mirror of
https://github.com/zitadel/zitadel.git
synced 2025-10-27 10:49:15 +00:00
fix: v2 human command (#3435)
* add/register human command done * validations * crypto * move clientid * keys * fix: clientID * remove v2 package * tests * tests running * revert old code * instance domain from ctx * chore: rename zitadel app ids * comments * fix: test
This commit is contained in:
Silvan
@@ -3,7 +3,6 @@ package setup
|
||||
import (
|
||||
"context"
|
||||
"database/sql"
|
||||
_ "embed"
|
||||
)
|
||||
|
||||
const (
|
||||
|
||||
@@ -2,21 +2,62 @@ package setup
|
||||
|
||||
import (
|
||||
"context"
|
||||
"database/sql"
|
||||
"fmt"
|
||||
|
||||
"github.com/caos/zitadel/internal/command/v2"
|
||||
"github.com/caos/zitadel/internal/api/authz"
|
||||
"github.com/caos/zitadel/internal/command"
|
||||
"github.com/caos/zitadel/internal/config/systemdefaults"
|
||||
"github.com/caos/zitadel/internal/crypto"
|
||||
crypto_db "github.com/caos/zitadel/internal/crypto/database"
|
||||
"github.com/caos/zitadel/internal/eventstore"
|
||||
)
|
||||
|
||||
type DefaultInstance struct {
|
||||
cmd *command.Command
|
||||
InstanceSetup command.InstanceSetup
|
||||
|
||||
userEncryptionKey *crypto.KeyConfig
|
||||
masterKey string
|
||||
db *sql.DB
|
||||
es *eventstore.Eventstore
|
||||
domain string
|
||||
defaults systemdefaults.SystemDefaults
|
||||
zitadelRoles []authz.RoleMapping
|
||||
}
|
||||
|
||||
func (mig *DefaultInstance) Execute(ctx context.Context) error {
|
||||
_, err := mig.cmd.SetUpInstance(ctx, &mig.InstanceSetup)
|
||||
keyStorage, err := crypto_db.NewKeyStorage(mig.db, mig.masterKey)
|
||||
if err != nil {
|
||||
return fmt.Errorf("cannot start key storage: %w", err)
|
||||
}
|
||||
if err = verifyKey(mig.userEncryptionKey, keyStorage); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
userAlg, err := crypto.NewAESCrypto(mig.userEncryptionKey, keyStorage)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
cmd := command.NewCommandV2(mig.es, mig.defaults, userAlg, mig.zitadelRoles)
|
||||
|
||||
ctx = authz.WithRequestedDomain(ctx, mig.domain)
|
||||
_, err = cmd.SetUpInstance(ctx, &mig.InstanceSetup)
|
||||
return err
|
||||
}
|
||||
|
||||
func (mig *DefaultInstance) String() string {
|
||||
return "03_default_instance"
|
||||
}
|
||||
|
||||
func verifyKey(key *crypto.KeyConfig, storage crypto.KeyStorage) (err error) {
|
||||
_, err = crypto.LoadKey(key.EncryptionKeyID, storage)
|
||||
if err == nil {
|
||||
return nil
|
||||
}
|
||||
k, err := crypto.NewKey(key.EncryptionKeyID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return storage.CreateKeys(k)
|
||||
}
|
||||
|
||||
@@ -10,6 +10,7 @@ import (
|
||||
"github.com/caos/zitadel/internal/api/authz"
|
||||
"github.com/caos/zitadel/internal/config/hook"
|
||||
"github.com/caos/zitadel/internal/config/systemdefaults"
|
||||
"github.com/caos/zitadel/internal/crypto"
|
||||
"github.com/caos/zitadel/internal/database"
|
||||
)
|
||||
|
||||
@@ -21,6 +22,7 @@ type Config struct {
|
||||
ExternalDomain string
|
||||
ExternalSecure bool
|
||||
Log *logging.Config
|
||||
EncryptionKeys *encryptionKeyConfig
|
||||
}
|
||||
|
||||
func MustNewConfig(v *viper.Viper) *Config {
|
||||
@@ -40,6 +42,10 @@ type Steps struct {
|
||||
S3DefaultInstance *DefaultInstance
|
||||
}
|
||||
|
||||
type encryptionKeyConfig struct {
|
||||
User *crypto.KeyConfig
|
||||
}
|
||||
|
||||
func MustNewSteps(v *viper.Viper) *Steps {
|
||||
v.SetConfigType("yaml")
|
||||
err := v.ReadConfig(bytes.NewBuffer(defaultSteps))
|
||||
|
||||
@@ -8,8 +8,8 @@ import (
|
||||
"github.com/spf13/cobra"
|
||||
"github.com/spf13/viper"
|
||||
|
||||
"github.com/caos/zitadel/cmd/admin/key"
|
||||
http_util "github.com/caos/zitadel/internal/api/http"
|
||||
"github.com/caos/zitadel/internal/command/v2"
|
||||
"github.com/caos/zitadel/internal/database"
|
||||
