req *admin_pb.ListIDPsRequest) (*query.IDPSearchQueries, error) {
func listIDPsToModel(instanceID string, req *admin_pb.ListIDPsRequest) (*query.IDPSearchQueries, error) {
offset, limit, asc := object.ListQueryToModel(req.Query)
queries, err := idpQueriesToModel(req.Queries)
if err != nil {
return nil, err
}
iamQuery, err := query.NewIDPResourceOwnerSearchQuery(domain.IAMID)
iamQuery, err := query.NewIDPResourceOwnerSearchQuery(instanceID)
if err != nil {
return nil, err
}

19
internal/api/grpc/admin/language.go
View File

@@ -5,7 +5,6 @@ import (
"golang.org/x/text/language"
"github.com/caos/zitadel/internal/api/grpc/object"
"github.com/caos/zitadel/internal/api/grpc/text"
caos_errors "github.com/caos/zitadel/internal/errors"
admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
@@ -20,17 +19,19 @@ func (s *Server) GetSupportedLanguages(ctx context.Context, req *admin_pb.GetSup
}
func (s *Server) SetDefaultLanguage(ctx context.Context, req *admin_pb.SetDefaultLanguageRequest) (*admin_pb.SetDefaultLanguageResponse, error) {
lang, err := language.Parse(req.Language)
_, err := language.Parse(req.Language)
if err != nil {
return nil, caos_errors.ThrowInvalidArgument(err, "API-39nnf", "Errors.Language.Parse")
}
details, err := s.command.SetDefaultLanguage(ctx, lang)
if err != nil {
return nil, err
}
return &admin_pb.SetDefaultLanguageResponse{
Details: object.DomainToChangeDetailsPb(details),
}, nil
//TODO: Will be added by silvan
//details, err := s.command.SetDefaultLanguage(ctx, lang)
//if err != nil {
// return nil, err
//}
//return &admin_pb.SetDefaultLanguageResponse{
// Details: object.DomainToChangeDetailsPb(details),
//}, nil
return nil, nil
}
func (s *Server) GetDefaultLanguage(ctx context.Context, req *admin_pb.GetDefaultLanguageRequest) (*admin_pb.GetDefaultLanguageResponse, error) {

3
internal/api/grpc/admin/login_policy.go
View File

@@ -3,6 +3,7 @@ package admin
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/api/grpc/user"
"github.com/caos/zitadel/internal/query"
@@ -36,7 +37,7 @@ func (s *Server) UpdateLoginPolicy(ctx context.Context, p *admin_pb.UpdateLoginP
}
func (s *Server) ListLoginPolicyIDPs(ctx context.Context, req *admin_pb.ListLoginPolicyIDPsRequest) (*admin_pb.ListLoginPolicyIDPsResponse, error) {
res, err := s.query.IDPLoginPolicyLinks(ctx, domain.IAMID, ListLoginPolicyIDPsRequestToQuery(req))
res, err := s.query.IDPLoginPolicyLinks(ctx, authz.GetInstance(ctx).InstanceID(), ListLoginPolicyIDPsRequestToQuery(req))
if err != nil {
return nil, err
}

5
internal/api/grpc/admin/notification_provider.go
View File

@@ -3,13 +3,14 @@ package admin
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/api/grpc/settings"
"github.com/caos/zitadel/internal/domain"
admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
)
func (s *Server) GetFileSystemNotificationProvider(ctx context.Context, req *admin_pb.GetFileSystemNotificationProviderRequest) (*admin_pb.GetFileSystemNotificationProviderResponse, error) {
result, err := s.query.NotificationProviderByIDAndType(ctx, domain.IAMID, domain.NotificationProviderTypeFile)
result, err := s.query.NotificationProviderByIDAndType(ctx, authz.GetInstance(ctx).InstanceID(), domain.NotificationProviderTypeFile)
if err != nil {
return nil, err
@@ -20,7 +21,7 @@ func (s *Server) GetFileSystemNotificationProvider(ctx context.Context, req *adm
}
func (s *Server) GetLogNotificationProvider(ctx context.Context, req *admin_pb.GetLogNotificationProviderRequest) (*admin_pb.GetLogNotificationProviderResponse, error) {
result, err := s.query.NotificationProviderByIDAndType(ctx, domain.IAMID, domain.NotificationProviderTypeLog)
result, err := s.query.NotificationProviderByIDAndType(ctx, authz.GetInstance(ctx).InstanceID(), domain.NotificationProviderTypeLog)
if err != nil {
return nil, err

4
internal/api/grpc/admin/oidc_settings.go
View File

@@ -3,13 +3,13 @@ package admin
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/api/grpc/object"
"github.com/caos/zitadel/internal/domain"
admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
)
func (s *Server) GetOIDCSettings(ctx context.Context, _ *admin_pb.GetOIDCSettingsRequest) (*admin_pb.GetOIDCSettingsResponse, error) {
result, err := s.query.OIDCSettingsByAggID(ctx, domain.IAMID)
result, err := s.query.OIDCSettingsByAggID(ctx, authz.GetInstance(ctx).InstanceID())
if err != nil {
return nil, err
}

7
internal/api/grpc/admin/sms.go
View File

@@ -3,6 +3,7 @@ package admin
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/api/grpc/object"
admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
settings_pb "github.com/caos/zitadel/pkg/grpc/settings"
@@ -40,7 +41,7 @@ func (s *Server) GetSMSProvider(ctx context.Context, req *admin_pb.GetSMSProvide
}
func (s *Server) AddSMSProviderTwilio(ctx context.Context, req *admin_pb.AddSMSProviderTwilioRequest) (*admin_pb.AddSMSProviderTwilioResponse, error) {
id, result, err := s.command.AddSMSConfigTwilio(ctx, AddSMSConfigTwilioToConfig(req))
id, result, err := s.command.AddSMSConfigTwilio(ctx, authz.GetInstance(ctx).InstanceID(), AddSMSConfigTwilioToConfig(req))
if err != nil {
return nil, err
@@ -52,7 +53,7 @@ func (s *Server) AddSMSProviderTwilio(ctx context.Context, req *admin_pb.AddSMSP
}
func (s *Server) UpdateSMSProviderTwilio(ctx context.Context, req *admin_pb.UpdateSMSProviderTwilioRequest) (*admin_pb.UpdateSMSProviderTwilioResponse, error) {
result, err := s.command.ChangeSMSConfigTwilio(ctx, req.Id, UpdateSMSConfigTwilioToConfig(req))
result, err := s.command.ChangeSMSConfigTwilio(ctx, authz.GetInstance(ctx).InstanceID(), req.Id, UpdateSMSConfigTwilioToConfig(req))
if err != nil {
return nil, err
@@ -63,7 +64,7 @@ func (s *Server) UpdateSMSProviderTwilio(ctx context.Context, req *admin_pb.Upda
}
func (s *Server) UpdateSMSProviderTwilioToken(ctx context.Context, req *admin_pb.UpdateSMSProviderTwilioTokenRequest) (*admin_pb.UpdateSMSProviderTwilioTokenResponse, error) {
result, err := s.command.ChangeSMSConfigTwilioToken(ctx, req.Id, req.Token)
result, err := s.command.ChangeSMSConfigTwilioToken(ctx, authz.GetInstance(ctx).InstanceID(), req.Id, req.Token)
if err != nil {
return nil, err

1
internal/api/grpc/auth/password.go
View File

@@ -2,6 +2,7 @@ package auth
import (
"context"
"github.com/caos/zitadel/internal/api/grpc/object"
"github.com/caos/zitadel/internal/api/authz"

2
internal/api/grpc/management/idp_converter.go
View File

@@ -91,7 +91,7 @@ func listIDPsToModel(ctx context.Context, req *mgmt_pb.ListOrgIDPsRequest) (quer
if err != nil {
return nil, err
}
resourceOwnerQuery, err := query.NewIDPResourceOwnerListSearchQuery(domain.IAMID, authz.GetCtxData(ctx).OrgID)
resourceOwnerQuery, err := query.NewIDPResourceOwnerListSearchQuery(authz.GetInstance(ctx).InstanceID(), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}

12
internal/api/oidc/auth_request.go
View File

@@ -44,8 +44,7 @@ func (o *OPStorage) AuthRequestByID(ctx context.Context, id string) (_ op.AuthRe
if !ok {
return nil, errors.ThrowPreconditionFailed(nil, "OIDC-D3g21", "no user agent id")
}
instanceID := authz.GetInstance(ctx).InstanceID()
resp, err := o.repo.AuthRequestByIDCheckLoggedIn(ctx, id, userAgentID, instanceID)
resp, err := o.repo.AuthRequestByIDCheckLoggedIn(ctx, id, userAgentID)
if err != nil {
return nil, err
}
@@ -56,8 +55,7 @@ func (o *OPStorage) AuthRequestByCode(ctx context.Context, code string) (_ op.Au
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
instanceID := authz.GetInstance(ctx).InstanceID()
resp, err := o.repo.AuthRequestByCode(ctx, code, instanceID)
resp, err := o.repo.AuthRequestByCode(ctx, code)
if err != nil {
return nil, err
}
@@ -71,16 +69,14 @@ func (o *OPStorage) SaveAuthCode(ctx context.Context, id, code string) (err erro
if !ok {
return errors.ThrowPreconditionFailed(nil, "OIDC-Dgus2", "no user agent id")
}
instanceID := authz.GetInstance(ctx).InstanceID()
return o.repo.SaveAuthCode(ctx, id, code, userAgentID, instanceID)
return o.repo.SaveAuthCode(ctx, id, code, userAgentID)
}
func (o *OPStorage) DeleteAuthRequest(ctx context.Context, id string) (err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
instanceID := authz.GetInstance(ctx).InstanceID()
return o.repo.DeleteAuthRequest(ctx, id, instanceID)
return o.repo.DeleteAuthRequest(ctx, id)
}
func (o *OPStorage) CreateAccessToken(ctx context.Context, req op.TokenRequest) (_ string, _ time.Time, err error) {

29
internal/api/oidc/key.go
View File

@@ -11,7 +11,6 @@ import (
"github.com/caos/zitadel/internal/telemetry/tracing"
"github.com/caos/zitadel/internal/crypto"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/query"
@@ -54,7 +53,7 @@ func (o *OPStorage) GetSigningKey(ctx context.Context, keyCh chan<- jose.Signing
<-renewTimer.C
}
checkAfter := o.resetTimer(renewTimer, true)
logging.Log("OIDC-dK432").Infof("requested next signing key check in %s", checkAfter)
logging.Infof("requested next signing key check in %s", checkAfter)
case <-renewTimer.C:
o.getSigningKey(ctx, renewTimer, keyCh)
}
@@ -66,7 +65,7 @@ func (o *OPStorage) getSigningKey(ctx context.Context, renewTimer *time.Timer, k
keys, err := o.query.ActivePrivateSigningKey(ctx, time.Now().Add(o.signingKeyGracefulPeriod))
if err != nil {
checkAfter := o.resetTimer(renewTimer, true)
logging.Log("OIDC-ASff").Infof("next signing key check in %s", checkAfter)
logging.Infof("next signing key check in %s", checkAfter)
return
}
if len(keys.Keys) == 0 {
@@ -76,13 +75,13 @@ func (o *OPStorage) getSigningKey(ctx context.Context, renewTimer *time.Timer, k
}
o.refreshSigningKey(ctx, keyCh, o.signingKeyAlgorithm, sequence)
checkAfter := o.resetTimer(renewTimer, true)
logging.Log("OIDC-ASDf3").Infof("next signing key check in %s", checkAfter)
logging.Infof("next signing key check in %s", checkAfter)
return
}
err = o.exchangeSigningKey(selectSigningKey(keys.Keys), keyCh)
logging.Log("OIDC-aDfg3").OnError(err).Error("could not exchange signing key")
logging.OnError(err).Error("could not exchange signing key")
checkAfter := o.resetTimer(renewTimer, err != nil)
logging.Log("OIDC-dK432").Infof("next signing key check in %s", checkAfter)
logging.Infof("next signing key check in %s", checkAfter)
}
func (o *OPStorage) resetTimer(timer *time.Timer, shortRefresh bool) (nextCheck time.Duration) {
@@ -100,20 +99,20 @@ func (o *OPStorage) resetTimer(timer *time.Timer, shortRefresh bool) (nextCheck
func (o *OPStorage) refreshSigningKey(ctx context.Context, keyCh chan<- jose.SigningKey, algorithm string, sequence uint64) {
if o.currentKey != nil && o.currentKey.Expiry().Before(time.Now().UTC()) {
logging.Log("OIDC-ADg26").Info("unset current signing key")
logging.Info("unset current signing key")
keyCh <- jose.SigningKey{}
}
ok, err := o.ensureIsLatestKey(ctx, sequence)
if err != nil {
logging.Log("OIDC-sdz53").WithError(err).Error("could not ensure latest key")
logging.New().WithError(err).Error("could not ensure latest key")
return
}
if !ok {
logging.Log("EVENT-GBD23").Warn("view not up to date, retrying later")
logging.Warn("view not up to date, retrying later")
return
}
err = o.lockAndGenerateSigningKeyPair(ctx, algorithm)
logging.Log("EVENT-B4d21").OnError(err).Warn("could not create signing key")
logging.OnError(err).Warn("could not create signing key")
}
func (o *OPStorage) ensureIsLatestKey(ctx context.Context, sequence uint64) (bool, error) {
@@ -126,7 +125,7 @@ func (o *OPStorage) ensureIsLatestKey(ctx context.Context, sequence uint64) (boo
func (o *OPStorage) exchangeSigningKey(key query.PrivateKey, keyCh chan<- jose.SigningKey) (err error) {
if o.currentKey != nil && o.currentKey.ID() == key.ID() {
logging.Log("OIDC-Abb3e").Info("no new signing key")
logging.Info("no new signing key")
return nil
}
keyData, err := crypto.Decrypt(key.Key(), o.encAlg)
@@ -145,12 +144,12 @@ func (o *OPStorage) exchangeSigningKey(key query.PrivateKey, keyCh chan<- jose.S
},
}
o.currentKey = key
logging.LogWithFields("OIDC-dsg54", "keyID", key.ID()).Info("exchanged signing key")
logging.WithFields("keyID", key.ID()).Info("exchanged signing key")
return nil
}
func (o *OPStorage) lockAndGenerateSigningKeyPair(ctx context.Context, algorithm string) error {
logging.Log("OIDC-sdz53").Info("lock and generate signing key pair")
logging.Info("lock and generate signing key pair")
ctx, cancel := context.WithCancel(ctx)
defer cancel()
@@ -161,7 +160,7 @@ func (o *OPStorage) lockAndGenerateSigningKeyPair(ctx context.Context, algorithm
if errors.IsErrorAlreadyExists(err) {
return nil
}
logging.Log("OIDC-Dfg32").OnError(err).Warn("initial lock failed")
logging.OnError(err).Warn("initial lock failed")
return err
}
@@ -171,7 +170,7 @@ func (o *OPStorage) lockAndGenerateSigningKeyPair(ctx context.Context, algorithm
func (o *OPStorage) getMaxKeySequence(ctx context.Context) (uint64, error) {
return o.eventstore.LatestSequence(ctx,
eventstore.NewSearchQueryBuilder(eventstore.ColumnsMaxSequence).
ResourceOwner(domain.IAMID).
ResourceOwner("system"). //TODO: change with multi issuer
AddQuery().
AggregateTypes(keypair.AggregateType).
Builder(),

4
internal/api/ui/login/auth_request.go
View File

@@ -5,7 +5,6 @@ import (
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/api/authz"
http_mw "github.com/caos/zitadel/internal/api/http/middleware"
)
@@ -20,8 +19,7 @@ func (l *Login) getAuthRequest(r *http.Request) (*domain.AuthRequest, error) {
return nil, nil
}
userAgentID, _ := http_mw.UserAgentIDFromCtx(r.Context())
instanceID := authz.GetInstance(r.Context()).InstanceID()
return l.authRepo.AuthRequestByID(r.Context(), authRequestID, userAgentID, instanceID)
return l.authRepo.AuthRequestByID(r.Context(), authRequestID, userAgentID)
}
func (l *Login) getAuthRequestAndParseData(r *http.Request, data interface{}) (*domain.AuthRequest, error) {

3
internal/api/ui/login/custom_action.go
View File

@@ -4,6 +4,7 @@ import (
"context"
"github.com/caos/oidc/pkg/oidc"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/actions"
"github.com/caos/zitadel/internal/domain"
@@ -15,7 +16,7 @@ func (l *Login) customExternalUserMapping(ctx context.Context, user *domain.Exte
if resourceOwner == "" {
resourceOwner = config.AggregateID
}
if resourceOwner == domain.IAMID {
if resourceOwner == authz.GetInstance(ctx).InstanceID() {
iam, err := l.query.Instance(ctx)
if err != nil {
return nil, err

23
internal/api/ui/login/external_login_handler.go
View File

@@ -11,8 +11,6 @@ import (
"github.com/caos/oidc/pkg/oidc"
"golang.org/x/oauth2"
"github.com/caos/zitadel/internal/api/authz"
http_mw "github.com/caos/zitadel/internal/api/http/middleware"
"github.com/caos/zitadel/internal/crypto"
"github.com/caos/zitadel/internal/domain"
@@ -89,8 +87,7 @@ func (l *Login) handleIDP(w http.ResponseWriter, r *http.Request, authReq *domai
return
}
userAgentID, _ := http_mw.UserAgentIDFromCtx(r.Context())
instanceID := authz.GetInstance(r.Context()).InstanceID()
err = l.authRepo.SelectExternalIDP(r.Context(), authReq.ID, idpConfig.IDPConfigID, userAgentID, instanceID)
err = l.authRepo.SelectExternalIDP(r.Context(), authReq.ID, idpConfig.IDPConfigID, userAgentID)
if err != nil {
l.renderLogin(w, r, authReq, err)
return
@@ -142,8 +139,7 @@ func (l *Login) handleExternalLoginCallback(w http.ResponseWriter, r *http.Reque
return
}
userAgentID, _ := http_mw.UserAgentIDFromCtx(r.Context())
instanceID := authz.GetInstance(r.Context()).InstanceID()
authReq, err := l.authRepo.AuthRequestByID(r.Context(), data.State, userAgentID, instanceID)
authReq, err := l.authRepo.AuthRequestByID(r.Context(), data.State, userAgentID)
if err != nil {
l.renderError(w, r, authReq, err)
return
@@ -202,8 +198,7 @@ func (l *Login) handleExternalUserAuthenticated(w http.ResponseWriter, r *http.R
return
}
instanceID := authz.GetInstance(r.Context()).InstanceID()
err = l.authRepo.CheckExternalUserLogin(setContext(r.Context(), ""), authReq.ID, userAgentID, instanceID, externalUser, domain.BrowserInfoFromRequest(r))
err = l.authRepo.CheckExternalUserLogin(setContext(r.Context(), ""), authReq.ID, userAgentID, externalUser, domain.BrowserInfoFromRequest(r))
if err != nil {
if errors.IsNotFound(err) {
err = nil
@@ -231,7 +226,7 @@ func (l *Login) handleExternalUserAuthenticated(w http.ResponseWriter, r *http.R
l.renderExternalNotFoundOption(w, r, authReq, iam, orgIAMPolicy, human, idpLinking, err)
return
}
authReq, err = l.authRepo.AuthRequestByID(r.Context(), authReq.ID, userAgentID, instanceID)
authReq, err = l.authRepo.AuthRequestByID(r.Context(), authReq.ID, userAgentID)
if err != nil {
l.renderExternalNotFoundOption(w, r, authReq, iam, orgIAMPolicy, human, idpLinking, err)
return
@@ -240,7 +235,7 @@ func (l *Login) handleExternalUserAuthenticated(w http.ResponseWriter, r *http.R
return
}
if len(externalUser.Metadatas) > 0 {
authReq, err = l.authRepo.AuthRequestByID(r.Context(), authReq.ID, userAgentID, instanceID)
authReq, err = l.authRepo.AuthRequestByID(r.Context(), authReq.ID, userAgentID)
if err != nil {
return
}
@@ -329,8 +324,7 @@ func (l *Login) handleExternalNotFoundOptionCheck(w http.ResponseWriter, r *http
return
} else if data.ResetLinking {
userAgentID, _ := http_mw.UserAgentIDFromCtx(r.Context())
instanceID := authz.GetInstance(r.Context()).InstanceID()
err = l.authRepo.ResetLinkingUsers(r.Context(), authReq.ID, userAgentID, instanceID)
err = l.authRepo.ResetLinkingUsers(r.Context(), authReq.ID, userAgentID)
if err != nil {
l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, nil, err)
}
@@ -368,7 +362,6 @@ func (l *Login) handleAutoRegister(w http.ResponseWriter, r *http.Request, authR
}
userAgentID, _ := http_mw.UserAgentIDFromCtx(r.Context())
instanceID := authz.GetInstance(r.Context()).InstanceID()
if len(authReq.LinkingUsers) == 0 {
l.renderError(w, r, authReq, caos_errors.ThrowPreconditionFailed(nil, "LOGIN-asfg3", "Errors.ExternalIDP.NoExternalUserData"))
return
@@ -380,12 +373,12 @@ func (l *Login) handleAutoRegister(w http.ResponseWriter, r *http.Request, authR
l.renderExternalNotFoundOption(w, r, authReq, iam, orgIamPolicy, nil, nil, err)
return
}
err = l.authRepo.AutoRegisterExternalUser(setContext(r.Context(), resourceOwner), user, externalIDP, memberRoles, authReq.ID, userAgentID, resourceOwner, instanceID, metadata, domain.BrowserInfoFromRequest(r))
err = l.authRepo.AutoRegisterExternalUser(setContext(r.Context(), resourceOwner), user, externalIDP, memberRoles, authReq.ID, userAgentID, resourceOwner, metadata, domain.BrowserInfoFromRequest(r))
if err != nil {
l.renderExternalNotFoundOption(w, r, authReq, iam, orgIamPolicy, user, externalIDP, err)
return
}
authReq, err = l.authRepo.AuthRequestByID(r.Context(), authReq.ID, authReq.AgentID, instanceID)
authReq, err = l.authRepo.AuthRequestByID(r.Context(), authReq.ID, authReq.AgentID)
if err != nil {
l.renderError(w, r, authReq, err)
return

7
internal/api/ui/login/external_register_handler.go
View File

@@ -8,7 +8,6 @@ import (
"github.com/caos/oidc/pkg/oidc"
"golang.org/x/text/language"
"github.com/caos/zitadel/internal/api/authz"
http_mw "github.com/caos/zitadel/internal/api/http/middleware"
"github.com/caos/zitadel/internal/domain"
iam_model "github.com/caos/zitadel/internal/iam/model"
@@ -68,8 +67,7 @@ func (l *Login) handleExternalRegister(w http.ResponseWriter, r *http.Request) {
return
}
userAgentID, _ := http_mw.UserAgentIDFromCtx(r.Context())
instanceID := authz.GetInstance(r.Context()).InstanceID()
err = l.authRepo.SelectExternalIDP(r.Context(), authReq.ID, idpConfig.IDPConfigID, userAgentID, instanceID)
err = l.authRepo.SelectExternalIDP(r.Context(), authReq.ID, idpConfig.IDPConfigID, userAgentID)
if err != nil {
l.renderLogin(w, r, authReq, err)
return
@@ -89,8 +87,7 @@ func (l *Login) handleExternalRegisterCallback(w http.ResponseWriter, r *http.Re
return
}
userAgentID, _ := http_mw.UserAgentIDFromCtx(r.Context())
instanceID := authz.GetInstance(r.Context()).InstanceID()
authReq, err := l.authRepo.AuthRequestByID(r.Context(), data.State, userAgentID, instanceID)
authReq, err := l.authRepo.AuthRequestByID(r.Context(), data.State, userAgentID)
if err != nil {
l.renderError(w, r, authReq, err)
return

17
internal/api/ui/login/jwt_handler.go
View File

@@ -12,7 +12,6 @@ import (
"github.com/caos/oidc/pkg/client/rp"
"github.com/caos/oidc/pkg/oidc"
"github.com/caos/zitadel/internal/api/authz"
http_util "github.com/caos/zitadel/internal/api/http"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/errors"
@@ -45,8 +44,7 @@ func (l *Login) handleJWTRequest(w http.ResponseWriter, r *http.Request) {
l.renderError(w, r, nil, err)
return
}
instanceID := authz.GetInstance(r.Context()).InstanceID()
authReq, err := l.authRepo.AuthRequestByID(r.Context(), data.AuthRequestID, userAgentID, instanceID)
authReq, err := l.authRepo.AuthRequestByID(r.Context(), data.AuthRequestID, userAgentID)
if err != nil {
l.renderError(w, r, authReq, err)
return
@@ -84,13 +82,13 @@ func (l *Login) handleJWTExtraction(w http.ResponseWriter, r *http.Request, auth
return
}
metadata := externalUser.Metadatas
err = l.authRepo.CheckExternalUserLogin(setContext(r.Context(), ""), authReq.ID, authReq.AgentID, authReq.InstanceID, externalUser, domain.BrowserInfoFromRequest(r))
err = l.authRepo.CheckExternalUserLogin(setContext(r.Context(), ""), authReq.ID, authReq.AgentID, externalUser, domain.BrowserInfoFromRequest(r))
if err != nil {
l.jwtExtractionUserNotFound(w, r, authReq, idpConfig, tokens, err)
return
}
if len(metadata) > 0 {
authReq, err = l.authRepo.AuthRequestByID(r.Context(), authReq.ID, authReq.AgentID, authReq.InstanceID)
authReq, err = l.authRepo.AuthRequestByID(r.Context(), authReq.ID, authReq.AgentID)
if err != nil {
l.renderError(w, r, authReq, err)
return
@@ -117,7 +115,7 @@ func (l *Login) jwtExtractionUserNotFound(w http.ResponseWriter, r *http.Request
l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, nil, err)
return
}
authReq, err = l.authRepo.AuthRequestByID(r.Context(), authReq.ID, authReq.AgentID, authReq.InstanceID)
authReq, err = l.authRepo.AuthRequestByID(r.Context(), authReq.ID, authReq.AgentID)
if err != nil {
l.renderError(w, r, authReq, err)
return
@@ -135,12 +133,12 @@ func (l *Login) jwtExtractionUserNotFound(w http.ResponseWriter, r *http.Request
l.renderError(w, r, authReq, err)
return
}
err = l.authRepo.AutoRegisterExternalUser(setContext(r.Context(), resourceOwner), user, externalIDP, nil, authReq.ID, authReq.AgentID, resourceOwner, authReq.InstanceID, metadata, domain.BrowserInfoFromRequest(r))
err = l.authRepo.AutoRegisterExternalUser(setContext(r.Context(), resourceOwner), user, externalIDP, nil, authReq.ID, authReq.AgentID, resourceOwner, metadata, domain.BrowserInfoFromRequest(r))
if err != nil {
l.renderError(w, r, authReq, err)
return
}
authReq, err = l.authRepo.AuthRequestByID(r.Context(), authReq.ID, authReq.AgentID, authReq.InstanceID)
authReq, err = l.authRepo.AuthRequestByID(r.Context(), authReq.ID, authReq.AgentID)
if err != nil {
l.renderError(w, r, authReq, err)
return
@@ -209,8 +207,7 @@ func (l *Login) handleJWTCallback(w http.ResponseWriter, r *http.Request) {
l.renderError(w, r, nil, err)
return
}
instanceID := authz.GetInstance(r.Context()).InstanceID()
authReq, err := l.authRepo.AuthRequestByID(r.Context(), data.AuthRequestID, userAgentID, instanceID)
authReq, err := l.authRepo.AuthRequestByID(r.Context(), data.AuthRequestID, userAgentID)
if err != nil {
l.renderError(w, r, authReq, err)
return

