mirror of
https://github.com/zitadel/zitadel.git
synced 2025-07-30 17:03:43 +00:00
feat: idp and login policy configurations (#619)
* feat: oidc config * fix: oidc configurations * feat: oidc idp config * feat: add oidc config test * fix: tests * fix: tests * feat: translate new events * feat: idp eventstore * feat: idp eventstore * fix: tests * feat: command side idp * feat: query side idp * feat: idp config on org * fix: tests * feat: authz idp on org * feat: org idps * feat: login policy * feat: login policy * feat: login policy * feat: add idp func on login policy * feat: add validation to loginpolicy and idp provider * feat: add default login policy * feat: login policy on org * feat: login policy on org * fix: id config handlers * fix: id config handlers * fix: create idp on org * fix: create idp on org * fix: not existing idp config * fix: default login policy * fix: add login policy on org * fix: idp provider search on org * fix: test * fix: remove idp on org * fix: test * fix: test * fix: remove admin idp * fix: logo src as byte * fix: migration * fix: tests * Update internal/iam/repository/eventsourcing/iam.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/iam_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/iam_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/org/repository/eventsourcing/org_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix: pr comments * fix: tests * Update types.go * fix: merge request changes * fix: reduce optimization Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com>
This commit is contained in:
parent
f05c5bae24
commit
db1d8f4efe
@ -10,12 +10,18 @@ InternalAuthZ:
|
||||
- "iam.member.read"
|
||||
- "iam.member.write"
|
||||
- "iam.member.delete"
|
||||
- "iam.idp.read"
|
||||
- "iam.idp.write"
|
||||
- "iam.idp.delete"
|
||||
- "org.read"
|
||||
- "org.create"
|
||||
- "org.write"
|
||||
- "org.member.read"
|
||||
- "org.member.write"
|
||||
- "org.member.delete"
|
||||
- "org.idp.read"
|
||||
- "org.idp.write"
|
||||
- "org.idp.delete"
|
||||
- "user.read"
|
||||
- "user.write"
|
||||
- "user.delete"
|
||||
@ -55,8 +61,10 @@ InternalAuthZ:
|
||||
- "iam.read"
|
||||
- "iam.policy.read"
|
||||
- "iam.member.read"
|
||||
- "iam.idp.read"
|
||||
- "org.read"
|
||||
- "org.member.read"
|
||||
- "org.idp.read"
|
||||
- "user.read"
|
||||
- "user.grant.read"
|
||||
- "user.membership.read"
|
||||
@ -77,6 +85,9 @@ InternalAuthZ:
|
||||
- "org.member.read"
|
||||
- "org.member.write"
|
||||
- "org.member.delete"
|
||||
- "org.idp.read"
|
||||
- "org.idp.write"
|
||||
- "org.idp.delete"
|
||||
- "user.read"
|
||||
- "user.write"
|
||||
- "user.delete"
|
||||
@ -114,6 +125,7 @@ InternalAuthZ:
|
||||
Permissions:
|
||||
- "org.read"
|
||||
- "org.member.read"
|
||||
- "org.idp.read"
|
||||
- "user.read"
|
||||
- "user.grant.read"
|
||||
- "user.membership.read"
|
||||
|
@ -21,6 +21,7 @@ gopass zitadel-secrets/zitadel/developer/default/keys.yaml > "$BASEDIR/local_key
|
||||
export ZITADEL_KEY_PATH="$BASEDIR/local_keys.yaml"
|
||||
|
||||
export ZITADEL_USER_VERIFICATION_KEY=UserVerificationKey_1
|
||||
export ZITADEL_IDP_CONFIG_VERIFICATION_KEY=IdpConfigVerificationKey_1
|
||||
export ZITADEL_OTP_VERIFICATION_KEY=OTPVerificationKey_1
|
||||
export ZITADEL_OIDC_KEYS_ID=OIDCKey_1
|
||||
export ZITADEL_COOKIE_KEY=CookieKey_1
|
||||
|
@ -25,6 +25,10 @@ Eventstore:
|
||||
SetUp:
|
||||
GlobalOrg: 'Global'
|
||||
IAMProject: 'Zitadel'
|
||||
DefaultLoginPolicy:
|
||||
AllowUsernamePassword: true
|
||||
AllowRegister: true
|
||||
AllowExternalIdp: true
|
||||
Orgs:
|
||||
- Name: 'Global'
|
||||
Domain: 'global.caos.ch'
|
||||
|
@ -6,6 +6,8 @@ SystemDefaults:
|
||||
DiscoveryEndpoint: '$ZITADEL_ISSUER/.well-known/openid-configuration'
|
||||
UserVerificationKey:
|
||||
EncryptionKeyID: $ZITADEL_USER_VERIFICATION_KEY
|
||||
IDPConfigVerificationKey:
|
||||
EncryptionKeyID: $ZITADEL_IDP_CONFIG_VERIFICATION_KEY
|
||||
SecretGenerators:
|
||||
PasswordSaltCost: 14
|
||||
ClientSecretGenerator:
|
||||
|
@ -31,4 +31,5 @@ cockroachdb/cockroach:latest start --insecure
|
||||
|
||||
#### Should show eventstore, management, admin, auth
|
||||
`show databases;`
|
||||
|
||||
|
@ -5,57 +5,61 @@ import (
|
||||
"github.com/caos/logging"
|
||||
admin_view "github.com/caos/zitadel/internal/admin/repository/eventsourcing/view"
|
||||
"github.com/caos/zitadel/internal/config/systemdefaults"
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
||||
es_sdk "github.com/caos/zitadel/internal/eventstore/sdk"
|
||||
iam_es_model "github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
org_es "github.com/caos/zitadel/internal/org/repository/eventsourcing"
|
||||
"strings"
|
||||
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
iam_es "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
|
||||
)
|
||||
|
||||
type IamRepository struct {
|
||||
type IAMRepository struct {
|
||||
SearchLimit uint64
|
||||
*iam_es.IamEventstore
|
||||
*iam_es.IAMEventstore
|
||||
OrgEvents *org_es.OrgEventstore
|
||||
View *admin_view.View
|
||||
SystemDefaults systemdefaults.SystemDefaults
|
||||
Roles []string
|
||||
}
|
||||
|
||||
func (repo *IamRepository) IamMemberByID(ctx context.Context, orgID, userID string) (*iam_model.IamMemberView, error) {
|
||||
member, err := repo.View.IamMemberByIDs(orgID, userID)
|
||||
func (repo *IAMRepository) IAMMemberByID(ctx context.Context, orgID, userID string) (*iam_model.IAMMemberView, error) {
|
||||
member, err := repo.View.IAMMemberByIDs(orgID, userID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return iam_es_model.IamMemberToModel(member), nil
|
||||
return iam_es_model.IAMMemberToModel(member), nil
|
||||
}
|
||||
|
||||
func (repo *IamRepository) AddIamMember(ctx context.Context, member *iam_model.IamMember) (*iam_model.IamMember, error) {
|
||||
func (repo *IAMRepository) AddIAMMember(ctx context.Context, member *iam_model.IAMMember) (*iam_model.IAMMember, error) {
|
||||
member.AggregateID = repo.SystemDefaults.IamID
|
||||
return repo.IamEventstore.AddIamMember(ctx, member)
|
||||
return repo.IAMEventstore.AddIAMMember(ctx, member)
|
||||
}
|
||||
|
||||
func (repo *IamRepository) ChangeIamMember(ctx context.Context, member *iam_model.IamMember) (*iam_model.IamMember, error) {
|
||||
func (repo *IAMRepository) ChangeIAMMember(ctx context.Context, member *iam_model.IAMMember) (*iam_model.IAMMember, error) {
|
||||
member.AggregateID = repo.SystemDefaults.IamID
|
||||
return repo.IamEventstore.ChangeIamMember(ctx, member)
|
||||
return repo.IAMEventstore.ChangeIAMMember(ctx, member)
|
||||
}
|
||||
|
||||
func (repo *IamRepository) RemoveIamMember(ctx context.Context, userID string) error {
|
||||
member := iam_model.NewIamMember(repo.SystemDefaults.IamID, userID)
|
||||
return repo.IamEventstore.RemoveIamMember(ctx, member)
|
||||
func (repo *IAMRepository) RemoveIAMMember(ctx context.Context, userID string) error {
|
||||
member := iam_model.NewIAMMember(repo.SystemDefaults.IamID, userID)
|
||||
return repo.IAMEventstore.RemoveIAMMember(ctx, member)
|
||||
}
|
||||
|
||||
func (repo *IamRepository) SearchIamMembers(ctx context.Context, request *iam_model.IamMemberSearchRequest) (*iam_model.IamMemberSearchResponse, error) {
|
||||
func (repo *IAMRepository) SearchIAMMembers(ctx context.Context, request *iam_model.IAMMemberSearchRequest) (*iam_model.IAMMemberSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
sequence, err := repo.View.GetLatestIamMemberSequence()
|
||||
sequence, err := repo.View.GetLatestIAMMemberSequence()
|
||||
logging.Log("EVENT-Slkci").OnError(err).Warn("could not read latest iam sequence")
|
||||
members, count, err := repo.View.SearchIamMembers(request)
|
||||
members, count, err := repo.View.SearchIAMMembers(request)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
result := &iam_model.IamMemberSearchResponse{
|
||||
result := &iam_model.IAMMemberSearchResponse{
|
||||
Offset: request.Offset,
|
||||
Limit: request.Limit,
|
||||
TotalResult: uint64(count),
|
||||
Result: iam_es_model.IamMembersToModel(members),
|
||||
TotalResult: count,
|
||||
Result: iam_es_model.IAMMembersToModel(members),
|
||||
}
|
||||
if err == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
@ -64,7 +68,7 @@ func (repo *IamRepository) SearchIamMembers(ctx context.Context, request *iam_mo
|
||||
return result, nil
|
||||
}
|
||||
|
||||
func (repo *IamRepository) GetIamMemberRoles() []string {
|
||||
func (repo *IAMRepository) GetIAMMemberRoles() []string {
|
||||
roles := make([]string, 0)
|
||||
for _, roleMap := range repo.Roles {
|
||||
if strings.HasPrefix(roleMap, "IAM") {
|
||||
@ -73,3 +77,133 @@ func (repo *IamRepository) GetIamMemberRoles() []string {
|
||||
}
|
||||
return roles
|
||||
}
|
||||
|
||||
func (repo *IAMRepository) IDPConfigByID(ctx context.Context, idpConfigID string) (*iam_model.IDPConfigView, error) {
|
||||
idp, err := repo.View.IDPConfigByID(idpConfigID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return iam_es_model.IdpConfigViewToModel(idp), nil
|
||||
}
|
||||
func (repo *IAMRepository) AddOIDCIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error) {
|
||||
idp.AggregateID = repo.SystemDefaults.IamID
|
||||
return repo.IAMEventstore.AddIDPConfig(ctx, idp)
|
||||
}
|
||||
|
||||
func (repo *IAMRepository) ChangeIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error) {
|
||||
idp.AggregateID = repo.SystemDefaults.IamID
|
||||
return repo.IAMEventstore.ChangeIDPConfig(ctx, idp)
|
||||
}
|
||||
|
||||
func (repo *IAMRepository) DeactivateIDPConfig(ctx context.Context, idpConfigID string) (*iam_model.IDPConfig, error) {
|
||||
return repo.IAMEventstore.DeactivateIDPConfig(ctx, repo.SystemDefaults.IamID, idpConfigID)
|
||||
}
|
||||
|
||||
func (repo *IAMRepository) ReactivateIDPConfig(ctx context.Context, idpConfigID string) (*iam_model.IDPConfig, error) {
|
||||
return repo.IAMEventstore.ReactivateIDPConfig(ctx, repo.SystemDefaults.IamID, idpConfigID)
|
||||
}
|
||||
|
||||
func (repo *IAMRepository) RemoveIDPConfig(ctx context.Context, idpConfigID string) error {
|
||||
aggregates := make([]*es_models.Aggregate, 0)
|
||||
idp := iam_model.NewIDPConfig(repo.SystemDefaults.IamID, idpConfigID)
|
||||
_, agg, err := repo.IAMEventstore.PrepareRemoveIDPConfig(ctx, idp)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
aggregates = append(aggregates, agg)
|
||||
|
||||
providers, err := repo.View.IDPProvidersByIdpConfigID(idpConfigID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, p := range providers {
|
||||
if p.AggregateID == repo.SystemDefaults.IamID {
|
||||
continue
|
||||
}
|
||||
provider := &iam_model.IDPProvider{ObjectRoot: es_models.ObjectRoot{AggregateID: p.AggregateID}, IdpConfigID: p.IDPConfigID}
|
||||
providerAgg := new(es_models.Aggregate)
|
||||
_, providerAgg, err = repo.OrgEvents.PrepareRemoveIDPProviderFromLoginPolicy(ctx, provider, true)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
aggregates = append(aggregates, providerAgg)
|
||||
}
|
||||
|
||||
return es_sdk.PushAggregates(ctx, repo.Eventstore.PushAggregates, nil, aggregates...)
|
||||
}
|
||||
|
||||
func (repo *IAMRepository) ChangeOidcIDPConfig(ctx context.Context, oidcConfig *iam_model.OIDCIDPConfig) (*iam_model.OIDCIDPConfig, error) {
|
||||
oidcConfig.AggregateID = repo.SystemDefaults.IamID
|
||||
return repo.IAMEventstore.ChangeIDPOIDCConfig(ctx, oidcConfig)
|
||||
}
|
||||
|
||||
func (repo *IAMRepository) SearchIDPConfigs(ctx context.Context, request *iam_model.IDPConfigSearchRequest) (*iam_model.IDPConfigSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
sequence, err := repo.View.GetLatestIDPConfigSequence()
|
||||
logging.Log("EVENT-Dk8si").OnError(err).Warn("could not read latest idp config sequence")
|
||||
idps, count, err := repo.View.SearchIDPConfigs(request)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
result := &iam_model.IDPConfigSearchResponse{
|
||||
Offset: request.Offset,
|
||||
Limit: request.Limit,
|
||||
TotalResult: uint64(count),
|
||||
Result: iam_es_model.IdpConfigViewsToModel(idps),
|
||||
}
|
||||
if err == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
return result, nil
|
||||
}
|
||||
|
||||
func (repo *IAMRepository) GetDefaultLoginPolicy(ctx context.Context) (*iam_model.LoginPolicyView, error) {
|
||||
policy, err := repo.View.LoginPolicyByAggregateID(repo.SystemDefaults.IamID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return iam_es_model.LoginPolicyViewToModel(policy), err
|
||||
}
|
||||
|
||||
func (repo *IAMRepository) AddDefaultLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) {
|
||||
policy.AggregateID = repo.SystemDefaults.IamID
|
||||
return repo.IAMEventstore.AddLoginPolicy(ctx, policy)
|
||||
}
|
||||
|
||||
func (repo *IAMRepository) ChangeDefaultLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) {
|
||||
policy.AggregateID = repo.SystemDefaults.IamID
|
||||
return repo.IAMEventstore.ChangeLoginPolicy(ctx, policy)
|
||||
}
|
||||
|
||||
func (repo *IAMRepository) SearchDefaultIDPProviders(ctx context.Context, request *iam_model.IDPProviderSearchRequest) (*iam_model.IDPProviderSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
request.AppendAggregateIDQuery(repo.SystemDefaults.IamID)
|
||||
sequence, err := repo.View.GetLatestIDPProviderSequence()
|
||||
logging.Log("EVENT-Tuiks").OnError(err).Warn("could not read latest iam sequence")
|
||||
providers, count, err := repo.View.SearchIDPProviders(request)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
result := &iam_model.IDPProviderSearchResponse{
|
||||
Offset: request.Offset,
|
||||
Limit: request.Limit,
|
||||
TotalResult: count,
|
||||
Result: iam_es_model.IDPProviderViewsToModel(providers),
|
||||
}
|
||||
if err == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
return result, nil
|
||||
}
|
||||
|
||||
func (repo *IAMRepository) AddIDPProviderToLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) (*iam_model.IDPProvider, error) {
|
||||
provider.AggregateID = repo.SystemDefaults.IamID
|
||||
return repo.IAMEventstore.AddIDPProviderToLoginPolicy(ctx, provider)
|
||||
}
|
||||
|
||||
func (repo *IAMRepository) RemoveIdpProviderFromIdpProvider(ctx context.Context, provider *iam_model.IDPProvider) error {
|
||||
provider.AggregateID = repo.SystemDefaults.IamID
|
||||
return repo.IAMEventstore.RemoveIDPProviderFromLoginPolicy(ctx, provider)
|
||||
}
|
||||
|
@ -4,9 +4,9 @@ import (
|
||||
"context"
|
||||
|
||||
"github.com/caos/logging"
|
||||
|
||||
admin_model "github.com/caos/zitadel/internal/admin/model"
|
||||
admin_view "github.com/caos/zitadel/internal/admin/repository/eventsourcing/view"
|
||||
"github.com/caos/zitadel/internal/config/systemdefaults"
|
||||
"github.com/caos/zitadel/internal/eventstore"
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
||||
"github.com/caos/zitadel/internal/eventstore/sdk"
|
||||
@ -30,7 +30,8 @@ type OrgRepo struct {
|
||||
|
||||
View *admin_view.View
|
||||
|
||||
SearchLimit uint64
|
||||
SearchLimit uint64
|
||||
SystemDefaults systemdefaults.SystemDefaults
|
||||
}
|
||||
|
||||
func (repo *OrgRepo) SetUpOrg(ctx context.Context, setUp *admin_model.SetupOrg) (*admin_model.SetupOrg, error) {
|
||||
@ -38,7 +39,7 @@ func (repo *OrgRepo) SetUpOrg(ctx context.Context, setUp *admin_model.SetupOrg)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
orgPolicy, err := repo.OrgEventstore.GetOrgIamPolicy(ctx, policy_model.DefaultPolicy)
|
||||
orgPolicy, err := repo.OrgEventstore.GetOrgIAMPolicy(ctx, policy_model.DefaultPolicy)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -105,18 +106,18 @@ func (repo *OrgRepo) IsOrgUnique(ctx context.Context, name, domain string) (isUn
|
||||
return repo.OrgEventstore.IsOrgUnique(ctx, name, domain)
|
||||
}
|
||||
|
||||
func (repo *OrgRepo) GetOrgIamPolicyByID(ctx context.Context, id string) (*org_model.OrgIamPolicy, error) {
|
||||
return repo.OrgEventstore.GetOrgIamPolicy(ctx, id)
|
||||
func (repo *OrgRepo) GetOrgIamPolicyByID(ctx context.Context, id string) (*org_model.OrgIAMPolicy, error) {
|
||||
return repo.OrgEventstore.GetOrgIAMPolicy(ctx, id)
|
||||
}
|
||||
|
||||
func (repo *OrgRepo) CreateOrgIamPolicy(ctx context.Context, policy *org_model.OrgIamPolicy) (*org_model.OrgIamPolicy, error) {
|
||||
return repo.OrgEventstore.AddOrgIamPolicy(ctx, policy)
|
||||
func (repo *OrgRepo) CreateOrgIamPolicy(ctx context.Context, policy *org_model.OrgIAMPolicy) (*org_model.OrgIAMPolicy, error) {
|
||||
return repo.OrgEventstore.AddOrgIAMPolicy(ctx, policy)
|
||||
}
|
||||
|
||||
func (repo *OrgRepo) ChangeOrgIamPolicy(ctx context.Context, policy *org_model.OrgIamPolicy) (*org_model.OrgIamPolicy, error) {
|
||||
return repo.OrgEventstore.ChangeOrgIamPolicy(ctx, policy)
|
||||
func (repo *OrgRepo) ChangeOrgIamPolicy(ctx context.Context, policy *org_model.OrgIAMPolicy) (*org_model.OrgIAMPolicy, error) {
|
||||
return repo.OrgEventstore.ChangeOrgIAMPolicy(ctx, policy)
|
||||
}
|
||||
|
||||
func (repo *OrgRepo) RemoveOrgIamPolicy(ctx context.Context, id string) error {
|
||||
return repo.OrgEventstore.RemoveOrgIamPolicy(ctx, id)
|
||||
return repo.OrgEventstore.RemoveOrgIAMPolicy(ctx, id)
|
||||
}
|
||||
|
@ -25,7 +25,7 @@ func (repo *UserRepo) CreateUser(ctx context.Context, user *usr_model.User) (*us
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
orgPolicy, err := repo.OrgEvents.GetOrgIamPolicy(ctx, authz.GetCtxData(ctx).OrgID)
|
||||
orgPolicy, err := repo.OrgEvents.GetOrgIAMPolicy(ctx, authz.GetCtxData(ctx).OrgID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -41,7 +41,7 @@ func (repo *UserRepo) RegisterUser(ctx context.Context, user *usr_model.User, re
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
orgPolicy, err := repo.OrgEvents.GetOrgIamPolicy(ctx, policyResourceOwner)
|
||||
orgPolicy, err := repo.OrgEvents.GetOrgIAMPolicy(ctx, policyResourceOwner)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -1,6 +1,8 @@
|
||||
package handler
|
||||
|
||||
import (
|
||||
"github.com/caos/zitadel/internal/config/systemdefaults"
|
||||
iam_event "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
|
||||
"time"
|
||||
|
||||
"github.com/caos/zitadel/internal/admin/repository/eventsourcing/view"
|
||||
@ -26,13 +28,17 @@ type handler struct {
|
||||
|
||||
type EventstoreRepos struct {
|
||||
UserEvents *usr_event.UserEventstore
|
||||
IamEvents *iam_event.IAMEventstore
|
||||
OrgEvents *org_event.OrgEventstore
|
||||
}
|
||||
|
||||
func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, eventstore eventstore.Eventstore, repos EventstoreRepos) []query.Handler {
|
||||
func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, eventstore eventstore.Eventstore, repos EventstoreRepos, defaults systemdefaults.SystemDefaults) []query.Handler {
|
||||
return []query.Handler{
|
||||
&Org{handler: handler{view, bulkLimit, configs.cycleDuration("Org"), errorCount}},
|
||||
&IamMember{handler: handler{view, bulkLimit, configs.cycleDuration("IamMember"), errorCount}, userEvents: repos.UserEvents},
|
||||
&IDPConfig{handler: handler{view, bulkLimit, configs.cycleDuration("IDPConfig"), errorCount}},
|
||||
&LoginPolicy{handler: handler{view, bulkLimit, configs.cycleDuration("LoginPolicy"), errorCount}},
|
||||
&IDPProvider{handler: handler{view, bulkLimit, configs.cycleDuration("LoginPolicy"), errorCount}, systemDefaults: defaults, iamEvents: repos.IamEvents, orgEvents: repos.OrgEvents},
|
||||
&User{handler: handler{view, bulkLimit, configs.cycleDuration("User"), errorCount}, eventstore: eventstore, orgEvents: repos.OrgEvents},
|
||||
}
|
||||
}
|
||||
|
@ -29,18 +29,18 @@ func (m *IamMember) ViewModel() string {
|
||||
}
|
||||
|
||||
func (m *IamMember) EventQuery() (*models.SearchQuery, error) {
|
||||
sequence, err := m.view.GetLatestIamMemberSequence()
|
||||
sequence, err := m.view.GetLatestIAMMemberSequence()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return es_models.NewSearchQuery().
|
||||
AggregateTypeFilter(model.IamAggregate, usr_es_model.UserAggregate).
|
||||
AggregateTypeFilter(model.IAMAggregate, usr_es_model.UserAggregate).
|
||||
LatestSequenceFilter(sequence.CurrentSequence), nil
|
||||
}
|
||||
|
||||
func (m *IamMember) Reduce(event *models.Event) (err error) {
|
||||
switch event.AggregateType {
|
||||
case model.IamAggregate:
|
||||
case model.IAMAggregate:
|
||||
err = m.processIamMember(event)
|
||||
case usr_es_model.UserAggregate:
|
||||
err = m.processUser(event)
|
||||
@ -49,46 +49,46 @@ func (m *IamMember) Reduce(event *models.Event) (err error) {
|
||||
}
|
||||
|
||||
func (m *IamMember) processIamMember(event *models.Event) (err error) {
|
||||
member := new(iam_model.IamMemberView)
|
||||
member := new(iam_model.IAMMemberView)
|
||||
switch event.Type {
|
||||
case model.IamMemberAdded:
|
||||
case model.IAMMemberAdded:
|
||||
member.AppendEvent(event)
|
||||
m.fillData(member)
|
||||
case model.IamMemberChanged:
|
||||
case model.IAMMemberChanged:
|
||||
err := member.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
member, err = m.view.IamMemberByIDs(event.AggregateID, member.UserID)
|
||||
member, err = m.view.IAMMemberByIDs(event.AggregateID, member.UserID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
member.AppendEvent(event)
|
||||
case model.IamMemberRemoved:
|
||||
case model.IAMMemberRemoved:
|
||||
err := member.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.DeleteIamMember(event.AggregateID, member.UserID, event.Sequence)
|
||||
return m.view.DeleteIAMMember(event.AggregateID, member.UserID, event.Sequence)
|
||||
default:
|
||||
return m.view.ProcessedIamMemberSequence(event.Sequence)
|
||||
return m.view.ProcessedIAMMemberSequence(event.Sequence)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.PutIamMember(member, member.Sequence)
|
||||
return m.view.PutIAMMember(member, member.Sequence)
|
||||
}
|
||||
|
||||
func (m *IamMember) processUser(event *models.Event) (err error) {
|
||||
switch event.Type {
|
||||
case usr_es_model.UserProfileChanged,
|
||||
usr_es_model.UserEmailChanged:
|
||||
members, err := m.view.IamMembersByUserID(event.AggregateID)
|
||||
members, err := m.view.IAMMembersByUserID(event.AggregateID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if len(members) == 0 {
|
||||
return m.view.ProcessedIamMemberSequence(event.Sequence)
|
||||
return m.view.ProcessedIAMMemberSequence(event.Sequence)
|
||||
}
|
||||
user, err := m.userEvents.UserByID(context.Background(), event.AggregateID)
|
||||
if err != nil {
|
||||
@ -96,18 +96,18 @@ func (m *IamMember) processUser(event *models.Event) (err error) {
|
||||
}
|
||||
for _, member := range members {
|
||||
m.fillUserData(member, user)
|
||||
err = m.view.PutIamMember(member, event.Sequence)
|
||||
err = m.view.PutIAMMember(member, event.Sequence)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
default:
|
||||
return m.view.ProcessedIamMemberSequence(event.Sequence)
|
||||
return m.view.ProcessedIAMMemberSequence(event.Sequence)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (m *IamMember) fillData(member *iam_model.IamMemberView) (err error) {
|
||||
func (m *IamMember) fillData(member *iam_model.IAMMemberView) (err error) {
|
||||
user, err := m.userEvents.UserByID(context.Background(), member.UserID)
|
||||
if err != nil {
|
||||
return err
|
||||
@ -116,7 +116,7 @@ func (m *IamMember) fillData(member *iam_model.IamMemberView) (err error) {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (m *IamMember) fillUserData(member *iam_model.IamMemberView, user *usr_model.User) {
|
||||
func (m *IamMember) fillUserData(member *iam_model.IAMMemberView, user *usr_model.User) {
|
||||
member.UserName = user.UserName
|
||||
member.FirstName = user.FirstName
|
||||
member.LastName = user.LastName
|
||||
@ -125,5 +125,5 @@ func (m *IamMember) fillUserData(member *iam_model.IamMemberView, user *usr_mode
|
||||
}
|
||||
func (m *IamMember) OnError(event *models.Event, err error) error {
|
||||
logging.LogWithFields("SPOOL-Ld9ow", "id", event.AggregateID).WithError(err).Warn("something went wrong in iammember handler")
|
||||
return spooler.HandleError(event, err, m.view.GetLatestIamMemberFailedEvent, m.view.ProcessedIamMemberFailedEvent, m.view.ProcessedIamMemberSequence, m.errorCountUntilSkip)
|
||||
return spooler.HandleError(event, err, m.view.GetLatestIAMMemberFailedEvent, m.view.ProcessedIAMMemberFailedEvent, m.view.ProcessedIAMMemberSequence, m.errorCountUntilSkip)
|
||||
}
|
||||
|
@ -0,0 +1,79 @@
|
||||
package handler
|
||||
|
||||
import (
|
||||
"github.com/caos/logging"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
|
||||
"github.com/caos/zitadel/internal/eventstore/models"
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
||||
"github.com/caos/zitadel/internal/eventstore/spooler"
|
||||
"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
|
||||
iam_view_model "github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
)
|
||||
|
||||
type IDPConfig struct {
|
||||
handler
|
||||
}
|
||||
|
||||
const (
|
||||
idpConfigTable = "adminapi.idp_configs"
|
||||
)
|
||||
|
||||
func (m *IDPConfig) ViewModel() string {
|
||||
return idpConfigTable
|
||||
}
|
||||
|
||||
func (m *IDPConfig) EventQuery() (*models.SearchQuery, error) {
|
||||
sequence, err := m.view.GetLatestIDPConfigSequence()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return es_models.NewSearchQuery().
|
||||
AggregateTypeFilter(model.IAMAggregate).
|
||||
LatestSequenceFilter(sequence.CurrentSequence), nil
|
||||
}
|
||||
|
||||
func (m *IDPConfig) Reduce(event *models.Event) (err error) {
|
||||
switch event.AggregateType {
|
||||
case model.IAMAggregate:
|
||||
err = m.processIDPConfig(event)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func (m *IDPConfig) processIDPConfig(event *models.Event) (err error) {
|
||||
idp := new(iam_view_model.IDPConfigView)
|
||||
switch event.Type {
|
||||
case model.IDPConfigAdded:
|
||||
err = idp.AppendEvent(iam_model.IDPProviderTypeSystem, event)
|
||||
case model.IDPConfigChanged,
|
||||
model.OIDCIDPConfigAdded,
|
||||
model.OIDCIDPConfigChanged:
|
||||
err = idp.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
idp, err = m.view.IDPConfigByID(idp.IDPConfigID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = idp.AppendEvent(iam_model.IDPProviderTypeSystem, event)
|
||||
case model.IDPConfigRemoved:
|
||||
err = idp.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.DeleteIDPConfig(idp.IDPConfigID, event.Sequence)
|
||||
default:
|
||||
return m.view.ProcessedIDPConfigSequence(event.Sequence)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.PutIDPConfig(idp, idp.Sequence)
|
||||
}
|
||||
|
||||
func (m *IDPConfig) OnError(event *models.Event, err error) error {
|
||||
logging.LogWithFields("SPOOL-Mslo9", "id", event.AggregateID).WithError(err).Warn("something went wrong in idp config handler")
|
||||
return spooler.HandleError(event, err, m.view.GetLatestIDPConfigFailedEvent, m.view.ProcessedIDPConfigFailedEvent, m.view.ProcessedIDPConfigSequence, m.errorCountUntilSkip)
|
||||
}
|
114
internal/admin/repository/eventsourcing/handler/idp_providers.go
Normal file
114
internal/admin/repository/eventsourcing/handler/idp_providers.go
Normal file
@ -0,0 +1,114 @@
|
||||
package handler
|
||||
|
||||
import (
|
||||
"context"
|
||||
"github.com/caos/logging"
|
||||
"github.com/caos/zitadel/internal/config/systemdefaults"
|
||||
"github.com/caos/zitadel/internal/iam/repository/eventsourcing"
|
||||
org_events "github.com/caos/zitadel/internal/org/repository/eventsourcing"
|
||||
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
|
||||
|
||||
"github.com/caos/zitadel/internal/eventstore/models"
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
||||
"github.com/caos/zitadel/internal/eventstore/spooler"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
|
||||
iam_view_model "github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
)
|
||||
|
||||
type IDPProvider struct {
|
||||
handler
|
||||
systemDefaults systemdefaults.SystemDefaults
|
||||
iamEvents *eventsourcing.IAMEventstore
|
||||
orgEvents *org_events.OrgEventstore
|
||||
}
|
||||
|
||||
const (
|
||||
idpProviderTable = "adminapi.idp_providers"
|
||||
)
|
||||
|
||||
func (m *IDPProvider) ViewModel() string {
|
||||
return idpProviderTable
|
||||
}
|
||||
|
||||
func (m *IDPProvider) EventQuery() (*models.SearchQuery, error) {
|
||||
sequence, err := m.view.GetLatestIDPProviderSequence()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return es_models.NewSearchQuery().
|
||||
AggregateTypeFilter(model.IAMAggregate, org_es_model.OrgAggregate).
|
||||
LatestSequenceFilter(sequence.CurrentSequence), nil
|
||||
}
|
||||
|
||||
func (m *IDPProvider) Reduce(event *models.Event) (err error) {
|
||||
switch event.AggregateType {
|
||||
case model.IAMAggregate, org_es_model.OrgAggregate:
|
||||
err = m.processIdpProvider(event)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func (m *IDPProvider) processIdpProvider(event *models.Event) (err error) {
|
||||
provider := new(iam_view_model.IDPProviderView)
|
||||
switch event.Type {
|
||||
case model.LoginPolicyIDPProviderAdded, org_es_model.LoginPolicyIDPProviderAdded:
|
||||
err = provider.AppendEvent(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = m.fillData(provider)
|
||||
case model.LoginPolicyIDPProviderRemoved, model.LoginPolicyIDPProviderCascadeRemoved,
|
||||
org_es_model.LoginPolicyIDPProviderRemoved, org_es_model.LoginPolicyIDPProviderCascadeRemoved:
|
||||
err = provider.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.DeleteIDPProvider(event.AggregateID, provider.IDPConfigID, event.Sequence)
|
||||
case model.IDPConfigChanged, org_es_model.IDPConfigChanged:
|
||||
config := new(iam_model.IDPConfig)
|
||||
config.AppendEvent(event)
|
||||
providers, err := m.view.IDPProvidersByIdpConfigID(config.IDPConfigID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
config, err = m.iamEvents.GetIDPConfig(context.Background(), provider.AggregateID, config.IDPConfigID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, provider := range providers {
|
||||
m.fillConfigData(provider, config)
|
||||
}
|
||||
return m.view.PutIDPProviders(event.Sequence, providers...)
|
||||
default:
|
||||
return m.view.ProcessedIDPProviderSequence(event.Sequence)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.PutIDPProvider(provider, provider.Sequence)
|
||||
}
|
||||
|
||||
func (m *IDPProvider) fillData(provider *iam_view_model.IDPProviderView) (err error) {
|
||||
var config *iam_model.IDPConfig
|
||||
if provider.IDPProviderType == int32(iam_model.IDPProviderTypeSystem) {
|
||||
config, err = m.iamEvents.GetIDPConfig(context.Background(), m.systemDefaults.IamID, provider.IDPConfigID)
|
||||
} else {
|
||||
config, err = m.orgEvents.GetIDPConfig(context.Background(), provider.AggregateID, provider.IDPConfigID)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
m.fillConfigData(provider, config)
|
||||
return nil
|
||||
}
|
||||
|
||||
func (m *IDPProvider) fillConfigData(provider *iam_view_model.IDPProviderView, config *iam_model.IDPConfig) {
|
||||
provider.Name = config.Name
|
||||
provider.IDPConfigType = int32(config.Type)
|
||||
}
|
||||
|
||||
func (m *IDPProvider) OnError(event *models.Event, err error) error {
|
||||
logging.LogWithFields("SPOOL-Msj8c", "id", event.AggregateID).WithError(err).Warn("something went wrong in idp provider handler")
|
||||
return spooler.HandleError(event, err, m.view.GetLatestIDPProviderFailedEvent, m.view.ProcessedIDPProviderFailedEvent, m.view.ProcessedIDPProviderSequence, m.errorCountUntilSkip)
|
||||
}
|
@ -0,0 +1,66 @@
|
||||
package handler
|
||||
|
||||
import (
|
||||
"github.com/caos/logging"
|
||||
|
||||
"github.com/caos/zitadel/internal/eventstore/models"
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
||||
"github.com/caos/zitadel/internal/eventstore/spooler"
|
||||
"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
)
|
||||
|
||||
type LoginPolicy struct {
|
||||
handler
|
||||
}
|
||||
|
||||
const (
|
||||
loginPolicyTable = "adminapi.login_policies"
|
||||
)
|
||||
|
||||
func (m *LoginPolicy) ViewModel() string {
|
||||
return loginPolicyTable
|
||||
}
|
||||
|
||||
func (m *LoginPolicy) EventQuery() (*models.SearchQuery, error) {
|
||||
sequence, err := m.view.GetLatestLoginPolicySequence()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return es_models.NewSearchQuery().
|
||||
AggregateTypeFilter(model.IAMAggregate).
