feat: idp and login policy configurations (#619)

* feat: oidc config

* fix: oidc configurations

* feat: oidc idp config

* feat: add oidc config test

* fix: tests

* fix: tests

* feat: translate new events

* feat: idp eventstore

* feat: idp eventstore

* fix: tests

* feat: command side idp

* feat: query side idp

* feat: idp config on org

* fix: tests

* feat: authz idp on org

* feat: org idps

* feat: login policy

* feat: login policy

* feat: login policy

* feat: add idp func on login policy

* feat: add validation to loginpolicy and idp provider

* feat: add default login policy

* feat: login policy on org

* feat: login policy on org

* fix: id config handlers

* fix: id config handlers

* fix: create idp on org

* fix: create idp on org

* fix: not existing idp config

* fix: default login policy

* fix: add login policy on org

* fix: idp provider search on org

* fix: test

* fix: remove idp on org

* fix: test

* fix: test

* fix: remove admin idp

* fix: logo src as byte

* fix: migration

* fix: tests

* Update internal/iam/repository/eventsourcing/iam.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/iam_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/iam_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/model/login_policy.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/model/login_policy.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/org/repository/eventsourcing/org_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/model/login_policy_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/model/login_policy_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* fix: pr comments

* fix: tests

* Update types.go

* fix: merge request changes

* fix: reduce optimization

Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
This commit is contained in:
Fabi 2020-08-26 09:56:23 +02:00 committed by GitHub
parent f05c5bae24
commit db1d8f4efe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
157 changed files with 37510 additions and 15698 deletions

View File

@ -10,12 +10,18 @@ InternalAuthZ:
- "iam.member.read"
- "iam.member.write"
- "iam.member.delete"
- "iam.idp.read"
- "iam.idp.write"
- "iam.idp.delete"
- "org.read"
- "org.create"
- "org.write"
- "org.member.read"
- "org.member.write"
- "org.member.delete"
- "org.idp.read"
- "org.idp.write"
- "org.idp.delete"
- "user.read"
- "user.write"
- "user.delete"
@ -55,8 +61,10 @@ InternalAuthZ:
- "iam.read"
- "iam.policy.read"
- "iam.member.read"
- "iam.idp.read"
- "org.read"
- "org.member.read"
- "org.idp.read"
- "user.read"
- "user.grant.read"
- "user.membership.read"
@ -77,6 +85,9 @@ InternalAuthZ:
- "org.member.read"
- "org.member.write"
- "org.member.delete"
- "org.idp.read"
- "org.idp.write"
- "org.idp.delete"
- "user.read"
- "user.write"
- "user.delete"
@ -114,6 +125,7 @@ InternalAuthZ:
Permissions:
- "org.read"
- "org.member.read"
- "org.idp.read"
- "user.read"
- "user.grant.read"
- "user.membership.read"

View File

@ -21,6 +21,7 @@ gopass zitadel-secrets/zitadel/developer/default/keys.yaml > "$BASEDIR/local_key
export ZITADEL_KEY_PATH="$BASEDIR/local_keys.yaml"
export ZITADEL_USER_VERIFICATION_KEY=UserVerificationKey_1
export ZITADEL_IDP_CONFIG_VERIFICATION_KEY=IdpConfigVerificationKey_1
export ZITADEL_OTP_VERIFICATION_KEY=OTPVerificationKey_1
export ZITADEL_OIDC_KEYS_ID=OIDCKey_1
export ZITADEL_COOKIE_KEY=CookieKey_1

View File

@ -25,6 +25,10 @@ Eventstore:
SetUp:
GlobalOrg: 'Global'
IAMProject: 'Zitadel'
DefaultLoginPolicy:
AllowUsernamePassword: true
AllowRegister: true
AllowExternalIdp: true
Orgs:
- Name: 'Global'
Domain: 'global.caos.ch'

View File

@ -6,6 +6,8 @@ SystemDefaults:
DiscoveryEndpoint: '$ZITADEL_ISSUER/.well-known/openid-configuration'
UserVerificationKey:
EncryptionKeyID: $ZITADEL_USER_VERIFICATION_KEY
IDPConfigVerificationKey:
EncryptionKeyID: $ZITADEL_IDP_CONFIG_VERIFICATION_KEY
SecretGenerators:
PasswordSaltCost: 14
ClientSecretGenerator:

View File

@ -31,4 +31,5 @@ cockroachdb/cockroach:latest start --insecure
#### Should show eventstore, management, admin, auth
`show databases;`

View File

@ -5,57 +5,61 @@ import (
"github.com/caos/logging"
admin_view "github.com/caos/zitadel/internal/admin/repository/eventsourcing/view"
"github.com/caos/zitadel/internal/config/systemdefaults"
es_models "github.com/caos/zitadel/internal/eventstore/models"
es_sdk "github.com/caos/zitadel/internal/eventstore/sdk"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/view/model"
org_es "github.com/caos/zitadel/internal/org/repository/eventsourcing"
"strings"
iam_model "github.com/caos/zitadel/internal/iam/model"
iam_es "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
)
type IamRepository struct {
type IAMRepository struct {
SearchLimit uint64
*iam_es.IamEventstore
*iam_es.IAMEventstore
OrgEvents *org_es.OrgEventstore
View *admin_view.View
SystemDefaults systemdefaults.SystemDefaults
Roles []string
}
func (repo *IamRepository) IamMemberByID(ctx context.Context, orgID, userID string) (*iam_model.IamMemberView, error) {
member, err := repo.View.IamMemberByIDs(orgID, userID)
func (repo *IAMRepository) IAMMemberByID(ctx context.Context, orgID, userID string) (*iam_model.IAMMemberView, error) {
member, err := repo.View.IAMMemberByIDs(orgID, userID)
if err != nil {
return nil, err
}
return iam_es_model.IamMemberToModel(member), nil
return iam_es_model.IAMMemberToModel(member), nil
}
func (repo *IamRepository) AddIamMember(ctx context.Context, member *iam_model.IamMember) (*iam_model.IamMember, error) {
func (repo *IAMRepository) AddIAMMember(ctx context.Context, member *iam_model.IAMMember) (*iam_model.IAMMember, error) {
member.AggregateID = repo.SystemDefaults.IamID
return repo.IamEventstore.AddIamMember(ctx, member)
return repo.IAMEventstore.AddIAMMember(ctx, member)
}
func (repo *IamRepository) ChangeIamMember(ctx context.Context, member *iam_model.IamMember) (*iam_model.IamMember, error) {
func (repo *IAMRepository) ChangeIAMMember(ctx context.Context, member *iam_model.IAMMember) (*iam_model.IAMMember, error) {
member.AggregateID = repo.SystemDefaults.IamID
return repo.IamEventstore.ChangeIamMember(ctx, member)
return repo.IAMEventstore.ChangeIAMMember(ctx, member)
}
func (repo *IamRepository) RemoveIamMember(ctx context.Context, userID string) error {
member := iam_model.NewIamMember(repo.SystemDefaults.IamID, userID)
return repo.IamEventstore.RemoveIamMember(ctx, member)
func (repo *IAMRepository) RemoveIAMMember(ctx context.Context, userID string) error {
member := iam_model.NewIAMMember(repo.SystemDefaults.IamID, userID)
return repo.IAMEventstore.RemoveIAMMember(ctx, member)
}
func (repo *IamRepository) SearchIamMembers(ctx context.Context, request *iam_model.IamMemberSearchRequest) (*iam_model.IamMemberSearchResponse, error) {
func (repo *IAMRepository) SearchIAMMembers(ctx context.Context, request *iam_model.IAMMemberSearchRequest) (*iam_model.IAMMemberSearchResponse, error) {
request.EnsureLimit(repo.SearchLimit)
sequence, err := repo.View.GetLatestIamMemberSequence()
sequence, err := repo.View.GetLatestIAMMemberSequence()
logging.Log("EVENT-Slkci").OnError(err).Warn("could not read latest iam sequence")
members, count, err := repo.View.SearchIamMembers(request)
members, count, err := repo.View.SearchIAMMembers(request)
if err != nil {
return nil, err
}
result := &iam_model.IamMemberSearchResponse{
result := &iam_model.IAMMemberSearchResponse{
Offset: request.Offset,
Limit: request.Limit,
TotalResult: uint64(count),
Result: iam_es_model.IamMembersToModel(members),
TotalResult: count,
Result: iam_es_model.IAMMembersToModel(members),
}
if err == nil {
result.Sequence = sequence.CurrentSequence
@ -64,7 +68,7 @@ func (repo *IamRepository) SearchIamMembers(ctx context.Context, request *iam_mo
return result, nil
}
func (repo *IamRepository) GetIamMemberRoles() []string {
func (repo *IAMRepository) GetIAMMemberRoles() []string {
roles := make([]string, 0)
for _, roleMap := range repo.Roles {
if strings.HasPrefix(roleMap, "IAM") {
@ -73,3 +77,133 @@ func (repo *IamRepository) GetIamMemberRoles() []string {
}
return roles
}
func (repo *IAMRepository) IDPConfigByID(ctx context.Context, idpConfigID string) (*iam_model.IDPConfigView, error) {
idp, err := repo.View.IDPConfigByID(idpConfigID)
if err != nil {
return nil, err
}
return iam_es_model.IdpConfigViewToModel(idp), nil
}
func (repo *IAMRepository) AddOIDCIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error) {
idp.AggregateID = repo.SystemDefaults.IamID
return repo.IAMEventstore.AddIDPConfig(ctx, idp)
}
func (repo *IAMRepository) ChangeIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error) {
idp.AggregateID = repo.SystemDefaults.IamID
return repo.IAMEventstore.ChangeIDPConfig(ctx, idp)
}
func (repo *IAMRepository) DeactivateIDPConfig(ctx context.Context, idpConfigID string) (*iam_model.IDPConfig, error) {
return repo.IAMEventstore.DeactivateIDPConfig(ctx, repo.SystemDefaults.IamID, idpConfigID)
}
func (repo *IAMRepository) ReactivateIDPConfig(ctx context.Context, idpConfigID string) (*iam_model.IDPConfig, error) {
return repo.IAMEventstore.ReactivateIDPConfig(ctx, repo.SystemDefaults.IamID, idpConfigID)
}
func (repo *IAMRepository) RemoveIDPConfig(ctx context.Context, idpConfigID string) error {
aggregates := make([]*es_models.Aggregate, 0)
idp := iam_model.NewIDPConfig(repo.SystemDefaults.IamID, idpConfigID)
_, agg, err := repo.IAMEventstore.PrepareRemoveIDPConfig(ctx, idp)
if err != nil {
return err
}
aggregates = append(aggregates, agg)
providers, err := repo.View.IDPProvidersByIdpConfigID(idpConfigID)
if err != nil {
return err
}
for _, p := range providers {
if p.AggregateID == repo.SystemDefaults.IamID {
continue
}
provider := &iam_model.IDPProvider{ObjectRoot: es_models.ObjectRoot{AggregateID: p.AggregateID}, IdpConfigID: p.IDPConfigID}
providerAgg := new(es_models.Aggregate)
_, providerAgg, err = repo.OrgEvents.PrepareRemoveIDPProviderFromLoginPolicy(ctx, provider, true)
if err != nil {
return err
}
aggregates = append(aggregates, providerAgg)
}
return es_sdk.PushAggregates(ctx, repo.Eventstore.PushAggregates, nil, aggregates...)
}
func (repo *IAMRepository) ChangeOidcIDPConfig(ctx context.Context, oidcConfig *iam_model.OIDCIDPConfig) (*iam_model.OIDCIDPConfig, error) {
oidcConfig.AggregateID = repo.SystemDefaults.IamID
return repo.IAMEventstore.ChangeIDPOIDCConfig(ctx, oidcConfig)
}
func (repo *IAMRepository) SearchIDPConfigs(ctx context.Context, request *iam_model.IDPConfigSearchRequest) (*iam_model.IDPConfigSearchResponse, error) {
request.EnsureLimit(repo.SearchLimit)
sequence, err := repo.View.GetLatestIDPConfigSequence()
logging.Log("EVENT-Dk8si").OnError(err).Warn("could not read latest idp config sequence")
idps, count, err := repo.View.SearchIDPConfigs(request)
if err != nil {
return nil, err
}
result := &iam_model.IDPConfigSearchResponse{
Offset: request.Offset,
Limit: request.Limit,
TotalResult: uint64(count),
Result: iam_es_model.IdpConfigViewsToModel(idps),
}
if err == nil {
result.Sequence = sequence.CurrentSequence
result.Timestamp = sequence.CurrentTimestamp
}
return result, nil
}
func (repo *IAMRepository) GetDefaultLoginPolicy(ctx context.Context) (*iam_model.LoginPolicyView, error) {
policy, err := repo.View.LoginPolicyByAggregateID(repo.SystemDefaults.IamID)
if err != nil {
return nil, err
}
return iam_es_model.LoginPolicyViewToModel(policy), err
}
func (repo *IAMRepository) AddDefaultLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) {
policy.AggregateID = repo.SystemDefaults.IamID
return repo.IAMEventstore.AddLoginPolicy(ctx, policy)
}
func (repo *IAMRepository) ChangeDefaultLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) {
policy.AggregateID = repo.SystemDefaults.IamID
return repo.IAMEventstore.ChangeLoginPolicy(ctx, policy)
}
func (repo *IAMRepository) SearchDefaultIDPProviders(ctx context.Context, request *iam_model.IDPProviderSearchRequest) (*iam_model.IDPProviderSearchResponse, error) {
request.EnsureLimit(repo.SearchLimit)
request.AppendAggregateIDQuery(repo.SystemDefaults.IamID)
sequence, err := repo.View.GetLatestIDPProviderSequence()
logging.Log("EVENT-Tuiks").OnError(err).Warn("could not read latest iam sequence")
providers, count, err := repo.View.SearchIDPProviders(request)
if err != nil {
return nil, err
}
result := &iam_model.IDPProviderSearchResponse{
Offset: request.Offset,
Limit: request.Limit,
TotalResult: count,
Result: iam_es_model.IDPProviderViewsToModel(providers),
}
if err == nil {
result.Sequence = sequence.CurrentSequence
result.Timestamp = sequence.CurrentTimestamp
}
return result, nil
}
func (repo *IAMRepository) AddIDPProviderToLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) (*iam_model.IDPProvider, error) {
provider.AggregateID = repo.SystemDefaults.IamID
return repo.IAMEventstore.AddIDPProviderToLoginPolicy(ctx, provider)
}
func (repo *IAMRepository) RemoveIdpProviderFromIdpProvider(ctx context.Context, provider *iam_model.IDPProvider) error {
provider.AggregateID = repo.SystemDefaults.IamID
return repo.IAMEventstore.RemoveIDPProviderFromLoginPolicy(ctx, provider)
}

View File

@ -4,9 +4,9 @@ import (
"context"
"github.com/caos/logging"
admin_model "github.com/caos/zitadel/internal/admin/model"
admin_view "github.com/caos/zitadel/internal/admin/repository/eventsourcing/view"
"github.com/caos/zitadel/internal/config/systemdefaults"
"github.com/caos/zitadel/internal/eventstore"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/sdk"
@ -30,7 +30,8 @@ type OrgRepo struct {
View *admin_view.View
SearchLimit uint64
SearchLimit uint64
SystemDefaults systemdefaults.SystemDefaults
}
func (repo *OrgRepo) SetUpOrg(ctx context.Context, setUp *admin_model.SetupOrg) (*admin_model.SetupOrg, error) {
@ -38,7 +39,7 @@ func (repo *OrgRepo) SetUpOrg(ctx context.Context, setUp *admin_model.SetupOrg)
if err != nil {
return nil, err
}
orgPolicy, err := repo.OrgEventstore.GetOrgIamPolicy(ctx, policy_model.DefaultPolicy)
orgPolicy, err := repo.OrgEventstore.GetOrgIAMPolicy(ctx, policy_model.DefaultPolicy)
if err != nil {
return nil, err
}
@ -105,18 +106,18 @@ func (repo *OrgRepo) IsOrgUnique(ctx context.Context, name, domain string) (isUn
return repo.OrgEventstore.IsOrgUnique(ctx, name, domain)
}
func (repo *OrgRepo) GetOrgIamPolicyByID(ctx context.Context, id string) (*org_model.OrgIamPolicy, error) {
return repo.OrgEventstore.GetOrgIamPolicy(ctx, id)
func (repo *OrgRepo) GetOrgIamPolicyByID(ctx context.Context, id string) (*org_model.OrgIAMPolicy, error) {
return repo.OrgEventstore.GetOrgIAMPolicy(ctx, id)
}
func (repo *OrgRepo) CreateOrgIamPolicy(ctx context.Context, policy *org_model.OrgIamPolicy) (*org_model.OrgIamPolicy, error) {
return repo.OrgEventstore.AddOrgIamPolicy(ctx, policy)
func (repo *OrgRepo) CreateOrgIamPolicy(ctx context.Context, policy *org_model.OrgIAMPolicy) (*org_model.OrgIAMPolicy, error) {
return repo.OrgEventstore.AddOrgIAMPolicy(ctx, policy)
}
func (repo *OrgRepo) ChangeOrgIamPolicy(ctx context.Context, policy *org_model.OrgIamPolicy) (*org_model.OrgIamPolicy, error) {
return repo.OrgEventstore.ChangeOrgIamPolicy(ctx, policy)
func (repo *OrgRepo) ChangeOrgIamPolicy(ctx context.Context, policy *org_model.OrgIAMPolicy) (*org_model.OrgIAMPolicy, error) {
return repo.OrgEventstore.ChangeOrgIAMPolicy(ctx, policy)
}
func (repo *OrgRepo) RemoveOrgIamPolicy(ctx context.Context, id string) error {
return repo.OrgEventstore.RemoveOrgIamPolicy(ctx, id)
return repo.OrgEventstore.RemoveOrgIAMPolicy(ctx, id)
}

View File

@ -25,7 +25,7 @@ func (repo *UserRepo) CreateUser(ctx context.Context, user *usr_model.User) (*us
if err != nil {
return nil, err
}
orgPolicy, err := repo.OrgEvents.GetOrgIamPolicy(ctx, authz.GetCtxData(ctx).OrgID)
orgPolicy, err := repo.OrgEvents.GetOrgIAMPolicy(ctx, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
@ -41,7 +41,7 @@ func (repo *UserRepo) RegisterUser(ctx context.Context, user *usr_model.User, re
if err != nil {
return nil, err
}
orgPolicy, err := repo.OrgEvents.GetOrgIamPolicy(ctx, policyResourceOwner)
orgPolicy, err := repo.OrgEvents.GetOrgIAMPolicy(ctx, policyResourceOwner)
if err != nil {
return nil, err
}

View File

@ -1,6 +1,8 @@
package handler
import (
"github.com/caos/zitadel/internal/config/systemdefaults"
iam_event "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
"time"
"github.com/caos/zitadel/internal/admin/repository/eventsourcing/view"
@ -26,13 +28,17 @@ type handler struct {
type EventstoreRepos struct {
UserEvents *usr_event.UserEventstore
IamEvents *iam_event.IAMEventstore
OrgEvents *org_event.OrgEventstore
}
func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, eventstore eventstore.Eventstore, repos EventstoreRepos) []query.Handler {
func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, eventstore eventstore.Eventstore, repos EventstoreRepos, defaults systemdefaults.SystemDefaults) []query.Handler {
return []query.Handler{
&Org{handler: handler{view, bulkLimit, configs.cycleDuration("Org"), errorCount}},
&IamMember{handler: handler{view, bulkLimit, configs.cycleDuration("IamMember"), errorCount}, userEvents: repos.UserEvents},
&IDPConfig{handler: handler{view, bulkLimit, configs.cycleDuration("IDPConfig"), errorCount}},
&LoginPolicy{handler: handler{view, bulkLimit, configs.cycleDuration("LoginPolicy"), errorCount}},
&IDPProvider{handler: handler{view, bulkLimit, configs.cycleDuration("LoginPolicy"), errorCount}, systemDefaults: defaults, iamEvents: repos.IamEvents, orgEvents: repos.OrgEvents},
&User{handler: handler{view, bulkLimit, configs.cycleDuration("User"), errorCount}, eventstore: eventstore, orgEvents: repos.OrgEvents},
}
}

View File

@ -29,18 +29,18 @@ func (m *IamMember) ViewModel() string {
}
func (m *IamMember) EventQuery() (*models.SearchQuery, error) {
sequence, err := m.view.GetLatestIamMemberSequence()
sequence, err := m.view.GetLatestIAMMemberSequence()
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(model.IamAggregate, usr_es_model.UserAggregate).
AggregateTypeFilter(model.IAMAggregate, usr_es_model.UserAggregate).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
func (m *IamMember) Reduce(event *models.Event) (err error) {
switch event.AggregateType {
case model.IamAggregate:
case model.IAMAggregate:
err = m.processIamMember(event)
case usr_es_model.UserAggregate:
err = m.processUser(event)
@ -49,46 +49,46 @@ func (m *IamMember) Reduce(event *models.Event) (err error) {
}
func (m *IamMember) processIamMember(event *models.Event) (err error) {
member := new(iam_model.IamMemberView)
member := new(iam_model.IAMMemberView)
switch event.Type {
case model.IamMemberAdded:
case model.IAMMemberAdded:
member.AppendEvent(event)
m.fillData(member)
case model.IamMemberChanged:
case model.IAMMemberChanged:
err := member.SetData(event)
if err != nil {
return err
}
member, err = m.view.IamMemberByIDs(event.AggregateID, member.UserID)
member, err = m.view.IAMMemberByIDs(event.AggregateID, member.UserID)
if err != nil {
return err
}
member.AppendEvent(event)
case model.IamMemberRemoved:
case model.IAMMemberRemoved:
err := member.SetData(event)
if err != nil {
return err
}
return m.view.DeleteIamMember(event.AggregateID, member.UserID, event.Sequence)
return m.view.DeleteIAMMember(event.AggregateID, member.UserID, event.Sequence)
default:
return m.view.ProcessedIamMemberSequence(event.Sequence)
return m.view.ProcessedIAMMemberSequence(event.Sequence)
}
if err != nil {
return err
}
return m.view.PutIamMember(member, member.Sequence)
return m.view.PutIAMMember(member, member.Sequence)
}
func (m *IamMember) processUser(event *models.Event) (err error) {
switch event.Type {
case usr_es_model.UserProfileChanged,
usr_es_model.UserEmailChanged:
members, err := m.view.IamMembersByUserID(event.AggregateID)
members, err := m.view.IAMMembersByUserID(event.AggregateID)
if err != nil {
return err
}
if len(members) == 0 {
return m.view.ProcessedIamMemberSequence(event.Sequence)
return m.view.ProcessedIAMMemberSequence(event.Sequence)
}
user, err := m.userEvents.UserByID(context.Background(), event.AggregateID)
if err != nil {
@ -96,18 +96,18 @@ func (m *IamMember) processUser(event *models.Event) (err error) {
}
for _, member := range members {
m.fillUserData(member, user)
err = m.view.PutIamMember(member, event.Sequence)
err = m.view.PutIAMMember(member, event.Sequence)
if err != nil {
return err
}
}
default:
return m.view.ProcessedIamMemberSequence(event.Sequence)
return m.view.ProcessedIAMMemberSequence(event.Sequence)
}
return nil
}
func (m *IamMember) fillData(member *iam_model.IamMemberView) (err error) {
func (m *IamMember) fillData(member *iam_model.IAMMemberView) (err error) {
user, err := m.userEvents.UserByID(context.Background(), member.UserID)
if err != nil {
return err
@ -116,7 +116,7 @@ func (m *IamMember) fillData(member *iam_model.IamMemberView) (err error) {
return nil
}
func (m *IamMember) fillUserData(member *iam_model.IamMemberView, user *usr_model.User) {
func (m *IamMember) fillUserData(member *iam_model.IAMMemberView, user *usr_model.User) {
member.UserName = user.UserName
member.FirstName = user.FirstName
member.LastName = user.LastName
@ -125,5 +125,5 @@ func (m *IamMember) fillUserData(member *iam_model.IamMemberView, user *usr_mode
}
func (m *IamMember) OnError(event *models.Event, err error) error {
logging.LogWithFields("SPOOL-Ld9ow", "id", event.AggregateID).WithError(err).Warn("something went wrong in iammember handler")
return spooler.HandleError(event, err, m.view.GetLatestIamMemberFailedEvent, m.view.ProcessedIamMemberFailedEvent, m.view.ProcessedIamMemberSequence, m.errorCountUntilSkip)
return spooler.HandleError(event, err, m.view.GetLatestIAMMemberFailedEvent, m.view.ProcessedIAMMemberFailedEvent, m.view.ProcessedIAMMemberSequence, m.errorCountUntilSkip)
}