4
internal/api/ui/login/link_users_handler.go
View File

@@ -3,7 +3,6 @@ package login
import (
"net/http"
"github.com/caos/zitadel/internal/api/authz"
http_mw "github.com/caos/zitadel/internal/api/http/middleware"
"github.com/caos/zitadel/internal/domain"
)
@@ -14,8 +13,7 @@ const (
func (l *Login) linkUsers(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, err error) {
userAgentID, _ := http_mw.UserAgentIDFromCtx(r.Context())
instanceID := authz.GetInstance(r.Context()).InstanceID()
err = l.authRepo.LinkExternalUsers(setContext(r.Context(), authReq.UserOrgID), authReq.ID, userAgentID, instanceID, domain.BrowserInfoFromRequest(r))
err = l.authRepo.LinkExternalUsers(setContext(r.Context(), authReq.UserOrgID), authReq.ID, userAgentID, domain.BrowserInfoFromRequest(r))
l.renderLinkUsersDone(w, r, authReq, err)
}

4
internal/api/ui/login/login_handler.go
View File

@@ -3,7 +3,6 @@ package login
import (
"net/http"
"github.com/caos/zitadel/internal/api/authz"
http_mw "github.com/caos/zitadel/internal/api/http/middleware"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/errors"
@@ -60,9 +59,8 @@ func (l *Login) handleLoginNameCheck(w http.ResponseWriter, r *http.Request) {
return
}
userAgentID, _ := http_mw.UserAgentIDFromCtx(r.Context())
instanceID := authz.GetInstance(r.Context()).InstanceID()
loginName := data.LoginName
err = l.authRepo.CheckLoginName(r.Context(), authReq.ID, loginName, userAgentID, instanceID)
err = l.authRepo.CheckLoginName(r.Context(), authReq.ID, loginName, userAgentID)
if err != nil {
l.renderLogin(w, r, authReq, err)
return

4
internal/api/ui/login/mfa_verify_handler.go
View File

@@ -3,7 +3,6 @@ package login
import (
"net/http"
"github.com/caos/zitadel/internal/api/authz"
http_mw "github.com/caos/zitadel/internal/api/http/middleware"
"github.com/caos/zitadel/internal/domain"
)
@@ -36,8 +35,7 @@ func (l *Login) handleMFAVerify(w http.ResponseWriter, r *http.Request) {
}
if data.MFAType == domain.MFATypeOTP {
userAgentID, _ := http_mw.UserAgentIDFromCtx(r.Context())
instanceID := authz.GetInstance(r.Context()).InstanceID()
err = l.authRepo.VerifyMFAOTP(setContext(r.Context(), authReq.UserOrgID), authReq.ID, authReq.UserID, authReq.UserOrgID, data.Code, userAgentID, instanceID, domain.BrowserInfoFromRequest(r))
err = l.authRepo.VerifyMFAOTP(setContext(r.Context(), authReq.UserOrgID), authReq.ID, authReq.UserID, authReq.UserOrgID, data.Code, userAgentID, domain.BrowserInfoFromRequest(r))
if err != nil {
l.renderMFAVerifySelected(w, r, authReq, step, domain.MFATypeOTP, err)
return

7
internal/api/ui/login/mfa_verify_u2f_handler.go
View File

@@ -6,7 +6,6 @@ import (
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/api/authz"
http_mw "github.com/caos/zitadel/internal/api/http/middleware"
)
@@ -30,8 +29,7 @@ func (l *Login) renderU2FVerification(w http.ResponseWriter, r *http.Request, au
var webAuthNLogin *domain.WebAuthNLogin
if err == nil {
userAgentID, _ := http_mw.UserAgentIDFromCtx(r.Context())
instanceID := authz.GetInstance(r.Context()).InstanceID()
webAuthNLogin, err = l.authRepo.BeginMFAU2FLogin(setContext(r.Context(), authReq.UserOrgID), authReq.UserID, authReq.UserOrgID, authReq.ID, userAgentID, instanceID)
webAuthNLogin, err = l.authRepo.BeginMFAU2FLogin(setContext(r.Context(), authReq.UserOrgID), authReq.UserID, authReq.UserOrgID, authReq.ID, userAgentID)
}
if err != nil {
errID, errMessage = l.getErrorMessage(r, err)
@@ -72,8 +70,7 @@ func (l *Login) handleU2FVerification(w http.ResponseWriter, r *http.Request) {
return
}
userAgentID, _ := http_mw.UserAgentIDFromCtx(r.Context())
instanceID := authz.GetInstance(r.Context()).InstanceID()
err = l.authRepo.VerifyMFAU2F(setContext(r.Context(), authReq.UserOrgID), authReq.UserID, authReq.UserOrgID, authReq.ID, userAgentID, instanceID, credData, domain.BrowserInfoFromRequest(r))
err = l.authRepo.VerifyMFAU2F(setContext(r.Context(), authReq.UserOrgID), authReq.UserID, authReq.UserOrgID, authReq.ID, userAgentID, credData, domain.BrowserInfoFromRequest(r))
if err != nil {
l.renderU2FVerification(w, r, authReq, step.MFAProviders, err)
return

2
internal/api/ui/login/password_handler.go
View File

@@ -38,7 +38,7 @@ func (l *Login) handlePasswordCheck(w http.ResponseWriter, r *http.Request) {
l.renderError(w, r, authReq, err)
return
}
err = l.authRepo.VerifyPassword(setContext(r.Context(), authReq.UserOrgID), authReq.ID, authReq.UserID, authReq.UserOrgID, data.Password, authReq.AgentID, authReq.InstanceID, domain.BrowserInfoFromRequest(r))
err = l.authRepo.VerifyPassword(setContext(r.Context(), authReq.UserOrgID), authReq.ID, authReq.UserID, authReq.UserOrgID, data.Password, authReq.AgentID, domain.BrowserInfoFromRequest(r))
if err != nil {
l.renderPassword(w, r, authReq, err)
return

4
internal/api/ui/login/passwordless_login_handler.go
View File

@@ -25,7 +25,7 @@ func (l *Login) renderPasswordlessVerification(w http.ResponseWriter, r *http.Re
var errID, errMessage, credentialData string
var webAuthNLogin *domain.WebAuthNLogin
if err == nil {
webAuthNLogin, err = l.authRepo.BeginPasswordlessLogin(setContext(r.Context(), authReq.UserOrgID), authReq.UserID, authReq.UserOrgID, authReq.ID, authReq.AgentID, authReq.InstanceID)
webAuthNLogin, err = l.authRepo.BeginPasswordlessLogin(setContext(r.Context(), authReq.UserOrgID), authReq.UserID, authReq.UserOrgID, authReq.ID, authReq.AgentID)
}
if err != nil {
errID, errMessage = l.getErrorMessage(r, err)
@@ -62,7 +62,7 @@ func (l *Login) handlePasswordlessVerification(w http.ResponseWriter, r *http.Re
l.renderPasswordlessVerification(w, r, authReq, formData.PasswordLogin, err)
return
}
err = l.authRepo.VerifyPasswordless(setContext(r.Context(), authReq.UserOrgID), authReq.UserID, authReq.UserOrgID, authReq.ID, authReq.AgentID, authReq.InstanceID, credData, domain.BrowserInfoFromRequest(r))
err = l.authRepo.VerifyPasswordless(setContext(r.Context(), authReq.UserOrgID), authReq.UserID, authReq.UserOrgID, authReq.ID, authReq.AgentID, credData, domain.BrowserInfoFromRequest(r))
if err != nil {
l.renderPasswordlessVerification(w, r, authReq, formData.PasswordLogin, err)
return

1
internal/api/ui/login/passwordless_registration_handler.go
View File

@@ -5,7 +5,6 @@ import (
"net/http"
"github.com/caos/logging"
http_mw "github.com/caos/zitadel/internal/api/http/middleware"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/eventstore/v1/models"

4
internal/api/ui/login/register_handler.go
View File

@@ -5,7 +5,6 @@ import (
"golang.org/x/text/language"
"github.com/caos/zitadel/internal/api/authz"
http_mw "github.com/caos/zitadel/internal/api/http/middleware"
"github.com/caos/zitadel/internal/domain"
caos_errs "github.com/caos/zitadel/internal/errors"
@@ -95,8 +94,7 @@ func (l *Login) handleRegisterCheck(w http.ResponseWriter, r *http.Request) {
return
}
userAgentID, _ := http_mw.UserAgentIDFromCtx(r.Context())
instanceID := authz.GetInstance(r.Context()).InstanceID()
err = l.authRepo.SelectUser(r.Context(), authRequest.ID, user.AggregateID, userAgentID, instanceID)
err = l.authRepo.SelectUser(r.Context(), authRequest.ID, user.AggregateID, userAgentID)
if err != nil {
l.renderRegister(w, r, authRequest, data, err)
return

11
internal/api/ui/login/renderer.go
View File

@@ -9,6 +9,7 @@ import (
"strings"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/api/authz"
"github.com/gorilla/csrf"
"golang.org/x/text/language"
@@ -220,7 +221,7 @@ func CreateRenderer(pathPrefix string, staticDir http.FileSystem, staticStorage
tmplMapping, funcs,
i18n.TranslatorConfig{DefaultLanguage: defaultLanguage, CookieName: cookieName},
)
logging.Log("APP-40tSoJ").OnError(err).WithError(err).Panic("error creating renderer")
logging.New().OnError(err).WithError(err).Panic("error creating renderer")
return r
}
@@ -229,7 +230,7 @@ func (l *Login) renderNextStep(w http.ResponseWriter, r *http.Request, authReq *
l.renderInternalError(w, r, nil, caos_errs.ThrowInvalidArgument(nil, "LOGIN-Df3f2", "Errors.AuthRequest.NotFound"))
return
}
authReq, err := l.authRepo.AuthRequestByID(r.Context(), authReq.ID, authReq.AgentID, authReq.InstanceID)
authReq, err := l.authRepo.AuthRequestByID(r.Context(), authReq.ID, authReq.AgentID)
if err != nil {
l.renderInternalError(w, r, authReq, err)
return
@@ -341,7 +342,7 @@ func (l *Login) getBaseData(r *http.Request, authReq *domain.AuthRequest, title
Theme: l.getTheme(r),
ThemeMode: l.getThemeMode(r),
DarkMode: l.isDarkMode(r),
PrivateLabelingOrgID: l.getPrivateLabelingID(authReq),
PrivateLabelingOrgID: l.getPrivateLabelingID(authz.GetInstance(r.Context()).InstanceID(), authReq),
OrgID: l.getOrgID(authReq),
OrgName: l.getOrgName(authReq),
PrimaryDomain: l.getOrgPrimaryDomain(authReq),
@@ -455,8 +456,8 @@ func (l *Login) getOrgID(authReq *domain.AuthRequest) string {
return authReq.UserOrgID
}
func (l *Login) getPrivateLabelingID(authReq *domain.AuthRequest) string {
privateLabelingOrgID := domain.IAMID
func (l *Login) getPrivateLabelingID(instanceID string, authReq *domain.AuthRequest) string {
privateLabelingOrgID := instanceID
if authReq == nil {
return privateLabelingOrgID
}

3
internal/api/ui/login/resources_handler.go
View File

@@ -4,6 +4,7 @@ import (
"context"
"net/http"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/domain"
)
@@ -24,7 +25,7 @@ func (l *Login) handleDynamicResources(w http.ResponseWriter, r *http.Request) {
return
}
bucketName := domain.IAMID
bucketName := authz.GetInstance(r.Context()).InstanceID()
if data.OrgID != "" && !data.DefaultPolicy {
bucketName = data.OrgID
}

4
internal/api/ui/login/select_user_handler.go
View File

@@ -5,7 +5,6 @@ import (
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/api/authz"
http_mw "github.com/caos/zitadel/internal/api/http/middleware"
)
@@ -39,8 +38,7 @@ func (l *Login) handleSelectUser(w http.ResponseWriter, r *http.Request) {
return
}
userAgentID, _ := http_mw.UserAgentIDFromCtx(r.Context())
instanceID := authz.GetInstance(r.Context()).InstanceID()
err = l.authRepo.SelectUser(r.Context(), authSession.ID, data.UserID, userAgentID, instanceID)
err = l.authRepo.SelectUser(r.Context(), authSession.ID, data.UserID, userAgentID)
if err != nil {
l.renderError(w, r, authSession, err)
return

38
internal/auth/repository/auth_request.go
View File

@@ -8,30 +8,30 @@ import (
type AuthRequestRepository interface {
CreateAuthRequest(ctx context.Context, request *domain.AuthRequest) (*domain.AuthRequest, error)
AuthRequestByID(ctx context.Context, id, userAgentID, instanceID string) (*domain.AuthRequest, error)
AuthRequestByIDCheckLoggedIn(ctx context.Context, id, userAgentID, instanceID string) (*domain.AuthRequest, error)
AuthRequestByCode(ctx context.Context, code, instanceID string) (*domain.AuthRequest, error)
SaveAuthCode(ctx context.Context, id, code, userAgentID, instanceID string) error
DeleteAuthRequest(ctx context.Context, id, instanceID string) error
AuthRequestByID(ctx context.Context, id, userAgentID string) (*domain.AuthRequest, error)
AuthRequestByIDCheckLoggedIn(ctx context.Context, id, userAgentID string) (*domain.AuthRequest, error)
AuthRequestByCode(ctx context.Context, code string) (*domain.AuthRequest, error)
SaveAuthCode(ctx context.Context, id, code, userAgentID string) error
DeleteAuthRequest(ctx context.Context, id string) error
CheckLoginName(ctx context.Context, id, loginName, userAgentID, instanceID string) error
CheckExternalUserLogin(ctx context.Context, authReqID, userAgentID, instanceID string, user *domain.ExternalUser, info *domain.BrowserInfo) error
SetExternalUserLogin(ctx context.Context, authReqID, userAgentID, instanceID string, user *domain.ExternalUser) error
SelectUser(ctx context.Context, id, userID, userAgentID, instanceID string) error
SelectExternalIDP(ctx context.Context, authReqID, idpConfigID, userAgentID, instanceID string) error
VerifyPassword(ctx context.Context, id, userID, resourceOwner, password, userAgentID, instanceID string, info *domain.BrowserInfo) error
CheckLoginName(ctx context.Context, id, loginName, userAgentID string) error
CheckExternalUserLogin(ctx context.Context, authReqID, userAgentID string, user *domain.ExternalUser, info *domain.BrowserInfo) error
SetExternalUserLogin(ctx context.Context, authReqID, userAgentID string, user *domain.ExternalUser) error
SelectUser(ctx context.Context, id, userID, userAgentID string) error
SelectExternalIDP(ctx context.Context, authReqID, idpConfigID, userAgentID string) error
VerifyPassword(ctx context.Context, id, userID, resourceOwner, password, userAgentID string, info *domain.BrowserInfo) error
VerifyMFAOTP(ctx context.Context, authRequestID, userID, resourceOwner, code, userAgentID, instanceID string, info *domain.BrowserInfo) error
BeginMFAU2FLogin(ctx context.Context, userID, resourceOwner, authRequestID, userAgentID, instanceID string) (*domain.WebAuthNLogin, error)
VerifyMFAU2F(ctx context.Context, userID, resourceOwner, authRequestID, userAgentID, instanceID string, credentialData []byte, info *domain.BrowserInfo) error
VerifyMFAOTP(ctx context.Context, authRequestID, userID, resourceOwner, code, userAgentID string, info *domain.BrowserInfo) error
BeginMFAU2FLogin(ctx context.Context, userID, resourceOwner, authRequestID, userAgentID string) (*domain.WebAuthNLogin, error)
VerifyMFAU2F(ctx context.Context, userID, resourceOwner, authRequestID, userAgentID string, credentialData []byte, info *domain.BrowserInfo) error
BeginPasswordlessSetup(ctx context.Context, userID, resourceOwner string, preferredPlatformType domain.AuthenticatorAttachment) (login *domain.WebAuthNToken, err error)
VerifyPasswordlessSetup(ctx context.Context, userID, resourceOwner, userAgentID, tokenName string, credentialData []byte) (err error)
BeginPasswordlessInitCodeSetup(ctx context.Context, userID, resourceOwner, codeID, verificationCode string, preferredPlatformType domain.AuthenticatorAttachment) (login *domain.WebAuthNToken, err error)
VerifyPasswordlessInitCodeSetup(ctx context.Context, userID, resourceOwner, userAgentID, tokenName, codeID, verificationCode string, credentialData []byte) (err error)
BeginPasswordlessLogin(ctx context.Context, userID, resourceOwner, authRequestID, userAgentID, instanceID string) (*domain.WebAuthNLogin, error)
VerifyPasswordless(ctx context.Context, userID, resourceOwner, authRequestID, userAgentID, instanceID string, credentialData []byte, info *domain.BrowserInfo) error
BeginPasswordlessLogin(ctx context.Context, userID, resourceOwner, authRequestID, userAgentID string) (*domain.WebAuthNLogin, error)
VerifyPasswordless(ctx context.Context, userID, resourceOwner, authRequestID, userAgentID string, credentialData []byte, info *domain.BrowserInfo) error
LinkExternalUsers(ctx context.Context, authReqID, userAgentID, instanceID string, info *domain.BrowserInfo) error
AutoRegisterExternalUser(ctx context.Context, user *domain.Human, externalIDP *domain.UserIDPLink, orgMemberRoles []string, authReqID, userAgentID, resourceOwner, instanceID string, metadatas []*domain.Metadata, info *domain.BrowserInfo) error
ResetLinkingUsers(ctx context.Context, authReqID, userAgentID, instanceID string) error
LinkExternalUsers(ctx context.Context, authReqID, userAgentID string, info *domain.BrowserInfo) error
AutoRegisterExternalUser(ctx context.Context, user *domain.Human, externalIDP *domain.UserIDPLink, orgMemberRoles []string, authReqID, userAgentID, resourceOwner string, metadatas []*domain.Metadata, info *domain.BrowserInfo) error
ResetLinkingUsers(ctx context.Context, authReqID, userAgentID string) error
}