|
||||
LatestSequenceFilter(sequence.CurrentSequence), nil
|
||||
}
|
||||
|
||||
func (m *LoginPolicy) Reduce(event *models.Event) (err error) {
|
||||
switch event.AggregateType {
|
||||
case model.IAMAggregate:
|
||||
err = m.processLoginPolicy(event)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func (m *LoginPolicy) processLoginPolicy(event *models.Event) (err error) {
|
||||
policy := new(iam_model.LoginPolicyView)
|
||||
switch event.Type {
|
||||
case model.LoginPolicyAdded:
|
||||
err = policy.AppendEvent(event)
|
||||
case model.LoginPolicyChanged:
|
||||
policy, err = m.view.LoginPolicyByAggregateID(event.AggregateID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = policy.AppendEvent(event)
|
||||
default:
|
||||
return m.view.ProcessedLoginPolicySequence(event.Sequence)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.PutLoginPolicy(policy, policy.Sequence)
|
||||
}
|
||||
|
||||
func (m *LoginPolicy) OnError(event *models.Event, err error) error {
|
||||
logging.LogWithFields("SPOOL-Wj8sf", "id", event.AggregateID).WithError(err).Warn("something went wrong in login policy handler")
|
||||
return spooler.HandleError(event, err, m.view.GetLatestLoginPolicyFailedEvent, m.view.ProcessedLoginPolicyFailedEvent, m.view.ProcessedLoginPolicySequence, m.errorCountUntilSkip)
|
||||
}
|
@ -105,9 +105,9 @@ func (u *User) ProcessOrg(event *models.Event) (err error) {
|
||||
switch event.Type {
|
||||
case org_es_model.OrgDomainVerified,
|
||||
org_es_model.OrgDomainRemoved,
|
||||
org_es_model.OrgIamPolicyAdded,
|
||||
org_es_model.OrgIamPolicyChanged,
|
||||
org_es_model.OrgIamPolicyRemoved:
|
||||
org_es_model.OrgIAMPolicyAdded,
|
||||
org_es_model.OrgIAMPolicyChanged,
|
||||
org_es_model.OrgIAMPolicyRemoved:
|
||||
return u.fillLoginNamesOnOrgUsers(event)
|
||||
case org_es_model.OrgDomainPrimarySet:
|
||||
return u.fillPreferredLoginNamesOnOrgUsers(event)
|
||||
@ -121,7 +121,7 @@ func (u *User) fillLoginNamesOnOrgUsers(event *models.Event) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
policy, err := u.orgEvents.GetOrgIamPolicy(context.Background(), event.ResourceOwner)
|
||||
policy, err := u.orgEvents.GetOrgIAMPolicy(context.Background(), event.ResourceOwner)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@ -140,7 +140,7 @@ func (u *User) fillPreferredLoginNamesOnOrgUsers(event *models.Event) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
policy, err := u.orgEvents.GetOrgIamPolicy(context.Background(), event.ResourceOwner)
|
||||
policy, err := u.orgEvents.GetOrgIAMPolicy(context.Background(), event.ResourceOwner)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@ -162,7 +162,7 @@ func (u *User) fillLoginNames(user *view_model.UserView) (err error) {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
policy, err := u.orgEvents.GetOrgIamPolicy(context.Background(), user.ResourceOwner)
|
||||
policy, err := u.orgEvents.GetOrgIAMPolicy(context.Background(), user.ResourceOwner)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -28,7 +28,7 @@ type Config struct {
|
||||
type EsRepository struct {
|
||||
spooler *es_spol.Spooler
|
||||
eventstore.OrgRepo
|
||||
eventstore.IamRepository
|
||||
eventstore.IAMRepository
|
||||
eventstore.AdministratorRepo
|
||||
}
|
||||
|
||||
@ -38,7 +38,7 @@ func Start(ctx context.Context, conf Config, systemDefaults sd.SystemDefaults, r
|
||||
return nil, err
|
||||
}
|
||||
|
||||
iam, err := es_iam.StartIam(es_iam.IamConfig{
|
||||
iam, err := es_iam.StartIAM(es_iam.IAMConfig{
|
||||
Eventstore: es,
|
||||
Cache: conf.Eventstore.Cache,
|
||||
}, systemDefaults)
|
||||
@ -71,7 +71,7 @@ func Start(ctx context.Context, conf Config, systemDefaults sd.SystemDefaults, r
|
||||
return nil, err
|
||||
}
|
||||
|
||||
spool := spooler.StartSpooler(conf.Spooler, es, view, sqlClient, handler.EventstoreRepos{UserEvents: user, OrgEvents: org})
|
||||
spool := spooler.StartSpooler(conf.Spooler, es, view, sqlClient, handler.EventstoreRepos{UserEvents: user, OrgEvents: org, IamEvents: iam}, systemDefaults)
|
||||
|
||||
return &EsRepository{
|
||||
spooler: spool,
|
||||
@ -82,9 +82,11 @@ func Start(ctx context.Context, conf Config, systemDefaults sd.SystemDefaults, r
|
||||
PolicyEventstore: policy,
|
||||
View: view,
|
||||
SearchLimit: conf.SearchLimit,
|
||||
SystemDefaults: systemDefaults,
|
||||
},
|
||||
IamRepository: eventstore.IamRepository{
|
||||
IamEventstore: iam,
|
||||
IAMRepository: eventstore.IAMRepository{
|
||||
IAMEventstore: iam,
|
||||
OrgEvents: org,
|
||||
View: view,
|
||||
SystemDefaults: systemDefaults,
|
||||
SearchLimit: conf.SearchLimit,
|
||||
|
@ -2,6 +2,7 @@ package spooler
|
||||
|
||||
import (
|
||||
"database/sql"
|
||||
"github.com/caos/zitadel/internal/config/systemdefaults"
|
||||
|
||||
"github.com/caos/zitadel/internal/admin/repository/eventsourcing/handler"
|
||||
"github.com/caos/zitadel/internal/admin/repository/eventsourcing/view"
|
||||
@ -16,12 +17,12 @@ type SpoolerConfig struct {
|
||||
Handlers handler.Configs
|
||||
}
|
||||
|
||||
func StartSpooler(c SpoolerConfig, es eventstore.Eventstore, view *view.View, sql *sql.DB, repos handler.EventstoreRepos) *spooler.Spooler {
|
||||
func StartSpooler(c SpoolerConfig, es eventstore.Eventstore, view *view.View, sql *sql.DB, repos handler.EventstoreRepos, defaults systemdefaults.SystemDefaults) *spooler.Spooler {
|
||||
spoolerConfig := spooler.Config{
|
||||
Eventstore: es,
|
||||
Locker: &locker{dbClient: sql},
|
||||
ConcurrentWorkers: c.ConcurrentWorkers,
|
||||
ViewHandlers: handler.Register(c.Handlers, c.BulkLimit, c.FailureCountUntilSkip, view, es, repos),
|
||||
ViewHandlers: handler.Register(c.Handlers, c.BulkLimit, c.FailureCountUntilSkip, view, es, repos, defaults),
|
||||
}
|
||||
spool := spoolerConfig.New()
|
||||
spool.Start()
|
||||
|
@ -12,46 +12,46 @@ const (
|
||||
iamMemberTable = "adminapi.iam_members"
|
||||
)
|
||||
|
||||
func (v *View) IamMemberByIDs(orgID, userID string) (*model.IamMemberView, error) {
|
||||
return view.IamMemberByIDs(v.Db, iamMemberTable, orgID, userID)
|
||||
func (v *View) IAMMemberByIDs(orgID, userID string) (*model.IAMMemberView, error) {
|
||||
return view.IAMMemberByIDs(v.Db, iamMemberTable, orgID, userID)
|
||||
}
|
||||
|
||||
func (v *View) SearchIamMembers(request *iam_model.IamMemberSearchRequest) ([]*model.IamMemberView, uint64, error) {
|
||||
return view.SearchIamMembers(v.Db, iamMemberTable, request)
|
||||
func (v *View) SearchIAMMembers(request *iam_model.IAMMemberSearchRequest) ([]*model.IAMMemberView, uint64, error) {
|
||||
return view.SearchIAMMembers(v.Db, iamMemberTable, request)
|
||||
}
|
||||
|
||||
func (v *View) IamMembersByUserID(userID string) ([]*model.IamMemberView, error) {
|
||||
return view.IamMembersByUserID(v.Db, iamMemberTable, userID)
|
||||
func (v *View) IAMMembersByUserID(userID string) ([]*model.IAMMemberView, error) {
|
||||
return view.IAMMembersByUserID(v.Db, iamMemberTable, userID)
|
||||
}
|
||||
|
||||
func (v *View) PutIamMember(org *model.IamMemberView, sequence uint64) error {
|
||||
err := view.PutIamMember(v.Db, iamMemberTable, org)
|
||||
func (v *View) PutIAMMember(org *model.IAMMemberView, sequence uint64) error {
|
||||
err := view.PutIAMMember(v.Db, iamMemberTable, org)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedIamMemberSequence(sequence)
|
||||
return v.ProcessedIAMMemberSequence(sequence)
|
||||
}
|
||||
|
||||
func (v *View) DeleteIamMember(iamID, userID string, eventSequence uint64) error {
|
||||
err := view.DeleteIamMember(v.Db, iamMemberTable, iamID, userID)
|
||||
func (v *View) DeleteIAMMember(iamID, userID string, eventSequence uint64) error {
|
||||
err := view.DeleteIAMMember(v.Db, iamMemberTable, iamID, userID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedIamMemberSequence(eventSequence)
|
||||
return v.ProcessedIAMMemberSequence(eventSequence)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestIamMemberSequence() (*global_view.CurrentSequence, error) {
|
||||
func (v *View) GetLatestIAMMemberSequence() (*global_view.CurrentSequence, error) {
|
||||
return v.latestSequence(iamMemberTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedIamMemberSequence(eventSequence uint64) error {
|
||||
func (v *View) ProcessedIAMMemberSequence(eventSequence uint64) error {
|
||||
return v.saveCurrentSequence(iamMemberTable, eventSequence)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestIamMemberFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
|
||||
func (v *View) GetLatestIAMMemberFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
|
||||
return v.latestFailedEvent(iamMemberTable, sequence)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedIamMemberFailedEvent(failedEvent *global_view.FailedEvent) error {
|
||||
func (v *View) ProcessedIAMMemberFailedEvent(failedEvent *global_view.FailedEvent) error {
|
||||
return v.saveFailedEvent(failedEvent)
|
||||
}
|
||||
|
53
internal/admin/repository/eventsourcing/view/idp_configs.go
Normal file
53
internal/admin/repository/eventsourcing/view/idp_configs.go
Normal file
@ -0,0 +1,53 @@
|
||||
package view
|
||||
|
||||
import (
|
||||
"github.com/caos/zitadel/internal/errors"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
"github.com/caos/zitadel/internal/iam/repository/view"
|
||||
"github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
global_view "github.com/caos/zitadel/internal/view/repository"
|
||||
)
|
||||
|
||||
const (
|
||||
idpConfigTable = "adminapi.idp_configs"
|
||||
)
|
||||
|
||||
func (v *View) IDPConfigByID(idpID string) (*model.IDPConfigView, error) {
|
||||
return view.IDPByID(v.Db, idpConfigTable, idpID)
|
||||
}
|
||||
|
||||
func (v *View) SearchIDPConfigs(request *iam_model.IDPConfigSearchRequest) ([]*model.IDPConfigView, uint64, error) {
|
||||
return view.SearchIDPs(v.Db, idpConfigTable, request)
|
||||
}
|
||||
|
||||
func (v *View) PutIDPConfig(idp *model.IDPConfigView, sequence uint64) error {
|
||||
err := view.PutIDP(v.Db, idpConfigTable, idp)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedIDPConfigSequence(sequence)
|
||||
}
|
||||
|
||||
func (v *View) DeleteIDPConfig(idpID string, eventSequence uint64) error {
|
||||
err := view.DeleteIDP(v.Db, idpConfigTable, idpID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedIDPConfigSequence(eventSequence)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestIDPConfigSequence() (*global_view.CurrentSequence, error) {
|
||||
return v.latestSequence(idpConfigTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedIDPConfigSequence(eventSequence uint64) error {
|
||||
return v.saveCurrentSequence(idpConfigTable, eventSequence)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestIDPConfigFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
|
||||
return v.latestFailedEvent(idpConfigTable, sequence)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedIDPConfigFailedEvent(failedEvent *global_view.FailedEvent) error {
|
||||
return v.saveFailedEvent(failedEvent)
|
||||
}
|
@ -0,0 +1,65 @@
|
||||
package view
|
||||
|
||||
import (
|
||||
"github.com/caos/zitadel/internal/errors"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
"github.com/caos/zitadel/internal/iam/repository/view"
|
||||
"github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
global_view "github.com/caos/zitadel/internal/view/repository"
|
||||
)
|
||||
|
||||
const (
|
||||
idpProviderTable = "adminapi.idp_providers"
|
||||
)
|
||||
|
||||
func (v *View) IDPProviderByAggregateAndIdpConfigID(aggregateID, idpConfigID string) (*model.IDPProviderView, error) {
|
||||
return view.GetIDPProviderByAggregateIDAndConfigID(v.Db, idpProviderTable, aggregateID, idpConfigID)
|
||||
}
|
||||
|
||||
func (v *View) IDPProvidersByIdpConfigID(idpConfigID string) ([]*model.IDPProviderView, error) {
|
||||
return view.IDPProvidersByIdpConfigID(v.Db, idpProviderTable, idpConfigID)
|
||||
}
|
||||
|
||||
func (v *View) SearchIDPProviders(request *iam_model.IDPProviderSearchRequest) ([]*model.IDPProviderView, uint64, error) {
|
||||
return view.SearchIDPProviders(v.Db, idpProviderTable, request)
|
||||
}
|
||||
|
||||
func (v *View) PutIDPProvider(provider *model.IDPProviderView, sequence uint64) error {
|
||||
err := view.PutIDPProvider(v.Db, idpProviderTable, provider)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedIDPProviderSequence(sequence)
|
||||
}
|
||||
|
||||
func (v *View) PutIDPProviders(sequence uint64, providers ...*model.IDPProviderView) error {
|
||||
err := view.PutIDPProviders(v.Db, idpProviderTable, providers...)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedIDPProviderSequence(sequence)
|
||||
}
|
||||
|
||||
func (v *View) DeleteIDPProvider(aggregateID, idpConfigID string, eventSequence uint64) error {
|
||||
err := view.DeleteIDPProvider(v.Db, idpProviderTable, aggregateID, idpConfigID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedIDPProviderSequence(eventSequence)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestIDPProviderSequence() (*global_view.CurrentSequence, error) {
|
||||
return v.latestSequence(idpProviderTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedIDPProviderSequence(eventSequence uint64) error {
|
||||
return v.saveCurrentSequence(idpProviderTable, eventSequence)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestIDPProviderFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
|
||||
return v.latestFailedEvent(idpProviderTable, sequence)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedIDPProviderFailedEvent(failedEvent *global_view.FailedEvent) error {
|
||||
return v.saveFailedEvent(failedEvent)
|
||||
}
|
@ -0,0 +1,48 @@
|
||||
package view
|
||||
|
||||
import (
|
||||
"github.com/caos/zitadel/internal/errors"
|
||||
"github.com/caos/zitadel/internal/iam/repository/view"
|
||||
"github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
global_view "github.com/caos/zitadel/internal/view/repository"
|
||||
)
|
||||
|
||||
const (
|
||||
loginPolicyTable = "adminapi.login_policies"
|
||||
)
|
||||
|
||||
func (v *View) LoginPolicyByAggregateID(aggregateID string) (*model.LoginPolicyView, error) {
|
||||
return view.GetLoginPolicyByAggregateID(v.Db, loginPolicyTable, aggregateID)
|
||||
}
|
||||
|
||||
func (v *View) PutLoginPolicy(policy *model.LoginPolicyView, sequence uint64) error {
|
||||
err := view.PutLoginPolicy(v.Db, loginPolicyTable, policy)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedLoginPolicySequence(sequence)
|
||||
}
|
||||
|
||||
func (v *View) DeleteLoginPolicy(aggregateID string, eventSequence uint64) error {
|
||||
err := view.DeleteLoginPolicy(v.Db, loginPolicyTable, aggregateID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedLoginPolicySequence(eventSequence)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestLoginPolicySequence() (*global_view.CurrentSequence, error) {
|
||||
return v.latestSequence(loginPolicyTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedLoginPolicySequence(eventSequence uint64) error {
|
||||
return v.saveCurrentSequence(loginPolicyTable, eventSequence)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestLoginPolicyFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
|
||||
return v.latestFailedEvent(loginPolicyTable, sequence)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedLoginPolicyFailedEvent(failedEvent *global_view.FailedEvent) error {
|
||||
return v.saveFailedEvent(failedEvent)
|
||||
}
|
@ -5,11 +5,27 @@ import (
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
)
|
||||
|
||||
type IamRepository interface {
|
||||
SearchIamMembers(ctx context.Context, request *iam_model.IamMemberSearchRequest) (*iam_model.IamMemberSearchResponse, error)
|
||||
AddIamMember(ctx context.Context, member *iam_model.IamMember) (*iam_model.IamMember, error)
|
||||
ChangeIamMember(ctx context.Context, member *iam_model.IamMember) (*iam_model.IamMember, error)
|
||||
RemoveIamMember(ctx context.Context, userID string) error
|
||||
type IAMRepository interface {
|
||||
SearchIAMMembers(ctx context.Context, request *iam_model.IAMMemberSearchRequest) (*iam_model.IAMMemberSearchResponse, error)
|
||||
AddIAMMember(ctx context.Context, member *iam_model.IAMMember) (*iam_model.IAMMember, error)
|
||||
ChangeIAMMember(ctx context.Context, member *iam_model.IAMMember) (*iam_model.IAMMember, error)
|
||||
RemoveIAMMember(ctx context.Context, userID string) error
|
||||
|
||||
GetIamMemberRoles() []string
|
||||
GetIAMMemberRoles() []string
|
||||
|
||||
SearchIDPConfigs(ctx context.Context, request *iam_model.IDPConfigSearchRequest) (*iam_model.IDPConfigSearchResponse, error)
|
||||
IDPConfigByID(ctx context.Context, id string) (*iam_model.IDPConfigView, error)
|
||||
AddOIDCIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error)
|
||||
ChangeIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error)
|
||||
DeactivateIDPConfig(ctx context.Context, idpConfigID string) (*iam_model.IDPConfig, error)
|
||||
ReactivateIDPConfig(ctx context.Context, idpConfigID string) (*iam_model.IDPConfig, error)
|
||||
RemoveIDPConfig(ctx context.Context, idpConfigID string) error
|
||||
ChangeOidcIDPConfig(ctx context.Context, oidcConfig *iam_model.OIDCIDPConfig) (*iam_model.OIDCIDPConfig, error)
|
||||
|
||||
GetDefaultLoginPolicy(ctx context.Context) (*iam_model.LoginPolicyView, error)
|
||||
AddDefaultLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error)
|
||||
ChangeDefaultLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error)
|
||||
SearchDefaultIDPProviders(ctx context.Context, request *iam_model.IDPProviderSearchRequest) (*iam_model.IDPProviderSearchResponse, error)
|
||||
AddIDPProviderToLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) (*iam_model.IDPProvider, error)
|
||||
RemoveIDPProviderFromLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) error
|
||||
}
|
||||
|
@ -13,8 +13,8 @@ type OrgRepository interface {
|
||||
OrgByID(ctx context.Context, id string) (*org_model.Org, error)
|
||||
SearchOrgs(ctx context.Context, query *org_model.OrgSearchRequest) (*org_model.OrgSearchResult, error)
|
||||
|
||||
GetOrgIamPolicyByID(ctx context.Context, id string) (*org_model.OrgIamPolicy, error)
|
||||
CreateOrgIamPolicy(ctx context.Context, policy *org_model.OrgIamPolicy) (*org_model.OrgIamPolicy, error)
|
||||
ChangeOrgIamPolicy(ctx context.Context, policy *org_model.OrgIamPolicy) (*org_model.OrgIamPolicy, error)
|
||||
GetOrgIamPolicyByID(ctx context.Context, id string) (*org_model.OrgIAMPolicy, error)
|
||||
CreateOrgIamPolicy(ctx context.Context, policy *org_model.OrgIAMPolicy) (*org_model.OrgIAMPolicy, error)
|
||||
ChangeOrgIamPolicy(ctx context.Context, policy *org_model.OrgIAMPolicy) (*org_model.OrgIAMPolicy, error)
|
||||
RemoveOrgIamPolicy(ctx context.Context, id string) error
|
||||
}
|
||||
|
@ -5,6 +5,6 @@ import "context"
|
||||
type Repository interface {
|
||||
Health(ctx context.Context) error
|
||||
OrgRepository
|
||||
IamRepository
|
||||
IAMRepository
|
||||
AdministratorRepository
|
||||
}
|
||||
|
@ -32,7 +32,7 @@ type API struct {
|
||||
}
|
||||
type health interface {
|
||||
Health(ctx context.Context) error
|
||||
IamByID(ctx context.Context) (*iam_model.Iam, error)
|
||||
IamByID(ctx context.Context) (*iam_model.IAM, error)
|
||||
VerifierClientID(ctx context.Context, appName string) (string, error)
|
||||
}
|
||||
|
||||
|
@ -9,11 +9,11 @@ import (
|
||||
)
|
||||
|
||||
func (s *Server) GetIamMemberRoles(ctx context.Context, _ *empty.Empty) (*admin.IamMemberRoles, error) {
|
||||
return &admin.IamMemberRoles{Roles: s.iam.GetIamMemberRoles()}, nil
|
||||
return &admin.IamMemberRoles{Roles: s.iam.GetIAMMemberRoles()}, nil
|
||||
}
|
||||
|
||||
func (s *Server) SearchIamMembers(ctx context.Context, in *admin.IamMemberSearchRequest) (*admin.IamMemberSearchResponse, error) {
|
||||
members, err := s.iam.SearchIamMembers(ctx, iamMemberSearchRequestToModel(in))
|
||||
members, err := s.iam.SearchIAMMembers(ctx, iamMemberSearchRequestToModel(in))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -21,7 +21,7 @@ func (s *Server) SearchIamMembers(ctx context.Context, in *admin.IamMemberSearch
|
||||
}
|
||||
|
||||
func (s *Server) AddIamMember(ctx context.Context, member *admin.AddIamMemberRequest) (*admin.IamMember, error) {
|
||||
addedMember, err := s.iam.AddIamMember(ctx, addIamMemberToModel(member))
|
||||
addedMember, err := s.iam.AddIAMMember(ctx, addIamMemberToModel(member))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -30,7 +30,7 @@ func (s *Server) AddIamMember(ctx context.Context, member *admin.AddIamMemberReq
|
||||
}
|
||||
|
||||
func (s *Server) ChangeIamMember(ctx context.Context, member *admin.ChangeIamMemberRequest) (*admin.IamMember, error) {
|
||||
changedMember, err := s.iam.ChangeIamMember(ctx, changeIamMemberToModel(member))
|
||||
changedMember, err := s.iam.ChangeIAMMember(ctx, changeIamMemberToModel(member))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -38,6 +38,6 @@ func (s *Server) ChangeIamMember(ctx context.Context, member *admin.ChangeIamMem
|
||||
}
|
||||
|
||||
func (s *Server) RemoveIamMember(ctx context.Context, member *admin.RemoveIamMemberRequest) (*empty.Empty, error) {
|
||||
err := s.iam.RemoveIamMember(ctx, member.UserId)
|
||||
err := s.iam.RemoveIAMMember(ctx, member.UserId)
|
||||
return &empty.Empty{}, err
|
||||
}
|
||||
|
@ -9,8 +9,8 @@ import (
|
||||
"github.com/caos/zitadel/pkg/grpc/admin"
|
||||
)
|
||||
|
||||
func addIamMemberToModel(member *admin.AddIamMemberRequest) *iam_model.IamMember {
|
||||
memberModel := &iam_model.IamMember{
|
||||
func addIamMemberToModel(member *admin.AddIamMemberRequest) *iam_model.IAMMember {
|
||||
memberModel := &iam_model.IAMMember{
|
||||
UserID: member.UserId,
|
||||
}
|
||||
memberModel.Roles = member.Roles
|
||||
@ -18,8 +18,8 @@ func addIamMemberToModel(member *admin.AddIamMemberRequest) *iam_model.IamMember
|
||||
return memberModel
|
||||
}
|
||||
|
||||
func changeIamMemberToModel(member *admin.ChangeIamMemberRequest) *iam_model.IamMember {
|
||||
memberModel := &iam_model.IamMember{
|
||||
func changeIamMemberToModel(member *admin.ChangeIamMemberRequest) *iam_model.IAMMember {
|
||||
memberModel := &iam_model.IAMMember{
|
||||
UserID: member.UserId,
|
||||
}
|
||||
memberModel.Roles = member.Roles
|
||||
@ -27,7 +27,7 @@ func changeIamMemberToModel(member *admin.ChangeIamMemberRequest) *iam_model.Iam
|
||||
return memberModel
|
||||
}
|
||||
|
||||
func iamMemberFromModel(member *iam_model.IamMember) *admin.IamMember {
|
||||
func iamMemberFromModel(member *iam_model.IAMMember) *admin.IamMember {
|
||||
creationDate, err := ptypes.TimestampProto(member.CreationDate)
|
||||
logging.Log("GRPC-Lsp76").OnError(err).Debug("date parse failed")
|
||||
|
||||
@ -43,16 +43,16 @@ func iamMemberFromModel(member *iam_model.IamMember) *admin.IamMember {
|
||||
}
|
||||
}
|
||||
|
||||
func iamMemberSearchRequestToModel(request *admin.IamMemberSearchRequest) *iam_model.IamMemberSearchRequest {
|
||||
return &iam_model.IamMemberSearchRequest{
|
||||
func iamMemberSearchRequestToModel(request *admin.IamMemberSearchRequest) *iam_model.IAMMemberSearchRequest {
|
||||
return &iam_model.IAMMemberSearchRequest{
|
||||
Limit: request.Limit,
|
||||
Offset: request.Offset,
|
||||
Queries: iamMemberSearchQueriesToModel(request.Queries),
|
||||
}
|
||||
}
|
||||
|
||||
func iamMemberSearchQueriesToModel(queries []*admin.IamMemberSearchQuery) []*iam_model.IamMemberSearchQuery {
|
||||
modelQueries := make([]*iam_model.IamMemberSearchQuery, len(queries))
|
||||
func iamMemberSearchQueriesToModel(queries []*admin.IamMemberSearchQuery) []*iam_model.IAMMemberSearchQuery {
|
||||
modelQueries := make([]*iam_model.IAMMemberSearchQuery, len(queries))
|
||||
for i, query := range queries {
|
||||
modelQueries[i] = iamMemberSearchQueryToModel(query)
|
||||
}
|
||||
@ -60,30 +60,30 @@ func iamMemberSearchQueriesToModel(queries []*admin.IamMemberSearchQuery) []*iam
|
||||
return modelQueries
|
||||
}
|
||||
|
||||
func iamMemberSearchQueryToModel(query *admin.IamMemberSearchQuery) *iam_model.IamMemberSearchQuery {
|
||||
return &iam_model.IamMemberSearchQuery{
|
||||
func iamMemberSearchQueryToModel(query *admin.IamMemberSearchQuery) *iam_model.IAMMemberSearchQuery {
|
||||
return &iam_model.IAMMemberSearchQuery{
|
||||
Key: iamMemberSearchKeyToModel(query.Key),
|
||||
Method: iamMemberSearchMethodToModel(query.Method),
|
||||
Method: searchMethodToModel(query.Method),
|
||||
Value: query.Value,
|
||||
}
|
||||
}
|
||||
|
||||
func iamMemberSearchKeyToModel(key admin.IamMemberSearchKey) iam_model.IamMemberSearchKey {
|
||||
func iamMemberSearchKeyToModel(key admin.IamMemberSearchKey) iam_model.IAMMemberSearchKey {
|
||||
switch key {
|
||||
case admin.IamMemberSearchKey_IAMMEMBERSEARCHKEY_EMAIL:
|
||||
return iam_model.IamMemberSearchKeyEmail
|
||||
return iam_model.IAMMemberSearchKeyEmail
|
||||
case admin.IamMemberSearchKey_IAMMEMBERSEARCHKEY_FIRST_NAME:
|
||||
return iam_model.IamMemberSearchKeyFirstName
|
||||
return iam_model.IAMMemberSearchKeyFirstName
|
||||
case admin.IamMemberSearchKey_IAMMEMBERSEARCHKEY_LAST_NAME:
|
||||
return iam_model.IamMemberSearchKeyLastName
|
||||
return iam_model.IAMMemberSearchKeyLastName
|
||||
case admin.IamMemberSearchKey_IAMMEMBERSEARCHKEY_USER_ID:
|
||||
return iam_model.IamMemberSearchKeyUserID
|
||||
return iam_model.IAMMemberSearchKeyUserID
|
||||
default:
|
||||
return iam_model.IamMemberSearchKeyUnspecified
|
||||
return iam_model.IAMMemberSearchKeyUnspecified
|
||||
}
|
||||
}
|
||||
|
||||
func iamMemberSearchMethodToModel(key admin.SearchMethod) model.SearchMethod {
|
||||
func searchMethodToModel(key admin.SearchMethod) model.SearchMethod {
|
||||
switch key {
|
||||
case admin.SearchMethod_SEARCHMETHOD_CONTAINS:
|
||||
return model.SearchMethodContains
|
||||
@ -102,7 +102,7 @@ func iamMemberSearchMethodToModel(key admin.SearchMethod) model.SearchMethod {
|
||||
}
|
||||
}
|
||||
|
||||
func iamMemberSearchResponseFromModel(resp *iam_model.IamMemberSearchResponse) *admin.IamMemberSearchResponse {
|
||||
func iamMemberSearchResponseFromModel(resp *iam_model.IAMMemberSearchResponse) *admin.IamMemberSearchResponse {
|
||||
timestamp, err := ptypes.TimestampProto(resp.Timestamp)
|
||||
logging.Log("GRPC-5shu8").OnError(err).Debug("date parse failed")
|
||||
return &admin.IamMemberSearchResponse{
|
||||
@ -114,7 +114,7 @@ func iamMemberSearchResponseFromModel(resp *iam_model.IamMemberSearchResponse) *
|
||||
ViewTimestamp: timestamp,
|
||||
}
|
||||
}
|
||||
func iamMembersFromView(viewMembers []*iam_model.IamMemberView) []*admin.IamMemberView {
|
||||
func iamMembersFromView(viewMembers []*iam_model.IAMMemberView) []*admin.IamMemberView {
|
||||
members := make([]*admin.IamMemberView, len(viewMembers))
|
||||
|
||||
for i, member := range viewMembers {
|
||||
@ -124,7 +124,7 @@ func iamMembersFromView(viewMembers []*iam_model.IamMemberView) []*admin.IamMemb
|
||||
return members
|
||||
}
|
||||
|
||||
func iamMemberFromView(member *iam_model.IamMemberView) *admin.IamMemberView {
|
||||
func iamMemberFromView(member *iam_model.IAMMemberView) *admin.IamMemberView {
|
||||
changeDate, err := ptypes.TimestampProto(member.ChangeDate)
|
||||
logging.Log("GRPC-Lso9c").OnError(err).Debug("unable to parse changedate")
|
||||
creationDate, err := ptypes.TimestampProto(member.CreationDate)
|
||||
|
69
internal/api/grpc/admin/idp_config.go
Normal file
69
internal/api/grpc/admin/idp_config.go
Normal file
@ -0,0 +1,69 @@
|
||||
package admin
|
||||
|
||||
import (
|
||||
"context"
|
||||
"github.com/golang/protobuf/ptypes/empty"
|
||||
|
||||
"github.com/caos/zitadel/pkg/grpc/admin"
|
||||
)
|
||||
|
||||
func (s *Server) IdpByID(ctx context.Context, id *admin.IdpID) (*admin.IdpView, error) {
|
||||
config, err := s.iam.IDPConfigByID(ctx, id.Id)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return idpViewFromModel(config), nil
|
||||
}
|
||||
|
||||
func (s *Server) CreateOidcIdp(ctx context.Context, oidcIdpConfig *admin.OidcIdpConfigCreate) (*admin.Idp, error) {
|
||||
config, err := s.iam.AddOIDCIDPConfig(ctx, createOidcIdpToModel(oidcIdpConfig))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return idpFromModel(config), nil
|
||||
}
|
||||
|
||||
func (s *Server) UpdateIdpConfig(ctx context.Context, idpConfig *admin.IdpUpdate) (*admin.Idp, error) {
|
||||
config, err := s.iam.ChangeIDPConfig(ctx, updateIdpToModel(idpConfig))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return idpFromModel(config), nil
|
||||
}
|
||||
|
||||
func (s *Server) DeactivateIdpConfig(ctx context.Context, id *admin.IdpID) (*admin.Idp, error) {
|
||||
config, err := s.iam.DeactivateIDPConfig(ctx, id.Id)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return idpFromModel(config), nil
|
||||
}
|
||||
|
||||
func (s *Server) ReactivateIdpConfig(ctx context.Context, id *admin.IdpID) (*admin.Idp, error) {
|
||||
config, err := s.iam.ReactivateIDPConfig(ctx, id.Id)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return idpFromModel(config), nil
|
||||
}
|
||||
|
||||
func (s *Server) RemoveIdpConfig(ctx context.Context, id *admin.IdpID) (*empty.Empty, error) {
|
||||
err := s.iam.RemoveIDPConfig(ctx, id.Id)
|
||||
return &empty.Empty{}, err
|
||||
}
|
||||
|
||||
func (s *Server) UpdateOidcIdpConfig(ctx context.Context, request *admin.OidcIdpConfigUpdate) (*admin.OidcIdpConfig, error) {
|
||||
config, err := s.iam.ChangeOidcIDPConfig(ctx, updateOidcIdpToModel(request))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return oidcIdpConfigFromModel(config), nil
|
||||
}
|
||||
|
||||
func (s *Server) SearchIdps(ctx context.Context, request *admin.IdpSearchRequest) (*admin.IdpSearchResponse, error) {
|
||||
response, err := s.iam.SearchIDPConfigs(ctx, idpConfigSearchRequestToModel(request))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return idpConfigSearchResponseFromModel(response), nil
|
||||
}
|
180
internal/api/grpc/admin/idp_config_converter.go
Normal file
180
internal/api/grpc/admin/idp_config_converter.go
Normal file
@ -0,0 +1,180 @@
|
||||
package admin
|
||||
|
||||
import (
|
||||
"github.com/caos/logging"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
"github.com/caos/zitadel/pkg/grpc/admin"
|
||||
"github.com/golang/protobuf/ptypes"
|
||||
)
|
||||
|
||||
func createOidcIdpToModel(idp *admin.OidcIdpConfigCreate) *iam_model.IDPConfig {
|
||||
return &iam_model.IDPConfig{
|
||||
Name: idp.Name,
|
||||
LogoSrc: idp.LogoSrc,
|
||||
Type: iam_model.IDPConfigTypeOIDC,
|
||||
OIDCConfig: &iam_model.OIDCIDPConfig{
|
||||
ClientID: idp.ClientId,
|
||||
ClientSecretString: idp.ClientSecret,
|
||||
Issuer: idp.Issuer,
|
||||
Scopes: idp.Scopes,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func updateIdpToModel(idp *admin.IdpUpdate) *iam_model.IDPConfig {
|
||||
return &iam_model.IDPConfig{
|
||||
IDPConfigID: idp.Id,
|
||||
Name: idp.Name,
|
||||
LogoSrc: idp.LogoSrc,
|
||||
}
|
||||
}
|
||||
|
||||
func updateOidcIdpToModel(idp *admin.OidcIdpConfigUpdate) *iam_model.OIDCIDPConfig {
|
||||
return &iam_model.OIDCIDPConfig{
|
||||
IDPConfigID: idp.IdpId,
|
||||
ClientID: idp.ClientId,
|
||||
ClientSecretString: idp.ClientSecret,
|
||||
Issuer: idp.Issuer,
|
||||
Scopes: idp.Scopes,
|
||||
}
|
||||
}
|
||||
|
||||
func idpFromModel(idp *iam_model.IDPConfig) *admin.Idp {
|
||||
creationDate, err := ptypes.TimestampProto(idp.CreationDate)
|
||||
logging.Log("GRPC-8dju8").OnError(err).Debug("date parse failed")
|
||||
|
||||
changeDate, err := ptypes.TimestampProto(idp.ChangeDate)
|
||||
logging.Log("GRPC-Dsj8i").OnError(err).Debug("date parse failed")
|
||||
|
||||
return &admin.Idp{
|
||||
Id: idp.IDPConfigID,
|
||||
CreationDate: creationDate,
|
||||
ChangeDate: changeDate,
|
||||
Sequence: idp.Sequence,
|
||||
Name: idp.Name,
|
||||
LogoSrc: idp.LogoSrc,
|
||||
State: idpConfigStateFromModel(idp.State),
|
||||
IdpConfig: idpConfigFromModel(idp),
|
||||
}
|
||||
}
|
||||
|
||||
func idpViewFromModel(idp *iam_model.IDPConfigView) *admin.IdpView {
|
||||
creationDate, err := ptypes.TimestampProto(idp.CreationDate)
|
||||
logging.Log("GRPC-8dju8").OnError(err).Debug("date parse failed")
|
||||
|
||||
changeDate, err := ptypes.TimestampProto(idp.ChangeDate)
|
||||
logging.Log("GRPC-Dsj8i").OnError(err).Debug("date parse failed")
|
||||
|
||||
return &admin.IdpView{
|
||||
Id: idp.IDPConfigID,
|
||||
CreationDate: creationDate,
|
||||
ChangeDate: changeDate,
|
||||
Sequence: idp.Sequence,
|
||||
Name: idp.Name,
|
||||
LogoSrc: idp.LogoSrc,
|
||||
State: idpConfigStateFromModel(idp.State),
|
||||
IdpConfigView: idpConfigViewFromModel(idp),
|
||||
}
|
||||
}
|
||||
|
||||
func idpConfigFromModel(idp *iam_model.IDPConfig) *admin.Idp_OidcConfig {
|
||||
if idp.Type == iam_model.IDPConfigTypeOIDC {
|
||||
return &admin.Idp_OidcConfig{
|
||||
OidcConfig: oidcIdpConfigFromModel(idp.OIDCConfig),
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func oidcIdpConfigFromModel(idp *iam_model.OIDCIDPConfig) *admin.OidcIdpConfig {
|
||||
return &admin.OidcIdpConfig{
|
||||
ClientId: idp.ClientID,
|
||||
Issuer: idp.Issuer,
|
||||
Scopes: idp.Scopes,
|
||||
}
|
||||
}
|
||||
|
||||
func idpConfigViewFromModel(idp *iam_model.IDPConfigView) *admin.IdpView_OidcConfig {
|
||||
if idp.IsOIDC {
|
||||
return &admin.IdpView_OidcConfig{
|
||||
OidcConfig: oidcIdpConfigViewFromModel(idp),
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func oidcIdpConfigViewFromModel(idp *iam_model.IDPConfigView) *admin.OidcIdpConfigView {
|
||||
return &admin.OidcIdpConfigView{
|
||||
ClientId: idp.OIDCClientID,
|
||||
Issuer: idp.OIDCIssuer,
|
||||
Scopes: idp.OIDCScopes,
|
||||
}
|
||||
}
|
||||
|
||||
func idpConfigStateFromModel(state iam_model.IDPConfigState) admin.IdpState {
|
||||
switch state {
|
||||
case iam_model.IDPConfigStateActive:
|
||||
return admin.IdpState_IDPCONFIGSTATE_ACTIVE
|
||||
case iam_model.IDPConfigStateInactive:
|
||||
return admin.IdpState_IDPCONFIGSTATE_INACTIVE
|
||||
default:
|
||||
return admin.IdpState_IDPCONFIGSTATE_UNSPECIFIED
|
||||
}
|
||||
}
|
||||
|
||||
func idpConfigSearchRequestToModel(request *admin.IdpSearchRequest) *iam_model.IDPConfigSearchRequest {
|
||||
return &iam_model.IDPConfigSearchRequest{
|
||||
Limit: request.Limit,
|
||||
Offset: request.Offset,
|
||||
Queries: idpConfigSearchQueriesToModel(request.Queries),
|
||||
}
|
||||
}
|
||||
|
||||
func idpConfigSearchQueriesToModel(queries []*admin.IdpSearchQuery) []*iam_model.IDPConfigSearchQuery {
|
||||
modelQueries := make([]*iam_model.IDPConfigSearchQuery, len(queries))
|
||||
for i, query := range queries {
|
||||
modelQueries[i] = idpConfigSearchQueryToModel(query)
|
||||
}
|
||||
|
||||
return modelQueries
|
||||
}
|
||||
|
||||
func idpConfigSearchQueryToModel(query *admin.IdpSearchQuery) *iam_model.IDPConfigSearchQuery {
|
||||
return &iam_model.IDPConfigSearchQuery{
|
||||
Key: idpConfigSearchKeyToModel(query.Key),
|
||||
Method: searchMethodToModel(query.Method),
|
||||
Value: query.Value,
|
||||
}
|
||||
}
|
||||
|
||||
func idpConfigSearchKeyToModel(key admin.IdpSearchKey) iam_model.IDPConfigSearchKey {
|
||||
switch key {
|
||||
case admin.IdpSearchKey_IDPSEARCHKEY_IDP_CONFIG_ID:
|
||||
return iam_model.IDPConfigSearchKeyIdpConfigID
|
||||
case admin.IdpSearchKey_IDPSEARCHKEY_NAME:
|
||||
return iam_model.IDPConfigSearchKeyName
|
||||
default:
|
||||
return iam_model.IDPConfigSearchKeyUnspecified
|
||||
}
|
||||
}
|
||||
|
||||
func idpConfigSearchResponseFromModel(resp *iam_model.IDPConfigSearchResponse) *admin.IdpSearchResponse {
|
||||
timestamp, err := ptypes.TimestampProto(resp.Timestamp)
|
||||
logging.Log("GRPC-KSi8c").OnError(err).Debug("date parse failed")
|
||||
return &admin.IdpSearchResponse{
|
||||
Limit: resp.Limit,
|
||||
Offset: resp.Offset,
|
||||
TotalResult: resp.TotalResult,
|
||||
Result: idpConfigsFromView(resp.Result),
|
||||
ProcessedSequence: resp.Sequence,
|
||||
ViewTimestamp: timestamp,
|
||||
}
|
||||
}
|
||||
|
||||
func idpConfigsFromView(viewIdps []*iam_model.IDPConfigView) []*admin.IdpView {
|
||||
idps := make([]*admin.IdpView, len(viewIdps))
|
||||
for i, idp := range viewIdps {
|
||||
idps[i] = idpViewFromModel(idp)
|
||||
}
|
||||
return idps
|
||||
}
|
44
internal/api/grpc/admin/login_policy.go
Normal file
44
internal/api/grpc/admin/login_policy.go
Normal file
@ -0,0 +1,44 @@