View File

@ -0,0 +1,79 @@
package handler
import (
"github.com/caos/logging"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/spooler"
"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
iam_view_model "github.com/caos/zitadel/internal/iam/repository/view/model"
)
type IDPConfig struct {
handler
}
const (
idpConfigTable = "adminapi.idp_configs"
)
func (m *IDPConfig) ViewModel() string {
return idpConfigTable
}
func (m *IDPConfig) EventQuery() (*models.SearchQuery, error) {
sequence, err := m.view.GetLatestIDPConfigSequence()
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
func (m *IDPConfig) Reduce(event *models.Event) (err error) {
switch event.AggregateType {
case model.IAMAggregate:
err = m.processIDPConfig(event)
}
return err
}
func (m *IDPConfig) processIDPConfig(event *models.Event) (err error) {
idp := new(iam_view_model.IDPConfigView)
switch event.Type {
case model.IDPConfigAdded:
err = idp.AppendEvent(iam_model.IDPProviderTypeSystem, event)
case model.IDPConfigChanged,
model.OIDCIDPConfigAdded,
model.OIDCIDPConfigChanged:
err = idp.SetData(event)
if err != nil {
return err
}
idp, err = m.view.IDPConfigByID(idp.IDPConfigID)
if err != nil {
return err
}
err = idp.AppendEvent(iam_model.IDPProviderTypeSystem, event)
case model.IDPConfigRemoved:
err = idp.SetData(event)
if err != nil {
return err
}
return m.view.DeleteIDPConfig(idp.IDPConfigID, event.Sequence)
default:
return m.view.ProcessedIDPConfigSequence(event.Sequence)
}
if err != nil {
return err
}
return m.view.PutIDPConfig(idp, idp.Sequence)
}
func (m *IDPConfig) OnError(event *models.Event, err error) error {
logging.LogWithFields("SPOOL-Mslo9", "id", event.AggregateID).WithError(err).Warn("something went wrong in idp config handler")
return spooler.HandleError(event, err, m.view.GetLatestIDPConfigFailedEvent, m.view.ProcessedIDPConfigFailedEvent, m.view.ProcessedIDPConfigSequence, m.errorCountUntilSkip)
}

View File

@ -0,0 +1,114 @@
package handler
import (
"context"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/config/systemdefaults"
"github.com/caos/zitadel/internal/iam/repository/eventsourcing"
org_events "github.com/caos/zitadel/internal/org/repository/eventsourcing"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/spooler"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
iam_view_model "github.com/caos/zitadel/internal/iam/repository/view/model"
)
type IDPProvider struct {
handler
systemDefaults systemdefaults.SystemDefaults
iamEvents *eventsourcing.IAMEventstore
orgEvents *org_events.OrgEventstore
}
const (
idpProviderTable = "adminapi.idp_providers"
)
func (m *IDPProvider) ViewModel() string {
return idpProviderTable
}
func (m *IDPProvider) EventQuery() (*models.SearchQuery, error) {
sequence, err := m.view.GetLatestIDPProviderSequence()
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate, org_es_model.OrgAggregate).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
func (m *IDPProvider) Reduce(event *models.Event) (err error) {
switch event.AggregateType {
case model.IAMAggregate, org_es_model.OrgAggregate:
err = m.processIdpProvider(event)
}
return err
}
func (m *IDPProvider) processIdpProvider(event *models.Event) (err error) {
provider := new(iam_view_model.IDPProviderView)
switch event.Type {
case model.LoginPolicyIDPProviderAdded, org_es_model.LoginPolicyIDPProviderAdded:
err = provider.AppendEvent(event)
if err != nil {
return err
}
err = m.fillData(provider)
case model.LoginPolicyIDPProviderRemoved, model.LoginPolicyIDPProviderCascadeRemoved,
org_es_model.LoginPolicyIDPProviderRemoved, org_es_model.LoginPolicyIDPProviderCascadeRemoved:
err = provider.SetData(event)
if err != nil {
return err
}
return m.view.DeleteIDPProvider(event.AggregateID, provider.IDPConfigID, event.Sequence)
case model.IDPConfigChanged, org_es_model.IDPConfigChanged:
config := new(iam_model.IDPConfig)
config.AppendEvent(event)
providers, err := m.view.IDPProvidersByIdpConfigID(config.IDPConfigID)
if err != nil {
return err
}
config, err = m.iamEvents.GetIDPConfig(context.Background(), provider.AggregateID, config.IDPConfigID)
if err != nil {
return err
}
for _, provider := range providers {
m.fillConfigData(provider, config)
}
return m.view.PutIDPProviders(event.Sequence, providers...)
default:
return m.view.ProcessedIDPProviderSequence(event.Sequence)
}
if err != nil {
return err
}
return m.view.PutIDPProvider(provider, provider.Sequence)
}
func (m *IDPProvider) fillData(provider *iam_view_model.IDPProviderView) (err error) {
var config *iam_model.IDPConfig
if provider.IDPProviderType == int32(iam_model.IDPProviderTypeSystem) {
config, err = m.iamEvents.GetIDPConfig(context.Background(), m.systemDefaults.IamID, provider.IDPConfigID)
} else {
config, err = m.orgEvents.GetIDPConfig(context.Background(), provider.AggregateID, provider.IDPConfigID)
}
if err != nil {
return err
}
m.fillConfigData(provider, config)
return nil
}
func (m *IDPProvider) fillConfigData(provider *iam_view_model.IDPProviderView, config *iam_model.IDPConfig) {
provider.Name = config.Name
provider.IDPConfigType = int32(config.Type)
}
func (m *IDPProvider) OnError(event *models.Event, err error) error {
logging.LogWithFields("SPOOL-Msj8c", "id", event.AggregateID).WithError(err).Warn("something went wrong in idp provider handler")
return spooler.HandleError(event, err, m.view.GetLatestIDPProviderFailedEvent, m.view.ProcessedIDPProviderFailedEvent, m.view.ProcessedIDPProviderSequence, m.errorCountUntilSkip)
}

View File

@ -0,0 +1,66 @@
package handler
import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/spooler"
"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
)
type LoginPolicy struct {
handler
}
const (
loginPolicyTable = "adminapi.login_policies"
)
func (m *LoginPolicy) ViewModel() string {
return loginPolicyTable
}
func (m *LoginPolicy) EventQuery() (*models.SearchQuery, error) {
sequence, err := m.view.GetLatestLoginPolicySequence()
if err != nil {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
func (m *LoginPolicy) Reduce(event *models.Event) (err error) {
switch event.AggregateType {
case model.IAMAggregate:
err = m.processLoginPolicy(event)
}
return err
}
func (m *LoginPolicy) processLoginPolicy(event *models.Event) (err error) {
policy := new(iam_model.LoginPolicyView)
switch event.Type {
case model.LoginPolicyAdded:
err = policy.AppendEvent(event)
case model.LoginPolicyChanged:
policy, err = m.view.LoginPolicyByAggregateID(event.AggregateID)
if err != nil {
return err
}
err = policy.AppendEvent(event)
default:
return m.view.ProcessedLoginPolicySequence(event.Sequence)
}
if err != nil {
return err
}
return m.view.PutLoginPolicy(policy, policy.Sequence)
}
func (m *LoginPolicy) OnError(event *models.Event, err error) error {
logging.LogWithFields("SPOOL-Wj8sf", "id", event.AggregateID).WithError(err).Warn("something went wrong in login policy handler")
return spooler.HandleError(event, err, m.view.GetLatestLoginPolicyFailedEvent, m.view.ProcessedLoginPolicyFailedEvent, m.view.ProcessedLoginPolicySequence, m.errorCountUntilSkip)
}

View File

@ -105,9 +105,9 @@ func (u *User) ProcessOrg(event *models.Event) (err error) {
switch event.Type {
case org_es_model.OrgDomainVerified,
org_es_model.OrgDomainRemoved,
org_es_model.OrgIamPolicyAdded,
org_es_model.OrgIamPolicyChanged,
org_es_model.OrgIamPolicyRemoved:
org_es_model.OrgIAMPolicyAdded,
org_es_model.OrgIAMPolicyChanged,
org_es_model.OrgIAMPolicyRemoved:
return u.fillLoginNamesOnOrgUsers(event)
case org_es_model.OrgDomainPrimarySet:
return u.fillPreferredLoginNamesOnOrgUsers(event)
@ -121,7 +121,7 @@ func (u *User) fillLoginNamesOnOrgUsers(event *models.Event) error {
if err != nil {
return err
}
policy, err := u.orgEvents.GetOrgIamPolicy(context.Background(), event.ResourceOwner)
policy, err := u.orgEvents.GetOrgIAMPolicy(context.Background(), event.ResourceOwner)
if err != nil {
return err
}
@ -140,7 +140,7 @@ func (u *User) fillPreferredLoginNamesOnOrgUsers(event *models.Event) error {
if err != nil {
return err
}
policy, err := u.orgEvents.GetOrgIamPolicy(context.Background(), event.ResourceOwner)
policy, err := u.orgEvents.GetOrgIAMPolicy(context.Background(), event.ResourceOwner)
if err != nil {
return err
}
@ -162,7 +162,7 @@ func (u *User) fillLoginNames(user *view_model.UserView) (err error) {
if err != nil {
return err
}
policy, err := u.orgEvents.GetOrgIamPolicy(context.Background(), user.ResourceOwner)
policy, err := u.orgEvents.GetOrgIAMPolicy(context.Background(), user.ResourceOwner)
if err != nil {
return err
}

View File

@ -28,7 +28,7 @@ type Config struct {
type EsRepository struct {
spooler *es_spol.Spooler
eventstore.OrgRepo
eventstore.IamRepository
eventstore.IAMRepository
eventstore.AdministratorRepo
}
@ -38,7 +38,7 @@ func Start(ctx context.Context, conf Config, systemDefaults sd.SystemDefaults, r
return nil, err
}
iam, err := es_iam.StartIam(es_iam.IamConfig{
iam, err := es_iam.StartIAM(es_iam.IAMConfig{
Eventstore: es,
Cache: conf.Eventstore.Cache,
}, systemDefaults)
@ -71,7 +71,7 @@ func Start(ctx context.Context, conf Config, systemDefaults sd.SystemDefaults, r
return nil, err
}
spool := spooler.StartSpooler(conf.Spooler, es, view, sqlClient, handler.EventstoreRepos{UserEvents: user, OrgEvents: org})
spool := spooler.StartSpooler(conf.Spooler, es, view, sqlClient, handler.EventstoreRepos{UserEvents: user, OrgEvents: org, IamEvents: iam}, systemDefaults)
return &EsRepository{
spooler: spool,
@ -82,9 +82,11 @@ func Start(ctx context.Context, conf Config, systemDefaults sd.SystemDefaults, r
PolicyEventstore: policy,
View: view,
SearchLimit: conf.SearchLimit,
SystemDefaults: systemDefaults,
},
IamRepository: eventstore.IamRepository{
IamEventstore: iam,
IAMRepository: eventstore.IAMRepository{
IAMEventstore: iam,
OrgEvents: org,
View: view,
SystemDefaults: systemDefaults,
SearchLimit: conf.SearchLimit,

View File

@ -2,6 +2,7 @@ package spooler
import (
"database/sql"
"github.com/caos/zitadel/internal/config/systemdefaults"
"github.com/caos/zitadel/internal/admin/repository/eventsourcing/handler"
"github.com/caos/zitadel/internal/admin/repository/eventsourcing/view"
@ -16,12 +17,12 @@ type SpoolerConfig struct {
Handlers handler.Configs
}
func StartSpooler(c SpoolerConfig, es eventstore.Eventstore, view *view.View, sql *sql.DB, repos handler.EventstoreRepos) *spooler.Spooler {
func StartSpooler(c SpoolerConfig, es eventstore.Eventstore, view *view.View, sql *sql.DB, repos handler.EventstoreRepos, defaults systemdefaults.SystemDefaults) *spooler.Spooler {
spoolerConfig := spooler.Config{
Eventstore: es,
Locker: &locker{dbClient: sql},
ConcurrentWorkers: c.ConcurrentWorkers,
ViewHandlers: handler.Register(c.Handlers, c.BulkLimit, c.FailureCountUntilSkip, view, es, repos),
ViewHandlers: handler.Register(c.Handlers, c.BulkLimit, c.FailureCountUntilSkip, view, es, repos, defaults),
}
spool := spoolerConfig.New()
spool.Start()

View File

@ -12,46 +12,46 @@ const (
iamMemberTable = "adminapi.iam_members"
)
func (v *View) IamMemberByIDs(orgID, userID string) (*model.IamMemberView, error) {
return view.IamMemberByIDs(v.Db, iamMemberTable, orgID, userID)
func (v *View) IAMMemberByIDs(orgID, userID string) (*model.IAMMemberView, error) {
return view.IAMMemberByIDs(v.Db, iamMemberTable, orgID, userID)
}
func (v *View) SearchIamMembers(request *iam_model.IamMemberSearchRequest) ([]*model.IamMemberView, uint64, error) {
return view.SearchIamMembers(v.Db, iamMemberTable, request)
func (v *View) SearchIAMMembers(request *iam_model.IAMMemberSearchRequest) ([]*model.IAMMemberView, uint64, error) {
return view.SearchIAMMembers(v.Db, iamMemberTable, request)
}
func (v *View) IamMembersByUserID(userID string) ([]*model.IamMemberView, error) {
return view.IamMembersByUserID(v.Db, iamMemberTable, userID)
func (v *View) IAMMembersByUserID(userID string) ([]*model.IAMMemberView, error) {
return view.IAMMembersByUserID(v.Db, iamMemberTable, userID)
}
func (v *View) PutIamMember(org *model.IamMemberView, sequence uint64) error {
err := view.PutIamMember(v.Db, iamMemberTable, org)
func (v *View) PutIAMMember(org *model.IAMMemberView, sequence uint64) error {
err := view.PutIAMMember(v.Db, iamMemberTable, org)
if err != nil {
return err
}
return v.ProcessedIamMemberSequence(sequence)
return v.ProcessedIAMMemberSequence(sequence)
}
func (v *View) DeleteIamMember(iamID, userID string, eventSequence uint64) error {
err := view.DeleteIamMember(v.Db, iamMemberTable, iamID, userID)
func (v *View) DeleteIAMMember(iamID, userID string, eventSequence uint64) error {
err := view.DeleteIAMMember(v.Db, iamMemberTable, iamID, userID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedIamMemberSequence(eventSequence)
return v.ProcessedIAMMemberSequence(eventSequence)
}
func (v *View) GetLatestIamMemberSequence() (*global_view.CurrentSequence, error) {
func (v *View) GetLatestIAMMemberSequence() (*global_view.CurrentSequence, error) {
return v.latestSequence(iamMemberTable)
}
func (v *View) ProcessedIamMemberSequence(eventSequence uint64) error {
func (v *View) ProcessedIAMMemberSequence(eventSequence uint64) error {
return v.saveCurrentSequence(iamMemberTable, eventSequence)
}
func (v *View) GetLatestIamMemberFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
func (v *View) GetLatestIAMMemberFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
return v.latestFailedEvent(iamMemberTable, sequence)
}
func (v *View) ProcessedIamMemberFailedEvent(failedEvent *global_view.FailedEvent) error {
func (v *View) ProcessedIAMMemberFailedEvent(failedEvent *global_view.FailedEvent) error {
return v.saveFailedEvent(failedEvent)
}

View File

@ -0,0 +1,53 @@
package view
import (
"github.com/caos/zitadel/internal/errors"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/iam/repository/view"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_view "github.com/caos/zitadel/internal/view/repository"
)
const (
idpConfigTable = "adminapi.idp_configs"
)
func (v *View) IDPConfigByID(idpID string) (*model.IDPConfigView, error) {
return view.IDPByID(v.Db, idpConfigTable, idpID)
}
func (v *View) SearchIDPConfigs(request *iam_model.IDPConfigSearchRequest) ([]*model.IDPConfigView, uint64, error) {
return view.SearchIDPs(v.Db, idpConfigTable, request)
}
func (v *View) PutIDPConfig(idp *model.IDPConfigView, sequence uint64) error {
err := view.PutIDP(v.Db, idpConfigTable, idp)
if err != nil {
return err
}
return v.ProcessedIDPConfigSequence(sequence)
}
func (v *View) DeleteIDPConfig(idpID string, eventSequence uint64) error {
err := view.DeleteIDP(v.Db, idpConfigTable, idpID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedIDPConfigSequence(eventSequence)
}
func (v *View) GetLatestIDPConfigSequence() (*global_view.CurrentSequence, error) {
return v.latestSequence(idpConfigTable)
}
func (v *View) ProcessedIDPConfigSequence(eventSequence uint64) error {
return v.saveCurrentSequence(idpConfigTable, eventSequence)
}
func (v *View) GetLatestIDPConfigFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
return v.latestFailedEvent(idpConfigTable, sequence)
}
func (v *View) ProcessedIDPConfigFailedEvent(failedEvent *global_view.FailedEvent) error {
return v.saveFailedEvent(failedEvent)
}

View File

@ -0,0 +1,65 @@
package view
import (
"github.com/caos/zitadel/internal/errors"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/iam/repository/view"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_view "github.com/caos/zitadel/internal/view/repository"
)
const (
idpProviderTable = "adminapi.idp_providers"
)
func (v *View) IDPProviderByAggregateAndIdpConfigID(aggregateID, idpConfigID string) (*model.IDPProviderView, error) {
return view.GetIDPProviderByAggregateIDAndConfigID(v.Db, idpProviderTable, aggregateID, idpConfigID)
}
func (v *View) IDPProvidersByIdpConfigID(idpConfigID string) ([]*model.IDPProviderView, error) {
return view.IDPProvidersByIdpConfigID(v.Db, idpProviderTable, idpConfigID)
}
func (v *View) SearchIDPProviders(request *iam_model.IDPProviderSearchRequest) ([]*model.IDPProviderView, uint64, error) {
return view.SearchIDPProviders(v.Db, idpProviderTable, request)
}
func (v *View) PutIDPProvider(provider *model.IDPProviderView, sequence uint64) error {
err := view.PutIDPProvider(v.Db, idpProviderTable, provider)
if err != nil {
return err
}
return v.ProcessedIDPProviderSequence(sequence)
}
func (v *View) PutIDPProviders(sequence uint64, providers ...*model.IDPProviderView) error {
err := view.PutIDPProviders(v.Db, idpProviderTable, providers...)
if err != nil {
return err
}
return v.ProcessedIDPProviderSequence(sequence)
}
func (v *View) DeleteIDPProvider(aggregateID, idpConfigID string, eventSequence uint64) error {
err := view.DeleteIDPProvider(v.Db, idpProviderTable, aggregateID, idpConfigID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedIDPProviderSequence(eventSequence)
}
func (v *View) GetLatestIDPProviderSequence() (*global_view.CurrentSequence, error) {
return v.latestSequence(idpProviderTable)
}
func (v *View) ProcessedIDPProviderSequence(eventSequence uint64) error {
return v.saveCurrentSequence(idpProviderTable, eventSequence)
}
func (v *View) GetLatestIDPProviderFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
return v.latestFailedEvent(idpProviderTable, sequence)
}
func (v *View) ProcessedIDPProviderFailedEvent(failedEvent *global_view.FailedEvent) error {
return v.saveFailedEvent(failedEvent)
}

View File

@ -0,0 +1,48 @@
package view
import (
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/iam/repository/view"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_view "github.com/caos/zitadel/internal/view/repository"
)
const (
loginPolicyTable = "adminapi.login_policies"
)
func (v *View) LoginPolicyByAggregateID(aggregateID string) (*model.LoginPolicyView, error) {
return view.GetLoginPolicyByAggregateID(v.Db, loginPolicyTable, aggregateID)
}
func (v *View) PutLoginPolicy(policy *model.LoginPolicyView, sequence uint64) error {
err := view.PutLoginPolicy(v.Db, loginPolicyTable, policy)
if err != nil {
return err
}
return v.ProcessedLoginPolicySequence(sequence)
}
func (v *View) DeleteLoginPolicy(aggregateID string, eventSequence uint64) error {
err := view.DeleteLoginPolicy(v.Db, loginPolicyTable, aggregateID)
if err != nil && !errors.IsNotFound(err) {
return err
}
return v.ProcessedLoginPolicySequence(eventSequence)
}
func (v *View) GetLatestLoginPolicySequence() (*global_view.CurrentSequence, error) {
return v.latestSequence(loginPolicyTable)
}
func (v *View) ProcessedLoginPolicySequence(eventSequence uint64) error {
return v.saveCurrentSequence(loginPolicyTable, eventSequence)
}
func (v *View) GetLatestLoginPolicyFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
return v.latestFailedEvent(loginPolicyTable, sequence)
}
func (v *View) ProcessedLoginPolicyFailedEvent(failedEvent *global_view.FailedEvent) error {
return v.saveFailedEvent(failedEvent)
}

View File

@ -5,11 +5,27 @@ import (
iam_model "github.com/caos/zitadel/internal/iam/model"
)
type IamRepository interface {
SearchIamMembers(ctx context.Context, request *iam_model.IamMemberSearchRequest) (*iam_model.IamMemberSearchResponse, error)
AddIamMember(ctx context.Context, member *iam_model.IamMember) (*iam_model.IamMember, error)
ChangeIamMember(ctx context.Context, member *iam_model.IamMember) (*iam_model.IamMember, error)
RemoveIamMember(ctx context.Context, userID string) error
type IAMRepository interface {
SearchIAMMembers(ctx context.Context, request *iam_model.IAMMemberSearchRequest) (*iam_model.IAMMemberSearchResponse, error)
AddIAMMember(ctx context.Context, member *iam_model.IAMMember) (*iam_model.IAMMember, error)
ChangeIAMMember(ctx context.Context, member *iam_model.IAMMember) (*iam_model.IAMMember, error)
RemoveIAMMember(ctx context.Context, userID string) error
GetIamMemberRoles() []string
GetIAMMemberRoles() []string
SearchIDPConfigs(ctx context.Context, request *iam_model.IDPConfigSearchRequest) (*iam_model.IDPConfigSearchResponse, error)
IDPConfigByID(ctx context.Context, id string) (*iam_model.IDPConfigView, error)
AddOIDCIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error)
ChangeIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error)
DeactivateIDPConfig(ctx context.Context, idpConfigID string) (*iam_model.IDPConfig, error)
ReactivateIDPConfig(ctx context.Context, idpConfigID string) (*iam_model.IDPConfig, error)
RemoveIDPConfig(ctx context.Context, idpConfigID string) error
ChangeOidcIDPConfig(ctx context.Context, oidcConfig *iam_model.OIDCIDPConfig) (*iam_model.OIDCIDPConfig, error)
GetDefaultLoginPolicy(ctx context.Context) (*iam_model.LoginPolicyView, error)
AddDefaultLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error)
ChangeDefaultLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error)
SearchDefaultIDPProviders(ctx context.Context, request *iam_model.IDPProviderSearchRequest) (*iam_model.IDPProviderSearchResponse, error)
AddIDPProviderToLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) (*iam_model.IDPProvider, error)
RemoveIDPProviderFromLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) error
}