96
internal/auth/repository/eventsourcing/eventstore/auth_request.go
View File

@@ -156,22 +156,22 @@ func (repo *AuthRequestRepo) CreateAuthRequest(ctx context.Context, request *dom
return request, nil
}
func (repo *AuthRequestRepo) AuthRequestByID(ctx context.Context, id, userAgentID, instanceID string) (_ *domain.AuthRequest, err error) {
func (repo *AuthRequestRepo) AuthRequestByID(ctx context.Context, id, userAgentID string) (_ *domain.AuthRequest, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
return repo.getAuthRequestNextSteps(ctx, id, userAgentID, instanceID, false)
return repo.getAuthRequestNextSteps(ctx, id, userAgentID, false)
}
func (repo *AuthRequestRepo) AuthRequestByIDCheckLoggedIn(ctx context.Context, id, userAgentID, instanceID string) (_ *domain.AuthRequest, err error) {
func (repo *AuthRequestRepo) AuthRequestByIDCheckLoggedIn(ctx context.Context, id, userAgentID string) (_ *domain.AuthRequest, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
return repo.getAuthRequestNextSteps(ctx, id, userAgentID, instanceID, true)
return repo.getAuthRequestNextSteps(ctx, id, userAgentID, true)
}
func (repo *AuthRequestRepo) SaveAuthCode(ctx context.Context, id, code, userAgentID, instanceID string) (err error) {
func (repo *AuthRequestRepo) SaveAuthCode(ctx context.Context, id, code, userAgentID string) (err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
request, err := repo.getAuthRequest(ctx, id, userAgentID, instanceID)
request, err := repo.getAuthRequest(ctx, id, userAgentID)
if err != nil {
return err
}
@@ -179,10 +179,10 @@ func (repo *AuthRequestRepo) SaveAuthCode(ctx context.Context, id, code, userAge
return repo.AuthRequests.UpdateAuthRequest(ctx, request)
}
func (repo *AuthRequestRepo) AuthRequestByCode(ctx context.Context, code, instanceID string) (_ *domain.AuthRequest, err error) {
func (repo *AuthRequestRepo) AuthRequestByCode(ctx context.Context, code string) (_ *domain.AuthRequest, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
request, err := repo.AuthRequests.GetAuthRequestByCode(ctx, code, instanceID)
request, err := repo.AuthRequests.GetAuthRequestByCode(ctx, code)
if err != nil {
return nil, err
}
@@ -198,16 +198,16 @@ func (repo *AuthRequestRepo) AuthRequestByCode(ctx context.Context, code, instan
return request, nil
}
func (repo *AuthRequestRepo) DeleteAuthRequest(ctx context.Context, id, instanceID string) (err error) {
func (repo *AuthRequestRepo) DeleteAuthRequest(ctx context.Context, id string) (err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
return repo.AuthRequests.DeleteAuthRequest(ctx, id, instanceID)
return repo.AuthRequests.DeleteAuthRequest(ctx, id)
}
func (repo *AuthRequestRepo) CheckLoginName(ctx context.Context, id, loginName, userAgentID, instanceID string) (err error) {
func (repo *AuthRequestRepo) CheckLoginName(ctx context.Context, id, loginName, userAgentID string) (err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
request, err := repo.getAuthRequest(ctx, id, userAgentID, instanceID)
request, err := repo.getAuthRequest(ctx, id, userAgentID)
if err != nil {
return err
}
@@ -218,10 +218,10 @@ func (repo *AuthRequestRepo) CheckLoginName(ctx context.Context, id, loginName,
return repo.AuthRequests.UpdateAuthRequest(ctx, request)
}
func (repo *AuthRequestRepo) SelectExternalIDP(ctx context.Context, authReqID, idpConfigID, userAgentID, instanceID string) (err error) {
func (repo *AuthRequestRepo) SelectExternalIDP(ctx context.Context, authReqID, idpConfigID, userAgentID string) (err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
request, err := repo.getAuthRequest(ctx, authReqID, userAgentID, instanceID)
request, err := repo.getAuthRequest(ctx, authReqID, userAgentID)
if err != nil {
return err
}
@@ -232,10 +232,10 @@ func (repo *AuthRequestRepo) SelectExternalIDP(ctx context.Context, authReqID, i
return repo.AuthRequests.UpdateAuthRequest(ctx, request)
}
func (repo *AuthRequestRepo) CheckExternalUserLogin(ctx context.Context, authReqID, userAgentID, instanceID string, externalUser *domain.ExternalUser, info *domain.BrowserInfo) (err error) {
func (repo *AuthRequestRepo) CheckExternalUserLogin(ctx context.Context, authReqID, userAgentID string, externalUser *domain.ExternalUser, info *domain.BrowserInfo) (err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
request, err := repo.getAuthRequest(ctx, authReqID, userAgentID, instanceID)
request, err := repo.getAuthRequest(ctx, authReqID, userAgentID)
if err != nil {
return err
}
@@ -257,10 +257,10 @@ func (repo *AuthRequestRepo) CheckExternalUserLogin(ctx context.Context, authReq
return repo.AuthRequests.UpdateAuthRequest(ctx, request)
}
func (repo *AuthRequestRepo) SetExternalUserLogin(ctx context.Context, authReqID, userAgentID, instanceID string, externalUser *domain.ExternalUser) (err error) {
func (repo *AuthRequestRepo) SetExternalUserLogin(ctx context.Context, authReqID, userAgentID string, externalUser *domain.ExternalUser) (err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
request, err := repo.getAuthRequest(ctx, authReqID, userAgentID, instanceID)
request, err := repo.getAuthRequest(ctx, authReqID, userAgentID)
if err != nil {
return err
}
@@ -277,10 +277,10 @@ func (repo *AuthRequestRepo) setLinkingUser(ctx context.Context, request *domain
return repo.AuthRequests.UpdateAuthRequest(ctx, request)
}
func (repo *AuthRequestRepo) SelectUser(ctx context.Context, id, userID, userAgentID, instanceID string) (err error) {
func (repo *AuthRequestRepo) SelectUser(ctx context.Context, id, userID, userAgentID string) (err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
request, err := repo.getAuthRequest(ctx, id, userAgentID, instanceID)
request, err := repo.getAuthRequest(ctx, id, userAgentID)
if err != nil {
return err
}
@@ -299,10 +299,10 @@ func (repo *AuthRequestRepo) SelectUser(ctx context.Context, id, userID, userAge
return repo.AuthRequests.UpdateAuthRequest(ctx, request)
}
func (repo *AuthRequestRepo) VerifyPassword(ctx context.Context, id, userID, resourceOwner, password, userAgentID, instanceID string, info *domain.BrowserInfo) (err error) {
func (repo *AuthRequestRepo) VerifyPassword(ctx context.Context, authReqID, userID, resourceOwner, password, userAgentID string, info *domain.BrowserInfo) (err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
request, err := repo.getAuthRequestEnsureUser(ctx, id, userAgentID, userID, instanceID)
request, err := repo.getAuthRequestEnsureUser(ctx, authReqID, userAgentID, userID)
if err != nil {
return err
}
@@ -328,31 +328,31 @@ func lockoutPolicyToDomain(policy *query.LockoutPolicy) *domain.LockoutPolicy {
}
}
func (repo *AuthRequestRepo) VerifyMFAOTP(ctx context.Context, authRequestID, userID, resourceOwner, code, userAgentID, instanceID string, info *domain.BrowserInfo) (err error) {
func (repo *AuthRequestRepo) VerifyMFAOTP(ctx context.Context, authRequestID, userID, resourceOwner, code, userAgentID string, info *domain.BrowserInfo) (err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
request, err := repo.getAuthRequestEnsureUser(ctx, authRequestID, userAgentID, userID, instanceID)
request, err := repo.getAuthRequestEnsureUser(ctx, authRequestID, userAgentID, userID)
if err != nil {
return err
}
return repo.Command.HumanCheckMFAOTP(ctx, userID, code, resourceOwner, request.WithCurrentInfo(info))
}
func (repo *AuthRequestRepo) BeginMFAU2FLogin(ctx context.Context, userID, resourceOwner, authRequestID, userAgentID, instanceID string) (login *domain.WebAuthNLogin, err error) {
func (repo *AuthRequestRepo) BeginMFAU2FLogin(ctx context.Context, userID, resourceOwner, authRequestID, userAgentID string) (login *domain.WebAuthNLogin, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
request, err := repo.getAuthRequestEnsureUser(ctx, authRequestID, userAgentID, userID, instanceID)
request, err := repo.getAuthRequestEnsureUser(ctx, authRequestID, userAgentID, userID)
if err != nil {
return nil, err
}
return repo.Command.HumanBeginU2FLogin(ctx, userID, resourceOwner, request, true)
}
func (repo *AuthRequestRepo) VerifyMFAU2F(ctx context.Context, userID, resourceOwner, authRequestID, userAgentID, instanceID string, credentialData []byte, info *domain.BrowserInfo) (err error) {
func (repo *AuthRequestRepo) VerifyMFAU2F(ctx context.Context, userID, resourceOwner, authRequestID, userAgentID string, credentialData []byte, info *domain.BrowserInfo) (err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
request, err := repo.getAuthRequestEnsureUser(ctx, authRequestID, userAgentID, userID, instanceID)
request, err := repo.getAuthRequestEnsureUser(ctx, authRequestID, userAgentID, userID)
if err != nil {
return err
}
@@ -393,30 +393,30 @@ func (repo *AuthRequestRepo) VerifyPasswordlessInitCodeSetup(ctx context.Context
return err
}
func (repo *AuthRequestRepo) BeginPasswordlessLogin(ctx context.Context, userID, resourceOwner, authRequestID, userAgentID, instanceID string) (login *domain.WebAuthNLogin, err error) {
func (repo *AuthRequestRepo) BeginPasswordlessLogin(ctx context.Context, userID, resourceOwner, authRequestID, userAgentID string) (login *domain.WebAuthNLogin, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
request, err := repo.getAuthRequestEnsureUser(ctx, authRequestID, userAgentID, userID, instanceID)
request, err := repo.getAuthRequestEnsureUser(ctx, authRequestID, userAgentID, userID)
if err != nil {
return nil, err
}
return repo.Command.HumanBeginPasswordlessLogin(ctx, userID, resourceOwner, request, true)
}
func (repo *AuthRequestRepo) VerifyPasswordless(ctx context.Context, userID, resourceOwner, authRequestID, userAgentID, instanceID string, credentialData []byte, info *domain.BrowserInfo) (err error) {
func (repo *AuthRequestRepo) VerifyPasswordless(ctx context.Context, userID, resourceOwner, authRequestID, userAgentID string, credentialData []byte, info *domain.BrowserInfo) (err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
request, err := repo.getAuthRequestEnsureUser(ctx, authRequestID, userAgentID, userID, instanceID)
request, err := repo.getAuthRequestEnsureUser(ctx, authRequestID, userAgentID, userID)
if err != nil {
return err
}
return repo.Command.HumanFinishPasswordlessLogin(ctx, userID, resourceOwner, credentialData, request, true)
}
func (repo *AuthRequestRepo) LinkExternalUsers(ctx context.Context, authReqID, userAgentID, instanceID string, info *domain.BrowserInfo) (err error) {
func (repo *AuthRequestRepo) LinkExternalUsers(ctx context.Context, authReqID, userAgentID string, info *domain.BrowserInfo) (err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
request, err := repo.getAuthRequest(ctx, authReqID, userAgentID, instanceID)
request, err := repo.getAuthRequest(ctx, authReqID, userAgentID)
if err != nil {
return err
}
@@ -432,8 +432,8 @@ func (repo *AuthRequestRepo) LinkExternalUsers(ctx context.Context, authReqID, u
return repo.AuthRequests.UpdateAuthRequest(ctx, request)
}
func (repo *AuthRequestRepo) ResetLinkingUsers(ctx context.Context, authReqID, userAgentID, instanceID string) error {
request, err := repo.getAuthRequest(ctx, authReqID, userAgentID, instanceID)
func (repo *AuthRequestRepo) ResetLinkingUsers(ctx context.Context, authReqID, userAgentID string) error {
request, err := repo.getAuthRequest(ctx, authReqID, userAgentID)
if err != nil {
return err
}
@@ -442,10 +442,10 @@ func (repo *AuthRequestRepo) ResetLinkingUsers(ctx context.Context, authReqID, u
return repo.AuthRequests.UpdateAuthRequest(ctx, request)
}
func (repo *AuthRequestRepo) AutoRegisterExternalUser(ctx context.Context, registerUser *domain.Human, externalIDP *domain.UserIDPLink, orgMemberRoles []string, authReqID, userAgentID, resourceOwner, instanceID string, metadatas []*domain.Metadata, info *domain.BrowserInfo) (err error) {
func (repo *AuthRequestRepo) AutoRegisterExternalUser(ctx context.Context, registerUser *domain.Human, externalIDP *domain.UserIDPLink, orgMemberRoles []string, authReqID, userAgentID, resourceOwner string, metadatas []*domain.Metadata, info *domain.BrowserInfo) (err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
request, err := repo.getAuthRequest(ctx, authReqID, userAgentID, instanceID)
request, err := repo.getAuthRequest(ctx, authReqID, userAgentID)
if err != nil {
return err
}
@@ -478,8 +478,8 @@ func (repo *AuthRequestRepo) AutoRegisterExternalUser(ctx context.Context, regis
return repo.AuthRequests.UpdateAuthRequest(ctx, request)
}
func (repo *AuthRequestRepo) getAuthRequestNextSteps(ctx context.Context, id, userAgentID, instanceID string, checkLoggedIn bool) (*domain.AuthRequest, error) {
request, err := repo.getAuthRequest(ctx, id, userAgentID, instanceID)
func (repo *AuthRequestRepo) getAuthRequestNextSteps(ctx context.Context, id, userAgentID string, checkLoggedIn bool) (*domain.AuthRequest, error) {
request, err := repo.getAuthRequest(ctx, id, userAgentID)
if err != nil {
return nil, err
}
@@ -491,8 +491,8 @@ func (repo *AuthRequestRepo) getAuthRequestNextSteps(ctx context.Context, id, us
return request, nil
}
func (repo *AuthRequestRepo) getAuthRequestEnsureUser(ctx context.Context, authRequestID, userAgentID, userID, instanceID string) (*domain.AuthRequest, error) {
request, err := repo.getAuthRequest(ctx, authRequestID, userAgentID, instanceID)
func (repo *AuthRequestRepo) getAuthRequestEnsureUser(ctx context.Context, authRequestID, userAgentID, userID string) (*domain.AuthRequest, error) {
request, err := repo.getAuthRequest(ctx, authRequestID, userAgentID)
if err != nil {
return nil, err
}
@@ -506,8 +506,8 @@ func (repo *AuthRequestRepo) getAuthRequestEnsureUser(ctx context.Context, authR
return request, nil
}
func (repo *AuthRequestRepo) getAuthRequest(ctx context.Context, id, userAgentID, instanceID string) (*domain.AuthRequest, error) {
request, err := repo.AuthRequests.GetAuthRequestByID(ctx, id, instanceID)
func (repo *AuthRequestRepo) getAuthRequest(ctx context.Context, id, userAgentID string) (*domain.AuthRequest, error) {
request, err := repo.AuthRequests.GetAuthRequestByID(ctx, id)
if err != nil {
return nil, err
}
@@ -529,7 +529,7 @@ func (repo *AuthRequestRepo) getLoginPolicyAndIDPProviders(ctx context.Context,
if !policy.AllowExternalIDPs {
return policy, nil, nil
}
idpProviders, err := getLoginPolicyIDPProviders(repo.IDPProviderViewProvider, domain.IAMID, orgID, policy.IsDefault)
idpProviders, err := getLoginPolicyIDPProviders(repo.IDPProviderViewProvider, authz.GetInstance(ctx).InstanceID(), orgID, policy.IsDefault)
if err != nil {
return nil, nil, err
}
@@ -544,7 +544,7 @@ func (repo *AuthRequestRepo) fillPolicies(ctx context.Context, request *domain.A
orgID = request.UserOrgID
}
if orgID == "" {
orgID = domain.IAMID
orgID = authz.GetInstance(ctx).InstanceID()
}
loginPolicy, idpProviders, err := repo.getLoginPolicyAndIDPProviders(ctx, orgID)
@@ -565,7 +565,7 @@ func (repo *AuthRequestRepo) fillPolicies(ctx context.Context, request *domain.A
return err
}
request.PrivacyPolicy = privacyPolicy
privateLabelingOrgID := domain.IAMID
privateLabelingOrgID := authz.GetInstance(ctx).InstanceID()
if request.PrivateLabelingSetting != domain.PrivateLabelingSettingUnspecified {
privateLabelingOrgID = request.ApplicationResourceOwner
}
@@ -582,7 +582,7 @@ func (repo *AuthRequestRepo) fillPolicies(ctx context.Context, request *domain.A
return err
}
request.LabelPolicy = labelPolicy
defaultLoginTranslations, err := repo.getLoginTexts(ctx, domain.IAMID)
defaultLoginTranslations, err := repo.getLoginTexts(ctx, authz.GetInstance(ctx).InstanceID())
if err != nil {
return err
}

8
internal/auth/repository/eventsourcing/eventstore/org.go
View File

@@ -8,11 +8,9 @@ import (
"github.com/caos/zitadel/internal/config/systemdefaults"
"github.com/caos/zitadel/internal/domain"
eventstore "github.com/caos/zitadel/internal/eventstore/v1"
"github.com/caos/zitadel/internal/eventstore/v1/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
iam_view_model "github.com/caos/zitadel/internal/iam/repository/view/model"
"github.com/caos/zitadel/internal/query"
"github.com/caos/zitadel/internal/repository/instance"
)
type OrgRepository struct {
@@ -41,7 +39,7 @@ func (repo *OrgRepository) GetMyPasswordComplexityPolicy(ctx context.Context) (*
}
func (repo *OrgRepository) GetLoginText(ctx context.Context, orgID string) ([]*domain.CustomText, error) {
loginTexts, err := repo.Query.CustomTextListByTemplate(ctx, domain.IAMID, domain.LoginCustomText)
loginTexts, err := repo.Query.CustomTextListByTemplate(ctx, authz.GetInstance(ctx).InstanceID(), domain.LoginCustomText)
if err != nil {
return nil, err
}
@@ -51,7 +49,3 @@ func (repo *OrgRepository) GetLoginText(ctx context.Context, orgID string) ([]*d
}
return append(query.CustomTextsToDomain(loginTexts), query.CustomTextsToDomain(orgLoginTexts)...), nil
}
func (p *OrgRepository) getIAMEvents(ctx context.Context, sequence uint64) ([]*models.Event, error) {
return p.Eventstore.FilterEvents(ctx, models.NewSearchQuery().AggregateIDFilter(domain.IAMID).AggregateTypeFilter(instance.AggregateType))
}

9
internal/auth/repository/eventsourcing/handler/idp_providers.go
View File

@@ -4,7 +4,6 @@ import (
"context"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/config/systemdefaults"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/eventstore"
@@ -113,7 +112,7 @@ func (i *IDPProvider) processIdpProvider(event *models.Event) (err error) {
case instance.IDPConfigChangedEventType, org.IDPConfigChangedEventType:
esConfig := new(iam_view_model.IDPConfigView)
providerType := iam_model.IDPProviderTypeSystem
if event.AggregateID != domain.IAMID {
if event.AggregateID != event.InstanceID {
providerType = iam_model.IDPProviderTypeOrg
}
esConfig.AppendEvent(providerType, event)
@@ -122,7 +121,7 @@ func (i *IDPProvider) processIdpProvider(event *models.Event) (err error) {
return err
}
config := new(query2.IDP)
if event.AggregateID == domain.IAMID {
if event.AggregateID == event.InstanceID {
config, err = i.getDefaultIDPConfig(event.InstanceID, esConfig.IDPConfigID)
} else {
config, err = i.getOrgIDPConfig(event.InstanceID, event.AggregateID, esConfig.IDPConfigID)
@@ -180,7 +179,7 @@ func (i *IDPProvider) fillConfigData(provider *iam_view_model.IDPProviderView, c
}
func (i *IDPProvider) OnError(event *es_models.Event, err error) error {
logging.LogWithFields("SPOOL-Fjd89", "id", event.AggregateID).WithError(err).Warn("something went wrong in idp provider handler")
logging.WithFields("id", event.AggregateID).WithError(err).Warn("something went wrong in idp provider handler")
return spooler.HandleError(event, err, i.view.GetLatestIDPProviderFailedEvent, i.view.ProcessedIDPProviderFailedEvent, i.view.ProcessedIDPProviderSequence, i.errorCountUntilSkip)
}
@@ -193,5 +192,5 @@ func (i *IDPProvider) getOrgIDPConfig(instanceID, aggregateID, idpConfigID strin
}
func (u *IDPProvider) getDefaultIDPConfig(instanceID, idpConfigID string) (*query2.IDP, error) {
return u.queries.IDPByIDAndResourceOwner(withInstanceID(context.Background(), instanceID), idpConfigID, domain.IAMID)
return u.queries.IDPByIDAndResourceOwner(withInstanceID(context.Background(), instanceID), idpConfigID, instanceID)
}

3
internal/auth/repository/eventsourcing/handler/user_external_idps.go
View File

@@ -6,7 +6,6 @@ import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/config/systemdefaults"
"github.com/caos/zitadel/internal/domain"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
v1 "github.com/caos/zitadel/internal/eventstore/v1"
@@ -186,5 +185,5 @@ func (i *ExternalIDP) getOrgIDPConfig(instanceID, aggregateID, idpConfigID strin
}
func (i *ExternalIDP) getDefaultIDPConfig(instanceID, idpConfigID string) (*query2.IDP, error) {
return i.queries.IDPByIDAndResourceOwner(withInstanceID(context.Background(), instanceID), idpConfigID, domain.IAMID)
return i.queries.IDPByIDAndResourceOwner(withInstanceID(context.Background(), instanceID), idpConfigID, instanceID)
}

13
internal/auth_request/repository/cache/cache.go vendored
View File

@@ -8,6 +8,7 @@ import (
"fmt"
"time"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/domain"
caos_errs "github.com/caos/zitadel/internal/errors"
)
@@ -26,12 +27,12 @@ func (c *AuthRequestCache) Health(ctx context.Context) error {
return c.client.PingContext(ctx)
}
func (c *AuthRequestCache) GetAuthRequestByID(_ context.Context, id, instanceID string) (*domain.AuthRequest, error) {
return c.getAuthRequest("id", id, instanceID)
func (c *AuthRequestCache) GetAuthRequestByID(ctx context.Context, id string) (*domain.AuthRequest, error) {
return c.getAuthRequest("id", id, authz.GetInstance(ctx).InstanceID())
}
func (c *AuthRequestCache) GetAuthRequestByCode(_ context.Context, code, instanceID string) (*domain.AuthRequest, error) {
return c.getAuthRequest("code", code, instanceID)
func (c *AuthRequestCache) GetAuthRequestByCode(ctx context.Context, code string) (*domain.AuthRequest, error) {
return c.getAuthRequest("code", code, authz.GetInstance(ctx).InstanceID())
}
func (c *AuthRequestCache) SaveAuthRequest(_ context.Context, request *domain.AuthRequest) error {
@@ -45,8 +46,8 @@ func (c *AuthRequestCache) UpdateAuthRequest(_ context.Context, request *domain.
return c.saveAuthRequest(request, "UPDATE auth.auth_requests SET request = $2, instance_id = $3, change_date = $4, code = $5 WHERE id = $1", request.ChangeDate, request.Code)
}
func (c *AuthRequestCache) DeleteAuthRequest(_ context.Context, id, instanceID string) error {
_, err := c.client.Exec("DELETE FROM auth.auth_requests WHERE instance_id = $1 and id = $2", instanceID, id)
func (c *AuthRequestCache) DeleteAuthRequest(ctx context.Context, id string) error {
_, err := c.client.Exec("DELETE FROM auth.auth_requests WHERE instance_id = $1 and id = $2", authz.GetInstance(ctx).InstanceID(), id)
if err != nil {
return caos_errs.ThrowInternal(err, "CACHE-dsHw3", "unable to delete auth request")
}

6
internal/auth_request/repository/repository.go
View File

@@ -9,9 +9,9 @@ import (
type AuthRequestCache interface {
Health(ctx context.Context) error
GetAuthRequestByID(ctx context.Context, id, instanceID string) (*domain.AuthRequest, error)
GetAuthRequestByCode(ctx context.Context, code, instanceID string) (*domain.AuthRequest, error)
GetAuthRequestByID(ctx context.Context, id string) (*domain.AuthRequest, error)
GetAuthRequestByCode(ctx context.Context, code string) (*domain.AuthRequest, error)
SaveAuthRequest(ctx context.Context, request *domain.AuthRequest) error
UpdateAuthRequest(ctx context.Context, request *domain.AuthRequest) error
DeleteAuthRequest(ctx context.Context, id, instanceID string) error
DeleteAuthRequest(ctx context.Context, id string) error
}

2
internal/authz/repository/eventsourcing/eventstore/user_membership.go
View File

@@ -61,7 +61,7 @@ func (repo *UserMembershipRepo) searchUserMemberships(ctx context.Context) ([]*u
{
Key: user_model.UserMembershipSearchKeyAggregateID,
Method: domain.SearchMethodEquals,
Value: domain.IAMID,
Value: instance.InstanceID(),
},
{
Key: user_model.UserMembershipSearchKeyInstanceID,

8
internal/command/instancce_policy_password_age_model.go
View File

@@ -3,9 +3,9 @@ package command
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/repository/instance"
"github.com/caos/zitadel/internal/repository/policy"
)
@@ -14,12 +14,12 @@ type InstancePasswordAgePolicyWriteModel struct {
PasswordAgePolicyWriteModel
}
func NewInstancePasswordAgePolicyWriteModel() *InstancePasswordAgePolicyWriteModel {
func NewInstancePasswordAgePolicyWriteModel(ctx context.Context) *InstancePasswordAgePolicyWriteModel {
return &InstancePasswordAgePolicyWriteModel{
PasswordAgePolicyWriteModel{
WriteModel: eventstore.WriteModel{
AggregateID: domain.IAMID,
ResourceOwner: domain.IAMID,
AggregateID: authz.GetInstance(ctx).InstanceID(),
ResourceOwner: authz.GetInstance(ctx).InstanceID(),
},
},
}

74
internal/command/instance.go
View File

@@ -1,74 +0,0 @@
package command
import (
"context"
"github.com/caos/zitadel/internal/domain"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/repository/instance"
"github.com/caos/zitadel/internal/telemetry/tracing"
"golang.org/x/text/language"
)
//TODO: private as soon as setup uses query
func (c *Commands) GetInstance(ctx context.Context) (*domain.Instance, error) {
iamWriteModel := NewInstanceWriteModel()
err := c.eventstore.FilterToQueryReducer(ctx, iamWriteModel)
if err != nil {
return nil, err
}
return writeModelToInstance(iamWriteModel), nil
}
func (c *Commands) setGlobalOrg(ctx context.Context, iamAgg *eventstore.Aggregate, iamWriteModel *InstanceWriteModel, orgID string) (eventstore.Command, error) {
err := c.eventstore.FilterToQueryReducer(ctx, iamWriteModel)
if err != nil {
return nil, err
}
if iamWriteModel.GlobalOrgID != "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-HGG24", "Errors.IAM.GlobalOrgAlreadySet")
}
return instance.NewGlobalOrgSetEventEvent(ctx, iamAgg, orgID), nil
}
func (c *Commands) setIAMProject(ctx context.Context, iamAgg *eventstore.Aggregate, iamWriteModel *InstanceWriteModel, projectID string) (eventstore.Command, error) {
err := c.eventstore.FilterToQueryReducer(ctx, iamWriteModel)
if err != nil {
return nil, err
}
if iamWriteModel.ProjectID != "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-EGbw2", "Errors.IAM.IAMProjectAlreadySet")
}
return instance.NewIAMProjectSetEvent(ctx, iamAgg, projectID), nil
}
func (c *Commands) SetDefaultLanguage(ctx context.Context, language language.Tag) (*domain.ObjectDetails, error) {
iamWriteModel, err := c.getIAMWriteModel(ctx)
if err != nil {
return nil, err
}
iamAgg := InstanceAggregateFromWriteModel(&iamWriteModel.WriteModel)
pushedEvents, err := c.eventstore.Push(ctx, instance.NewDefaultLanguageSetEvent(ctx, iamAgg, language))
if err != nil {
return nil, err
}
err = AppendAndReduce(iamWriteModel, pushedEvents...)
if err != nil {
return nil, err
}
return writeModelToObjectDetails(&iamWriteModel.WriteModel), nil
}
func (c *Commands) getIAMWriteModel(ctx context.Context) (_ *InstanceWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
writeModel := NewInstanceWriteModel()
err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil {
return nil, err
}
return writeModel, nil
}

11
internal/command/instance_converter.go
View File

@@ -8,6 +8,7 @@ import (
func writeModelToObjectRoot(writeModel eventstore.WriteModel) models.ObjectRoot {
return models.ObjectRoot{
InstanceID: writeModel.InstanceID,
AggregateID: writeModel.AggregateID,
ChangeDate: writeModel.ChangeDate,
ResourceOwner: writeModel.ResourceOwner,
@@ -15,16 +16,6 @@ func writeModelToObjectRoot(writeModel eventstore.WriteModel) models.ObjectRoot
}
}
func writeModelToInstance(wm *InstanceWriteModel) *domain.Instance {
return &domain.Instance{
ObjectRoot: writeModelToObjectRoot(wm.WriteModel),
SetUpStarted: wm.SetUpStarted,
SetUpDone: wm.SetUpDone,
GlobalOrgID: wm.GlobalOrgID,
IAMProjectID: wm.ProjectID,
}
}
func memberWriteModelToMember(writeModel *MemberWriteModel) *domain.Member {
return &domain.Member{
ObjectRoot: writeModelToObjectRoot(writeModel.WriteModel),

5
internal/command/instance_custom_login_text.go
View File

@@ -3,6 +3,7 @@ package command
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"golang.org/x/text/language"
"github.com/caos/zitadel/internal/domain"
@@ -12,7 +13,7 @@ import (
)
func (c *Commands) SetCustomInstanceLoginText(ctx context.Context, loginText *domain.CustomLoginText) (*domain.ObjectDetails, error) {
iamAgg := instance.NewAggregate()
iamAgg := instance.NewAggregate(authz.GetInstance(ctx).InstanceID())
events, existingMailText, err := c.setCustomInstanceLoginText(ctx, &iamAgg.Aggregate, loginText)
if err != nil {
return nil, err
@@ -62,7 +63,7 @@ func (c *Commands) setCustomInstanceLoginText(ctx context.Context, instanceAgg *
}
func (c *Commands) defaultLoginTextWriteModelByID(ctx context.Context, lang language.Tag) (*InstanceCustomLoginTextReadModel, error) {
writeModel := NewInstanceCustomLoginTextReadModel(lang)
writeModel := NewInstanceCustomLoginTextReadModel(ctx, lang)
err := c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil {
return nil, err

10
internal/command/instance_custom_login_text_model.go
View File

@@ -1,9 +1,11 @@
package command
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"golang.org/x/text/language"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/repository/instance"
)
@@ -12,12 +14,12 @@ type InstanceCustomLoginTextReadModel struct {
CustomLoginTextReadModel
}
func NewInstanceCustomLoginTextReadModel(lang language.Tag) *InstanceCustomLoginTextReadModel {
func NewInstanceCustomLoginTextReadModel(ctx context.Context, lang language.Tag) *InstanceCustomLoginTextReadModel {
return &InstanceCustomLoginTextReadModel{
CustomLoginTextReadModel{
WriteModel: eventstore.WriteModel{
AggregateID: domain.IAMID,
ResourceOwner: domain.IAMID,
AggregateID: authz.GetInstance(ctx).InstanceID(),
ResourceOwner: authz.GetInstance(ctx).InstanceID(),
},
Language: lang,
},

6556
internal/command/instance_custom_login_text_test.go
View File

File diff suppressed because it is too large Load Diff

6
internal/command/instance_custom_message_text.go
View File

@@ -10,8 +10,8 @@ import (
"golang.org/x/text/language"
)
func (c *Commands) SetDefaultMessageText(ctx context.Context, messageText *domain.CustomMessageText) (*domain.ObjectDetails, error) {
instanceAgg := instance.NewAggregate()
func (c *Commands) SetDefaultMessageText(ctx context.Context, instanceID string, messageText *domain.CustomMessageText) (*domain.ObjectDetails, error) {
instanceAgg := instance.NewAggregate(instanceID)
events, existingMessageText, err := c.setDefaultMessageText(ctx, &instanceAgg.Aggregate, messageText)
if err != nil {
return nil, err
@@ -114,7 +114,7 @@ func (c *Commands) RemoveInstanceMessageTexts(ctx context.Context, messageTextTy
}
func (c *Commands) defaultCustomMessageTextWriteModelByID(ctx context.Context, messageType string, lang language.Tag) (*InstanceCustomMessageTextWriteModel, error) {
writeModel := NewInstanceCustomMessageTextWriteModel(messageType, lang)
writeModel := NewInstanceCustomMessageTextWriteModel(ctx, messageType, lang)
err := c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil {
return nil, err