|
||||
package admin
|
||||
|
||||
import (
|
||||
"context"
|
||||
"github.com/caos/zitadel/pkg/grpc/admin"
|
||||
"github.com/golang/protobuf/ptypes/empty"
|
||||
)
|
||||
|
||||
func (s *Server) GetDefaultLoginPolicy(ctx context.Context, _ *empty.Empty) (*admin.DefaultLoginPolicyView, error) {
|
||||
result, err := s.iam.GetDefaultLoginPolicy(ctx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return loginPolicyViewFromModel(result), nil
|
||||
}
|
||||
|
||||
func (s *Server) UpdateDefaultLoginPolicy(ctx context.Context, policy *admin.DefaultLoginPolicy) (*admin.DefaultLoginPolicy, error) {
|
||||
result, err := s.iam.ChangeDefaultLoginPolicy(ctx, loginPolicyToModel(policy))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return loginPolicyFromModel(result), nil
|
||||
}
|
||||
|
||||
func (s *Server) GetDefaultLoginPolicyIdpProviders(ctx context.Context, request *admin.IdpProviderSearchRequest) (*admin.IdpProviderSearchResponse, error) {
|
||||
result, err := s.iam.SearchDefaultIDPProviders(ctx, idpProviderSearchRequestToModel(request))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return idpProviderSearchResponseFromModel(result), nil
|
||||
}
|
||||
|
||||
func (s *Server) AddIdpProviderToDefaultLoginPolicy(ctx context.Context, provider *admin.IdpProviderID) (*admin.IdpProviderID, error) {
|
||||
result, err := s.iam.AddIDPProviderToLoginPolicy(ctx, idpProviderToModel(provider))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return idpProviderFromModel(result), nil
|
||||
}
|
||||
|
||||
func (s *Server) RemoveIdpProviderFromDefaultLoginPolicy(ctx context.Context, provider *admin.IdpProviderID) (*empty.Empty, error) {
|
||||
err := s.iam.RemoveIDPProviderFromLoginPolicy(ctx, idpProviderToModel(provider))
|
||||
return &empty.Empty{}, err
|
||||
}
|
87
internal/api/grpc/admin/login_policy_converter.go
Normal file
87
internal/api/grpc/admin/login_policy_converter.go
Normal file
@ -0,0 +1,87 @@
|
||||
package admin
|
||||
|
||||
import (
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
"github.com/caos/zitadel/pkg/grpc/admin"
|
||||
)
|
||||
|
||||
func loginPolicyToModel(policy *admin.DefaultLoginPolicy) *iam_model.LoginPolicy {
|
||||
return &iam_model.LoginPolicy{
|
||||
AllowUsernamePassword: policy.AllowUsernamePassword,
|
||||
AllowExternalIdp: policy.AllowExternalIdp,
|
||||
AllowRegister: policy.AllowRegister,
|
||||
}
|
||||
}
|
||||
|
||||
func loginPolicyFromModel(policy *iam_model.LoginPolicy) *admin.DefaultLoginPolicy {
|
||||
return &admin.DefaultLoginPolicy{
|
||||
AllowUsernamePassword: policy.AllowUsernamePassword,
|
||||
AllowExternalIdp: policy.AllowExternalIdp,
|
||||
AllowRegister: policy.AllowRegister,
|
||||
}
|
||||
}
|
||||
|
||||
func loginPolicyViewFromModel(policy *iam_model.LoginPolicyView) *admin.DefaultLoginPolicyView {
|
||||
return &admin.DefaultLoginPolicyView{
|
||||
AllowUsernamePassword: policy.AllowUsernamePassword,
|
||||
AllowExternalIdp: policy.AllowExternalIDP,
|
||||
AllowRegister: policy.AllowRegister,
|
||||
}
|
||||
}
|
||||
|
||||
func idpProviderSearchRequestToModel(request *admin.IdpProviderSearchRequest) *iam_model.IDPProviderSearchRequest {
|
||||
return &iam_model.IDPProviderSearchRequest{
|
||||
Limit: request.Limit,
|
||||
Offset: request.Offset,
|
||||
}
|
||||
}
|
||||
|
||||
func idpProviderSearchResponseFromModel(response *iam_model.IDPProviderSearchResponse) *admin.IdpProviderSearchResponse {
|
||||
return &admin.IdpProviderSearchResponse{
|
||||
Limit: response.Limit,
|
||||
Offset: response.Offset,
|
||||
TotalResult: response.TotalResult,
|
||||
Result: idpProviderViewsFromModel(response.Result),
|
||||
}
|
||||
}
|
||||
|
||||
func idpProviderToModel(provider *admin.IdpProviderID) *iam_model.IDPProvider {
|
||||
return &iam_model.IDPProvider{
|
||||
IdpConfigID: provider.IdpConfigId,
|
||||
Type: iam_model.IDPProviderTypeSystem,
|
||||
}
|
||||
}
|
||||
|
||||
func idpProviderFromModel(provider *iam_model.IDPProvider) *admin.IdpProviderID {
|
||||
return &admin.IdpProviderID{
|
||||
IdpConfigId: provider.IdpConfigID,
|
||||
}
|
||||
}
|
||||
|
||||
func idpProviderViewsFromModel(providers []*iam_model.IDPProviderView) []*admin.IdpProviderView {
|
||||
converted := make([]*admin.IdpProviderView, len(providers))
|
||||
for i, provider := range providers {
|
||||
converted[i] = idpProviderViewFromModel(provider)
|
||||
}
|
||||
|
||||
return converted
|
||||
}
|
||||
|
||||
func idpProviderViewFromModel(provider *iam_model.IDPProviderView) *admin.IdpProviderView {
|
||||
return &admin.IdpProviderView{
|
||||
IdpConfigId: provider.IDPConfigID,
|
||||
Name: provider.Name,
|
||||
Type: idpConfigTypeToModel(provider.IDPConfigType),
|
||||
}
|
||||
}
|
||||
|
||||
func idpConfigTypeToModel(providerType iam_model.IdpConfigType) admin.IdpType {
|
||||
switch providerType {
|
||||
case iam_model.IDPConfigTypeOIDC:
|
||||
return admin.IdpType_IDPTYPE_OIDC
|
||||
case iam_model.IDPConfigTypeSAML:
|
||||
return admin.IdpType_IDPTYPE_SAML
|
||||
default:
|
||||
return admin.IdpType_IDPTYPE_UNSPECIFIED
|
||||
}
|
||||
}
|
@ -269,7 +269,7 @@ func orgQueryMethodToModel(method admin.OrgSearchMethod) model.SearchMethod {
|
||||
}
|
||||
}
|
||||
|
||||
func orgIamPolicyFromModel(policy *org_model.OrgIamPolicy) *admin.OrgIamPolicy {
|
||||
func orgIamPolicyFromModel(policy *org_model.OrgIAMPolicy) *admin.OrgIamPolicy {
|
||||
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
|
||||
logging.Log("GRPC-ush36").OnError(err).Debug("unable to get timestamp from time")
|
||||
|
||||
@ -286,8 +286,8 @@ func orgIamPolicyFromModel(policy *org_model.OrgIamPolicy) *admin.OrgIamPolicy {
|
||||
}
|
||||
}
|
||||
|
||||
func orgIamPolicyRequestToModel(policy *admin.OrgIamPolicyRequest) *org_model.OrgIamPolicy {
|
||||
return &org_model.OrgIamPolicy{
|
||||
func orgIamPolicyRequestToModel(policy *admin.OrgIamPolicyRequest) *org_model.OrgIAMPolicy {
|
||||
return &org_model.OrgIAMPolicy{
|
||||
ObjectRoot: models.ObjectRoot{
|
||||
AggregateID: policy.OrgId,
|
||||
},
|
||||
|
@ -18,7 +18,7 @@ var _ admin.AdminServiceServer = (*Server)(nil)
|
||||
|
||||
type Server struct {
|
||||
org repository.OrgRepository
|
||||
iam repository.IamRepository
|
||||
iam repository.IAMRepository
|
||||
administrator repository.AdministratorRepository
|
||||
repo repository.Repository
|
||||
}
|
||||
|
@ -9,7 +9,7 @@ import (
|
||||
)
|
||||
|
||||
func (s *Server) GetIam(ctx context.Context, _ *empty.Empty) (*management.Iam, error) {
|
||||
iam, err := s.iam.IamByID(ctx, s.systemDefaults.IamID)
|
||||
iam, err := s.iam.IAMByID(ctx, s.systemDefaults.IamID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -5,9 +5,9 @@ import (
|
||||
"github.com/caos/zitadel/pkg/grpc/management"
|
||||
)
|
||||
|
||||
func iamFromModel(iam *iam_model.Iam) *management.Iam {
|
||||
func iamFromModel(iam *iam_model.IAM) *management.Iam {
|
||||
return &management.Iam{
|
||||
IamProjectId: iam.IamProjectID,
|
||||
IamProjectId: iam.IAMProjectID,
|
||||
GlobalOrgId: iam.GlobalOrgID,
|
||||
SetUpDone: iam.SetUpDone,
|
||||
SetUpStarted: iam.SetUpStarted,
|
||||
|
69
internal/api/grpc/management/idp_config.go
Normal file
69
internal/api/grpc/management/idp_config.go
Normal file
@ -0,0 +1,69 @@
|
||||
package management
|
||||
|
||||
import (
|
||||
"context"
|
||||
"github.com/golang/protobuf/ptypes/empty"
|
||||
|
||||
"github.com/caos/zitadel/pkg/grpc/management"
|
||||
)
|
||||
|
||||
func (s *Server) IdpByID(ctx context.Context, id *management.IdpID) (*management.IdpView, error) {
|
||||
config, err := s.org.IDPConfigByID(ctx, id.Id)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return idpViewFromModel(config), nil
|
||||
}
|
||||
|
||||
func (s *Server) CreateOidcIdp(ctx context.Context, oidcIdpConfig *management.OidcIdpConfigCreate) (*management.Idp, error) {
|
||||
config, err := s.org.AddOIDCIDPConfig(ctx, createOidcIdpToModel(oidcIdpConfig))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return idpFromModel(config), nil
|
||||
}
|
||||
|
||||
func (s *Server) UpdateIdpConfig(ctx context.Context, idpConfig *management.IdpUpdate) (*management.Idp, error) {
|
||||
config, err := s.org.ChangeIDPConfig(ctx, updateIdpToModel(idpConfig))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return idpFromModel(config), nil
|
||||
}
|
||||
|
||||
func (s *Server) DeactivateIdpConfig(ctx context.Context, id *management.IdpID) (*management.Idp, error) {
|
||||
config, err := s.org.DeactivateIDPConfig(ctx, id.Id)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return idpFromModel(config), nil
|
||||
}
|
||||
|
||||
func (s *Server) ReactivateIdpConfig(ctx context.Context, id *management.IdpID) (*management.Idp, error) {
|
||||
config, err := s.org.ReactivateIDPConfig(ctx, id.Id)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return idpFromModel(config), nil
|
||||
}
|
||||
|
||||
func (s *Server) RemoveIdpConfig(ctx context.Context, id *management.IdpID) (*empty.Empty, error) {
|
||||
err := s.org.RemoveIDPConfig(ctx, id.Id)
|
||||
return &empty.Empty{}, err
|
||||
}
|
||||
|
||||
func (s *Server) UpdateOidcIdpConfig(ctx context.Context, request *management.OidcIdpConfigUpdate) (*management.OidcIdpConfig, error) {
|
||||
config, err := s.org.ChangeOIDCIDPConfig(ctx, updateOidcIdpToModel(request))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return oidcIdpConfigFromModel(config), nil
|
||||
}
|
||||
|
||||
func (s *Server) SearchIdps(ctx context.Context, request *management.IdpSearchRequest) (*management.IdpSearchResponse, error) {
|
||||
response, err := s.org.SearchIDPConfigs(ctx, idpConfigSearchRequestToModel(request))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return idpConfigSearchResponseFromModel(response), nil
|
||||
}
|
183
internal/api/grpc/management/idp_config_converter.go
Normal file
183
internal/api/grpc/management/idp_config_converter.go
Normal file
@ -0,0 +1,183 @@
|
||||
package management
|
||||
|
||||
import (
|
||||
"github.com/caos/logging"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
"github.com/caos/zitadel/pkg/grpc/management"
|
||||
"github.com/golang/protobuf/ptypes"
|
||||
)
|
||||
|
||||
func createOidcIdpToModel(idp *management.OidcIdpConfigCreate) *iam_model.IDPConfig {
|
||||
return &iam_model.IDPConfig{
|
||||
Name: idp.Name,
|
||||
LogoSrc: idp.LogoSrc,
|
||||
Type: iam_model.IDPConfigTypeOIDC,
|
||||
OIDCConfig: &iam_model.OIDCIDPConfig{
|
||||
ClientID: idp.ClientId,
|
||||
ClientSecretString: idp.ClientSecret,
|
||||
Issuer: idp.Issuer,
|
||||
Scopes: idp.Scopes,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func updateIdpToModel(idp *management.IdpUpdate) *iam_model.IDPConfig {
|
||||
return &iam_model.IDPConfig{
|
||||
IDPConfigID: idp.Id,
|
||||
Name: idp.Name,
|
||||
LogoSrc: idp.LogoSrc,
|
||||
}
|
||||
}
|
||||
|
||||
func updateOidcIdpToModel(idp *management.OidcIdpConfigUpdate) *iam_model.OIDCIDPConfig {
|
||||
return &iam_model.OIDCIDPConfig{
|
||||
IDPConfigID: idp.IdpId,
|
||||
ClientID: idp.ClientId,
|
||||
ClientSecretString: idp.ClientSecret,
|
||||
Issuer: idp.Issuer,
|
||||
Scopes: idp.Scopes,
|
||||
}
|
||||
}
|
||||
|
||||
func idpFromModel(idp *iam_model.IDPConfig) *management.Idp {
|
||||
creationDate, err := ptypes.TimestampProto(idp.CreationDate)
|
||||
logging.Log("GRPC-8dju8").OnError(err).Debug("date parse failed")
|
||||
|
||||
changeDate, err := ptypes.TimestampProto(idp.ChangeDate)
|
||||
logging.Log("GRPC-Dsj8i").OnError(err).Debug("date parse failed")
|
||||
|
||||
return &management.Idp{
|
||||
Id: idp.IDPConfigID,
|
||||
CreationDate: creationDate,
|
||||
ChangeDate: changeDate,
|
||||
Sequence: idp.Sequence,
|
||||
Name: idp.Name,
|
||||
LogoSrc: idp.LogoSrc,
|
||||
State: idpConfigStateFromModel(idp.State),
|
||||
IdpConfig: idpConfigFromModel(idp),
|
||||
}
|
||||
}
|
||||
|
||||
func idpViewFromModel(idp *iam_model.IDPConfigView) *management.IdpView {
|
||||
creationDate, err := ptypes.TimestampProto(idp.CreationDate)
|
||||
logging.Log("GRPC-8dju8").OnError(err).Debug("date parse failed")
|
||||
|
||||
changeDate, err := ptypes.TimestampProto(idp.ChangeDate)
|
||||
logging.Log("GRPC-Dsj8i").OnError(err).Debug("date parse failed")
|
||||
|
||||
return &management.IdpView{
|
||||
Id: idp.IDPConfigID,
|
||||
CreationDate: creationDate,
|
||||
ChangeDate: changeDate,
|
||||
Sequence: idp.Sequence,
|
||||
ProviderType: idpProviderTypeFromModel(idp.IDPProviderType),
|
||||
Name: idp.Name,
|
||||
LogoSrc: idp.LogoSrc,
|
||||
State: idpConfigStateFromModel(idp.State),
|
||||
IdpConfigView: idpConfigViewFromModel(idp),
|
||||
}
|
||||
}
|
||||
|
||||
func idpConfigFromModel(idp *iam_model.IDPConfig) *management.Idp_OidcConfig {
|
||||
if idp.Type == iam_model.IDPConfigTypeOIDC {
|
||||
return &management.Idp_OidcConfig{
|
||||
OidcConfig: oidcIdpConfigFromModel(idp.OIDCConfig),
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func oidcIdpConfigFromModel(idp *iam_model.OIDCIDPConfig) *management.OidcIdpConfig {
|
||||
return &management.OidcIdpConfig{
|
||||
ClientId: idp.ClientID,
|
||||
Issuer: idp.Issuer,
|
||||
Scopes: idp.Scopes,
|
||||
}
|
||||
}
|
||||
|
||||
func idpConfigViewFromModel(idp *iam_model.IDPConfigView) *management.IdpView_OidcConfig {
|
||||
if idp.IsOIDC {
|
||||
return &management.IdpView_OidcConfig{
|
||||
OidcConfig: oidcIdpConfigViewFromModel(idp),
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func oidcIdpConfigViewFromModel(idp *iam_model.IDPConfigView) *management.OidcIdpConfigView {
|
||||
return &management.OidcIdpConfigView{
|
||||
ClientId: idp.OIDCClientID,
|
||||
Issuer: idp.OIDCIssuer,
|
||||
Scopes: idp.OIDCScopes,
|
||||
}
|
||||
}
|
||||
|
||||
func idpConfigStateFromModel(state iam_model.IDPConfigState) management.IdpState {
|
||||
switch state {
|
||||
case iam_model.IDPConfigStateActive:
|
||||
return management.IdpState_IDPCONFIGSTATE_ACTIVE
|
||||
case iam_model.IDPConfigStateInactive:
|
||||
return management.IdpState_IDPCONFIGSTATE_INACTIVE
|
||||
default:
|
||||
return management.IdpState_IDPCONFIGSTATE_UNSPECIFIED
|
||||
}
|
||||
}
|
||||
|
||||
func idpConfigSearchRequestToModel(request *management.IdpSearchRequest) *iam_model.IDPConfigSearchRequest {
|
||||
return &iam_model.IDPConfigSearchRequest{
|
||||
Limit: request.Limit,
|
||||
Offset: request.Offset,
|
||||
Queries: idpConfigSearchQueriesToModel(request.Queries),
|
||||
}
|
||||
}
|
||||
|
||||
func idpConfigSearchQueriesToModel(queries []*management.IdpSearchQuery) []*iam_model.IDPConfigSearchQuery {
|
||||
modelQueries := make([]*iam_model.IDPConfigSearchQuery, len(queries))
|
||||
for i, query := range queries {
|
||||
modelQueries[i] = idpConfigSearchQueryToModel(query)
|
||||
}
|
||||
|
||||
return modelQueries
|
||||
}
|
||||
|
||||
func idpConfigSearchQueryToModel(query *management.IdpSearchQuery) *iam_model.IDPConfigSearchQuery {
|
||||
return &iam_model.IDPConfigSearchQuery{
|
||||
Key: idpConfigSearchKeyToModel(query.Key),
|
||||
Method: searchMethodToModel(query.Method),
|
||||
Value: query.Value,
|
||||
}
|
||||
}
|
||||
|
||||
func idpConfigSearchKeyToModel(key management.IdpSearchKey) iam_model.IDPConfigSearchKey {
|
||||
switch key {
|
||||
case management.IdpSearchKey_IDPSEARCHKEY_IDP_CONFIG_ID:
|
||||
return iam_model.IDPConfigSearchKeyIdpConfigID
|
||||
case management.IdpSearchKey_IDPSEARCHKEY_NAME:
|
||||
return iam_model.IDPConfigSearchKeyName
|
||||
case management.IdpSearchKey_IDPSEARCHKEY_PROVIDER_TYPE:
|
||||
return iam_model.IDPConfigSearchKeyIdpProviderType
|
||||
default:
|
||||
return iam_model.IDPConfigSearchKeyUnspecified
|
||||
}
|
||||
}
|
||||
|
||||
func idpConfigSearchResponseFromModel(resp *iam_model.IDPConfigSearchResponse) *management.IdpSearchResponse {
|
||||
timestamp, err := ptypes.TimestampProto(resp.Timestamp)
|
||||
logging.Log("GRPC-KSi8c").OnError(err).Debug("date parse failed")
|
||||
return &management.IdpSearchResponse{
|
||||
Limit: resp.Limit,
|
||||
Offset: resp.Offset,
|
||||
TotalResult: resp.TotalResult,
|
||||
Result: idpConfigsFromView(resp.Result),
|
||||
ProcessedSequence: resp.Sequence,
|
||||
ViewTimestamp: timestamp,
|
||||
}
|
||||
}
|
||||
|
||||
func idpConfigsFromView(viewIdps []*iam_model.IDPConfigView) []*management.IdpView {
|
||||
idps := make([]*management.IdpView, len(viewIdps))
|
||||
for i, idp := range viewIdps {
|
||||
idps[i] = idpViewFromModel(idp)
|
||||
}
|
||||
return idps
|
||||
}
|
57
internal/api/grpc/management/login_policy.go
Normal file
57
internal/api/grpc/management/login_policy.go
Normal file
@ -0,0 +1,57 @@
|
||||
package management
|
||||
|
||||
import (
|
||||
"context"
|
||||
"github.com/caos/zitadel/pkg/grpc/management"
|
||||
"github.com/golang/protobuf/ptypes/empty"
|
||||
)
|
||||
|
||||
func (s *Server) GetLoginPolicy(ctx context.Context, _ *empty.Empty) (*management.LoginPolicyView, error) {
|
||||
result, err := s.org.GetLoginPolicy(ctx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return loginPolicyViewFromModel(result), nil
|
||||
}
|
||||
|
||||
func (s *Server) CreateLoginPolicy(ctx context.Context, policy *management.LoginPolicyAdd) (*management.LoginPolicy, error) {
|
||||
result, err := s.org.AddLoginPolicy(ctx, loginPolicyAddToModel(policy))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return loginPolicyFromModel(result), nil
|
||||
}
|
||||
|
||||
func (s *Server) UpdateLoginPolicy(ctx context.Context, policy *management.LoginPolicy) (*management.LoginPolicy, error) {
|
||||
result, err := s.org.ChangeLoginPolicy(ctx, loginPolicyToModel(policy))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return loginPolicyFromModel(result), nil
|
||||
}
|
||||
|
||||
func (s *Server) RemoveLoginPolicy(ctx context.Context, _ *empty.Empty) (*empty.Empty, error) {
|
||||
err := s.org.RemoveLoginPolicy(ctx)
|
||||
return &empty.Empty{}, err
|
||||
}
|
||||
|
||||
func (s *Server) GetLoginPolicyIdpProviders(ctx context.Context, request *management.IdpProviderSearchRequest) (*management.IdpProviderSearchResponse, error) {
|
||||
result, err := s.org.SearchIDPProviders(ctx, idpProviderSearchRequestToModel(request))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return idpProviderSearchResponseFromModel(result), nil
|
||||
}
|
||||
|
||||
func (s *Server) AddIdpProviderToLoginPolicy(ctx context.Context, provider *management.IdpProviderAdd) (*management.IdpProvider, error) {
|
||||
result, err := s.org.AddIDPProviderToLoginPolicy(ctx, idpProviderAddToModel(provider))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return idpProviderFromModel(result), nil
|
||||
}
|
||||
|
||||
func (s *Server) RemoveIdpProviderFromLoginPolicy(ctx context.Context, provider *management.IdpProviderID) (*empty.Empty, error) {
|
||||
err := s.org.RemoveIDPProviderFromLoginPolicy(ctx, idpProviderToModel(provider))
|
||||
return &empty.Empty{}, err
|
||||
}
|
131
internal/api/grpc/management/login_policy_converter.go
Normal file
131
internal/api/grpc/management/login_policy_converter.go
Normal file
@ -0,0 +1,131 @@
|
||||
package management
|
||||
|
||||
import (
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
"github.com/caos/zitadel/pkg/grpc/management"
|
||||
)
|
||||
|
||||
func loginPolicyAddToModel(policy *management.LoginPolicyAdd) *iam_model.LoginPolicy {
|
||||
return &iam_model.LoginPolicy{
|
||||
AllowUsernamePassword: policy.AllowUsernamePassword,
|
||||
AllowExternalIdp: policy.AllowExternalIdp,
|
||||
AllowRegister: policy.AllowRegister,
|
||||
}
|
||||
}
|
||||
func loginPolicyToModel(policy *management.LoginPolicy) *iam_model.LoginPolicy {
|
||||
return &iam_model.LoginPolicy{
|
||||
AllowUsernamePassword: policy.AllowUsernamePassword,
|
||||
AllowExternalIdp: policy.AllowExternalIdp,
|
||||
AllowRegister: policy.AllowRegister,
|
||||
}
|
||||
}
|
||||
|
||||
func loginPolicyFromModel(policy *iam_model.LoginPolicy) *management.LoginPolicy {
|
||||
return &management.LoginPolicy{
|
||||
AllowUsernamePassword: policy.AllowUsernamePassword,
|
||||
AllowExternalIdp: policy.AllowExternalIdp,
|
||||
AllowRegister: policy.AllowRegister,
|
||||
}
|
||||
}
|
||||
|
||||
func loginPolicyViewFromModel(policy *iam_model.LoginPolicyView) *management.LoginPolicyView {
|
||||
return &management.LoginPolicyView{
|
||||
Default: policy.Default,
|
||||
AllowUsernamePassword: policy.AllowUsernamePassword,
|
||||
AllowExternalIdp: policy.AllowExternalIDP,
|
||||
AllowRegister: policy.AllowRegister,
|
||||
}
|
||||
}
|
||||
|
||||
func idpProviderSearchRequestToModel(request *management.IdpProviderSearchRequest) *iam_model.IDPProviderSearchRequest {
|
||||
return &iam_model.IDPProviderSearchRequest{
|
||||
Limit: request.Limit,
|
||||
Offset: request.Offset,
|
||||
}
|
||||
}
|
||||
|
||||
func idpProviderSearchResponseFromModel(response *iam_model.IDPProviderSearchResponse) *management.IdpProviderSearchResponse {
|
||||
return &management.IdpProviderSearchResponse{
|
||||
Limit: response.Limit,
|
||||
Offset: response.Offset,
|
||||
TotalResult: response.TotalResult,
|
||||
Result: idpProviderViewsFromModel(response.Result),
|
||||
}
|
||||
}
|
||||
|
||||
func idpProviderToModel(provider *management.IdpProviderID) *iam_model.IDPProvider {
|
||||
return &iam_model.IDPProvider{
|
||||
IdpConfigID: provider.IdpConfigId,
|
||||
Type: iam_model.IDPProviderTypeSystem,
|
||||
}
|
||||
}
|
||||
|
||||
func idpProviderAddToModel(provider *management.IdpProviderAdd) *iam_model.IDPProvider {
|
||||
return &iam_model.IDPProvider{
|
||||
IdpConfigID: provider.IdpConfigId,
|
||||
Type: idpProviderTypeToModel(provider.IdpProviderType),
|
||||
}
|
||||
}
|
||||
|
||||
func idpProviderIDFromModel(provider *iam_model.IDPProvider) *management.IdpProviderID {
|
||||
return &management.IdpProviderID{
|
||||
IdpConfigId: provider.IdpConfigID,
|
||||
}
|
||||
}
|
||||
|
||||
func idpProviderFromModel(provider *iam_model.IDPProvider) *management.IdpProvider {
|
||||
return &management.IdpProvider{
|
||||
IdpConfigId: provider.IdpConfigID,
|
||||
IdpProvider_Type: idpProviderTypeFromModel(provider.Type),
|
||||
}
|
||||
}
|
||||
|
||||
func idpProviderViewsFromModel(providers []*iam_model.IDPProviderView) []*management.IdpProviderView {
|
||||
converted := make([]*management.IdpProviderView, len(providers))
|
||||
for i, provider := range providers {
|
||||
converted[i] = idpProviderViewFromModel(provider)
|
||||
}
|
||||
|
||||
return converted
|
||||
}
|
||||
|
||||
func idpProviderViewFromModel(provider *iam_model.IDPProviderView) *management.IdpProviderView {
|
||||
return &management.IdpProviderView{
|
||||
IdpConfigId: provider.IDPConfigID,
|
||||
Name: provider.Name,
|
||||
Type: idpConfigTypeToModel(provider.IDPConfigType),
|
||||
}
|
||||
}
|
||||
|
||||
func idpConfigTypeToModel(providerType iam_model.IdpConfigType) management.IdpType {
|
||||
switch providerType {
|
||||
case iam_model.IDPConfigTypeOIDC:
|
||||
return management.IdpType_IDPTYPE_OIDC
|
||||
case iam_model.IDPConfigTypeSAML:
|
||||
return management.IdpType_IDPTYPE_SAML
|
||||
default:
|
||||
return management.IdpType_IDPTYPE_UNSPECIFIED
|
||||
}
|
||||
}
|
||||
|
||||
func idpProviderTypeToModel(providerType management.IdpProviderType) iam_model.IDPProviderType {
|
||||
switch providerType {
|
||||
case management.IdpProviderType_IDPPROVIDERTYPE_SYSTEM:
|
||||
return iam_model.IDPProviderTypeSystem
|
||||
case management.IdpProviderType_IDPPROVIDERTYPE_ORG:
|
||||
return iam_model.IDPProviderTypeOrg
|
||||
default:
|
||||
return iam_model.IDPProviderTypeSystem
|
||||
}
|
||||
}
|
||||
|
||||
func idpProviderTypeFromModel(providerType iam_model.IDPProviderType) management.IdpProviderType {
|
||||
switch providerType {
|
||||
case iam_model.IDPProviderTypeSystem:
|
||||
return management.IdpProviderType_IDPPROVIDERTYPE_SYSTEM
|
||||
case iam_model.IDPProviderTypeOrg:
|
||||
return management.IdpProviderType_IDPPROVIDERTYPE_ORG
|
||||
default:
|
||||
return management.IdpProviderType_IDPPROVIDERTYPE_UNSPECIFIED
|
||||
}
|
||||
}
|
@ -227,7 +227,7 @@ func orgChangesToMgtAPI(changes *org_model.OrgChanges) (_ []*management.Change)
|
||||
return result
|
||||
}
|
||||
|
||||
func orgIamPolicyFromModel(policy *org_model.OrgIamPolicy) *management.OrgIamPolicy {
|
||||
func orgIamPolicyFromModel(policy *org_model.OrgIAMPolicy) *management.OrgIamPolicy {
|
||||
return &management.OrgIamPolicy{
|
||||
OrgId: policy.AggregateID,
|
||||
Description: policy.Description,
|
||||
|
@ -6,11 +6,11 @@ import (
|
||||
iam_event "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
|
||||
)
|
||||
|
||||
type IamRepository struct {
|
||||
IamID string
|
||||
IamEvents *iam_event.IamEventstore
|
||||
type IAMRepository struct {
|
||||
IAMID string
|
||||
IAMEvents *iam_event.IAMEventstore
|
||||
}
|
||||
|
||||
func (repo *IamRepository) GetIam(ctx context.Context) (*model.Iam, error) {
|
||||
return repo.IamEvents.IamByID(ctx, repo.IamID)
|
||||
func (repo *IAMRepository) GetIAM(ctx context.Context) (*model.IAM, error) {
|
||||
return repo.IAMEvents.IAMByID(ctx, repo.IAMID)
|
||||
}
|
||||
|
@ -56,7 +56,7 @@ func (repo *OrgRepository) RegisterOrg(ctx context.Context, register *auth_model
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
orgPolicy, err := repo.OrgEventstore.GetOrgIamPolicy(ctx, policy_model.DefaultPolicy)
|
||||
orgPolicy, err := repo.OrgEventstore.GetOrgIAMPolicy(ctx, policy_model.DefaultPolicy)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -94,6 +94,6 @@ func (repo *OrgRepository) RegisterOrg(ctx context.Context, register *auth_model
|
||||
return RegisterToModel(registerModel), nil
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) GetOrgIamPolicy(ctx context.Context, orgID string) (*org_model.OrgIamPolicy, error) {
|
||||
return repo.OrgEventstore.GetOrgIamPolicy(ctx, policy_model.DefaultPolicy)
|
||||
func (repo *OrgRepository) GetOrgIamPolicy(ctx context.Context, orgID string) (*org_model.OrgIAMPolicy, error) {
|
||||
return repo.OrgEventstore.GetOrgIAMPolicy(ctx, policy_model.DefaultPolicy)
|
||||
}
|
||||
|
@ -41,7 +41,7 @@ func (repo *UserRepo) Register(ctx context.Context, registerUser *model.User, or
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
orgPolicy, err := repo.OrgEvents.GetOrgIamPolicy(ctx, policyResourceOwner)
|
||||
orgPolicy, err := repo.OrgEvents.GetOrgIAMPolicy(ctx, policyResourceOwner)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -32,7 +32,7 @@ type EventstoreRepos struct {
|
||||
UserEvents *usr_event.UserEventstore
|
||||
ProjectEvents *proj_event.ProjectEventstore
|
||||
OrgEvents *org_events.OrgEventstore
|
||||
IamEvents *iam_events.IamEventstore
|
||||
IamEvents *iam_events.IAMEventstore
|
||||
}
|
||||
|
||||
func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, eventstore eventstore.Eventstore, repos EventstoreRepos, systemDefaults sd.SystemDefaults) []query.Handler {
|
||||
|
@ -109,7 +109,7 @@ func (u *User) fillLoginNames(user *view_model.UserView) (err error) {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
policy, err := u.orgEvents.GetOrgIamPolicy(context.Background(), user.ResourceOwner)
|
||||
policy, err := u.orgEvents.GetOrgIAMPolicy(context.Background(), user.ResourceOwner)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@ -122,9 +122,9 @@ func (u *User) ProcessOrg(event *models.Event) (err error) {
|
||||
switch event.Type {
|
||||
case org_es_model.OrgDomainVerified,
|
||||
org_es_model.OrgDomainRemoved,
|
||||
org_es_model.OrgIamPolicyAdded,
|
||||
org_es_model.OrgIamPolicyChanged,
|
||||
org_es_model.OrgIamPolicyRemoved:
|
||||
org_es_model.OrgIAMPolicyAdded,
|
||||
org_es_model.OrgIAMPolicyChanged,
|
||||
org_es_model.OrgIAMPolicyRemoved:
|
||||
return u.fillLoginNamesOnOrgUsers(event)
|
||||
case org_es_model.OrgDomainPrimarySet:
|
||||
return u.fillPreferredLoginNamesOnOrgUsers(event)
|
||||
@ -138,7 +138,7 @@ func (u *User) fillLoginNamesOnOrgUsers(event *models.Event) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
policy, err := u.orgEvents.GetOrgIamPolicy(context.Background(), event.ResourceOwner)
|
||||
policy, err := u.orgEvents.GetOrgIAMPolicy(context.Background(), event.ResourceOwner)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@ -161,7 +161,7 @@ func (u *User) fillPreferredLoginNamesOnOrgUsers(event *models.Event) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
policy, err := u.orgEvents.GetOrgIamPolicy(context.Background(), event.ResourceOwner)
|
||||
policy, err := u.orgEvents.GetOrgIAMPolicy(context.Background(), event.ResourceOwner)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -33,7 +33,7 @@ type UserGrant struct {
|
||||
projectEvents *proj_event.ProjectEventstore
|
||||
userEvents *usr_events.UserEventstore
|
||||
orgEvents *org_events.OrgEventstore
|
||||
iamEvents *iam_events.IamEventstore
|
||||
iamEvents *iam_events.IAMEventstore
|
||||
iamID string
|
||||
iamProjectID string
|
||||
}
|
||||
@ -58,7 +58,7 @@ func (u *UserGrant) EventQuery() (*models.SearchQuery, error) {
|
||||
return nil, err
|
||||
}
|
||||
return es_models.NewSearchQuery().
|
||||
AggregateTypeFilter(grant_es_model.UserGrantAggregate, iam_es_model.IamAggregate, org_es_model.OrgAggregate, usr_es_model.UserAggregate, proj_es_model.ProjectAggregate).
|
||||
AggregateTypeFilter(grant_es_model.UserGrantAggregate, iam_es_model.IAMAggregate, org_es_model.OrgAggregate, usr_es_model.UserAggregate, proj_es_model.ProjectAggregate).
|
||||
LatestSequenceFilter(sequence.CurrentSequence), nil
|
||||
}
|
||||
|
||||
@ -70,7 +70,7 @@ func (u *UserGrant) Reduce(event *models.Event) (err error) {
|
||||
err = u.processUser(event)
|
||||
case proj_es_model.ProjectAggregate:
|
||||
err = u.processProject(event)
|
||||
case iam_es_model.IamAggregate:
|
||||
case iam_es_model.IAMAggregate:
|
||||
err = u.processIamMember(event, "IAM", false)
|
||||
case org_es_model.OrgAggregate:
|
||||
return u.processOrg(event)
|
||||
@ -176,10 +176,10 @@ func (u *UserGrant) processOrg(event *models.Event) (err error) {
|
||||
}
|
||||
|
||||
func (u *UserGrant) processIamMember(event *models.Event, rolePrefix string, suffix bool) error {
|
||||
member := new(iam_es_model.IamMember)
|
||||
member := new(iam_es_model.IAMMember)
|
||||
|
||||
switch event.Type {
|
||||
case iam_es_model.IamMemberAdded, iam_es_model.IamMemberChanged:
|
||||
case iam_es_model.IAMMemberAdded, iam_es_model.IAMMemberChanged:
|
||||
member.SetData(event)
|
||||
|
||||
grant, err := u.view.UserGrantByIDs(u.iamID, u.iamProjectID, member.UserID)
|
||||
@ -210,7 +210,7 @@ func (u *UserGrant) processIamMember(event *models.Event, rolePrefix string, suf
|
||||
grant.Sequence = event.Sequence
|
||||
grant.ChangeDate = event.CreationDate
|
||||
return u.view.PutUserGrant(grant, grant.Sequence)
|
||||
case iam_es_model.IamMemberRemoved:
|
||||
case iam_es_model.IAMMemberRemoved:
|
||||
member.SetData(event)
|
||||
grant, err := u.view.UserGrantByIDs(u.iamID, u.iamProjectID, member.UserID)
|
||||
if err != nil {
|
||||
@ -295,14 +295,14 @@ func (u *UserGrant) setIamProjectID() error {
|
||||
if u.iamProjectID != "" {
|
||||
return nil
|
||||
}
|
||||
iam, err := u.iamEvents.IamByID(context.Background(), u.iamID)
|
||||
iam, err := u.iamEvents.IAMByID(context.Background(), u.iamID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if !iam.SetUpDone {
|
||||
return caos_errs.ThrowPreconditionFailed(nil, "HANDL-s5DTs", "Setup not done")
|
||||
}
|
||||
u.iamProjectID = iam.IamProjectID
|
||||
u.iamProjectID = iam.IAMProjectID
|
||||
return nil
|
||||
}
|
||||
|
||||
|
@ -44,7 +44,7 @@ type EsRepository struct {
|
||||
eventstore.UserSessionRepo
|
||||
eventstore.UserGrantRepo
|
||||
eventstore.OrgRepository
|
||||
eventstore.IamRepository
|
||||
eventstore.IAMRepository
|
||||
eventstore.PolicyRepo
|
||||
}
|
||||
|
||||
@ -109,8 +109,8 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults, au
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
iam, err := es_iam.StartIam(
|
||||
es_iam.IamConfig{
|
||||
iam, err := es_iam.StartIAM(
|
||||
es_iam.IAMConfig{
|
||||
Eventstore: es,
|
||||
Cache: conf.Eventstore.Cache,
|
||||
},
|
||||
@ -174,9 +174,9 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults, au
|
||||
PolicyEventstore: policy,
|
||||
UserEventstore: user,
|
||||
},
|
||||
eventstore.IamRepository{
|
||||
IamEvents: iam,
|
||||
IamID: systemDefaults.IamID,
|
||||
eventstore.IAMRepository{
|
||||
IAMEvents: iam,
|
||||
IAMID: systemDefaults.IamID,
|
||||
},
|
||||
eventstore.PolicyRepo{
|
||||
PolicyEvents: policy,
|
||||
|
@ -6,6 +6,6 @@ import (
|
||||
"github.com/caos/zitadel/internal/iam/model"
|
||||
)
|
||||
|
||||
type IamRepository interface {
|
||||
GetIam(ctx context.Context) (*model.Iam, error)
|
||||
type IAMRepository interface {
|
||||
GetIAM(ctx context.Context) (*model.IAM, error)
|
||||
}
|
||||
|
@ -8,5 +8,5 @@ import (
|
||||
|
||||
type OrgRepository interface {
|
||||
RegisterOrg(context.Context, *auth_model.RegisterOrg) (*auth_model.RegisterOrg, error)
|
||||
GetOrgIamPolicy(ctx context.Context, orgID string) (*org_model.OrgIamPolicy, error)
|
||||
GetOrgIamPolicy(ctx context.Context, orgID string) (*org_model.OrgIAMPolicy, error)
|
||||
}
|
||||
|
@ -7,14 +7,14 @@ import (
|
||||
)
|
||||
|
||||
type IamRepo struct {
|
||||
IamID string
|
||||
IamEvents *iam_event.IamEventstore
|
||||
IAMID string
|
||||
IAMEvents *iam_event.IAMEventstore
|
||||
}
|
||||
|
||||
func (repo *IamRepo) Health(ctx context.Context) error {
|
||||
return repo.IamEvents.Health(ctx)
|
||||
return repo.IAMEvents.Health(ctx)
|
||||
}
|
||||
|
||||
func (repo *IamRepo) IamByID(ctx context.Context) (*model.Iam, error) {
|
||||
return repo.IamEvents.IamByID(ctx, repo.IamID)
|
||||
func (repo *IamRepo) IamByID(ctx context.Context) (*model.IAM, error) {
|
||||
return repo.IAMEvents.IAMByID(ctx, repo.IAMID)
|
||||
}
|
||||
|
@ -13,8 +13,8 @@ import (
|
||||
|
||||
type TokenVerifierRepo struct {
|
||||
TokenVerificationKey [32]byte
|
||||
IamID string
|
||||
IamEvents *iam_event.IamEventstore
|
||||
IAMID string
|
||||
IAMEvents *iam_event.IAMEventstore
|
||||
ProjectEvents *proj_event.ProjectEventstore
|
||||
View *view.View
|
||||
}
|
||||
@ -55,11 +55,11 @@ func (repo *TokenVerifierRepo) ExistsOrg(ctx context.Context, orgID string) erro
|
||||
}
|
||||
|
||||
func (repo *TokenVerifierRepo) VerifierClientID(ctx context.Context, appName string) (string, error) {
|
||||
iam, err := repo.IamEvents.IamByID(ctx, repo.IamID)
|
||||
iam, err := repo.IAMEvents.IAMByID(ctx, repo.IAMID)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
app, err := repo.View.ApplicationByProjecIDAndAppName(iam.IamProjectID, appName)
|
||||
app, err := repo.View.ApplicationByProjecIDAndAppName(iam.IAMProjectID, appName)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
@ -16,7 +16,7 @@ type UserGrantRepo struct {
|
||||
IamID string
|
||||
IamProjectID string
|
||||
Auth authz.Config
|
||||
IamEvents *iam_event.IamEventstore
|
||||
IamEvents *iam_event.IAMEventstore
|
||||
}
|
||||
|
||||
func (repo *UserGrantRepo) Health() error {
|
||||
@ -67,14 +67,14 @@ func (repo *UserGrantRepo) FillIamProjectID(ctx context.Context) error {
|
||||
if repo.IamProjectID != "" {
|
||||
return nil
|
||||
}
|
||||
iam, err := repo.IamEvents.IamByID(ctx, repo.IamID)
|
||||
iam, err := repo.IamEvents.IAMByID(ctx, repo.IamID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if !iam.SetUpDone {
|
||||
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-skiwS", "Setup not done")
|
||||
}
|
||||
repo.IamProjectID = iam.IamProjectID
|
||||
repo.IamProjectID = iam.IAMProjectID
|
||||
return nil
|
||||
}
|
||||
|
||||
|
@ -26,7 +26,7 @@ type handler struct {
|
||||
}
|
||||
|
||||
type EventstoreRepos struct {
|
||||
IamEvents *iam_events.IamEventstore
|
||||
IamEvents *iam_events.IAMEventstore
|
||||
}
|
||||
|
||||
func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, eventstore eventstore.Eventstore, repos EventstoreRepos, systemDefaults sd.SystemDefaults) []query.Handler {
|
||||
|
@ -22,7 +22,7 @@ import (
|
||||
type UserGrant struct {
|
||||
handler
|
||||
eventstore eventstore.Eventstore
|
||||
iamEvents *iam_events.IamEventstore
|
||||
iamEvents *iam_events.IAMEventstore
|
||||
iamID string
|
||||
iamProjectID string
|
||||
}
|
||||
@ -47,7 +47,7 @@ func (u *UserGrant) EventQuery() (*models.SearchQuery, error) {
|
||||
return nil, err
|
||||
}
|
||||
return es_models.NewSearchQuery().