View File

@ -13,8 +13,8 @@ type OrgRepository interface {
OrgByID(ctx context.Context, id string) (*org_model.Org, error)
SearchOrgs(ctx context.Context, query *org_model.OrgSearchRequest) (*org_model.OrgSearchResult, error)
GetOrgIamPolicyByID(ctx context.Context, id string) (*org_model.OrgIamPolicy, error)
CreateOrgIamPolicy(ctx context.Context, policy *org_model.OrgIamPolicy) (*org_model.OrgIamPolicy, error)
ChangeOrgIamPolicy(ctx context.Context, policy *org_model.OrgIamPolicy) (*org_model.OrgIamPolicy, error)
GetOrgIamPolicyByID(ctx context.Context, id string) (*org_model.OrgIAMPolicy, error)
CreateOrgIamPolicy(ctx context.Context, policy *org_model.OrgIAMPolicy) (*org_model.OrgIAMPolicy, error)
ChangeOrgIamPolicy(ctx context.Context, policy *org_model.OrgIAMPolicy) (*org_model.OrgIAMPolicy, error)
RemoveOrgIamPolicy(ctx context.Context, id string) error
}

View File

@ -5,6 +5,6 @@ import "context"
type Repository interface {
Health(ctx context.Context) error
OrgRepository
IamRepository
IAMRepository
AdministratorRepository
}

View File

@ -32,7 +32,7 @@ type API struct {
}
type health interface {
Health(ctx context.Context) error
IamByID(ctx context.Context) (*iam_model.Iam, error)
IamByID(ctx context.Context) (*iam_model.IAM, error)
VerifierClientID(ctx context.Context, appName string) (string, error)
}

View File

@ -9,11 +9,11 @@ import (
)
func (s *Server) GetIamMemberRoles(ctx context.Context, _ *empty.Empty) (*admin.IamMemberRoles, error) {
return &admin.IamMemberRoles{Roles: s.iam.GetIamMemberRoles()}, nil
return &admin.IamMemberRoles{Roles: s.iam.GetIAMMemberRoles()}, nil
}
func (s *Server) SearchIamMembers(ctx context.Context, in *admin.IamMemberSearchRequest) (*admin.IamMemberSearchResponse, error) {
members, err := s.iam.SearchIamMembers(ctx, iamMemberSearchRequestToModel(in))
members, err := s.iam.SearchIAMMembers(ctx, iamMemberSearchRequestToModel(in))
if err != nil {
return nil, err
}
@ -21,7 +21,7 @@ func (s *Server) SearchIamMembers(ctx context.Context, in *admin.IamMemberSearch
}
func (s *Server) AddIamMember(ctx context.Context, member *admin.AddIamMemberRequest) (*admin.IamMember, error) {
addedMember, err := s.iam.AddIamMember(ctx, addIamMemberToModel(member))
addedMember, err := s.iam.AddIAMMember(ctx, addIamMemberToModel(member))
if err != nil {
return nil, err
}
@ -30,7 +30,7 @@ func (s *Server) AddIamMember(ctx context.Context, member *admin.AddIamMemberReq
}
func (s *Server) ChangeIamMember(ctx context.Context, member *admin.ChangeIamMemberRequest) (*admin.IamMember, error) {
changedMember, err := s.iam.ChangeIamMember(ctx, changeIamMemberToModel(member))
changedMember, err := s.iam.ChangeIAMMember(ctx, changeIamMemberToModel(member))
if err != nil {
return nil, err
}
@ -38,6 +38,6 @@ func (s *Server) ChangeIamMember(ctx context.Context, member *admin.ChangeIamMem
}
func (s *Server) RemoveIamMember(ctx context.Context, member *admin.RemoveIamMemberRequest) (*empty.Empty, error) {
err := s.iam.RemoveIamMember(ctx, member.UserId)
err := s.iam.RemoveIAMMember(ctx, member.UserId)
return &empty.Empty{}, err
}

View File

@ -9,8 +9,8 @@ import (
"github.com/caos/zitadel/pkg/grpc/admin"
)
func addIamMemberToModel(member *admin.AddIamMemberRequest) *iam_model.IamMember {
memberModel := &iam_model.IamMember{
func addIamMemberToModel(member *admin.AddIamMemberRequest) *iam_model.IAMMember {
memberModel := &iam_model.IAMMember{
UserID: member.UserId,
}
memberModel.Roles = member.Roles
@ -18,8 +18,8 @@ func addIamMemberToModel(member *admin.AddIamMemberRequest) *iam_model.IamMember
return memberModel
}
func changeIamMemberToModel(member *admin.ChangeIamMemberRequest) *iam_model.IamMember {
memberModel := &iam_model.IamMember{
func changeIamMemberToModel(member *admin.ChangeIamMemberRequest) *iam_model.IAMMember {
memberModel := &iam_model.IAMMember{
UserID: member.UserId,
}
memberModel.Roles = member.Roles
@ -27,7 +27,7 @@ func changeIamMemberToModel(member *admin.ChangeIamMemberRequest) *iam_model.Iam
return memberModel
}
func iamMemberFromModel(member *iam_model.IamMember) *admin.IamMember {
func iamMemberFromModel(member *iam_model.IAMMember) *admin.IamMember {
creationDate, err := ptypes.TimestampProto(member.CreationDate)
logging.Log("GRPC-Lsp76").OnError(err).Debug("date parse failed")
@ -43,16 +43,16 @@ func iamMemberFromModel(member *iam_model.IamMember) *admin.IamMember {
}
}
func iamMemberSearchRequestToModel(request *admin.IamMemberSearchRequest) *iam_model.IamMemberSearchRequest {
return &iam_model.IamMemberSearchRequest{
func iamMemberSearchRequestToModel(request *admin.IamMemberSearchRequest) *iam_model.IAMMemberSearchRequest {
return &iam_model.IAMMemberSearchRequest{
Limit: request.Limit,
Offset: request.Offset,
Queries: iamMemberSearchQueriesToModel(request.Queries),
}
}
func iamMemberSearchQueriesToModel(queries []*admin.IamMemberSearchQuery) []*iam_model.IamMemberSearchQuery {
modelQueries := make([]*iam_model.IamMemberSearchQuery, len(queries))
func iamMemberSearchQueriesToModel(queries []*admin.IamMemberSearchQuery) []*iam_model.IAMMemberSearchQuery {
modelQueries := make([]*iam_model.IAMMemberSearchQuery, len(queries))
for i, query := range queries {
modelQueries[i] = iamMemberSearchQueryToModel(query)
}
@ -60,30 +60,30 @@ func iamMemberSearchQueriesToModel(queries []*admin.IamMemberSearchQuery) []*iam
return modelQueries
}
func iamMemberSearchQueryToModel(query *admin.IamMemberSearchQuery) *iam_model.IamMemberSearchQuery {
return &iam_model.IamMemberSearchQuery{
func iamMemberSearchQueryToModel(query *admin.IamMemberSearchQuery) *iam_model.IAMMemberSearchQuery {
return &iam_model.IAMMemberSearchQuery{
Key: iamMemberSearchKeyToModel(query.Key),
Method: iamMemberSearchMethodToModel(query.Method),
Method: searchMethodToModel(query.Method),
Value: query.Value,
}
}
func iamMemberSearchKeyToModel(key admin.IamMemberSearchKey) iam_model.IamMemberSearchKey {
func iamMemberSearchKeyToModel(key admin.IamMemberSearchKey) iam_model.IAMMemberSearchKey {
switch key {
case admin.IamMemberSearchKey_IAMMEMBERSEARCHKEY_EMAIL:
return iam_model.IamMemberSearchKeyEmail
return iam_model.IAMMemberSearchKeyEmail
case admin.IamMemberSearchKey_IAMMEMBERSEARCHKEY_FIRST_NAME:
return iam_model.IamMemberSearchKeyFirstName
return iam_model.IAMMemberSearchKeyFirstName
case admin.IamMemberSearchKey_IAMMEMBERSEARCHKEY_LAST_NAME:
return iam_model.IamMemberSearchKeyLastName
return iam_model.IAMMemberSearchKeyLastName
case admin.IamMemberSearchKey_IAMMEMBERSEARCHKEY_USER_ID:
return iam_model.IamMemberSearchKeyUserID
return iam_model.IAMMemberSearchKeyUserID
default:
return iam_model.IamMemberSearchKeyUnspecified
return iam_model.IAMMemberSearchKeyUnspecified
}
}
func iamMemberSearchMethodToModel(key admin.SearchMethod) model.SearchMethod {
func searchMethodToModel(key admin.SearchMethod) model.SearchMethod {
switch key {
case admin.SearchMethod_SEARCHMETHOD_CONTAINS:
return model.SearchMethodContains
@ -102,7 +102,7 @@ func iamMemberSearchMethodToModel(key admin.SearchMethod) model.SearchMethod {
}
}
func iamMemberSearchResponseFromModel(resp *iam_model.IamMemberSearchResponse) *admin.IamMemberSearchResponse {
func iamMemberSearchResponseFromModel(resp *iam_model.IAMMemberSearchResponse) *admin.IamMemberSearchResponse {
timestamp, err := ptypes.TimestampProto(resp.Timestamp)
logging.Log("GRPC-5shu8").OnError(err).Debug("date parse failed")
return &admin.IamMemberSearchResponse{
@ -114,7 +114,7 @@ func iamMemberSearchResponseFromModel(resp *iam_model.IamMemberSearchResponse) *
ViewTimestamp: timestamp,
}
}
func iamMembersFromView(viewMembers []*iam_model.IamMemberView) []*admin.IamMemberView {
func iamMembersFromView(viewMembers []*iam_model.IAMMemberView) []*admin.IamMemberView {
members := make([]*admin.IamMemberView, len(viewMembers))
for i, member := range viewMembers {
@ -124,7 +124,7 @@ func iamMembersFromView(viewMembers []*iam_model.IamMemberView) []*admin.IamMemb
return members
}
func iamMemberFromView(member *iam_model.IamMemberView) *admin.IamMemberView {
func iamMemberFromView(member *iam_model.IAMMemberView) *admin.IamMemberView {
changeDate, err := ptypes.TimestampProto(member.ChangeDate)
logging.Log("GRPC-Lso9c").OnError(err).Debug("unable to parse changedate")
creationDate, err := ptypes.TimestampProto(member.CreationDate)

View File

@ -0,0 +1,69 @@
package admin
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/pkg/grpc/admin"
)
func (s *Server) IdpByID(ctx context.Context, id *admin.IdpID) (*admin.IdpView, error) {
config, err := s.iam.IDPConfigByID(ctx, id.Id)
if err != nil {
return nil, err
}
return idpViewFromModel(config), nil
}
func (s *Server) CreateOidcIdp(ctx context.Context, oidcIdpConfig *admin.OidcIdpConfigCreate) (*admin.Idp, error) {
config, err := s.iam.AddOIDCIDPConfig(ctx, createOidcIdpToModel(oidcIdpConfig))
if err != nil {
return nil, err
}
return idpFromModel(config), nil
}
func (s *Server) UpdateIdpConfig(ctx context.Context, idpConfig *admin.IdpUpdate) (*admin.Idp, error) {
config, err := s.iam.ChangeIDPConfig(ctx, updateIdpToModel(idpConfig))
if err != nil {
return nil, err
}
return idpFromModel(config), nil
}
func (s *Server) DeactivateIdpConfig(ctx context.Context, id *admin.IdpID) (*admin.Idp, error) {
config, err := s.iam.DeactivateIDPConfig(ctx, id.Id)
if err != nil {
return nil, err
}
return idpFromModel(config), nil
}
func (s *Server) ReactivateIdpConfig(ctx context.Context, id *admin.IdpID) (*admin.Idp, error) {
config, err := s.iam.ReactivateIDPConfig(ctx, id.Id)
if err != nil {
return nil, err
}
return idpFromModel(config), nil
}
func (s *Server) RemoveIdpConfig(ctx context.Context, id *admin.IdpID) (*empty.Empty, error) {
err := s.iam.RemoveIDPConfig(ctx, id.Id)
return &empty.Empty{}, err
}
func (s *Server) UpdateOidcIdpConfig(ctx context.Context, request *admin.OidcIdpConfigUpdate) (*admin.OidcIdpConfig, error) {
config, err := s.iam.ChangeOidcIDPConfig(ctx, updateOidcIdpToModel(request))
if err != nil {
return nil, err
}
return oidcIdpConfigFromModel(config), nil
}
func (s *Server) SearchIdps(ctx context.Context, request *admin.IdpSearchRequest) (*admin.IdpSearchResponse, error) {
response, err := s.iam.SearchIDPConfigs(ctx, idpConfigSearchRequestToModel(request))
if err != nil {
return nil, err
}
return idpConfigSearchResponseFromModel(response), nil
}

View File

@ -0,0 +1,180 @@
package admin
import (
"github.com/caos/logging"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/pkg/grpc/admin"
"github.com/golang/protobuf/ptypes"
)
func createOidcIdpToModel(idp *admin.OidcIdpConfigCreate) *iam_model.IDPConfig {
return &iam_model.IDPConfig{
Name: idp.Name,
LogoSrc: idp.LogoSrc,
Type: iam_model.IDPConfigTypeOIDC,
OIDCConfig: &iam_model.OIDCIDPConfig{
ClientID: idp.ClientId,
ClientSecretString: idp.ClientSecret,
Issuer: idp.Issuer,
Scopes: idp.Scopes,
},
}
}
func updateIdpToModel(idp *admin.IdpUpdate) *iam_model.IDPConfig {
return &iam_model.IDPConfig{
IDPConfigID: idp.Id,
Name: idp.Name,
LogoSrc: idp.LogoSrc,
}
}
func updateOidcIdpToModel(idp *admin.OidcIdpConfigUpdate) *iam_model.OIDCIDPConfig {
return &iam_model.OIDCIDPConfig{
IDPConfigID: idp.IdpId,
ClientID: idp.ClientId,
ClientSecretString: idp.ClientSecret,
Issuer: idp.Issuer,
Scopes: idp.Scopes,
}
}
func idpFromModel(idp *iam_model.IDPConfig) *admin.Idp {
creationDate, err := ptypes.TimestampProto(idp.CreationDate)
logging.Log("GRPC-8dju8").OnError(err).Debug("date parse failed")
changeDate, err := ptypes.TimestampProto(idp.ChangeDate)
logging.Log("GRPC-Dsj8i").OnError(err).Debug("date parse failed")
return &admin.Idp{
Id: idp.IDPConfigID,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: idp.Sequence,
Name: idp.Name,
LogoSrc: idp.LogoSrc,
State: idpConfigStateFromModel(idp.State),
IdpConfig: idpConfigFromModel(idp),
}
}
func idpViewFromModel(idp *iam_model.IDPConfigView) *admin.IdpView {
creationDate, err := ptypes.TimestampProto(idp.CreationDate)
logging.Log("GRPC-8dju8").OnError(err).Debug("date parse failed")
changeDate, err := ptypes.TimestampProto(idp.ChangeDate)
logging.Log("GRPC-Dsj8i").OnError(err).Debug("date parse failed")
return &admin.IdpView{
Id: idp.IDPConfigID,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: idp.Sequence,
Name: idp.Name,
LogoSrc: idp.LogoSrc,
State: idpConfigStateFromModel(idp.State),
IdpConfigView: idpConfigViewFromModel(idp),
}
}
func idpConfigFromModel(idp *iam_model.IDPConfig) *admin.Idp_OidcConfig {
if idp.Type == iam_model.IDPConfigTypeOIDC {
return &admin.Idp_OidcConfig{
OidcConfig: oidcIdpConfigFromModel(idp.OIDCConfig),
}
}
return nil
}
func oidcIdpConfigFromModel(idp *iam_model.OIDCIDPConfig) *admin.OidcIdpConfig {
return &admin.OidcIdpConfig{
ClientId: idp.ClientID,
Issuer: idp.Issuer,
Scopes: idp.Scopes,
}
}
func idpConfigViewFromModel(idp *iam_model.IDPConfigView) *admin.IdpView_OidcConfig {
if idp.IsOIDC {
return &admin.IdpView_OidcConfig{
OidcConfig: oidcIdpConfigViewFromModel(idp),
}
}
return nil
}
func oidcIdpConfigViewFromModel(idp *iam_model.IDPConfigView) *admin.OidcIdpConfigView {
return &admin.OidcIdpConfigView{
ClientId: idp.OIDCClientID,
Issuer: idp.OIDCIssuer,
Scopes: idp.OIDCScopes,
}
}
func idpConfigStateFromModel(state iam_model.IDPConfigState) admin.IdpState {
switch state {
case iam_model.IDPConfigStateActive:
return admin.IdpState_IDPCONFIGSTATE_ACTIVE
case iam_model.IDPConfigStateInactive:
return admin.IdpState_IDPCONFIGSTATE_INACTIVE
default:
return admin.IdpState_IDPCONFIGSTATE_UNSPECIFIED
}
}
func idpConfigSearchRequestToModel(request *admin.IdpSearchRequest) *iam_model.IDPConfigSearchRequest {
return &iam_model.IDPConfigSearchRequest{
Limit: request.Limit,
Offset: request.Offset,
Queries: idpConfigSearchQueriesToModel(request.Queries),
}
}
func idpConfigSearchQueriesToModel(queries []*admin.IdpSearchQuery) []*iam_model.IDPConfigSearchQuery {
modelQueries := make([]*iam_model.IDPConfigSearchQuery, len(queries))
for i, query := range queries {
modelQueries[i] = idpConfigSearchQueryToModel(query)
}
return modelQueries
}
func idpConfigSearchQueryToModel(query *admin.IdpSearchQuery) *iam_model.IDPConfigSearchQuery {
return &iam_model.IDPConfigSearchQuery{
Key: idpConfigSearchKeyToModel(query.Key),
Method: searchMethodToModel(query.Method),
Value: query.Value,
}
}
func idpConfigSearchKeyToModel(key admin.IdpSearchKey) iam_model.IDPConfigSearchKey {
switch key {
case admin.IdpSearchKey_IDPSEARCHKEY_IDP_CONFIG_ID:
return iam_model.IDPConfigSearchKeyIdpConfigID
case admin.IdpSearchKey_IDPSEARCHKEY_NAME:
return iam_model.IDPConfigSearchKeyName
default:
return iam_model.IDPConfigSearchKeyUnspecified
}
}
func idpConfigSearchResponseFromModel(resp *iam_model.IDPConfigSearchResponse) *admin.IdpSearchResponse {
timestamp, err := ptypes.TimestampProto(resp.Timestamp)
logging.Log("GRPC-KSi8c").OnError(err).Debug("date parse failed")
return &admin.IdpSearchResponse{
Limit: resp.Limit,
Offset: resp.Offset,
TotalResult: resp.TotalResult,
Result: idpConfigsFromView(resp.Result),
ProcessedSequence: resp.Sequence,
ViewTimestamp: timestamp,
}
}
func idpConfigsFromView(viewIdps []*iam_model.IDPConfigView) []*admin.IdpView {
idps := make([]*admin.IdpView, len(viewIdps))
for i, idp := range viewIdps {
idps[i] = idpViewFromModel(idp)
}
return idps
}

View File

@ -0,0 +1,44 @@
package admin
import (
"context"
"github.com/caos/zitadel/pkg/grpc/admin"
"github.com/golang/protobuf/ptypes/empty"
)
func (s *Server) GetDefaultLoginPolicy(ctx context.Context, _ *empty.Empty) (*admin.DefaultLoginPolicyView, error) {
result, err := s.iam.GetDefaultLoginPolicy(ctx)
if err != nil {
return nil, err
}
return loginPolicyViewFromModel(result), nil
}
func (s *Server) UpdateDefaultLoginPolicy(ctx context.Context, policy *admin.DefaultLoginPolicy) (*admin.DefaultLoginPolicy, error) {
result, err := s.iam.ChangeDefaultLoginPolicy(ctx, loginPolicyToModel(policy))
if err != nil {
return nil, err
}
return loginPolicyFromModel(result), nil
}
func (s *Server) GetDefaultLoginPolicyIdpProviders(ctx context.Context, request *admin.IdpProviderSearchRequest) (*admin.IdpProviderSearchResponse, error) {
result, err := s.iam.SearchDefaultIDPProviders(ctx, idpProviderSearchRequestToModel(request))
if err != nil {
return nil, err
}
return idpProviderSearchResponseFromModel(result), nil
}
func (s *Server) AddIdpProviderToDefaultLoginPolicy(ctx context.Context, provider *admin.IdpProviderID) (*admin.IdpProviderID, error) {
result, err := s.iam.AddIDPProviderToLoginPolicy(ctx, idpProviderToModel(provider))
if err != nil {
return nil, err
}
return idpProviderFromModel(result), nil
}
func (s *Server) RemoveIdpProviderFromDefaultLoginPolicy(ctx context.Context, provider *admin.IdpProviderID) (*empty.Empty, error) {
err := s.iam.RemoveIDPProviderFromLoginPolicy(ctx, idpProviderToModel(provider))
return &empty.Empty{}, err
}

View File

@ -0,0 +1,87 @@
package admin
import (
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/pkg/grpc/admin"
)
func loginPolicyToModel(policy *admin.DefaultLoginPolicy) *iam_model.LoginPolicy {
return &iam_model.LoginPolicy{
AllowUsernamePassword: policy.AllowUsernamePassword,
AllowExternalIdp: policy.AllowExternalIdp,
AllowRegister: policy.AllowRegister,
}
}
func loginPolicyFromModel(policy *iam_model.LoginPolicy) *admin.DefaultLoginPolicy {
return &admin.DefaultLoginPolicy{
AllowUsernamePassword: policy.AllowUsernamePassword,
AllowExternalIdp: policy.AllowExternalIdp,
AllowRegister: policy.AllowRegister,
}
}
func loginPolicyViewFromModel(policy *iam_model.LoginPolicyView) *admin.DefaultLoginPolicyView {
return &admin.DefaultLoginPolicyView{
AllowUsernamePassword: policy.AllowUsernamePassword,
AllowExternalIdp: policy.AllowExternalIDP,
AllowRegister: policy.AllowRegister,
}
}
func idpProviderSearchRequestToModel(request *admin.IdpProviderSearchRequest) *iam_model.IDPProviderSearchRequest {
return &iam_model.IDPProviderSearchRequest{
Limit: request.Limit,
Offset: request.Offset,
}
}
func idpProviderSearchResponseFromModel(response *iam_model.IDPProviderSearchResponse) *admin.IdpProviderSearchResponse {
return &admin.IdpProviderSearchResponse{
Limit: response.Limit,
Offset: response.Offset,
TotalResult: response.TotalResult,
Result: idpProviderViewsFromModel(response.Result),
}
}
func idpProviderToModel(provider *admin.IdpProviderID) *iam_model.IDPProvider {
return &iam_model.IDPProvider{
IdpConfigID: provider.IdpConfigId,
Type: iam_model.IDPProviderTypeSystem,
}
}
func idpProviderFromModel(provider *iam_model.IDPProvider) *admin.IdpProviderID {
return &admin.IdpProviderID{
IdpConfigId: provider.IdpConfigID,
}
}
func idpProviderViewsFromModel(providers []*iam_model.IDPProviderView) []*admin.IdpProviderView {
converted := make([]*admin.IdpProviderView, len(providers))
for i, provider := range providers {
converted[i] = idpProviderViewFromModel(provider)
}
return converted
}
func idpProviderViewFromModel(provider *iam_model.IDPProviderView) *admin.IdpProviderView {
return &admin.IdpProviderView{
IdpConfigId: provider.IDPConfigID,
Name: provider.Name,
Type: idpConfigTypeToModel(provider.IDPConfigType),
}
}
func idpConfigTypeToModel(providerType iam_model.IdpConfigType) admin.IdpType {
switch providerType {
case iam_model.IDPConfigTypeOIDC:
return admin.IdpType_IDPTYPE_OIDC
case iam_model.IDPConfigTypeSAML:
return admin.IdpType_IDPTYPE_SAML
default:
return admin.IdpType_IDPTYPE_UNSPECIFIED
}
}