10
internal/command/instance_custom_message_text_model.go
View File

@@ -1,9 +1,11 @@
package command
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"golang.org/x/text/language"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/repository/instance"
)
@@ -12,12 +14,12 @@ type InstanceCustomMessageTextWriteModel struct {
CustomMessageTextReadModel
}
func NewInstanceCustomMessageTextWriteModel(messageTextType string, lang language.Tag) *InstanceCustomMessageTextWriteModel {
func NewInstanceCustomMessageTextWriteModel(ctx context.Context, messageTextType string, lang language.Tag) *InstanceCustomMessageTextWriteModel {
return &InstanceCustomMessageTextWriteModel{
CustomMessageTextReadModel{
WriteModel: eventstore.WriteModel{
AggregateID: domain.IAMID,
ResourceOwner: domain.IAMID,
AggregateID: authz.GetInstance(ctx).InstanceID(),
ResourceOwner: authz.GetInstance(ctx).InstanceID(),
},
MessageTextType: messageTextType,
Language: lang,

31
internal/command/instance_custom_message_text_test.go
View File

@@ -19,8 +19,9 @@ func TestCommandSide_SetDefaultMessageText(t *testing.T) {
eventstore *eventstore.Eventstore
}
type args struct {
ctx context.Context
config *domain.CustomMessageText
ctx context.Context
instanceID string
config *domain.CustomMessageText
}
type res struct {
want *domain.ObjectDetails
@@ -40,8 +41,9 @@ func TestCommandSide_SetDefaultMessageText(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
config: &domain.CustomMessageText{},
ctx: context.Background(),
instanceID: "INSTANCE",
config: &domain.CustomMessageText{},
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
@@ -57,7 +59,7 @@ func TestCommandSide_SetDefaultMessageText(t *testing.T) {
[]*repository.Event{
eventFromEventPusher(
instance.NewCustomTextSetEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"Template",
domain.MessageGreeting,
"Greeting",
@@ -66,7 +68,7 @@ func TestCommandSide_SetDefaultMessageText(t *testing.T) {
),
eventFromEventPusher(
instance.NewCustomTextSetEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"Template",
domain.MessageSubject,
"Subject",
@@ -75,7 +77,7 @@ func TestCommandSide_SetDefaultMessageText(t *testing.T) {
),
eventFromEventPusher(
instance.NewCustomTextSetEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"Template",
domain.MessageTitle,
"Title",
@@ -84,7 +86,7 @@ func TestCommandSide_SetDefaultMessageText(t *testing.T) {
),
eventFromEventPusher(
instance.NewCustomTextSetEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"Template",
domain.MessagePreHeader,
"PreHeader",
@@ -93,7 +95,7 @@ func TestCommandSide_SetDefaultMessageText(t *testing.T) {
),
eventFromEventPusher(
instance.NewCustomTextSetEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"Template",
domain.MessageText,
"Text",
@@ -102,7 +104,7 @@ func TestCommandSide_SetDefaultMessageText(t *testing.T) {
),
eventFromEventPusher(
instance.NewCustomTextSetEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"Template",
domain.MessageButtonText,
"ButtonText",
@@ -111,7 +113,7 @@ func TestCommandSide_SetDefaultMessageText(t *testing.T) {
),
eventFromEventPusher(
instance.NewCustomTextSetEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"Template",
domain.MessageFooterText,
"Footer",
@@ -123,7 +125,8 @@ func TestCommandSide_SetDefaultMessageText(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
ctx: context.Background(),
instanceID: "INSTANCE",
config: &domain.CustomMessageText{
MessageTextType: "Template",
Language: language.English,
@@ -138,7 +141,7 @@ func TestCommandSide_SetDefaultMessageText(t *testing.T) {
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "IAM",
ResourceOwner: "INSTANCE",
},
},
},
@@ -148,7 +151,7 @@ func TestCommandSide_SetDefaultMessageText(t *testing.T) {
r := &Commands{
eventstore: tt.fields.eventstore,
}
got, err := r.SetDefaultMessageText(tt.args.ctx, tt.args.config)
got, err := r.SetDefaultMessageText(tt.args.ctx, tt.args.instanceID, tt.args.config)
if tt.res.err == nil {
assert.NoError(t, err)
}

4
internal/command/instance_custom_text.go
View File

@@ -13,7 +13,7 @@ import (
)
func (c *Commands) SetInstanceCustomText(ctx context.Context, customText *domain.CustomText) (*domain.CustomText, error) {
setText := NewInstanceCustomTextWriteModel(customText.Key, customText.Language)
setText := NewInstanceCustomTextWriteModel(ctx, customText.Key, customText.Language)
instanceAgg := InstanceAggregateFromWriteModel(&setText.CustomTextWriteModel.WriteModel)
event, err := c.setDefaultCustomText(ctx, instanceAgg, setText, customText)
if err != nil {
@@ -52,7 +52,7 @@ func (c *Commands) defaultCustomTextWriteModelByID(ctx context.Context, key stri
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
writeModel := NewInstanceCustomTextWriteModel(key, language)
writeModel := NewInstanceCustomTextWriteModel(ctx, key, language)
err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil {
return nil, err

10
internal/command/instance_custom_text_model.go
View File

@@ -1,9 +1,11 @@
package command
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"golang.org/x/text/language"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/repository/instance"
)
@@ -12,12 +14,12 @@ type InstanceCustomTextWriteModel struct {
CustomTextWriteModel
}
func NewInstanceCustomTextWriteModel(key string, language language.Tag) *InstanceCustomTextWriteModel {
func NewInstanceCustomTextWriteModel(ctx context.Context, key string, language language.Tag) *InstanceCustomTextWriteModel {
return &InstanceCustomTextWriteModel{
CustomTextWriteModel{
WriteModel: eventstore.WriteModel{
AggregateID: domain.IAMID,
ResourceOwner: domain.IAMID,
AggregateID: authz.GetInstance(ctx).InstanceID(),
ResourceOwner: authz.GetInstance(ctx).InstanceID(),
},
Key: key,
Language: language,

6
internal/command/instance_debug_notification_file.go
View File

@@ -12,7 +12,7 @@ import (
)
func (c *Commands) AddDebugNotificationProviderFile(ctx context.Context, fileSystemProvider *fs.FSConfig) (*domain.ObjectDetails, error) {
writeModel := NewInstanceDebugNotificationFileWriteModel()
writeModel := NewInstanceDebugNotificationFileWriteModel(ctx)
instanceAgg := InstanceAggregateFromWriteModel(&writeModel.WriteModel)
events, err := c.addDefaultDebugNotificationFile(ctx, instanceAgg, writeModel, fileSystemProvider)
if err != nil {
@@ -47,7 +47,7 @@ func (c *Commands) addDefaultDebugNotificationFile(ctx context.Context, instance
}
func (c *Commands) ChangeDefaultNotificationFile(ctx context.Context, fileSystemProvider *fs.FSConfig) (*domain.ObjectDetails, error) {
writeModel := NewInstanceDebugNotificationFileWriteModel()
writeModel := NewInstanceDebugNotificationFileWriteModel(ctx)
instanceAgg := InstanceAggregateFromWriteModel(&writeModel.WriteModel)
events, err := c.changeDefaultDebugNotificationProviderFile(ctx, instanceAgg, writeModel, fileSystemProvider)
if err != nil {
@@ -87,7 +87,7 @@ func (c *Commands) changeDefaultDebugNotificationProviderFile(ctx context.Contex
}
func (c *Commands) RemoveDefaultNotificationFile(ctx context.Context) (*domain.ObjectDetails, error) {
existingProvider := NewInstanceDebugNotificationFileWriteModel()
existingProvider := NewInstanceDebugNotificationFileWriteModel(ctx)
instanceAgg := InstanceAggregateFromWriteModel(&existingProvider.WriteModel)
err := c.defaultDebugNotificationProviderFileWriteModelByID(ctx, existingProvider)
if err != nil {

8
internal/command/instance_debug_notification_file_model.go
View File

@@ -3,10 +3,10 @@ package command
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/repository/settings"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/repository/instance"
)
@@ -14,12 +14,12 @@ type InstanceDebugNotificationFileWriteModel struct {
DebugNotificationWriteModel
}
func NewInstanceDebugNotificationFileWriteModel() *InstanceDebugNotificationFileWriteModel {
func NewInstanceDebugNotificationFileWriteModel(ctx context.Context) *InstanceDebugNotificationFileWriteModel {
return &InstanceDebugNotificationFileWriteModel{
DebugNotificationWriteModel{
WriteModel: eventstore.WriteModel{
AggregateID: domain.IAMID,
ResourceOwner: domain.IAMID,
AggregateID: authz.GetInstance(ctx).InstanceID(),
ResourceOwner: authz.GetInstance(ctx).InstanceID(),
},
},
}

44
internal/command/instance_debug_notification_file_test.go
View File

@@ -4,6 +4,7 @@ import (
"context"
"testing"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/domain"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
@@ -41,7 +42,7 @@ func TestCommandSide_AddDefaultDebugNotificationProviderFile(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewDebugNotificationProviderFileAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
true,
),
),
@@ -67,9 +68,10 @@ func TestCommandSide_AddDefaultDebugNotificationProviderFile(t *testing.T) {
expectFilter(),
expectPush(
[]*repository.Event{
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewDebugNotificationProviderFileAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
true,
),
),
@@ -78,14 +80,14 @@ func TestCommandSide_AddDefaultDebugNotificationProviderFile(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
provider: &fs.FSConfig{
Compact: true,
},
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: domain.IAMID,
ResourceOwner: "INSTANCE",
},
},
},
@@ -154,7 +156,7 @@ func TestCommandSide_ChangeDebugNotificationProviderFile(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewDebugNotificationProviderFileAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
true,
),
),
@@ -180,7 +182,7 @@ func TestCommandSide_ChangeDebugNotificationProviderFile(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewDebugNotificationProviderFileAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
true,
),
),
@@ -204,16 +206,18 @@ func TestCommandSide_ChangeDebugNotificationProviderFile(t *testing.T) {
eventstore: eventstoreExpect(
t,
expectFilter(
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewDebugNotificationProviderFileAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
true,
),
),
),
expectPush(
[]*repository.Event{
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
newDefaultDebugNotificationFileChangedEvent(context.Background(),
false),
),
@@ -222,7 +226,7 @@ func TestCommandSide_ChangeDebugNotificationProviderFile(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
provider: &fs.FSConfig{
Compact: false,
Enabled: false,
@@ -230,7 +234,7 @@ func TestCommandSide_ChangeDebugNotificationProviderFile(t *testing.T) {
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "IAM",
ResourceOwner: "INSTANCE",
},
},
},
@@ -292,29 +296,31 @@ func TestCommandSide_RemoveDebugNotificationProviderFile(t *testing.T) {
eventstore: eventstoreExpect(
t,
expectFilter(
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewDebugNotificationProviderFileAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
true,
),
),
),
expectPush(
[]*repository.Event{
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewDebugNotificationProviderFileRemovedEvent(context.Background(),
&instance.NewAggregate().Aggregate),
&instance.NewAggregate("INSTANCE").Aggregate),
),
},
),
),
},
args: args{
ctx: context.Background(),
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "IAM",
ResourceOwner: "INSTANCE",
},
},
},
@@ -339,7 +345,7 @@ func TestCommandSide_RemoveDebugNotificationProviderFile(t *testing.T) {
}
func newDefaultDebugNotificationFileChangedEvent(ctx context.Context, compact bool) *instance.DebugNotificationProviderFileChangedEvent {
event, _ := instance.NewDebugNotificationProviderFileChangedEvent(ctx,
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
[]settings.DebugNotificationProviderChanges{
settings.ChangeCompact(compact),
},

6
internal/command/instance_debug_notification_log.go
View File

@@ -12,7 +12,7 @@ import (
)
func (c *Commands) AddDebugNotificationProviderLog(ctx context.Context, fileSystemProvider *fs.FSConfig) (*domain.ObjectDetails, error) {
writeModel := NewInstanceDebugNotificationLogWriteModel()
writeModel := NewInstanceDebugNotificationLogWriteModel(ctx)
instanceAgg := InstanceAggregateFromWriteModel(&writeModel.WriteModel)
events, err := c.addDefaultDebugNotificationLog(ctx, instanceAgg, writeModel, fileSystemProvider)
if err != nil {
@@ -47,7 +47,7 @@ func (c *Commands) addDefaultDebugNotificationLog(ctx context.Context, instanceA
}
func (c *Commands) ChangeDefaultNotificationLog(ctx context.Context, fileSystemProvider *fs.FSConfig) (*domain.ObjectDetails, error) {
writeModel := NewInstanceDebugNotificationLogWriteModel()
writeModel := NewInstanceDebugNotificationLogWriteModel(ctx)
instanceAgg := InstanceAggregateFromWriteModel(&writeModel.WriteModel)
event, err := c.changeDefaultDebugNotificationProviderLog(ctx, instanceAgg, writeModel, fileSystemProvider)
if err != nil {
@@ -82,7 +82,7 @@ func (c *Commands) changeDefaultDebugNotificationProviderLog(ctx context.Context
}
func (c *Commands) RemoveDefaultNotificationLog(ctx context.Context) (*domain.ObjectDetails, error) {
existingProvider := NewInstanceDebugNotificationLogWriteModel()
existingProvider := NewInstanceDebugNotificationLogWriteModel(ctx)
instanceAgg := InstanceAggregateFromWriteModel(&existingProvider.WriteModel)
err := c.defaultDebugNotificationProviderLogWriteModelByID(ctx, existingProvider)
if err != nil {

8
internal/command/instance_debug_notification_log_model.go
View File

@@ -3,10 +3,10 @@ package command
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/repository/settings"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/repository/instance"
)
@@ -14,12 +14,12 @@ type InstanceDebugNotificationLogWriteModel struct {
DebugNotificationWriteModel
}
func NewInstanceDebugNotificationLogWriteModel() *InstanceDebugNotificationLogWriteModel {
func NewInstanceDebugNotificationLogWriteModel(ctx context.Context) *InstanceDebugNotificationLogWriteModel {
return &InstanceDebugNotificationLogWriteModel{
DebugNotificationWriteModel{
WriteModel: eventstore.WriteModel{
AggregateID: domain.IAMID,
ResourceOwner: domain.IAMID,
AggregateID: authz.GetInstance(ctx).InstanceID(),
ResourceOwner: authz.GetInstance(ctx).InstanceID(),
},
},
}

65
internal/command/instance_debug_notification_log_test.go
View File

@@ -4,6 +4,7 @@ import (
"context"
"testing"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/domain"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
@@ -39,9 +40,10 @@ func TestCommandSide_AddDefaultDebugNotificationProviderLog(t *testing.T) {
eventstore: eventstoreExpect(
t,
expectFilter(
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewDebugNotificationProviderLogAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
true,
),
),
@@ -49,7 +51,7 @@ func TestCommandSide_AddDefaultDebugNotificationProviderLog(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
provider: &fs.FSConfig{
Compact: true,
Enabled: true,
@@ -67,9 +69,10 @@ func TestCommandSide_AddDefaultDebugNotificationProviderLog(t *testing.T) {
expectFilter(),
expectPush(
[]*repository.Event{
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewDebugNotificationProviderLogAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
true,
),
),
@@ -78,14 +81,14 @@ func TestCommandSide_AddDefaultDebugNotificationProviderLog(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
provider: &fs.FSConfig{
Compact: true,
},
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: domain.IAMID,
ResourceOwner: "INSTANCE",
},
},
},
@@ -97,9 +100,10 @@ func TestCommandSide_AddDefaultDebugNotificationProviderLog(t *testing.T) {
expectFilter(),
expectPush(
[]*repository.Event{
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewDebugNotificationProviderLogAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
true,
),
),
@@ -108,7 +112,7 @@ func TestCommandSide_AddDefaultDebugNotificationProviderLog(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
provider: &fs.FSConfig{
Compact: true,
Enabled: true,
@@ -116,7 +120,7 @@ func TestCommandSide_AddDefaultDebugNotificationProviderLog(t *testing.T) {
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: domain.IAMID,
ResourceOwner: "INSTANCE",
},
},
},
@@ -185,7 +189,7 @@ func TestCommandSide_ChangeDebugNotificationProviderLog(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewDebugNotificationProviderLogAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
true,
),
),
@@ -209,16 +213,18 @@ func TestCommandSide_ChangeDebugNotificationProviderLog(t *testing.T) {
eventstore: eventstoreExpect(
t,
expectFilter(
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewDebugNotificationProviderLogAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
true,
),
),
),
expectPush(
[]*repository.Event{
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
newDefaultDebugNotificationLogChangedEvent(context.Background(),
false),
),
@@ -227,7 +233,7 @@ func TestCommandSide_ChangeDebugNotificationProviderLog(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
provider: &fs.FSConfig{
Compact: false,
Enabled: false,
@@ -235,7 +241,7 @@ func TestCommandSide_ChangeDebugNotificationProviderLog(t *testing.T) {
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "IAM",
ResourceOwner: "INSTANCE",
},
},
},
@@ -247,14 +253,15 @@ func TestCommandSide_ChangeDebugNotificationProviderLog(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewDebugNotificationProviderLogAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
true,
),
),
),
expectPush(
[]*repository.Event{
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
newDefaultDebugNotificationLogChangedEvent(context.Background(),
false),
),
@@ -263,7 +270,7 @@ func TestCommandSide_ChangeDebugNotificationProviderLog(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
provider: &fs.FSConfig{
Compact: false,
Enabled: true,
@@ -271,7 +278,7 @@ func TestCommandSide_ChangeDebugNotificationProviderLog(t *testing.T) {
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "IAM",
ResourceOwner: "INSTANCE",
},
},
},
@@ -333,29 +340,31 @@ func TestCommandSide_RemoveDebugNotificationProviderLog(t *testing.T) {
eventstore: eventstoreExpect(
t,
expectFilter(
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewDebugNotificationProviderLogAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
true,
),
),
),
expectPush(
[]*repository.Event{
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewDebugNotificationProviderLogRemovedEvent(context.Background(),
&instance.NewAggregate().Aggregate),
&instance.NewAggregate("INSTANCE").Aggregate),
),
},
),
),
},
args: args{
ctx: context.Background(),
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "IAM",
ResourceOwner: "INSTANCE",
},
},
},
@@ -380,7 +389,7 @@ func TestCommandSide_RemoveDebugNotificationProviderLog(t *testing.T) {
}
func newDefaultDebugNotificationLogChangedEvent(ctx context.Context, compact bool) *instance.DebugNotificationProviderLogChangedEvent {
event, _ := instance.NewDebugNotificationProviderLogChangedEvent(ctx,
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
[]settings.DebugNotificationProviderChanges{
settings.ChangeCompact(compact),
},

98
internal/command/instance_domain.go Normal file
View File

@@ -0,0 +1,98 @@
package command
import (
"context"
"strings"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/command/v2/preparation"
"github.com/caos/zitadel/internal/repository/instance"
"github.com/caos/zitadel/internal/domain"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
)
func (c *Commands) AddInstanceDomain(ctx context.Context, instanceDomain string) (*domain.ObjectDetails, error) {
instanceAgg := instance.NewAggregate(authz.GetInstance(ctx).InstanceID())
validation := c.addInstanceDomain(instanceAgg, instanceDomain, false)
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, validation)
if err != nil {
return nil, err
}
events, err := c.eventstore.Push(ctx, cmds...)
if err != nil {
return nil, err
}
return &domain.ObjectDetails{
Sequence: events[len(events)-1].Sequence(),
EventDate: events[len(events)-1].CreationDate(),
ResourceOwner: events[len(events)-1].Aggregate().InstanceID,
}, nil
}
func (c *Commands) RemoveInstanceDomain(ctx context.Context, instanceDomain string) (*domain.ObjectDetails, error) {
instanceAgg := instance.NewAggregate(authz.GetInstance(ctx).InstanceID())
validation := c.removeInstanceDomain(instanceAgg, instanceDomain)
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, validation)
if err != nil {
return nil, err
}
events, err := c.eventstore.Push(ctx, cmds...)
if err != nil {
return nil, err
}
return &domain.ObjectDetails{
Sequence: events[len(events)-1].Sequence(),
EventDate: events[len(events)-1].CreationDate(),
ResourceOwner: events[len(events)-1].Aggregate().InstanceID,
}, nil
}
func (c *Commands) addInstanceDomain(a *instance.Aggregate, instanceDomain string, generated bool) preparation.Validation {
return func() (preparation.CreateCommands, error) {
if instanceDomain = strings.TrimSpace(instanceDomain); instanceDomain == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "INST-28nlD", "Errors.Invalid.Argument")
}
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
domainWriteModel, err := c.getInstanceDomainWriteModel(ctx, instanceDomain)
if err != nil {
return nil, err
}
if domainWriteModel.State == domain.InstanceDomainStateActive {
return nil, caos_errs.ThrowAlreadyExists(nil, "INST-i2nl", "Errors.Instance.Domain.AlreadyExists")
}
return []eventstore.Command{instance.NewDomainAddedEvent(ctx, &a.Aggregate, instanceDomain, generated)}, nil
}, nil
}
}
func (c *Commands) removeInstanceDomain(a *instance.Aggregate, instanceDomain string) preparation.Validation {
return func() (preparation.CreateCommands, error) {
if instanceDomain = strings.TrimSpace(instanceDomain); instanceDomain == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "INST-39nls", "Errors.Invalid.Argument")
}
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
domainWriteModel, err := c.getInstanceDomainWriteModel(ctx, instanceDomain)
if err != nil {
return nil, err
}
if domainWriteModel.State != domain.InstanceDomainStateActive {
return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-8ls9f", "Errors.Instance.Domain.NotFound")
}
if domainWriteModel.Generated {
return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-9hn3n", "Errors.Instance.Domain.GeneratedNotRemovable")
}
return []eventstore.Command{instance.NewDomainRemovedEvent(ctx, &a.Aggregate, instanceDomain)}, nil
}, nil
}
}
func (c *Commands) getInstanceDomainWriteModel(ctx context.Context, domain string) (*InstanceDomainWriteModel, error) {
domainWriteModel := NewInstanceDomainWriteModel(ctx, domain)
err := c.eventstore.FilterToQueryReducer(ctx, domainWriteModel)
if err != nil {
return nil, err
}
return domainWriteModel, nil
}

71
internal/command/instance_domain_model.go Normal file
View File

@@ -0,0 +1,71 @@
package command
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/repository/instance"
)
type InstanceDomainWriteModel struct {
eventstore.WriteModel
Domain string
Generated bool
State domain.InstanceDomainState
}
func NewInstanceDomainWriteModel(ctx context.Context, instanceDomain string) *InstanceDomainWriteModel {
return &InstanceDomainWriteModel{
WriteModel: eventstore.WriteModel{
AggregateID: authz.GetInstance(ctx).InstanceID(),
ResourceOwner: authz.GetInstance(ctx).InstanceID(),
},
Domain: instanceDomain,
}
}
func (wm *InstanceDomainWriteModel) AppendEvents(events ...eventstore.Event) {
for _, event := range events {
switch e := event.(type) {
case *instance.DomainAddedEvent:
if e.Domain != wm.Domain {
continue
}
wm.WriteModel.AppendEvents(e)
case *instance.DomainRemovedEvent:
if e.Domain != wm.Domain {
continue
}
wm.WriteModel.AppendEvents(e)
}
}
}
func (wm *InstanceDomainWriteModel) Reduce() error {
for _, event := range wm.Events {
switch e := event.(type) {
case *instance.DomainAddedEvent:
wm.Domain = e.Domain
wm.Generated = e.Generated
wm.State = domain.InstanceDomainStateActive
case *instance.DomainRemovedEvent:
wm.State = domain.InstanceDomainStateRemoved
}
}
return nil
}
func (wm *InstanceDomainWriteModel) Query() *eventstore.SearchQueryBuilder {
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
ResourceOwner(wm.ResourceOwner).
AddQuery().
AggregateTypes(instance.AggregateType).
AggregateIDs(wm.AggregateID).
EventTypes(
instance.InstanceDomainAddedEventType,
instance.InstanceDomainRemovedEventType).
Builder()
}