|
||||
AggregateTypeFilter(iam_es_model.IamAggregate, org_es_model.OrgAggregate, proj_es_model.ProjectAggregate).
|
||||
AggregateTypeFilter(iam_es_model.IAMAggregate, org_es_model.OrgAggregate, proj_es_model.ProjectAggregate).
|
||||
LatestSequenceFilter(sequence.CurrentSequence), nil
|
||||
}
|
||||
|
||||
@ -55,7 +55,7 @@ func (u *UserGrant) Reduce(event *models.Event) (err error) {
|
||||
switch event.AggregateType {
|
||||
case proj_es_model.ProjectAggregate:
|
||||
err = u.processProject(event)
|
||||
case iam_es_model.IamAggregate:
|
||||
case iam_es_model.IAMAggregate:
|
||||
err = u.processIamMember(event, "IAM", false)
|
||||
case org_es_model.OrgAggregate:
|
||||
return u.processOrg(event)
|
||||
@ -92,10 +92,10 @@ func (u *UserGrant) processOrg(event *models.Event) (err error) {
|
||||
}
|
||||
|
||||
func (u *UserGrant) processIamMember(event *models.Event, rolePrefix string, suffix bool) error {
|
||||
member := new(iam_es_model.IamMember)
|
||||
member := new(iam_es_model.IAMMember)
|
||||
|
||||
switch event.Type {
|
||||
case iam_es_model.IamMemberAdded, iam_es_model.IamMemberChanged:
|
||||
case iam_es_model.IAMMemberAdded, iam_es_model.IAMMemberChanged:
|
||||
member.SetData(event)
|
||||
|
||||
grant, err := u.view.UserGrantByIDs(u.iamID, u.iamProjectID, member.UserID)
|
||||
@ -126,7 +126,7 @@ func (u *UserGrant) processIamMember(event *models.Event, rolePrefix string, suf
|
||||
grant.Sequence = event.Sequence
|
||||
grant.ChangeDate = event.CreationDate
|
||||
return u.view.PutUserGrant(grant, grant.Sequence)
|
||||
case iam_es_model.IamMemberRemoved:
|
||||
case iam_es_model.IAMMemberRemoved:
|
||||
member.SetData(event)
|
||||
grant, err := u.view.UserGrantByIDs(u.iamID, u.iamProjectID, member.UserID)
|
||||
if err != nil {
|
||||
@ -210,14 +210,14 @@ func (u *UserGrant) setIamProjectID() error {
|
||||
if u.iamProjectID != "" {
|
||||
return nil
|
||||
}
|
||||
iam, err := u.iamEvents.IamByID(context.Background(), u.iamID)
|
||||
iam, err := u.iamEvents.IAMByID(context.Background(), u.iamID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if !iam.SetUpDone {
|
||||
return caos_errs.ThrowPreconditionFailed(nil, "HANDL-s5DTs", "Setup not done")
|
||||
}
|
||||
u.iamProjectID = iam.IamProjectID
|
||||
u.iamProjectID = iam.IAMProjectID
|
||||
return nil
|
||||
}
|
||||
|
||||
|
@ -51,7 +51,7 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults) (*
|
||||
return nil, err
|
||||
}
|
||||
|
||||
iam, err := es_iam.StartIam(es_iam.IamConfig{
|
||||
iam, err := es_iam.StartIAM(es_iam.IAMConfig{
|
||||
Eventstore: es,
|
||||
Cache: conf.Eventstore.Cache,
|
||||
}, systemDefaults)
|
||||
@ -77,13 +77,13 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults) (*
|
||||
IamEvents: iam,
|
||||
},
|
||||
eventstore.IamRepo{
|
||||
IamID: systemDefaults.IamID,
|
||||
IamEvents: iam,
|
||||
IAMID: systemDefaults.IamID,
|
||||
IAMEvents: iam,
|
||||
},
|
||||
eventstore.TokenVerifierRepo{
|
||||
//TODO: Add Token Verification Key
|
||||
IamID: systemDefaults.IamID,
|
||||
IamEvents: iam,
|
||||
IAMID: systemDefaults.IamID,
|
||||
IAMEvents: iam,
|
||||
ProjectEvents: project,
|
||||
View: view,
|
||||
},
|
||||
|
@ -5,7 +5,7 @@ import (
|
||||
"github.com/caos/zitadel/internal/iam/model"
|
||||
)
|
||||
|
||||
type IamRepository interface {
|
||||
type IAMRepository interface {
|
||||
Health(ctx context.Context) error
|
||||
IamByID(ctx context.Context, id string) (*model.Iam, error)
|
||||
IAMByID(ctx context.Context, id string) (*model.IAM, error)
|
||||
}
|
||||
|
@ -7,5 +7,5 @@ import (
|
||||
type Repository interface {
|
||||
Health(context.Context) error
|
||||
UserGrantRepository
|
||||
IamRepository
|
||||
IAMRepository
|
||||
}
|
||||
|
@ -14,17 +14,18 @@ import (
|
||||
)
|
||||
|
||||
type SystemDefaults struct {
|
||||
DefaultLanguage language.Tag
|
||||
Domain string
|
||||
ZitadelDocs ZitadelDocs
|
||||
SecretGenerators SecretGenerators
|
||||
UserVerificationKey *crypto.KeyConfig
|
||||
Multifactors MultifactorConfig
|
||||
VerificationLifetimes VerificationLifetimes
|
||||
DefaultPolicies DefaultPolicies
|
||||
DomainVerification DomainVerification
|
||||
IamID string
|
||||
Notifications Notifications
|
||||
DefaultLanguage language.Tag
|
||||
Domain string
|
||||
ZitadelDocs ZitadelDocs
|
||||
SecretGenerators SecretGenerators
|
||||
UserVerificationKey *crypto.KeyConfig
|
||||
IDPConfigVerificationKey *crypto.KeyConfig
|
||||
Multifactors MultifactorConfig
|
||||
VerificationLifetimes VerificationLifetimes
|
||||
DefaultPolicies DefaultPolicies
|
||||
DomainVerification DomainVerification
|
||||
IamID string
|
||||
Notifications Notifications
|
||||
}
|
||||
|
||||
type ZitadelDocs struct {
|
||||
@ -61,7 +62,7 @@ type DefaultPolicies struct {
|
||||
Age pol.PasswordAgePolicyDefault
|
||||
Complexity pol.PasswordComplexityPolicyDefault
|
||||
Lockout pol.PasswordLockoutPolicyDefault
|
||||
OrgIam org_model.OrgIamPolicy
|
||||
OrgIam org_model.OrgIAMPolicy
|
||||
}
|
||||
|
||||
type DomainVerification struct {
|
||||
|
@ -4,16 +4,18 @@ import (
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
||||
)
|
||||
|
||||
type Iam struct {
|
||||
type IAM struct {
|
||||
es_models.ObjectRoot
|
||||
GlobalOrgID string
|
||||
IamProjectID string
|
||||
SetUpDone bool
|
||||
SetUpStarted bool
|
||||
Members []*IamMember
|
||||
GlobalOrgID string
|
||||
IAMProjectID string
|
||||
SetUpDone bool
|
||||
SetUpStarted bool
|
||||
Members []*IAMMember
|
||||
IDPs []*IDPConfig
|
||||
DefaultLoginPolicy *LoginPolicy
|
||||
}
|
||||
|
||||
func (iam *Iam) GetMember(userID string) (int, *IamMember) {
|
||||
func (iam *IAM) GetMember(userID string) (int, *IAMMember) {
|
||||
for i, m := range iam.Members {
|
||||
if m.UserID == userID {
|
||||
return i, m
|
||||
@ -21,3 +23,12 @@ func (iam *Iam) GetMember(userID string) (int, *IamMember) {
|
||||
}
|
||||
return -1, nil
|
||||
}
|
||||
|
||||
func (iam *IAM) GetIDP(idpID string) (int, *IDPConfig) {
|
||||
for i, idp := range iam.IDPs {
|
||||
if idp.IDPConfigID == idpID {
|
||||
return i, idp
|
||||
}
|
||||
}
|
||||
return -1, nil
|
||||
}
|
||||
|
@ -2,17 +2,17 @@ package model
|
||||
|
||||
import es_models "github.com/caos/zitadel/internal/eventstore/models"
|
||||
|
||||
type IamMember struct {
|
||||
type IAMMember struct {
|
||||
es_models.ObjectRoot
|
||||
|
||||
UserID string
|
||||
Roles []string
|
||||
}
|
||||
|
||||
func NewIamMember(iamID, userID string) *IamMember {
|
||||
return &IamMember{ObjectRoot: es_models.ObjectRoot{AggregateID: iamID}, UserID: userID}
|
||||
func NewIAMMember(iamID, userID string) *IAMMember {
|
||||
return &IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: iamID}, UserID: userID}
|
||||
}
|
||||
|
||||
func (i *IamMember) IsValid() bool {
|
||||
func (i *IAMMember) IsValid() bool {
|
||||
return i.AggregateID != "" && i.UserID != "" && len(i.Roles) != 0
|
||||
}
|
||||
|
@ -5,9 +5,9 @@ import (
|
||||
"time"
|
||||
)
|
||||
|
||||
type IamMemberView struct {
|
||||
type IAMMemberView struct {
|
||||
UserID string
|
||||
IamID string
|
||||
IAMID string
|
||||
UserName string
|
||||
Email string
|
||||
FirstName string
|
||||
@ -19,42 +19,42 @@ type IamMemberView struct {
|
||||
Sequence uint64
|
||||
}
|
||||
|
||||
type IamMemberSearchRequest struct {
|
||||
type IAMMemberSearchRequest struct {
|
||||
Offset uint64
|
||||
Limit uint64
|
||||
SortingColumn IamMemberSearchKey
|
||||
SortingColumn IAMMemberSearchKey
|
||||
Asc bool
|
||||
Queries []*IamMemberSearchQuery
|
||||
Queries []*IAMMemberSearchQuery
|
||||
}
|
||||
|
||||
type IamMemberSearchKey int32
|
||||
type IAMMemberSearchKey int32
|
||||
|
||||
const (
|
||||
IamMemberSearchKeyUnspecified IamMemberSearchKey = iota
|
||||
IamMemberSearchKeyUserName
|
||||
IamMemberSearchKeyEmail
|
||||
IamMemberSearchKeyFirstName
|
||||
IamMemberSearchKeyLastName
|
||||
IamMemberSearchKeyIamID
|
||||
IamMemberSearchKeyUserID
|
||||
IAMMemberSearchKeyUnspecified IAMMemberSearchKey = iota
|
||||
IAMMemberSearchKeyUserName
|
||||
IAMMemberSearchKeyEmail
|
||||
IAMMemberSearchKeyFirstName
|
||||
IAMMemberSearchKeyLastName
|
||||
IAMMemberSearchKeyIamID
|
||||
IAMMemberSearchKeyUserID
|
||||
)
|
||||
|
||||
type IamMemberSearchQuery struct {
|
||||
Key IamMemberSearchKey
|
||||
type IAMMemberSearchQuery struct {
|
||||
Key IAMMemberSearchKey
|
||||
Method model.SearchMethod
|
||||
Value interface{}
|
||||
}
|
||||
|
||||
type IamMemberSearchResponse struct {
|
||||
type IAMMemberSearchResponse struct {
|
||||
Offset uint64
|
||||
Limit uint64
|
||||
TotalResult uint64
|
||||
Result []*IamMemberView
|
||||
Result []*IAMMemberView
|
||||
Sequence uint64
|
||||
Timestamp time.Time
|
||||
}
|
||||
|
||||
func (r *IamMemberSearchRequest) EnsureLimit(limit uint64) {
|
||||
func (r *IAMMemberSearchRequest) EnsureLimit(limit uint64) {
|
||||
if r.Limit == 0 || r.Limit > limit {
|
||||
r.Limit = limit
|
||||
}
|
||||
|
74
internal/iam/model/idp_config.go
Normal file
74
internal/iam/model/idp_config.go
Normal file
@ -0,0 +1,74 @@
|
||||
package model
|
||||
|
||||
import (
|
||||
"github.com/caos/zitadel/internal/crypto"
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
||||
)
|
||||
|
||||
type IDPConfig struct {
|
||||
es_models.ObjectRoot
|
||||
IDPConfigID string
|
||||
Type IdpConfigType
|
||||
Name string
|
||||
LogoSrc []byte
|
||||
State IDPConfigState
|
||||
OIDCConfig *OIDCIDPConfig
|
||||
}
|
||||
|
||||
type OIDCIDPConfig struct {
|
||||
es_models.ObjectRoot
|
||||
IDPConfigID string
|
||||
ClientID string
|
||||
ClientSecret *crypto.CryptoValue
|
||||
ClientSecretString string
|
||||
Issuer string
|
||||
Scopes []string
|
||||
}
|
||||
|
||||
type IdpConfigType int32
|
||||
|
||||
const (
|
||||
IDPConfigTypeOIDC IdpConfigType = iota
|
||||
IDPConfigTypeSAML
|
||||
)
|
||||
|
||||
type IDPConfigState int32
|
||||
|
||||
const (
|
||||
IDPConfigStateActive IDPConfigState = iota
|
||||
IDPConfigStateInactive
|
||||
IDPConfigStateRemoved
|
||||
)
|
||||
|
||||
func NewIDPConfig(iamID, idpID string) *IDPConfig {
|
||||
return &IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: iamID}, IDPConfigID: idpID}
|
||||
}
|
||||
|
||||
func (idp *IDPConfig) IsValid(includeConfig bool) bool {
|
||||
if idp.Name == "" || idp.AggregateID == "" {
|
||||
return false
|
||||
}
|
||||
if !includeConfig {
|
||||
return true
|
||||
}
|
||||
if idp.Type == IDPConfigTypeOIDC && !idp.OIDCConfig.IsValid(true) {
|
||||
return false
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
func (oi *OIDCIDPConfig) IsValid(withSecret bool) bool {
|
||||
if withSecret {
|
||||
return oi.ClientID != "" && oi.Issuer != "" && oi.ClientSecretString != ""
|
||||
}
|
||||
return oi.ClientID != "" && oi.Issuer != ""
|
||||
}
|
||||
|
||||
func (oi *OIDCIDPConfig) CryptSecret(crypt crypto.Crypto) error {
|
||||
cryptedSecret, err := crypto.Crypt([]byte(oi.ClientSecretString), crypt)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
oi.ClientSecret = cryptedSecret
|
||||
return nil
|
||||
}
|
68
internal/iam/model/idp_config_view.go
Normal file
68
internal/iam/model/idp_config_view.go
Normal file
@ -0,0 +1,68 @@
|
||||
package model
|
||||
|
||||
import (
|
||||
"github.com/caos/zitadel/internal/crypto"
|
||||
"github.com/caos/zitadel/internal/model"
|
||||
"time"
|
||||
)
|
||||
|
||||
type IDPConfigView struct {
|
||||
AggregateID string
|
||||
IDPConfigID string
|
||||
Name string
|
||||
LogoSrc []byte
|
||||
State IDPConfigState
|
||||
CreationDate time.Time
|
||||
ChangeDate time.Time
|
||||
Sequence uint64
|
||||
IDPProviderType IDPProviderType
|
||||
|
||||
IsOIDC bool
|
||||
OIDCClientID string
|
||||
OIDCClientSecret *crypto.CryptoValue
|
||||
OIDCIssuer string
|
||||
OIDCScopes []string
|
||||
}
|
||||
|
||||
type IDPConfigSearchRequest struct {
|
||||
Offset uint64
|
||||
Limit uint64
|
||||
SortingColumn IDPConfigSearchKey
|
||||
Asc bool
|
||||
Queries []*IDPConfigSearchQuery
|
||||
}
|
||||
|
||||
type IDPConfigSearchKey int32
|
||||
|
||||
const (
|
||||
IDPConfigSearchKeyUnspecified IDPConfigSearchKey = iota
|
||||
IDPConfigSearchKeyName
|
||||
IDPConfigSearchKeyAggregateID
|
||||
IDPConfigSearchKeyIdpConfigID
|
||||
IDPConfigSearchKeyIdpProviderType
|
||||
)
|
||||
|
||||
type IDPConfigSearchQuery struct {
|
||||
Key IDPConfigSearchKey
|
||||
Method model.SearchMethod
|
||||
Value interface{}
|
||||
}
|
||||
|
||||
type IDPConfigSearchResponse struct {
|
||||
Offset uint64
|
||||
Limit uint64
|
||||
TotalResult uint64
|
||||
Result []*IDPConfigView
|
||||
Sequence uint64
|
||||
Timestamp time.Time
|
||||
}
|
||||
|
||||
func (r *IDPConfigSearchRequest) EnsureLimit(limit uint64) {
|
||||
if r.Limit == 0 || r.Limit > limit {
|
||||
r.Limit = limit
|
||||
}
|
||||
}
|
||||
|
||||
func (r *IDPConfigSearchRequest) AppendMyOrgQuery(orgID, iamID string) {
|
||||
r.Queries = append(r.Queries, &IDPConfigSearchQuery{Key: IDPConfigSearchKeyAggregateID, Method: model.SearchMethodIsOneOf, Value: []string{orgID, iamID}})
|
||||
}
|
59
internal/iam/model/idp_provider_view.go
Normal file
59
internal/iam/model/idp_provider_view.go
Normal file
@ -0,0 +1,59 @@
|
||||
package model
|
||||
|
||||
import (
|
||||
"github.com/caos/zitadel/internal/model"
|
||||
"time"
|
||||
)
|
||||
|
||||
type IDPProviderView struct {
|
||||
AggregateID string
|
||||
IDPConfigID string
|
||||
IDPProviderType IDPProviderType
|
||||
Name string
|
||||
IDPConfigType IdpConfigType
|
||||
|
||||
CreationDate time.Time
|
||||
ChangeDate time.Time
|
||||
Sequence uint64
|
||||
}
|
||||
|
||||
type IDPProviderSearchRequest struct {
|
||||
Offset uint64
|
||||
Limit uint64
|
||||
SortingColumn IDPProviderSearchKey
|
||||
Asc bool
|
||||
Queries []*IDPProviderSearchQuery
|
||||
}
|
||||
|
||||
type IDPProviderSearchKey int32
|
||||
|
||||
const (
|
||||
IDPProviderSearchKeyUnspecified IDPProviderSearchKey = iota
|
||||
IDPProviderSearchKeyAggregateID
|
||||
IDPProviderSearchKeyIdpConfigID
|
||||
)
|
||||
|
||||
type IDPProviderSearchQuery struct {
|
||||
Key IDPProviderSearchKey
|
||||
Method model.SearchMethod
|
||||
Value interface{}
|
||||
}
|
||||
|
||||
type IDPProviderSearchResponse struct {
|
||||
Offset uint64
|
||||
Limit uint64
|
||||
TotalResult uint64
|
||||
Result []*IDPProviderView
|
||||
Sequence uint64
|
||||
Timestamp time.Time
|
||||
}
|
||||
|
||||
func (r *IDPProviderSearchRequest) EnsureLimit(limit uint64) {
|
||||
if r.Limit == 0 || r.Limit > limit {
|
||||
r.Limit = limit
|
||||
}
|
||||
}
|
||||
|
||||
func (r *IDPProviderSearchRequest) AppendAggregateIDQuery(aggregateID string) {
|
||||
r.Queries = append(r.Queries, &IDPProviderSearchQuery{Key: IDPProviderSearchKeyAggregateID, Method: model.SearchMethodEquals, Value: aggregateID})
|
||||
}
|
53
internal/iam/model/login_policy.go
Normal file
53
internal/iam/model/login_policy.go
Normal file
@ -0,0 +1,53 @@
|
||||
package model
|
||||
|
||||
import (
|
||||
"github.com/caos/zitadel/internal/eventstore/models"
|
||||
)
|
||||
|
||||
type LoginPolicy struct {
|
||||
models.ObjectRoot
|
||||
|
||||
State PolicyState
|
||||
Default bool
|
||||
AllowUsernamePassword bool
|
||||
AllowRegister bool
|
||||
AllowExternalIdp bool
|
||||
IDPProviders []*IDPProvider
|
||||
}
|
||||
|
||||
type IDPProvider struct {
|
||||
models.ObjectRoot
|
||||
Type IDPProviderType
|
||||
IdpConfigID string
|
||||
}
|
||||
|
||||
type PolicyState int32
|
||||
|
||||
const (
|
||||
PolicyStateActive PolicyState = iota
|
||||
PolicyStateRemoved
|
||||
)
|
||||
|
||||
type IDPProviderType int32
|
||||
|
||||
const (
|
||||
IDPProviderTypeSystem IDPProviderType = iota
|
||||
IDPProviderTypeOrg
|
||||
)
|
||||
|
||||
func (p *LoginPolicy) IsValid() bool {
|
||||
return p.ObjectRoot.AggregateID != ""
|
||||
}
|
||||
|
||||
func (p *IDPProvider) IsValid() bool {
|
||||
return p.ObjectRoot.AggregateID != "" && p.IdpConfigID != ""
|
||||
}
|
||||
|
||||
func (p *LoginPolicy) GetIdpProvider(id string) (int, *IDPProvider) {
|
||||
for i, m := range p.IDPProviders {
|
||||
if m.IdpConfigID == id {
|
||||
return i, m
|
||||
}
|
||||
}
|
||||
return -1, nil
|
||||
}
|
48
internal/iam/model/login_policy_view.go
Normal file
48
internal/iam/model/login_policy_view.go
Normal file
@ -0,0 +1,48 @@
|
||||
package model
|
||||
|
||||
import (
|
||||
"github.com/caos/zitadel/internal/model"
|
||||
"time"
|
||||
)
|
||||
|
||||
type LoginPolicyView struct {
|
||||
AggregateID string
|
||||
AllowUsernamePassword bool
|
||||
AllowRegister bool
|
||||
AllowExternalIDP bool
|
||||
Default bool
|
||||
|
||||
CreationDate time.Time
|
||||
ChangeDate time.Time
|
||||
Sequence uint64
|
||||
}
|
||||
|
||||
type LoginPolicySearchRequest struct {
|
||||
Offset uint64
|
||||
Limit uint64
|
||||
SortingColumn LoginPolicySearchKey
|
||||
Asc bool
|
||||
Queries []*LoginPolicySearchQuery
|
||||
}
|
||||
|
||||
type LoginPolicySearchKey int32
|
||||
|
||||
const (
|
||||
LoginPolicySearchKeyUnspecified LoginPolicySearchKey = iota
|
||||
LoginPolicySearchKeyAggregateID
|
||||
)
|
||||
|
||||
type LoginPolicySearchQuery struct {
|
||||
Key LoginPolicySearchKey
|
||||
Method model.SearchMethod
|
||||
Value interface{}
|
||||
}
|
||||
|
||||
type LoginPolicySearchResponse struct {
|
||||
Offset uint64
|
||||
Limit uint64
|
||||
TotalResult uint64
|
||||
Result []*LoginPolicyView
|
||||
Sequence uint64
|
||||
Timestamp time.Time
|
||||
}
|
@ -8,26 +8,26 @@ import (
|
||||
"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
|
||||
)
|
||||
|
||||
type IamCache struct {
|
||||
type IAMCache struct {
|
||||
iamCache cache.Cache
|
||||
}
|
||||
|
||||
func StartCache(conf *config.CacheConfig) (*IamCache, error) {
|
||||
func StartCache(conf *config.CacheConfig) (*IAMCache, error) {
|
||||
iamCache, err := conf.Config.NewCache()
|
||||
logging.Log("EVENT-9siew").OnError(err).Panic("unable to create iam cache")
|
||||
|
||||
return &IamCache{iamCache: iamCache}, nil
|
||||
return &IAMCache{iamCache: iamCache}, nil
|
||||
}
|
||||
|
||||
func (c *IamCache) getIam(ID string) *model.Iam {
|
||||
user := &model.Iam{ObjectRoot: models.ObjectRoot{AggregateID: ID}}
|
||||
func (c *IAMCache) getIAM(ID string) *model.IAM {
|
||||
user := &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: ID}}
|
||||
if err := c.iamCache.Get(ID, user); err != nil {
|
||||
logging.Log("EVENT-slo9x").WithError(err).Debug("error in getting cache")
|
||||
}
|
||||
return user
|
||||
}
|
||||
|
||||
func (c *IamCache) cacheIam(iam *model.Iam) {
|
||||
func (c *IAMCache) cacheIAM(iam *model.IAM) {
|
||||
err := c.iamCache.Set(iam.AggregateID, iam)
|
||||
if err != nil {
|
||||
logging.Log("EVENT-os03w").WithError(err).Debug("error in setting iam cache")
|
||||
|
@ -4,40 +4,50 @@ import (
|
||||
"context"
|
||||
"github.com/caos/zitadel/internal/cache/config"
|
||||
sd "github.com/caos/zitadel/internal/config/systemdefaults"
|
||||
"github.com/caos/zitadel/internal/crypto"
|
||||
caos_errs "github.com/caos/zitadel/internal/errors"
|
||||
es_int "github.com/caos/zitadel/internal/eventstore"
|
||||
"github.com/caos/zitadel/internal/eventstore/models"
|
||||
es_sdk "github.com/caos/zitadel/internal/eventstore/sdk"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
|
||||
"github.com/caos/zitadel/internal/id"
|
||||
)
|
||||
|
||||
type IamEventstore struct {
|
||||
type IAMEventstore struct {
|
||||
es_int.Eventstore
|
||||
iamCache *IamCache
|
||||
iamCache *IAMCache
|
||||
idGenerator id.Generator
|
||||
secretCrypto crypto.Crypto
|
||||
}
|
||||
|
||||
type IamConfig struct {
|
||||
type IAMConfig struct {
|
||||
es_int.Eventstore
|
||||
Cache *config.CacheConfig
|
||||
}
|
||||
|
||||
func StartIam(conf IamConfig, systemDefaults sd.SystemDefaults) (*IamEventstore, error) {
|
||||
func StartIAM(conf IAMConfig, systemDefaults sd.SystemDefaults) (*IAMEventstore, error) {
|
||||
iamCache, err := StartCache(conf.Cache)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &IamEventstore{
|
||||
Eventstore: conf.Eventstore,
|
||||
iamCache: iamCache,
|
||||
aesCrypto, err := crypto.NewAESCrypto(systemDefaults.IDPConfigVerificationKey)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &IAMEventstore{
|
||||
Eventstore: conf.Eventstore,
|
||||
iamCache: iamCache,
|
||||
idGenerator: id.SonyFlakeGenerator,
|
||||
secretCrypto: aesCrypto,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (es *IamEventstore) IamByID(ctx context.Context, id string) (*iam_model.Iam, error) {
|
||||
iam := es.iamCache.getIam(id)
|
||||
func (es *IAMEventstore) IAMByID(ctx context.Context, id string) (*iam_model.IAM, error) {
|
||||
iam := es.iamCache.getIAM(id)
|
||||
|
||||
query, err := IamByIDQuery(iam.AggregateID, iam.Sequence)
|
||||
query, err := IAMByIDQuery(iam.AggregateID, iam.Sequence)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -45,12 +55,12 @@ func (es *IamEventstore) IamByID(ctx context.Context, id string) (*iam_model.Iam
|
||||
if err != nil && caos_errs.IsNotFound(err) && iam.Sequence == 0 {
|
||||
return nil, err
|
||||
}
|
||||
es.iamCache.cacheIam(iam)
|
||||
return model.IamToModel(iam), nil
|
||||
es.iamCache.cacheIAM(iam)
|
||||
return model.IAMToModel(iam), nil
|
||||
}
|
||||
|
||||
func (es *IamEventstore) StartSetup(ctx context.Context, iamID string) (*iam_model.Iam, error) {
|
||||
iam, err := es.IamByID(ctx, iamID)
|
||||
func (es *IAMEventstore) StartSetup(ctx context.Context, iamID string) (*iam_model.IAM, error) {
|
||||
iam, err := es.IAMByID(ctx, iamID)
|
||||
if err != nil && !caos_errs.IsNotFound(err) {
|
||||
return nil, err
|
||||
}
|
||||
@ -59,132 +69,420 @@ func (es *IamEventstore) StartSetup(ctx context.Context, iamID string) (*iam_mod
|
||||
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-9so34", "Setup already started")
|
||||
}
|
||||
|
||||
repoIam := &model.Iam{ObjectRoot: models.ObjectRoot{AggregateID: iamID}}
|
||||
createAggregate := IamSetupStartedAggregate(es.AggregateCreator(), repoIam)
|
||||
repoIam := &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: iamID}}
|
||||
createAggregate := IAMSetupStartedAggregate(es.AggregateCreator(), repoIam)
|
||||
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, createAggregate)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
es.iamCache.cacheIam(repoIam)
|
||||
return model.IamToModel(repoIam), nil
|
||||
es.iamCache.cacheIAM(repoIam)
|
||||
return model.IAMToModel(repoIam), nil
|
||||
}
|
||||
|
||||
func (es *IamEventstore) SetupDone(ctx context.Context, iamID string) (*iam_model.Iam, error) {
|
||||
iam, err := es.IamByID(ctx, iamID)
|
||||
func (es *IAMEventstore) SetupDone(ctx context.Context, iamID string) (*iam_model.IAM, error) {
|
||||
iam, err := es.IAMByID(ctx, iamID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
repoIam := model.IamFromModel(iam)
|
||||
createAggregate := IamSetupDoneAggregate(es.AggregateCreator(), repoIam)
|
||||
repoIam := model.IAMFromModel(iam)
|
||||
createAggregate := IAMSetupDoneAggregate(es.AggregateCreator(), repoIam)
|
||||
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, createAggregate)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
es.iamCache.cacheIam(repoIam)
|
||||
return model.IamToModel(repoIam), nil
|
||||
es.iamCache.cacheIAM(repoIam)
|
||||
return model.IAMToModel(repoIam), nil
|
||||
}
|
||||
|
||||
func (es *IamEventstore) SetGlobalOrg(ctx context.Context, iamID, globalOrg string) (*iam_model.Iam, error) {
|
||||
iam, err := es.IamByID(ctx, iamID)
|
||||
func (es *IAMEventstore) SetGlobalOrg(ctx context.Context, iamID, globalOrg string) (*iam_model.IAM, error) {
|
||||
iam, err := es.IAMByID(ctx, iamID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
repoIam := model.IamFromModel(iam)
|
||||
createAggregate := IamSetGlobalOrgAggregate(es.AggregateCreator(), repoIam, globalOrg)
|
||||
repoIam := model.IAMFromModel(iam)
|
||||
createAggregate := IAMSetGlobalOrgAggregate(es.AggregateCreator(), repoIam, globalOrg)
|
||||
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, createAggregate)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
es.iamCache.cacheIam(repoIam)
|
||||
return model.IamToModel(repoIam), nil
|
||||
es.iamCache.cacheIAM(repoIam)
|
||||
return model.IAMToModel(repoIam), nil
|
||||
}
|
||||
|
||||
func (es *IamEventstore) SetIamProject(ctx context.Context, iamID, iamProjectID string) (*iam_model.Iam, error) {
|
||||
iam, err := es.IamByID(ctx, iamID)
|
||||
func (es *IAMEventstore) SetIAMProject(ctx context.Context, iamID, iamProjectID string) (*iam_model.IAM, error) {
|
||||
iam, err := es.IAMByID(ctx, iamID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
repoIam := model.IamFromModel(iam)
|
||||
createAggregate := IamSetIamProjectAggregate(es.AggregateCreator(), repoIam, iamProjectID)
|
||||
repoIam := model.IAMFromModel(iam)
|
||||
createAggregate := IAMSetIamProjectAggregate(es.AggregateCreator(), repoIam, iamProjectID)
|
||||
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, createAggregate)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
es.iamCache.cacheIam(repoIam)
|
||||
return model.IamToModel(repoIam), nil
|
||||
es.iamCache.cacheIAM(repoIam)
|
||||
return model.IAMToModel(repoIam), nil
|
||||
}
|
||||
|
||||
func (es *IamEventstore) AddIamMember(ctx context.Context, member *iam_model.IamMember) (*iam_model.IamMember, error) {
|
||||
func (es *IAMEventstore) AddIAMMember(ctx context.Context, member *iam_model.IAMMember) (*iam_model.IAMMember, error) {
|
||||
if !member.IsValid() {
|
||||
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-89osr", "Errors.Iam.MemberInvalid")
|
||||
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-89osr", "Errors.IAM.MemberInvalid")
|
||||
}
|
||||
existing, err := es.IamByID(ctx, member.AggregateID)
|
||||
existing, err := es.IAMByID(ctx, member.AggregateID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if _, m := existing.GetMember(member.UserID); m != nil {
|
||||
return nil, caos_errs.ThrowAlreadyExists(nil, "EVENT-idke6", "Errors.Iam.MemberAlreadyExisting")
|
||||
return nil, caos_errs.ThrowAlreadyExists(nil, "EVENT-idke6", "Errors.IAM.MemberAlreadyExisting")
|
||||
}
|
||||
repoIam := model.IamFromModel(existing)
|
||||
repoMember := model.IamMemberFromModel(member)
|
||||
repoIam := model.IAMFromModel(existing)
|
||||
repoMember := model.IAMMemberFromModel(member)
|
||||
|
||||
addAggregate := IamMemberAddedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoMember)
|
||||
addAggregate := IAMMemberAddedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoMember)
|
||||
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, addAggregate)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
es.iamCache.cacheIam(repoIam)
|
||||
es.iamCache.cacheIAM(repoIam)
|
||||
|
||||
if _, m := model.GetIamMember(repoIam.Members, member.UserID); m != nil {
|
||||
return model.IamMemberToModel(m), nil
|
||||
if _, m := model.GetIAMMember(repoIam.Members, member.UserID); m != nil {
|
||||
return model.IAMMemberToModel(m), nil
|
||||
}
|
||||
return nil, caos_errs.ThrowInternal(nil, "EVENT-s90pw", "Errors.Internal")
|
||||
}
|
||||
|
||||
func (es *IamEventstore) ChangeIamMember(ctx context.Context, member *iam_model.IamMember) (*iam_model.IamMember, error) {
|
||||
func (es *IAMEventstore) ChangeIAMMember(ctx context.Context, member *iam_model.IAMMember) (*iam_model.IAMMember, error) {
|
||||
if !member.IsValid() {
|
||||
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-s9ipe", "Errors.Iam.MemberInvalid")
|
||||
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-s9ipe", "Errors.IAM.MemberInvalid")
|
||||
}
|
||||
existing, err := es.IamByID(ctx, member.AggregateID)
|
||||
existing, err := es.IAMByID(ctx, member.AggregateID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if _, m := existing.GetMember(member.UserID); m == nil {
|
||||
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-s7ucs", "Errors.Iam.MemberNotExisting")
|
||||
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-s7ucs", "Errors.IAM.MemberNotExisting")
|
||||
}
|
||||
repoIam := model.IamFromModel(existing)
|
||||
repoMember := model.IamMemberFromModel(member)
|
||||
repoIam := model.IAMFromModel(existing)
|
||||
repoMember := model.IAMMemberFromModel(member)
|
||||
|
||||
projectAggregate := IamMemberChangedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoMember)
|
||||
projectAggregate := IAMMemberChangedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoMember)
|
||||
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, projectAggregate)
|
||||
es.iamCache.cacheIam(repoIam)
|
||||
es.iamCache.cacheIAM(repoIam)
|
||||
|
||||
if _, m := model.GetIamMember(repoIam.Members, member.UserID); m != nil {
|
||||
return model.IamMemberToModel(m), nil
|
||||
if _, m := model.GetIAMMember(repoIam.Members, member.UserID); m != nil {
|
||||
return model.IAMMemberToModel(m), nil
|
||||
}
|
||||
return nil, caos_errs.ThrowInternal(nil, "EVENT-29cws", "Errors.Internal")
|
||||
}
|
||||
|
||||
func (es *IamEventstore) RemoveIamMember(ctx context.Context, member *iam_model.IamMember) error {
|
||||
func (es *IAMEventstore) RemoveIAMMember(ctx context.Context, member *iam_model.IAMMember) error {
|
||||
if member.UserID == "" {
|
||||
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-0pors", "Errors.Iam.MemberInvalid")
|
||||
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-0pors", "Errors.IAM.MemberInvalid")
|
||||
}
|
||||
existing, err := es.IamByID(ctx, member.AggregateID)
|
||||
existing, err := es.IAMByID(ctx, member.AggregateID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if _, m := existing.GetMember(member.UserID); m == nil {
|
||||
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-29skr", "Errors.Iam.MemberNotExisting")
|
||||
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-29skr", "Errors.IAM.MemberNotExisting")
|
||||
}
|
||||
repoIam := model.IamFromModel(existing)
|
||||
repoMember := model.IamMemberFromModel(member)
|
||||
repoIam := model.IAMFromModel(existing)
|
||||
repoMember := model.IAMMemberFromModel(member)
|
||||
|
||||
projectAggregate := IamMemberRemovedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoMember)
|
||||
projectAggregate := IAMMemberRemovedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoMember)
|
||||
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, projectAggregate)
|
||||
es.iamCache.cacheIam(repoIam)
|
||||
es.iamCache.cacheIAM(repoIam)
|
||||
return err
|
||||
}
|
||||
|
||||
func (es *IAMEventstore) GetIDPConfig(ctx context.Context, aggregateID, idpConfigID string) (*iam_model.IDPConfig, error) {
|
||||
existing, err := es.IAMByID(ctx, aggregateID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if _, existingIDP := existing.GetIDP(idpConfigID); existingIDP != nil {
|
||||
return existingIDP, nil
|
||||
}
|
||||
return nil, caos_errs.ThrowNotFound(nil, "EVENT-Scj8s", "Errors.IAM.IdpNotExisting")
|
||||
}
|
||||
|
||||
func (es *IAMEventstore) AddIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error) {
|
||||
if idp == nil || !idp.IsValid(true) {
|
||||
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Ms89d", "Errors.IAM.IdpInvalid")
|
||||
}
|
||||
existing, err := es.IAMByID(ctx, idp.AggregateID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
id, err := es.idGenerator.Next()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
idp.IDPConfigID = id
|
||||
|
||||
if idp.OIDCConfig != nil {
|
||||
idp.OIDCConfig.IDPConfigID = id
|
||||
err = idp.OIDCConfig.CryptSecret(es.secretCrypto)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
repoIam := model.IAMFromModel(existing)
|
||||
repoIdp := model.IDPConfigFromModel(idp)
|
||||
|
||||
addAggregate := IDPConfigAddedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoIdp)
|
||||
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, addAggregate)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
es.iamCache.cacheIAM(repoIam)
|
||||
if _, idpConfig := model.GetIDPConfig(repoIam.IDPs, idp.IDPConfigID); idpConfig != nil {
|
||||
return model.IDPConfigToModel(idpConfig), nil
|
||||
}
|
||||
return nil, caos_errs.ThrowInternal(nil, "EVENT-Scj8s", "Errors.Internal")
|
||||
}
|
||||
|
||||
func (es *IAMEventstore) ChangeIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error) {
|
||||
if idp == nil || !idp.IsValid(false) {
|
||||
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Cms8o", "Errors.IAM.IdpInvalid")
|
||||
}
|
||||
existing, err := es.IAMByID(ctx, idp.AggregateID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if _, existingIDP := existing.GetIDP(idp.IDPConfigID); existingIDP == nil {
|
||||
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Cmlos", "Errors.IAM.IdpNotExisting")
|
||||
}
|
||||
repoIam := model.IAMFromModel(existing)
|
||||
repoIdp := model.IDPConfigFromModel(idp)
|
||||
|
||||
iamAggregate := IDPConfigChangedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoIdp)
|
||||
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, iamAggregate)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
es.iamCache.cacheIAM(repoIam)
|
||||
if _, idpConfig := model.GetIDPConfig(repoIam.IDPs, idp.IDPConfigID); idpConfig != nil {
|
||||
return model.IDPConfigToModel(idpConfig), nil
|
||||
}
|
||||
return nil, caos_errs.ThrowInternal(nil, "EVENT-Xmlo0", "Errors.Internal")
|
||||
}
|
||||
|
||||
func (es *IAMEventstore) PrepareRemoveIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*model.IAM, *models.Aggregate, error) {
|
||||
if idp == nil || idp.IDPConfigID == "" {
|
||||
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Wz7sD", "Errors.IAM.IDMissing")
|
||||
}
|
||||
existing, err := es.IAMByID(ctx, idp.AggregateID)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
if _, existingIDP := existing.GetIDP(idp.IDPConfigID); existingIDP == nil {
|
||||
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Smiu8", "Errors.IAM.IdpNotExisting")
|
||||
}
|
||||
repoIam := model.IAMFromModel(existing)
|
||||
repoIdp := model.IDPConfigFromModel(idp)
|
||||
provider := new(model.IDPProvider)
|
||||
if repoIam.DefaultLoginPolicy != nil {
|
||||
_, provider = model.GetIDPProvider(repoIam.DefaultLoginPolicy.IDPProviders, idp.IDPConfigID)
|
||||
}
|
||||
agg, err := IDPConfigRemovedAggregate(ctx, es.Eventstore.AggregateCreator(), repoIam, repoIdp, provider)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
return repoIam, agg, nil
|
||||
}
|
||||
|
||||
func (es *IAMEventstore) RemoveIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) error {
|
||||
repoIam, agg, err := es.PrepareRemoveIDPConfig(ctx, idp)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = es_sdk.PushAggregates(ctx, es.PushAggregates, repoIam.AppendEvents, agg)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
es.iamCache.cacheIAM(repoIam)
|
||||
return nil
|
||||
}
|
||||
|
||||
func (es *IAMEventstore) DeactivateIDPConfig(ctx context.Context, iamID, idpID string) (*iam_model.IDPConfig, error) {
|
||||
if idpID == "" {
|
||||
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Fbs8o", "Errors.IAM.IDMissing")
|
||||
}
|
||||
existing, err := es.IAMByID(ctx, iamID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
idp := &iam_model.IDPConfig{IDPConfigID: idpID}
|
||||
if _, existingIDP := existing.GetIDP(idp.IDPConfigID); existingIDP == nil {
|
||||
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Mci32", "Errors.IAM.IdpNotExisting")
|
||||
}
|
||||
repoIam := model.IAMFromModel(existing)
|
||||
repoIdp := model.IDPConfigFromModel(idp)
|
||||
|
||||
iamAggregate := IDPConfigDeactivatedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoIdp)
|
||||
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, iamAggregate)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
es.iamCache.cacheIAM(repoIam)
|
||||
if _, idpConfig := model.GetIDPConfig(repoIam.IDPs, idp.IDPConfigID); idpConfig != nil {
|
||||
return model.IDPConfigToModel(idpConfig), nil
|
||||
}
|
||||
return nil, caos_errs.ThrowInternal(nil, "EVENT-Xnc8d", "Errors.Internal")
|
||||
}
|
||||
|
||||
func (es *IAMEventstore) ReactivateIDPConfig(ctx context.Context, iamID, idpID string) (*iam_model.IDPConfig, error) {
|
||||
if idpID == "" {
|
||||
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Wkjsf", "Errors.IAM.IDMissing")
|
||||
}
|
||||
iam, err := es.IAMByID(ctx, iamID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
idp := &iam_model.IDPConfig{IDPConfigID: idpID}
|