View File

@ -269,7 +269,7 @@ func orgQueryMethodToModel(method admin.OrgSearchMethod) model.SearchMethod {
}
}
func orgIamPolicyFromModel(policy *org_model.OrgIamPolicy) *admin.OrgIamPolicy {
func orgIamPolicyFromModel(policy *org_model.OrgIAMPolicy) *admin.OrgIamPolicy {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-ush36").OnError(err).Debug("unable to get timestamp from time")
@ -286,8 +286,8 @@ func orgIamPolicyFromModel(policy *org_model.OrgIamPolicy) *admin.OrgIamPolicy {
}
}
func orgIamPolicyRequestToModel(policy *admin.OrgIamPolicyRequest) *org_model.OrgIamPolicy {
return &org_model.OrgIamPolicy{
func orgIamPolicyRequestToModel(policy *admin.OrgIamPolicyRequest) *org_model.OrgIAMPolicy {
return &org_model.OrgIAMPolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: policy.OrgId,
},

View File

@ -18,7 +18,7 @@ var _ admin.AdminServiceServer = (*Server)(nil)
type Server struct {
org repository.OrgRepository
iam repository.IamRepository
iam repository.IAMRepository
administrator repository.AdministratorRepository
repo repository.Repository
}

View File

@ -9,7 +9,7 @@ import (
)
func (s *Server) GetIam(ctx context.Context, _ *empty.Empty) (*management.Iam, error) {
iam, err := s.iam.IamByID(ctx, s.systemDefaults.IamID)
iam, err := s.iam.IAMByID(ctx, s.systemDefaults.IamID)
if err != nil {
return nil, err
}

View File

@ -5,9 +5,9 @@ import (
"github.com/caos/zitadel/pkg/grpc/management"
)
func iamFromModel(iam *iam_model.Iam) *management.Iam {
func iamFromModel(iam *iam_model.IAM) *management.Iam {
return &management.Iam{
IamProjectId: iam.IamProjectID,
IamProjectId: iam.IAMProjectID,
GlobalOrgId: iam.GlobalOrgID,
SetUpDone: iam.SetUpDone,
SetUpStarted: iam.SetUpStarted,

View File

@ -0,0 +1,69 @@
package management
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) IdpByID(ctx context.Context, id *management.IdpID) (*management.IdpView, error) {
config, err := s.org.IDPConfigByID(ctx, id.Id)
if err != nil {
return nil, err
}
return idpViewFromModel(config), nil
}
func (s *Server) CreateOidcIdp(ctx context.Context, oidcIdpConfig *management.OidcIdpConfigCreate) (*management.Idp, error) {
config, err := s.org.AddOIDCIDPConfig(ctx, createOidcIdpToModel(oidcIdpConfig))
if err != nil {
return nil, err
}
return idpFromModel(config), nil
}
func (s *Server) UpdateIdpConfig(ctx context.Context, idpConfig *management.IdpUpdate) (*management.Idp, error) {
config, err := s.org.ChangeIDPConfig(ctx, updateIdpToModel(idpConfig))
if err != nil {
return nil, err
}
return idpFromModel(config), nil
}
func (s *Server) DeactivateIdpConfig(ctx context.Context, id *management.IdpID) (*management.Idp, error) {
config, err := s.org.DeactivateIDPConfig(ctx, id.Id)
if err != nil {
return nil, err
}
return idpFromModel(config), nil
}
func (s *Server) ReactivateIdpConfig(ctx context.Context, id *management.IdpID) (*management.Idp, error) {
config, err := s.org.ReactivateIDPConfig(ctx, id.Id)
if err != nil {
return nil, err
}
return idpFromModel(config), nil
}
func (s *Server) RemoveIdpConfig(ctx context.Context, id *management.IdpID) (*empty.Empty, error) {
err := s.org.RemoveIDPConfig(ctx, id.Id)
return &empty.Empty{}, err
}
func (s *Server) UpdateOidcIdpConfig(ctx context.Context, request *management.OidcIdpConfigUpdate) (*management.OidcIdpConfig, error) {
config, err := s.org.ChangeOIDCIDPConfig(ctx, updateOidcIdpToModel(request))
if err != nil {
return nil, err
}
return oidcIdpConfigFromModel(config), nil
}
func (s *Server) SearchIdps(ctx context.Context, request *management.IdpSearchRequest) (*management.IdpSearchResponse, error) {
response, err := s.org.SearchIDPConfigs(ctx, idpConfigSearchRequestToModel(request))
if err != nil {
return nil, err
}
return idpConfigSearchResponseFromModel(response), nil
}

View File

@ -0,0 +1,183 @@
package management
import (
"github.com/caos/logging"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/golang/protobuf/ptypes"
)
func createOidcIdpToModel(idp *management.OidcIdpConfigCreate) *iam_model.IDPConfig {
return &iam_model.IDPConfig{
Name: idp.Name,
LogoSrc: idp.LogoSrc,
Type: iam_model.IDPConfigTypeOIDC,
OIDCConfig: &iam_model.OIDCIDPConfig{
ClientID: idp.ClientId,
ClientSecretString: idp.ClientSecret,
Issuer: idp.Issuer,
Scopes: idp.Scopes,
},
}
}
func updateIdpToModel(idp *management.IdpUpdate) *iam_model.IDPConfig {
return &iam_model.IDPConfig{
IDPConfigID: idp.Id,
Name: idp.Name,
LogoSrc: idp.LogoSrc,
}
}
func updateOidcIdpToModel(idp *management.OidcIdpConfigUpdate) *iam_model.OIDCIDPConfig {
return &iam_model.OIDCIDPConfig{
IDPConfigID: idp.IdpId,
ClientID: idp.ClientId,
ClientSecretString: idp.ClientSecret,
Issuer: idp.Issuer,
Scopes: idp.Scopes,
}
}
func idpFromModel(idp *iam_model.IDPConfig) *management.Idp {
creationDate, err := ptypes.TimestampProto(idp.CreationDate)
logging.Log("GRPC-8dju8").OnError(err).Debug("date parse failed")
changeDate, err := ptypes.TimestampProto(idp.ChangeDate)
logging.Log("GRPC-Dsj8i").OnError(err).Debug("date parse failed")
return &management.Idp{
Id: idp.IDPConfigID,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: idp.Sequence,
Name: idp.Name,
LogoSrc: idp.LogoSrc,
State: idpConfigStateFromModel(idp.State),
IdpConfig: idpConfigFromModel(idp),
}
}
func idpViewFromModel(idp *iam_model.IDPConfigView) *management.IdpView {
creationDate, err := ptypes.TimestampProto(idp.CreationDate)
logging.Log("GRPC-8dju8").OnError(err).Debug("date parse failed")
changeDate, err := ptypes.TimestampProto(idp.ChangeDate)
logging.Log("GRPC-Dsj8i").OnError(err).Debug("date parse failed")
return &management.IdpView{
Id: idp.IDPConfigID,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: idp.Sequence,
ProviderType: idpProviderTypeFromModel(idp.IDPProviderType),
Name: idp.Name,
LogoSrc: idp.LogoSrc,
State: idpConfigStateFromModel(idp.State),
IdpConfigView: idpConfigViewFromModel(idp),
}
}
func idpConfigFromModel(idp *iam_model.IDPConfig) *management.Idp_OidcConfig {
if idp.Type == iam_model.IDPConfigTypeOIDC {
return &management.Idp_OidcConfig{
OidcConfig: oidcIdpConfigFromModel(idp.OIDCConfig),
}
}
return nil
}
func oidcIdpConfigFromModel(idp *iam_model.OIDCIDPConfig) *management.OidcIdpConfig {
return &management.OidcIdpConfig{
ClientId: idp.ClientID,
Issuer: idp.Issuer,
Scopes: idp.Scopes,
}
}
func idpConfigViewFromModel(idp *iam_model.IDPConfigView) *management.IdpView_OidcConfig {
if idp.IsOIDC {
return &management.IdpView_OidcConfig{
OidcConfig: oidcIdpConfigViewFromModel(idp),
}
}
return nil
}
func oidcIdpConfigViewFromModel(idp *iam_model.IDPConfigView) *management.OidcIdpConfigView {
return &management.OidcIdpConfigView{
ClientId: idp.OIDCClientID,
Issuer: idp.OIDCIssuer,
Scopes: idp.OIDCScopes,
}
}
func idpConfigStateFromModel(state iam_model.IDPConfigState) management.IdpState {
switch state {
case iam_model.IDPConfigStateActive:
return management.IdpState_IDPCONFIGSTATE_ACTIVE
case iam_model.IDPConfigStateInactive:
return management.IdpState_IDPCONFIGSTATE_INACTIVE
default:
return management.IdpState_IDPCONFIGSTATE_UNSPECIFIED
}
}
func idpConfigSearchRequestToModel(request *management.IdpSearchRequest) *iam_model.IDPConfigSearchRequest {
return &iam_model.IDPConfigSearchRequest{
Limit: request.Limit,
Offset: request.Offset,
Queries: idpConfigSearchQueriesToModel(request.Queries),
}
}
func idpConfigSearchQueriesToModel(queries []*management.IdpSearchQuery) []*iam_model.IDPConfigSearchQuery {
modelQueries := make([]*iam_model.IDPConfigSearchQuery, len(queries))
for i, query := range queries {
modelQueries[i] = idpConfigSearchQueryToModel(query)
}
return modelQueries
}
func idpConfigSearchQueryToModel(query *management.IdpSearchQuery) *iam_model.IDPConfigSearchQuery {
return &iam_model.IDPConfigSearchQuery{
Key: idpConfigSearchKeyToModel(query.Key),
Method: searchMethodToModel(query.Method),
Value: query.Value,
}
}
func idpConfigSearchKeyToModel(key management.IdpSearchKey) iam_model.IDPConfigSearchKey {
switch key {
case management.IdpSearchKey_IDPSEARCHKEY_IDP_CONFIG_ID:
return iam_model.IDPConfigSearchKeyIdpConfigID
case management.IdpSearchKey_IDPSEARCHKEY_NAME:
return iam_model.IDPConfigSearchKeyName
case management.IdpSearchKey_IDPSEARCHKEY_PROVIDER_TYPE:
return iam_model.IDPConfigSearchKeyIdpProviderType
default:
return iam_model.IDPConfigSearchKeyUnspecified
}
}
func idpConfigSearchResponseFromModel(resp *iam_model.IDPConfigSearchResponse) *management.IdpSearchResponse {
timestamp, err := ptypes.TimestampProto(resp.Timestamp)
logging.Log("GRPC-KSi8c").OnError(err).Debug("date parse failed")
return &management.IdpSearchResponse{
Limit: resp.Limit,
Offset: resp.Offset,
TotalResult: resp.TotalResult,
Result: idpConfigsFromView(resp.Result),
ProcessedSequence: resp.Sequence,
ViewTimestamp: timestamp,
}
}
func idpConfigsFromView(viewIdps []*iam_model.IDPConfigView) []*management.IdpView {
idps := make([]*management.IdpView, len(viewIdps))
for i, idp := range viewIdps {
idps[i] = idpViewFromModel(idp)
}
return idps
}

View File

@ -0,0 +1,57 @@
package management
import (
"context"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/golang/protobuf/ptypes/empty"
)
func (s *Server) GetLoginPolicy(ctx context.Context, _ *empty.Empty) (*management.LoginPolicyView, error) {
result, err := s.org.GetLoginPolicy(ctx)
if err != nil {
return nil, err
}
return loginPolicyViewFromModel(result), nil
}
func (s *Server) CreateLoginPolicy(ctx context.Context, policy *management.LoginPolicyAdd) (*management.LoginPolicy, error) {
result, err := s.org.AddLoginPolicy(ctx, loginPolicyAddToModel(policy))
if err != nil {
return nil, err
}
return loginPolicyFromModel(result), nil
}
func (s *Server) UpdateLoginPolicy(ctx context.Context, policy *management.LoginPolicy) (*management.LoginPolicy, error) {
result, err := s.org.ChangeLoginPolicy(ctx, loginPolicyToModel(policy))
if err != nil {
return nil, err
}
return loginPolicyFromModel(result), nil
}
func (s *Server) RemoveLoginPolicy(ctx context.Context, _ *empty.Empty) (*empty.Empty, error) {
err := s.org.RemoveLoginPolicy(ctx)
return &empty.Empty{}, err
}
func (s *Server) GetLoginPolicyIdpProviders(ctx context.Context, request *management.IdpProviderSearchRequest) (*management.IdpProviderSearchResponse, error) {
result, err := s.org.SearchIDPProviders(ctx, idpProviderSearchRequestToModel(request))
if err != nil {
return nil, err
}
return idpProviderSearchResponseFromModel(result), nil
}
func (s *Server) AddIdpProviderToLoginPolicy(ctx context.Context, provider *management.IdpProviderAdd) (*management.IdpProvider, error) {
result, err := s.org.AddIDPProviderToLoginPolicy(ctx, idpProviderAddToModel(provider))
if err != nil {
return nil, err
}
return idpProviderFromModel(result), nil
}
func (s *Server) RemoveIdpProviderFromLoginPolicy(ctx context.Context, provider *management.IdpProviderID) (*empty.Empty, error) {
err := s.org.RemoveIDPProviderFromLoginPolicy(ctx, idpProviderToModel(provider))
return &empty.Empty{}, err
}

View File

@ -0,0 +1,131 @@
package management
import (
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/pkg/grpc/management"
)
func loginPolicyAddToModel(policy *management.LoginPolicyAdd) *iam_model.LoginPolicy {
return &iam_model.LoginPolicy{
AllowUsernamePassword: policy.AllowUsernamePassword,
AllowExternalIdp: policy.AllowExternalIdp,
AllowRegister: policy.AllowRegister,
}
}
func loginPolicyToModel(policy *management.LoginPolicy) *iam_model.LoginPolicy {
return &iam_model.LoginPolicy{
AllowUsernamePassword: policy.AllowUsernamePassword,
AllowExternalIdp: policy.AllowExternalIdp,
AllowRegister: policy.AllowRegister,
}
}
func loginPolicyFromModel(policy *iam_model.LoginPolicy) *management.LoginPolicy {
return &management.LoginPolicy{
AllowUsernamePassword: policy.AllowUsernamePassword,
AllowExternalIdp: policy.AllowExternalIdp,
AllowRegister: policy.AllowRegister,
}
}
func loginPolicyViewFromModel(policy *iam_model.LoginPolicyView) *management.LoginPolicyView {
return &management.LoginPolicyView{
Default: policy.Default,
AllowUsernamePassword: policy.AllowUsernamePassword,
AllowExternalIdp: policy.AllowExternalIDP,
AllowRegister: policy.AllowRegister,
}
}
func idpProviderSearchRequestToModel(request *management.IdpProviderSearchRequest) *iam_model.IDPProviderSearchRequest {
return &iam_model.IDPProviderSearchRequest{
Limit: request.Limit,
Offset: request.Offset,
}
}
func idpProviderSearchResponseFromModel(response *iam_model.IDPProviderSearchResponse) *management.IdpProviderSearchResponse {
return &management.IdpProviderSearchResponse{
Limit: response.Limit,
Offset: response.Offset,
TotalResult: response.TotalResult,
Result: idpProviderViewsFromModel(response.Result),
}
}
func idpProviderToModel(provider *management.IdpProviderID) *iam_model.IDPProvider {
return &iam_model.IDPProvider{
IdpConfigID: provider.IdpConfigId,
Type: iam_model.IDPProviderTypeSystem,
}
}
func idpProviderAddToModel(provider *management.IdpProviderAdd) *iam_model.IDPProvider {
return &iam_model.IDPProvider{
IdpConfigID: provider.IdpConfigId,
Type: idpProviderTypeToModel(provider.IdpProviderType),
}
}
func idpProviderIDFromModel(provider *iam_model.IDPProvider) *management.IdpProviderID {
return &management.IdpProviderID{
IdpConfigId: provider.IdpConfigID,
}
}
func idpProviderFromModel(provider *iam_model.IDPProvider) *management.IdpProvider {
return &management.IdpProvider{
IdpConfigId: provider.IdpConfigID,
IdpProvider_Type: idpProviderTypeFromModel(provider.Type),
}
}
func idpProviderViewsFromModel(providers []*iam_model.IDPProviderView) []*management.IdpProviderView {
converted := make([]*management.IdpProviderView, len(providers))
for i, provider := range providers {
converted[i] = idpProviderViewFromModel(provider)
}
return converted
}
func idpProviderViewFromModel(provider *iam_model.IDPProviderView) *management.IdpProviderView {
return &management.IdpProviderView{
IdpConfigId: provider.IDPConfigID,
Name: provider.Name,
Type: idpConfigTypeToModel(provider.IDPConfigType),
}
}
func idpConfigTypeToModel(providerType iam_model.IdpConfigType) management.IdpType {
switch providerType {
case iam_model.IDPConfigTypeOIDC:
return management.IdpType_IDPTYPE_OIDC
case iam_model.IDPConfigTypeSAML:
return management.IdpType_IDPTYPE_SAML
default:
return management.IdpType_IDPTYPE_UNSPECIFIED
}
}
func idpProviderTypeToModel(providerType management.IdpProviderType) iam_model.IDPProviderType {
switch providerType {
case management.IdpProviderType_IDPPROVIDERTYPE_SYSTEM:
return iam_model.IDPProviderTypeSystem
case management.IdpProviderType_IDPPROVIDERTYPE_ORG:
return iam_model.IDPProviderTypeOrg
default:
return iam_model.IDPProviderTypeSystem
}
}
func idpProviderTypeFromModel(providerType iam_model.IDPProviderType) management.IdpProviderType {
switch providerType {
case iam_model.IDPProviderTypeSystem:
return management.IdpProviderType_IDPPROVIDERTYPE_SYSTEM
case iam_model.IDPProviderTypeOrg:
return management.IdpProviderType_IDPPROVIDERTYPE_ORG
default:
return management.IdpProviderType_IDPPROVIDERTYPE_UNSPECIFIED
}
}

View File

@ -227,7 +227,7 @@ func orgChangesToMgtAPI(changes *org_model.OrgChanges) (_ []*management.Change)
return result
}
func orgIamPolicyFromModel(policy *org_model.OrgIamPolicy) *management.OrgIamPolicy {
func orgIamPolicyFromModel(policy *org_model.OrgIAMPolicy) *management.OrgIamPolicy {
return &management.OrgIamPolicy{
OrgId: policy.AggregateID,
Description: policy.Description,

View File

@ -6,11 +6,11 @@ import (
iam_event "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
)
type IamRepository struct {
IamID string
IamEvents *iam_event.IamEventstore
type IAMRepository struct {
IAMID string
IAMEvents *iam_event.IAMEventstore
}
func (repo *IamRepository) GetIam(ctx context.Context) (*model.Iam, error) {
return repo.IamEvents.IamByID(ctx, repo.IamID)
func (repo *IAMRepository) GetIAM(ctx context.Context) (*model.IAM, error) {
return repo.IAMEvents.IAMByID(ctx, repo.IAMID)
}

View File

@ -56,7 +56,7 @@ func (repo *OrgRepository) RegisterOrg(ctx context.Context, register *auth_model
if err != nil {
return nil, err
}
orgPolicy, err := repo.OrgEventstore.GetOrgIamPolicy(ctx, policy_model.DefaultPolicy)
orgPolicy, err := repo.OrgEventstore.GetOrgIAMPolicy(ctx, policy_model.DefaultPolicy)
if err != nil {
return nil, err
}
@ -94,6 +94,6 @@ func (repo *OrgRepository) RegisterOrg(ctx context.Context, register *auth_model
return RegisterToModel(registerModel), nil
}
func (repo *OrgRepository) GetOrgIamPolicy(ctx context.Context, orgID string) (*org_model.OrgIamPolicy, error) {
return repo.OrgEventstore.GetOrgIamPolicy(ctx, policy_model.DefaultPolicy)
func (repo *OrgRepository) GetOrgIamPolicy(ctx context.Context, orgID string) (*org_model.OrgIAMPolicy, error) {
return repo.OrgEventstore.GetOrgIAMPolicy(ctx, policy_model.DefaultPolicy)
}

View File

@ -41,7 +41,7 @@ func (repo *UserRepo) Register(ctx context.Context, registerUser *model.User, or
if err != nil {
return nil, err
}
orgPolicy, err := repo.OrgEvents.GetOrgIamPolicy(ctx, policyResourceOwner)
orgPolicy, err := repo.OrgEvents.GetOrgIAMPolicy(ctx, policyResourceOwner)
if err != nil {
return nil, err
}

View File

@ -32,7 +32,7 @@ type EventstoreRepos struct {
UserEvents *usr_event.UserEventstore
ProjectEvents *proj_event.ProjectEventstore
OrgEvents *org_events.OrgEventstore
IamEvents *iam_events.IamEventstore
IamEvents *iam_events.IAMEventstore
}
func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, eventstore eventstore.Eventstore, repos EventstoreRepos, systemDefaults sd.SystemDefaults) []query.Handler {

View File

@ -109,7 +109,7 @@ func (u *User) fillLoginNames(user *view_model.UserView) (err error) {
if err != nil {
return err
}
policy, err := u.orgEvents.GetOrgIamPolicy(context.Background(), user.ResourceOwner)
policy, err := u.orgEvents.GetOrgIAMPolicy(context.Background(), user.ResourceOwner)
if err != nil {
return err
}
@ -122,9 +122,9 @@ func (u *User) ProcessOrg(event *models.Event) (err error) {
switch event.Type {
case org_es_model.OrgDomainVerified,
org_es_model.OrgDomainRemoved,
org_es_model.OrgIamPolicyAdded,
org_es_model.OrgIamPolicyChanged,
org_es_model.OrgIamPolicyRemoved:
org_es_model.OrgIAMPolicyAdded,
org_es_model.OrgIAMPolicyChanged,
org_es_model.OrgIAMPolicyRemoved:
return u.fillLoginNamesOnOrgUsers(event)
case org_es_model.OrgDomainPrimarySet:
return u.fillPreferredLoginNamesOnOrgUsers(event)
@ -138,7 +138,7 @@ func (u *User) fillLoginNamesOnOrgUsers(event *models.Event) error {
if err != nil {
return err
}
policy, err := u.orgEvents.GetOrgIamPolicy(context.Background(), event.ResourceOwner)
policy, err := u.orgEvents.GetOrgIAMPolicy(context.Background(), event.ResourceOwner)
if err != nil {
return err
}
@ -161,7 +161,7 @@ func (u *User) fillPreferredLoginNamesOnOrgUsers(event *models.Event) error {
if err != nil {
return err
}
policy, err := u.orgEvents.GetOrgIamPolicy(context.Background(), event.ResourceOwner)
policy, err := u.orgEvents.GetOrgIAMPolicy(context.Background(), event.ResourceOwner)
if err != nil {
return err
}