"github.com/caos/zitadel/internal/eventstore"
|
||||
"github.com/caos/zitadel/internal/migration"
|
||||
@@ -31,12 +31,15 @@ Requirements:
|
||||
config := MustNewConfig(viper.GetViper())
|
||||
steps := MustNewSteps(viper.New())
|
||||
|
||||
Setup(config, steps)
|
||||
masterKey, err := key.MasterKey(cmd)
|
||||
logging.OnError(err).Panic("No master key provided")
|
||||
|
||||
Setup(config, steps, masterKey)
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func Setup(config *Config, steps *Steps) {
|
||||
func Setup(config *Config, steps *Steps, masterKey string) {
|
||||
dbClient, err := database.Connect(config.Database)
|
||||
logging.OnError(err).Fatal("unable to connect to database")
|
||||
|
||||
@@ -44,11 +47,17 @@ func Setup(config *Config, steps *Steps) {
|
||||
logging.OnError(err).Fatal("unable to start eventstore")
|
||||
migration.RegisterMappers(eventstoreClient)
|
||||
|
||||
cmd := command.New(eventstoreClient, "localhost", config.SystemDefaults)
|
||||
|
||||
steps.s1ProjectionTable = &ProjectionTable{dbClient: dbClient}
|
||||
steps.s2AssetsTable = &AssetTable{dbClient: dbClient}
|
||||
steps.S3DefaultInstance.cmd = cmd
|
||||
steps.S3DefaultInstance.es = eventstoreClient
|
||||
steps.S3DefaultInstance.db = dbClient
|
||||
steps.S3DefaultInstance.defaults = config.SystemDefaults
|
||||
steps.S3DefaultInstance.masterKey = masterKey
|
||||
steps.S3DefaultInstance.domain = config.SystemDefaults.Domain
|
||||
steps.S3DefaultInstance.zitadelRoles = config.InternalAuthZ.RolePermissionMappings
|
||||
steps.S3DefaultInstance.userEncryptionKey = config.EncryptionKeys.User
|
||||
steps.S3DefaultInstance.InstanceSetup.Zitadel.IsDevMode = !config.ExternalSecure
|
||||
steps.S3DefaultInstance.InstanceSetup.Zitadel.BaseURL = http_util.BuildHTTP(config.ExternalDomain, config.ExternalPort, config.ExternalSecure)
|
||||
steps.S3DefaultInstance.InstanceSetup.Zitadel.IsDevMode = !config.ExternalSecure
|
||||
steps.S3DefaultInstance.InstanceSetup.Zitadel.BaseURL = http_util.BuildHTTP(config.ExternalDomain, config.ExternalPort, config.ExternalSecure)
|
||||
|
||||
|
||||
@@ -8,11 +8,64 @@ S3DefaultInstance:
|
||||
LastName: Admin
|
||||
NickName:
|
||||
DisplayName:
|
||||
Email: admin@zitadel.ch
|
||||
Email:
|
||||
Address: admin@zitadel.ch
|
||||
Verified: true
|
||||
PreferredLanguage:
|
||||
Gender:
|
||||
Phone:
|
||||
Number:
|
||||
Verified:
|
||||
Password: Password1!
|
||||
SecretGenerators:
|
||||
PasswordSaltCost: 14
|
||||
ClientSecret:
|
||||
Length: 64
|
||||
IncludeLowerLetters: true
|
||||
IncludeUpperLetters: true
|
||||
IncludeDigits: true
|
||||
IncludeSymbols: false
|
||||
InitializeUserCode:
|
||||
Length: 6
|
||||
Expiry: '72h'
|
||||
IncludeLowerLetters: false
|
||||
IncludeUpperLetters: true
|
||||
IncludeDigits: true
|
||||
IncludeSymbols: false
|
||||
EmailVerificationCode:
|
||||
Length: 6
|
||||
Expiry: '1h'
|
||||
IncludeLowerLetters: false
|
||||
IncludeUpperLetters: true
|
||||
IncludeDigits: true
|
||||
IncludeSymbols: false
|
||||
PhoneVerificationCode:
|
||||
Length: 6
|
||||
Expiry: '1h'
|
||||
IncludeLowerLetters: false
|
||||
IncludeUpperLetters: true
|
||||
IncludeDigits: true
|
||||
IncludeSymbols: false
|
||||
PasswordVerificationCode:
|
||||
Length: 6
|
||||
Expiry: '1h'
|
||||
IncludeLowerLetters: false
|
||||
IncludeUpperLetters: true
|
||||
IncludeDigits: true
|
||||
IncludeSymbols: false
|
||||
PasswordlessInitCode:
|
||||
Length: 12
|
||||
Expiry: '1h'
|
||||
IncludeLowerLetters: true
|
||||
IncludeUpperLetters: true
|
||||
IncludeDigits: true
|
||||
IncludeSymbols: false
|
||||
DomainVerification:
|
||||
Length: 32
|
||||
IncludeLowerLetters: true
|
||||
IncludeUpperLetters: true
|
||||
IncludeDigits: true
|
||||
IncludeSymbols: false
|
||||
Features:
|
||||
TierName: Default Tier
|
||||
TierDescription: ""
|
||||
|
||||
Reference in New Issue
Block a user