||||
if _, existingIDP := iam.GetIDP(idp.IDPConfigID); existingIDP == nil {
|
||||
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Sjc78", "Errors.IAM.IdpNotExisting")
|
||||
}
|
||||
repoIam := model.IAMFromModel(iam)
|
||||
repoIdp := model.IDPConfigFromModel(idp)
|
||||
|
||||
iamAggregate := IDPConfigReactivatedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoIdp)
|
||||
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, iamAggregate)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
es.iamCache.cacheIAM(repoIam)
|
||||
if _, idpConfig := model.GetIDPConfig(repoIam.IDPs, idp.IDPConfigID); idpConfig != nil {
|
||||
return model.IDPConfigToModel(idpConfig), nil
|
||||
}
|
||||
return nil, caos_errs.ThrowInternal(nil, "EVENT-Snd4f", "Errors.Internal")
|
||||
}
|
||||
|
||||
func (es *IAMEventstore) ChangeIDPOIDCConfig(ctx context.Context, config *iam_model.OIDCIDPConfig) (*iam_model.OIDCIDPConfig, error) {
|
||||
if config == nil || !config.IsValid(false) {
|
||||
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-*5ki8", "Errors.IAM.OIDCConfigInvalid")
|
||||
}
|
||||
iam, err := es.IAMByID(ctx, config.AggregateID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var idp *iam_model.IDPConfig
|
||||
if _, idp = iam.GetIDP(config.IDPConfigID); idp == nil {
|
||||
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-pso0s", "Errors.IAM.IdpNoExisting")
|
||||
}
|
||||
if idp.Type != iam_model.IDPConfigTypeOIDC {
|
||||
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Fms8w", "Errors.IAM.IdpIsNotOIDC")
|
||||
}
|
||||
if config.ClientSecretString != "" {
|
||||
err = idp.OIDCConfig.CryptSecret(es.secretCrypto)
|
||||
} else {
|
||||
config.ClientSecret = nil
|
||||
}
|
||||
repoIam := model.IAMFromModel(iam)
|
||||
repoConfig := model.OIDCIDPConfigFromModel(config)
|
||||
|
||||
iamAggregate := OIDCIDPConfigChangedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoConfig)
|
||||
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, iamAggregate)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
es.iamCache.cacheIAM(repoIam)
|
||||
if _, idpConfig := model.GetIDPConfig(repoIam.IDPs, idp.IDPConfigID); idpConfig != nil {
|
||||
return model.OIDCIDPConfigToModel(idpConfig.OIDCIDPConfig), nil
|
||||
}
|
||||
return nil, caos_errs.ThrowInternal(nil, "EVENT-Sldk8", "Errors.Internal")
|
||||
}
|
||||
|
||||
func (es *IAMEventstore) AddLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) {
|
||||
if policy == nil || !policy.IsValid() {
|
||||
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Lso02", "Errors.IAM.LoginPolicyInvalid")
|
||||
}
|
||||
iam, err := es.IAMByID(ctx, policy.AggregateID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
repoIam := model.IAMFromModel(iam)
|
||||
repoLoginPolicy := model.LoginPolicyFromModel(policy)
|
||||
|
||||
addAggregate := LoginPolicyAddedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoLoginPolicy)
|
||||
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, addAggregate)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
es.iamCache.cacheIAM(repoIam)
|
||||
return model.LoginPolicyToModel(repoIam.DefaultLoginPolicy), nil
|
||||
}
|
||||
|
||||
func (es *IAMEventstore) ChangeLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) {
|
||||
if policy == nil || !policy.IsValid() {
|
||||
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Lso02", "Errors.IAM.LoginPolicyInvalid")
|
||||
}
|
||||
iam, err := es.IAMByID(ctx, policy.AggregateID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
repoIam := model.IAMFromModel(iam)
|
||||
repoLoginPolicy := model.LoginPolicyFromModel(policy)
|
||||
|
||||
addAggregate := LoginPolicyChangedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoLoginPolicy)
|
||||
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, addAggregate)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
es.iamCache.cacheIAM(repoIam)
|
||||
return model.LoginPolicyToModel(repoIam.DefaultLoginPolicy), nil
|
||||
}
|
||||
|
||||
func (es *IAMEventstore) AddIDPProviderToLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) (*iam_model.IDPProvider, error) {
|
||||
if provider == nil || !provider.IsValid() {
|
||||
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Lso02", "Errors.IdpProviderInvalid")
|
||||
}
|
||||
iam, err := es.IAMByID(ctx, provider.AggregateID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if _, m := iam.DefaultLoginPolicy.GetIdpProvider(provider.IdpConfigID); m != nil {
|
||||
return nil, caos_errs.ThrowAlreadyExists(nil, "EVENT-idke6", "Errors.IAM.LoginPolicy.IdpProviderAlreadyExisting")
|
||||
}
|
||||
repoIam := model.IAMFromModel(iam)
|
||||
repoProvider := model.IDPProviderFromModel(provider)
|
||||
|
||||
addAggregate := LoginPolicyIDPProviderAddedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoProvider)
|
||||
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, addAggregate)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
es.iamCache.cacheIAM(repoIam)
|
||||
if _, m := model.GetIDPProvider(repoIam.DefaultLoginPolicy.IDPProviders, provider.IdpConfigID); m != nil {
|
||||
return model.IDPProviderToModel(m), nil
|
||||
}
|
||||
return nil, caos_errs.ThrowInternal(nil, "EVENT-Slf9s", "Errors.Internal")
|
||||
}
|
||||
|
||||
func (es *IAMEventstore) RemoveIDPProviderFromLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) error {
|
||||
if provider == nil || !provider.IsValid() {
|
||||
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-Esi8c", "Errors.IdpProviderInvalid")
|
||||
}
|
||||
iam, err := es.IAMByID(ctx, provider.AggregateID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if _, m := iam.DefaultLoginPolicy.GetIdpProvider(provider.IdpConfigID); m == nil {
|
||||
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-29skr", "Errors.IAM.LoginPolicy.IdpProviderNotExisting")
|
||||
}
|
||||
repoIam := model.IAMFromModel(iam)
|
||||
addAggregate := LoginPolicyIDPProviderRemovedAggregate(es.Eventstore.AggregateCreator(), repoIam, &model.IDPProviderID{provider.IdpConfigID})
|
||||
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, addAggregate)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
es.iamCache.cacheIAM(repoIam)
|
||||
return nil
|
||||
}
|
||||
|
@ -2,6 +2,8 @@ package eventsourcing
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"github.com/caos/zitadel/internal/crypto"
|
||||
"github.com/caos/zitadel/internal/id"
|
||||
|
||||
mock_cache "github.com/caos/zitadel/internal/cache/mock"
|
||||
"github.com/caos/zitadel/internal/eventstore/mock"
|
||||
@ -10,24 +12,37 @@ import (
|
||||
"github.com/golang/mock/gomock"
|
||||
)
|
||||
|
||||
func GetMockedEventstore(ctrl *gomock.Controller, mockEs *mock.MockEventstore) *IamEventstore {
|
||||
return &IamEventstore{
|
||||
Eventstore: mockEs,
|
||||
iamCache: GetMockCache(ctrl),
|
||||
func GetMockedEventstore(ctrl *gomock.Controller, mockEs *mock.MockEventstore) *IAMEventstore {
|
||||
return &IAMEventstore{
|
||||
Eventstore: mockEs,
|
||||
iamCache: GetMockCache(ctrl),
|
||||
idGenerator: GetSonyFlacke(),
|
||||
}
|
||||
}
|
||||
|
||||
func GetMockCache(ctrl *gomock.Controller) *IamCache {
|
||||
func GetMockedEventstoreWithCrypto(ctrl *gomock.Controller, mockEs *mock.MockEventstore) *IAMEventstore {
|
||||
return &IAMEventstore{
|
||||
Eventstore: mockEs,
|
||||
iamCache: GetMockCache(ctrl),
|
||||
idGenerator: GetSonyFlacke(),
|
||||
secretCrypto: crypto.NewBCrypt(10),
|
||||
}
|
||||
}
|
||||
func GetMockCache(ctrl *gomock.Controller) *IAMCache {
|
||||
mockCache := mock_cache.NewMockCache(ctrl)
|
||||
mockCache.EXPECT().Get(gomock.Any(), gomock.Any()).Return(nil).AnyTimes()
|
||||
mockCache.EXPECT().Set(gomock.Any(), gomock.Any()).Return(nil).AnyTimes()
|
||||
return &IamCache{iamCache: mockCache}
|
||||
return &IAMCache{iamCache: mockCache}
|
||||
}
|
||||
|
||||
func GetMockIamByIDOK(ctrl *gomock.Controller) *IamEventstore {
|
||||
data, _ := json.Marshal(model.Iam{GlobalOrgID: "GlobalOrgID"})
|
||||
func GetSonyFlacke() id.Generator {
|
||||
return id.SonyFlakeGenerator
|
||||
}
|
||||
|
||||
func GetMockIamByIDOK(ctrl *gomock.Controller) *IAMEventstore {
|
||||
data, _ := json.Marshal(model.IAM{GlobalOrgID: "GlobalOrgID"})
|
||||
events := []*es_models.Event{
|
||||
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IamSetupStarted},
|
||||
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
|
||||
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.GlobalOrgSet, Data: data},
|
||||
}
|
||||
mockEs := mock.NewMockEventstore(ctrl)
|
||||
@ -35,16 +50,16 @@ func GetMockIamByIDOK(ctrl *gomock.Controller) *IamEventstore {
|
||||
return GetMockedEventstore(ctrl, mockEs)
|
||||
}
|
||||
|
||||
func GetMockIamByIDNoEvents(ctrl *gomock.Controller) *IamEventstore {
|
||||
func GetMockIamByIDNoEvents(ctrl *gomock.Controller) *IAMEventstore {
|
||||
events := []*es_models.Event{}
|
||||
mockEs := mock.NewMockEventstore(ctrl)
|
||||
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
|
||||
return GetMockedEventstore(ctrl, mockEs)
|
||||
}
|
||||
|
||||
func GetMockManipulateIam(ctrl *gomock.Controller) *IamEventstore {
|
||||
func GetMockManipulateIam(ctrl *gomock.Controller) *IAMEventstore {
|
||||
events := []*es_models.Event{
|
||||
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IamSetupStarted},
|
||||
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
|
||||
}
|
||||
mockEs := mock.NewMockEventstore(ctrl)
|
||||
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
|
||||
@ -53,11 +68,22 @@ func GetMockManipulateIam(ctrl *gomock.Controller) *IamEventstore {
|
||||
return GetMockedEventstore(ctrl, mockEs)
|
||||
}
|
||||
|
||||
func GetMockManipulateIamWithMember(ctrl *gomock.Controller) *IamEventstore {
|
||||
memberData, _ := json.Marshal(model.IamMember{UserID: "UserID", Roles: []string{"Role"}})
|
||||
func GetMockManipulateIamWithCrypto(ctrl *gomock.Controller) *IAMEventstore {
|
||||
events := []*es_models.Event{
|
||||
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IamSetupStarted},
|
||||
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IamMemberAdded, Data: memberData},
|
||||
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
|
||||
}
|
||||
mockEs := mock.NewMockEventstore(ctrl)
|
||||
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
|
||||
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
|
||||
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
|
||||
return GetMockedEventstoreWithCrypto(ctrl, mockEs)
|
||||
}
|
||||
|
||||
func GetMockManipulateIamWithMember(ctrl *gomock.Controller) *IAMEventstore {
|
||||
memberData, _ := json.Marshal(model.IAMMember{UserID: "UserID", Roles: []string{"Role"}})
|
||||
events := []*es_models.Event{
|
||||
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
|
||||
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMMemberAdded, Data: memberData},
|
||||
}
|
||||
mockEs := mock.NewMockEventstore(ctrl)
|
||||
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
|
||||
@ -65,7 +91,38 @@ func GetMockManipulateIamWithMember(ctrl *gomock.Controller) *IamEventstore {
|
||||
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
|
||||
return GetMockedEventstore(ctrl, mockEs)
|
||||
}
|
||||
func GetMockManipulateIamNotExisting(ctrl *gomock.Controller) *IamEventstore {
|
||||
|
||||
func GetMockManipulateIamWithOIDCIdp(ctrl *gomock.Controller) *IAMEventstore {
|
||||
idpData, _ := json.Marshal(model.IDPConfig{IDPConfigID: "IDPConfigID", Name: "Name"})
|
||||
oidcData, _ := json.Marshal(model.OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"})
|
||||
events := []*es_models.Event{
|
||||
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
|
||||
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IDPConfigAdded, Data: idpData},
|
||||
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.OIDCIDPConfigAdded, Data: oidcData},
|
||||
}
|
||||
mockEs := mock.NewMockEventstore(ctrl)
|
||||
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
|
||||
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
|
||||
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
|
||||
return GetMockedEventstore(ctrl, mockEs)
|
||||
}
|
||||
|
||||
func GetMockManipulateIamWithLoginPolicy(ctrl *gomock.Controller) *IAMEventstore {
|
||||
policyData, _ := json.Marshal(model.LoginPolicy{AllowRegister: true, AllowUsernamePassword: true, AllowExternalIdp: true})
|
||||
idpProviderData, _ := json.Marshal(model.IDPProvider{IDPConfigID: "IDPConfigID", Type: 1})
|
||||
events := []*es_models.Event{
|
||||
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
|
||||
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.LoginPolicyAdded, Data: policyData},
|
||||
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.LoginPolicyIDPProviderAdded, Data: idpProviderData},
|
||||
}
|
||||
mockEs := mock.NewMockEventstore(ctrl)
|
||||
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
|
||||
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
|
||||
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
|
||||
return GetMockedEventstore(ctrl, mockEs)
|
||||
}
|
||||
|
||||
func GetMockManipulateIamNotExisting(ctrl *gomock.Controller) *IAMEventstore {
|
||||
events := []*es_models.Event{}
|
||||
mockEs := mock.NewMockEventstore(ctrl)
|
||||
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -7,118 +7,358 @@ import (
|
||||
"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
|
||||
)
|
||||
|
||||
func IamByIDQuery(id string, latestSequence uint64) (*es_models.SearchQuery, error) {
|
||||
func IAMByIDQuery(id string, latestSequence uint64) (*es_models.SearchQuery, error) {
|
||||
if id == "" {
|
||||
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-0soe4", "Errors.Iam.IDMissing")
|
||||
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-0soe4", "Errors.IAM.IDMissing")
|
||||
}
|
||||
return IamQuery(latestSequence).
|
||||
return IAMQuery(latestSequence).
|
||||
AggregateIDFilter(id), nil
|
||||
}
|
||||
|
||||
func IamQuery(latestSequence uint64) *es_models.SearchQuery {
|
||||
func IAMQuery(latestSequence uint64) *es_models.SearchQuery {
|
||||
return es_models.NewSearchQuery().
|
||||
AggregateTypeFilter(model.IamAggregate).
|
||||
AggregateTypeFilter(model.IAMAggregate).
|
||||
LatestSequenceFilter(latestSequence)
|
||||
}
|
||||
|
||||
func IamAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, iam *model.Iam) (*es_models.Aggregate, error) {
|
||||
func IAMAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, iam *model.IAM) (*es_models.Aggregate, error) {
|
||||
if iam == nil {
|
||||
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-lo04e", "Errors.Internal")
|
||||
}
|
||||
return aggCreator.NewAggregate(ctx, iam.AggregateID, model.IamAggregate, model.IamVersion, iam.Sequence)
|
||||
return aggCreator.NewAggregate(ctx, iam.AggregateID, model.IAMAggregate, model.IAMVersion, iam.Sequence)
|
||||
}
|
||||
|
||||
func IamAggregateOverwriteContext(ctx context.Context, aggCreator *es_models.AggregateCreator, iam *model.Iam, resourceOwnerID string, userID string) (*es_models.Aggregate, error) {
|
||||
func IAMAggregateOverwriteContext(ctx context.Context, aggCreator *es_models.AggregateCreator, iam *model.IAM, resourceOwnerID string, userID string) (*es_models.Aggregate, error) {
|
||||
if iam == nil {
|
||||
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-dis83", "Errors.Internal")
|
||||
}
|
||||
|
||||
return aggCreator.NewAggregate(ctx, iam.AggregateID, model.IamAggregate, model.IamVersion, iam.Sequence, es_models.OverwriteResourceOwner(resourceOwnerID), es_models.OverwriteEditorUser(userID))
|
||||
return aggCreator.NewAggregate(ctx, iam.AggregateID, model.IAMAggregate, model.IAMVersion, iam.Sequence, es_models.OverwriteResourceOwner(resourceOwnerID), es_models.OverwriteEditorUser(userID))
|
||||
}
|
||||
|
||||
func IamSetupStartedAggregate(aggCreator *es_models.AggregateCreator, iam *model.Iam) func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
func IAMSetupStartedAggregate(aggCreator *es_models.AggregateCreator, iam *model.IAM) func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
return func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
agg, err := IamAggregate(ctx, aggCreator, iam)
|
||||
agg, err := IAMAggregate(ctx, aggCreator, iam)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return agg.AppendEvent(model.IamSetupStarted, nil)
|
||||
return agg.AppendEvent(model.IAMSetupStarted, nil)
|
||||
}
|
||||
}
|
||||
|
||||
func IamSetupDoneAggregate(aggCreator *es_models.AggregateCreator, iam *model.Iam) func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
func IAMSetupDoneAggregate(aggCreator *es_models.AggregateCreator, iam *model.IAM) func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
return func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
agg, err := IamAggregate(ctx, aggCreator, iam)
|
||||
agg, err := IAMAggregate(ctx, aggCreator, iam)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return agg.AppendEvent(model.IamSetupDone, nil)
|
||||
return agg.AppendEvent(model.IAMSetupDone, nil)
|
||||
}
|
||||
}
|
||||
|
||||
func IamSetGlobalOrgAggregate(aggCreator *es_models.AggregateCreator, iam *model.Iam, globalOrg string) func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
func IAMSetGlobalOrgAggregate(aggCreator *es_models.AggregateCreator, iam *model.IAM, globalOrg string) func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
return func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
if globalOrg == "" {
|
||||
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-8siwa", "Errors.Iam.GlobalOrgMissing")
|
||||
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-8siwa", "Errors.IAM.GlobalOrgMissing")
|
||||
}
|
||||
agg, err := IamAggregate(ctx, aggCreator, iam)
|
||||
agg, err := IAMAggregate(ctx, aggCreator, iam)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return agg.AppendEvent(model.GlobalOrgSet, &model.Iam{GlobalOrgID: globalOrg})
|
||||
return agg.AppendEvent(model.GlobalOrgSet, &model.IAM{GlobalOrgID: globalOrg})
|
||||
}
|
||||
}
|
||||
|
||||
func IamSetIamProjectAggregate(aggCreator *es_models.AggregateCreator, iam *model.Iam, projectID string) func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
func IAMSetIamProjectAggregate(aggCreator *es_models.AggregateCreator, iam *model.IAM, projectID string) func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
return func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
if projectID == "" {
|
||||
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-sjuw3", "Errors.Iam.IamProjectIDMisisng")
|
||||
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-sjuw3", "Errors.IAM.IamProjectIDMisisng")
|
||||
}
|
||||
agg, err := IamAggregate(ctx, aggCreator, iam)
|
||||
agg, err := IAMAggregate(ctx, aggCreator, iam)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return agg.AppendEvent(model.IamProjectSet, &model.Iam{IamProjectID: projectID})
|
||||
return agg.AppendEvent(model.IAMProjectSet, &model.IAM{IAMProjectID: projectID})
|
||||
}
|
||||
}
|
||||
|
||||
func IamMemberAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Iam, member *model.IamMember) func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
func IAMMemberAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, member *model.IAMMember) func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
return func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
if member == nil {
|
||||
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-9sope", "Errors.Internal")
|
||||
}
|
||||
agg, err := IamAggregate(ctx, aggCreator, existing)
|
||||
agg, err := IAMAggregate(ctx, aggCreator, existing)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return agg.AppendEvent(model.IamMemberAdded, member)
|
||||
return agg.AppendEvent(model.IAMMemberAdded, member)
|
||||
}
|
||||
}
|
||||
|
||||
func IamMemberChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Iam, member *model.IamMember) func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
func IAMMemberChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, member *model.IAMMember) func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
return func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
if member == nil {
|
||||
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-38skf", "Errors.Internal")
|
||||
}
|
||||
|
||||
agg, err := IamAggregate(ctx, aggCreator, existing)
|
||||
agg, err := IAMAggregate(ctx, aggCreator, existing)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return agg.AppendEvent(model.IamMemberChanged, member)
|
||||
return agg.AppendEvent(model.IAMMemberChanged, member)
|
||||
}
|
||||
}
|
||||
|
||||
func IamMemberRemovedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Iam, member *model.IamMember) func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
func IAMMemberRemovedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, member *model.IAMMember) func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
return func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
if member == nil {
|
||||
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-90lsw", "Errors.Internal")
|
||||
}
|
||||
agg, err := IamAggregate(ctx, aggCreator, existing)
|
||||
agg, err := IAMAggregate(ctx, aggCreator, existing)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return agg.AppendEvent(model.IamMemberRemoved, member)
|
||||
return agg.AppendEvent(model.IAMMemberRemoved, member)
|
||||
}
|
||||
}
|
||||
|
||||
func IDPConfigAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, idp *model.IDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
return func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
if idp == nil {
|
||||
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-MSn7d", "Errors.Internal")
|
||||
}
|
||||
agg, err := IAMAggregate(ctx, aggCreator, existing)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
agg, err = agg.AppendEvent(model.IDPConfigAdded, idp)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if idp.OIDCIDPConfig != nil {
|
||||
return agg.AppendEvent(model.OIDCIDPConfigAdded, idp.OIDCIDPConfig)
|
||||
}
|
||||
return agg, nil
|
||||
}
|
||||
}
|
||||
|
||||
func IDPConfigChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, idp *model.IDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
return func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
if idp == nil {
|
||||
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Amc7s", "Errors.Internal")
|
||||
}
|
||||
agg, err := IAMAggregate(ctx, aggCreator, existing)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var changes map[string]interface{}
|
||||
for _, i := range existing.IDPs {
|
||||
if i.IDPConfigID == idp.IDPConfigID {
|
||||
changes = i.Changes(idp)
|
||||
}
|
||||
}
|
||||
return agg.AppendEvent(model.IDPConfigChanged, changes)
|
||||
}
|
||||
}
|
||||
|
||||
func IDPConfigRemovedAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, existing *model.IAM, idp *model.IDPConfig, provider *model.IDPProvider) (*es_models.Aggregate, error) {
|
||||
if idp == nil {
|
||||
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-se23g", "Errors.Internal")
|
||||
}
|
||||
agg, err := IAMAggregate(ctx, aggCreator, existing)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
agg, err = agg.AppendEvent(model.IDPConfigRemoved, &model.IDPConfigID{IDPConfigID: idp.IDPConfigID})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if provider != nil {
|
||||
return agg.AppendEvent(model.LoginPolicyIDPProviderCascadeRemoved, &model.IDPConfigID{IDPConfigID: idp.IDPConfigID})
|
||||
}
|
||||
return agg, nil
|
||||
}
|
||||
|
||||
func IDPConfigDeactivatedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, idp *model.IDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
return func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
if idp == nil {
|
||||
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-slfi3", "Errors.Internal")
|
||||
}
|
||||
agg, err := IAMAggregate(ctx, aggCreator, existing)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return agg.AppendEvent(model.IDPConfigDeactivated, &model.IDPConfigID{IDPConfigID: idp.IDPConfigID})
|
||||
}
|
||||
}
|
||||
|
||||
func IDPConfigReactivatedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, idp *model.IDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
return func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
if idp == nil {
|
||||
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-slf32", "Errors.Internal")
|
||||
}
|
||||
agg, err := IAMAggregate(ctx, aggCreator, existing)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return agg.AppendEvent(model.IDPConfigReactivated, &model.IDPConfigID{IDPConfigID: idp.IDPConfigID})
|
||||
}
|
||||
}
|
||||
|
||||
func OIDCIDPConfigChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, config *model.OIDCIDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
return func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
if config == nil {
|
||||
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-slf32", "Errors.Internal")
|
||||
}
|
||||
agg, err := IAMAggregate(ctx, aggCreator, existing)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var changes map[string]interface{}
|
||||
for _, idp := range existing.IDPs {
|
||||
if idp.IDPConfigID == config.IDPConfigID && idp.OIDCIDPConfig != nil {
|
||||
changes = idp.OIDCIDPConfig.Changes(config)
|
||||
}
|
||||
}
|
||||
if len(changes) <= 1 {
|
||||
return nil, errors.ThrowPreconditionFailedf(nil, "EVENT-Cml9s", "Errors.NoChangesFound")
|
||||
}
|
||||
return agg.AppendEvent(model.OIDCIDPConfigChanged, changes)
|
||||
}
|
||||
}
|
||||
|
||||
func LoginPolicyAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, policy *model.LoginPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
return func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
if policy == nil {
|
||||
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Smla8", "Errors.Internal")
|
||||
}
|
||||
agg, err := IAMAggregate(ctx, aggCreator, existing)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
validationQuery := es_models.NewSearchQuery().
|
||||
AggregateTypeFilter(model.IAMAggregate).
|
||||
EventTypesFilter(model.LoginPolicyAdded).
|
||||
AggregateIDFilter(existing.AggregateID)
|
||||
|
||||
validation := checkExistingLoginPolicyValidation()
|
||||
agg.SetPrecondition(validationQuery, validation)
|
||||
return agg.AppendEvent(model.LoginPolicyAdded, policy)
|
||||
}
|
||||
}
|
||||
|
||||
func LoginPolicyChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, policy *model.LoginPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
return func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
if policy == nil {
|
||||
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Mlco9", "Errors.Internal")
|
||||
}
|
||||
agg, err := IAMAggregate(ctx, aggCreator, existing)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
changes := existing.DefaultLoginPolicy.Changes(policy)
|
||||
if len(changes) == 0 {
|
||||
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Smk8d", "Errors.NoChangesFound")
|
||||
}
|
||||
return agg.AppendEvent(model.LoginPolicyChanged, changes)
|
||||
}
|
||||
}
|
||||
|
||||
func LoginPolicyIDPProviderAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, provider *model.IDPProvider) func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
return func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
if provider == nil {
|
||||
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Sml9d", "Errors.Internal")
|
||||
}
|
||||
agg, err := IAMAggregate(ctx, aggCreator, existing)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
validationQuery := es_models.NewSearchQuery().
|
||||
AggregateTypeFilter(model.IAMAggregate).
|
||||
AggregateIDFilter(existing.AggregateID)
|
||||
|
||||
validation := checkExistingLoginPolicyIDPProviderValidation(provider.IDPConfigID)
|
||||
agg.SetPrecondition(validationQuery, validation)
|
||||
return agg.AppendEvent(model.LoginPolicyIDPProviderAdded, provider)
|
||||
}
|
||||
}
|
||||
|
||||
func LoginPolicyIDPProviderRemovedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, provider *model.IDPProviderID) func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
return func(ctx context.Context) (*es_models.Aggregate, error) {
|
||||
if provider == nil || existing == nil {
|
||||
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Sml9d", "Errors.Internal")
|
||||
}
|
||||
agg, err := IAMAggregate(ctx, aggCreator, existing)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return agg.AppendEvent(model.LoginPolicyIDPProviderRemoved, provider)
|
||||
}
|
||||
}
|
||||
|
||||
func checkExistingLoginPolicyValidation() func(...*es_models.Event) error {
|
||||
return func(events ...*es_models.Event) error {
|
||||
for _, event := range events {
|
||||
switch event.Type {
|
||||
case model.LoginPolicyAdded:
|
||||
return errors.ThrowPreconditionFailed(nil, "EVENT-Ski9d", "Errors.IAM.LoginPolicy.AlreadyExists")
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
func checkExistingLoginPolicyIDPProviderValidation(idpConfigID string) func(...*es_models.Event) error {
|
||||
return func(events ...*es_models.Event) error {
|
||||
idpConfigs := make([]*model.IDPConfig, 0)
|
||||
idps := make([]*model.IDPProvider, 0)
|
||||
for _, event := range events {
|
||||
switch event.Type {
|
||||
case model.IDPConfigAdded:
|
||||
config := new(model.IDPConfig)
|
||||
config.SetData(event)
|
||||
idpConfigs = append(idpConfigs, config)
|
||||
case model.IDPConfigRemoved:
|
||||
config := new(model.IDPConfig)
|
||||
config.SetData(event)
|
||||
for i, p := range idpConfigs {
|
||||
if p.IDPConfigID == config.IDPConfigID {
|
||||
idpConfigs[i] = idpConfigs[len(idpConfigs)-1]
|
||||
idpConfigs[len(idpConfigs)-1] = nil
|
||||
idpConfigs = idpConfigs[:len(idpConfigs)-1]
|
||||
}
|
||||
}
|
||||
case model.LoginPolicyIDPProviderAdded:
|
||||
idp := new(model.IDPProvider)
|
||||
idp.SetData(event)
|
||||
idps = append(idps, idp)
|
||||
case model.LoginPolicyIDPProviderRemoved:
|
||||
idp := new(model.IDPProvider)
|
||||
idp.SetData(event)
|
||||
for i, p := range idps {
|
||||
if p.IDPConfigID == idp.IDPConfigID {
|
||||
idps[i] = idps[len(idps)-1]
|
||||
idps[len(idps)-1] = nil
|
||||
idps = idps[:len(idps)-1]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
exists := false
|
||||
for _, p := range idpConfigs {
|
||||
if p.IDPConfigID == idpConfigID {
|
||||
exists = true
|
||||
}
|
||||
}
|
||||
if !exists {
|
||||
return errors.ThrowPreconditionFailed(nil, "EVENT-Djlo9", "Errors.IAM.IdpNotExisting")
|
||||
}
|
||||
for _, p := range idps {
|
||||
if p.IDPConfigID == idpConfigID {
|
||||
return errors.ThrowPreconditionFailed(nil, "EVENT-us5Zw", "Errors.IAM.LoginPolicy.IdpProviderAlreadyExisting")
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -9,45 +9,57 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
IamVersion = "v1"
|
||||
IAMVersion = "v1"
|
||||
)
|
||||
|
||||
type Iam struct {
|
||||
type IAM struct {
|
||||
es_models.ObjectRoot
|
||||
SetUpStarted bool `json:"-"`
|
||||
SetUpDone bool `json:"-"`
|
||||
GlobalOrgID string `json:"globalOrgId,omitempty"`
|
||||
IamProjectID string `json:"iamProjectId,omitempty"`
|
||||
Members []*IamMember `json:"-"`
|
||||
SetUpStarted bool `json:"-"`
|
||||
SetUpDone bool `json:"-"`
|
||||
GlobalOrgID string `json:"globalOrgId,omitempty"`
|
||||
IAMProjectID string `json:"iamProjectId,omitempty"`
|
||||
Members []*IAMMember `json:"-"`
|
||||
IDPs []*IDPConfig `json:"-"`
|
||||
DefaultLoginPolicy *LoginPolicy `json:"-"`
|
||||
}
|
||||
|
||||
func IamFromModel(iam *model.Iam) *Iam {
|
||||
members := IamMembersFromModel(iam.Members)
|
||||
converted := &Iam{
|
||||
func IAMFromModel(iam *model.IAM) *IAM {
|
||||
members := IAMMembersFromModel(iam.Members)
|
||||
idps := IDPConfigsFromModel(iam.IDPs)
|
||||
converted := &IAM{
|
||||
ObjectRoot: iam.ObjectRoot,
|
||||
SetUpStarted: iam.SetUpStarted,
|
||||
SetUpDone: iam.SetUpDone,
|
||||
GlobalOrgID: iam.GlobalOrgID,
|
||||
IamProjectID: iam.IamProjectID,
|
||||
IAMProjectID: iam.IAMProjectID,
|
||||
Members: members,
|
||||
IDPs: idps,
|
||||
}
|
||||
if iam.DefaultLoginPolicy != nil {
|
||||
converted.DefaultLoginPolicy = LoginPolicyFromModel(iam.DefaultLoginPolicy)
|
||||
}
|
||||
return converted
|
||||
}
|
||||
|
||||
func IamToModel(iam *Iam) *model.Iam {
|
||||
members := IamMembersToModel(iam.Members)
|
||||
converted := &model.Iam{
|
||||
func IAMToModel(iam *IAM) *model.IAM {
|
||||
members := IAMMembersToModel(iam.Members)
|
||||
idps := IDPConfigsToModel(iam.IDPs)
|
||||
converted := &model.IAM{
|
||||
ObjectRoot: iam.ObjectRoot,
|
||||
SetUpStarted: iam.SetUpStarted,
|
||||
SetUpDone: iam.SetUpDone,
|
||||
GlobalOrgID: iam.GlobalOrgID,
|
||||
IamProjectID: iam.IamProjectID,
|
||||
IAMProjectID: iam.IAMProjectID,
|
||||
Members: members,
|
||||
IDPs: idps,
|
||||
}
|
||||
if iam.DefaultLoginPolicy != nil {
|
||||
converted.DefaultLoginPolicy = LoginPolicyToModel(iam.DefaultLoginPolicy)
|
||||
}
|
||||
return converted
|
||||
}
|
||||
|
||||
func (i *Iam) AppendEvents(events ...*es_models.Event) error {
|
||||
func (i *IAM) AppendEvents(events ...*es_models.Event) error {
|
||||
for _, event := range events {
|
||||
if err := i.AppendEvent(event); err != nil {
|
||||
return err
|
||||
@ -56,27 +68,50 @@ func (i *Iam) AppendEvents(events ...*es_models.Event) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (i *Iam) AppendEvent(event *es_models.Event) (err error) {
|
||||
func (i *IAM) AppendEvent(event *es_models.Event) (err error) {
|
||||
i.ObjectRoot.AppendEvent(event)
|
||||
switch event.Type {
|
||||
case IamSetupStarted:
|
||||
case IAMSetupStarted:
|
||||
i.SetUpStarted = true
|
||||
case IamSetupDone:
|
||||
case IAMSetupDone:
|
||||
i.SetUpDone = true
|
||||
case IamProjectSet,
|
||||
case IAMProjectSet,
|
||||
GlobalOrgSet:
|
||||
err = i.SetData(event)
|
||||
case IamMemberAdded:
|
||||
case IAMMemberAdded:
|
||||
err = i.appendAddMemberEvent(event)
|
||||
case IamMemberChanged:
|
||||
case IAMMemberChanged:
|
||||
err = i.appendChangeMemberEvent(event)
|
||||
case IamMemberRemoved:
|
||||
case IAMMemberRemoved:
|
||||
err = i.appendRemoveMemberEvent(event)
|
||||
case IDPConfigAdded:
|
||||
return i.appendAddIDPConfigEvent(event)
|
||||
case IDPConfigChanged:
|
||||
return i.appendChangeIDPConfigEvent(event)
|
||||
case IDPConfigRemoved:
|
||||
return i.appendRemoveIDPConfigEvent(event)
|
||||
case IDPConfigDeactivated:
|
||||
return i.appendIDPConfigStateEvent(event, model.IDPConfigStateInactive)
|
||||
case IDPConfigReactivated:
|
||||
return i.appendIDPConfigStateEvent(event, model.IDPConfigStateActive)
|
||||
case OIDCIDPConfigAdded:
|
||||
return i.appendAddOIDCIDPConfigEvent(event)
|
||||
case OIDCIDPConfigChanged:
|
||||
return i.appendChangeOIDCIDPConfigEvent(event)
|
||||
case LoginPolicyAdded:
|
||||
return i.appendAddLoginPolicyEvent(event)
|
||||
case LoginPolicyChanged:
|
||||
return i.appendChangeLoginPolicyEvent(event)
|
||||
case LoginPolicyIDPProviderAdded:
|
||||
return i.appendAddIDPProviderToLoginPolicyEvent(event)
|
||||
case LoginPolicyIDPProviderRemoved:
|
||||
return i.appendRemoveIDPProviderFromLoginPolicyEvent(event)
|
||||
}
|
||||
|
||||
return err
|
||||
}
|
||||
|
||||
func (i *Iam) SetData(event *es_models.Event) error {
|
||||
func (i *IAM) SetData(event *es_models.Event) error {
|
||||
i.ObjectRoot.AppendEvent(event)
|
||||
if err := json.Unmarshal(event.Data, i); err != nil {
|
||||
logging.Log("EVEN-9sie4").WithError(err).Error("could not unmarshal event data")
|
||||
|
@ -7,13 +7,13 @@ import (
|
||||
"github.com/caos/zitadel/internal/iam/model"
|
||||
)
|
||||
|
||||
type IamMember struct {
|
||||
type IAMMember struct {
|
||||
es_models.ObjectRoot
|
||||
UserID string `json:"userId,omitempty"`
|
||||
Roles []string `json:"roles,omitempty"`
|
||||
}
|
||||
|
||||
func GetIamMember(members []*IamMember, id string) (int, *IamMember) {
|
||||
func GetIAMMember(members []*IAMMember, id string) (int, *IAMMember) {
|
||||
for i, m := range members {
|
||||
if m.UserID == id {
|
||||
return i, m
|
||||
@ -22,40 +22,40 @@ func GetIamMember(members []*IamMember, id string) (int, *IamMember) {
|
||||
return -1, nil
|
||||
}
|
||||
|