View File

@ -33,7 +33,7 @@ type UserGrant struct {
projectEvents *proj_event.ProjectEventstore
userEvents *usr_events.UserEventstore
orgEvents *org_events.OrgEventstore
iamEvents *iam_events.IamEventstore
iamEvents *iam_events.IAMEventstore
iamID string
iamProjectID string
}
@ -58,7 +58,7 @@ func (u *UserGrant) EventQuery() (*models.SearchQuery, error) {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(grant_es_model.UserGrantAggregate, iam_es_model.IamAggregate, org_es_model.OrgAggregate, usr_es_model.UserAggregate, proj_es_model.ProjectAggregate).
AggregateTypeFilter(grant_es_model.UserGrantAggregate, iam_es_model.IAMAggregate, org_es_model.OrgAggregate, usr_es_model.UserAggregate, proj_es_model.ProjectAggregate).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
@ -70,7 +70,7 @@ func (u *UserGrant) Reduce(event *models.Event) (err error) {
err = u.processUser(event)
case proj_es_model.ProjectAggregate:
err = u.processProject(event)
case iam_es_model.IamAggregate:
case iam_es_model.IAMAggregate:
err = u.processIamMember(event, "IAM", false)
case org_es_model.OrgAggregate:
return u.processOrg(event)
@ -176,10 +176,10 @@ func (u *UserGrant) processOrg(event *models.Event) (err error) {
}
func (u *UserGrant) processIamMember(event *models.Event, rolePrefix string, suffix bool) error {
member := new(iam_es_model.IamMember)
member := new(iam_es_model.IAMMember)
switch event.Type {
case iam_es_model.IamMemberAdded, iam_es_model.IamMemberChanged:
case iam_es_model.IAMMemberAdded, iam_es_model.IAMMemberChanged:
member.SetData(event)
grant, err := u.view.UserGrantByIDs(u.iamID, u.iamProjectID, member.UserID)
@ -210,7 +210,7 @@ func (u *UserGrant) processIamMember(event *models.Event, rolePrefix string, suf
grant.Sequence = event.Sequence
grant.ChangeDate = event.CreationDate
return u.view.PutUserGrant(grant, grant.Sequence)
case iam_es_model.IamMemberRemoved:
case iam_es_model.IAMMemberRemoved:
member.SetData(event)
grant, err := u.view.UserGrantByIDs(u.iamID, u.iamProjectID, member.UserID)
if err != nil {
@ -295,14 +295,14 @@ func (u *UserGrant) setIamProjectID() error {
if u.iamProjectID != "" {
return nil
}
iam, err := u.iamEvents.IamByID(context.Background(), u.iamID)
iam, err := u.iamEvents.IAMByID(context.Background(), u.iamID)
if err != nil {
return err
}
if !iam.SetUpDone {
return caos_errs.ThrowPreconditionFailed(nil, "HANDL-s5DTs", "Setup not done")
}
u.iamProjectID = iam.IamProjectID
u.iamProjectID = iam.IAMProjectID
return nil
}

View File

@ -44,7 +44,7 @@ type EsRepository struct {
eventstore.UserSessionRepo
eventstore.UserGrantRepo
eventstore.OrgRepository
eventstore.IamRepository
eventstore.IAMRepository
eventstore.PolicyRepo
}
@ -109,8 +109,8 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults, au
if err != nil {
return nil, err
}
iam, err := es_iam.StartIam(
es_iam.IamConfig{
iam, err := es_iam.StartIAM(
es_iam.IAMConfig{
Eventstore: es,
Cache: conf.Eventstore.Cache,
},
@ -174,9 +174,9 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults, au
PolicyEventstore: policy,
UserEventstore: user,
},
eventstore.IamRepository{
IamEvents: iam,
IamID: systemDefaults.IamID,
eventstore.IAMRepository{
IAMEvents: iam,
IAMID: systemDefaults.IamID,
},
eventstore.PolicyRepo{
PolicyEvents: policy,

View File

@ -6,6 +6,6 @@ import (
"github.com/caos/zitadel/internal/iam/model"
)
type IamRepository interface {
GetIam(ctx context.Context) (*model.Iam, error)
type IAMRepository interface {
GetIAM(ctx context.Context) (*model.IAM, error)
}

View File

@ -8,5 +8,5 @@ import (
type OrgRepository interface {
RegisterOrg(context.Context, *auth_model.RegisterOrg) (*auth_model.RegisterOrg, error)
GetOrgIamPolicy(ctx context.Context, orgID string) (*org_model.OrgIamPolicy, error)
GetOrgIamPolicy(ctx context.Context, orgID string) (*org_model.OrgIAMPolicy, error)
}

View File

@ -7,14 +7,14 @@ import (
)
type IamRepo struct {
IamID string
IamEvents *iam_event.IamEventstore
IAMID string
IAMEvents *iam_event.IAMEventstore
}
func (repo *IamRepo) Health(ctx context.Context) error {
return repo.IamEvents.Health(ctx)
return repo.IAMEvents.Health(ctx)
}
func (repo *IamRepo) IamByID(ctx context.Context) (*model.Iam, error) {
return repo.IamEvents.IamByID(ctx, repo.IamID)
func (repo *IamRepo) IamByID(ctx context.Context) (*model.IAM, error) {
return repo.IAMEvents.IAMByID(ctx, repo.IAMID)
}

View File

@ -13,8 +13,8 @@ import (
type TokenVerifierRepo struct {
TokenVerificationKey [32]byte
IamID string
IamEvents *iam_event.IamEventstore
IAMID string
IAMEvents *iam_event.IAMEventstore
ProjectEvents *proj_event.ProjectEventstore
View *view.View
}
@ -55,11 +55,11 @@ func (repo *TokenVerifierRepo) ExistsOrg(ctx context.Context, orgID string) erro
}
func (repo *TokenVerifierRepo) VerifierClientID(ctx context.Context, appName string) (string, error) {
iam, err := repo.IamEvents.IamByID(ctx, repo.IamID)
iam, err := repo.IAMEvents.IAMByID(ctx, repo.IAMID)
if err != nil {
return "", err
}
app, err := repo.View.ApplicationByProjecIDAndAppName(iam.IamProjectID, appName)
app, err := repo.View.ApplicationByProjecIDAndAppName(iam.IAMProjectID, appName)
if err != nil {
return "", err
}

View File

@ -16,7 +16,7 @@ type UserGrantRepo struct {
IamID string
IamProjectID string
Auth authz.Config
IamEvents *iam_event.IamEventstore
IamEvents *iam_event.IAMEventstore
}
func (repo *UserGrantRepo) Health() error {
@ -67,14 +67,14 @@ func (repo *UserGrantRepo) FillIamProjectID(ctx context.Context) error {
if repo.IamProjectID != "" {
return nil
}
iam, err := repo.IamEvents.IamByID(ctx, repo.IamID)
iam, err := repo.IamEvents.IAMByID(ctx, repo.IamID)
if err != nil {
return err
}
if !iam.SetUpDone {
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-skiwS", "Setup not done")
}
repo.IamProjectID = iam.IamProjectID
repo.IamProjectID = iam.IAMProjectID
return nil
}

View File

@ -26,7 +26,7 @@ type handler struct {
}
type EventstoreRepos struct {
IamEvents *iam_events.IamEventstore
IamEvents *iam_events.IAMEventstore
}
func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, eventstore eventstore.Eventstore, repos EventstoreRepos, systemDefaults sd.SystemDefaults) []query.Handler {

View File

@ -22,7 +22,7 @@ import (
type UserGrant struct {
handler
eventstore eventstore.Eventstore
iamEvents *iam_events.IamEventstore
iamEvents *iam_events.IAMEventstore
iamID string
iamProjectID string
}
@ -47,7 +47,7 @@ func (u *UserGrant) EventQuery() (*models.SearchQuery, error) {
return nil, err
}
return es_models.NewSearchQuery().
AggregateTypeFilter(iam_es_model.IamAggregate, org_es_model.OrgAggregate, proj_es_model.ProjectAggregate).
AggregateTypeFilter(iam_es_model.IAMAggregate, org_es_model.OrgAggregate, proj_es_model.ProjectAggregate).
LatestSequenceFilter(sequence.CurrentSequence), nil
}
@ -55,7 +55,7 @@ func (u *UserGrant) Reduce(event *models.Event) (err error) {
switch event.AggregateType {
case proj_es_model.ProjectAggregate:
err = u.processProject(event)
case iam_es_model.IamAggregate:
case iam_es_model.IAMAggregate:
err = u.processIamMember(event, "IAM", false)
case org_es_model.OrgAggregate:
return u.processOrg(event)
@ -92,10 +92,10 @@ func (u *UserGrant) processOrg(event *models.Event) (err error) {
}
func (u *UserGrant) processIamMember(event *models.Event, rolePrefix string, suffix bool) error {
member := new(iam_es_model.IamMember)
member := new(iam_es_model.IAMMember)
switch event.Type {
case iam_es_model.IamMemberAdded, iam_es_model.IamMemberChanged:
case iam_es_model.IAMMemberAdded, iam_es_model.IAMMemberChanged:
member.SetData(event)
grant, err := u.view.UserGrantByIDs(u.iamID, u.iamProjectID, member.UserID)
@ -126,7 +126,7 @@ func (u *UserGrant) processIamMember(event *models.Event, rolePrefix string, suf
grant.Sequence = event.Sequence
grant.ChangeDate = event.CreationDate
return u.view.PutUserGrant(grant, grant.Sequence)
case iam_es_model.IamMemberRemoved:
case iam_es_model.IAMMemberRemoved:
member.SetData(event)
grant, err := u.view.UserGrantByIDs(u.iamID, u.iamProjectID, member.UserID)
if err != nil {
@ -210,14 +210,14 @@ func (u *UserGrant) setIamProjectID() error {
if u.iamProjectID != "" {
return nil
}
iam, err := u.iamEvents.IamByID(context.Background(), u.iamID)
iam, err := u.iamEvents.IAMByID(context.Background(), u.iamID)
if err != nil {
return err
}
if !iam.SetUpDone {
return caos_errs.ThrowPreconditionFailed(nil, "HANDL-s5DTs", "Setup not done")
}
u.iamProjectID = iam.IamProjectID
u.iamProjectID = iam.IAMProjectID
return nil
}

View File

@ -51,7 +51,7 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults) (*
return nil, err
}
iam, err := es_iam.StartIam(es_iam.IamConfig{
iam, err := es_iam.StartIAM(es_iam.IAMConfig{
Eventstore: es,
Cache: conf.Eventstore.Cache,
}, systemDefaults)
@ -77,13 +77,13 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults) (*
IamEvents: iam,
},
eventstore.IamRepo{
IamID: systemDefaults.IamID,
IamEvents: iam,
IAMID: systemDefaults.IamID,
IAMEvents: iam,
},
eventstore.TokenVerifierRepo{
//TODO: Add Token Verification Key
IamID: systemDefaults.IamID,
IamEvents: iam,
IAMID: systemDefaults.IamID,
IAMEvents: iam,
ProjectEvents: project,
View: view,
},

View File

@ -5,7 +5,7 @@ import (
"github.com/caos/zitadel/internal/iam/model"
)
type IamRepository interface {
type IAMRepository interface {
Health(ctx context.Context) error
IamByID(ctx context.Context, id string) (*model.Iam, error)
IAMByID(ctx context.Context, id string) (*model.IAM, error)
}

View File

@ -7,5 +7,5 @@ import (
type Repository interface {
Health(context.Context) error
UserGrantRepository
IamRepository
IAMRepository
}

View File

@ -14,17 +14,18 @@ import (
)
type SystemDefaults struct {
DefaultLanguage language.Tag
Domain string
ZitadelDocs ZitadelDocs
SecretGenerators SecretGenerators
UserVerificationKey *crypto.KeyConfig
Multifactors MultifactorConfig
VerificationLifetimes VerificationLifetimes
DefaultPolicies DefaultPolicies
DomainVerification DomainVerification
IamID string
Notifications Notifications
DefaultLanguage language.Tag
Domain string
ZitadelDocs ZitadelDocs
SecretGenerators SecretGenerators
UserVerificationKey *crypto.KeyConfig
IDPConfigVerificationKey *crypto.KeyConfig
Multifactors MultifactorConfig
VerificationLifetimes VerificationLifetimes
DefaultPolicies DefaultPolicies
DomainVerification DomainVerification
IamID string
Notifications Notifications
}
type ZitadelDocs struct {
@ -61,7 +62,7 @@ type DefaultPolicies struct {
Age pol.PasswordAgePolicyDefault
Complexity pol.PasswordComplexityPolicyDefault
Lockout pol.PasswordLockoutPolicyDefault
OrgIam org_model.OrgIamPolicy
OrgIam org_model.OrgIAMPolicy
}
type DomainVerification struct {

View File

@ -4,16 +4,18 @@ import (
es_models "github.com/caos/zitadel/internal/eventstore/models"
)
type Iam struct {
type IAM struct {
es_models.ObjectRoot
GlobalOrgID string
IamProjectID string
SetUpDone bool
SetUpStarted bool
Members []*IamMember
GlobalOrgID string
IAMProjectID string
SetUpDone bool
SetUpStarted bool
Members []*IAMMember
IDPs []*IDPConfig
DefaultLoginPolicy *LoginPolicy
}
func (iam *Iam) GetMember(userID string) (int, *IamMember) {
func (iam *IAM) GetMember(userID string) (int, *IAMMember) {
for i, m := range iam.Members {
if m.UserID == userID {
return i, m
@ -21,3 +23,12 @@ func (iam *Iam) GetMember(userID string) (int, *IamMember) {
}
return -1, nil
}
func (iam *IAM) GetIDP(idpID string) (int, *IDPConfig) {
for i, idp := range iam.IDPs {
if idp.IDPConfigID == idpID {
return i, idp
}
}
return -1, nil
}

View File

@ -2,17 +2,17 @@ package model
import es_models "github.com/caos/zitadel/internal/eventstore/models"
type IamMember struct {
type IAMMember struct {
es_models.ObjectRoot
UserID string
Roles []string
}
func NewIamMember(iamID, userID string) *IamMember {
return &IamMember{ObjectRoot: es_models.ObjectRoot{AggregateID: iamID}, UserID: userID}
func NewIAMMember(iamID, userID string) *IAMMember {
return &IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: iamID}, UserID: userID}
}
func (i *IamMember) IsValid() bool {
func (i *IAMMember) IsValid() bool {
return i.AggregateID != "" && i.UserID != "" && len(i.Roles) != 0
}

View File

@ -5,9 +5,9 @@ import (
"time"
)
type IamMemberView struct {
type IAMMemberView struct {
UserID string
IamID string
IAMID string
UserName string
Email string
FirstName string
@ -19,42 +19,42 @@ type IamMemberView struct {
Sequence uint64
}
type IamMemberSearchRequest struct {
type IAMMemberSearchRequest struct {
Offset uint64
Limit uint64
SortingColumn IamMemberSearchKey
SortingColumn IAMMemberSearchKey
Asc bool
Queries []*IamMemberSearchQuery
Queries []*IAMMemberSearchQuery
}
type IamMemberSearchKey int32
type IAMMemberSearchKey int32
const (
IamMemberSearchKeyUnspecified IamMemberSearchKey = iota
IamMemberSearchKeyUserName
IamMemberSearchKeyEmail
IamMemberSearchKeyFirstName
IamMemberSearchKeyLastName
IamMemberSearchKeyIamID
IamMemberSearchKeyUserID
IAMMemberSearchKeyUnspecified IAMMemberSearchKey = iota
IAMMemberSearchKeyUserName
IAMMemberSearchKeyEmail
IAMMemberSearchKeyFirstName
IAMMemberSearchKeyLastName
IAMMemberSearchKeyIamID
IAMMemberSearchKeyUserID
)
type IamMemberSearchQuery struct {
Key IamMemberSearchKey
type IAMMemberSearchQuery struct {
Key IAMMemberSearchKey
Method model.SearchMethod
Value interface{}
}
type IamMemberSearchResponse struct {
type IAMMemberSearchResponse struct {
Offset uint64
Limit uint64
TotalResult uint64
Result []*IamMemberView
Result []*IAMMemberView
Sequence uint64
Timestamp time.Time
}
func (r *IamMemberSearchRequest) EnsureLimit(limit uint64) {
func (r *IAMMemberSearchRequest) EnsureLimit(limit uint64) {
if r.Limit == 0 || r.Limit > limit {
r.Limit = limit
}

View File

@ -0,0 +1,74 @@
package model
import (
"github.com/caos/zitadel/internal/crypto"
es_models "github.com/caos/zitadel/internal/eventstore/models"
)
type IDPConfig struct {
es_models.ObjectRoot
IDPConfigID string
Type IdpConfigType
Name string
LogoSrc []byte
State IDPConfigState
OIDCConfig *OIDCIDPConfig
}
type OIDCIDPConfig struct {
es_models.ObjectRoot
IDPConfigID string
ClientID string
ClientSecret *crypto.CryptoValue
ClientSecretString string
Issuer string
Scopes []string
}
type IdpConfigType int32
const (
IDPConfigTypeOIDC IdpConfigType = iota
IDPConfigTypeSAML
)
type IDPConfigState int32
const (
IDPConfigStateActive IDPConfigState = iota
IDPConfigStateInactive
IDPConfigStateRemoved
)
func NewIDPConfig(iamID, idpID string) *IDPConfig {
return &IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: iamID}, IDPConfigID: idpID}
}
func (idp *IDPConfig) IsValid(includeConfig bool) bool {
if idp.Name == "" || idp.AggregateID == "" {
return false
}
if !includeConfig {
return true
}
if idp.Type == IDPConfigTypeOIDC && !idp.OIDCConfig.IsValid(true) {
return false
}
return true
}
func (oi *OIDCIDPConfig) IsValid(withSecret bool) bool {
if withSecret {
return oi.ClientID != "" && oi.Issuer != "" && oi.ClientSecretString != ""
}
return oi.ClientID != "" && oi.Issuer != ""
}
func (oi *OIDCIDPConfig) CryptSecret(crypt crypto.Crypto) error {
cryptedSecret, err := crypto.Crypt([]byte(oi.ClientSecretString), crypt)
if err != nil {
return err
}
oi.ClientSecret = cryptedSecret
return nil
}

View File

@ -0,0 +1,68 @@
package model
import (
"github.com/caos/zitadel/internal/crypto"
"github.com/caos/zitadel/internal/model"
"time"
)
type IDPConfigView struct {
AggregateID string
IDPConfigID string
Name string
LogoSrc []byte
State IDPConfigState
CreationDate time.Time
ChangeDate time.Time
Sequence uint64
IDPProviderType IDPProviderType
IsOIDC bool
OIDCClientID string
OIDCClientSecret *crypto.CryptoValue
OIDCIssuer string
OIDCScopes []string
}
type IDPConfigSearchRequest struct {
Offset uint64
Limit uint64
SortingColumn IDPConfigSearchKey
Asc bool
Queries []*IDPConfigSearchQuery
}
type IDPConfigSearchKey int32
const (
IDPConfigSearchKeyUnspecified IDPConfigSearchKey = iota
IDPConfigSearchKeyName
IDPConfigSearchKeyAggregateID
IDPConfigSearchKeyIdpConfigID
IDPConfigSearchKeyIdpProviderType
)
type IDPConfigSearchQuery struct {
Key IDPConfigSearchKey
Method model.SearchMethod
Value interface{}
}
type IDPConfigSearchResponse struct {
Offset uint64
Limit uint64
TotalResult uint64
Result []*IDPConfigView
Sequence uint64
Timestamp time.Time
}
func (r *IDPConfigSearchRequest) EnsureLimit(limit uint64) {
if r.Limit == 0 || r.Limit > limit {
r.Limit = limit
}
}
func (r *IDPConfigSearchRequest) AppendMyOrgQuery(orgID, iamID string) {
r.Queries = append(r.Queries, &IDPConfigSearchQuery{Key: IDPConfigSearchKeyAggregateID, Method: model.SearchMethodIsOneOf, Value: []string{orgID, iamID}})
}

View File

@ -0,0 +1,59 @@
package model
import (
"github.com/caos/zitadel/internal/model"
"time"
)
type IDPProviderView struct {
AggregateID string
IDPConfigID string
IDPProviderType IDPProviderType
Name string
IDPConfigType IdpConfigType
CreationDate time.Time
ChangeDate time.Time
Sequence uint64
}
type IDPProviderSearchRequest struct {
Offset uint64
Limit uint64
SortingColumn IDPProviderSearchKey
Asc bool
Queries []*IDPProviderSearchQuery
}
type IDPProviderSearchKey int32
const (
IDPProviderSearchKeyUnspecified IDPProviderSearchKey = iota
IDPProviderSearchKeyAggregateID
IDPProviderSearchKeyIdpConfigID
)
type IDPProviderSearchQuery struct {
Key IDPProviderSearchKey
Method model.SearchMethod
Value interface{}
}
type IDPProviderSearchResponse struct {
Offset uint64
Limit uint64
TotalResult uint64
Result []*IDPProviderView
Sequence uint64
Timestamp time.Time
}
func (r *IDPProviderSearchRequest) EnsureLimit(limit uint64) {
if r.Limit == 0 || r.Limit > limit {
r.Limit = limit
}
}
func (r *IDPProviderSearchRequest) AppendAggregateIDQuery(aggregateID string) {
r.Queries = append(r.Queries, &IDPProviderSearchQuery{Key: IDPProviderSearchKeyAggregateID, Method: model.SearchMethodEquals, Value: aggregateID})
}

View File

@ -0,0 +1,53 @@
package model
import (
"github.com/caos/zitadel/internal/eventstore/models"
)
type LoginPolicy struct {
models.ObjectRoot
State PolicyState
Default bool
AllowUsernamePassword bool
AllowRegister bool
AllowExternalIdp bool
IDPProviders []*IDPProvider
}
type IDPProvider struct {
models.ObjectRoot
Type IDPProviderType
IdpConfigID string
}
type PolicyState int32
const (
PolicyStateActive PolicyState = iota
PolicyStateRemoved
)
type IDPProviderType int32
const (
IDPProviderTypeSystem IDPProviderType = iota
IDPProviderTypeOrg
)
func (p *LoginPolicy) IsValid() bool {
return p.ObjectRoot.AggregateID != ""
}
func (p *IDPProvider) IsValid() bool {
return p.ObjectRoot.AggregateID != "" && p.IdpConfigID != ""
}
func (p *LoginPolicy) GetIdpProvider(id string) (int, *IDPProvider) {
for i, m := range p.IDPProviders {
if m.IdpConfigID == id {
return i, m
}
}
return -1, nil
}

View File

@ -0,0 +1,48 @@
package model
import (
"github.com/caos/zitadel/internal/model"
"time"
)
type LoginPolicyView struct {
AggregateID string
AllowUsernamePassword bool
AllowRegister bool
AllowExternalIDP bool
Default bool
CreationDate time.Time
ChangeDate time.Time
Sequence uint64
}
type LoginPolicySearchRequest struct {
Offset uint64
Limit uint64
SortingColumn LoginPolicySearchKey
Asc bool
Queries []*LoginPolicySearchQuery
}
type LoginPolicySearchKey int32
const (
LoginPolicySearchKeyUnspecified LoginPolicySearchKey = iota
LoginPolicySearchKeyAggregateID
)
type LoginPolicySearchQuery struct {
Key LoginPolicySearchKey
Method model.SearchMethod
Value interface{}
}
type LoginPolicySearchResponse struct {
Offset uint64
Limit uint64
TotalResult uint64
Result []*LoginPolicyView
Sequence uint64
Timestamp time.Time
}

View File

@ -8,26 +8,26 @@ import (
"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
)
type IamCache struct {
type IAMCache struct {
iamCache cache.Cache
}
func StartCache(conf *config.CacheConfig) (*IamCache, error) {
func StartCache(conf *config.CacheConfig) (*IAMCache, error) {
iamCache, err := conf.Config.NewCache()
logging.Log("EVENT-9siew").OnError(err).Panic("unable to create iam cache")
return &IamCache{iamCache: iamCache}, nil
return &IAMCache{iamCache: iamCache}, nil
}
func (c *IamCache) getIam(ID string) *model.Iam {
user := &model.Iam{ObjectRoot: models.ObjectRoot{AggregateID: ID}}
func (c *IAMCache) getIAM(ID string) *model.IAM {
user := &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: ID}}
if err := c.iamCache.Get(ID, user); err != nil {
logging.Log("EVENT-slo9x").WithError(err).Debug("error in getting cache")
}
return user
}
func (c *IamCache) cacheIam(iam *model.Iam) {
func (c *IAMCache) cacheIAM(iam *model.IAM) {
err := c.iamCache.Set(iam.AggregateID, iam)
if err != nil {
logging.Log("EVENT-os03w").WithError(err).Debug("error in setting iam cache")