253
internal/command/instance_domain_test.go Normal file
View File

@@ -0,0 +1,253 @@
package command
import (
"context"
"testing"
"github.com/caos/zitadel/internal/api/authz"
"github.com/stretchr/testify/assert"
"github.com/caos/zitadel/internal/domain"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/repository"
"github.com/caos/zitadel/internal/repository/instance"
)
func TestCommandSide_AddInstanceDomain(t *testing.T) {
type fields struct {
eventstore *eventstore.Eventstore
}
type args struct {
ctx context.Context
domain string
}
type res struct {
want *domain.ObjectDetails
err func(error) bool
}
tests := []struct {
name string
fields fields
args args
res res
}{
{
name: "invalid domain, error",
fields: fields{
eventstore: eventstoreExpect(
t,
),
},
args: args{
ctx: context.Background(),
domain: "",
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
},
},
{
name: "domain already exists, precondition error",
fields: fields{
eventstore: eventstoreExpect(
t,
expectFilter(
eventFromEventPusher(
instance.NewDomainAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
"domain.ch",
false,
),
),
),
),
},
args: args{
ctx: context.Background(),
domain: "domain.ch",
},
res: res{
err: caos_errs.IsErrorAlreadyExists,
},
},
{
name: "domain add, ok",
fields: fields{
eventstore: eventstoreExpect(
t,
expectFilter(),
expectPush(
[]*repository.Event{
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewDomainAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
"domain.ch",
false,
)),
},
uniqueConstraintsFromEventConstraintWithInstanceID("INSTANCE", instance.NewAddInstanceDomainUniqueConstraint("domain.ch")),
),
),
},
args: args{
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
domain: "domain.ch",
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "INSTANCE",
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
r := &Commands{
eventstore: tt.fields.eventstore,
}
got, err := r.AddInstanceDomain(tt.args.ctx, tt.args.domain)
if tt.res.err == nil {
assert.NoError(t, err)
}
if tt.res.err != nil && !tt.res.err(err) {
t.Errorf("got wrong err: %v ", err)
}
if tt.res.err == nil {
assert.Equal(t, tt.res.want, got)
}
})
}
}
func TestCommandSide_RemoveInstanceDomain(t *testing.T) {
type fields struct {
eventstore *eventstore.Eventstore
}
type args struct {
ctx context.Context
domain string
}
type res struct {
want *domain.ObjectDetails
err func(error) bool
}
tests := []struct {
name string
fields fields
args args
res res
}{
{
name: "invalid domain, error",
fields: fields{
eventstore: eventstoreExpect(
t,
),
},
args: args{
ctx: context.Background(),
domain: "",
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
},
},
{
name: "domain not exists, precondition error",
fields: fields{
eventstore: eventstoreExpect(
t,
expectFilter(),
),
},
args: args{
ctx: context.Background(),
domain: "domain.ch",
},
res: res{
err: caos_errs.IsNotFound,
},
},
{
name: "remove domain, ok",
fields: fields{
eventstore: eventstoreExpect(
t,
expectFilter(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewDomainAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
"domain.ch",
false,
),
),
),
expectPush(
[]*repository.Event{
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewDomainRemovedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
"domain.ch",
)),
},
uniqueConstraintsFromEventConstraintWithInstanceID("INSTANCE", instance.NewRemoveInstanceDomainUniqueConstraint("domain.ch")),
),
),
},
args: args{
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
domain: "domain.ch",
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "INSTANCE",
},
},
},
{
name: "remove generated domain, precondition failed",
fields: fields{
eventstore: eventstoreExpect(
t,
expectFilter(
eventFromEventPusher(
instance.NewDomainAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
"domain.ch",
true,
),
),
),
),
},
args: args{
ctx: context.Background(),
domain: "domain.ch",
},
res: res{
err: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
r := &Commands{
eventstore: tt.fields.eventstore,
}
got, err := r.RemoveInstanceDomain(tt.args.ctx, tt.args.domain)
if tt.res.err == nil {
assert.NoError(t, err)
}
if tt.res.err != nil && !tt.res.err(err) {
t.Errorf("got wrong err: %v ", err)
}
if tt.res.err == nil {
assert.Equal(t, tt.res.want, got)
}
})
}
}

4
internal/command/instance_features.go
View File

@@ -10,7 +10,7 @@ import (
)
func (c *Commands) SetDefaultFeatures(ctx context.Context, features *domain.Features) (*domain.ObjectDetails, error) {
existingFeatures := NewInstanceFeaturesWriteModel()
existingFeatures := NewInstanceFeaturesWriteModel(ctx)
setEvent, err := c.setDefaultFeatures(ctx, existingFeatures, features)
if err != nil {
return nil, err
@@ -65,7 +65,7 @@ func (c *Commands) setDefaultFeatures(ctx context.Context, existingFeatures *Ins
}
func (c *Commands) getDefaultFeatures(ctx context.Context) (*domain.Features, error) {
existingFeatures := NewInstanceFeaturesWriteModel()
existingFeatures := NewInstanceFeaturesWriteModel(ctx)
err := c.eventstore.FilterToQueryReducer(ctx, existingFeatures)
if err != nil {
return nil, err

7
internal/command/instance_features_model.go
View File

@@ -4,6 +4,7 @@ import (
"context"
"time"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/repository/features"
@@ -14,12 +15,12 @@ type InstanceFeaturesWriteModel struct {
FeaturesWriteModel
}
func NewInstanceFeaturesWriteModel() *InstanceFeaturesWriteModel {
func NewInstanceFeaturesWriteModel(ctx context.Context) *InstanceFeaturesWriteModel {
return &InstanceFeaturesWriteModel{
FeaturesWriteModel{
WriteModel: eventstore.WriteModel{
AggregateID: domain.IAMID,
ResourceOwner: domain.IAMID,
AggregateID: authz.GetInstance(ctx).InstanceID(),
ResourceOwner: authz.GetInstance(ctx).InstanceID(),
},
},
}

7
internal/command/instance_idp_config.go
View File

@@ -3,6 +3,7 @@ package command
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/domain"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
@@ -21,7 +22,7 @@ func (c *Commands) AddDefaultIDPConfig(ctx context.Context, config *domain.IDPCo
if err != nil {
return nil, err
}
addedConfig := NewInstanceIDPConfigWriteModel(idpConfigID)
addedConfig := NewInstanceIDPConfigWriteModel(ctx, idpConfigID)
instanceAgg := InstanceAggregateFromWriteModel(&addedConfig.WriteModel)
events := []eventstore.Command{
@@ -159,7 +160,7 @@ func (c *Commands) RemoveDefaultIDPConfig(ctx context.Context, idpID string, idp
}
for _, idpProvider := range idpProviders {
if idpProvider.AggregateID == domain.IAMID {
if idpProvider.AggregateID == authz.GetInstance(ctx).InstanceID() {
userEvents := c.removeIDPProviderFromDefaultLoginPolicy(ctx, instanceAgg, idpProvider, true, externalIDPs...)
events = append(events, userEvents...)
}
@@ -194,7 +195,7 @@ func (c *Commands) isntanceIDPConfigWriteModelByID(ctx context.Context, idpID st
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
writeModel := NewInstanceIDPConfigWriteModel(idpID)
writeModel := NewInstanceIDPConfigWriteModel(ctx, idpID)
err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil {
return nil, err

7
internal/command/instance_idp_config_model.go
View File

@@ -3,6 +3,7 @@ package command
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/domain"
@@ -14,12 +15,12 @@ type InstanceIDPConfigWriteModel struct {
IDPConfigWriteModel
}
func NewInstanceIDPConfigWriteModel(configID string) *InstanceIDPConfigWriteModel {
func NewInstanceIDPConfigWriteModel(ctx context.Context, configID string) *InstanceIDPConfigWriteModel {
return &InstanceIDPConfigWriteModel{
IDPConfigWriteModel{
WriteModel: eventstore.WriteModel{
AggregateID: domain.IAMID,
ResourceOwner: domain.IAMID,
AggregateID: authz.GetInstance(ctx).InstanceID(),
ResourceOwner: authz.GetInstance(ctx).InstanceID(),
},
ConfigID: configID,
},

53
internal/command/instance_idp_config_test.go
View File

@@ -4,6 +4,7 @@ import (
"context"
"testing"
"github.com/caos/zitadel/internal/api/authz"
"github.com/golang/mock/gomock"
"github.com/stretchr/testify/assert"
@@ -61,9 +62,10 @@ func TestCommandSide_AddDefaultIDPConfig(t *testing.T) {
t,
expectPush(
[]*repository.Event{
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewIDPConfigAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"config1",
"name1",
domain.IDPConfigTypeOIDC,
@@ -71,9 +73,10 @@ func TestCommandSide_AddDefaultIDPConfig(t *testing.T) {
true,
),
),
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewIDPOIDCConfigAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"clientid1",
"config1",
"issuer",
@@ -91,14 +94,14 @@ func TestCommandSide_AddDefaultIDPConfig(t *testing.T) {
),
),
},
uniqueConstraintsFromEventConstraint(idpconfig.NewAddIDPConfigNameUniqueConstraint("name1", "IAM")),
uniqueConstraintsFromEventConstraintWithInstanceID("INSTANCE", idpconfig.NewAddIDPConfigNameUniqueConstraint("name1", "INSTANCE")),
),
),
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "config1"),
secretCrypto: crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
},
args: args{
ctx: context.Background(),
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
config: &domain.IDPConfig{
Name: "name1",
StylingType: domain.IDPConfigStylingTypeGoogle,
@@ -118,8 +121,9 @@ func TestCommandSide_AddDefaultIDPConfig(t *testing.T) {
res: res{
want: &domain.IDPConfig{
ObjectRoot: models.ObjectRoot{
AggregateID: "IAM",
ResourceOwner: "IAM",
InstanceID: "INSTANCE",
AggregateID: "INSTANCE",
ResourceOwner: "INSTANCE",
},
IDPConfigID: "config1",
Name: "name1",
@@ -136,9 +140,10 @@ func TestCommandSide_AddDefaultIDPConfig(t *testing.T) {
t,
expectPush(
[]*repository.Event{
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewIDPConfigAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"config1",
"name1",
domain.IDPConfigTypeOIDC,
@@ -146,9 +151,10 @@ func TestCommandSide_AddDefaultIDPConfig(t *testing.T) {
false,
),
),
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewIDPJWTConfigAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"config1",
"jwt-endpoint",
"issuer",
@@ -157,13 +163,13 @@ func TestCommandSide_AddDefaultIDPConfig(t *testing.T) {
),
),
},
uniqueConstraintsFromEventConstraint(idpconfig.NewAddIDPConfigNameUniqueConstraint("name1", "IAM")),
uniqueConstraintsFromEventConstraintWithInstanceID("INSTANCE", idpconfig.NewAddIDPConfigNameUniqueConstraint("name1", "INSTANCE")),
),
),
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "config1"),
},
args: args{
ctx: context.Background(),
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
config: &domain.IDPConfig{
Name: "name1",
StylingType: domain.IDPConfigStylingTypeGoogle,
@@ -178,8 +184,9 @@ func TestCommandSide_AddDefaultIDPConfig(t *testing.T) {
res: res{
want: &domain.IDPConfig{
ObjectRoot: models.ObjectRoot{
AggregateID: "IAM",
ResourceOwner: "IAM",
InstanceID: "INSTANCE",
AggregateID: "INSTANCE",
ResourceOwner: "INSTANCE",
},
IDPConfigID: "config1",
Name: "name1",
@@ -269,7 +276,7 @@ func TestCommandSide_ChangeDefaultIDPConfig(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewIDPConfigAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"config1",
"name1",
domain.IDPConfigTypeOIDC,
@@ -279,7 +286,7 @@ func TestCommandSide_ChangeDefaultIDPConfig(t *testing.T) {
),
eventFromEventPusher(
instance.NewIDPOIDCConfigAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"clientid1",
"config1",
"issuer",
@@ -303,8 +310,8 @@ func TestCommandSide_ChangeDefaultIDPConfig(t *testing.T) {
newDefaultIDPConfigChangedEvent(context.Background(), "config1", "name1", "name2", domain.IDPConfigStylingTypeUnspecified, false),
),
},
uniqueConstraintsFromEventConstraint(idpconfig.NewRemoveIDPConfigNameUniqueConstraint("name1", "IAM")),
uniqueConstraintsFromEventConstraint(idpconfig.NewAddIDPConfigNameUniqueConstraint("name2", "IAM")),
uniqueConstraintsFromEventConstraint(idpconfig.NewRemoveIDPConfigNameUniqueConstraint("name1", "INSTANCE")),
uniqueConstraintsFromEventConstraint(idpconfig.NewAddIDPConfigNameUniqueConstraint("name2", "INSTANCE")),
),
),
},
@@ -320,8 +327,8 @@ func TestCommandSide_ChangeDefaultIDPConfig(t *testing.T) {
res: res{
want: &domain.IDPConfig{
ObjectRoot: models.ObjectRoot{
AggregateID: "IAM",
ResourceOwner: "IAM",
AggregateID: "INSTANCE",
ResourceOwner: "INSTANCE",
},
IDPConfigID: "config1",
Name: "name2",
@@ -353,7 +360,7 @@ func TestCommandSide_ChangeDefaultIDPConfig(t *testing.T) {
func newDefaultIDPConfigChangedEvent(ctx context.Context, configID, oldName, newName string, stylingType domain.IDPConfigStylingType, autoRegister bool) *instance.IDPConfigChangedEvent {
event, _ := instance.NewIDPConfigChangedEvent(ctx,
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
configID,
oldName,
[]idpconfig.IDPConfigChanges{

2
internal/command/instance_idp_jwt_config.go
View File

@@ -11,7 +11,7 @@ func (c *Commands) ChangeDefaultIDPJWTConfig(ctx context.Context, config *domain
if config.IDPConfigID == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-m9322", "Errors.IDMissing")
}
existingConfig := NewInstanceIDPJWTConfigWriteModel(config.IDPConfigID)
existingConfig := NewInstanceIDPJWTConfigWriteModel(ctx, config.IDPConfigID)
err := c.eventstore.FilterToQueryReducer(ctx, existingConfig)
if err != nil {
return nil, err

8
internal/command/instance_idp_jwt_config_model.go
View File

@@ -3,9 +3,9 @@ package command
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/repository/idpconfig"
"github.com/caos/zitadel/internal/repository/instance"
)
@@ -14,12 +14,12 @@ type InstanceIDPJWTConfigWriteModel struct {
JWTConfigWriteModel
}
func NewInstanceIDPJWTConfigWriteModel(idpConfigID string) *InstanceIDPJWTConfigWriteModel {
func NewInstanceIDPJWTConfigWriteModel(ctx context.Context, idpConfigID string) *InstanceIDPJWTConfigWriteModel {
return &InstanceIDPJWTConfigWriteModel{
JWTConfigWriteModel{
WriteModel: eventstore.WriteModel{
AggregateID: domain.IAMID,
ResourceOwner: domain.IAMID,
AggregateID: authz.GetInstance(ctx).InstanceID(),
ResourceOwner: authz.GetInstance(ctx).InstanceID(),
},
IDPConfigID: idpConfigID,
},

42
internal/command/instance_idp_jwt_config_test.go
View File

@@ -24,8 +24,9 @@ func TestCommandSide_ChangeDefaultIDPJWTConfig(t *testing.T) {
}
type (
args struct {
ctx context.Context
config *domain.JWTIDPConfig
ctx context.Context
instanceID string
config *domain.JWTIDPConfig
}
)
type res struct {
@@ -46,8 +47,9 @@ func TestCommandSide_ChangeDefaultIDPJWTConfig(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
config: &domain.JWTIDPConfig{},
ctx: context.Background(),
instanceID: "INSTANCE",
config: &domain.JWTIDPConfig{},
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
@@ -62,7 +64,8 @@ func TestCommandSide_ChangeDefaultIDPJWTConfig(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
ctx: context.Background(),
instanceID: "INSTANCE",
config: &domain.JWTIDPConfig{
IDPConfigID: "config1",
},
@@ -79,7 +82,7 @@ func TestCommandSide_ChangeDefaultIDPJWTConfig(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewIDPConfigAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"config1",
"name1",
domain.IDPConfigTypeJWT,
@@ -89,7 +92,7 @@ func TestCommandSide_ChangeDefaultIDPJWTConfig(t *testing.T) {
),
eventFromEventPusher(
instance.NewIDPJWTConfigAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"config1",
"jwt-endpoint",
"issuer",
@@ -99,7 +102,7 @@ func TestCommandSide_ChangeDefaultIDPJWTConfig(t *testing.T) {
),
eventFromEventPusher(
instance.NewIDPConfigRemovedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"config1",
"name",
),
@@ -108,7 +111,8 @@ func TestCommandSide_ChangeDefaultIDPJWTConfig(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
ctx: context.Background(),
instanceID: "INSTANCE",
config: &domain.JWTIDPConfig{
IDPConfigID: "config1",
},
@@ -125,7 +129,7 @@ func TestCommandSide_ChangeDefaultIDPJWTConfig(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewIDPConfigAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"config1",
"name1",
domain.IDPConfigTypeJWT,
@@ -135,7 +139,7 @@ func TestCommandSide_ChangeDefaultIDPJWTConfig(t *testing.T) {
),
eventFromEventPusher(
instance.NewIDPJWTConfigAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"config1",
"jwt-endpoint",
"issuer",
@@ -148,7 +152,8 @@ func TestCommandSide_ChangeDefaultIDPJWTConfig(t *testing.T) {
secretCrypto: crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
},
args: args{
ctx: context.Background(),
ctx: context.Background(),
instanceID: "INSTANCE",
config: &domain.JWTIDPConfig{
IDPConfigID: "config1",
JWTEndpoint: "jwt-endpoint",
@@ -169,7 +174,7 @@ func TestCommandSide_ChangeDefaultIDPJWTConfig(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewIDPConfigAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"config1",
"name1",
domain.IDPConfigTypeJWT,
@@ -179,7 +184,7 @@ func TestCommandSide_ChangeDefaultIDPJWTConfig(t *testing.T) {
),
eventFromEventPusher(
instance.NewIDPJWTConfigAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"config1",
"jwt-endpoint",
"issuer",
@@ -205,7 +210,8 @@ func TestCommandSide_ChangeDefaultIDPJWTConfig(t *testing.T) {
secretCrypto: crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
},
args: args{
ctx: context.Background(),
ctx: context.Background(),
instanceID: "INSTANCE",
config: &domain.JWTIDPConfig{
IDPConfigID: "config1",
JWTEndpoint: "jwt-endpoint-changed",
@@ -217,8 +223,8 @@ func TestCommandSide_ChangeDefaultIDPJWTConfig(t *testing.T) {
res: res{
want: &domain.JWTIDPConfig{
ObjectRoot: models.ObjectRoot{
AggregateID: "IAM",
ResourceOwner: "IAM",
AggregateID: "INSTANCE",
ResourceOwner: "INSTANCE",
},
IDPConfigID: "config1",
JWTEndpoint: "jwt-endpoint-changed",
@@ -251,7 +257,7 @@ func TestCommandSide_ChangeDefaultIDPJWTConfig(t *testing.T) {
func newDefaultIDPJWTConfigChangedEvent(ctx context.Context, configID, jwtEndpoint, issuer, keysEndpoint, headerName string) *instance.IDPJWTConfigChangedEvent {
event, _ := instance.NewIDPJWTConfigChangedEvent(ctx,
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
configID,
[]idpconfig.JWTConfigChanges{
idpconfig.ChangeJWTEndpoint(jwtEndpoint),

2
internal/command/instance_idp_oidc_config.go
View File

@@ -11,7 +11,7 @@ func (c *Commands) ChangeDefaultIDPOIDCConfig(ctx context.Context, config *domai
if config.IDPConfigID == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-9djf8", "Errors.IDMissing")
}
existingConfig := NewInstanceIDPOIDCConfigWriteModel(config.IDPConfigID)
existingConfig := NewInstanceIDPOIDCConfigWriteModel(ctx, config.IDPConfigID)
err := c.eventstore.FilterToQueryReducer(ctx, existingConfig)
if err != nil {
return nil, err

7
internal/command/instance_idp_oidc_config_model.go
View File

@@ -4,6 +4,7 @@ import (
"context"
"reflect"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/crypto"
@@ -16,12 +17,12 @@ type InstanceIDPOIDCConfigWriteModel struct {
OIDCConfigWriteModel
}
func NewInstanceIDPOIDCConfigWriteModel(idpConfigID string) *InstanceIDPOIDCConfigWriteModel {
func NewInstanceIDPOIDCConfigWriteModel(ctx context.Context, idpConfigID string) *InstanceIDPOIDCConfigWriteModel {
return &InstanceIDPOIDCConfigWriteModel{
OIDCConfigWriteModel{
WriteModel: eventstore.WriteModel{
AggregateID: domain.IAMID,
ResourceOwner: domain.IAMID,
AggregateID: authz.GetInstance(ctx).InstanceID(),
ResourceOwner: authz.GetInstance(ctx).InstanceID(),
},
IDPConfigID: idpConfigID,
},

42
internal/command/instance_idp_oidc_config_test.go
View File

@@ -24,8 +24,9 @@ func TestCommandSide_ChangeDefaultIDPOIDCConfig(t *testing.T) {
}
type (
args struct {
ctx context.Context
config *domain.OIDCIDPConfig
ctx context.Context
instanceID string
config *domain.OIDCIDPConfig
}
)
type res struct {
@@ -46,8 +47,9 @@ func TestCommandSide_ChangeDefaultIDPOIDCConfig(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
config: &domain.OIDCIDPConfig{},
ctx: context.Background(),
instanceID: "INSTANCE",
config: &domain.OIDCIDPConfig{},
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
@@ -62,7 +64,8 @@ func TestCommandSide_ChangeDefaultIDPOIDCConfig(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
ctx: context.Background(),
instanceID: "INSTANCE",
config: &domain.OIDCIDPConfig{
IDPConfigID: "config1",
},
@@ -79,7 +82,7 @@ func TestCommandSide_ChangeDefaultIDPOIDCConfig(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewIDPConfigAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"config1",
"name1",
domain.IDPConfigTypeOIDC,
@@ -89,7 +92,7 @@ func TestCommandSide_ChangeDefaultIDPOIDCConfig(t *testing.T) {
),
eventFromEventPusher(
instance.NewIDPOIDCConfigAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"clientid1",
"config1",
"issuer",
@@ -108,7 +111,7 @@ func TestCommandSide_ChangeDefaultIDPOIDCConfig(t *testing.T) {
),
eventFromEventPusher(
instance.NewIDPConfigRemovedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"config1",
"name",
),
@@ -117,7 +120,8 @@ func TestCommandSide_ChangeDefaultIDPOIDCConfig(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
ctx: context.Background(),
instanceID: "INSTANCE",
config: &domain.OIDCIDPConfig{
IDPConfigID: "config1",
},
@@ -134,7 +138,7 @@ func TestCommandSide_ChangeDefaultIDPOIDCConfig(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewIDPConfigAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"config1",
"name1",
domain.IDPConfigTypeOIDC,
@@ -144,7 +148,7 @@ func TestCommandSide_ChangeDefaultIDPOIDCConfig(t *testing.T) {
),
eventFromEventPusher(
instance.NewIDPOIDCConfigAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"clientid1",
"config1",
"issuer",
@@ -166,7 +170,8 @@ func TestCommandSide_ChangeDefaultIDPOIDCConfig(t *testing.T) {
secretCrypto: crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
},
args: args{
ctx: context.Background(),
ctx: context.Background(),
instanceID: "INSTANCE",
config: &domain.OIDCIDPConfig{
IDPConfigID: "config1",
ClientID: "clientid1",
@@ -190,7 +195,7 @@ func TestCommandSide_ChangeDefaultIDPOIDCConfig(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewIDPConfigAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"config1",
"name1",
domain.IDPConfigTypeOIDC,
@@ -200,7 +205,7 @@ func TestCommandSide_ChangeDefaultIDPOIDCConfig(t *testing.T) {
),
eventFromEventPusher(
instance.NewIDPOIDCConfigAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"clientid1",
"config1",
"issuer",
@@ -244,7 +249,8 @@ func TestCommandSide_ChangeDefaultIDPOIDCConfig(t *testing.T) {
secretCrypto: crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
},
args: args{
ctx: context.Background(),
ctx: context.Background(),
instanceID: "INSTANCE",
config: &domain.OIDCIDPConfig{
IDPConfigID: "config1",
ClientID: "clientid-changed",
@@ -260,8 +266,8 @@ func TestCommandSide_ChangeDefaultIDPOIDCConfig(t *testing.T) {
res: res{
want: &domain.OIDCIDPConfig{
ObjectRoot: models.ObjectRoot{
AggregateID: "IAM",
ResourceOwner: "IAM",
AggregateID: "INSTANCE",
ResourceOwner: "INSTANCE",
},
IDPConfigID: "config1",
ClientID: "clientid-changed",
@@ -297,7 +303,7 @@ func TestCommandSide_ChangeDefaultIDPOIDCConfig(t *testing.T) {
func newDefaultIDPOIDCConfigChangedEvent(ctx context.Context, configID, clientID, issuer, authorizationEndpoint, tokenEndpoint string, secret *crypto.CryptoValue, displayMapping, usernameMapping domain.OIDCMappingField, scopes []string) *instance.IDPOIDCConfigChangedEvent {
event, _ := instance.NewIDPOIDCConfigChangedEvent(ctx,
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
configID,
[]idpconfig.OIDCConfigChanges{
idpconfig.ChangeClientID(clientID),

4
internal/command/instance_member.go
View File

@@ -17,7 +17,7 @@ func (c *Commands) AddInstanceMember(ctx context.Context, member *domain.Member)
if member.UserID == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-Mf83b", "Errors.IAM.MemberInvalid")
}
addedMember := NewInstanceMemberWriteModel(member.UserID)
addedMember := NewInstanceMemberWriteModel(ctx, member.UserID)
instanceAgg := InstanceAggregateFromWriteModel(&addedMember.MemberWriteModel.WriteModel)
err := c.checkUserExists(ctx, addedMember.UserID, "")
if err != nil {
@@ -128,7 +128,7 @@ func (c *Commands) instanceMemberWriteModelByID(ctx context.Context, userID stri
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
writeModel := NewInstanceMemberWriteModel(userID)
writeModel := NewInstanceMemberWriteModel(ctx, userID)
err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil {
return nil, err

10
internal/command/instance_member_model.go
View File

@@ -1,7 +1,9 @@
package command
import (
"github.com/caos/zitadel/internal/domain"
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/repository/instance"
)
@@ -10,12 +12,12 @@ type InstanceMemberWriteModel struct {
MemberWriteModel
}
func NewInstanceMemberWriteModel(userID string) *InstanceMemberWriteModel {
func NewInstanceMemberWriteModel(ctx context.Context, userID string) *InstanceMemberWriteModel {
return &InstanceMemberWriteModel{
MemberWriteModel{
WriteModel: eventstore.WriteModel{
AggregateID: domain.IAMID,
ResourceOwner: domain.IAMID,
AggregateID: authz.GetInstance(ctx).InstanceID(),
ResourceOwner: authz.GetInstance(ctx).InstanceID(),
},
UserID: userID,
},