||||
func IamMembersToModel(members []*IamMember) []*model.IamMember {
|
||||
convertedMembers := make([]*model.IamMember, len(members))
|
||||
func IAMMembersToModel(members []*IAMMember) []*model.IAMMember {
|
||||
convertedMembers := make([]*model.IAMMember, len(members))
|
||||
for i, m := range members {
|
||||
convertedMembers[i] = IamMemberToModel(m)
|
||||
convertedMembers[i] = IAMMemberToModel(m)
|
||||
}
|
||||
return convertedMembers
|
||||
}
|
||||
|
||||
func IamMembersFromModel(members []*model.IamMember) []*IamMember {
|
||||
convertedMembers := make([]*IamMember, len(members))
|
||||
func IAMMembersFromModel(members []*model.IAMMember) []*IAMMember {
|
||||
convertedMembers := make([]*IAMMember, len(members))
|
||||
for i, m := range members {
|
||||
convertedMembers[i] = IamMemberFromModel(m)
|
||||
convertedMembers[i] = IAMMemberFromModel(m)
|
||||
}
|
||||
return convertedMembers
|
||||
}
|
||||
|
||||
func IamMemberFromModel(member *model.IamMember) *IamMember {
|
||||
return &IamMember{
|
||||
func IAMMemberFromModel(member *model.IAMMember) *IAMMember {
|
||||
return &IAMMember{
|
||||
ObjectRoot: member.ObjectRoot,
|
||||
UserID: member.UserID,
|
||||
Roles: member.Roles,
|
||||
}
|
||||
}
|
||||
|
||||
func IamMemberToModel(member *IamMember) *model.IamMember {
|
||||
return &model.IamMember{
|
||||
func IAMMemberToModel(member *IAMMember) *model.IAMMember {
|
||||
return &model.IAMMember{
|
||||
ObjectRoot: member.ObjectRoot,
|
||||
UserID: member.UserID,
|
||||
Roles: member.Roles,
|
||||
}
|
||||
}
|
||||
|
||||
func (iam *Iam) appendAddMemberEvent(event *es_models.Event) error {
|
||||
member := &IamMember{}
|
||||
func (iam *IAM) appendAddMemberEvent(event *es_models.Event) error {
|
||||
member := &IAMMember{}
|
||||
err := member.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
@ -65,25 +65,25 @@ func (iam *Iam) appendAddMemberEvent(event *es_models.Event) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (iam *Iam) appendChangeMemberEvent(event *es_models.Event) error {
|
||||
member := &IamMember{}
|
||||
func (iam *IAM) appendChangeMemberEvent(event *es_models.Event) error {
|
||||
member := &IAMMember{}
|
||||
err := member.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if i, m := GetIamMember(iam.Members, member.UserID); m != nil {
|
||||
if i, m := GetIAMMember(iam.Members, member.UserID); m != nil {
|
||||
iam.Members[i] = member
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (iam *Iam) appendRemoveMemberEvent(event *es_models.Event) error {
|
||||
member := &IamMember{}
|
||||
func (iam *IAM) appendRemoveMemberEvent(event *es_models.Event) error {
|
||||
member := &IAMMember{}
|
||||
err := member.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if i, m := GetIamMember(iam.Members, member.UserID); m != nil {
|
||||
if i, m := GetIAMMember(iam.Members, member.UserID); m != nil {
|
||||
iam.Members[i] = iam.Members[len(iam.Members)-1]
|
||||
iam.Members[len(iam.Members)-1] = nil
|
||||
iam.Members = iam.Members[:len(iam.Members)-1]
|
||||
@ -91,7 +91,7 @@ func (iam *Iam) appendRemoveMemberEvent(event *es_models.Event) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (m *IamMember) SetData(event *es_models.Event) error {
|
||||
func (m *IAMMember) SetData(event *es_models.Event) error {
|
||||
m.ObjectRoot.AppendEvent(event)
|
||||
if err := json.Unmarshal(event.Data, m); err != nil {
|
||||
logging.Log("EVEN-e4dkp").WithError(err).Error("could not unmarshal event data")
|
||||
|
@ -8,23 +8,23 @@ import (
|
||||
|
||||
func TestAppendAddMemberEvent(t *testing.T) {
|
||||
type args struct {
|
||||
iam *Iam
|
||||
member *IamMember
|
||||
iam *IAM
|
||||
member *IAMMember
|
||||
event *es_models.Event
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
args args
|
||||
result *Iam
|
||||
result *IAM
|
||||
}{
|
||||
{
|
||||
name: "append add member event",
|
||||
args: args{
|
||||
iam: &Iam{},
|
||||
member: &IamMember{UserID: "UserID", Roles: []string{"Role"}},
|
||||
iam: &IAM{},
|
||||
member: &IAMMember{UserID: "UserID", Roles: []string{"Role"}},
|
||||
event: &es_models.Event{},
|
||||
},
|
||||
result: &Iam{Members: []*IamMember{&IamMember{UserID: "UserID", Roles: []string{"Role"}}}},
|
||||
result: &IAM{Members: []*IAMMember{&IAMMember{UserID: "UserID", Roles: []string{"Role"}}}},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
@ -46,23 +46,23 @@ func TestAppendAddMemberEvent(t *testing.T) {
|
||||
|
||||
func TestAppendChangeMemberEvent(t *testing.T) {
|
||||
type args struct {
|
||||
iam *Iam
|
||||
member *IamMember
|
||||
iam *IAM
|
||||
member *IAMMember
|
||||
event *es_models.Event
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
args args
|
||||
result *Iam
|
||||
result *IAM
|
||||
}{
|
||||
{
|
||||
name: "append change member event",
|
||||
args: args{
|
||||
iam: &Iam{Members: []*IamMember{&IamMember{UserID: "UserID", Roles: []string{"Role"}}}},
|
||||
member: &IamMember{UserID: "UserID", Roles: []string{"ChangedRole"}},
|
||||
iam: &IAM{Members: []*IAMMember{&IAMMember{UserID: "UserID", Roles: []string{"Role"}}}},
|
||||
member: &IAMMember{UserID: "UserID", Roles: []string{"ChangedRole"}},
|
||||
event: &es_models.Event{},
|
||||
},
|
||||
result: &Iam{Members: []*IamMember{&IamMember{UserID: "UserID", Roles: []string{"ChangedRole"}}}},
|
||||
result: &IAM{Members: []*IAMMember{&IAMMember{UserID: "UserID", Roles: []string{"ChangedRole"}}}},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
@ -84,23 +84,23 @@ func TestAppendChangeMemberEvent(t *testing.T) {
|
||||
|
||||
func TestAppendRemoveMemberEvent(t *testing.T) {
|
||||
type args struct {
|
||||
iam *Iam
|
||||
member *IamMember
|
||||
iam *IAM
|
||||
member *IAMMember
|
||||
event *es_models.Event
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
args args
|
||||
result *Iam
|
||||
result *IAM
|
||||
}{
|
||||
{
|
||||
name: "append remove member event",
|
||||
args: args{
|
||||
iam: &Iam{Members: []*IamMember{&IamMember{UserID: "UserID", Roles: []string{"Role"}}}},
|
||||
member: &IamMember{UserID: "UserID"},
|
||||
iam: &IAM{Members: []*IAMMember{&IAMMember{UserID: "UserID", Roles: []string{"Role"}}}},
|
||||
member: &IAMMember{UserID: "UserID"},
|
||||
event: &es_models.Event{},
|
||||
},
|
||||
result: &Iam{Members: []*IamMember{}},
|
||||
result: &IAM{Members: []*IAMMember{}},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
|
@ -6,7 +6,7 @@ import (
|
||||
"testing"
|
||||
)
|
||||
|
||||
func mockIamData(iam *Iam) []byte {
|
||||
func mockIamData(iam *IAM) []byte {
|
||||
data, _ := json.Marshal(iam)
|
||||
return data
|
||||
}
|
||||
@ -14,44 +14,44 @@ func mockIamData(iam *Iam) []byte {
|
||||
func TestProjectRoleAppendEvent(t *testing.T) {
|
||||
type args struct {
|
||||
event *es_models.Event
|
||||
iam *Iam
|
||||
iam *IAM
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
args args
|
||||
result *Iam
|
||||
result *IAM
|
||||
}{
|
||||
{
|
||||
name: "append set up start event",
|
||||
args: args{
|
||||
event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: IamSetupStarted, ResourceOwner: "OrgID"},
|
||||
iam: &Iam{},
|
||||
event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: IAMSetupStarted, ResourceOwner: "OrgID"},
|
||||
iam: &IAM{},
|
||||
},
|
||||
result: &Iam{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true},
|
||||
result: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true},
|
||||
},
|
||||
{
|
||||
name: "append set up done event",
|
||||
args: args{
|
||||
event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: IamSetupDone, ResourceOwner: "OrgID"},
|
||||
iam: &Iam{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true},
|
||||
event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: IAMSetupDone, ResourceOwner: "OrgID"},
|
||||
iam: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true},
|
||||
},
|
||||
result: &Iam{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true, SetUpDone: true},
|
||||
result: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true, SetUpDone: true},
|
||||
},
|
||||
{
|
||||
name: "append globalorg event",
|
||||
args: args{
|
||||
event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: GlobalOrgSet, ResourceOwner: "OrgID", Data: mockIamData(&Iam{GlobalOrgID: "GlobalOrg"})},
|
||||
iam: &Iam{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true},
|
||||
event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: GlobalOrgSet, ResourceOwner: "OrgID", Data: mockIamData(&IAM{GlobalOrgID: "GlobalOrg"})},
|
||||
iam: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true},
|
||||
},
|
||||
result: &Iam{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true, GlobalOrgID: "GlobalOrg"},
|
||||
result: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true, GlobalOrgID: "GlobalOrg"},
|
||||
},
|
||||
{
|
||||
name: "append iamproject event",
|
||||
args: args{
|
||||
event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: IamProjectSet, ResourceOwner: "OrgID", Data: mockIamData(&Iam{IamProjectID: "IamProject"})},
|
||||
iam: &Iam{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true},
|
||||
event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: IAMProjectSet, ResourceOwner: "OrgID", Data: mockIamData(&IAM{IAMProjectID: "IamProject"})},
|
||||
iam: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true},
|
||||
},
|
||||
result: &Iam{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true, IamProjectID: "IamProject"},
|
||||
result: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true, IAMProjectID: "IamProject"},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
@ -66,8 +66,8 @@ func TestProjectRoleAppendEvent(t *testing.T) {
|
||||
if tt.args.iam.GlobalOrgID != tt.result.GlobalOrgID {
|
||||
t.Errorf("got wrong result GlobalOrgID: expected: %v, actual: %v ", tt.result.GlobalOrgID, tt.args.iam.GlobalOrgID)
|
||||
}
|
||||
if tt.args.iam.IamProjectID != tt.result.IamProjectID {
|
||||
t.Errorf("got wrong result IamProjectID: expected: %v, actual: %v ", tt.result.IamProjectID, tt.args.iam.IamProjectID)
|
||||
if tt.args.iam.IAMProjectID != tt.result.IAMProjectID {
|
||||
t.Errorf("got wrong result IAMProjectID: expected: %v, actual: %v ", tt.result.IAMProjectID, tt.args.iam.IAMProjectID)
|
||||
}
|
||||
})
|
||||
}
|
||||
|
151
internal/iam/repository/eventsourcing/model/idp_config.go
Normal file
151
internal/iam/repository/eventsourcing/model/idp_config.go
Normal file
@ -0,0 +1,151 @@
|
||||
package model
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/json"
|
||||
"github.com/caos/logging"
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
||||
"github.com/caos/zitadel/internal/iam/model"
|
||||
)
|
||||
|
||||
type IDPConfig struct {
|
||||
es_models.ObjectRoot
|
||||
IDPConfigID string `json:"idpConfigId"`
|
||||
State int32 `json:"-"`
|
||||
Name string `json:"name,omitempty"`
|
||||
Type int32 `json:"idpType,omitempty"`
|
||||
LogoSrc []byte `json:"logoSrc,omitempty"`
|
||||
OIDCIDPConfig *OIDCIDPConfig `json:"-"`
|
||||
}
|
||||
|
||||
type IDPConfigID struct {
|
||||
es_models.ObjectRoot
|
||||
IDPConfigID string `json:"idpConfigId"`
|
||||
}
|
||||
|
||||
func GetIDPConfig(idps []*IDPConfig, id string) (int, *IDPConfig) {
|
||||
for i, idp := range idps {
|
||||
if idp.IDPConfigID == id {
|
||||
return i, idp
|
||||
}
|
||||
}
|
||||
return -1, nil
|
||||
}
|
||||
|
||||
func (c *IDPConfig) Changes(changed *IDPConfig) map[string]interface{} {
|
||||
changes := make(map[string]interface{}, 1)
|
||||
changes["idpConfigId"] = c.IDPConfigID
|
||||
if changed.Name != "" && c.Name != changed.Name {
|
||||
changes["name"] = changed.Name
|
||||
}
|
||||
if changed.LogoSrc != nil && bytes.Equal(c.LogoSrc, changed.LogoSrc) {
|
||||
changes["logoSrc"] = changed.LogoSrc
|
||||
}
|
||||
return changes
|
||||
}
|
||||
|
||||
func IDPConfigsToModel(idps []*IDPConfig) []*model.IDPConfig {
|
||||
convertedIDPConfigs := make([]*model.IDPConfig, len(idps))
|
||||
for i, idp := range idps {
|
||||
convertedIDPConfigs[i] = IDPConfigToModel(idp)
|
||||
}
|
||||
return convertedIDPConfigs
|
||||
}
|
||||
|
||||
func IDPConfigsFromModel(idps []*model.IDPConfig) []*IDPConfig {
|
||||
convertedIDPConfigs := make([]*IDPConfig, len(idps))
|
||||
for i, idp := range idps {
|
||||
convertedIDPConfigs[i] = IDPConfigFromModel(idp)
|
||||
}
|
||||
return convertedIDPConfigs
|
||||
}
|
||||
|
||||
func IDPConfigFromModel(idp *model.IDPConfig) *IDPConfig {
|
||||
converted := &IDPConfig{
|
||||
ObjectRoot: idp.ObjectRoot,
|
||||
IDPConfigID: idp.IDPConfigID,
|
||||
Name: idp.Name,
|
||||
State: int32(idp.State),
|
||||
Type: int32(idp.Type),
|
||||
LogoSrc: idp.LogoSrc,
|
||||
}
|
||||
if idp.OIDCConfig != nil {
|
||||
converted.OIDCIDPConfig = OIDCIDPConfigFromModel(idp.OIDCConfig)
|
||||
}
|
||||
return converted
|
||||
}
|
||||
|
||||
func IDPConfigToModel(idp *IDPConfig) *model.IDPConfig {
|
||||
converted := &model.IDPConfig{
|
||||
ObjectRoot: idp.ObjectRoot,
|
||||
IDPConfigID: idp.IDPConfigID,
|
||||
Name: idp.Name,
|
||||
LogoSrc: idp.LogoSrc,
|
||||
State: model.IDPConfigState(idp.State),
|
||||
Type: model.IdpConfigType(idp.Type),
|
||||
}
|
||||
if idp.OIDCIDPConfig != nil {
|
||||
converted.OIDCConfig = OIDCIDPConfigToModel(idp.OIDCIDPConfig)
|
||||
}
|
||||
return converted
|
||||
}
|
||||
|
||||
func (iam *IAM) appendAddIDPConfigEvent(event *es_models.Event) error {
|
||||
idp := new(IDPConfig)
|
||||
err := idp.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
idp.ObjectRoot.CreationDate = event.CreationDate
|
||||
iam.IDPs = append(iam.IDPs, idp)
|
||||
return nil
|
||||
}
|
||||
|
||||
func (iam *IAM) appendChangeIDPConfigEvent(event *es_models.Event) error {
|
||||
idp := new(IDPConfig)
|
||||
err := idp.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if i, idpConfig := GetIDPConfig(iam.IDPs, idp.IDPConfigID); idpConfig != nil {
|
||||
iam.IDPs[i].SetData(event)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (iam *IAM) appendRemoveIDPConfigEvent(event *es_models.Event) error {
|
||||
idp := new(IDPConfig)
|
||||
err := idp.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if i, idpConfig := GetIDPConfig(iam.IDPs, idp.IDPConfigID); idpConfig != nil {
|
||||
iam.IDPs[i] = iam.IDPs[len(iam.IDPs)-1]
|
||||
iam.IDPs[len(iam.IDPs)-1] = nil
|
||||
iam.IDPs = iam.IDPs[:len(iam.IDPs)-1]
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (iam *IAM) appendIDPConfigStateEvent(event *es_models.Event, state model.IDPConfigState) error {
|
||||
idp := new(IDPConfig)
|
||||
err := idp.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if i, idpConfig := GetIDPConfig(iam.IDPs, idp.IDPConfigID); idpConfig != nil {
|
||||
idpConfig.State = int32(state)
|
||||
iam.IDPs[i] = idpConfig
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (c *IDPConfig) SetData(event *es_models.Event) error {
|
||||
c.ObjectRoot.AppendEvent(event)
|
||||
if err := json.Unmarshal(event.Data, c); err != nil {
|
||||
logging.Log("EVEN-Msj9w").WithError(err).Error("could not unmarshal event data")
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
213
internal/iam/repository/eventsourcing/model/idp_config_test.go
Normal file
213
internal/iam/repository/eventsourcing/model/idp_config_test.go
Normal file
@ -0,0 +1,213 @@
|
||||
package model
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
||||
"github.com/caos/zitadel/internal/iam/model"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestIdpConfigChanges(t *testing.T) {
|
||||
type args struct {
|
||||
existing *IDPConfig
|
||||
new *IDPConfig
|
||||
}
|
||||
type res struct {
|
||||
changesLen int
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
args args
|
||||
res res
|
||||
}{
|
||||
{
|
||||
name: "idp config name changes",
|
||||
args: args{
|
||||
existing: &IDPConfig{IDPConfigID: "IDPConfigID", Name: "Name"},
|
||||
new: &IDPConfig{IDPConfigID: "IDPConfigID", Name: "NameChanged"},
|
||||
},
|
||||
res: res{
|
||||
changesLen: 2,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "no changes",
|
||||
args: args{
|
||||
existing: &IDPConfig{IDPConfigID: "IDPConfigID", Name: "Name"},
|
||||
new: &IDPConfig{IDPConfigID: "IDPConfigID", Name: "Name"},
|
||||
},
|
||||
res: res{
|
||||
changesLen: 1,
|
||||
},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
changes := tt.args.existing.Changes(tt.args.new)
|
||||
if len(changes) != tt.res.changesLen {
|
||||
t.Errorf("got wrong changes len: expected: %v, actual: %v ", tt.res.changesLen, len(changes))
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestAppendAddIdpConfigEvent(t *testing.T) {
|
||||
type args struct {
|
||||
iam *IAM
|
||||
idp *IDPConfig
|
||||
event *es_models.Event
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
args args
|
||||
result *IAM
|
||||
}{
|
||||
{
|
||||
name: "append add idp config event",
|
||||
args: args{
|
||||
iam: &IAM{},
|
||||
idp: &IDPConfig{Name: "IDPConfig"},
|
||||
event: &es_models.Event{},
|
||||
},
|
||||
result: &IAM{IDPs: []*IDPConfig{&IDPConfig{Name: "IDPConfig"}}},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
if tt.args.idp != nil {
|
||||
data, _ := json.Marshal(tt.args.idp)
|
||||
tt.args.event.Data = data
|
||||
}
|
||||
tt.args.iam.appendAddIDPConfigEvent(tt.args.event)
|
||||
if len(tt.args.iam.IDPs) != 1 {
|
||||
t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.iam.IDPs))
|
||||
}
|
||||
if tt.args.iam.IDPs[0] == tt.result.IDPs[0] {
|
||||
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.iam.IDPs[0])
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestAppendChangeIdpConfigEvent(t *testing.T) {
|
||||
type args struct {
|
||||
iam *IAM
|
||||
idpConfig *IDPConfig
|
||||
event *es_models.Event
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
args args
|
||||
result *IAM
|
||||
}{
|
||||
{
|
||||
name: "append change idp config event",
|
||||
args: args{
|
||||
iam: &IAM{IDPs: []*IDPConfig{&IDPConfig{Name: "IDPConfig"}}},
|
||||
idpConfig: &IDPConfig{Name: "IDPConfig Change"},
|
||||
event: &es_models.Event{},
|
||||
},
|
||||
result: &IAM{IDPs: []*IDPConfig{&IDPConfig{Name: "IDPConfig Change"}}},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
if tt.args.idpConfig != nil {
|
||||
data, _ := json.Marshal(tt.args.idpConfig)
|
||||
tt.args.event.Data = data
|
||||
}
|
||||
tt.args.iam.appendChangeIDPConfigEvent(tt.args.event)
|
||||
if len(tt.args.iam.IDPs) != 1 {
|
||||
t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.iam.IDPs))
|
||||
}
|
||||
if tt.args.iam.IDPs[0] == tt.result.IDPs[0] {
|
||||
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.iam.IDPs[0])
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestAppendRemoveIDPEvent(t *testing.T) {
|
||||
type args struct {
|
||||
iam *IAM
|
||||
idp *IDPConfig
|
||||
event *es_models.Event
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
args args
|
||||
result *IAM
|
||||
}{
|
||||
{
|
||||
name: "append remove idp config event",
|
||||
args: args{
|
||||
iam: &IAM{IDPs: []*IDPConfig{&IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig"}}},
|
||||
idp: &IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig"},
|
||||
event: &es_models.Event{},
|
||||
},
|
||||
result: &IAM{IDPs: []*IDPConfig{}},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
if tt.args.idp != nil {
|
||||
data, _ := json.Marshal(tt.args.idp)
|
||||
tt.args.event.Data = data
|
||||
}
|
||||
tt.args.iam.appendRemoveIDPConfigEvent(tt.args.event)
|
||||
if len(tt.args.iam.IDPs) != 0 {
|
||||
t.Errorf("got wrong result should have no apps actual: %v ", len(tt.args.iam.IDPs))
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestAppendAppStateEvent(t *testing.T) {
|
||||
type args struct {
|
||||
iam *IAM
|
||||
idp *IDPConfig
|
||||
event *es_models.Event
|
||||
state model.IDPConfigState
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
args args
|
||||
result *IAM
|
||||
}{
|
||||
{
|
||||
name: "append deactivate application event",
|
||||
args: args{
|
||||
iam: &IAM{IDPs: []*IDPConfig{&IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig", State: int32(model.IDPConfigStateActive)}}},
|
||||
idp: &IDPConfig{IDPConfigID: "IDPConfigID"},
|
||||
event: &es_models.Event{},
|
||||
state: model.IDPConfigStateInactive,
|
||||
},
|
||||
result: &IAM{IDPs: []*IDPConfig{&IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig", State: int32(model.IDPConfigStateInactive)}}},
|
||||
},
|
||||
{
|
||||
name: "append reactivate application event",
|
||||
args: args{
|
||||
iam: &IAM{IDPs: []*IDPConfig{&IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig", State: int32(model.IDPConfigStateInactive)}}},
|
||||
idp: &IDPConfig{IDPConfigID: "IDPConfigID"},
|
||||
event: &es_models.Event{},
|
||||
state: model.IDPConfigStateActive,
|
||||
},
|
||||
result: &IAM{IDPs: []*IDPConfig{&IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig", State: int32(model.IDPConfigStateActive)}}},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
if tt.args.idp != nil {
|
||||
data, _ := json.Marshal(tt.args.idp)
|
||||
tt.args.event.Data = data
|
||||
}
|
||||
tt.args.iam.appendIDPConfigStateEvent(tt.args.event, tt.args.state)
|
||||
if len(tt.args.iam.IDPs) != 1 {
|
||||
t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.iam.IDPs))
|
||||
}
|
||||
if tt.args.iam.IDPs[0] == tt.result.IDPs[0] {
|
||||
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.iam.IDPs[0])
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
164
internal/iam/repository/eventsourcing/model/login_policy.go
Normal file
164
internal/iam/repository/eventsourcing/model/login_policy.go
Normal file
@ -0,0 +1,164 @@
|
||||
package model
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"github.com/caos/zitadel/internal/errors"
|
||||
"github.com/caos/zitadel/internal/eventstore/models"
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
)
|
||||
|
||||
type LoginPolicy struct {
|
||||
models.ObjectRoot
|
||||
State int32 `json:"-"`
|
||||
AllowUsernamePassword bool `json:"allowUsernamePassword"`
|
||||
AllowRegister bool `json:"allowRegister"`
|
||||
AllowExternalIdp bool `json:"allowExternalIdp"`
|
||||
IDPProviders []*IDPProvider `json:"-"`
|
||||
}
|
||||
|
||||
type IDPProvider struct {
|
||||
models.ObjectRoot
|
||||
Type int32 `json:"idpProviderType"`
|
||||
IDPConfigID string `json:"idpConfigId"`
|
||||
}
|
||||
|
||||
type IDPProviderID struct {
|
||||
IDPConfigID string `json:"idpConfigId"`
|
||||
}
|
||||
|
||||
func GetIDPProvider(providers []*IDPProvider, id string) (int, *IDPProvider) {
|
||||
for i, p := range providers {
|
||||
if p.IDPConfigID == id {
|
||||
return i, p
|
||||
}
|
||||
}
|
||||
return -1, nil
|
||||
}
|
||||
|
||||
func LoginPolicyToModel(policy *LoginPolicy) *iam_model.LoginPolicy {
|
||||
idps := IDPProvidersToModel(policy.IDPProviders)
|
||||
return &iam_model.LoginPolicy{
|
||||
ObjectRoot: policy.ObjectRoot,
|
||||
State: iam_model.PolicyState(policy.State),
|
||||
AllowUsernamePassword: policy.AllowUsernamePassword,
|
||||
AllowRegister: policy.AllowRegister,
|
||||
AllowExternalIdp: policy.AllowExternalIdp,
|
||||
IDPProviders: idps,
|
||||
}
|
||||
}
|
||||
|
||||
func LoginPolicyFromModel(policy *iam_model.LoginPolicy) *LoginPolicy {
|
||||
idps := IDOProvidersFromModel(policy.IDPProviders)
|
||||
return &LoginPolicy{
|
||||
ObjectRoot: policy.ObjectRoot,
|
||||
State: int32(policy.State),
|
||||
AllowUsernamePassword: policy.AllowUsernamePassword,
|
||||
AllowRegister: policy.AllowRegister,
|
||||
AllowExternalIdp: policy.AllowExternalIdp,
|
||||
IDPProviders: idps,
|
||||
}
|
||||
}
|
||||
|
||||
func IDPProvidersToModel(members []*IDPProvider) []*iam_model.IDPProvider {
|
||||
convertedProviders := make([]*iam_model.IDPProvider, len(members))
|
||||
for i, m := range members {
|
||||
convertedProviders[i] = IDPProviderToModel(m)
|
||||
}
|
||||
return convertedProviders
|
||||
}
|
||||
|
||||
func IDOProvidersFromModel(members []*iam_model.IDPProvider) []*IDPProvider {
|
||||
convertedProviders := make([]*IDPProvider, len(members))
|
||||
for i, m := range members {
|
||||
convertedProviders[i] = IDPProviderFromModel(m)
|
||||
}
|
||||
return convertedProviders
|
||||
}
|
||||
|
||||
func IDPProviderToModel(provider *IDPProvider) *iam_model.IDPProvider {
|
||||
return &iam_model.IDPProvider{
|
||||
ObjectRoot: provider.ObjectRoot,
|
||||
Type: iam_model.IDPProviderType(provider.Type),
|
||||
IdpConfigID: provider.IDPConfigID,
|
||||
}
|
||||
}
|
||||
|
||||
func IDPProviderFromModel(provider *iam_model.IDPProvider) *IDPProvider {
|
||||
return &IDPProvider{
|
||||
ObjectRoot: provider.ObjectRoot,
|
||||
Type: int32(provider.Type),
|
||||
IDPConfigID: provider.IdpConfigID,
|
||||
}
|
||||
}
|
||||
|
||||
func (p *LoginPolicy) Changes(changed *LoginPolicy) map[string]interface{} {
|
||||
changes := make(map[string]interface{}, 2)
|
||||
|
||||
if changed.AllowUsernamePassword != p.AllowUsernamePassword {
|
||||
changes["allowUsernamePassword"] = changed.AllowUsernamePassword
|
||||
}
|
||||
if changed.AllowRegister != p.AllowRegister {
|
||||
changes["allowRegister"] = changed.AllowRegister
|
||||
}
|
||||
if changed.AllowExternalIdp != p.AllowExternalIdp {
|
||||
changes["allowExternalIdp"] = changed.AllowExternalIdp
|
||||
}
|
||||
|
||||
return changes
|
||||
}
|
||||
|
||||
func (i *IAM) appendAddLoginPolicyEvent(event *es_models.Event) error {
|
||||
i.DefaultLoginPolicy = new(LoginPolicy)
|
||||
err := i.DefaultLoginPolicy.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
i.DefaultLoginPolicy.ObjectRoot.CreationDate = event.CreationDate
|
||||
return nil
|
||||
}
|
||||
|
||||
func (i *IAM) appendChangeLoginPolicyEvent(event *es_models.Event) error {
|
||||
return i.DefaultLoginPolicy.SetData(event)
|
||||
}
|
||||
|
||||
func (iam *IAM) appendAddIDPProviderToLoginPolicyEvent(event *es_models.Event) error {
|
||||
provider := new(IDPProvider)
|
||||
err := provider.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
provider.ObjectRoot.CreationDate = event.CreationDate
|
||||
iam.DefaultLoginPolicy.IDPProviders = append(iam.DefaultLoginPolicy.IDPProviders, provider)
|
||||
return nil
|
||||
}
|
||||
|
||||
func (iam *IAM) appendRemoveIDPProviderFromLoginPolicyEvent(event *es_models.Event) error {
|
||||
provider := new(IDPProvider)
|
||||
err := provider.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if i, m := GetIDPProvider(iam.DefaultLoginPolicy.IDPProviders, provider.IDPConfigID); m != nil {
|
||||
iam.DefaultLoginPolicy.IDPProviders[i] = iam.DefaultLoginPolicy.IDPProviders[len(iam.DefaultLoginPolicy.IDPProviders)-1]
|
||||
iam.DefaultLoginPolicy.IDPProviders[len(iam.DefaultLoginPolicy.IDPProviders)-1] = nil
|
||||
iam.DefaultLoginPolicy.IDPProviders = iam.DefaultLoginPolicy.IDPProviders[:len(iam.DefaultLoginPolicy.IDPProviders)-1]
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *LoginPolicy) SetData(event *es_models.Event) error {
|
||||
err := json.Unmarshal(event.Data, p)
|
||||
if err != nil {
|
||||
return errors.ThrowInternal(err, "EVENT-7JS9d", "unable to unmarshal data")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *IDPProvider) SetData(event *es_models.Event) error {
|
||||
err := json.Unmarshal(event.Data, p)
|
||||
if err != nil {
|
||||
return errors.ThrowInternal(err, "EVENT-ldos9", "unable to unmarshal data")
|
||||
}
|
||||
return nil
|
||||
}
|
253
internal/iam/repository/eventsourcing/model/login_policy_test.go
Normal file
253
internal/iam/repository/eventsourcing/model/login_policy_test.go
Normal file
@ -0,0 +1,253 @@
|
||||
package model
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
||||
"github.com/caos/zitadel/internal/iam/model"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestLoginPolicyChanges(t *testing.T) {
|
||||
type args struct {
|
||||
existing *LoginPolicy
|
||||
new *LoginPolicy
|
||||
}
|
||||
type res struct {
|
||||
changesLen int
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
args args
|
||||
res res
|
||||
}{
|
||||
{
|
||||
name: "loginpolicy all attributes change",
|
||||
args: args{
|
||||
existing: &LoginPolicy{AllowUsernamePassword: false, AllowRegister: false, AllowExternalIdp: false},
|
||||
new: &LoginPolicy{AllowUsernamePassword: true, AllowRegister: true, AllowExternalIdp: true},
|
||||
},
|
||||
res: res{
|
||||
changesLen: 3,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "no changes",
|
||||
args: args{
|
||||
existing: &LoginPolicy{AllowUsernamePassword: false, AllowRegister: false, AllowExternalIdp: false},
|
||||
new: &LoginPolicy{AllowUsernamePassword: false, AllowRegister: false, AllowExternalIdp: false},
|
||||
},
|
||||
res: res{
|
||||
changesLen: 0,
|
||||
},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
changes := tt.args.existing.Changes(tt.args.new)
|
||||
if len(changes) != tt.res.changesLen {
|
||||
t.Errorf("got wrong changes len: expected: %v, actual: %v ", tt.res.changesLen, len(changes))
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestAppendAddLoginPolicyEvent(t *testing.T) {
|
||||
type args struct {
|
||||
iam *IAM
|
||||
policy *LoginPolicy
|
||||
event *es_models.Event
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
args args
|
||||
result *IAM
|
||||
}{
|
||||
{
|
||||
name: "append add login policy event",
|
||||
args: args{
|
||||
iam: new(IAM),
|
||||
policy: &LoginPolicy{AllowUsernamePassword: true, AllowRegister: true, AllowExternalIdp: true},
|
||||
event: new(es_models.Event),
|
||||
},
|
||||
result: &IAM{DefaultLoginPolicy: &LoginPolicy{AllowUsernamePassword: true, AllowRegister: true, AllowExternalIdp: true}},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
if tt.args.policy != nil {
|
||||
data, _ := json.Marshal(tt.args.policy)
|
||||
tt.args.event.Data = data
|
||||
}
|
||||
tt.args.iam.appendAddLoginPolicyEvent(tt.args.event)
|
||||
if tt.result.DefaultLoginPolicy.AllowUsernamePassword != tt.args.iam.DefaultLoginPolicy.AllowUsernamePassword {
|
||||
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowUsernamePassword, tt.args.iam.DefaultLoginPolicy.AllowUsernamePassword)
|
||||
}
|
||||
if tt.result.DefaultLoginPolicy.AllowRegister != tt.args.iam.DefaultLoginPolicy.AllowRegister {
|
||||
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowRegister, tt.args.iam.DefaultLoginPolicy.AllowRegister)
|
||||
}
|
||||
if tt.result.DefaultLoginPolicy.AllowExternalIdp != tt.args.iam.DefaultLoginPolicy.AllowExternalIdp {
|
||||
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowExternalIdp, tt.args.iam.DefaultLoginPolicy.AllowExternalIdp)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestAppendChangeLoginPolicyEvent(t *testing.T) {
|
||||
type args struct {
|
||||
iam *IAM
|
||||
policy *LoginPolicy
|
||||
event *es_models.Event
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
args args
|
||||
result *IAM
|
||||
}{
|
||||
{
|
||||
name: "append change login policy event",
|
||||
args: args{
|
||||
iam: &IAM{DefaultLoginPolicy: &LoginPolicy{
|
||||
AllowExternalIdp: false,
|
||||
AllowRegister: false,
|
||||
AllowUsernamePassword: false,
|
||||
}},
|
||||
policy: &LoginPolicy{AllowUsernamePassword: true, AllowRegister: true, AllowExternalIdp: true},
|
||||
event: &es_models.Event{},
|
||||
},
|
||||
result: &IAM{DefaultLoginPolicy: &LoginPolicy{
|
||||
AllowExternalIdp: true,
|
||||
AllowRegister: true,
|
||||
AllowUsernamePassword: true,
|
||||
}},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
if tt.args.policy != nil {
|
||||
data, _ := json.Marshal(tt.args.policy)
|
||||
tt.args.event.Data = data
|
||||
}
|
||||
tt.args.iam.appendChangeLoginPolicyEvent(tt.args.event)
|
||||
if tt.result.DefaultLoginPolicy.AllowUsernamePassword != tt.args.iam.DefaultLoginPolicy.AllowUsernamePassword {
|
||||
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowUsernamePassword, tt.args.iam.DefaultLoginPolicy.AllowUsernamePassword)
|
||||
}
|
||||
if tt.result.DefaultLoginPolicy.AllowRegister != tt.args.iam.DefaultLoginPolicy.AllowRegister {
|
||||
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowRegister, tt.args.iam.DefaultLoginPolicy.AllowRegister)
|
||||
}
|
||||
if tt.result.DefaultLoginPolicy.AllowExternalIdp != tt.args.iam.DefaultLoginPolicy.AllowExternalIdp {
|
||||
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowExternalIdp, tt.args.iam.DefaultLoginPolicy.AllowExternalIdp)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestAppendAddIdpToPolicyEvent(t *testing.T) {
|
||||
type args struct {
|
||||
iam *IAM
|
||||
provider *IDPProvider
|
||||
event *es_models.Event
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
args args
|
||||
result *IAM
|
||||
}{
|
||||
{
|
||||
name: "append add idp to login policy event",
|
||||
args: args{
|
||||
iam: &IAM{DefaultLoginPolicy: &LoginPolicy{AllowExternalIdp: true, AllowRegister: true, AllowUsernamePassword: true}},
|
||||
provider: &IDPProvider{Type: int32(model.IDPProviderTypeSystem), IDPConfigID: "IDPConfigID"},
|
||||
event: &es_models.Event{},
|
||||
},
|
||||
result: &IAM{DefaultLoginPolicy: &LoginPolicy{
|
||||
AllowExternalIdp: true,
|
||||
AllowRegister: true,
|
||||
AllowUsernamePassword: true,
|
||||
IDPProviders: []*IDPProvider{
|
||||
{IDPConfigID: "IDPConfigID", Type: int32(model.IDPProviderTypeSystem)},
|
||||
}}},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
if tt.args.provider != nil {
|
||||
data, _ := json.Marshal(tt.args.provider)
|
||||
tt.args.event.Data = data
|
||||
}
|
||||
tt.args.iam.appendAddIDPProviderToLoginPolicyEvent(tt.args.event)
|
||||
if tt.result.DefaultLoginPolicy.AllowUsernamePassword != tt.args.iam.DefaultLoginPolicy.AllowUsernamePassword {
|
||||
t.Errorf("got wrong result AllowUsernamePassword: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowUsernamePassword, tt.args.iam.DefaultLoginPolicy.AllowUsernamePassword)
|
||||
}
|
||||
if tt.result.DefaultLoginPolicy.AllowRegister != tt.args.iam.DefaultLoginPolicy.AllowRegister {
|
||||
t.Errorf("got wrong result AllowRegister: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowRegister, tt.args.iam.DefaultLoginPolicy.AllowRegister)
|
||||
}
|
||||
if tt.result.DefaultLoginPolicy.AllowExternalIdp != tt.args.iam.DefaultLoginPolicy.AllowExternalIdp {
|
||||
t.Errorf("got wrong result AllowExternalIDP: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowExternalIdp, tt.args.iam.DefaultLoginPolicy.AllowExternalIdp)
|
||||
}
|
||||
if len(tt.result.DefaultLoginPolicy.IDPProviders) != len(tt.args.iam.DefaultLoginPolicy.IDPProviders) {
|
||||
t.Errorf("got wrong idp provider len: expected: %v, actual: %v ", len(tt.result.DefaultLoginPolicy.IDPProviders), len(tt.args.iam.DefaultLoginPolicy.IDPProviders))
|
||||
}
|
||||
if tt.result.DefaultLoginPolicy.IDPProviders[0].Type != tt.args.provider.Type {
|
||||
t.Errorf("got wrong idp provider type: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.IDPProviders[0].Type, tt.args.provider.Type)
|
||||
}
|
||||
if tt.result.DefaultLoginPolicy.IDPProviders[0].IDPConfigID != tt.args.provider.IDPConfigID {
|
||||
t.Errorf("got wrong idp provider idpconfigid: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.IDPProviders[0].IDPConfigID, tt.args.provider.IDPConfigID)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestRemoveAddIdpToPolicyEvent(t *testing.T) {
|
||||
type args struct {
|
||||
iam *IAM
|
||||
provider *IDPProvider
|
||||
event *es_models.Event
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
args args
|
||||
result *IAM
|
||||
}{
|
||||
{
|
||||
name: "append add idp to login policy event",
|
||||
args: args{
|
||||
iam: &IAM{
|
||||
DefaultLoginPolicy: &LoginPolicy{
|
||||
AllowExternalIdp: true,
|
||||
AllowRegister: true,
|
||||
AllowUsernamePassword: true,
|
||||
IDPProviders: []*IDPProvider{
|
||||
{IDPConfigID: "IDPConfigID", Type: int32(model.IDPProviderTypeSystem)},
|
||||
}}},
|
||||
provider: &IDPProvider{Type: int32(model.IDPProviderTypeSystem), IDPConfigID: "IDPConfigID"},
|
||||
event: &es_models.Event{},
|
||||
},
|
||||
result: &IAM{DefaultLoginPolicy: &LoginPolicy{
|
||||
AllowExternalIdp: true,
|
||||
AllowRegister: true,
|
||||
AllowUsernamePassword: true,
|
||||
IDPProviders: []*IDPProvider{}}},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
if tt.args.provider != nil {
|
||||
data, _ := json.Marshal(tt.args.provider)
|
||||
tt.args.event.Data = data
|
||||
}
|
||||
tt.args.iam.appendRemoveIDPProviderFromLoginPolicyEvent(tt.args.event)