View File

@ -4,40 +4,50 @@ import (
"context"
"github.com/caos/zitadel/internal/cache/config"
sd "github.com/caos/zitadel/internal/config/systemdefaults"
"github.com/caos/zitadel/internal/crypto"
caos_errs "github.com/caos/zitadel/internal/errors"
es_int "github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/models"
es_sdk "github.com/caos/zitadel/internal/eventstore/sdk"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/id"
)
type IamEventstore struct {
type IAMEventstore struct {
es_int.Eventstore
iamCache *IamCache
iamCache *IAMCache
idGenerator id.Generator
secretCrypto crypto.Crypto
}
type IamConfig struct {
type IAMConfig struct {
es_int.Eventstore
Cache *config.CacheConfig
}
func StartIam(conf IamConfig, systemDefaults sd.SystemDefaults) (*IamEventstore, error) {
func StartIAM(conf IAMConfig, systemDefaults sd.SystemDefaults) (*IAMEventstore, error) {
iamCache, err := StartCache(conf.Cache)
if err != nil {
return nil, err
}
return &IamEventstore{
Eventstore: conf.Eventstore,
iamCache: iamCache,
aesCrypto, err := crypto.NewAESCrypto(systemDefaults.IDPConfigVerificationKey)
if err != nil {
return nil, err
}
return &IAMEventstore{
Eventstore: conf.Eventstore,
iamCache: iamCache,
idGenerator: id.SonyFlakeGenerator,
secretCrypto: aesCrypto,
}, nil
}
func (es *IamEventstore) IamByID(ctx context.Context, id string) (*iam_model.Iam, error) {
iam := es.iamCache.getIam(id)
func (es *IAMEventstore) IAMByID(ctx context.Context, id string) (*iam_model.IAM, error) {
iam := es.iamCache.getIAM(id)
query, err := IamByIDQuery(iam.AggregateID, iam.Sequence)
query, err := IAMByIDQuery(iam.AggregateID, iam.Sequence)
if err != nil {
return nil, err
}
@ -45,12 +55,12 @@ func (es *IamEventstore) IamByID(ctx context.Context, id string) (*iam_model.Iam
if err != nil && caos_errs.IsNotFound(err) && iam.Sequence == 0 {
return nil, err
}
es.iamCache.cacheIam(iam)
return model.IamToModel(iam), nil
es.iamCache.cacheIAM(iam)
return model.IAMToModel(iam), nil
}
func (es *IamEventstore) StartSetup(ctx context.Context, iamID string) (*iam_model.Iam, error) {
iam, err := es.IamByID(ctx, iamID)
func (es *IAMEventstore) StartSetup(ctx context.Context, iamID string) (*iam_model.IAM, error) {
iam, err := es.IAMByID(ctx, iamID)
if err != nil && !caos_errs.IsNotFound(err) {
return nil, err
}
@ -59,132 +69,420 @@ func (es *IamEventstore) StartSetup(ctx context.Context, iamID string) (*iam_mod
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-9so34", "Setup already started")
}
repoIam := &model.Iam{ObjectRoot: models.ObjectRoot{AggregateID: iamID}}
createAggregate := IamSetupStartedAggregate(es.AggregateCreator(), repoIam)
repoIam := &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: iamID}}
createAggregate := IAMSetupStartedAggregate(es.AggregateCreator(), repoIam)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, createAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIam(repoIam)
return model.IamToModel(repoIam), nil
es.iamCache.cacheIAM(repoIam)
return model.IAMToModel(repoIam), nil
}
func (es *IamEventstore) SetupDone(ctx context.Context, iamID string) (*iam_model.Iam, error) {
iam, err := es.IamByID(ctx, iamID)
func (es *IAMEventstore) SetupDone(ctx context.Context, iamID string) (*iam_model.IAM, error) {
iam, err := es.IAMByID(ctx, iamID)
if err != nil {
return nil, err
}
repoIam := model.IamFromModel(iam)
createAggregate := IamSetupDoneAggregate(es.AggregateCreator(), repoIam)
repoIam := model.IAMFromModel(iam)
createAggregate := IAMSetupDoneAggregate(es.AggregateCreator(), repoIam)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, createAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIam(repoIam)
return model.IamToModel(repoIam), nil
es.iamCache.cacheIAM(repoIam)
return model.IAMToModel(repoIam), nil
}
func (es *IamEventstore) SetGlobalOrg(ctx context.Context, iamID, globalOrg string) (*iam_model.Iam, error) {
iam, err := es.IamByID(ctx, iamID)
func (es *IAMEventstore) SetGlobalOrg(ctx context.Context, iamID, globalOrg string) (*iam_model.IAM, error) {
iam, err := es.IAMByID(ctx, iamID)
if err != nil {
return nil, err
}
repoIam := model.IamFromModel(iam)
createAggregate := IamSetGlobalOrgAggregate(es.AggregateCreator(), repoIam, globalOrg)
repoIam := model.IAMFromModel(iam)
createAggregate := IAMSetGlobalOrgAggregate(es.AggregateCreator(), repoIam, globalOrg)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, createAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIam(repoIam)
return model.IamToModel(repoIam), nil
es.iamCache.cacheIAM(repoIam)
return model.IAMToModel(repoIam), nil
}
func (es *IamEventstore) SetIamProject(ctx context.Context, iamID, iamProjectID string) (*iam_model.Iam, error) {
iam, err := es.IamByID(ctx, iamID)
func (es *IAMEventstore) SetIAMProject(ctx context.Context, iamID, iamProjectID string) (*iam_model.IAM, error) {
iam, err := es.IAMByID(ctx, iamID)
if err != nil {
return nil, err
}
repoIam := model.IamFromModel(iam)
createAggregate := IamSetIamProjectAggregate(es.AggregateCreator(), repoIam, iamProjectID)
repoIam := model.IAMFromModel(iam)
createAggregate := IAMSetIamProjectAggregate(es.AggregateCreator(), repoIam, iamProjectID)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, createAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIam(repoIam)
return model.IamToModel(repoIam), nil
es.iamCache.cacheIAM(repoIam)
return model.IAMToModel(repoIam), nil
}
func (es *IamEventstore) AddIamMember(ctx context.Context, member *iam_model.IamMember) (*iam_model.IamMember, error) {
func (es *IAMEventstore) AddIAMMember(ctx context.Context, member *iam_model.IAMMember) (*iam_model.IAMMember, error) {
if !member.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-89osr", "Errors.Iam.MemberInvalid")
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-89osr", "Errors.IAM.MemberInvalid")
}
existing, err := es.IamByID(ctx, member.AggregateID)
existing, err := es.IAMByID(ctx, member.AggregateID)
if err != nil {
return nil, err
}
if _, m := existing.GetMember(member.UserID); m != nil {
return nil, caos_errs.ThrowAlreadyExists(nil, "EVENT-idke6", "Errors.Iam.MemberAlreadyExisting")
return nil, caos_errs.ThrowAlreadyExists(nil, "EVENT-idke6", "Errors.IAM.MemberAlreadyExisting")
}
repoIam := model.IamFromModel(existing)
repoMember := model.IamMemberFromModel(member)
repoIam := model.IAMFromModel(existing)
repoMember := model.IAMMemberFromModel(member)
addAggregate := IamMemberAddedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoMember)
addAggregate := IAMMemberAddedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoMember)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, addAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIam(repoIam)
es.iamCache.cacheIAM(repoIam)
if _, m := model.GetIamMember(repoIam.Members, member.UserID); m != nil {
return model.IamMemberToModel(m), nil
if _, m := model.GetIAMMember(repoIam.Members, member.UserID); m != nil {
return model.IAMMemberToModel(m), nil
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-s90pw", "Errors.Internal")
}
func (es *IamEventstore) ChangeIamMember(ctx context.Context, member *iam_model.IamMember) (*iam_model.IamMember, error) {
func (es *IAMEventstore) ChangeIAMMember(ctx context.Context, member *iam_model.IAMMember) (*iam_model.IAMMember, error) {
if !member.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-s9ipe", "Errors.Iam.MemberInvalid")
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-s9ipe", "Errors.IAM.MemberInvalid")
}
existing, err := es.IamByID(ctx, member.AggregateID)
existing, err := es.IAMByID(ctx, member.AggregateID)
if err != nil {
return nil, err
}
if _, m := existing.GetMember(member.UserID); m == nil {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-s7ucs", "Errors.Iam.MemberNotExisting")
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-s7ucs", "Errors.IAM.MemberNotExisting")
}
repoIam := model.IamFromModel(existing)
repoMember := model.IamMemberFromModel(member)
repoIam := model.IAMFromModel(existing)
repoMember := model.IAMMemberFromModel(member)
projectAggregate := IamMemberChangedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoMember)
projectAggregate := IAMMemberChangedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoMember)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, projectAggregate)
es.iamCache.cacheIam(repoIam)
es.iamCache.cacheIAM(repoIam)
if _, m := model.GetIamMember(repoIam.Members, member.UserID); m != nil {
return model.IamMemberToModel(m), nil
if _, m := model.GetIAMMember(repoIam.Members, member.UserID); m != nil {
return model.IAMMemberToModel(m), nil
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-29cws", "Errors.Internal")
}
func (es *IamEventstore) RemoveIamMember(ctx context.Context, member *iam_model.IamMember) error {
func (es *IAMEventstore) RemoveIAMMember(ctx context.Context, member *iam_model.IAMMember) error {
if member.UserID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-0pors", "Errors.Iam.MemberInvalid")
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-0pors", "Errors.IAM.MemberInvalid")
}
existing, err := es.IamByID(ctx, member.AggregateID)
existing, err := es.IAMByID(ctx, member.AggregateID)
if err != nil {
return err
}
if _, m := existing.GetMember(member.UserID); m == nil {
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-29skr", "Errors.Iam.MemberNotExisting")
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-29skr", "Errors.IAM.MemberNotExisting")
}
repoIam := model.IamFromModel(existing)
repoMember := model.IamMemberFromModel(member)
repoIam := model.IAMFromModel(existing)
repoMember := model.IAMMemberFromModel(member)
projectAggregate := IamMemberRemovedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoMember)
projectAggregate := IAMMemberRemovedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoMember)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, projectAggregate)
es.iamCache.cacheIam(repoIam)
es.iamCache.cacheIAM(repoIam)
return err
}
func (es *IAMEventstore) GetIDPConfig(ctx context.Context, aggregateID, idpConfigID string) (*iam_model.IDPConfig, error) {
existing, err := es.IAMByID(ctx, aggregateID)
if err != nil {
return nil, err
}
if _, existingIDP := existing.GetIDP(idpConfigID); existingIDP != nil {
return existingIDP, nil
}
return nil, caos_errs.ThrowNotFound(nil, "EVENT-Scj8s", "Errors.IAM.IdpNotExisting")
}
func (es *IAMEventstore) AddIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error) {
if idp == nil || !idp.IsValid(true) {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Ms89d", "Errors.IAM.IdpInvalid")
}
existing, err := es.IAMByID(ctx, idp.AggregateID)
if err != nil {
return nil, err
}
id, err := es.idGenerator.Next()
if err != nil {
return nil, err
}
idp.IDPConfigID = id
if idp.OIDCConfig != nil {
idp.OIDCConfig.IDPConfigID = id
err = idp.OIDCConfig.CryptSecret(es.secretCrypto)
if err != nil {
return nil, err
}
}
repoIam := model.IAMFromModel(existing)
repoIdp := model.IDPConfigFromModel(idp)
addAggregate := IDPConfigAddedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoIdp)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, addAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIAM(repoIam)
if _, idpConfig := model.GetIDPConfig(repoIam.IDPs, idp.IDPConfigID); idpConfig != nil {
return model.IDPConfigToModel(idpConfig), nil
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-Scj8s", "Errors.Internal")
}
func (es *IAMEventstore) ChangeIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error) {
if idp == nil || !idp.IsValid(false) {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Cms8o", "Errors.IAM.IdpInvalid")
}
existing, err := es.IAMByID(ctx, idp.AggregateID)
if err != nil {
return nil, err
}
if _, existingIDP := existing.GetIDP(idp.IDPConfigID); existingIDP == nil {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Cmlos", "Errors.IAM.IdpNotExisting")
}
repoIam := model.IAMFromModel(existing)
repoIdp := model.IDPConfigFromModel(idp)
iamAggregate := IDPConfigChangedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoIdp)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, iamAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIAM(repoIam)
if _, idpConfig := model.GetIDPConfig(repoIam.IDPs, idp.IDPConfigID); idpConfig != nil {
return model.IDPConfigToModel(idpConfig), nil
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-Xmlo0", "Errors.Internal")
}
func (es *IAMEventstore) PrepareRemoveIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*model.IAM, *models.Aggregate, error) {
if idp == nil || idp.IDPConfigID == "" {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Wz7sD", "Errors.IAM.IDMissing")
}
existing, err := es.IAMByID(ctx, idp.AggregateID)
if err != nil {
return nil, nil, err
}
if _, existingIDP := existing.GetIDP(idp.IDPConfigID); existingIDP == nil {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Smiu8", "Errors.IAM.IdpNotExisting")
}
repoIam := model.IAMFromModel(existing)
repoIdp := model.IDPConfigFromModel(idp)
provider := new(model.IDPProvider)
if repoIam.DefaultLoginPolicy != nil {
_, provider = model.GetIDPProvider(repoIam.DefaultLoginPolicy.IDPProviders, idp.IDPConfigID)
}
agg, err := IDPConfigRemovedAggregate(ctx, es.Eventstore.AggregateCreator(), repoIam, repoIdp, provider)
if err != nil {
return nil, nil, err
}
return repoIam, agg, nil
}
func (es *IAMEventstore) RemoveIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) error {
repoIam, agg, err := es.PrepareRemoveIDPConfig(ctx, idp)
if err != nil {
return err
}
err = es_sdk.PushAggregates(ctx, es.PushAggregates, repoIam.AppendEvents, agg)
if err != nil {
return err
}
es.iamCache.cacheIAM(repoIam)
return nil
}
func (es *IAMEventstore) DeactivateIDPConfig(ctx context.Context, iamID, idpID string) (*iam_model.IDPConfig, error) {
if idpID == "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Fbs8o", "Errors.IAM.IDMissing")
}
existing, err := es.IAMByID(ctx, iamID)
if err != nil {
return nil, err
}
idp := &iam_model.IDPConfig{IDPConfigID: idpID}
if _, existingIDP := existing.GetIDP(idp.IDPConfigID); existingIDP == nil {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Mci32", "Errors.IAM.IdpNotExisting")
}
repoIam := model.IAMFromModel(existing)
repoIdp := model.IDPConfigFromModel(idp)
iamAggregate := IDPConfigDeactivatedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoIdp)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, iamAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIAM(repoIam)
if _, idpConfig := model.GetIDPConfig(repoIam.IDPs, idp.IDPConfigID); idpConfig != nil {
return model.IDPConfigToModel(idpConfig), nil
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-Xnc8d", "Errors.Internal")
}
func (es *IAMEventstore) ReactivateIDPConfig(ctx context.Context, iamID, idpID string) (*iam_model.IDPConfig, error) {
if idpID == "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Wkjsf", "Errors.IAM.IDMissing")
}
iam, err := es.IAMByID(ctx, iamID)
if err != nil {
return nil, err
}
idp := &iam_model.IDPConfig{IDPConfigID: idpID}
if _, existingIDP := iam.GetIDP(idp.IDPConfigID); existingIDP == nil {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Sjc78", "Errors.IAM.IdpNotExisting")
}
repoIam := model.IAMFromModel(iam)
repoIdp := model.IDPConfigFromModel(idp)
iamAggregate := IDPConfigReactivatedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoIdp)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, iamAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIAM(repoIam)
if _, idpConfig := model.GetIDPConfig(repoIam.IDPs, idp.IDPConfigID); idpConfig != nil {
return model.IDPConfigToModel(idpConfig), nil
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-Snd4f", "Errors.Internal")
}
func (es *IAMEventstore) ChangeIDPOIDCConfig(ctx context.Context, config *iam_model.OIDCIDPConfig) (*iam_model.OIDCIDPConfig, error) {
if config == nil || !config.IsValid(false) {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-*5ki8", "Errors.IAM.OIDCConfigInvalid")
}
iam, err := es.IAMByID(ctx, config.AggregateID)
if err != nil {
return nil, err
}
var idp *iam_model.IDPConfig
if _, idp = iam.GetIDP(config.IDPConfigID); idp == nil {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-pso0s", "Errors.IAM.IdpNoExisting")
}
if idp.Type != iam_model.IDPConfigTypeOIDC {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Fms8w", "Errors.IAM.IdpIsNotOIDC")
}
if config.ClientSecretString != "" {
err = idp.OIDCConfig.CryptSecret(es.secretCrypto)
} else {
config.ClientSecret = nil
}
repoIam := model.IAMFromModel(iam)
repoConfig := model.OIDCIDPConfigFromModel(config)
iamAggregate := OIDCIDPConfigChangedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoConfig)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, iamAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIAM(repoIam)
if _, idpConfig := model.GetIDPConfig(repoIam.IDPs, idp.IDPConfigID); idpConfig != nil {
return model.OIDCIDPConfigToModel(idpConfig.OIDCIDPConfig), nil
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-Sldk8", "Errors.Internal")
}
func (es *IAMEventstore) AddLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) {
if policy == nil || !policy.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Lso02", "Errors.IAM.LoginPolicyInvalid")
}
iam, err := es.IAMByID(ctx, policy.AggregateID)
if err != nil {
return nil, err
}
repoIam := model.IAMFromModel(iam)
repoLoginPolicy := model.LoginPolicyFromModel(policy)
addAggregate := LoginPolicyAddedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoLoginPolicy)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, addAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIAM(repoIam)
return model.LoginPolicyToModel(repoIam.DefaultLoginPolicy), nil
}
func (es *IAMEventstore) ChangeLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) {
if policy == nil || !policy.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Lso02", "Errors.IAM.LoginPolicyInvalid")
}
iam, err := es.IAMByID(ctx, policy.AggregateID)
if err != nil {
return nil, err
}
repoIam := model.IAMFromModel(iam)
repoLoginPolicy := model.LoginPolicyFromModel(policy)
addAggregate := LoginPolicyChangedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoLoginPolicy)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, addAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIAM(repoIam)
return model.LoginPolicyToModel(repoIam.DefaultLoginPolicy), nil
}
func (es *IAMEventstore) AddIDPProviderToLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) (*iam_model.IDPProvider, error) {
if provider == nil || !provider.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Lso02", "Errors.IdpProviderInvalid")
}
iam, err := es.IAMByID(ctx, provider.AggregateID)
if err != nil {
return nil, err
}
if _, m := iam.DefaultLoginPolicy.GetIdpProvider(provider.IdpConfigID); m != nil {
return nil, caos_errs.ThrowAlreadyExists(nil, "EVENT-idke6", "Errors.IAM.LoginPolicy.IdpProviderAlreadyExisting")
}
repoIam := model.IAMFromModel(iam)
repoProvider := model.IDPProviderFromModel(provider)
addAggregate := LoginPolicyIDPProviderAddedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoProvider)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, addAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIAM(repoIam)
if _, m := model.GetIDPProvider(repoIam.DefaultLoginPolicy.IDPProviders, provider.IdpConfigID); m != nil {
return model.IDPProviderToModel(m), nil
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-Slf9s", "Errors.Internal")
}
func (es *IAMEventstore) RemoveIDPProviderFromLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) error {
if provider == nil || !provider.IsValid() {
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-Esi8c", "Errors.IdpProviderInvalid")
}
iam, err := es.IAMByID(ctx, provider.AggregateID)
if err != nil {
return err
}
if _, m := iam.DefaultLoginPolicy.GetIdpProvider(provider.IdpConfigID); m == nil {
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-29skr", "Errors.IAM.LoginPolicy.IdpProviderNotExisting")
}
repoIam := model.IAMFromModel(iam)
addAggregate := LoginPolicyIDPProviderRemovedAggregate(es.Eventstore.AggregateCreator(), repoIam, &model.IDPProviderID{provider.IdpConfigID})
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, addAggregate)
if err != nil {
return err
}
es.iamCache.cacheIAM(repoIam)
return nil
}

View File

@ -2,6 +2,8 @@ package eventsourcing
import (
"encoding/json"
"github.com/caos/zitadel/internal/crypto"
"github.com/caos/zitadel/internal/id"
mock_cache "github.com/caos/zitadel/internal/cache/mock"
"github.com/caos/zitadel/internal/eventstore/mock"
@ -10,24 +12,37 @@ import (
"github.com/golang/mock/gomock"
)
func GetMockedEventstore(ctrl *gomock.Controller, mockEs *mock.MockEventstore) *IamEventstore {
return &IamEventstore{
Eventstore: mockEs,
iamCache: GetMockCache(ctrl),
func GetMockedEventstore(ctrl *gomock.Controller, mockEs *mock.MockEventstore) *IAMEventstore {
return &IAMEventstore{
Eventstore: mockEs,
iamCache: GetMockCache(ctrl),
idGenerator: GetSonyFlacke(),
}
}
func GetMockCache(ctrl *gomock.Controller) *IamCache {
func GetMockedEventstoreWithCrypto(ctrl *gomock.Controller, mockEs *mock.MockEventstore) *IAMEventstore {
return &IAMEventstore{
Eventstore: mockEs,
iamCache: GetMockCache(ctrl),
idGenerator: GetSonyFlacke(),
secretCrypto: crypto.NewBCrypt(10),
}
}
func GetMockCache(ctrl *gomock.Controller) *IAMCache {
mockCache := mock_cache.NewMockCache(ctrl)
mockCache.EXPECT().Get(gomock.Any(), gomock.Any()).Return(nil).AnyTimes()
mockCache.EXPECT().Set(gomock.Any(), gomock.Any()).Return(nil).AnyTimes()
return &IamCache{iamCache: mockCache}
return &IAMCache{iamCache: mockCache}
}
func GetMockIamByIDOK(ctrl *gomock.Controller) *IamEventstore {
data, _ := json.Marshal(model.Iam{GlobalOrgID: "GlobalOrgID"})
func GetSonyFlacke() id.Generator {
return id.SonyFlakeGenerator
}
func GetMockIamByIDOK(ctrl *gomock.Controller) *IAMEventstore {
data, _ := json.Marshal(model.IAM{GlobalOrgID: "GlobalOrgID"})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IamSetupStarted},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.GlobalOrgSet, Data: data},
}
mockEs := mock.NewMockEventstore(ctrl)
@ -35,16 +50,16 @@ func GetMockIamByIDOK(ctrl *gomock.Controller) *IamEventstore {
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockIamByIDNoEvents(ctrl *gomock.Controller) *IamEventstore {
func GetMockIamByIDNoEvents(ctrl *gomock.Controller) *IAMEventstore {
events := []*es_models.Event{}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIam(ctrl *gomock.Controller) *IamEventstore {
func GetMockManipulateIam(ctrl *gomock.Controller) *IAMEventstore {
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IamSetupStarted},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
@ -53,11 +68,22 @@ func GetMockManipulateIam(ctrl *gomock.Controller) *IamEventstore {
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIamWithMember(ctrl *gomock.Controller) *IamEventstore {
memberData, _ := json.Marshal(model.IamMember{UserID: "UserID", Roles: []string{"Role"}})
func GetMockManipulateIamWithCrypto(ctrl *gomock.Controller) *IAMEventstore {
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IamSetupStarted},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IamMemberAdded, Data: memberData},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstoreWithCrypto(ctrl, mockEs)
}
func GetMockManipulateIamWithMember(ctrl *gomock.Controller) *IAMEventstore {
memberData, _ := json.Marshal(model.IAMMember{UserID: "UserID", Roles: []string{"Role"}})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMMemberAdded, Data: memberData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
@ -65,7 +91,38 @@ func GetMockManipulateIamWithMember(ctrl *gomock.Controller) *IamEventstore {
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIamNotExisting(ctrl *gomock.Controller) *IamEventstore {
func GetMockManipulateIamWithOIDCIdp(ctrl *gomock.Controller) *IAMEventstore {
idpData, _ := json.Marshal(model.IDPConfig{IDPConfigID: "IDPConfigID", Name: "Name"})
oidcData, _ := json.Marshal(model.OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IDPConfigAdded, Data: idpData},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.OIDCIDPConfigAdded, Data: oidcData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIamWithLoginPolicy(ctrl *gomock.Controller) *IAMEventstore {
policyData, _ := json.Marshal(model.LoginPolicy{AllowRegister: true, AllowUsernamePassword: true, AllowExternalIdp: true})
idpProviderData, _ := json.Marshal(model.IDPProvider{IDPConfigID: "IDPConfigID", Type: 1})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.LoginPolicyAdded, Data: policyData},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.LoginPolicyIDPProviderAdded, Data: idpProviderData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIamNotExisting(ctrl *gomock.Controller) *IAMEventstore {
events := []*es_models.Event{}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)