65
internal/command/instance_member_test.go
View File

@@ -2,6 +2,8 @@ package command
import (
"context"
"testing"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/domain"
caos_errs "github.com/caos/zitadel/internal/errors"
@@ -13,7 +15,6 @@ import (
"github.com/caos/zitadel/internal/repository/user"
"github.com/stretchr/testify/assert"
"golang.org/x/text/language"
"testing"
)
func TestCommandSide_AddIAMMember(t *testing.T) {
@@ -127,7 +128,7 @@ func TestCommandSide_AddIAMMember(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewMemberAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"user1",
),
),
@@ -174,13 +175,13 @@ func TestCommandSide_AddIAMMember(t *testing.T) {
expectFilter(),
expectPushFailed(caos_errs.ThrowAlreadyExists(nil, "ERROR", "internal"),
[]*repository.Event{
eventFromEventPusher(instance.NewMemberAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
eventFromEventPusherWithInstanceID("INSTANCE", instance.NewMemberAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
"user1",
[]string{"IAM_OWNER"}...,
)),
},
uniqueConstraintsFromEventConstraint(member.NewAddMemberUniqueConstraint("IAM", "user1")),
uniqueConstraintsFromEventConstraintWithInstanceID("INSTANCE", member.NewAddMemberUniqueConstraint("INSTANCE", "user1")),
),
),
zitadelRoles: []authz.RoleMapping{
@@ -190,7 +191,7 @@ func TestCommandSide_AddIAMMember(t *testing.T) {
},
},
args: args{
ctx: context.Background(),
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
member: &domain.Member{
UserID: "user1",
Roles: []string{"IAM_OWNER"},
@@ -206,7 +207,8 @@ func TestCommandSide_AddIAMMember(t *testing.T) {
eventstore: eventstoreExpect(
t,
expectFilter(
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
user.NewHumanAddedEvent(context.Background(),
&user.NewAggregate("user1", "org1").Aggregate,
"username1",
@@ -224,13 +226,15 @@ func TestCommandSide_AddIAMMember(t *testing.T) {
expectFilter(),
expectPush(
[]*repository.Event{
eventFromEventPusher(instance.NewMemberAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
"user1",
[]string{"IAM_OWNER"}...,
)),
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewMemberAddedEvent(context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
"user1",
[]string{"IAM_OWNER"}...,
)),
},
uniqueConstraintsFromEventConstraint(member.NewAddMemberUniqueConstraint("IAM", "user1")),
uniqueConstraintsFromEventConstraintWithInstanceID("INSTANCE", member.NewAddMemberUniqueConstraint("INSTANCE", "user1")),
),
),
zitadelRoles: []authz.RoleMapping{
@@ -240,7 +244,7 @@ func TestCommandSide_AddIAMMember(t *testing.T) {
},
},
args: args{
ctx: context.Background(),
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
member: &domain.Member{
UserID: "user1",
Roles: []string{"IAM_OWNER"},
@@ -249,8 +253,9 @@ func TestCommandSide_AddIAMMember(t *testing.T) {
res: res{
want: &domain.Member{
ObjectRoot: models.ObjectRoot{
ResourceOwner: "IAM",
AggregateID: "IAM",
InstanceID: "INSTANCE",
ResourceOwner: "INSTANCE",
AggregateID: "INSTANCE",
},
UserID: "user1",
Roles: []string{"IAM_OWNER"},
@@ -284,8 +289,9 @@ func TestCommandSide_ChangeIAMMember(t *testing.T) {
zitadelRoles []authz.RoleMapping
}
type args struct {
ctx context.Context
member *domain.Member
ctx context.Context
instanceID string
member *domain.Member
}
type res struct {
want *domain.Member
@@ -362,7 +368,7 @@ func TestCommandSide_ChangeIAMMember(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewMemberAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"user1",
[]string{"IAM_OWNER"}...,
),
@@ -394,7 +400,7 @@ func TestCommandSide_ChangeIAMMember(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewMemberAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"user1",
[]string{"IAM_OWNER"}...,
),
@@ -403,7 +409,7 @@ func TestCommandSide_ChangeIAMMember(t *testing.T) {
expectPush(
[]*repository.Event{
eventFromEventPusher(instance.NewMemberChangedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"user1",
[]string{"IAM_OWNER", "IAM_OWNER_VIEWER"}...,
)),
@@ -429,8 +435,8 @@ func TestCommandSide_ChangeIAMMember(t *testing.T) {
res: res{
want: &domain.Member{
ObjectRoot: models.ObjectRoot{
ResourceOwner: "IAM",
AggregateID: "IAM",
ResourceOwner: "INSTANCE",
AggregateID: "INSTANCE",
},
UserID: "user1",
Roles: []string{"IAM_OWNER", "IAM_OWNER_VIEWER"},
@@ -463,8 +469,9 @@ func TestCommandSide_RemoveIAMMember(t *testing.T) {
eventstore *eventstore.Eventstore
}
type args struct {
ctx context.Context
userID string
ctx context.Context
instanceID string
userID string
}
type res struct {
want *domain.ObjectDetails
@@ -515,7 +522,7 @@ func TestCommandSide_RemoveIAMMember(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewMemberAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"user1",
[]string{"IAM_OWNER"}...,
),
@@ -524,11 +531,11 @@ func TestCommandSide_RemoveIAMMember(t *testing.T) {
expectPush(
[]*repository.Event{
eventFromEventPusher(instance.NewMemberRemovedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"user1",
)),
},
uniqueConstraintsFromEventConstraint(member.NewRemoveMemberUniqueConstraint("IAM", "user1")),
uniqueConstraintsFromEventConstraint(member.NewRemoveMemberUniqueConstraint("INSTANCE", "user1")),
),
),
},
@@ -538,7 +545,7 @@ func TestCommandSide_RemoveIAMMember(t *testing.T) {
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "IAM",
ResourceOwner: "INSTANCE",
},
},
},

30
internal/command/instance_model.go
View File

@@ -1,15 +1,20 @@
package command
import (
"golang.org/x/text/language"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/repository/instance"
"golang.org/x/text/language"
)
type InstanceWriteModel struct {
eventstore.WriteModel
Name string
State domain.InstanceState
GeneratedDomain string
SetUpStarted domain.Step
SetUpDone domain.Step
@@ -18,11 +23,11 @@ type InstanceWriteModel struct {
DefaultLanguage language.Tag
}
func NewInstanceWriteModel() *InstanceWriteModel {
func NewInstanceWriteModel(instanceID string) *InstanceWriteModel {
return &InstanceWriteModel{
WriteModel: eventstore.WriteModel{
AggregateID: domain.IAMID,
ResourceOwner: domain.IAMID,
AggregateID: instanceID,
ResourceOwner: instanceID,
},
}
}
@@ -30,6 +35,18 @@ func NewInstanceWriteModel() *InstanceWriteModel {
func (wm *InstanceWriteModel) Reduce() error {
for _, event := range wm.Events {
switch e := event.(type) {
case *instance.InstanceAddedEvent:
wm.Name = e.Name
wm.State = domain.InstanceStateActive
case *instance.InstanceChangedEvent:
wm.Name = e.Name
case *instance.InstanceRemovedEvent:
wm.State = domain.InstanceStateRemoved
case *instance.DomainAddedEvent:
if !e.Generated {
continue
}
wm.GeneratedDomain = e.Domain
case *instance.ProjectSetEvent:
wm.ProjectID = e.ProjectID
case *instance.GlobalOrgSetEvent:
@@ -54,6 +71,11 @@ func (wm *InstanceWriteModel) Query() *eventstore.SearchQueryBuilder {
AggregateTypes(instance.AggregateType).
AggregateIDs(wm.AggregateID).
EventTypes(
instance.InstanceAddedEventType,
instance.InstanceChangedEventType,
instance.InstanceRemovedEventType,
instance.InstanceDomainAddedEventType,
instance.InstanceDomainRemovedEventType,
instance.ProjectSetEventType,
instance.GlobalOrgSetEventType,
instance.DefaultLanguageSetEventType,

2
internal/command/instance_oidc_settings.go
View File

@@ -69,7 +69,7 @@ func (c *Commands) ChangeOIDCSettings(ctx context.Context, settings *domain.OIDC
}
func (c *Commands) getOIDCSettings(ctx context.Context) (_ *InstanceOIDCSettingsWriteModel, err error) {
writeModel := NewInstanceOIDCSettingsWriteModel()
writeModel := NewInstanceOIDCSettingsWriteModel(ctx)
err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil {
return nil, err

7
internal/command/instance_oidc_settings_model.go
View File

@@ -4,6 +4,7 @@ import (
"context"
"time"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/repository/instance"
@@ -19,11 +20,11 @@ type InstanceOIDCSettingsWriteModel struct {
State domain.OIDCSettingsState
}
func NewInstanceOIDCSettingsWriteModel() *InstanceOIDCSettingsWriteModel {
func NewInstanceOIDCSettingsWriteModel(ctx context.Context) *InstanceOIDCSettingsWriteModel {
return &InstanceOIDCSettingsWriteModel{
WriteModel: eventstore.WriteModel{
AggregateID: domain.IAMID,
ResourceOwner: domain.IAMID,
AggregateID: authz.GetInstance(ctx).InstanceID(),
ResourceOwner: authz.GetInstance(ctx).InstanceID(),
},
}
}

33
internal/command/instance_oidc_settings_test.go
View File

@@ -5,6 +5,7 @@ import (
"testing"
"time"
"github.com/caos/zitadel/internal/api/authz"
"github.com/stretchr/testify/assert"
"github.com/caos/zitadel/internal/domain"
@@ -40,7 +41,7 @@ func TestCommandSide_AddOIDCConfig(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewOIDCSettingsAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
time.Hour*1,
time.Hour*1,
time.Hour*1,
@@ -71,21 +72,23 @@ func TestCommandSide_AddOIDCConfig(t *testing.T) {
expectFilter(),
expectPush(
[]*repository.Event{
eventFromEventPusher(instance.NewOIDCSettingsAddedEvent(
context.Background(),
&instance.NewAggregate().Aggregate,
time.Hour*1,
time.Hour*1,
time.Hour*1,
time.Hour*1,
),
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewOIDCSettingsAddedEvent(
context.Background(),
&instance.NewAggregate("INSTANCE").Aggregate,
time.Hour*1,
time.Hour*1,
time.Hour*1,
time.Hour*1,
),
),
},
),
),
},
args: args{
ctx: context.Background(),
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
oidcConfig: &domain.OIDCSettings{
AccessTokenLifetime: 1 * time.Hour,
IdTokenLifetime: 1 * time.Hour,
@@ -95,7 +98,7 @@ func TestCommandSide_AddOIDCConfig(t *testing.T) {
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "IAM",
ResourceOwner: "INSTANCE",
},
},
},
@@ -161,7 +164,7 @@ func TestCommandSide_ChangeOIDCConfig(t *testing.T) {
eventFromEventPusher(
instance.NewOIDCSettingsAddedEvent(
context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
time.Hour*1,
time.Hour*1,
time.Hour*1,
@@ -193,7 +196,7 @@ func TestCommandSide_ChangeOIDCConfig(t *testing.T) {
eventFromEventPusher(
instance.NewOIDCSettingsAddedEvent(
context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
time.Hour*1,
time.Hour*1,
time.Hour*1,
@@ -225,7 +228,7 @@ func TestCommandSide_ChangeOIDCConfig(t *testing.T) {
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "IAM",
ResourceOwner: "INSTANCE",
},
},
},
@@ -257,7 +260,7 @@ func newOIDCConfigChangedEvent(ctx context.Context, accessTokenLifetime, idToken
instance.ChangeOIDCSettingsRefreshTokenExpiration(refreshTokenExpiration),
}
event, _ := instance.NewOIDCSettingsChangeEvent(ctx,
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
changes,
)
return event

4
internal/command/instance_policy_domain.go
View File

@@ -11,7 +11,7 @@ import (
)
func (c *Commands) AddDefaultDomainPolicy(ctx context.Context, policy *domain.DomainPolicy) (*domain.DomainPolicy, error) {
addedPolicy := NewInstanceDomainPolicyWriteModel()
addedPolicy := NewInstanceDomainPolicyWriteModel(ctx)
instanceAgg := InstanceAggregateFromWriteModel(&addedPolicy.WriteModel)
event, err := c.addDefaultDomainPolicy(ctx, instanceAgg, addedPolicy, policy)
if err != nil {
@@ -83,7 +83,7 @@ func (c *Commands) defaultDomainPolicyWriteModelByID(ctx context.Context) (polic
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
writeModel := NewInstanceDomainPolicyWriteModel()
writeModel := NewInstanceDomainPolicyWriteModel(ctx)
err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil {
return nil, err

8
internal/command/instance_policy_domain_model.go
View File

@@ -3,9 +3,9 @@ package command
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/repository/instance"
"github.com/caos/zitadel/internal/repository/policy"
)
@@ -14,12 +14,12 @@ type InstanceDomainPolicyWriteModel struct {
PolicyDomainWriteModel
}
func NewInstanceDomainPolicyWriteModel() *InstanceDomainPolicyWriteModel {
func NewInstanceDomainPolicyWriteModel(ctx context.Context) *InstanceDomainPolicyWriteModel {
return &InstanceDomainPolicyWriteModel{
PolicyDomainWriteModel{
WriteModel: eventstore.WriteModel{
AggregateID: domain.IAMID,
ResourceOwner: domain.IAMID,
AggregateID: authz.GetInstance(ctx).InstanceID(),
ResourceOwner: authz.GetInstance(ctx).InstanceID(),
},
},
}

25
internal/command/instance_policy_domain_test.go
View File

@@ -4,6 +4,7 @@ import (
"context"
"testing"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/domain"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
@@ -40,7 +41,7 @@ func TestCommandSide_AddDefaultDomainPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewDomainPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
true,
),
),
@@ -65,9 +66,10 @@ func TestCommandSide_AddDefaultDomainPolicy(t *testing.T) {
expectFilter(),
expectPush(
[]*repository.Event{
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewDomainPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
true,
),
),
@@ -76,7 +78,7 @@ func TestCommandSide_AddDefaultDomainPolicy(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
policy: &domain.DomainPolicy{
UserLoginMustBeDomain: true,
},
@@ -84,8 +86,9 @@ func TestCommandSide_AddDefaultDomainPolicy(t *testing.T) {
res: res{
want: &domain.DomainPolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: "IAM",
ResourceOwner: "IAM",
InstanceID: "INSTANCE",
AggregateID: "INSTANCE",
ResourceOwner: "INSTANCE",
},
UserLoginMustBeDomain: true,
},
@@ -155,7 +158,7 @@ func TestCommandSide_ChangeDefaultDomainPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewDomainPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
true,
),
),
@@ -180,7 +183,7 @@ func TestCommandSide_ChangeDefaultDomainPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewDomainPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
true,
),
),
@@ -203,8 +206,8 @@ func TestCommandSide_ChangeDefaultDomainPolicy(t *testing.T) {
res: res{
want: &domain.DomainPolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: "IAM",
ResourceOwner: "IAM",
AggregateID: "INSTANCE",
ResourceOwner: "INSTANCE",
},
UserLoginMustBeDomain: false,
},
@@ -232,7 +235,7 @@ func TestCommandSide_ChangeDefaultDomainPolicy(t *testing.T) {
func newDefaultDomainPolicyChangedEvent(ctx context.Context, userLoginMustBeDomain bool) *instance.DomainPolicyChangedEvent {
event, _ := instance.NewDomainPolicyChangedEvent(ctx,
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
[]policy.OrgPolicyChanges{
policy.ChangeUserLoginMustBeDomain(userLoginMustBeDomain),
},

15
internal/command/instance_policy_label.go
View File

@@ -3,6 +3,7 @@ package command
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/domain"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
@@ -11,7 +12,7 @@ import (
)
func (c *Commands) AddDefaultLabelPolicy(ctx context.Context, policy *domain.LabelPolicy) (*domain.LabelPolicy, error) {
addedPolicy := NewInstanceLabelPolicyWriteModel()
addedPolicy := NewInstanceLabelPolicyWriteModel(ctx)
instanceAgg := InstanceAggregateFromWriteModel(&addedPolicy.LabelPolicyWriteModel.WriteModel)
event, err := c.addDefaultLabelPolicy(ctx, instanceAgg, addedPolicy, policy)
if err != nil {
@@ -157,7 +158,7 @@ func (c *Commands) RemoveLogoDefaultLabelPolicy(ctx context.Context) (*domain.Ob
return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-Xc8Kf", "Errors.IAM.LabelPolicy.NotFound")
}
err = c.RemoveAsset(ctx, domain.IAMID, existingPolicy.LogoKey)
err = c.RemoveAsset(ctx, authz.GetInstance(ctx).InstanceID(), existingPolicy.LogoKey)
if err != nil {
return nil, err
}
@@ -206,7 +207,7 @@ func (c *Commands) RemoveIconDefaultLabelPolicy(ctx context.Context) (*domain.Ob
if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved {
return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-4M0qw", "Errors.IAM.LabelPolicy.NotFound")
}
err = c.RemoveAsset(ctx, domain.IAMID, existingPolicy.IconKey)
err = c.RemoveAsset(ctx, authz.GetInstance(ctx).InstanceID(), existingPolicy.IconKey)
if err != nil {
return nil, err
}
@@ -255,7 +256,7 @@ func (c *Commands) RemoveLogoDarkDefaultLabelPolicy(ctx context.Context) (*domai
if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved {
return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-3FGds", "Errors.IAM.LabelPolicy.NotFound")
}
err = c.RemoveAsset(ctx, domain.IAMID, existingPolicy.LogoDarkKey)
err = c.RemoveAsset(ctx, authz.GetInstance(ctx).InstanceID(), existingPolicy.LogoDarkKey)
if err != nil {
return nil, err
}
@@ -304,7 +305,7 @@ func (c *Commands) RemoveIconDarkDefaultLabelPolicy(ctx context.Context) (*domai
if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved {
return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-2nc7F", "Errors.IAM.LabelPolicy.NotFound")
}
err = c.RemoveAsset(ctx, domain.IAMID, existingPolicy.IconDarkKey)
err = c.RemoveAsset(ctx, authz.GetInstance(ctx).InstanceID(), existingPolicy.IconDarkKey)
if err != nil {
return nil, err
}
@@ -353,7 +354,7 @@ func (c *Commands) RemoveFontDefaultLabelPolicy(ctx context.Context) (*domain.Ob
if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved {
return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-Tk0gw", "Errors.IAM.LabelPolicy.NotFound")
}
err = c.RemoveAsset(ctx, domain.IAMID, existingPolicy.FontKey)
err = c.RemoveAsset(ctx, authz.GetInstance(ctx).InstanceID(), existingPolicy.FontKey)
if err != nil {
return nil, err
}
@@ -373,7 +374,7 @@ func (c *Commands) defaultLabelPolicyWriteModelByID(ctx context.Context) (policy
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
writeModel := NewInstanceLabelPolicyWriteModel()
writeModel := NewInstanceLabelPolicyWriteModel(ctx)
err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil {
return nil, err

8
internal/command/instance_policy_label_model.go
View File

@@ -3,7 +3,7 @@ package command
import (
"context"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/repository/instance"
"github.com/caos/zitadel/internal/repository/policy"
@@ -13,12 +13,12 @@ type InstanceLabelPolicyWriteModel struct {
LabelPolicyWriteModel
}
func NewInstanceLabelPolicyWriteModel() *InstanceLabelPolicyWriteModel {
func NewInstanceLabelPolicyWriteModel(ctx context.Context) *InstanceLabelPolicyWriteModel {
return &InstanceLabelPolicyWriteModel{
LabelPolicyWriteModel{
WriteModel: eventstore.WriteModel{
AggregateID: domain.IAMID,
ResourceOwner: domain.IAMID,
AggregateID: authz.GetInstance(ctx).InstanceID(),
ResourceOwner: authz.GetInstance(ctx).InstanceID(),
},
},
}

122
internal/command/instance_policy_label_test.go
View File

@@ -4,6 +4,7 @@ import (
"context"
"testing"
"github.com/caos/zitadel/internal/api/authz"
"github.com/golang/mock/gomock"
"github.com/stretchr/testify/assert"
@@ -44,7 +45,7 @@ func TestCommandSide_AddDefaultLabelPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLabelPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"#ffffff",
"#ffffff",
"#ffffff",
@@ -89,9 +90,10 @@ func TestCommandSide_AddDefaultLabelPolicy(t *testing.T) {
expectFilter(),
expectPush(
[]*repository.Event{
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewLabelPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"#ffffff",
"#ffffff",
"#ffffff",
@@ -110,7 +112,7 @@ func TestCommandSide_AddDefaultLabelPolicy(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
policy: &domain.LabelPolicy{
PrimaryColor: "#ffffff",
BackgroundColor: "#ffffff",
@@ -128,8 +130,9 @@ func TestCommandSide_AddDefaultLabelPolicy(t *testing.T) {
res: res{
want: &domain.LabelPolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: "IAM",
ResourceOwner: "IAM",
InstanceID: "INSTANCE",
AggregateID: "INSTANCE",
ResourceOwner: "INSTANCE",
},
PrimaryColor: "#ffffff",
BackgroundColor: "#ffffff",
@@ -211,7 +214,7 @@ func TestCommandSide_ChangeDefaultLabelPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLabelPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"#ffffff",
"#ffffff",
"#ffffff",
@@ -256,7 +259,7 @@ func TestCommandSide_ChangeDefaultLabelPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLabelPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"#ffffff",
"#ffffff",
"#ffffff",
@@ -311,8 +314,8 @@ func TestCommandSide_ChangeDefaultLabelPolicy(t *testing.T) {
res: res{
want: &domain.LabelPolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: "IAM",
ResourceOwner: "IAM",
AggregateID: "INSTANCE",
ResourceOwner: "INSTANCE",
},
PrimaryColor: "#000000",
BackgroundColor: "#000000",
@@ -388,7 +391,7 @@ func TestCommandSide_ActivateDefaultLabelPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLabelPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"#ffffff",
"#ffffff",
"#ffffff",
@@ -407,7 +410,7 @@ func TestCommandSide_ActivateDefaultLabelPolicy(t *testing.T) {
[]*repository.Event{
eventFromEventPusher(
instance.NewLabelPolicyActivatedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
),
),
},
@@ -419,7 +422,7 @@ func TestCommandSide_ActivateDefaultLabelPolicy(t *testing.T) {
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "IAM",
ResourceOwner: "INSTANCE",
},
},
},
@@ -500,7 +503,7 @@ func TestCommandSide_AddLogoDefaultLabelPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLabelPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"#ffffff",
"#ffffff",
"#ffffff",
@@ -519,7 +522,7 @@ func TestCommandSide_AddLogoDefaultLabelPolicy(t *testing.T) {
[]*repository.Event{
eventFromEventPusher(
instance.NewLabelPolicyLogoAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"key",
),
),
@@ -533,7 +536,7 @@ func TestCommandSide_AddLogoDefaultLabelPolicy(t *testing.T) {
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "IAM",
ResourceOwner: "INSTANCE",
},
},
},
@@ -600,7 +603,7 @@ func TestCommandSide_RemoveLogoDefaultLabelPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLabelPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"#ffffff",
"#ffffff",
"#ffffff",
@@ -616,7 +619,7 @@ func TestCommandSide_RemoveLogoDefaultLabelPolicy(t *testing.T) {
),
eventFromEventPusher(
instance.NewLabelPolicyLogoAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"key",
),
),
@@ -639,7 +642,7 @@ func TestCommandSide_RemoveLogoDefaultLabelPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLabelPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"#ffffff",
"#ffffff",
"#ffffff",
@@ -655,7 +658,7 @@ func TestCommandSide_RemoveLogoDefaultLabelPolicy(t *testing.T) {
),
eventFromEventPusher(
instance.NewLabelPolicyLogoAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"key",
),
),
@@ -664,7 +667,7 @@ func TestCommandSide_RemoveLogoDefaultLabelPolicy(t *testing.T) {
[]*repository.Event{
eventFromEventPusher(
instance.NewLabelPolicyLogoRemovedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"key",
),
),
@@ -677,7 +680,7 @@ func TestCommandSide_RemoveLogoDefaultLabelPolicy(t *testing.T) {
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "IAM",
ResourceOwner: "INSTANCE",
},
},
},
@@ -758,7 +761,7 @@ func TestCommandSide_AddIconDefaultLabelPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLabelPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"#ffffff",
"#ffffff",
"#ffffff",
@@ -777,7 +780,7 @@ func TestCommandSide_AddIconDefaultLabelPolicy(t *testing.T) {
[]*repository.Event{
eventFromEventPusher(
instance.NewLabelPolicyIconAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"key",
),
),
@@ -791,7 +794,7 @@ func TestCommandSide_AddIconDefaultLabelPolicy(t *testing.T) {
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "IAM",
ResourceOwner: "INSTANCE",
},
},
},
@@ -857,7 +860,7 @@ func TestCommandSide_RemoveIconDefaultLabelPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLabelPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"#ffffff",
"#ffffff",
"#ffffff",
@@ -873,7 +876,7 @@ func TestCommandSide_RemoveIconDefaultLabelPolicy(t *testing.T) {
),
eventFromEventPusher(
instance.NewLabelPolicyIconAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"key",
),
),
@@ -882,7 +885,7 @@ func TestCommandSide_RemoveIconDefaultLabelPolicy(t *testing.T) {
[]*repository.Event{
eventFromEventPusher(
instance.NewLabelPolicyIconRemovedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"key",
),
),
@@ -895,7 +898,7 @@ func TestCommandSide_RemoveIconDefaultLabelPolicy(t *testing.T) {
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "IAM",
ResourceOwner: "INSTANCE",
},
},
},
@@ -926,6 +929,7 @@ func TestCommandSide_AddLogoDarkDefaultLabelPolicy(t *testing.T) {
}
type args struct {
ctx context.Context
instanceID string
storageKey string
}
type res struct {
@@ -946,7 +950,8 @@ func TestCommandSide_AddLogoDarkDefaultLabelPolicy(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
ctx: context.Background(),
instanceID: "INSTANCE",
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
@@ -962,6 +967,7 @@ func TestCommandSide_AddLogoDarkDefaultLabelPolicy(t *testing.T) {
},
args: args{
ctx: context.Background(),
instanceID: "INSTANCE",
storageKey: "key",
},
res: res{
@@ -976,7 +982,7 @@ func TestCommandSide_AddLogoDarkDefaultLabelPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLabelPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"#ffffff",
"#ffffff",
"#ffffff",
@@ -995,7 +1001,7 @@ func TestCommandSide_AddLogoDarkDefaultLabelPolicy(t *testing.T) {
[]*repository.Event{
eventFromEventPusher(
instance.NewLabelPolicyLogoDarkAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"key",
),
),
@@ -1009,7 +1015,7 @@ func TestCommandSide_AddLogoDarkDefaultLabelPolicy(t *testing.T) {
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "IAM",
ResourceOwner: "INSTANCE",
},
},
},
@@ -1075,7 +1081,7 @@ func TestCommandSide_RemoveLogoDarkDefaultLabelPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLabelPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"#ffffff",
"#ffffff",
"#ffffff",
@@ -1091,7 +1097,7 @@ func TestCommandSide_RemoveLogoDarkDefaultLabelPolicy(t *testing.T) {
),
eventFromEventPusher(
instance.NewLabelPolicyLogoDarkAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"key",
),
),
@@ -1114,7 +1120,7 @@ func TestCommandSide_RemoveLogoDarkDefaultLabelPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLabelPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"#ffffff",
"#ffffff",
"#ffffff",
@@ -1130,7 +1136,7 @@ func TestCommandSide_RemoveLogoDarkDefaultLabelPolicy(t *testing.T) {
),
eventFromEventPusher(
instance.NewLabelPolicyLogoDarkAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"key",
),
),
@@ -1139,7 +1145,7 @@ func TestCommandSide_RemoveLogoDarkDefaultLabelPolicy(t *testing.T) {
[]*repository.Event{
eventFromEventPusher(
instance.NewLabelPolicyLogoDarkRemovedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"key",
),
),
@@ -1152,7 +1158,7 @@ func TestCommandSide_RemoveLogoDarkDefaultLabelPolicy(t *testing.T) {
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "IAM",
ResourceOwner: "INSTANCE",
},
},
},
@@ -1233,7 +1239,7 @@ func TestCommandSide_AddIconDarkDefaultLabelPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLabelPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"#ffffff",
"#ffffff",
"#ffffff",
@@ -1252,7 +1258,7 @@ func TestCommandSide_AddIconDarkDefaultLabelPolicy(t *testing.T) {
[]*repository.Event{
eventFromEventPusher(
instance.NewLabelPolicyIconDarkAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"key",
),
),
@@ -1266,7 +1272,7 @@ func TestCommandSide_AddIconDarkDefaultLabelPolicy(t *testing.T) {
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "IAM",
ResourceOwner: "INSTANCE",
},
},
},
@@ -1332,7 +1338,7 @@ func TestCommandSide_RemoveIconDarkDefaultLabelPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLabelPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"#ffffff",
"#ffffff",
"#ffffff",
@@ -1348,7 +1354,7 @@ func TestCommandSide_RemoveIconDarkDefaultLabelPolicy(t *testing.T) {
),
eventFromEventPusher(
instance.NewLabelPolicyIconDarkAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"key",
),
),
@@ -1371,7 +1377,7 @@ func TestCommandSide_RemoveIconDarkDefaultLabelPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLabelPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"#ffffff",
"#ffffff",
"#ffffff",
@@ -1387,7 +1393,7 @@ func TestCommandSide_RemoveIconDarkDefaultLabelPolicy(t *testing.T) {
),
eventFromEventPusher(
instance.NewLabelPolicyIconDarkAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"key",
),
),
@@ -1396,7 +1402,7 @@ func TestCommandSide_RemoveIconDarkDefaultLabelPolicy(t *testing.T) {
[]*repository.Event{
eventFromEventPusher(
instance.NewLabelPolicyIconDarkRemovedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"key",
),
),
@@ -1409,7 +1415,7 @@ func TestCommandSide_RemoveIconDarkDefaultLabelPolicy(t *testing.T) {
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "IAM",
ResourceOwner: "INSTANCE",
},
},
},
@@ -1490,7 +1496,7 @@ func TestCommandSide_AddFontDefaultLabelPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLabelPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"#ffffff",
"#ffffff",
"#ffffff",
@@ -1509,7 +1515,7 @@ func TestCommandSide_AddFontDefaultLabelPolicy(t *testing.T) {
[]*repository.Event{
eventFromEventPusher(
instance.NewLabelPolicyFontAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"key",
),
),
@@ -1523,7 +1529,7 @@ func TestCommandSide_AddFontDefaultLabelPolicy(t *testing.T) {
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "IAM",
ResourceOwner: "INSTANCE",
},
},
},
@@ -1589,7 +1595,7 @@ func TestCommandSide_RemoveFontDefaultLabelPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLabelPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"#ffffff",
"#ffffff",
"#ffffff",
@@ -1605,7 +1611,7 @@ func TestCommandSide_RemoveFontDefaultLabelPolicy(t *testing.T) {
),
eventFromEventPusher(
instance.NewLabelPolicyFontAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"key",
),
),
@@ -1628,7 +1634,7 @@ func TestCommandSide_RemoveFontDefaultLabelPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLabelPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"#ffffff",
"#ffffff",
"#ffffff",
@@ -1644,7 +1650,7 @@ func TestCommandSide_RemoveFontDefaultLabelPolicy(t *testing.T) {
),
eventFromEventPusher(
instance.NewLabelPolicyFontAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"key",
),
),
@@ -1653,7 +1659,7 @@ func TestCommandSide_RemoveFontDefaultLabelPolicy(t *testing.T) {
[]*repository.Event{
eventFromEventPusher(
instance.NewLabelPolicyFontRemovedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"key",
),
),
@@ -1666,7 +1672,7 @@ func TestCommandSide_RemoveFontDefaultLabelPolicy(t *testing.T) {
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "IAM",
ResourceOwner: "INSTANCE",
},
},
},
@@ -1693,7 +1699,7 @@ func TestCommandSide_RemoveFontDefaultLabelPolicy(t *testing.T) {
func newDefaultLabelPolicyChangedEvent(ctx context.Context, primaryColor, backgroundColor, warnColor, fontColor, primaryColorDark, backgroundColorDark, warnColorDark, fontColorDark string, hideLoginNameSuffix, errMsgPopup, disableWatermark bool) *instance.LabelPolicyChangedEvent {
event, _ := instance.NewLabelPolicyChangedEvent(ctx,
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
[]policy.LabelPolicyChanges{
policy.ChangePrimaryColor(primaryColor),
policy.ChangeBackgroundColor(backgroundColor),