|
||||
if tt.result.DefaultLoginPolicy.AllowUsernamePassword != tt.args.iam.DefaultLoginPolicy.AllowUsernamePassword {
|
||||
t.Errorf("got wrong result AllowUsernamePassword: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowUsernamePassword, tt.args.iam.DefaultLoginPolicy.AllowUsernamePassword)
|
||||
}
|
||||
if tt.result.DefaultLoginPolicy.AllowRegister != tt.args.iam.DefaultLoginPolicy.AllowRegister {
|
||||
t.Errorf("got wrong result AllowRegister: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowRegister, tt.args.iam.DefaultLoginPolicy.AllowRegister)
|
||||
}
|
||||
if tt.result.DefaultLoginPolicy.AllowExternalIdp != tt.args.iam.DefaultLoginPolicy.AllowExternalIdp {
|
||||
t.Errorf("got wrong result AllowExternalIDP: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowExternalIdp, tt.args.iam.DefaultLoginPolicy.AllowExternalIdp)
|
||||
}
|
||||
if len(tt.result.DefaultLoginPolicy.IDPProviders) != len(tt.args.iam.DefaultLoginPolicy.IDPProviders) {
|
||||
t.Errorf("got wrong idp provider len: expected: %v, actual: %v ", len(tt.result.DefaultLoginPolicy.IDPProviders), len(tt.args.iam.DefaultLoginPolicy.IDPProviders))
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
@ -0,0 +1,96 @@
|
||||
package model
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"github.com/caos/logging"
|
||||
"github.com/caos/zitadel/internal/crypto"
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
||||
"github.com/caos/zitadel/internal/iam/model"
|
||||
"github.com/lib/pq"
|
||||
"reflect"
|
||||
)
|
||||
|
||||
type OIDCIDPConfig struct {
|
||||
es_models.ObjectRoot
|
||||
IDPConfigID string `json:"idpConfigId"`
|
||||
ClientID string `json:"clientId"`
|
||||
ClientSecret *crypto.CryptoValue `json:"clientSecret,omitempty"`
|
||||
Issuer string `json:"issuer,omitempty"`
|
||||
Scopes pq.StringArray `json:"scopes,omitempty"`
|
||||
}
|
||||
|
||||
func (c *OIDCIDPConfig) Changes(changed *OIDCIDPConfig) map[string]interface{} {
|
||||
changes := make(map[string]interface{}, 1)
|
||||
changes["idpConfigId"] = c.IDPConfigID
|
||||
if c.ClientID != changed.ClientID {
|
||||
changes["clientId"] = changed.ClientID
|
||||
}
|
||||
if c.ClientSecret != nil {
|
||||
changes["clientSecret"] = changed.ClientSecret
|
||||
}
|
||||
if c.Issuer != changed.Issuer {
|
||||
changes["issuer"] = changed.Issuer
|
||||
}
|
||||
if !reflect.DeepEqual(c.Scopes, changed.Scopes) {
|
||||
changes["scopes"] = changed.Scopes
|
||||
}
|
||||
return changes
|
||||
}
|
||||
|
||||
func OIDCIDPConfigFromModel(config *model.OIDCIDPConfig) *OIDCIDPConfig {
|
||||
return &OIDCIDPConfig{
|
||||
ObjectRoot: config.ObjectRoot,
|
||||
IDPConfigID: config.IDPConfigID,
|
||||
ClientID: config.ClientID,
|
||||
ClientSecret: config.ClientSecret,
|
||||
Issuer: config.Issuer,
|
||||
Scopes: config.Scopes,
|
||||
}
|
||||
}
|
||||
|
||||
func OIDCIDPConfigToModel(config *OIDCIDPConfig) *model.OIDCIDPConfig {
|
||||
return &model.OIDCIDPConfig{
|
||||
ObjectRoot: config.ObjectRoot,
|
||||
IDPConfigID: config.IDPConfigID,
|
||||
ClientID: config.ClientID,
|
||||
ClientSecret: config.ClientSecret,
|
||||
Issuer: config.Issuer,
|
||||
Scopes: config.Scopes,
|
||||
}
|
||||
}
|
||||
|
||||
func (iam *IAM) appendAddOIDCIDPConfigEvent(event *es_models.Event) error {
|
||||
config := new(OIDCIDPConfig)
|
||||
err := config.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
config.ObjectRoot.CreationDate = event.CreationDate
|
||||
if i, idpConfig := GetIDPConfig(iam.IDPs, config.IDPConfigID); idpConfig != nil {
|
||||
iam.IDPs[i].Type = int32(model.IDPConfigTypeOIDC)
|
||||
iam.IDPs[i].OIDCIDPConfig = config
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (iam *IAM) appendChangeOIDCIDPConfigEvent(event *es_models.Event) error {
|
||||
config := new(OIDCIDPConfig)
|
||||
err := config.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if i, idpConfig := GetIDPConfig(iam.IDPs, config.IDPConfigID); idpConfig != nil {
|
||||
iam.IDPs[i].OIDCIDPConfig.SetData(event)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (o *OIDCIDPConfig) SetData(event *es_models.Event) error {
|
||||
o.ObjectRoot.AppendEvent(event)
|
||||
if err := json.Unmarshal(event.Data, o); err != nil {
|
||||
logging.Log("EVEN-Msh8s").WithError(err).Error("could not unmarshal event data")
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
@ -0,0 +1,156 @@
|
||||
package model
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"github.com/caos/zitadel/internal/crypto"
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestOIDCIdpConfigChanges(t *testing.T) {
|
||||
type args struct {
|
||||
existing *OIDCIDPConfig
|
||||
new *OIDCIDPConfig
|
||||
}
|
||||
type res struct {
|
||||
changesLen int
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
args args
|
||||
res res
|
||||
}{
|
||||
{
|
||||
name: "all possible values change",
|
||||
args: args{
|
||||
existing: &OIDCIDPConfig{
|
||||
IDPConfigID: "IDPConfigID",
|
||||
ClientID: "ClientID",
|
||||
ClientSecret: &crypto.CryptoValue{KeyID: "KeyID"},
|
||||
Issuer: "Issuer",
|
||||
Scopes: []string{"scope1"},
|
||||
},
|
||||
new: &OIDCIDPConfig{
|
||||
IDPConfigID: "IDPConfigID",
|
||||
ClientID: "ClientID2",
|
||||
ClientSecret: &crypto.CryptoValue{KeyID: "KeyID2"},
|
||||
Issuer: "Issuer2",
|
||||
Scopes: []string{"scope1", "scope2"},
|
||||
},
|
||||
},
|
||||
res: res{
|
||||
changesLen: 5,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "no changes",
|
||||
args: args{
|
||||
existing: &OIDCIDPConfig{
|
||||
IDPConfigID: "IDPConfigID",
|
||||
ClientID: "ClientID",
|
||||
Issuer: "Issuer",
|
||||
Scopes: []string{"scope1"},
|
||||
},
|
||||
new: &OIDCIDPConfig{
|
||||
IDPConfigID: "IDPConfigID",
|
||||
ClientID: "ClientID",
|
||||
Issuer: "Issuer",
|
||||
Scopes: []string{"scope1"},
|
||||
},
|
||||
},
|
||||
res: res{
|
||||
changesLen: 1,
|
||||
},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
changes := tt.args.existing.Changes(tt.args.new)
|
||||
if len(changes) != tt.res.changesLen {
|
||||
t.Errorf("got wrong changes len: expected: %v, actual: %v ", tt.res.changesLen, len(changes))
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestAppendAddOIDCIdpConfigEvent(t *testing.T) {
|
||||
type args struct {
|
||||
iam *IAM
|
||||
config *OIDCIDPConfig
|
||||
event *es_models.Event
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
args args
|
||||
result *IAM
|
||||
}{
|
||||
{
|
||||
name: "append add oidc idp config event",
|
||||
args: args{
|
||||
iam: &IAM{IDPs: []*IDPConfig{&IDPConfig{IDPConfigID: "IDPConfigID"}}},
|
||||
config: &OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"},
|
||||
event: &es_models.Event{},
|
||||
},
|
||||
result: &IAM{IDPs: []*IDPConfig{&IDPConfig{IDPConfigID: "IDPConfigID", OIDCIDPConfig: &OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"}}}},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
if tt.args.config != nil {
|
||||
data, _ := json.Marshal(tt.args.config)
|
||||
tt.args.event.Data = data
|
||||
}
|
||||
tt.args.iam.appendAddOIDCIDPConfigEvent(tt.args.event)
|
||||
if len(tt.args.iam.IDPs) != 1 {
|
||||
t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.iam.IDPs))
|
||||
}
|
||||
if tt.args.iam.IDPs[0].OIDCIDPConfig == nil {
|
||||
t.Errorf("got wrong result should have oidc config actual: %v ", tt.args.iam.IDPs[0].OIDCIDPConfig)
|
||||
}
|
||||
if tt.args.iam.IDPs[0] == tt.result.IDPs[0] {
|
||||
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.iam.IDPs[0])
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestAppendChangeOIDCIdpConfigEvent(t *testing.T) {
|
||||
type args struct {
|
||||
iam *IAM
|
||||
config *OIDCIDPConfig
|
||||
event *es_models.Event
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
args args
|
||||
result *IAM
|
||||
}{
|
||||
{
|
||||
name: "append change oidc idp config event",
|
||||
args: args{
|
||||
iam: &IAM{IDPs: []*IDPConfig{&IDPConfig{IDPConfigID: "IDPConfigID", OIDCIDPConfig: &OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"}}}},
|
||||
config: &OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID Changed"},
|
||||
event: &es_models.Event{},
|
||||
},
|
||||
result: &IAM{IDPs: []*IDPConfig{&IDPConfig{IDPConfigID: "IDPConfigID", OIDCIDPConfig: &OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID Changed"}}}},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
if tt.args.config != nil {
|
||||
data, _ := json.Marshal(tt.args.config)
|
||||
tt.args.event.Data = data
|
||||
}
|
||||
tt.args.iam.appendChangeOIDCIDPConfigEvent(tt.args.event)
|
||||
if len(tt.args.iam.IDPs) != 1 {
|
||||
t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.iam.IDPs))
|
||||
}
|
||||
if tt.args.iam.IDPs[0].OIDCIDPConfig == nil {
|
||||
t.Errorf("got wrong result should have oidc config actual: %v ", tt.args.iam.IDPs[0].OIDCIDPConfig)
|
||||
}
|
||||
if tt.args.iam.IDPs[0] == tt.result.IDPs[0] {
|
||||
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.iam.IDPs[0])
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
@ -3,13 +3,31 @@ package model
|
||||
import "github.com/caos/zitadel/internal/eventstore/models"
|
||||
|
||||
const (
|
||||
IamAggregate models.AggregateType = "iam"
|
||||
IAMAggregate models.AggregateType = "iam"
|
||||
|
||||
IamSetupStarted models.EventType = "iam.setup.started"
|
||||
IamSetupDone models.EventType = "iam.setup.done"
|
||||
IAMSetupStarted models.EventType = "iam.setup.started"
|
||||
IAMSetupDone models.EventType = "iam.setup.done"
|
||||
GlobalOrgSet models.EventType = "iam.global.org.set"
|
||||
IamProjectSet models.EventType = "iam.project.iam.set"
|
||||
IamMemberAdded models.EventType = "iam.member.added"
|
||||
IamMemberChanged models.EventType = "iam.member.changed"
|
||||
IamMemberRemoved models.EventType = "iam.member.removed"
|
||||
IAMProjectSet models.EventType = "iam.project.iam.set"
|
||||
IAMMemberAdded models.EventType = "iam.member.added"
|
||||
IAMMemberChanged models.EventType = "iam.member.changed"
|
||||
IAMMemberRemoved models.EventType = "iam.member.removed"
|
||||
|
||||
IDPConfigAdded models.EventType = "iam.idp.config.added"
|
||||
IDPConfigChanged models.EventType = "iam.idp.config.changed"
|
||||
IDPConfigRemoved models.EventType = "iam.idp.config.removed"
|
||||
IDPConfigDeactivated models.EventType = "iam.idp.config.deactivated"
|
||||
IDPConfigReactivated models.EventType = "iam.idp.config.reactivated"
|
||||
|
||||
OIDCIDPConfigAdded models.EventType = "iam.idp.oidc.config.added"
|
||||
OIDCIDPConfigChanged models.EventType = "iam.idp.oidc.config.changed"
|
||||
|
||||
SAMLIDPConfigAdded models.EventType = "iam.idp.saml.config.added"
|
||||
SAMLIDPConfigChanged models.EventType = "iam.idp.saml.config.changed"
|
||||
|
||||
LoginPolicyAdded models.EventType = "iam.policy.login.added"
|
||||
LoginPolicyChanged models.EventType = "iam.policy.login.changed"
|
||||
LoginPolicyIDPProviderAdded models.EventType = "iam.policy.login.idpprovider.added"
|
||||
LoginPolicyIDPProviderRemoved models.EventType = "iam.policy.login.idpprovider.removed"
|
||||
LoginPolicyIDPProviderCascadeRemoved models.EventType = "iam.policy.login.idpprovider.cascade.removed"
|
||||
)
|
||||
|
@ -9,38 +9,38 @@ import (
|
||||
"github.com/jinzhu/gorm"
|
||||
)
|
||||
|
||||
func IamMemberByIDs(db *gorm.DB, table, orgID, userID string) (*model.IamMemberView, error) {
|
||||
member := new(model.IamMemberView)
|
||||
func IAMMemberByIDs(db *gorm.DB, table, orgID, userID string) (*model.IAMMemberView, error) {
|
||||
member := new(model.IAMMemberView)
|
||||
|
||||
iamIDQuery := &model.IamMemberSearchQuery{Key: iam_model.IamMemberSearchKeyIamID, Value: orgID, Method: global_model.SearchMethodEquals}
|
||||
userIDQuery := &model.IamMemberSearchQuery{Key: iam_model.IamMemberSearchKeyUserID, Value: userID, Method: global_model.SearchMethodEquals}
|
||||
iamIDQuery := &model.IAMMemberSearchQuery{Key: iam_model.IAMMemberSearchKeyIamID, Value: orgID, Method: global_model.SearchMethodEquals}
|
||||
userIDQuery := &model.IAMMemberSearchQuery{Key: iam_model.IAMMemberSearchKeyUserID, Value: userID, Method: global_model.SearchMethodEquals}
|
||||
query := repository.PrepareGetByQuery(table, iamIDQuery, userIDQuery)
|
||||
err := query(db, member)
|
||||
if caos_errs.IsNotFound(err) {
|
||||
return nil, caos_errs.ThrowNotFound(nil, "VIEW-Ahq2s", "Errors.Iam.MemberNotExisting")
|
||||
return nil, caos_errs.ThrowNotFound(nil, "VIEW-Ahq2s", "Errors.IAM.MemberNotExisting")
|
||||
}
|
||||
return member, err
|
||||
}
|
||||
|
||||
func SearchIamMembers(db *gorm.DB, table string, req *iam_model.IamMemberSearchRequest) ([]*model.IamMemberView, uint64, error) {
|
||||
members := make([]*model.IamMemberView, 0)
|
||||
query := repository.PrepareSearchQuery(table, model.IamMemberSearchRequest{Limit: req.Limit, Offset: req.Offset, Queries: req.Queries})
|
||||
func SearchIAMMembers(db *gorm.DB, table string, req *iam_model.IAMMemberSearchRequest) ([]*model.IAMMemberView, uint64, error) {
|
||||
members := make([]*model.IAMMemberView, 0)
|
||||
query := repository.PrepareSearchQuery(table, model.IAMMemberSearchRequest{Limit: req.Limit, Offset: req.Offset, Queries: req.Queries})
|
||||
count, err := query(db, &members)
|
||||
if err != nil {
|
||||
return nil, 0, err
|
||||
}
|
||||
return members, count, nil
|
||||
}
|
||||
func IamMembersByUserID(db *gorm.DB, table string, userID string) ([]*model.IamMemberView, error) {
|
||||
members := make([]*model.IamMemberView, 0)
|
||||
queries := []*iam_model.IamMemberSearchQuery{
|
||||
func IAMMembersByUserID(db *gorm.DB, table string, userID string) ([]*model.IAMMemberView, error) {
|
||||
members := make([]*model.IAMMemberView, 0)
|
||||
queries := []*iam_model.IAMMemberSearchQuery{
|
||||
{
|
||||
Key: iam_model.IamMemberSearchKeyUserID,
|
||||
Key: iam_model.IAMMemberSearchKeyUserID,
|
||||
Value: userID,
|
||||
Method: global_model.SearchMethodEquals,
|
||||
},
|
||||
}
|
||||
query := repository.PrepareSearchQuery(table, model.IamMemberSearchRequest{Queries: queries})
|
||||
query := repository.PrepareSearchQuery(table, model.IAMMemberSearchRequest{Queries: queries})
|
||||
_, err := query(db, &members)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@ -48,13 +48,13 @@ func IamMembersByUserID(db *gorm.DB, table string, userID string) ([]*model.IamM
|
||||
return members, nil
|
||||
}
|
||||
|
||||
func PutIamMember(db *gorm.DB, table string, role *model.IamMemberView) error {
|
||||
func PutIAMMember(db *gorm.DB, table string, role *model.IAMMemberView) error {
|
||||
save := repository.PrepareSave(table)
|
||||
return save(db, role)
|
||||
}
|
||||
|
||||
func DeleteIamMember(db *gorm.DB, table, orgID, userID string) error {
|
||||
member, err := IamMemberByIDs(db, table, orgID, userID)
|
||||
func DeleteIAMMember(db *gorm.DB, table, orgID, userID string) error {
|
||||
member, err := IAMMemberByIDs(db, table, orgID, userID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
78
internal/iam/repository/view/idp_provider_view.go
Normal file
78
internal/iam/repository/view/idp_provider_view.go
Normal file
@ -0,0 +1,78 @@
|
||||
package view
|
||||
|
||||
import (
|
||||
caos_errs "github.com/caos/zitadel/internal/errors"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
"github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
global_model "github.com/caos/zitadel/internal/model"
|
||||
"github.com/caos/zitadel/internal/view/repository"
|
||||
"github.com/jinzhu/gorm"
|
||||
)
|
||||
|
||||
func GetIDPProviderByAggregateIDAndConfigID(db *gorm.DB, table, aggregateID, idpConfigID string) (*model.IDPProviderView, error) {
|
||||
policy := new(model.IDPProviderView)
|
||||
aggIDQuery := &model.IDPProviderSearchQuery{Key: iam_model.IDPProviderSearchKeyAggregateID, Value: aggregateID, Method: global_model.SearchMethodEquals}
|
||||
idpConfigIDQuery := &model.IDPProviderSearchQuery{Key: iam_model.IDPProviderSearchKeyIdpConfigID, Value: idpConfigID, Method: global_model.SearchMethodEquals}
|
||||
query := repository.PrepareGetByQuery(table, aggIDQuery, idpConfigIDQuery)
|
||||
err := query(db, policy)
|
||||
if caos_errs.IsNotFound(err) {
|
||||
return nil, caos_errs.ThrowNotFound(nil, "VIEW-Skvi8", "Errors.IAM.LoginPolicy.IdpProviderNotExisting")
|
||||
}
|
||||
return policy, err
|
||||
}
|
||||
|
||||
func IDPProvidersByIdpConfigID(db *gorm.DB, table string, idpConfigID string) ([]*model.IDPProviderView, error) {
|
||||
members := make([]*model.IDPProviderView, 0)
|
||||
queries := []*iam_model.IDPProviderSearchQuery{
|
||||
{
|
||||
Key: iam_model.IDPProviderSearchKeyIdpConfigID,
|
||||
Value: idpConfigID,
|
||||
Method: global_model.SearchMethodEquals,
|
||||
},
|
||||
}
|
||||
query := repository.PrepareSearchQuery(table, model.IDPProviderSearchRequest{Queries: queries})
|
||||
_, err := query(db, &members)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return members, nil
|
||||
}
|
||||
|
||||
func SearchIDPProviders(db *gorm.DB, table string, req *iam_model.IDPProviderSearchRequest) ([]*model.IDPProviderView, uint64, error) {
|
||||
providers := make([]*model.IDPProviderView, 0)
|
||||
query := repository.PrepareSearchQuery(table, model.IDPProviderSearchRequest{Limit: req.Limit, Offset: req.Offset, Queries: req.Queries})
|
||||
count, err := query(db, &providers)
|
||||
if err != nil {
|
||||
return nil, 0, err
|
||||
}
|
||||
return providers, count, nil
|
||||
}
|
||||
|
||||
func PutIDPProvider(db *gorm.DB, table string, provider *model.IDPProviderView) error {
|
||||
save := repository.PrepareSave(table)
|
||||
return save(db, provider)
|
||||
}
|
||||
|
||||
func PutIDPProviders(db *gorm.DB, table string, providers ...*model.IDPProviderView) error {
|
||||
save := repository.PrepareBulkSave(table)
|
||||
p := make([]interface{}, len(providers))
|
||||
for i, provider := range providers {
|
||||
p[i] = provider
|
||||
}
|
||||
return save(db, p...)
|
||||
}
|
||||
|
||||
func DeleteIDPProvider(db *gorm.DB, table, aggregateID, idpConfigID string) error {
|
||||
delete := repository.PrepareDeleteByKeys(table,
|
||||
repository.Key{Key: model.IDPProviderSearchKey(iam_model.IDPProviderSearchKeyAggregateID), Value: aggregateID},
|
||||
repository.Key{Key: model.IDPProviderSearchKey(iam_model.IDPProviderSearchKeyIdpConfigID), Value: idpConfigID},
|
||||
)
|
||||
return delete(db)
|
||||
}
|
||||
|
||||
func DeleteIDPProvidersByAggregateID(db *gorm.DB, table, aggregateID string) error {
|
||||
delete := repository.PrepareDeleteByKeys(table,
|
||||
repository.Key{Key: model.IDPProviderSearchKey(iam_model.IDPProviderSearchKeyAggregateID), Value: aggregateID},
|
||||
)
|
||||
return delete(db)
|
||||
}
|
42
internal/iam/repository/view/idp_view.go
Normal file
42
internal/iam/repository/view/idp_view.go
Normal file
@ -0,0 +1,42 @@
|
||||
package view
|
||||
|
||||
import (
|
||||
caos_errs "github.com/caos/zitadel/internal/errors"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
"github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
global_model "github.com/caos/zitadel/internal/model"
|
||||
"github.com/caos/zitadel/internal/view/repository"
|
||||
"github.com/jinzhu/gorm"
|
||||
)
|
||||
|
||||
func IDPByID(db *gorm.DB, table, idpID string) (*model.IDPConfigView, error) {
|
||||
idp := new(model.IDPConfigView)
|
||||
userIDQuery := &model.IDPConfigSearchQuery{Key: iam_model.IDPConfigSearchKeyIdpConfigID, Value: idpID, Method: global_model.SearchMethodEquals}
|
||||
query := repository.PrepareGetByQuery(table, userIDQuery)
|
||||
err := query(db, idp)
|
||||
if caos_errs.IsNotFound(err) {
|
||||
return nil, caos_errs.ThrowNotFound(nil, "VIEW-Ahq2s", "Errors.IAM.IdpNotExisting")
|
||||
}
|
||||
return idp, err
|
||||
}
|
||||
|
||||
func SearchIDPs(db *gorm.DB, table string, req *iam_model.IDPConfigSearchRequest) ([]*model.IDPConfigView, uint64, error) {
|
||||
idps := make([]*model.IDPConfigView, 0)
|
||||
query := repository.PrepareSearchQuery(table, model.IDPConfigSearchRequest{Limit: req.Limit, Offset: req.Offset, Queries: req.Queries})
|
||||
count, err := query(db, &idps)
|
||||
if err != nil {
|
||||
return nil, 0, err
|
||||
}
|
||||
return idps, count, nil
|
||||
}
|
||||
|
||||
func PutIDP(db *gorm.DB, table string, idp *model.IDPConfigView) error {
|
||||
save := repository.PrepareSave(table)
|
||||
return save(db, idp)
|
||||
}
|
||||
|
||||
func DeleteIDP(db *gorm.DB, table, idpID string) error {
|
||||
delete := repository.PrepareDeleteByKey(table, model.IDPConfigSearchKey(iam_model.IDPConfigSearchKeyIdpConfigID), idpID)
|
||||
|
||||
return delete(db)
|
||||
}
|
32
internal/iam/repository/view/login_policy_view.go
Normal file
32
internal/iam/repository/view/login_policy_view.go
Normal file
@ -0,0 +1,32 @@
|
||||
package view
|
||||
|
||||
import (
|
||||
caos_errs "github.com/caos/zitadel/internal/errors"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
"github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
global_model "github.com/caos/zitadel/internal/model"
|
||||
"github.com/caos/zitadel/internal/view/repository"
|
||||
"github.com/jinzhu/gorm"
|
||||
)
|
||||
|
||||
func GetLoginPolicyByAggregateID(db *gorm.DB, table, aggregateID string) (*model.LoginPolicyView, error) {
|
||||
policy := new(model.LoginPolicyView)
|
||||
userIDQuery := &model.LoginPolicySearchQuery{Key: iam_model.LoginPolicySearchKeyAggregateID, Value: aggregateID, Method: global_model.SearchMethodEquals}
|
||||
query := repository.PrepareGetByQuery(table, userIDQuery)
|
||||
err := query(db, policy)
|
||||
if caos_errs.IsNotFound(err) {
|
||||
return nil, caos_errs.ThrowNotFound(nil, "VIEW-Lso0cs", "Errors.IAM.LoginPolicy.NotExisting")
|
||||
}
|
||||
return policy, err
|
||||
}
|
||||
|
||||
func PutLoginPolicy(db *gorm.DB, table string, policy *model.LoginPolicyView) error {
|
||||
save := repository.PrepareSave(table)
|
||||
return save(db, policy)
|
||||
}
|
||||
|
||||
func DeleteLoginPolicy(db *gorm.DB, table, aggregateID string) error {
|
||||
delete := repository.PrepareDeleteByKey(table, model.LoginPolicySearchKey(iam_model.LoginPolicySearchKeyAggregateID), aggregateID)
|
||||
|
||||
return delete(db)
|
||||
}
|
@ -14,17 +14,17 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
IamMemberKeyUserID = "user_id"
|
||||
IamMemberKeyIamID = "iam_id"
|
||||
IamMemberKeyUserName = "user_name"
|
||||
IamMemberKeyEmail = "email"
|
||||
IamMemberKeyFirstName = "first_name"
|
||||
IamMemberKeyLastName = "last_name"
|
||||
IAMMemberKeyUserID = "user_id"
|
||||
IAMMemberKeyIamID = "iam_id"
|
||||
IAMMemberKeyUserName = "user_name"
|
||||
IAMMemberKeyEmail = "email"
|
||||
IAMMemberKeyFirstName = "first_name"
|
||||
IAMMemberKeyLastName = "last_name"
|
||||
)
|
||||
|
||||
type IamMemberView struct {
|
||||
type IAMMemberView struct {
|
||||
UserID string `json:"userId" gorm:"column:user_id;primary_key"`
|
||||
IamID string `json:"-" gorm:"column:iam_id"`
|
||||
IAMID string `json:"-" gorm:"column:iam_id"`
|
||||
UserName string `json:"-" gorm:"column:user_name"`
|
||||
Email string `json:"-" gorm:"column:email_address"`
|
||||
FirstName string `json:"-" gorm:"column:first_name"`
|
||||
@ -37,10 +37,10 @@ type IamMemberView struct {
|
||||
ChangeDate time.Time `json:"-" gorm:"column:change_date"`
|
||||
}
|
||||
|
||||
func IamMemberViewFromModel(member *model.IamMemberView) *IamMemberView {
|
||||
return &IamMemberView{
|
||||
func IAMMemberViewFromModel(member *model.IAMMemberView) *IAMMemberView {
|
||||
return &IAMMemberView{
|
||||
UserID: member.UserID,
|
||||
IamID: member.IamID,
|
||||
IAMID: member.IAMID,
|
||||
UserName: member.UserName,
|
||||
Email: member.Email,
|
||||
FirstName: member.FirstName,
|
||||
@ -53,10 +53,10 @@ func IamMemberViewFromModel(member *model.IamMemberView) *IamMemberView {
|
||||
}
|
||||
}
|
||||
|
||||
func IamMemberToModel(member *IamMemberView) *model.IamMemberView {
|
||||
return &model.IamMemberView{
|
||||
func IAMMemberToModel(member *IAMMemberView) *model.IAMMemberView {
|
||||
return &model.IAMMemberView{
|
||||
UserID: member.UserID,
|
||||
IamID: member.IamID,
|
||||
IAMID: member.IAMID,
|
||||
UserName: member.UserName,
|
||||
Email: member.Email,
|
||||
FirstName: member.FirstName,
|
||||
@ -69,33 +69,33 @@ func IamMemberToModel(member *IamMemberView) *model.IamMemberView {
|
||||
}
|
||||
}
|
||||
|
||||
func IamMembersToModel(roles []*IamMemberView) []*model.IamMemberView {
|
||||
result := make([]*model.IamMemberView, len(roles))
|
||||
func IAMMembersToModel(roles []*IAMMemberView) []*model.IAMMemberView {
|
||||
result := make([]*model.IAMMemberView, len(roles))
|
||||
for i, r := range roles {
|
||||
result[i] = IamMemberToModel(r)
|
||||
result[i] = IAMMemberToModel(r)
|
||||
}
|
||||
return result
|
||||
}
|
||||
|
||||
func (r *IamMemberView) AppendEvent(event *models.Event) (err error) {
|
||||
func (r *IAMMemberView) AppendEvent(event *models.Event) (err error) {
|
||||
r.Sequence = event.Sequence
|
||||
r.ChangeDate = event.CreationDate
|
||||
switch event.Type {
|
||||
case es_model.IamMemberAdded:
|
||||
case es_model.IAMMemberAdded:
|
||||
r.setRootData(event)
|
||||
r.CreationDate = event.CreationDate
|
||||
err = r.SetData(event)
|
||||
case es_model.IamMemberChanged:
|
||||
case es_model.IAMMemberChanged:
|
||||
err = r.SetData(event)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func (r *IamMemberView) setRootData(event *models.Event) {
|
||||
r.IamID = event.AggregateID
|
||||
func (r *IAMMemberView) setRootData(event *models.Event) {
|
||||
r.IAMID = event.AggregateID
|
||||
}
|
||||
|
||||
func (r *IamMemberView) SetData(event *models.Event) error {
|
||||
func (r *IAMMemberView) SetData(event *models.Event) error {
|
||||
if err := json.Unmarshal(event.Data, r); err != nil {
|
||||
logging.Log("EVEN-Psl89").WithError(err).Error("could not unmarshal event data")
|
||||
return caos_errs.ThrowInternal(err, "MODEL-lub6s", "Could not unmarshal data")
|
||||
|
@ -6,63 +6,63 @@ import (
|
||||
"github.com/caos/zitadel/internal/view/repository"
|
||||
)
|
||||
|
||||
type IamMemberSearchRequest iam_model.IamMemberSearchRequest
|
||||
type IamMemberSearchQuery iam_model.IamMemberSearchQuery
|
||||
type IamMemberSearchKey iam_model.IamMemberSearchKey
|
||||
type IAMMemberSearchRequest iam_model.IAMMemberSearchRequest
|
||||
type IAMMemberSearchQuery iam_model.IAMMemberSearchQuery
|
||||
type IAMMemberSearchKey iam_model.IAMMemberSearchKey
|
||||
|
||||
func (req IamMemberSearchRequest) GetLimit() uint64 {
|
||||
func (req IAMMemberSearchRequest) GetLimit() uint64 {
|
||||
return req.Limit
|
||||
}
|
||||
|
||||
func (req IamMemberSearchRequest) GetOffset() uint64 {
|
||||
func (req IAMMemberSearchRequest) GetOffset() uint64 {
|
||||
return req.Offset
|
||||
}
|
||||
|
||||
func (req IamMemberSearchRequest) GetSortingColumn() repository.ColumnKey {
|
||||
if req.SortingColumn == iam_model.IamMemberSearchKeyUnspecified {
|
||||
func (req IAMMemberSearchRequest) GetSortingColumn() repository.ColumnKey {
|
||||
if req.SortingColumn == iam_model.IAMMemberSearchKeyUnspecified {
|
||||
return nil
|
||||
}
|
||||
return IamMemberSearchKey(req.SortingColumn)
|
||||
return IAMMemberSearchKey(req.SortingColumn)
|
||||
}
|
||||
|
||||
func (req IamMemberSearchRequest) GetAsc() bool {
|
||||
func (req IAMMemberSearchRequest) GetAsc() bool {
|
||||
return req.Asc
|
||||
}
|
||||
|
||||
func (req IamMemberSearchRequest) GetQueries() []repository.SearchQuery {
|
||||
func (req IAMMemberSearchRequest) GetQueries() []repository.SearchQuery {
|
||||
result := make([]repository.SearchQuery, len(req.Queries))
|
||||
for i, q := range req.Queries {
|
||||
result[i] = IamMemberSearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
|
||||
result[i] = IAMMemberSearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
|
||||
}
|
||||
return result
|
||||
}
|
||||
|
||||
func (req IamMemberSearchQuery) GetKey() repository.ColumnKey {
|
||||
return IamMemberSearchKey(req.Key)
|
||||
func (req IAMMemberSearchQuery) GetKey() repository.ColumnKey {
|
||||
return IAMMemberSearchKey(req.Key)
|
||||
}
|
||||
|
||||
func (req IamMemberSearchQuery) GetMethod() global_model.SearchMethod {
|
||||
func (req IAMMemberSearchQuery) GetMethod() global_model.SearchMethod {
|
||||
return req.Method
|
||||
}
|
||||
|
||||
func (req IamMemberSearchQuery) GetValue() interface{} {
|
||||
func (req IAMMemberSearchQuery) GetValue() interface{} {
|
||||
return req.Value
|
||||
}
|
||||
|
||||
func (key IamMemberSearchKey) ToColumnName() string {
|
||||
switch iam_model.IamMemberSearchKey(key) {
|
||||
case iam_model.IamMemberSearchKeyEmail:
|
||||
return IamMemberKeyEmail
|
||||
case iam_model.IamMemberSearchKeyFirstName:
|
||||
return IamMemberKeyFirstName
|
||||
case iam_model.IamMemberSearchKeyLastName:
|
||||
return IamMemberKeyLastName
|
||||
case iam_model.IamMemberSearchKeyUserName:
|
||||
return IamMemberKeyUserName
|
||||
case iam_model.IamMemberSearchKeyUserID:
|
||||
return IamMemberKeyUserID
|
||||
case iam_model.IamMemberSearchKeyIamID:
|
||||
return IamMemberKeyIamID
|
||||
func (key IAMMemberSearchKey) ToColumnName() string {
|
||||
switch iam_model.IAMMemberSearchKey(key) {
|
||||
case iam_model.IAMMemberSearchKeyEmail:
|
||||
return IAMMemberKeyEmail
|
||||
case iam_model.IAMMemberSearchKeyFirstName:
|
||||
return IAMMemberKeyFirstName
|
||||
case iam_model.IAMMemberSearchKeyLastName:
|
||||
return IAMMemberKeyLastName
|
||||
case iam_model.IAMMemberSearchKeyUserName:
|
||||
return IAMMemberKeyUserName
|
||||
case iam_model.IAMMemberSearchKeyUserID:
|
||||
return IAMMemberKeyUserID
|
||||
case iam_model.IAMMemberSearchKeyIamID:
|
||||
return IAMMemberKeyIamID
|
||||
default:
|
||||
return ""
|
||||
}
|
||||
|
121
internal/iam/repository/view/model/idp_config.go
Normal file
121
internal/iam/repository/view/model/idp_config.go
Normal file
@ -0,0 +1,121 @@
|
||||
package model
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"github.com/caos/zitadel/internal/crypto"
|
||||
"time"
|
||||
|
||||
es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
|
||||
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
|
||||
|
||||
"github.com/caos/logging"
|
||||
caos_errs "github.com/caos/zitadel/internal/errors"
|
||||
"github.com/caos/zitadel/internal/eventstore/models"
|
||||
"github.com/caos/zitadel/internal/iam/model"
|
||||
"github.com/lib/pq"
|
||||
)
|
||||
|
||||
const (
|
||||
IDPConfigKeyIdpConfigID = "idp_config_id"
|
||||
IDPConfigKeyAggregateID = "aggregate_id"
|
||||
IDPConfigKeyName = "name"
|
||||
IDPConfigKeyProviderType = "idp_provider_type"
|
||||
)
|
||||
|
||||
type IDPConfigView struct {
|
||||
IDPConfigID string `json:"idpConfigId" gorm:"column:idp_config_id;primary_key"`
|
||||
AggregateID string `json:"-" gorm:"column:aggregate_id"`
|
||||
Name string `json:"name" gorm:"column:name"`
|
||||
LogoSrc []byte `json:"logoSrc" gorm:"column:logo_src"`
|
||||
CreationDate time.Time `json:"-" gorm:"column:creation_date"`
|
||||
ChangeDate time.Time `json:"-" gorm:"column:change_date"`
|
||||
IDPState int32 `json:"-" gorm:"column:idp_state"`
|
||||
IDPProviderType int32 `json:"-" gorm:"column:idp_provider_type"`
|
||||
|
||||
IsOIDC bool `json:"-" gorm:"column:is_oidc"`
|
||||
OIDCClientID string `json:"clientId" gorm:"column:oidc_client_id"`
|
||||
OIDCClientSecret *crypto.CryptoValue `json:"clientSecret" gorm:"column:oidc_client_secret"`
|
||||
OIDCIssuer string `json:"issuer" gorm:"column:oidc_issuer"`
|
||||
OIDCScopes pq.StringArray `json:"scopes" gorm:"column:oidc_scopes"`
|
||||
|
||||
Sequence uint64 `json:"-" gorm:"column:sequence"`
|
||||
}
|
||||
|
||||
func IDPConfigViewFromModel(idp *model.IDPConfigView) *IDPConfigView {
|
||||
return &IDPConfigView{
|
||||
IDPConfigID: idp.IDPConfigID,
|
||||
AggregateID: idp.AggregateID,
|
||||
Name: idp.Name,
|
||||
LogoSrc: idp.LogoSrc,
|
||||
Sequence: idp.Sequence,
|
||||
CreationDate: idp.CreationDate,
|
||||
ChangeDate: idp.ChangeDate,
|
||||
IDPProviderType: int32(idp.IDPProviderType),
|
||||
IsOIDC: idp.IsOIDC,
|
||||
OIDCClientID: idp.OIDCClientID,
|
||||
OIDCClientSecret: idp.OIDCClientSecret,
|
||||
OIDCIssuer: idp.OIDCIssuer,
|
||||
OIDCScopes: idp.OIDCScopes,
|
||||
}
|
||||
}
|
||||
|
||||
func IdpConfigViewToModel(idp *IDPConfigView) *model.IDPConfigView {
|
||||
return &model.IDPConfigView{
|
||||
IDPConfigID: idp.IDPConfigID,
|
||||
AggregateID: idp.AggregateID,
|
||||
Name: idp.Name,
|
||||
LogoSrc: idp.LogoSrc,
|
||||
Sequence: idp.Sequence,
|
||||
CreationDate: idp.CreationDate,
|
||||
ChangeDate: idp.ChangeDate,
|
||||
IDPProviderType: model.IDPProviderType(idp.IDPProviderType),
|
||||
IsOIDC: idp.IsOIDC,
|
||||
OIDCClientID: idp.OIDCClientID,
|
||||
OIDCClientSecret: idp.OIDCClientSecret,
|
||||
OIDCIssuer: idp.OIDCIssuer,
|
||||
OIDCScopes: idp.OIDCScopes,
|
||||
}
|
||||
}
|
||||
|
||||
func IdpConfigViewsToModel(idps []*IDPConfigView) []*model.IDPConfigView {
|
||||
result := make([]*model.IDPConfigView, len(idps))
|
||||
for i, idp := range idps {
|
||||
result[i] = IdpConfigViewToModel(idp)
|
||||
}
|
||||
return result
|
||||
}
|
||||
|
||||
func (i *IDPConfigView) AppendEvent(providerType model.IDPProviderType, event *models.Event) (err error) {
|
||||
i.Sequence = event.Sequence
|
||||
i.ChangeDate = event.CreationDate
|
||||
switch event.Type {
|
||||
case es_model.IDPConfigAdded, org_es_model.IDPConfigAdded:
|
||||
i.setRootData(event)
|
||||
i.CreationDate = event.CreationDate
|
||||
i.IDPProviderType = int32(providerType)
|
||||
err = i.SetData(event)
|
||||
case es_model.OIDCIDPConfigAdded, org_es_model.OIDCIDPConfigAdded:
|
||||
i.IsOIDC = true
|
||||
err = i.SetData(event)
|
||||
case es_model.OIDCIDPConfigChanged, org_es_model.OIDCIDPConfigChanged,
|
||||
es_model.IDPConfigChanged, org_es_model.IDPConfigChanged:
|
||||
err = i.SetData(event)
|
||||
case es_model.IDPConfigDeactivated, org_es_model.IDPConfigDeactivated:
|
||||
i.IDPState = int32(model.IDPConfigStateInactive)
|
||||
case es_model.IDPConfigReactivated, org_es_model.IDPConfigReactivated:
|
||||
i.IDPState = int32(model.IDPConfigStateActive)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func (r *IDPConfigView) setRootData(event *models.Event) {
|
||||
r.AggregateID = event.AggregateID
|
||||
}
|
||||
|
||||
func (r *IDPConfigView) SetData(event *models.Event) error {
|
||||
if err := json.Unmarshal(event.Data, r); err != nil {
|
||||
logging.Log("EVEN-Smkld").WithError(err).Error("could not unmarshal event data")
|
||||
return caos_errs.ThrowInternal(err, "MODEL-lub6s", "Could not unmarshal data")
|
||||
}
|
||||
return nil
|
||||
}
|
65
internal/iam/repository/view/model/idp_config_query.go
Normal file
65
internal/iam/repository/view/model/idp_config_query.go
Normal file
@ -0,0 +1,65 @@
|
||||
package model
|
||||
|
||||
import (
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
global_model "github.com/caos/zitadel/internal/model"
|
||||
"github.com/caos/zitadel/internal/view/repository"
|
||||
)
|
||||
|
||||
type IDPConfigSearchRequest iam_model.IDPConfigSearchRequest
|
||||
type IDPConfigSearchQuery iam_model.IDPConfigSearchQuery
|
||||
type IDPConfigSearchKey iam_model.IDPConfigSearchKey
|
||||
|
||||
func (req IDPConfigSearchRequest) GetLimit() uint64 {
|
||||
return req.Limit
|
||||
}
|
||||
|
||||
func (req IDPConfigSearchRequest) GetOffset() uint64 {
|
||||
return req.Offset
|
||||
}
|
||||
|
||||
func (req IDPConfigSearchRequest) GetSortingColumn() repository.ColumnKey {
|
||||
if req.SortingColumn == iam_model.IDPConfigSearchKeyUnspecified {
|
||||
return nil
|
||||
}
|
||||
return IDPConfigSearchKey(req.SortingColumn)
|
||||
}
|
||||
|
||||
func (req IDPConfigSearchRequest) GetAsc() bool {
|
||||
return req.Asc
|
||||
}
|
||||
|
||||
func (req IDPConfigSearchRequest) GetQueries() []repository.SearchQuery {
|
||||
result := make([]repository.SearchQuery, len(req.Queries))
|
||||
for i, q := range req.Queries {
|
||||
result[i] = IDPConfigSearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
|
||||
}
|
||||
return result
|
||||
}
|
||||
|
||||
func (req IDPConfigSearchQuery) GetKey() repository.ColumnKey {
|
||||
return IDPConfigSearchKey(req.Key)
|
||||
}
|
||||
|
||||
func (req IDPConfigSearchQuery) GetMethod() global_model.SearchMethod {
|
||||
return req.Method
|
||||
}
|
||||
|
||||
func (req IDPConfigSearchQuery) GetValue() interface{} {
|
||||
return req.Value
|
||||
}
|
||||