File diff suppressed because it is too large Load Diff

View File

@ -7,118 +7,358 @@ import (
"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
)
func IamByIDQuery(id string, latestSequence uint64) (*es_models.SearchQuery, error) {
func IAMByIDQuery(id string, latestSequence uint64) (*es_models.SearchQuery, error) {
if id == "" {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-0soe4", "Errors.Iam.IDMissing")
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-0soe4", "Errors.IAM.IDMissing")
}
return IamQuery(latestSequence).
return IAMQuery(latestSequence).
AggregateIDFilter(id), nil
}
func IamQuery(latestSequence uint64) *es_models.SearchQuery {
func IAMQuery(latestSequence uint64) *es_models.SearchQuery {
return es_models.NewSearchQuery().
AggregateTypeFilter(model.IamAggregate).
AggregateTypeFilter(model.IAMAggregate).
LatestSequenceFilter(latestSequence)
}
func IamAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, iam *model.Iam) (*es_models.Aggregate, error) {
func IAMAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, iam *model.IAM) (*es_models.Aggregate, error) {
if iam == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-lo04e", "Errors.Internal")
}
return aggCreator.NewAggregate(ctx, iam.AggregateID, model.IamAggregate, model.IamVersion, iam.Sequence)
return aggCreator.NewAggregate(ctx, iam.AggregateID, model.IAMAggregate, model.IAMVersion, iam.Sequence)
}
func IamAggregateOverwriteContext(ctx context.Context, aggCreator *es_models.AggregateCreator, iam *model.Iam, resourceOwnerID string, userID string) (*es_models.Aggregate, error) {
func IAMAggregateOverwriteContext(ctx context.Context, aggCreator *es_models.AggregateCreator, iam *model.IAM, resourceOwnerID string, userID string) (*es_models.Aggregate, error) {
if iam == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-dis83", "Errors.Internal")
}
return aggCreator.NewAggregate(ctx, iam.AggregateID, model.IamAggregate, model.IamVersion, iam.Sequence, es_models.OverwriteResourceOwner(resourceOwnerID), es_models.OverwriteEditorUser(userID))
return aggCreator.NewAggregate(ctx, iam.AggregateID, model.IAMAggregate, model.IAMVersion, iam.Sequence, es_models.OverwriteResourceOwner(resourceOwnerID), es_models.OverwriteEditorUser(userID))
}
func IamSetupStartedAggregate(aggCreator *es_models.AggregateCreator, iam *model.Iam) func(ctx context.Context) (*es_models.Aggregate, error) {
func IAMSetupStartedAggregate(aggCreator *es_models.AggregateCreator, iam *model.IAM) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
agg, err := IamAggregate(ctx, aggCreator, iam)
agg, err := IAMAggregate(ctx, aggCreator, iam)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.IamSetupStarted, nil)
return agg.AppendEvent(model.IAMSetupStarted, nil)
}
}
func IamSetupDoneAggregate(aggCreator *es_models.AggregateCreator, iam *model.Iam) func(ctx context.Context) (*es_models.Aggregate, error) {
func IAMSetupDoneAggregate(aggCreator *es_models.AggregateCreator, iam *model.IAM) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
agg, err := IamAggregate(ctx, aggCreator, iam)
agg, err := IAMAggregate(ctx, aggCreator, iam)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.IamSetupDone, nil)
return agg.AppendEvent(model.IAMSetupDone, nil)
}
}
func IamSetGlobalOrgAggregate(aggCreator *es_models.AggregateCreator, iam *model.Iam, globalOrg string) func(ctx context.Context) (*es_models.Aggregate, error) {
func IAMSetGlobalOrgAggregate(aggCreator *es_models.AggregateCreator, iam *model.IAM, globalOrg string) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if globalOrg == "" {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-8siwa", "Errors.Iam.GlobalOrgMissing")
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-8siwa", "Errors.IAM.GlobalOrgMissing")
}
agg, err := IamAggregate(ctx, aggCreator, iam)
agg, err := IAMAggregate(ctx, aggCreator, iam)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.GlobalOrgSet, &model.Iam{GlobalOrgID: globalOrg})
return agg.AppendEvent(model.GlobalOrgSet, &model.IAM{GlobalOrgID: globalOrg})
}
}
func IamSetIamProjectAggregate(aggCreator *es_models.AggregateCreator, iam *model.Iam, projectID string) func(ctx context.Context) (*es_models.Aggregate, error) {
func IAMSetIamProjectAggregate(aggCreator *es_models.AggregateCreator, iam *model.IAM, projectID string) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if projectID == "" {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-sjuw3", "Errors.Iam.IamProjectIDMisisng")
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-sjuw3", "Errors.IAM.IamProjectIDMisisng")
}
agg, err := IamAggregate(ctx, aggCreator, iam)
agg, err := IAMAggregate(ctx, aggCreator, iam)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.IamProjectSet, &model.Iam{IamProjectID: projectID})
return agg.AppendEvent(model.IAMProjectSet, &model.IAM{IAMProjectID: projectID})
}
}
func IamMemberAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Iam, member *model.IamMember) func(ctx context.Context) (*es_models.Aggregate, error) {
func IAMMemberAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, member *model.IAMMember) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if member == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-9sope", "Errors.Internal")
}
agg, err := IamAggregate(ctx, aggCreator, existing)
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.IamMemberAdded, member)
return agg.AppendEvent(model.IAMMemberAdded, member)
}
}
func IamMemberChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Iam, member *model.IamMember) func(ctx context.Context) (*es_models.Aggregate, error) {
func IAMMemberChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, member *model.IAMMember) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if member == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-38skf", "Errors.Internal")
}
agg, err := IamAggregate(ctx, aggCreator, existing)
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.IamMemberChanged, member)
return agg.AppendEvent(model.IAMMemberChanged, member)
}
}
func IamMemberRemovedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Iam, member *model.IamMember) func(ctx context.Context) (*es_models.Aggregate, error) {
func IAMMemberRemovedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, member *model.IAMMember) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if member == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-90lsw", "Errors.Internal")
}
agg, err := IamAggregate(ctx, aggCreator, existing)
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.IamMemberRemoved, member)
return agg.AppendEvent(model.IAMMemberRemoved, member)
}
}
func IDPConfigAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, idp *model.IDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if idp == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-MSn7d", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
agg, err = agg.AppendEvent(model.IDPConfigAdded, idp)
if err != nil {
return nil, err
}
if idp.OIDCIDPConfig != nil {
return agg.AppendEvent(model.OIDCIDPConfigAdded, idp.OIDCIDPConfig)
}
return agg, nil
}
}
func IDPConfigChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, idp *model.IDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if idp == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Amc7s", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
var changes map[string]interface{}
for _, i := range existing.IDPs {
if i.IDPConfigID == idp.IDPConfigID {
changes = i.Changes(idp)
}
}
return agg.AppendEvent(model.IDPConfigChanged, changes)
}
}
func IDPConfigRemovedAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, existing *model.IAM, idp *model.IDPConfig, provider *model.IDPProvider) (*es_models.Aggregate, error) {
if idp == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-se23g", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
agg, err = agg.AppendEvent(model.IDPConfigRemoved, &model.IDPConfigID{IDPConfigID: idp.IDPConfigID})
if err != nil {
return nil, err
}
if provider != nil {
return agg.AppendEvent(model.LoginPolicyIDPProviderCascadeRemoved, &model.IDPConfigID{IDPConfigID: idp.IDPConfigID})
}
return agg, nil
}
func IDPConfigDeactivatedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, idp *model.IDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if idp == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-slfi3", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.IDPConfigDeactivated, &model.IDPConfigID{IDPConfigID: idp.IDPConfigID})
}
}
func IDPConfigReactivatedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, idp *model.IDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if idp == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-slf32", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.IDPConfigReactivated, &model.IDPConfigID{IDPConfigID: idp.IDPConfigID})
}
}
func OIDCIDPConfigChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, config *model.OIDCIDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if config == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-slf32", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
var changes map[string]interface{}
for _, idp := range existing.IDPs {
if idp.IDPConfigID == config.IDPConfigID && idp.OIDCIDPConfig != nil {
changes = idp.OIDCIDPConfig.Changes(config)
}
}
if len(changes) <= 1 {
return nil, errors.ThrowPreconditionFailedf(nil, "EVENT-Cml9s", "Errors.NoChangesFound")
}
return agg.AppendEvent(model.OIDCIDPConfigChanged, changes)
}
}
func LoginPolicyAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, policy *model.LoginPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Smla8", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate).
EventTypesFilter(model.LoginPolicyAdded).
AggregateIDFilter(existing.AggregateID)
validation := checkExistingLoginPolicyValidation()
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.LoginPolicyAdded, policy)
}
}
func LoginPolicyChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, policy *model.LoginPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Mlco9", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
changes := existing.DefaultLoginPolicy.Changes(policy)
if len(changes) == 0 {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Smk8d", "Errors.NoChangesFound")
}
return agg.AppendEvent(model.LoginPolicyChanged, changes)
}
}
func LoginPolicyIDPProviderAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, provider *model.IDPProvider) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if provider == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Sml9d", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate).
AggregateIDFilter(existing.AggregateID)
validation := checkExistingLoginPolicyIDPProviderValidation(provider.IDPConfigID)
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.LoginPolicyIDPProviderAdded, provider)
}
}
func LoginPolicyIDPProviderRemovedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, provider *model.IDPProviderID) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if provider == nil || existing == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Sml9d", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.LoginPolicyIDPProviderRemoved, provider)
}
}
func checkExistingLoginPolicyValidation() func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
for _, event := range events {
switch event.Type {
case model.LoginPolicyAdded:
return errors.ThrowPreconditionFailed(nil, "EVENT-Ski9d", "Errors.IAM.LoginPolicy.AlreadyExists")
}
}
return nil
}
}
func checkExistingLoginPolicyIDPProviderValidation(idpConfigID string) func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
idpConfigs := make([]*model.IDPConfig, 0)
idps := make([]*model.IDPProvider, 0)
for _, event := range events {
switch event.Type {
case model.IDPConfigAdded:
config := new(model.IDPConfig)
config.SetData(event)
idpConfigs = append(idpConfigs, config)
case model.IDPConfigRemoved:
config := new(model.IDPConfig)
config.SetData(event)
for i, p := range idpConfigs {
if p.IDPConfigID == config.IDPConfigID {
idpConfigs[i] = idpConfigs[len(idpConfigs)-1]
idpConfigs[len(idpConfigs)-1] = nil
idpConfigs = idpConfigs[:len(idpConfigs)-1]
}
}
case model.LoginPolicyIDPProviderAdded:
idp := new(model.IDPProvider)
idp.SetData(event)
idps = append(idps, idp)
case model.LoginPolicyIDPProviderRemoved:
idp := new(model.IDPProvider)
idp.SetData(event)
for i, p := range idps {
if p.IDPConfigID == idp.IDPConfigID {
idps[i] = idps[len(idps)-1]
idps[len(idps)-1] = nil
idps = idps[:len(idps)-1]
}
}
}
}
exists := false
for _, p := range idpConfigs {
if p.IDPConfigID == idpConfigID {
exists = true
}
}
if !exists {
return errors.ThrowPreconditionFailed(nil, "EVENT-Djlo9", "Errors.IAM.IdpNotExisting")
}
for _, p := range idps {
if p.IDPConfigID == idpConfigID {
return errors.ThrowPreconditionFailed(nil, "EVENT-us5Zw", "Errors.IAM.LoginPolicy.IdpProviderAlreadyExisting")
}
}
return nil
}
}

File diff suppressed because it is too large Load Diff

View File

@ -9,45 +9,57 @@ import (
)
const (
IamVersion = "v1"
IAMVersion = "v1"
)
type Iam struct {
type IAM struct {
es_models.ObjectRoot
SetUpStarted bool `json:"-"`
SetUpDone bool `json:"-"`
GlobalOrgID string `json:"globalOrgId,omitempty"`
IamProjectID string `json:"iamProjectId,omitempty"`
Members []*IamMember `json:"-"`
SetUpStarted bool `json:"-"`
SetUpDone bool `json:"-"`
GlobalOrgID string `json:"globalOrgId,omitempty"`
IAMProjectID string `json:"iamProjectId,omitempty"`
Members []*IAMMember `json:"-"`
IDPs []*IDPConfig `json:"-"`
DefaultLoginPolicy *LoginPolicy `json:"-"`
}
func IamFromModel(iam *model.Iam) *Iam {
members := IamMembersFromModel(iam.Members)
converted := &Iam{
func IAMFromModel(iam *model.IAM) *IAM {
members := IAMMembersFromModel(iam.Members)
idps := IDPConfigsFromModel(iam.IDPs)
converted := &IAM{
ObjectRoot: iam.ObjectRoot,
SetUpStarted: iam.SetUpStarted,
SetUpDone: iam.SetUpDone,
GlobalOrgID: iam.GlobalOrgID,
IamProjectID: iam.IamProjectID,
IAMProjectID: iam.IAMProjectID,
Members: members,
IDPs: idps,
}
if iam.DefaultLoginPolicy != nil {
converted.DefaultLoginPolicy = LoginPolicyFromModel(iam.DefaultLoginPolicy)
}
return converted
}
func IamToModel(iam *Iam) *model.Iam {
members := IamMembersToModel(iam.Members)
converted := &model.Iam{
func IAMToModel(iam *IAM) *model.IAM {
members := IAMMembersToModel(iam.Members)
idps := IDPConfigsToModel(iam.IDPs)
converted := &model.IAM{
ObjectRoot: iam.ObjectRoot,
SetUpStarted: iam.SetUpStarted,
SetUpDone: iam.SetUpDone,
GlobalOrgID: iam.GlobalOrgID,
IamProjectID: iam.IamProjectID,
IAMProjectID: iam.IAMProjectID,
Members: members,
IDPs: idps,
}
if iam.DefaultLoginPolicy != nil {
converted.DefaultLoginPolicy = LoginPolicyToModel(iam.DefaultLoginPolicy)
}
return converted
}
func (i *Iam) AppendEvents(events ...*es_models.Event) error {
func (i *IAM) AppendEvents(events ...*es_models.Event) error {
for _, event := range events {
if err := i.AppendEvent(event); err != nil {
return err
@ -56,27 +68,50 @@ func (i *Iam) AppendEvents(events ...*es_models.Event) error {
return nil
}
func (i *Iam) AppendEvent(event *es_models.Event) (err error) {
func (i *IAM) AppendEvent(event *es_models.Event) (err error) {
i.ObjectRoot.AppendEvent(event)
switch event.Type {
case IamSetupStarted:
case IAMSetupStarted:
i.SetUpStarted = true
case IamSetupDone:
case IAMSetupDone:
i.SetUpDone = true
case IamProjectSet,
case IAMProjectSet,
GlobalOrgSet:
err = i.SetData(event)
case IamMemberAdded:
case IAMMemberAdded:
err = i.appendAddMemberEvent(event)
case IamMemberChanged:
case IAMMemberChanged:
err = i.appendChangeMemberEvent(event)
case IamMemberRemoved:
case IAMMemberRemoved:
err = i.appendRemoveMemberEvent(event)
case IDPConfigAdded:
return i.appendAddIDPConfigEvent(event)
case IDPConfigChanged:
return i.appendChangeIDPConfigEvent(event)
case IDPConfigRemoved:
return i.appendRemoveIDPConfigEvent(event)
case IDPConfigDeactivated:
return i.appendIDPConfigStateEvent(event, model.IDPConfigStateInactive)
case IDPConfigReactivated:
return i.appendIDPConfigStateEvent(event, model.IDPConfigStateActive)
case OIDCIDPConfigAdded:
return i.appendAddOIDCIDPConfigEvent(event)
case OIDCIDPConfigChanged:
return i.appendChangeOIDCIDPConfigEvent(event)
case LoginPolicyAdded:
return i.appendAddLoginPolicyEvent(event)
case LoginPolicyChanged:
return i.appendChangeLoginPolicyEvent(event)
case LoginPolicyIDPProviderAdded:
return i.appendAddIDPProviderToLoginPolicyEvent(event)
case LoginPolicyIDPProviderRemoved:
return i.appendRemoveIDPProviderFromLoginPolicyEvent(event)
}
return err
}
func (i *Iam) SetData(event *es_models.Event) error {
func (i *IAM) SetData(event *es_models.Event) error {
i.ObjectRoot.AppendEvent(event)
if err := json.Unmarshal(event.Data, i); err != nil {
logging.Log("EVEN-9sie4").WithError(err).Error("could not unmarshal event data")

View File

@ -7,13 +7,13 @@ import (
"github.com/caos/zitadel/internal/iam/model"
)
type IamMember struct {
type IAMMember struct {
es_models.ObjectRoot
UserID string `json:"userId,omitempty"`
Roles []string `json:"roles,omitempty"`
}
func GetIamMember(members []*IamMember, id string) (int, *IamMember) {
func GetIAMMember(members []*IAMMember, id string) (int, *IAMMember) {
for i, m := range members {
if m.UserID == id {
return i, m
@ -22,40 +22,40 @@ func GetIamMember(members []*IamMember, id string) (int, *IamMember) {
return -1, nil
}
func IamMembersToModel(members []*IamMember) []*model.IamMember {
convertedMembers := make([]*model.IamMember, len(members))
func IAMMembersToModel(members []*IAMMember) []*model.IAMMember {
convertedMembers := make([]*model.IAMMember, len(members))
for i, m := range members {
convertedMembers[i] = IamMemberToModel(m)
convertedMembers[i] = IAMMemberToModel(m)
}
return convertedMembers
}
func IamMembersFromModel(members []*model.IamMember) []*IamMember {
convertedMembers := make([]*IamMember, len(members))
func IAMMembersFromModel(members []*model.IAMMember) []*IAMMember {
convertedMembers := make([]*IAMMember, len(members))
for i, m := range members {
convertedMembers[i] = IamMemberFromModel(m)
convertedMembers[i] = IAMMemberFromModel(m)
}
return convertedMembers
}
func IamMemberFromModel(member *model.IamMember) *IamMember {
return &IamMember{
func IAMMemberFromModel(member *model.IAMMember) *IAMMember {
return &IAMMember{
ObjectRoot: member.ObjectRoot,
UserID: member.UserID,
Roles: member.Roles,
}
}
func IamMemberToModel(member *IamMember) *model.IamMember {
return &model.IamMember{
func IAMMemberToModel(member *IAMMember) *model.IAMMember {
return &model.IAMMember{
ObjectRoot: member.ObjectRoot,
UserID: member.UserID,
Roles: member.Roles,
}
}
func (iam *Iam) appendAddMemberEvent(event *es_models.Event) error {
member := &IamMember{}
func (iam *IAM) appendAddMemberEvent(event *es_models.Event) error {
member := &IAMMember{}
err := member.SetData(event)
if err != nil {
return err
@ -65,25 +65,25 @@ func (iam *Iam) appendAddMemberEvent(event *es_models.Event) error {
return nil
}
func (iam *Iam) appendChangeMemberEvent(event *es_models.Event) error {
member := &IamMember{}
func (iam *IAM) appendChangeMemberEvent(event *es_models.Event) error {
member := &IAMMember{}
err := member.SetData(event)
if err != nil {
return err
}
if i, m := GetIamMember(iam.Members, member.UserID); m != nil {
if i, m := GetIAMMember(iam.Members, member.UserID); m != nil {
iam.Members[i] = member
}
return nil
}
func (iam *Iam) appendRemoveMemberEvent(event *es_models.Event) error {
member := &IamMember{}
func (iam *IAM) appendRemoveMemberEvent(event *es_models.Event) error {
member := &IAMMember{}
err := member.SetData(event)
if err != nil {
return err
}
if i, m := GetIamMember(iam.Members, member.UserID); m != nil {
if i, m := GetIAMMember(iam.Members, member.UserID); m != nil {
iam.Members[i] = iam.Members[len(iam.Members)-1]
iam.Members[len(iam.Members)-1] = nil
iam.Members = iam.Members[:len(iam.Members)-1]
@ -91,7 +91,7 @@ func (iam *Iam) appendRemoveMemberEvent(event *es_models.Event) error {
return nil
}
func (m *IamMember) SetData(event *es_models.Event) error {
func (m *IAMMember) SetData(event *es_models.Event) error {
m.ObjectRoot.AppendEvent(event)
if err := json.Unmarshal(event.Data, m); err != nil {
logging.Log("EVEN-e4dkp").WithError(err).Error("could not unmarshal event data")

View File

@ -8,23 +8,23 @@ import (
func TestAppendAddMemberEvent(t *testing.T) {
type args struct {
iam *Iam
member *IamMember
iam *IAM
member *IAMMember
event *es_models.Event
}
tests := []struct {
name string
args args
result *Iam
result *IAM
}{
{
name: "append add member event",
args: args{
iam: &Iam{},
member: &IamMember{UserID: "UserID", Roles: []string{"Role"}},
iam: &IAM{},
member: &IAMMember{UserID: "UserID", Roles: []string{"Role"}},
event: &es_models.Event{},
},
result: &Iam{Members: []*IamMember{&IamMember{UserID: "UserID", Roles: []string{"Role"}}}},
result: &IAM{Members: []*IAMMember{&IAMMember{UserID: "UserID", Roles: []string{"Role"}}}},
},
}
for _, tt := range tests {
@ -46,23 +46,23 @@ func TestAppendAddMemberEvent(t *testing.T) {
func TestAppendChangeMemberEvent(t *testing.T) {
type args struct {
iam *Iam
member *IamMember
iam *IAM
member *IAMMember
event *es_models.Event
}
tests := []struct {
name string
args args
result *Iam
result *IAM
}{
{
name: "append change member event",
args: args{
iam: &Iam{Members: []*IamMember{&IamMember{UserID: "UserID", Roles: []string{"Role"}}}},
member: &IamMember{UserID: "UserID", Roles: []string{"ChangedRole"}},
iam: &IAM{Members: []*IAMMember{&IAMMember{UserID: "UserID", Roles: []string{"Role"}}}},
member: &IAMMember{UserID: "UserID", Roles: []string{"ChangedRole"}},
event: &es_models.Event{},
},
result: &Iam{Members: []*IamMember{&IamMember{UserID: "UserID", Roles: []string{"ChangedRole"}}}},
result: &IAM{Members: []*IAMMember{&IAMMember{UserID: "UserID", Roles: []string{"ChangedRole"}}}},
},
}
for _, tt := range tests {
@ -84,23 +84,23 @@ func TestAppendChangeMemberEvent(t *testing.T) {
func TestAppendRemoveMemberEvent(t *testing.T) {
type args struct {
iam *Iam
member *IamMember
iam *IAM
member *IAMMember
event *es_models.Event
}
tests := []struct {
name string
args args
result *Iam
result *IAM
}{
{
name: "append remove member event",
args: args{
iam: &Iam{Members: []*IamMember{&IamMember{UserID: "UserID", Roles: []string{"Role"}}}},
member: &IamMember{UserID: "UserID"},
iam: &IAM{Members: []*IAMMember{&IAMMember{UserID: "UserID", Roles: []string{"Role"}}}},
member: &IAMMember{UserID: "UserID"},
event: &es_models.Event{},
},
result: &Iam{Members: []*IamMember{}},
result: &IAM{Members: []*IAMMember{}},
},
}
for _, tt := range tests {