24
internal/command/instance_policy_login.go
View File

@@ -12,7 +12,7 @@ import (
)
func (c *Commands) getDefaultLoginPolicy(ctx context.Context) (*domain.LoginPolicy, error) {
policyWriteModel := NewInstanceLoginPolicyWriteModel()
policyWriteModel := NewInstanceLoginPolicyWriteModel(ctx)
err := c.eventstore.FilterToQueryReducer(ctx, policyWriteModel)
if err != nil {
return nil, err
@@ -23,7 +23,7 @@ func (c *Commands) getDefaultLoginPolicy(ctx context.Context) (*domain.LoginPoli
}
func (c *Commands) AddDefaultLoginPolicy(ctx context.Context, policy *domain.LoginPolicy) (*domain.LoginPolicy, error) {
addedPolicy := NewInstanceLoginPolicyWriteModel()
addedPolicy := NewInstanceLoginPolicyWriteModel(ctx)
instanceAgg := InstanceAggregateFromWriteModel(&addedPolicy.WriteModel)
event, err := c.addDefaultLoginPolicy(ctx, instanceAgg, addedPolicy, policy)
if err != nil {
@@ -65,7 +65,7 @@ func (c *Commands) addDefaultLoginPolicy(ctx context.Context, instanceAgg *event
}
func (c *Commands) ChangeDefaultLoginPolicy(ctx context.Context, policy *domain.LoginPolicy) (*domain.LoginPolicy, error) {
existingPolicy := NewInstanceLoginPolicyWriteModel()
existingPolicy := NewInstanceLoginPolicyWriteModel(ctx)
instanceAgg := InstanceAggregateFromWriteModel(&existingPolicy.LoginPolicyWriteModel.WriteModel)
event, err := c.changeDefaultLoginPolicy(ctx, instanceAgg, existingPolicy, policy)
if err != nil {
@@ -113,7 +113,7 @@ func (c *Commands) AddIDPProviderToDefaultLoginPolicy(ctx context.Context, idpPr
if !idpProvider.IsValid() {
return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-9nf88", "Errors.IAM.LoginPolicy.IDP.Invalid")
}
existingPolicy := NewInstanceLoginPolicyWriteModel()
existingPolicy := NewInstanceLoginPolicyWriteModel(ctx)
err := c.defaultLoginPolicyWriteModelByID(ctx, existingPolicy)
if err != nil {
return nil, err
@@ -126,7 +126,7 @@ func (c *Commands) AddIDPProviderToDefaultLoginPolicy(ctx context.Context, idpPr
if err != nil {
return nil, caos_errs.ThrowPreconditionFailed(err, "INSTANCE-m8fsd", "Errors.IDPConfig.NotExisting")
}
idpModel := NewInstanceIdentityProviderWriteModel(idpProvider.IDPConfigID)
idpModel := NewInstanceIdentityProviderWriteModel(ctx, idpProvider.IDPConfigID)
err = c.eventstore.FilterToQueryReducer(ctx, idpModel)
if err != nil {
return nil, err
@@ -151,7 +151,7 @@ func (c *Commands) RemoveIDPProviderFromDefaultLoginPolicy(ctx context.Context,
if !idpProvider.IsValid() {
return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-66m9s", "Errors.IAM.LoginPolicy.IDP.Invalid")
}
existingPolicy := NewInstanceLoginPolicyWriteModel()
existingPolicy := NewInstanceLoginPolicyWriteModel(ctx)
err := c.defaultLoginPolicyWriteModelByID(ctx, existingPolicy)
if err != nil {
return nil, err
@@ -160,7 +160,7 @@ func (c *Commands) RemoveIDPProviderFromDefaultLoginPolicy(ctx context.Context,
return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-Dfg4t", "Errors.IAM.LoginPolicy.NotFound")
}
idpModel := NewInstanceIdentityProviderWriteModel(idpProvider.IDPConfigID)
idpModel := NewInstanceIdentityProviderWriteModel(ctx, idpProvider.IDPConfigID)
err = c.eventstore.FilterToQueryReducer(ctx, idpModel)
if err != nil {
return nil, err
@@ -193,7 +193,7 @@ func (c *Commands) removeIDPProviderFromDefaultLoginPolicy(ctx context.Context,
for _, idp := range cascadeExternalIDPs {
userEvent, _, err := c.removeUserIDPLink(ctx, idp, true)
if err != nil {
logging.LogWithFields("COMMAND-4nfsf", "userid", idp.AggregateID, "idp-id", idp.IDPConfigID).WithError(err).Warn("could not cascade remove externalidp in remove provider from policy")
logging.WithFields("COMMAND-4nfsf", "userid", idp.AggregateID, "idp-id", idp.IDPConfigID).WithError(err).Warn("could not cascade remove externalidp in remove provider from policy")
continue
}
events = append(events, userEvent)
@@ -205,7 +205,7 @@ func (c *Commands) AddSecondFactorToDefaultLoginPolicy(ctx context.Context, seco
if !secondFactor.Valid() {
return domain.SecondFactorTypeUnspecified, nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-5m9fs", "Errors.IAM.LoginPolicy.MFA.Unspecified")
}
secondFactorModel := NewInstanceSecondFactorWriteModel(secondFactor)
secondFactorModel := NewInstanceSecondFactorWriteModel(ctx, secondFactor)
instanceAgg := InstanceAggregateFromWriteModel(&secondFactorModel.SecondFactorWriteModel.WriteModel)
event, err := c.addSecondFactorToDefaultLoginPolicy(ctx, instanceAgg, secondFactorModel, secondFactor)
if err != nil {
@@ -239,7 +239,7 @@ func (c *Commands) RemoveSecondFactorFromDefaultLoginPolicy(ctx context.Context,
if !secondFactor.Valid() {
return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-55n8s", "Errors.IAM.LoginPolicy.MFA.Unspecified")
}
secondFactorModel := NewInstanceSecondFactorWriteModel(secondFactor)
secondFactorModel := NewInstanceSecondFactorWriteModel(ctx, secondFactor)
err := c.eventstore.FilterToQueryReducer(ctx, secondFactorModel)
if err != nil {
return nil, err
@@ -263,7 +263,7 @@ func (c *Commands) AddMultiFactorToDefaultLoginPolicy(ctx context.Context, multi
if !multiFactor.Valid() {
return domain.MultiFactorTypeUnspecified, nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-5m9fs", "Errors.IAM.LoginPolicy.MFA.Unspecified")
}
multiFactorModel := NewInstanceMultiFactorWriteModel(multiFactor)
multiFactorModel := NewInstanceMultiFactorWriteModel(ctx, multiFactor)
instanceAgg := InstanceAggregateFromWriteModel(&multiFactorModel.MultiFactorWriteModel.WriteModel)
event, err := c.addMultiFactorToDefaultLoginPolicy(ctx, instanceAgg, multiFactorModel, multiFactor)
if err != nil {
@@ -297,7 +297,7 @@ func (c *Commands) RemoveMultiFactorFromDefaultLoginPolicy(ctx context.Context,
if !multiFactor.Valid() {
return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-33m9F", "Errors.IAM.LoginPolicy.MFA.Unspecified")
}
multiFactorModel := NewInstanceMultiFactorWriteModel(multiFactor)
multiFactorModel := NewInstanceMultiFactorWriteModel(ctx, multiFactor)
err := c.eventstore.FilterToQueryReducer(ctx, multiFactorModel)
if err != nil {
return nil, err

15
internal/command/instance_policy_login_factors_model.go
View File

@@ -1,6 +1,9 @@
package command
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/repository/instance"
@@ -10,12 +13,12 @@ type InstanceSecondFactorWriteModel struct {
SecondFactorWriteModel
}
func NewInstanceSecondFactorWriteModel(factorType domain.SecondFactorType) *InstanceSecondFactorWriteModel {
func NewInstanceSecondFactorWriteModel(ctx context.Context, factorType domain.SecondFactorType) *InstanceSecondFactorWriteModel {
return &InstanceSecondFactorWriteModel{
SecondFactorWriteModel{
WriteModel: eventstore.WriteModel{
AggregateID: domain.IAMID,
ResourceOwner: domain.IAMID,
AggregateID: authz.GetInstance(ctx).InstanceID(),
ResourceOwner: authz.GetInstance(ctx).InstanceID(),
},
MFAType: factorType,
},
@@ -57,12 +60,12 @@ type InstanceMultiFactorWriteModel struct {
MultiFactorWriteModel
}
func NewInstanceMultiFactorWriteModel(factorType domain.MultiFactorType) *InstanceMultiFactorWriteModel {
func NewInstanceMultiFactorWriteModel(ctx context.Context, factorType domain.MultiFactorType) *InstanceMultiFactorWriteModel {
return &InstanceMultiFactorWriteModel{
MultiFactorWriteModel{
WriteModel: eventstore.WriteModel{
AggregateID: domain.IAMID,
ResourceOwner: domain.IAMID,
AggregateID: authz.GetInstance(ctx).InstanceID(),
ResourceOwner: authz.GetInstance(ctx).InstanceID(),
},
MFAType: factorType,
},

10
internal/command/instance_policy_login_identity_provider_model.go
View File

@@ -1,7 +1,9 @@
package command
import (
"github.com/caos/zitadel/internal/domain"
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/repository/instance"
)
@@ -10,12 +12,12 @@ type InstanceIdentityProviderWriteModel struct {
IdentityProviderWriteModel
}
func NewInstanceIdentityProviderWriteModel(idpConfigID string) *InstanceIdentityProviderWriteModel {
func NewInstanceIdentityProviderWriteModel(ctx context.Context, idpConfigID string) *InstanceIdentityProviderWriteModel {
return &InstanceIdentityProviderWriteModel{
IdentityProviderWriteModel: IdentityProviderWriteModel{
WriteModel: eventstore.WriteModel{
AggregateID: domain.IAMID,
ResourceOwner: domain.IAMID,
AggregateID: authz.GetInstance(ctx).InstanceID(),
ResourceOwner: authz.GetInstance(ctx).InstanceID(),
},
IDPConfigID: idpConfigID,
},

7
internal/command/instance_policy_login_model.go
View File

@@ -4,6 +4,7 @@ import (
"context"
"time"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/domain"
@@ -15,12 +16,12 @@ type InstanceLoginPolicyWriteModel struct {
LoginPolicyWriteModel
}
func NewInstanceLoginPolicyWriteModel() *InstanceLoginPolicyWriteModel {
func NewInstanceLoginPolicyWriteModel(ctx context.Context) *InstanceLoginPolicyWriteModel {
return &InstanceLoginPolicyWriteModel{
LoginPolicyWriteModel{
WriteModel: eventstore.WriteModel{
AggregateID: domain.IAMID,
ResourceOwner: domain.IAMID,
AggregateID: authz.GetInstance(ctx).InstanceID(),
ResourceOwner: authz.GetInstance(ctx).InstanceID(),
},
},
}

138
internal/command/instance_policy_login_test.go
View File

@@ -5,6 +5,7 @@ import (
"testing"
"time"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/domain"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
@@ -43,7 +44,7 @@ func TestCommandSide_AddDefaultLoginPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLoginPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
true,
true,
false,
@@ -80,9 +81,10 @@ func TestCommandSide_AddDefaultLoginPolicy(t *testing.T) {
expectFilter(),
expectPush(
[]*repository.Event{
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewLoginPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
true,
true,
true,
@@ -101,7 +103,7 @@ func TestCommandSide_AddDefaultLoginPolicy(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
policy: &domain.LoginPolicy{
AllowRegister: true,
AllowUsernamePassword: true,
@@ -119,8 +121,9 @@ func TestCommandSide_AddDefaultLoginPolicy(t *testing.T) {
res: res{
want: &domain.LoginPolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: "IAM",
ResourceOwner: "IAM",
InstanceID: "INSTANCE",
AggregateID: "INSTANCE",
ResourceOwner: "INSTANCE",
},
AllowRegister: true,
AllowUsernamePassword: true,
@@ -201,7 +204,7 @@ func TestCommandSide_ChangeDefaultLoginPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLoginPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
true,
true,
true,
@@ -244,9 +247,10 @@ func TestCommandSide_ChangeDefaultLoginPolicy(t *testing.T) {
eventstore: eventstoreExpect(
t,
expectFilter(
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewLoginPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
true,
true,
true,
@@ -263,7 +267,8 @@ func TestCommandSide_ChangeDefaultLoginPolicy(t *testing.T) {
),
expectPush(
[]*repository.Event{
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
newDefaultLoginPolicyChangedEvent(context.Background(),
false,
false,
@@ -282,7 +287,7 @@ func TestCommandSide_ChangeDefaultLoginPolicy(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
policy: &domain.LoginPolicy{
AllowRegister: false,
AllowUsernamePassword: false,
@@ -300,8 +305,9 @@ func TestCommandSide_ChangeDefaultLoginPolicy(t *testing.T) {
res: res{
want: &domain.LoginPolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: "IAM",
ResourceOwner: "IAM",
InstanceID: "INSTANCE",
AggregateID: "INSTANCE",
ResourceOwner: "INSTANCE",
},
AllowRegister: false,
AllowUsernamePassword: false,
@@ -396,7 +402,7 @@ func TestCommandSide_AddIDPProviderDefaultLoginPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLoginPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
true,
true,
true,
@@ -432,7 +438,7 @@ func TestCommandSide_AddIDPProviderDefaultLoginPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLoginPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
true,
true,
true,
@@ -450,7 +456,7 @@ func TestCommandSide_AddIDPProviderDefaultLoginPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewIDPConfigAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"config1",
"name",
domain.IDPConfigTypeOIDC,
@@ -462,7 +468,7 @@ func TestCommandSide_AddIDPProviderDefaultLoginPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewIdentityProviderAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"config1",
),
),
@@ -485,9 +491,10 @@ func TestCommandSide_AddIDPProviderDefaultLoginPolicy(t *testing.T) {
eventstore: eventstoreExpect(
t,
expectFilter(
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewLoginPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
true,
true,
true,
@@ -503,9 +510,10 @@ func TestCommandSide_AddIDPProviderDefaultLoginPolicy(t *testing.T) {
),
),
expectFilter(
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewIDPConfigAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"config1",
"name",
domain.IDPConfigTypeOIDC,
@@ -517,9 +525,10 @@ func TestCommandSide_AddIDPProviderDefaultLoginPolicy(t *testing.T) {
expectFilter(),
expectPush(
[]*repository.Event{
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewIdentityProviderAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"config1"),
),
},
@@ -527,7 +536,7 @@ func TestCommandSide_AddIDPProviderDefaultLoginPolicy(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
provider: &domain.IDPProvider{
IDPConfigID: "config1",
},
@@ -535,8 +544,9 @@ func TestCommandSide_AddIDPProviderDefaultLoginPolicy(t *testing.T) {
res: res{
want: &domain.IDPProvider{
ObjectRoot: models.ObjectRoot{
AggregateID: "IAM",
ResourceOwner: "IAM",
InstanceID: "INSTANCE",
AggregateID: "INSTANCE",
ResourceOwner: "INSTANCE",
},
IDPConfigID: "config1",
},
@@ -622,7 +632,7 @@ func TestCommandSide_RemoveIDPProviderDefaultLoginPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLoginPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
true,
true,
true,
@@ -658,7 +668,7 @@ func TestCommandSide_RemoveIDPProviderDefaultLoginPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLoginPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
true,
true,
true,
@@ -676,13 +686,13 @@ func TestCommandSide_RemoveIDPProviderDefaultLoginPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewIdentityProviderAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"config1",
),
),
eventFromEventPusher(
instance.NewIdentityProviderRemovedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"config1",
),
),
@@ -707,7 +717,7 @@ func TestCommandSide_RemoveIDPProviderDefaultLoginPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLoginPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
true,
true,
true,
@@ -725,7 +735,7 @@ func TestCommandSide_RemoveIDPProviderDefaultLoginPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewIdentityProviderAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"config1",
),
),
@@ -734,7 +744,7 @@ func TestCommandSide_RemoveIDPProviderDefaultLoginPolicy(t *testing.T) {
[]*repository.Event{
eventFromEventPusher(
instance.NewIdentityProviderRemovedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"config1"),
),
},
@@ -749,7 +759,7 @@ func TestCommandSide_RemoveIDPProviderDefaultLoginPolicy(t *testing.T) {
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "IAM",
ResourceOwner: "INSTANCE",
},
},
},
@@ -761,7 +771,7 @@ func TestCommandSide_RemoveIDPProviderDefaultLoginPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLoginPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
true,
true,
true,
@@ -779,7 +789,7 @@ func TestCommandSide_RemoveIDPProviderDefaultLoginPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewIdentityProviderAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"config1",
),
),
@@ -788,7 +798,7 @@ func TestCommandSide_RemoveIDPProviderDefaultLoginPolicy(t *testing.T) {
[]*repository.Event{
eventFromEventPusher(
instance.NewIdentityProviderRemovedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"config1"),
),
},
@@ -811,7 +821,7 @@ func TestCommandSide_RemoveIDPProviderDefaultLoginPolicy(t *testing.T) {
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "IAM",
ResourceOwner: "INSTANCE",
},
},
},
@@ -823,7 +833,7 @@ func TestCommandSide_RemoveIDPProviderDefaultLoginPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLoginPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
true,
true,
true,
@@ -841,7 +851,7 @@ func TestCommandSide_RemoveIDPProviderDefaultLoginPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewIdentityProviderAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"config1",
),
),
@@ -857,7 +867,7 @@ func TestCommandSide_RemoveIDPProviderDefaultLoginPolicy(t *testing.T) {
[]*repository.Event{
eventFromEventPusher(
instance.NewIdentityProviderRemovedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"config1"),
),
eventFromEventPusher(
@@ -886,7 +896,7 @@ func TestCommandSide_RemoveIDPProviderDefaultLoginPolicy(t *testing.T) {
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "IAM",
ResourceOwner: "INSTANCE",
},
},
},
@@ -951,7 +961,7 @@ func TestCommandSide_AddSecondFactorDefaultLoginPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLoginPolicySecondFactorAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
domain.SecondFactorTypeOTP,
),
),
@@ -974,9 +984,10 @@ func TestCommandSide_AddSecondFactorDefaultLoginPolicy(t *testing.T) {
expectFilter(),
expectPush(
[]*repository.Event{
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewLoginPolicySecondFactorAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
domain.SecondFactorTypeOTP),
),
},
@@ -984,12 +995,12 @@ func TestCommandSide_AddSecondFactorDefaultLoginPolicy(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
factor: domain.SecondFactorTypeOTP,
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "IAM",
ResourceOwner: "INSTANCE",
},
},
},
@@ -1070,13 +1081,13 @@ func TestCommandSide_RemoveSecondFactorDefaultLoginPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLoginPolicySecondFactorAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
domain.SecondFactorTypeOTP,
),
),
eventFromEventPusher(
instance.NewLoginPolicySecondFactorRemovedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
domain.SecondFactorTypeOTP,
),
),
@@ -1099,7 +1110,7 @@ func TestCommandSide_RemoveSecondFactorDefaultLoginPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLoginPolicySecondFactorAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
domain.SecondFactorTypeOTP,
),
),
@@ -1108,7 +1119,7 @@ func TestCommandSide_RemoveSecondFactorDefaultLoginPolicy(t *testing.T) {
[]*repository.Event{
eventFromEventPusher(
instance.NewLoginPolicySecondFactorRemovedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
domain.SecondFactorTypeOTP),
),
},
@@ -1121,7 +1132,7 @@ func TestCommandSide_RemoveSecondFactorDefaultLoginPolicy(t *testing.T) {
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "IAM",
ResourceOwner: "INSTANCE",
},
},
},
@@ -1186,7 +1197,7 @@ func TestCommandSide_AddMultiFactorDefaultLoginPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLoginPolicyMultiFactorAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
domain.MultiFactorTypeU2FWithPIN,
),
),
@@ -1209,9 +1220,10 @@ func TestCommandSide_AddMultiFactorDefaultLoginPolicy(t *testing.T) {
expectFilter(),
expectPush(
[]*repository.Event{
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewLoginPolicyMultiFactorAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
domain.MultiFactorTypeU2FWithPIN),
),
},
@@ -1219,12 +1231,12 @@ func TestCommandSide_AddMultiFactorDefaultLoginPolicy(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
factor: domain.MultiFactorTypeU2FWithPIN,
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "IAM",
ResourceOwner: "INSTANCE",
},
},
},
@@ -1305,13 +1317,13 @@ func TestCommandSide_RemoveMultiFactorDefaultLoginPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLoginPolicyMultiFactorAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
domain.MultiFactorTypeU2FWithPIN,
),
),
eventFromEventPusher(
instance.NewLoginPolicyMultiFactorRemovedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
domain.MultiFactorTypeU2FWithPIN,
),
),
@@ -1334,7 +1346,7 @@ func TestCommandSide_RemoveMultiFactorDefaultLoginPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLoginPolicyMultiFactorAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
domain.MultiFactorTypeU2FWithPIN,
),
),
@@ -1343,7 +1355,7 @@ func TestCommandSide_RemoveMultiFactorDefaultLoginPolicy(t *testing.T) {
[]*repository.Event{
eventFromEventPusher(
instance.NewLoginPolicyMultiFactorRemovedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
domain.MultiFactorTypeU2FWithPIN),
),
},
@@ -1356,7 +1368,7 @@ func TestCommandSide_RemoveMultiFactorDefaultLoginPolicy(t *testing.T) {
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "IAM",
ResourceOwner: "INSTANCE",
},
},
},
@@ -1384,7 +1396,7 @@ func newDefaultLoginPolicyChangedEvent(ctx context.Context, allowRegister, allow
passwordlessType domain.PasswordlessType,
passwordLifetime, externalLoginLifetime, mfaInitSkipLifetime, secondFactorLifetime, multiFactorLifetime time.Duration) *instance.LoginPolicyChangedEvent {
event, _ := instance.NewLoginPolicyChangedEvent(ctx,
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
[]policy.LoginPolicyChanges{
policy.ChangeAllowRegister(allowRegister),
policy.ChangeAllowExternalIDP(allowExternalIDP),