|
||||
func (key IDPConfigSearchKey) ToColumnName() string {
|
||||
switch iam_model.IDPConfigSearchKey(key) {
|
||||
case iam_model.IDPConfigSearchKeyAggregateID:
|
||||
return IDPConfigKeyAggregateID
|
||||
case iam_model.IDPConfigSearchKeyIdpConfigID:
|
||||
return IDPConfigKeyIdpConfigID
|
||||
case iam_model.IDPConfigSearchKeyName:
|
||||
return IDPConfigKeyName
|
||||
case iam_model.IDPConfigSearchKeyIdpProviderType:
|
||||
return IDPConfigKeyProviderType
|
||||
default:
|
||||
return ""
|
||||
}
|
||||
}
|
89
internal/iam/repository/view/model/idp_provider.go
Normal file
89
internal/iam/repository/view/model/idp_provider.go
Normal file
@ -0,0 +1,89 @@
|
||||
package model
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
|
||||
"time"
|
||||
|
||||
es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
|
||||
|
||||
"github.com/caos/logging"
|
||||
caos_errs "github.com/caos/zitadel/internal/errors"
|
||||
"github.com/caos/zitadel/internal/eventstore/models"
|
||||
"github.com/caos/zitadel/internal/iam/model"
|
||||
)
|
||||
|
||||
const (
|
||||
IDPProviderKeyAggregateID = "aggregate_id"
|
||||
IDPProviderKeyIdpConfigID = "idp_config_id"
|
||||
)
|
||||
|
||||
type IDPProviderView struct {
|
||||
AggregateID string `json:"-" gorm:"column:aggregate_id;primary_key"`
|
||||
IDPConfigID string `json:"idpConfigID" gorm:"column:idp_config_id;primary_key"`
|
||||
|
||||
CreationDate time.Time `json:"-" gorm:"column:creation_date"`
|
||||
ChangeDate time.Time `json:"-" gorm:"column:change_date"`
|
||||
|
||||
Name string `json:"-" gorm:"column:name"`
|
||||
IDPConfigType int32 `json:"-" gorm:"column:idp_config_type"`
|
||||
IDPProviderType int32 `json:"idpProviderType" gorm:"column:idp_provider_type"`
|
||||
|
||||
Sequence uint64 `json:"-" gorm:"column:sequence"`
|
||||
}
|
||||
|
||||
func IDPProviderViewFromModel(policy *model.IDPProviderView) *IDPProviderView {
|
||||
return &IDPProviderView{
|
||||
AggregateID: policy.AggregateID,
|
||||
Sequence: policy.Sequence,
|
||||
CreationDate: policy.CreationDate,
|
||||
ChangeDate: policy.ChangeDate,
|
||||
Name: policy.Name,
|
||||
IDPConfigType: int32(policy.IDPConfigType),
|
||||
IDPProviderType: int32(policy.IDPProviderType),
|
||||
}
|
||||
}
|
||||
|
||||
func IDPProviderViewToModel(policy *IDPProviderView) *model.IDPProviderView {
|
||||
return &model.IDPProviderView{
|
||||
AggregateID: policy.AggregateID,
|
||||
Sequence: policy.Sequence,
|
||||
CreationDate: policy.CreationDate,
|
||||
ChangeDate: policy.ChangeDate,
|
||||
Name: policy.Name,
|
||||
IDPConfigType: model.IdpConfigType(policy.IDPConfigType),
|
||||
IDPProviderType: model.IDPProviderType(policy.IDPProviderType),
|
||||
}
|
||||
}
|
||||
|
||||
func IDPProviderViewsToModel(providers []*IDPProviderView) []*model.IDPProviderView {
|
||||
result := make([]*model.IDPProviderView, len(providers))
|
||||
for i, r := range providers {
|
||||
result[i] = IDPProviderViewToModel(r)
|
||||
}
|
||||
return result
|
||||
}
|
||||
|
||||
func (i *IDPProviderView) AppendEvent(event *models.Event) (err error) {
|
||||
i.Sequence = event.Sequence
|
||||
i.ChangeDate = event.CreationDate
|
||||
switch event.Type {
|
||||
case es_model.LoginPolicyIDPProviderAdded, org_es_model.LoginPolicyIDPProviderAdded:
|
||||
i.setRootData(event)
|
||||
i.CreationDate = event.CreationDate
|
||||
err = i.SetData(event)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func (r *IDPProviderView) setRootData(event *models.Event) {
|
||||
r.AggregateID = event.AggregateID
|
||||
}
|
||||
|
||||
func (r *IDPProviderView) SetData(event *models.Event) error {
|
||||
if err := json.Unmarshal(event.Data, r); err != nil {
|
||||
logging.Log("EVEN-Lso0d").WithError(err).Error("could not unmarshal event data")
|
||||
return caos_errs.ThrowInternal(err, "MODEL-Hs8uf", "Could not unmarshal data")
|
||||
}
|
||||
return nil
|
||||
}
|
61
internal/iam/repository/view/model/idp_provider_query.go
Normal file
61
internal/iam/repository/view/model/idp_provider_query.go
Normal file
@ -0,0 +1,61 @@
|
||||
package model
|
||||
|
||||
import (
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
global_model "github.com/caos/zitadel/internal/model"
|
||||
"github.com/caos/zitadel/internal/view/repository"
|
||||
)
|
||||
|
||||
type IDPProviderSearchRequest iam_model.IDPProviderSearchRequest
|
||||
type IDPProviderSearchQuery iam_model.IDPProviderSearchQuery
|
||||
type IDPProviderSearchKey iam_model.IDPProviderSearchKey
|
||||
|
||||
func (req IDPProviderSearchRequest) GetLimit() uint64 {
|
||||
return req.Limit
|
||||
}
|
||||
|
||||
func (req IDPProviderSearchRequest) GetOffset() uint64 {
|
||||
return req.Offset
|
||||
}
|
||||
|
||||
func (req IDPProviderSearchRequest) GetSortingColumn() repository.ColumnKey {
|
||||
if req.SortingColumn == iam_model.IDPProviderSearchKeyUnspecified {
|
||||
return nil
|
||||
}
|
||||
return IDPProviderSearchKey(req.SortingColumn)
|
||||
}
|
||||
|
||||
func (req IDPProviderSearchRequest) GetAsc() bool {
|
||||
return req.Asc
|
||||
}
|
||||
|
||||
func (req IDPProviderSearchRequest) GetQueries() []repository.SearchQuery {
|
||||
result := make([]repository.SearchQuery, len(req.Queries))
|
||||
for i, q := range req.Queries {
|
||||
result[i] = IDPProviderSearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
|
||||
}
|
||||
return result
|
||||
}
|
||||
|
||||
func (req IDPProviderSearchQuery) GetKey() repository.ColumnKey {
|
||||
return IDPProviderSearchKey(req.Key)
|
||||
}
|
||||
|
||||
func (req IDPProviderSearchQuery) GetMethod() global_model.SearchMethod {
|
||||
return req.Method
|
||||
}
|
||||
|
||||
func (req IDPProviderSearchQuery) GetValue() interface{} {
|
||||
return req.Value
|
||||
}
|
||||
|
||||
func (key IDPProviderSearchKey) ToColumnName() string {
|
||||
switch iam_model.IDPProviderSearchKey(key) {
|
||||
case iam_model.IDPProviderSearchKeyAggregateID:
|
||||
return IDPProviderKeyAggregateID
|
||||
case iam_model.IDPProviderSearchKeyIdpConfigID:
|
||||
return IDPProviderKeyIdpConfigID
|
||||
default:
|
||||
return ""
|
||||
}
|
||||
}
|
84
internal/iam/repository/view/model/login_policy.go
Normal file
84
internal/iam/repository/view/model/login_policy.go
Normal file
@ -0,0 +1,84 @@
|
||||
package model
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
|
||||
"time"
|
||||
|
||||
es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
|
||||
|
||||
"github.com/caos/logging"
|
||||
caos_errs "github.com/caos/zitadel/internal/errors"
|
||||
"github.com/caos/zitadel/internal/eventstore/models"
|
||||
"github.com/caos/zitadel/internal/iam/model"
|
||||
)
|
||||
|
||||
const (
|
||||
LoginPolicyKeyAggregateID = "aggregate_id"
|
||||
)
|
||||
|
||||
type LoginPolicyView struct {
|
||||
AggregateID string `json:"-" gorm:"column:aggregate_id;primary_key"`
|
||||
CreationDate time.Time `json:"-" gorm:"column:creation_date"`
|
||||
ChangeDate time.Time `json:"-" gorm:"column:change_date"`
|
||||
State int32 `json:"-" gorm:"column:login_policy_state"`
|
||||
|
||||
AllowRegister bool `json:"allowRegister" gorm:"column:allow_register"`
|
||||
AllowUsernamePassword bool `json:"allowUsernamePassword" gorm:"column:allow_username_password"`
|
||||
AllowExternalIDP bool `json:"allowExternalIdp" gorm:"column:allow_external_idp"`
|
||||
Default bool `json:"-" gorm:"-"`
|
||||
|
||||
Sequence uint64 `json:"-" gorm:"column:sequence"`
|
||||
}
|
||||
|
||||
func LoginPolicyViewFromModel(policy *model.LoginPolicyView) *LoginPolicyView {
|
||||
return &LoginPolicyView{
|
||||
AggregateID: policy.AggregateID,
|
||||
Sequence: policy.Sequence,
|
||||
CreationDate: policy.CreationDate,
|
||||
ChangeDate: policy.ChangeDate,
|
||||
AllowRegister: policy.AllowRegister,
|
||||
AllowExternalIDP: policy.AllowExternalIDP,
|
||||
AllowUsernamePassword: policy.AllowUsernamePassword,
|
||||
Default: policy.Default,
|
||||
}
|
||||
}
|
||||
|
||||
func LoginPolicyViewToModel(policy *LoginPolicyView) *model.LoginPolicyView {
|
||||
return &model.LoginPolicyView{
|
||||
AggregateID: policy.AggregateID,
|
||||
Sequence: policy.Sequence,
|
||||
CreationDate: policy.CreationDate,
|
||||
ChangeDate: policy.ChangeDate,
|
||||
AllowRegister: policy.AllowRegister,
|
||||
AllowExternalIDP: policy.AllowExternalIDP,
|
||||
AllowUsernamePassword: policy.AllowUsernamePassword,
|
||||
Default: policy.Default,
|
||||
}
|
||||
}
|
||||
|
||||
func (i *LoginPolicyView) AppendEvent(event *models.Event) (err error) {
|
||||
i.Sequence = event.Sequence
|
||||
i.ChangeDate = event.CreationDate
|
||||
switch event.Type {
|
||||
case es_model.LoginPolicyAdded, org_es_model.LoginPolicyAdded:
|
||||
i.setRootData(event)
|
||||
i.CreationDate = event.CreationDate
|
||||
err = i.SetData(event)
|
||||
case es_model.LoginPolicyChanged, org_es_model.LoginPolicyChanged:
|
||||
err = i.SetData(event)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func (r *LoginPolicyView) setRootData(event *models.Event) {
|
||||
r.AggregateID = event.AggregateID
|
||||
}
|
||||
|
||||
func (r *LoginPolicyView) SetData(event *models.Event) error {
|
||||
if err := json.Unmarshal(event.Data, r); err != nil {
|
||||
logging.Log("EVEN-Kn7ds").WithError(err).Error("could not unmarshal event data")
|
||||
return caos_errs.ThrowInternal(err, "MODEL-Hs8uf", "Could not unmarshal data")
|
||||
}
|
||||
return nil
|
||||
}
|
59
internal/iam/repository/view/model/login_policy_query.go
Normal file
59
internal/iam/repository/view/model/login_policy_query.go
Normal file
@ -0,0 +1,59 @@
|
||||
package model
|
||||
|
||||
import (
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
global_model "github.com/caos/zitadel/internal/model"
|
||||
"github.com/caos/zitadel/internal/view/repository"
|
||||
)
|
||||
|
||||
type LoginPolicySearchRequest iam_model.LoginPolicySearchRequest
|
||||
type LoginPolicySearchQuery iam_model.LoginPolicySearchQuery
|
||||
type LoginPolicySearchKey iam_model.LoginPolicySearchKey
|
||||
|
||||
func (req LoginPolicySearchRequest) GetLimit() uint64 {
|
||||
return req.Limit
|
||||
}
|
||||
|
||||
func (req LoginPolicySearchRequest) GetOffset() uint64 {
|
||||
return req.Offset
|
||||
}
|
||||
|
||||
func (req LoginPolicySearchRequest) GetSortingColumn() repository.ColumnKey {
|
||||
if req.SortingColumn == iam_model.LoginPolicySearchKeyUnspecified {
|
||||
return nil
|
||||
}
|
||||
return LoginPolicySearchKey(req.SortingColumn)
|
||||
}
|
||||
|
||||
func (req LoginPolicySearchRequest) GetAsc() bool {
|
||||
return req.Asc
|
||||
}
|
||||
|
||||
func (req LoginPolicySearchRequest) GetQueries() []repository.SearchQuery {
|
||||
result := make([]repository.SearchQuery, len(req.Queries))
|
||||
for i, q := range req.Queries {
|
||||
result[i] = LoginPolicySearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
|
||||
}
|
||||
return result
|
||||
}
|
||||
|
||||
func (req LoginPolicySearchQuery) GetKey() repository.ColumnKey {
|
||||
return LoginPolicySearchKey(req.Key)
|
||||
}
|
||||
|
||||
func (req LoginPolicySearchQuery) GetMethod() global_model.SearchMethod {
|
||||
return req.Method
|
||||
}
|
||||
|
||||
func (req LoginPolicySearchQuery) GetValue() interface{} {
|
||||
return req.Value
|
||||
}
|
||||
|
||||
func (key LoginPolicySearchKey) ToColumnName() string {
|
||||
switch iam_model.LoginPolicySearchKey(key) {
|
||||
case iam_model.LoginPolicySearchKeyAggregateID:
|
||||
return LoginPolicyKeyAggregateID
|
||||
default:
|
||||
return ""
|
||||
}
|
||||
}
|
@ -6,10 +6,10 @@ import (
|
||||
"github.com/caos/zitadel/internal/iam/repository/eventsourcing"
|
||||
)
|
||||
|
||||
type IamRepository struct {
|
||||
IamEvents *eventsourcing.IamEventstore
|
||||
type IAMRepository struct {
|
||||
IAMEvents *eventsourcing.IAMEventstore
|
||||
}
|
||||
|
||||
func (repo *IamRepository) IamByID(ctx context.Context, id string) (*iam_model.Iam, error) {
|
||||
return repo.IamEvents.IamByID(ctx, id)
|
||||
func (repo *IAMRepository) IAMByID(ctx context.Context, id string) (*iam_model.IAM, error) {
|
||||
return repo.IAMEvents.IAMByID(ctx, id)
|
||||
}
|
||||
|
@ -3,6 +3,11 @@ package eventstore
|
||||
import (
|
||||
"context"
|
||||
"github.com/caos/logging"
|
||||
"github.com/caos/zitadel/internal/config/systemdefaults"
|
||||
"github.com/caos/zitadel/internal/eventstore/models"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
iam_es_model "github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
iam_view_model "github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
"strings"
|
||||
|
||||
"github.com/caos/zitadel/internal/api/authz"
|
||||
@ -25,9 +30,10 @@ const (
|
||||
type OrgRepository struct {
|
||||
SearchLimit uint64
|
||||
*org_es.OrgEventstore
|
||||
UserEvents *usr_es.UserEventstore
|
||||
View *mgmt_view.View
|
||||
Roles []string
|
||||
UserEvents *usr_es.UserEventstore
|
||||
View *mgmt_view.View
|
||||
Roles []string
|
||||
SystemDefaults systemdefaults.SystemDefaults
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) OrgByID(ctx context.Context, id string) (*org_model.OrgView, error) {
|
||||
@ -79,15 +85,15 @@ func (repo *OrgRepository) ReactivateOrg(ctx context.Context, id string) (*org_m
|
||||
return repo.OrgEventstore.ReactivateOrg(ctx, id)
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) GetMyOrgIamPolicy(ctx context.Context) (*org_model.OrgIamPolicy, error) {
|
||||
return repo.OrgEventstore.GetOrgIamPolicy(ctx, authz.GetCtxData(ctx).OrgID)
|
||||
func (repo *OrgRepository) GetMyOrgIamPolicy(ctx context.Context) (*org_model.OrgIAMPolicy, error) {
|
||||
return repo.OrgEventstore.GetOrgIAMPolicy(ctx, authz.GetCtxData(ctx).OrgID)
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) SearchMyOrgDomains(ctx context.Context, request *org_model.OrgDomainSearchRequest) (*org_model.OrgDomainSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
request.Queries = append(request.Queries, &org_model.OrgDomainSearchQuery{Key: org_model.OrgDomainSearchKeyOrgID, Method: global_model.SearchMethodEquals, Value: authz.GetCtxData(ctx).OrgID})
|
||||
sequence, err := repo.View.GetLatestOrgDomainSequence()
|
||||
logging.Log("EVENT-SLowp").OnError(err).Warn("could not read latest org domain sequence")
|
||||
sequence, sequenceErr := repo.View.GetLatestOrgDomainSequence()
|
||||
logging.Log("EVENT-SLowp").OnError(sequenceErr).Warn("could not read latest org domain sequence")
|
||||
domains, count, err := repo.View.SearchOrgDomains(request)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@ -98,7 +104,7 @@ func (repo *OrgRepository) SearchMyOrgDomains(ctx context.Context, request *org_
|
||||
TotalResult: uint64(count),
|
||||
Result: model.OrgDomainsToModel(domains),
|
||||
}
|
||||
if err == nil {
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
@ -178,8 +184,8 @@ func (repo *OrgRepository) RemoveMyOrgMember(ctx context.Context, userID string)
|
||||
func (repo *OrgRepository) SearchMyOrgMembers(ctx context.Context, request *org_model.OrgMemberSearchRequest) (*org_model.OrgMemberSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
request.Queries[len(request.Queries)-1] = &org_model.OrgMemberSearchQuery{Key: org_model.OrgMemberSearchKeyOrgID, Method: global_model.SearchMethodEquals, Value: authz.GetCtxData(ctx).OrgID}
|
||||
sequence, err := repo.View.GetLatestOrgMemberSequence()
|
||||
logging.Log("EVENT-Smu3d").OnError(err).Warn("could not read latest org member sequence")
|
||||
sequence, sequenceErr := repo.View.GetLatestOrgMemberSequence()
|
||||
logging.Log("EVENT-Smu3d").OnError(sequenceErr).Warn("could not read latest org member sequence")
|
||||
members, count, err := repo.View.SearchOrgMembers(request)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@ -187,10 +193,10 @@ func (repo *OrgRepository) SearchMyOrgMembers(ctx context.Context, request *org_
|
||||
result := &org_model.OrgMemberSearchResponse{
|
||||
Offset: request.Offset,
|
||||
Limit: request.Limit,
|
||||
TotalResult: uint64(count),
|
||||
TotalResult: count,
|
||||
Result: model.OrgMembersToModel(members),
|
||||
}
|
||||
if err == nil {
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
@ -206,3 +212,132 @@ func (repo *OrgRepository) GetOrgMemberRoles() []string {
|
||||
}
|
||||
return roles
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) IDPConfigByID(ctx context.Context, idpConfigID string) (*iam_model.IDPConfigView, error) {
|
||||
idp, err := repo.View.IDPConfigByID(idpConfigID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return iam_view_model.IdpConfigViewToModel(idp), nil
|
||||
}
|
||||
func (repo *OrgRepository) AddOIDCIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error) {
|
||||
idp.AggregateID = authz.GetCtxData(ctx).OrgID
|
||||
return repo.OrgEventstore.AddIDPConfig(ctx, idp)
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) ChangeIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error) {
|
||||
idp.AggregateID = authz.GetCtxData(ctx).OrgID
|
||||
return repo.OrgEventstore.ChangeIDPConfig(ctx, idp)
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) DeactivateIDPConfig(ctx context.Context, idpConfigID string) (*iam_model.IDPConfig, error) {
|
||||
return repo.OrgEventstore.DeactivateIDPConfig(ctx, authz.GetCtxData(ctx).OrgID, idpConfigID)
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) ReactivateIDPConfig(ctx context.Context, idpConfigID string) (*iam_model.IDPConfig, error) {
|
||||
return repo.OrgEventstore.ReactivateIDPConfig(ctx, authz.GetCtxData(ctx).OrgID, idpConfigID)
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) RemoveIDPConfig(ctx context.Context, idpConfigID string) error {
|
||||
idp := iam_model.NewIDPConfig(authz.GetCtxData(ctx).OrgID, idpConfigID)
|
||||
return repo.OrgEventstore.RemoveIDPConfig(ctx, idp)
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) ChangeOIDCIDPConfig(ctx context.Context, oidcConfig *iam_model.OIDCIDPConfig) (*iam_model.OIDCIDPConfig, error) {
|
||||
oidcConfig.AggregateID = authz.GetCtxData(ctx).OrgID
|
||||
return repo.OrgEventstore.ChangeIDPOIDCConfig(ctx, oidcConfig)
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) SearchIDPConfigs(ctx context.Context, request *iam_model.IDPConfigSearchRequest) (*iam_model.IDPConfigSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
request.AppendMyOrgQuery(authz.GetCtxData(ctx).OrgID, repo.SystemDefaults.IamID)
|
||||
|
||||
sequence, sequenceErr := repo.View.GetLatestIDPConfigSequence()
|
||||
logging.Log("EVENT-Dk8si").OnError(sequenceErr).Warn("could not read latest idp config sequence")
|
||||
idps, count, err := repo.View.SearchIDPConfigs(request)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
result := &iam_model.IDPConfigSearchResponse{
|
||||
Offset: request.Offset,
|
||||
Limit: request.Limit,
|
||||
TotalResult: count,
|
||||
Result: iam_view_model.IdpConfigViewsToModel(idps),
|
||||
}
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
return result, nil
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) GetLoginPolicy(ctx context.Context) (*iam_model.LoginPolicyView, error) {
|
||||
policy, err := repo.View.LoginPolicyByAggregateID(authz.GetCtxData(ctx).OrgID)
|
||||
if errors.IsNotFound(err) {
|
||||
policy, err = repo.View.LoginPolicyByAggregateID(repo.SystemDefaults.IamID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
policy.Default = true
|
||||
}
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return iam_es_model.LoginPolicyViewToModel(policy), err
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) AddLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) {
|
||||
policy.AggregateID = authz.GetCtxData(ctx).OrgID
|
||||
return repo.OrgEventstore.AddLoginPolicy(ctx, policy)
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) ChangeLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) {
|
||||
policy.AggregateID = authz.GetCtxData(ctx).OrgID
|
||||
return repo.OrgEventstore.ChangeLoginPolicy(ctx, policy)
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) RemoveLoginPolicy(ctx context.Context) error {
|
||||
policy := &iam_model.LoginPolicy{ObjectRoot: models.ObjectRoot{
|
||||
AggregateID: authz.GetCtxData(ctx).OrgID,
|
||||
}}
|
||||
return repo.OrgEventstore.RemoveLoginPolicy(ctx, policy)
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) SearchIDPProviders(ctx context.Context, request *iam_model.IDPProviderSearchRequest) (*iam_model.IDPProviderSearchResponse, error) {
|
||||
_, err := repo.View.LoginPolicyByAggregateID(authz.GetCtxData(ctx).OrgID)
|
||||
if err != nil {
|
||||
if errors.IsNotFound(err) {
|
||||
request.AppendAggregateIDQuery(repo.SystemDefaults.IamID)
|
||||
}
|
||||
} else {
|
||||
request.AppendAggregateIDQuery(authz.GetCtxData(ctx).OrgID)
|
||||
}
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
sequence, sequenceErr := repo.View.GetLatestIdpProviderSequence()
|
||||
logging.Log("EVENT-Tuiks").OnError(sequenceErr).Warn("could not read latest iam sequence")
|
||||
providers, count, err := repo.View.SearchIdpProviders(request)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
result := &iam_model.IDPProviderSearchResponse{
|
||||
Offset: request.Offset,
|
||||
Limit: request.Limit,
|
||||
TotalResult: count,
|
||||
Result: iam_es_model.IDPProviderViewsToModel(providers),
|
||||
}
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
return result, nil
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) AddIDPProviderToLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) (*iam_model.IDPProvider, error) {
|
||||
provider.AggregateID = authz.GetCtxData(ctx).OrgID
|
||||
return repo.OrgEventstore.AddIDPProviderToLoginPolicy(ctx, provider)
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) RemoveIDPProviderFromIdpProvider(ctx context.Context, provider *iam_model.IDPProvider) error {
|
||||
provider.AggregateID = authz.GetCtxData(ctx).OrgID
|
||||
return repo.OrgEventstore.RemoveIDPProviderFromLoginPolicy(ctx, provider)
|
||||
}
|
||||
|
@ -109,8 +109,8 @@ func (repo *ProjectRepo) RemoveProject(ctx context.Context, projectID string) er
|
||||
|
||||
func (repo *ProjectRepo) SearchProjects(ctx context.Context, request *proj_model.ProjectViewSearchRequest) (*proj_model.ProjectViewSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
sequence, err := repo.View.GetLatestProjectSequence()
|
||||
logging.Log("EVENT-Edc56").OnError(err).Warn("could not read latest project sequence")
|
||||
sequence, sequenceErr := repo.View.GetLatestProjectSequence()
|
||||
logging.Log("EVENT-Edc56").OnError(sequenceErr).Warn("could not read latest project sequence")
|
||||
|
||||
permissions := authz.GetRequestPermissionsFromCtx(ctx)
|
||||
if !authz.HasGlobalPermission(permissions) {
|
||||
@ -130,7 +130,7 @@ func (repo *ProjectRepo) SearchProjects(ctx context.Context, request *proj_model
|
||||
TotalResult: uint64(0),
|
||||
Result: []*proj_model.ProjectView{},
|
||||
}
|
||||
if err == nil {
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
@ -151,7 +151,7 @@ func (repo *ProjectRepo) SearchProjects(ctx context.Context, request *proj_model
|
||||
TotalResult: uint64(count),
|
||||
Result: model.ProjectsToModel(projects),
|
||||
}
|
||||
if err == nil {
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
@ -189,8 +189,8 @@ func (repo *ProjectRepo) RemoveProjectMember(ctx context.Context, projectID, use
|
||||
|
||||
func (repo *ProjectRepo) SearchProjectMembers(ctx context.Context, request *proj_model.ProjectMemberSearchRequest) (*proj_model.ProjectMemberSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
sequence, err := repo.View.GetLatestProjectMemberSequence()
|
||||
logging.Log("EVENT-3dgt6").OnError(err).Warn("could not read latest project member sequence")
|
||||
sequence, sequenceErr := repo.View.GetLatestProjectMemberSequence()
|
||||
logging.Log("EVENT-3dgt6").OnError(sequenceErr).Warn("could not read latest project member sequence")
|
||||
members, count, err := repo.View.SearchProjectMembers(request)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@ -201,7 +201,7 @@ func (repo *ProjectRepo) SearchProjectMembers(ctx context.Context, request *proj
|
||||
TotalResult: uint64(count),
|
||||
Result: model.ProjectMembersToModel(members),
|
||||
}
|
||||
if err == nil {
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
@ -261,8 +261,8 @@ func (repo *ProjectRepo) RemoveProjectRole(ctx context.Context, projectID, key s
|
||||
func (repo *ProjectRepo) SearchProjectRoles(ctx context.Context, projectID string, request *proj_model.ProjectRoleSearchRequest) (*proj_model.ProjectRoleSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
request.AppendProjectQuery(projectID)
|
||||
sequence, err := repo.View.GetLatestProjectRoleSequence()
|
||||
logging.Log("LSp0d-47suf").OnError(err).Warn("could not read latest project role sequence")
|
||||
sequence, sequenceErr := repo.View.GetLatestProjectRoleSequence()
|
||||
logging.Log("LSp0d-47suf").OnError(sequenceErr).Warn("could not read latest project role sequence")
|
||||
roles, count, err := repo.View.SearchProjectRoles(request)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@ -271,10 +271,10 @@ func (repo *ProjectRepo) SearchProjectRoles(ctx context.Context, projectID strin
|
||||
result := &proj_model.ProjectRoleSearchResponse{
|
||||
Offset: request.Offset,
|
||||
Limit: request.Limit,
|
||||
TotalResult: uint64(count),
|
||||
TotalResult: count,
|
||||
Result: model.ProjectRolesToModel(roles),
|
||||
}
|
||||
if err == nil {
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
@ -352,8 +352,8 @@ func (repo *ProjectRepo) RemoveApplication(ctx context.Context, projectID, appID
|
||||
|
||||
func (repo *ProjectRepo) SearchApplications(ctx context.Context, request *proj_model.ApplicationSearchRequest) (*proj_model.ApplicationSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
sequence, err := repo.View.GetLatestApplicationSequence()
|
||||
logging.Log("EVENT-SKe8s").OnError(err).Warn("could not read latest application sequence")
|
||||
sequence, sequenceErr := repo.View.GetLatestApplicationSequence()
|
||||
logging.Log("EVENT-SKe8s").OnError(sequenceErr).Warn("could not read latest application sequence")
|
||||
apps, count, err := repo.View.SearchApplications(request)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@ -361,10 +361,10 @@ func (repo *ProjectRepo) SearchApplications(ctx context.Context, request *proj_m
|
||||
result := &proj_model.ApplicationSearchResponse{
|
||||
Offset: request.Offset,
|
||||
Limit: request.Limit,
|
||||
TotalResult: uint64(count),
|
||||
TotalResult: count,
|
||||
Result: model.ApplicationViewsToModel(apps),
|
||||
}
|
||||
if err == nil {
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
@ -404,8 +404,8 @@ func (repo *ProjectRepo) ProjectGrantByID(ctx context.Context, grantID string) (
|
||||
|
||||
func (repo *ProjectRepo) SearchProjectGrants(ctx context.Context, request *proj_model.ProjectGrantViewSearchRequest) (*proj_model.ProjectGrantViewSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
sequence, err := repo.View.GetLatestProjectGrantSequence()
|
||||
logging.Log("EVENT-Skw9f").OnError(err).Warn("could not read latest project grant sequence")
|
||||
sequence, sequenceErr := repo.View.GetLatestProjectGrantSequence()
|
||||
logging.Log("EVENT-Skw9f").OnError(sequenceErr).Warn("could not read latest project grant sequence")
|
||||
projects, count, err := repo.View.SearchProjectGrants(request)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@ -413,10 +413,10 @@ func (repo *ProjectRepo) SearchProjectGrants(ctx context.Context, request *proj_
|
||||
result := &proj_model.ProjectGrantViewSearchResponse{
|
||||
Offset: request.Offset,
|
||||
Limit: request.Limit,
|
||||
TotalResult: uint64(count),
|
||||
TotalResult: count,
|
||||
Result: model.ProjectGrantsToModel(projects),
|
||||
}
|
||||
if err == nil {
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
@ -425,8 +425,8 @@ func (repo *ProjectRepo) SearchProjectGrants(ctx context.Context, request *proj_
|
||||
|
||||
func (repo *ProjectRepo) SearchGrantedProjects(ctx context.Context, request *proj_model.ProjectGrantViewSearchRequest) (*proj_model.ProjectGrantViewSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
sequence, err := repo.View.GetLatestProjectGrantSequence()
|
||||
logging.Log("EVENT-Skw9f").OnError(err).Warn("could not read latest project grant sequence")
|
||||
sequence, sequenceErr := repo.View.GetLatestProjectGrantSequence()
|
||||
logging.Log("EVENT-Skw9f").OnError(sequenceErr).Warn("could not read latest project grant sequence")
|
||||
|
||||
permissions := authz.GetRequestPermissionsFromCtx(ctx)
|
||||
if !authz.HasGlobalPermission(permissions) {
|
||||
@ -446,7 +446,7 @@ func (repo *ProjectRepo) SearchGrantedProjects(ctx context.Context, request *pro
|
||||
TotalResult: uint64(0),
|
||||
Result: []*proj_model.ProjectGrantView{},
|
||||
}
|
||||
if err == nil {
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
@ -464,10 +464,10 @@ func (repo *ProjectRepo) SearchGrantedProjects(ctx context.Context, request *pro
|
||||
result := &proj_model.ProjectGrantViewSearchResponse{
|
||||
Offset: request.Offset,
|
||||
Limit: request.Limit,
|
||||
TotalResult: uint64(count),
|
||||
TotalResult: count,
|
||||
Result: model.ProjectGrantsToModel(projects),
|
||||
}
|
||||
if err == nil {
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
@ -593,8 +593,8 @@ func (repo *ProjectRepo) RemoveProjectGrantMember(ctx context.Context, projectID
|
||||
|
||||
func (repo *ProjectRepo) SearchProjectGrantMembers(ctx context.Context, request *proj_model.ProjectGrantMemberSearchRequest) (*proj_model.ProjectGrantMemberSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
sequence, err := repo.View.GetLatestProjectGrantMemberSequence()
|
||||
logging.Log("EVENT-Du8sk").OnError(err).Warn("could not read latest project grant sequence")
|
||||
sequence, sequenceErr := repo.View.GetLatestProjectGrantMemberSequence()
|
||||
logging.Log("EVENT-Du8sk").OnError(sequenceErr).Warn("could not read latest project grant sequence")
|
||||
members, count, err := repo.View.SearchProjectGrantMembers(request)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@ -605,7 +605,7 @@ func (repo *ProjectRepo) SearchProjectGrantMembers(ctx context.Context, request
|
||||
TotalResult: uint64(count),
|
||||
Result: model.ProjectGrantMembersToModel(members),
|
||||
}
|
||||
if err == nil {
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
|
@ -57,7 +57,7 @@ func (repo *UserRepo) CreateUser(ctx context.Context, user *usr_model.User) (*us
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
orgPolicy, err := repo.OrgEvents.GetOrgIamPolicy(ctx, authz.GetCtxData(ctx).OrgID)
|
||||
orgPolicy, err := repo.OrgEvents.GetOrgIAMPolicy(ctx, authz.GetCtxData(ctx).OrgID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -73,7 +73,7 @@ func (repo *UserRepo) RegisterUser(ctx context.Context, user *usr_model.User, re
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
orgPolicy, err := repo.OrgEvents.GetOrgIamPolicy(ctx, authz.GetCtxData(ctx).OrgID)
|
||||
orgPolicy, err := repo.OrgEvents.GetOrgIAMPolicy(ctx, authz.GetCtxData(ctx).OrgID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -98,8 +98,8 @@ func (repo *UserRepo) UnlockUser(ctx context.Context, id string) (*usr_model.Use
|
||||
|
||||
func (repo *UserRepo) SearchUsers(ctx context.Context, request *usr_model.UserSearchRequest) (*usr_model.UserSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
sequence, err := repo.View.GetLatestUserSequence()
|
||||
logging.Log("EVENT-Lcn7d").OnError(err).Warn("could not read latest user sequence")
|
||||
sequence, sequenceErr := repo.View.GetLatestUserSequence()
|
||||
logging.Log("EVENT-Lcn7d").OnError(sequenceErr).Warn("could not read latest user sequence")
|
||||
users, count, err := repo.View.SearchUsers(request)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@ -110,7 +110,7 @@ func (repo *UserRepo) SearchUsers(ctx context.Context, request *usr_model.UserSe
|
||||
TotalResult: uint64(count),
|
||||
Result: model.UsersToModel(users),
|
||||
}
|
||||
if err == nil {
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
@ -222,9 +222,8 @@ func (repo *UserRepo) ChangeAddress(ctx context.Context, address *usr_model.Addr
|
||||
|
||||
func (repo *UserRepo) SearchUserMemberships(ctx context.Context, request *usr_model.UserMembershipSearchRequest) (*usr_model.UserMembershipSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
request.AppendResourceOwnerAndIamQuery(authz.GetCtxData(ctx).OrgID, repo.SystemDefaults.IamID)
|
||||
sequence, err := repo.View.GetLatestUserMembershipSequence()
|
||||
logging.Log("EVENT-Dn7sf").OnError(err).Warn("could not read latest user sequence")
|
||||
sequence, sequenceErr := repo.View.GetLatestUserMembershipSequence()
|
||||
logging.Log("EVENT-Dn7sf").OnError(sequenceErr).Warn("could not read latest user sequence")
|
||||
|
||||
result := handleSearchUserMembershipsPermissions(ctx, request, sequence)
|
||||
if result != nil {
|
||||
@ -241,7 +240,7 @@ func (repo *UserRepo) SearchUserMemberships(ctx context.Context, request *usr_mo
|
||||
TotalResult: count,
|
||||
Result: model.UserMembershipsToModel(memberships),
|
||||
}
|
||||
if err == nil {
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
|
@ -115,8 +115,8 @@ func (repo *UserGrantRepo) BulkRemoveUserGrant(ctx context.Context, grantIDs ...
|
||||
|
||||
func (repo *UserGrantRepo) SearchUserGrants(ctx context.Context, request *grant_model.UserGrantSearchRequest) (*grant_model.UserGrantSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
sequence, err := repo.View.GetLatestUserGrantSequence()
|
||||
logging.Log("EVENT-5Viwf").OnError(err).Warn("could not read latest user grant sequence")
|
||||
sequence, sequenceErr := repo.View.GetLatestUserGrantSequence()
|
||||
logging.Log("EVENT-5Viwf").OnError(sequenceErr).Warn("could not read latest user grant sequence")
|
||||
|
||||
result := handleSearchUserGrantPermissions(ctx, request, sequence)
|
||||
if result != nil {
|
||||
@ -134,7 +134,7 @@ func (repo *UserGrantRepo) SearchUserGrants(ctx context.Context, request *grant_
|
||||
TotalResult: uint64(count),
|
||||
Result: model.UserGrantsToModel(grants),
|
||||
}
|
||||
if err == nil {
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
|
@ -1,6 +1,8 @@
|
||||
package handler
|
||||
|
||||
import (
|
||||
"github.com/caos/zitadel/internal/config/systemdefaults"
|
||||
iam_event "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
|
||||
"time"
|
||||
|
||||
"github.com/caos/zitadel/internal/config/types"
|
||||
@ -29,9 +31,10 @@ type EventstoreRepos struct {
|
||||
ProjectEvents *proj_event.ProjectEventstore
|
||||
UserEvents *usr_event.UserEventstore
|
||||
OrgEvents *org_event.OrgEventstore
|
||||
IamEvents *iam_event.IAMEventstore
|
||||
}
|
||||
|
||||
func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, eventstore eventstore.Eventstore, repos EventstoreRepos) []query.Handler {
|
||||
func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, eventstore eventstore.Eventstore, repos EventstoreRepos, defaults systemdefaults.SystemDefaults) []query.Handler {
|
||||
return []query.Handler{
|
||||
&Project{handler: handler{view, bulkLimit, configs.cycleDuration("Project"), errorCount}, eventstore: eventstore},
|
||||
&ProjectGrant{handler: handler{view, bulkLimit, configs.cycleDuration("ProjectGrant"), errorCount}, eventstore: eventstore, projectEvents: repos.ProjectEvents, orgEvents: repos.OrgEvents},
|
||||
@ -45,6 +48,9 @@ func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, ev
|
||||
&OrgMember{handler: handler{view, bulkLimit, configs.cycleDuration("OrgMember"), errorCount}, userEvents: repos.UserEvents},
|
||||
&OrgDomain{handler: handler{view, bulkLimit, configs.cycleDuration("OrgDomain"), errorCount}},
|
||||
&UserMembership{handler: handler{view, bulkLimit, configs.cycleDuration("UserMembership"), errorCount}, orgEvents: repos.OrgEvents, projectEvents: repos.ProjectEvents},
|
||||
&IDPConfig{handler: handler{view, bulkLimit, configs.cycleDuration("IDPConfig"), errorCount}},
|
||||
&LoginPolicy{handler: handler{view, bulkLimit, configs.cycleDuration("LoginPolicy"), errorCount}},
|
||||
&IDPProvider{handler: handler{view, bulkLimit, configs.cycleDuration("IDPProvider"), errorCount}, systemDefaults: defaults, iamEvents: repos.IamEvents, orgEvents: repos.OrgEvents},
|
||||
}
|
||||
}
|
||||
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user