4
internal/command/instance_policy_mail_template.go
View File

@@ -11,7 +11,7 @@ import (
)
func (c *Commands) AddDefaultMailTemplate(ctx context.Context, policy *domain.MailTemplate) (*domain.MailTemplate, error) {
addedPolicy := NewInstanceMailTemplateWriteModel()
addedPolicy := NewInstanceMailTemplateWriteModel(ctx)
instanceAgg := InstanceAggregateFromWriteModel(&addedPolicy.MailTemplateWriteModel.WriteModel)
event, err := c.addDefaultMailTemplate(ctx, instanceAgg, addedPolicy, policy)
if err != nil {
@@ -86,7 +86,7 @@ func (c *Commands) defaultMailTemplateWriteModelByID(ctx context.Context) (polic
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
writeModel := NewInstanceMailTemplateWriteModel()
writeModel := NewInstanceMailTemplateWriteModel(ctx)
err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil {
return nil, err

8
internal/command/instance_policy_mail_template_model.go
View File

@@ -4,9 +4,9 @@ import (
"context"
"reflect"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/repository/instance"
"github.com/caos/zitadel/internal/repository/policy"
)
@@ -15,12 +15,12 @@ type InstanceMailTemplateWriteModel struct {
MailTemplateWriteModel
}
func NewInstanceMailTemplateWriteModel() *InstanceMailTemplateWriteModel {
func NewInstanceMailTemplateWriteModel(ctx context.Context) *InstanceMailTemplateWriteModel {
return &InstanceMailTemplateWriteModel{
MailTemplateWriteModel{
WriteModel: eventstore.WriteModel{
AggregateID: domain.IAMID,
ResourceOwner: domain.IAMID,
AggregateID: authz.GetInstance(ctx).InstanceID(),
ResourceOwner: authz.GetInstance(ctx).InstanceID(),
},
},
}

28
internal/command/instance_policy_mail_template_test.go
View File

@@ -2,6 +2,9 @@ package command
import (
"context"
"testing"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/domain"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
@@ -10,7 +13,6 @@ import (
"github.com/caos/zitadel/internal/repository/instance"
"github.com/caos/zitadel/internal/repository/policy"
"github.com/stretchr/testify/assert"
"testing"
)
func TestCommandSide_AddDefaultMailTemplatePolicy(t *testing.T) {
@@ -54,7 +56,7 @@ func TestCommandSide_AddDefaultMailTemplatePolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewMailTemplateAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
[]byte("template"),
),
),
@@ -79,9 +81,10 @@ func TestCommandSide_AddDefaultMailTemplatePolicy(t *testing.T) {
expectFilter(),
expectPush(
[]*repository.Event{
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewMailTemplateAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
[]byte("template"),
),
),
@@ -90,7 +93,7 @@ func TestCommandSide_AddDefaultMailTemplatePolicy(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
policy: &domain.MailTemplate{
Template: []byte("template"),
},
@@ -98,8 +101,9 @@ func TestCommandSide_AddDefaultMailTemplatePolicy(t *testing.T) {
res: res{
want: &domain.MailTemplate{
ObjectRoot: models.ObjectRoot{
AggregateID: "IAM",
ResourceOwner: "IAM",
InstanceID: "INSTANCE",
AggregateID: "INSTANCE",
ResourceOwner: "INSTANCE",
},
Template: []byte("template"),
},
@@ -184,7 +188,7 @@ func TestCommandSide_ChangeDefaultMailTemplatePolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewMailTemplateAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
[]byte("template"),
),
),
@@ -209,7 +213,7 @@ func TestCommandSide_ChangeDefaultMailTemplatePolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewMailTemplateAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
[]byte("template"),
),
),
@@ -232,8 +236,8 @@ func TestCommandSide_ChangeDefaultMailTemplatePolicy(t *testing.T) {
res: res{
want: &domain.MailTemplate{
ObjectRoot: models.ObjectRoot{
AggregateID: "IAM",
ResourceOwner: "IAM",
AggregateID: "INSTANCE",
ResourceOwner: "INSTANCE",
},
Template: []byte("template-change"),
},
@@ -261,7 +265,7 @@ func TestCommandSide_ChangeDefaultMailTemplatePolicy(t *testing.T) {
func newDefaultMailTemplatePolicyChangedEvent(ctx context.Context, template []byte) *instance.MailTemplateChangedEvent {
event, _ := instance.NewMailTemplateChangedEvent(ctx,
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
[]policy.MailTemplateChanges{
policy.ChangeTemplate(template),
},

4
internal/command/instance_policy_password_age.go
View File

@@ -11,7 +11,7 @@ import (
)
func (c *Commands) AddDefaultPasswordAgePolicy(ctx context.Context, policy *domain.PasswordAgePolicy) (*domain.PasswordAgePolicy, error) {
addedPolicy := NewInstancePasswordAgePolicyWriteModel()
addedPolicy := NewInstancePasswordAgePolicyWriteModel(ctx)
instanceAgg := InstanceAggregateFromWriteModel(&addedPolicy.WriteModel)
event, err := c.addDefaultPasswordAgePolicy(ctx, instanceAgg, addedPolicy, policy)
if err != nil {
@@ -73,7 +73,7 @@ func (c *Commands) defaultPasswordAgePolicyWriteModelByID(ctx context.Context) (
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
writeModel := NewInstancePasswordAgePolicyWriteModel()
writeModel := NewInstancePasswordAgePolicyWriteModel(ctx)
err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil {
return nil, err

28
internal/command/instance_policy_password_age_test.go
View File

@@ -2,6 +2,9 @@ package command
import (
"context"
"testing"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/domain"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
@@ -10,7 +13,6 @@ import (
"github.com/caos/zitadel/internal/repository/instance"
"github.com/caos/zitadel/internal/repository/policy"
"github.com/stretchr/testify/assert"
"testing"
)
func TestCommandSide_AddDefaultPasswordAgePolicy(t *testing.T) {
@@ -39,7 +41,7 @@ func TestCommandSide_AddDefaultPasswordAgePolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewPasswordAgePolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
365,
10,
),
@@ -66,9 +68,10 @@ func TestCommandSide_AddDefaultPasswordAgePolicy(t *testing.T) {
expectFilter(),
expectPush(
[]*repository.Event{
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewPasswordAgePolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
365,
10,
),
@@ -78,7 +81,7 @@ func TestCommandSide_AddDefaultPasswordAgePolicy(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
policy: &domain.PasswordAgePolicy{
ExpireWarnDays: 365,
MaxAgeDays: 10,
@@ -87,8 +90,9 @@ func TestCommandSide_AddDefaultPasswordAgePolicy(t *testing.T) {
res: res{
want: &domain.PasswordAgePolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: "IAM",
ResourceOwner: "IAM",
InstanceID: "INSTANCE",
AggregateID: "INSTANCE",
ResourceOwner: "INSTANCE",
},
ExpireWarnDays: 365,
MaxAgeDays: 10,
@@ -160,7 +164,7 @@ func TestCommandSide_ChangeDefaultPasswordAgePolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewPasswordAgePolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
365,
10,
),
@@ -187,7 +191,7 @@ func TestCommandSide_ChangeDefaultPasswordAgePolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewPasswordAgePolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
365,
10,
),
@@ -212,8 +216,8 @@ func TestCommandSide_ChangeDefaultPasswordAgePolicy(t *testing.T) {
res: res{
want: &domain.PasswordAgePolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: "IAM",
ResourceOwner: "IAM",
AggregateID: "INSTANCE",
ResourceOwner: "INSTANCE",
},
MaxAgeDays: 125,
ExpireWarnDays: 5,
@@ -242,7 +246,7 @@ func TestCommandSide_ChangeDefaultPasswordAgePolicy(t *testing.T) {
func newDefaultPasswordAgePolicyChangedEvent(ctx context.Context, maxAgeDays, expiryWarnDays uint64) *instance.PasswordAgePolicyChangedEvent {
event, _ := instance.NewPasswordAgePolicyChangedEvent(ctx,
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
[]policy.PasswordAgePolicyChanges{
policy.ChangeExpireWarnDays(expiryWarnDays),
policy.ChangeMaxAgeDays(maxAgeDays),

6
internal/command/instance_policy_password_complexity.go
View File

@@ -11,7 +11,7 @@ import (
)
func (c *Commands) getDefaultPasswordComplexityPolicy(ctx context.Context) (*domain.PasswordComplexityPolicy, error) {
policyWriteModel := NewInstancePasswordComplexityPolicyWriteModel()
policyWriteModel := NewInstancePasswordComplexityPolicyWriteModel(ctx)
err := c.eventstore.FilterToQueryReducer(ctx, policyWriteModel)
if err != nil {
return nil, err
@@ -25,7 +25,7 @@ func (c *Commands) getDefaultPasswordComplexityPolicy(ctx context.Context) (*dom
}
func (c *Commands) AddDefaultPasswordComplexityPolicy(ctx context.Context, policy *domain.PasswordComplexityPolicy) (*domain.PasswordComplexityPolicy, error) {
addedPolicy := NewInstancePasswordComplexityPolicyWriteModel()
addedPolicy := NewInstancePasswordComplexityPolicyWriteModel(ctx)
instanceAgg := InstanceAggregateFromWriteModel(&addedPolicy.WriteModel)
events, err := c.addDefaultPasswordComplexityPolicy(ctx, instanceAgg, addedPolicy, policy)
if err != nil {
@@ -92,7 +92,7 @@ func (c *Commands) defaultPasswordComplexityPolicyWriteModelByID(ctx context.Con
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
writeModel := NewInstancePasswordComplexityPolicyWriteModel()
writeModel := NewInstancePasswordComplexityPolicyWriteModel(ctx)
err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil {
return nil, err

8
internal/command/instance_policy_password_complexity_model.go
View File

@@ -3,9 +3,9 @@ package command
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/repository/instance"
"github.com/caos/zitadel/internal/repository/policy"
)
@@ -14,12 +14,12 @@ type InstancePasswordComplexityPolicyWriteModel struct {
PasswordComplexityPolicyWriteModel
}
func NewInstancePasswordComplexityPolicyWriteModel() *InstancePasswordComplexityPolicyWriteModel {
func NewInstancePasswordComplexityPolicyWriteModel(ctx context.Context) *InstancePasswordComplexityPolicyWriteModel {
return &InstancePasswordComplexityPolicyWriteModel{
PasswordComplexityPolicyWriteModel{
WriteModel: eventstore.WriteModel{
AggregateID: domain.IAMID,
ResourceOwner: domain.IAMID,
AggregateID: authz.GetInstance(ctx).InstanceID(),
ResourceOwner: authz.GetInstance(ctx).InstanceID(),
},
},
}

30
internal/command/instance_policy_password_complexity_test.go
View File

@@ -2,6 +2,9 @@ package command
import (
"context"
"testing"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/domain"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
@@ -10,7 +13,6 @@ import (
"github.com/caos/zitadel/internal/repository/instance"
"github.com/caos/zitadel/internal/repository/policy"
"github.com/stretchr/testify/assert"
"testing"
)
func TestCommandSide_AddDefaultPasswordComplexityPolicy(t *testing.T) {
@@ -60,7 +62,7 @@ func TestCommandSide_AddDefaultPasswordComplexityPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewPasswordComplexityPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
8,
true, true, true, true,
),
@@ -69,7 +71,7 @@ func TestCommandSide_AddDefaultPasswordComplexityPolicy(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
policy: &domain.PasswordComplexityPolicy{
MinLength: 8,
HasUppercase: true,
@@ -90,9 +92,10 @@ func TestCommandSide_AddDefaultPasswordComplexityPolicy(t *testing.T) {
expectFilter(),
expectPush(
[]*repository.Event{
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewPasswordComplexityPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
8,
true, true, true, true,
),
@@ -102,7 +105,7 @@ func TestCommandSide_AddDefaultPasswordComplexityPolicy(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
policy: &domain.PasswordComplexityPolicy{
MinLength: 8,
HasUppercase: true,
@@ -114,8 +117,9 @@ func TestCommandSide_AddDefaultPasswordComplexityPolicy(t *testing.T) {
res: res{
want: &domain.PasswordComplexityPolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: "IAM",
ResourceOwner: "IAM",
InstanceID: "INSTANCE",
AggregateID: "INSTANCE",
ResourceOwner: "INSTANCE",
},
MinLength: 8,
HasUppercase: true,
@@ -214,7 +218,7 @@ func TestCommandSide_ChangeDefaultPasswordComplexityPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewPasswordComplexityPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
8,
true, true, true, true,
),
@@ -244,7 +248,7 @@ func TestCommandSide_ChangeDefaultPasswordComplexityPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewPasswordComplexityPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
8,
true, true, true, true,
),
@@ -272,8 +276,8 @@ func TestCommandSide_ChangeDefaultPasswordComplexityPolicy(t *testing.T) {
res: res{
want: &domain.PasswordComplexityPolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: "IAM",
ResourceOwner: "IAM",
AggregateID: "INSTANCE",
ResourceOwner: "INSTANCE",
},
MinLength: 10,
HasUppercase: false,
@@ -305,7 +309,7 @@ func TestCommandSide_ChangeDefaultPasswordComplexityPolicy(t *testing.T) {
func newDefaultPasswordComplexityPolicyChangedEvent(ctx context.Context, minLength uint64, hasUpper, hasLower, hasNumber, hasSymbol bool) *instance.PasswordComplexityPolicyChangedEvent {
event, _ := instance.NewPasswordComplexityPolicyChangedEvent(ctx,
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
[]policy.PasswordComplexityPolicyChanges{
policy.ChangeMinLength(minLength),
policy.ChangeHasUppercase(hasUpper),

4
internal/command/instance_policy_password_lockout.go
View File

@@ -11,7 +11,7 @@ import (
)
func (c *Commands) AddDefaultLockoutPolicy(ctx context.Context, policy *domain.LockoutPolicy) (*domain.LockoutPolicy, error) {
addedPolicy := NewInstanceLockoutPolicyWriteModel()
addedPolicy := NewInstanceLockoutPolicyWriteModel(ctx)
instanceAgg := InstanceAggregateFromWriteModel(&addedPolicy.WriteModel)
event, err := c.addDefaultLockoutPolicy(ctx, instanceAgg, addedPolicy, policy)
if err != nil {
@@ -71,7 +71,7 @@ func (c *Commands) defaultLockoutPolicyWriteModelByID(ctx context.Context) (poli
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
writeModel := NewInstanceLockoutPolicyWriteModel()
writeModel := NewInstanceLockoutPolicyWriteModel(ctx)
err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil {
return nil, err

8
internal/command/instance_policy_password_lockout_model.go
View File

@@ -3,9 +3,9 @@ package command
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/repository/instance"
"github.com/caos/zitadel/internal/repository/policy"
)
@@ -14,12 +14,12 @@ type InstanceLockoutPolicyWriteModel struct {
LockoutPolicyWriteModel
}
func NewInstanceLockoutPolicyWriteModel() *InstanceLockoutPolicyWriteModel {
func NewInstanceLockoutPolicyWriteModel(ctx context.Context) *InstanceLockoutPolicyWriteModel {
return &InstanceLockoutPolicyWriteModel{
LockoutPolicyWriteModel{
WriteModel: eventstore.WriteModel{
AggregateID: domain.IAMID,
ResourceOwner: domain.IAMID,
AggregateID: authz.GetInstance(ctx).InstanceID(),
ResourceOwner: authz.GetInstance(ctx).InstanceID(),
},
},
}

25
internal/command/instance_policy_password_lockout_test.go
View File

@@ -4,6 +4,7 @@ import (
"context"
"testing"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/domain"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
@@ -40,7 +41,7 @@ func TestCommandSide_AddDefaultLockoutPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLockoutPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
10,
true,
),
@@ -67,9 +68,10 @@ func TestCommandSide_AddDefaultLockoutPolicy(t *testing.T) {
expectFilter(),
expectPush(
[]*repository.Event{
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewLockoutPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
10,
true,
),
@@ -79,7 +81,7 @@ func TestCommandSide_AddDefaultLockoutPolicy(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
policy: &domain.LockoutPolicy{
MaxPasswordAttempts: 10,
ShowLockOutFailures: true,
@@ -88,8 +90,9 @@ func TestCommandSide_AddDefaultLockoutPolicy(t *testing.T) {
res: res{
want: &domain.LockoutPolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: "IAM",
ResourceOwner: "IAM",
InstanceID: "INSTANCE",
AggregateID: "INSTANCE",
ResourceOwner: "INSTANCE",
},
MaxPasswordAttempts: 10,
ShowLockOutFailures: true,
@@ -161,7 +164,7 @@ func TestCommandSide_ChangeDefaultLockoutPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLockoutPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
10,
true,
),
@@ -188,7 +191,7 @@ func TestCommandSide_ChangeDefaultLockoutPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewLockoutPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
10,
true,
),
@@ -213,8 +216,8 @@ func TestCommandSide_ChangeDefaultLockoutPolicy(t *testing.T) {
res: res{
want: &domain.LockoutPolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: "IAM",
ResourceOwner: "IAM",
AggregateID: "INSTANCE",
ResourceOwner: "INSTANCE",
},
MaxPasswordAttempts: 20,
ShowLockOutFailures: false,
@@ -243,7 +246,7 @@ func TestCommandSide_ChangeDefaultLockoutPolicy(t *testing.T) {
func newDefaultLockoutPolicyChangedEvent(ctx context.Context, maxAttempts uint64, showLockoutFailure bool) *instance.LockoutPolicyChangedEvent {
event, _ := instance.NewLockoutPolicyChangedEvent(ctx,
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
[]policy.LockoutPolicyChanges{
policy.ChangeMaxAttempts(maxAttempts),
policy.ChangeShowLockOutFailures(showLockoutFailure),

6
internal/command/instance_policy_privacy.go
View File

@@ -11,7 +11,7 @@ import (
)
func (c *Commands) getDefaultPrivacyPolicy(ctx context.Context) (*domain.PrivacyPolicy, error) {
policyWriteModel := NewInstancePrivacyPolicyWriteModel()
policyWriteModel := NewInstancePrivacyPolicyWriteModel(ctx)
err := c.eventstore.FilterToQueryReducer(ctx, policyWriteModel)
if err != nil {
return nil, err
@@ -25,7 +25,7 @@ func (c *Commands) getDefaultPrivacyPolicy(ctx context.Context) (*domain.Privacy
}
func (c *Commands) AddDefaultPrivacyPolicy(ctx context.Context, policy *domain.PrivacyPolicy) (*domain.PrivacyPolicy, error) {
addedPolicy := NewInstancePrivacyPolicyWriteModel()
addedPolicy := NewInstancePrivacyPolicyWriteModel(ctx)
instanceAgg := InstanceAggregateFromWriteModel(&addedPolicy.WriteModel)
events, err := c.addDefaultPrivacyPolicy(ctx, instanceAgg, addedPolicy, policy)
if err != nil {
@@ -84,7 +84,7 @@ func (c *Commands) defaultPrivacyPolicyWriteModelByID(ctx context.Context) (poli
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
writeModel := NewInstancePrivacyPolicyWriteModel()
writeModel := NewInstancePrivacyPolicyWriteModel(ctx)
err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
if err != nil {
return nil, err

8
internal/command/instance_policy_privacy_model.go
View File

@@ -3,7 +3,7 @@ package command
import (
"context"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/repository/instance"
"github.com/caos/zitadel/internal/repository/policy"
@@ -13,12 +13,12 @@ type InstancePrivacyPolicyWriteModel struct {
PrivacyPolicyWriteModel
}
func NewInstancePrivacyPolicyWriteModel() *InstancePrivacyPolicyWriteModel {
func NewInstancePrivacyPolicyWriteModel(ctx context.Context) *InstancePrivacyPolicyWriteModel {
return &InstancePrivacyPolicyWriteModel{
PrivacyPolicyWriteModel{
WriteModel: eventstore.WriteModel{
AggregateID: domain.IAMID,
ResourceOwner: domain.IAMID,
AggregateID: authz.GetInstance(ctx).InstanceID(),
ResourceOwner: authz.GetInstance(ctx).InstanceID(),
},
},
}

37
internal/command/instance_policy_privacy_test.go
View File

@@ -4,6 +4,7 @@ import (
"context"
"testing"
"github.com/caos/zitadel/internal/api/authz"
"github.com/stretchr/testify/assert"
"github.com/caos/zitadel/internal/domain"
@@ -41,7 +42,7 @@ func TestCommandSide_AddDefaultPrivacyPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewPrivacyPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"TOSLink",
"PrivacyLink",
"HelpLink",
@@ -70,9 +71,10 @@ func TestCommandSide_AddDefaultPrivacyPolicy(t *testing.T) {
expectFilter(),
expectPush(
[]*repository.Event{
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewPrivacyPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"TOSLink",
"PrivacyLink",
"HelpLink",
@@ -83,7 +85,7 @@ func TestCommandSide_AddDefaultPrivacyPolicy(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
policy: &domain.PrivacyPolicy{
TOSLink: "TOSLink",
PrivacyLink: "PrivacyLink",
@@ -93,8 +95,9 @@ func TestCommandSide_AddDefaultPrivacyPolicy(t *testing.T) {
res: res{
want: &domain.PrivacyPolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: "IAM",
ResourceOwner: "IAM",
InstanceID: "INSTANCE",
AggregateID: "INSTANCE",
ResourceOwner: "INSTANCE",
},
TOSLink: "TOSLink",
PrivacyLink: "PrivacyLink",
@@ -110,9 +113,10 @@ func TestCommandSide_AddDefaultPrivacyPolicy(t *testing.T) {
expectFilter(),
expectPush(
[]*repository.Event{
eventFromEventPusher(
eventFromEventPusherWithInstanceID(
"INSTANCE",
instance.NewPrivacyPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"",
"",
"",
@@ -123,7 +127,7 @@ func TestCommandSide_AddDefaultPrivacyPolicy(t *testing.T) {
),
},
args: args{
ctx: context.Background(),
ctx: authz.WithInstanceID(context.Background(), "INSTANCE"),
policy: &domain.PrivacyPolicy{
TOSLink: "",
PrivacyLink: "",
@@ -133,8 +137,9 @@ func TestCommandSide_AddDefaultPrivacyPolicy(t *testing.T) {
res: res{
want: &domain.PrivacyPolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: "IAM",
ResourceOwner: "IAM",
InstanceID: "INSTANCE",
AggregateID: "INSTANCE",
ResourceOwner: "INSTANCE",
},
TOSLink: "",
PrivacyLink: "",
@@ -208,7 +213,7 @@ func TestCommandSide_ChangeDefaultPrivacyPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewPrivacyPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"TOSLink",
"PrivacyLink",
"HelpLink",
@@ -237,7 +242,7 @@ func TestCommandSide_ChangeDefaultPrivacyPolicy(t *testing.T) {
expectFilter(
eventFromEventPusher(
instance.NewPrivacyPolicyAddedEvent(context.Background(),
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
"TOSLink",
"PrivacyLink",
"HelpLink",
@@ -268,8 +273,8 @@ func TestCommandSide_ChangeDefaultPrivacyPolicy(t *testing.T) {
res: res{
want: &domain.PrivacyPolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: "IAM",
ResourceOwner: "IAM",
AggregateID: "INSTANCE",
ResourceOwner: "INSTANCE",
},
TOSLink: "TOSLinkChanged",
PrivacyLink: "PrivacyLinkChanged",
@@ -299,7 +304,7 @@ func TestCommandSide_ChangeDefaultPrivacyPolicy(t *testing.T) {
func newDefaultPrivacyPolicyChangedEvent(ctx context.Context, tosLink, privacyLink, helpLink string) *instance.PrivacyPolicyChangedEvent {
event, _ := instance.NewPrivacyPolicyChangedEvent(ctx,
&instance.NewAggregate().Aggregate,
&instance.NewAggregate("INSTANCE").Aggregate,
[]policy.PrivacyPolicyChanges{
policy.ChangeTOSLink(tosLink),
policy.ChangePrivacyLink(privacyLink),

Some files were not shown because too many files have changed in this diff Show More