View File

@ -6,7 +6,7 @@ import (
"testing"
)
func mockIamData(iam *Iam) []byte {
func mockIamData(iam *IAM) []byte {
data, _ := json.Marshal(iam)
return data
}
@ -14,44 +14,44 @@ func mockIamData(iam *Iam) []byte {
func TestProjectRoleAppendEvent(t *testing.T) {
type args struct {
event *es_models.Event
iam *Iam
iam *IAM
}
tests := []struct {
name string
args args
result *Iam
result *IAM
}{
{
name: "append set up start event",
args: args{
event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: IamSetupStarted, ResourceOwner: "OrgID"},
iam: &Iam{},
event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: IAMSetupStarted, ResourceOwner: "OrgID"},
iam: &IAM{},
},
result: &Iam{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true},
result: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true},
},
{
name: "append set up done event",
args: args{
event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: IamSetupDone, ResourceOwner: "OrgID"},
iam: &Iam{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true},
event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: IAMSetupDone, ResourceOwner: "OrgID"},
iam: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true},
},
result: &Iam{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true, SetUpDone: true},
result: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true, SetUpDone: true},
},
{
name: "append globalorg event",
args: args{
event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: GlobalOrgSet, ResourceOwner: "OrgID", Data: mockIamData(&Iam{GlobalOrgID: "GlobalOrg"})},
iam: &Iam{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true},
event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: GlobalOrgSet, ResourceOwner: "OrgID", Data: mockIamData(&IAM{GlobalOrgID: "GlobalOrg"})},
iam: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true},
},
result: &Iam{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true, GlobalOrgID: "GlobalOrg"},
result: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true, GlobalOrgID: "GlobalOrg"},
},
{
name: "append iamproject event",
args: args{
event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: IamProjectSet, ResourceOwner: "OrgID", Data: mockIamData(&Iam{IamProjectID: "IamProject"})},
iam: &Iam{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true},
event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: IAMProjectSet, ResourceOwner: "OrgID", Data: mockIamData(&IAM{IAMProjectID: "IamProject"})},
iam: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true},
},
result: &Iam{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true, IamProjectID: "IamProject"},
result: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true, IAMProjectID: "IamProject"},
},
}
for _, tt := range tests {
@ -66,8 +66,8 @@ func TestProjectRoleAppendEvent(t *testing.T) {
if tt.args.iam.GlobalOrgID != tt.result.GlobalOrgID {
t.Errorf("got wrong result GlobalOrgID: expected: %v, actual: %v ", tt.result.GlobalOrgID, tt.args.iam.GlobalOrgID)
}
if tt.args.iam.IamProjectID != tt.result.IamProjectID {
t.Errorf("got wrong result IamProjectID: expected: %v, actual: %v ", tt.result.IamProjectID, tt.args.iam.IamProjectID)
if tt.args.iam.IAMProjectID != tt.result.IAMProjectID {
t.Errorf("got wrong result IAMProjectID: expected: %v, actual: %v ", tt.result.IAMProjectID, tt.args.iam.IAMProjectID)
}
})
}

View File

@ -0,0 +1,151 @@
package model
import (
"bytes"
"encoding/json"
"github.com/caos/logging"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/model"
)
type IDPConfig struct {
es_models.ObjectRoot
IDPConfigID string `json:"idpConfigId"`
State int32 `json:"-"`
Name string `json:"name,omitempty"`
Type int32 `json:"idpType,omitempty"`
LogoSrc []byte `json:"logoSrc,omitempty"`
OIDCIDPConfig *OIDCIDPConfig `json:"-"`
}
type IDPConfigID struct {
es_models.ObjectRoot
IDPConfigID string `json:"idpConfigId"`
}
func GetIDPConfig(idps []*IDPConfig, id string) (int, *IDPConfig) {
for i, idp := range idps {
if idp.IDPConfigID == id {
return i, idp
}
}
return -1, nil
}
func (c *IDPConfig) Changes(changed *IDPConfig) map[string]interface{} {
changes := make(map[string]interface{}, 1)
changes["idpConfigId"] = c.IDPConfigID
if changed.Name != "" && c.Name != changed.Name {
changes["name"] = changed.Name
}
if changed.LogoSrc != nil && bytes.Equal(c.LogoSrc, changed.LogoSrc) {
changes["logoSrc"] = changed.LogoSrc
}
return changes
}
func IDPConfigsToModel(idps []*IDPConfig) []*model.IDPConfig {
convertedIDPConfigs := make([]*model.IDPConfig, len(idps))
for i, idp := range idps {
convertedIDPConfigs[i] = IDPConfigToModel(idp)
}
return convertedIDPConfigs
}
func IDPConfigsFromModel(idps []*model.IDPConfig) []*IDPConfig {
convertedIDPConfigs := make([]*IDPConfig, len(idps))
for i, idp := range idps {
convertedIDPConfigs[i] = IDPConfigFromModel(idp)
}
return convertedIDPConfigs
}
func IDPConfigFromModel(idp *model.IDPConfig) *IDPConfig {
converted := &IDPConfig{
ObjectRoot: idp.ObjectRoot,
IDPConfigID: idp.IDPConfigID,
Name: idp.Name,
State: int32(idp.State),
Type: int32(idp.Type),
LogoSrc: idp.LogoSrc,
}
if idp.OIDCConfig != nil {
converted.OIDCIDPConfig = OIDCIDPConfigFromModel(idp.OIDCConfig)
}
return converted
}
func IDPConfigToModel(idp *IDPConfig) *model.IDPConfig {
converted := &model.IDPConfig{
ObjectRoot: idp.ObjectRoot,
IDPConfigID: idp.IDPConfigID,
Name: idp.Name,
LogoSrc: idp.LogoSrc,
State: model.IDPConfigState(idp.State),
Type: model.IdpConfigType(idp.Type),
}
if idp.OIDCIDPConfig != nil {
converted.OIDCConfig = OIDCIDPConfigToModel(idp.OIDCIDPConfig)
}
return converted
}
func (iam *IAM) appendAddIDPConfigEvent(event *es_models.Event) error {
idp := new(IDPConfig)
err := idp.SetData(event)
if err != nil {
return err
}
idp.ObjectRoot.CreationDate = event.CreationDate
iam.IDPs = append(iam.IDPs, idp)
return nil
}
func (iam *IAM) appendChangeIDPConfigEvent(event *es_models.Event) error {
idp := new(IDPConfig)
err := idp.SetData(event)
if err != nil {
return err
}
if i, idpConfig := GetIDPConfig(iam.IDPs, idp.IDPConfigID); idpConfig != nil {
iam.IDPs[i].SetData(event)
}
return nil
}
func (iam *IAM) appendRemoveIDPConfigEvent(event *es_models.Event) error {
idp := new(IDPConfig)
err := idp.SetData(event)
if err != nil {
return err
}
if i, idpConfig := GetIDPConfig(iam.IDPs, idp.IDPConfigID); idpConfig != nil {
iam.IDPs[i] = iam.IDPs[len(iam.IDPs)-1]
iam.IDPs[len(iam.IDPs)-1] = nil
iam.IDPs = iam.IDPs[:len(iam.IDPs)-1]
}
return nil
}
func (iam *IAM) appendIDPConfigStateEvent(event *es_models.Event, state model.IDPConfigState) error {
idp := new(IDPConfig)
err := idp.SetData(event)
if err != nil {
return err
}
if i, idpConfig := GetIDPConfig(iam.IDPs, idp.IDPConfigID); idpConfig != nil {
idpConfig.State = int32(state)
iam.IDPs[i] = idpConfig
}
return nil
}
func (c *IDPConfig) SetData(event *es_models.Event) error {
c.ObjectRoot.AppendEvent(event)
if err := json.Unmarshal(event.Data, c); err != nil {
logging.Log("EVEN-Msj9w").WithError(err).Error("could not unmarshal event data")
return err
}
return nil
}

View File

@ -0,0 +1,213 @@
package model
import (
"encoding/json"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/model"
"testing"
)
func TestIdpConfigChanges(t *testing.T) {
type args struct {
existing *IDPConfig
new *IDPConfig
}
type res struct {
changesLen int
}
tests := []struct {
name string
args args
res res
}{
{
name: "idp config name changes",
args: args{
existing: &IDPConfig{IDPConfigID: "IDPConfigID", Name: "Name"},
new: &IDPConfig{IDPConfigID: "IDPConfigID", Name: "NameChanged"},
},
res: res{
changesLen: 2,
},
},
{
name: "no changes",
args: args{
existing: &IDPConfig{IDPConfigID: "IDPConfigID", Name: "Name"},
new: &IDPConfig{IDPConfigID: "IDPConfigID", Name: "Name"},
},
res: res{
changesLen: 1,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
changes := tt.args.existing.Changes(tt.args.new)
if len(changes) != tt.res.changesLen {
t.Errorf("got wrong changes len: expected: %v, actual: %v ", tt.res.changesLen, len(changes))
}
})
}
}
func TestAppendAddIdpConfigEvent(t *testing.T) {
type args struct {
iam *IAM
idp *IDPConfig
event *es_models.Event
}
tests := []struct {
name string
args args
result *IAM
}{
{
name: "append add idp config event",
args: args{
iam: &IAM{},
idp: &IDPConfig{Name: "IDPConfig"},
event: &es_models.Event{},
},
result: &IAM{IDPs: []*IDPConfig{&IDPConfig{Name: "IDPConfig"}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.idp != nil {
data, _ := json.Marshal(tt.args.idp)
tt.args.event.Data = data
}
tt.args.iam.appendAddIDPConfigEvent(tt.args.event)
if len(tt.args.iam.IDPs) != 1 {
t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.iam.IDPs))
}
if tt.args.iam.IDPs[0] == tt.result.IDPs[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.iam.IDPs[0])
}
})
}
}
func TestAppendChangeIdpConfigEvent(t *testing.T) {
type args struct {
iam *IAM
idpConfig *IDPConfig
event *es_models.Event
}
tests := []struct {
name string
args args
result *IAM
}{
{
name: "append change idp config event",
args: args{
iam: &IAM{IDPs: []*IDPConfig{&IDPConfig{Name: "IDPConfig"}}},
idpConfig: &IDPConfig{Name: "IDPConfig Change"},
event: &es_models.Event{},
},
result: &IAM{IDPs: []*IDPConfig{&IDPConfig{Name: "IDPConfig Change"}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.idpConfig != nil {
data, _ := json.Marshal(tt.args.idpConfig)
tt.args.event.Data = data
}
tt.args.iam.appendChangeIDPConfigEvent(tt.args.event)
if len(tt.args.iam.IDPs) != 1 {
t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.iam.IDPs))
}
if tt.args.iam.IDPs[0] == tt.result.IDPs[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.iam.IDPs[0])
}
})
}
}
func TestAppendRemoveIDPEvent(t *testing.T) {
type args struct {
iam *IAM
idp *IDPConfig
event *es_models.Event
}
tests := []struct {
name string
args args
result *IAM
}{
{
name: "append remove idp config event",
args: args{
iam: &IAM{IDPs: []*IDPConfig{&IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig"}}},
idp: &IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig"},
event: &es_models.Event{},
},
result: &IAM{IDPs: []*IDPConfig{}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.idp != nil {
data, _ := json.Marshal(tt.args.idp)
tt.args.event.Data = data
}
tt.args.iam.appendRemoveIDPConfigEvent(tt.args.event)
if len(tt.args.iam.IDPs) != 0 {
t.Errorf("got wrong result should have no apps actual: %v ", len(tt.args.iam.IDPs))
}
})
}
}
func TestAppendAppStateEvent(t *testing.T) {
type args struct {
iam *IAM
idp *IDPConfig
event *es_models.Event
state model.IDPConfigState
}
tests := []struct {
name string
args args
result *IAM
}{
{
name: "append deactivate application event",
args: args{
iam: &IAM{IDPs: []*IDPConfig{&IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig", State: int32(model.IDPConfigStateActive)}}},
idp: &IDPConfig{IDPConfigID: "IDPConfigID"},
event: &es_models.Event{},
state: model.IDPConfigStateInactive,
},
result: &IAM{IDPs: []*IDPConfig{&IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig", State: int32(model.IDPConfigStateInactive)}}},
},
{
name: "append reactivate application event",
args: args{
iam: &IAM{IDPs: []*IDPConfig{&IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig", State: int32(model.IDPConfigStateInactive)}}},
idp: &IDPConfig{IDPConfigID: "IDPConfigID"},
event: &es_models.Event{},
state: model.IDPConfigStateActive,
},
result: &IAM{IDPs: []*IDPConfig{&IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig", State: int32(model.IDPConfigStateActive)}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.idp != nil {
data, _ := json.Marshal(tt.args.idp)
tt.args.event.Data = data
}
tt.args.iam.appendIDPConfigStateEvent(tt.args.event, tt.args.state)
if len(tt.args.iam.IDPs) != 1 {
t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.iam.IDPs))
}
if tt.args.iam.IDPs[0] == tt.result.IDPs[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.iam.IDPs[0])
}
})
}
}

View File

@ -0,0 +1,164 @@
package model
import (
"encoding/json"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
)
type LoginPolicy struct {
models.ObjectRoot
State int32 `json:"-"`
AllowUsernamePassword bool `json:"allowUsernamePassword"`
AllowRegister bool `json:"allowRegister"`
AllowExternalIdp bool `json:"allowExternalIdp"`
IDPProviders []*IDPProvider `json:"-"`
}
type IDPProvider struct {
models.ObjectRoot
Type int32 `json:"idpProviderType"`
IDPConfigID string `json:"idpConfigId"`
}
type IDPProviderID struct {
IDPConfigID string `json:"idpConfigId"`
}
func GetIDPProvider(providers []*IDPProvider, id string) (int, *IDPProvider) {
for i, p := range providers {
if p.IDPConfigID == id {
return i, p
}
}
return -1, nil
}
func LoginPolicyToModel(policy *LoginPolicy) *iam_model.LoginPolicy {
idps := IDPProvidersToModel(policy.IDPProviders)
return &iam_model.LoginPolicy{
ObjectRoot: policy.ObjectRoot,
State: iam_model.PolicyState(policy.State),
AllowUsernamePassword: policy.AllowUsernamePassword,
AllowRegister: policy.AllowRegister,
AllowExternalIdp: policy.AllowExternalIdp,
IDPProviders: idps,
}
}
func LoginPolicyFromModel(policy *iam_model.LoginPolicy) *LoginPolicy {
idps := IDOProvidersFromModel(policy.IDPProviders)
return &LoginPolicy{
ObjectRoot: policy.ObjectRoot,
State: int32(policy.State),
AllowUsernamePassword: policy.AllowUsernamePassword,
AllowRegister: policy.AllowRegister,
AllowExternalIdp: policy.AllowExternalIdp,
IDPProviders: idps,
}
}
func IDPProvidersToModel(members []*IDPProvider) []*iam_model.IDPProvider {
convertedProviders := make([]*iam_model.IDPProvider, len(members))
for i, m := range members {
convertedProviders[i] = IDPProviderToModel(m)
}
return convertedProviders
}
func IDOProvidersFromModel(members []*iam_model.IDPProvider) []*IDPProvider {
convertedProviders := make([]*IDPProvider, len(members))
for i, m := range members {
convertedProviders[i] = IDPProviderFromModel(m)
}
return convertedProviders
}
func IDPProviderToModel(provider *IDPProvider) *iam_model.IDPProvider {
return &iam_model.IDPProvider{
ObjectRoot: provider.ObjectRoot,
Type: iam_model.IDPProviderType(provider.Type),
IdpConfigID: provider.IDPConfigID,
}
}
func IDPProviderFromModel(provider *iam_model.IDPProvider) *IDPProvider {
return &IDPProvider{
ObjectRoot: provider.ObjectRoot,
Type: int32(provider.Type),
IDPConfigID: provider.IdpConfigID,
}
}
func (p *LoginPolicy) Changes(changed *LoginPolicy) map[string]interface{} {
changes := make(map[string]interface{}, 2)
if changed.AllowUsernamePassword != p.AllowUsernamePassword {
changes["allowUsernamePassword"] = changed.AllowUsernamePassword
}
if changed.AllowRegister != p.AllowRegister {
changes["allowRegister"] = changed.AllowRegister
}
if changed.AllowExternalIdp != p.AllowExternalIdp {
changes["allowExternalIdp"] = changed.AllowExternalIdp
}
return changes
}
func (i *IAM) appendAddLoginPolicyEvent(event *es_models.Event) error {
i.DefaultLoginPolicy = new(LoginPolicy)
err := i.DefaultLoginPolicy.SetData(event)
if err != nil {
return err
}
i.DefaultLoginPolicy.ObjectRoot.CreationDate = event.CreationDate
return nil
}
func (i *IAM) appendChangeLoginPolicyEvent(event *es_models.Event) error {
return i.DefaultLoginPolicy.SetData(event)
}
func (iam *IAM) appendAddIDPProviderToLoginPolicyEvent(event *es_models.Event) error {
provider := new(IDPProvider)
err := provider.SetData(event)
if err != nil {
return err
}
provider.ObjectRoot.CreationDate = event.CreationDate
iam.DefaultLoginPolicy.IDPProviders = append(iam.DefaultLoginPolicy.IDPProviders, provider)
return nil
}
func (iam *IAM) appendRemoveIDPProviderFromLoginPolicyEvent(event *es_models.Event) error {
provider := new(IDPProvider)
err := provider.SetData(event)
if err != nil {
return err
}
if i, m := GetIDPProvider(iam.DefaultLoginPolicy.IDPProviders, provider.IDPConfigID); m != nil {
iam.DefaultLoginPolicy.IDPProviders[i] = iam.DefaultLoginPolicy.IDPProviders[len(iam.DefaultLoginPolicy.IDPProviders)-1]
iam.DefaultLoginPolicy.IDPProviders[len(iam.DefaultLoginPolicy.IDPProviders)-1] = nil
iam.DefaultLoginPolicy.IDPProviders = iam.DefaultLoginPolicy.IDPProviders[:len(iam.DefaultLoginPolicy.IDPProviders)-1]
}
return nil
}
func (p *LoginPolicy) SetData(event *es_models.Event) error {
err := json.Unmarshal(event.Data, p)
if err != nil {
return errors.ThrowInternal(err, "EVENT-7JS9d", "unable to unmarshal data")
}
return nil
}
func (p *IDPProvider) SetData(event *es_models.Event) error {
err := json.Unmarshal(event.Data, p)
if err != nil {
return errors.ThrowInternal(err, "EVENT-ldos9", "unable to unmarshal data")
}
return nil
}

View File

@ -0,0 +1,253 @@
package model
import (
"encoding/json"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/model"
"testing"
)
func TestLoginPolicyChanges(t *testing.T) {
type args struct {
existing *LoginPolicy
new *LoginPolicy
}
type res struct {
changesLen int
}
tests := []struct {
name string
args args
res res
}{
{
name: "loginpolicy all attributes change",
args: args{
existing: &LoginPolicy{AllowUsernamePassword: false, AllowRegister: false, AllowExternalIdp: false},
new: &LoginPolicy{AllowUsernamePassword: true, AllowRegister: true, AllowExternalIdp: true},
},
res: res{
changesLen: 3,
},
},
{
name: "no changes",
args: args{
existing: &LoginPolicy{AllowUsernamePassword: false, AllowRegister: false, AllowExternalIdp: false},
new: &LoginPolicy{AllowUsernamePassword: false, AllowRegister: false, AllowExternalIdp: false},
},
res: res{
changesLen: 0,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
changes := tt.args.existing.Changes(tt.args.new)
if len(changes) != tt.res.changesLen {
t.Errorf("got wrong changes len: expected: %v, actual: %v ", tt.res.changesLen, len(changes))
}
})
}
}
func TestAppendAddLoginPolicyEvent(t *testing.T) {
type args struct {
iam *IAM
policy *LoginPolicy
event *es_models.Event
}
tests := []struct {
name string
args args
result *IAM
}{
{
name: "append add login policy event",
args: args{
iam: new(IAM),
policy: &LoginPolicy{AllowUsernamePassword: true, AllowRegister: true, AllowExternalIdp: true},
event: new(es_models.Event),
},
result: &IAM{DefaultLoginPolicy: &LoginPolicy{AllowUsernamePassword: true, AllowRegister: true, AllowExternalIdp: true}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.policy != nil {
data, _ := json.Marshal(tt.args.policy)
tt.args.event.Data = data
}
tt.args.iam.appendAddLoginPolicyEvent(tt.args.event)
if tt.result.DefaultLoginPolicy.AllowUsernamePassword != tt.args.iam.DefaultLoginPolicy.AllowUsernamePassword {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowUsernamePassword, tt.args.iam.DefaultLoginPolicy.AllowUsernamePassword)
}
if tt.result.DefaultLoginPolicy.AllowRegister != tt.args.iam.DefaultLoginPolicy.AllowRegister {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowRegister, tt.args.iam.DefaultLoginPolicy.AllowRegister)
}
if tt.result.DefaultLoginPolicy.AllowExternalIdp != tt.args.iam.DefaultLoginPolicy.AllowExternalIdp {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowExternalIdp, tt.args.iam.DefaultLoginPolicy.AllowExternalIdp)
}
})
}
}
func TestAppendChangeLoginPolicyEvent(t *testing.T) {
type args struct {
iam *IAM
policy *LoginPolicy
event *es_models.Event
}
tests := []struct {
name string
args args
result *IAM
}{
{
name: "append change login policy event",
args: args{
iam: &IAM{DefaultLoginPolicy: &LoginPolicy{
AllowExternalIdp: false,
AllowRegister: false,
AllowUsernamePassword: false,
}},
policy: &LoginPolicy{AllowUsernamePassword: true, AllowRegister: true, AllowExternalIdp: true},
event: &es_models.Event{},
},
result: &IAM{DefaultLoginPolicy: &LoginPolicy{
AllowExternalIdp: true,
AllowRegister: true,
AllowUsernamePassword: true,
}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.policy != nil {
data, _ := json.Marshal(tt.args.policy)
tt.args.event.Data = data
}
tt.args.iam.appendChangeLoginPolicyEvent(tt.args.event)
if tt.result.DefaultLoginPolicy.AllowUsernamePassword != tt.args.iam.DefaultLoginPolicy.AllowUsernamePassword {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowUsernamePassword, tt.args.iam.DefaultLoginPolicy.AllowUsernamePassword)
}
if tt.result.DefaultLoginPolicy.AllowRegister != tt.args.iam.DefaultLoginPolicy.AllowRegister {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowRegister, tt.args.iam.DefaultLoginPolicy.AllowRegister)
}
if tt.result.DefaultLoginPolicy.AllowExternalIdp != tt.args.iam.DefaultLoginPolicy.AllowExternalIdp {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowExternalIdp, tt.args.iam.DefaultLoginPolicy.AllowExternalIdp)
}
})
}
}
func TestAppendAddIdpToPolicyEvent(t *testing.T) {
type args struct {
iam *IAM
provider *IDPProvider
event *es_models.Event
}
tests := []struct {
name string
args args
result *IAM
}{
{
name: "append add idp to login policy event",
args: args{
iam: &IAM{DefaultLoginPolicy: &LoginPolicy{AllowExternalIdp: true, AllowRegister: true, AllowUsernamePassword: true}},
provider: &IDPProvider{Type: int32(model.IDPProviderTypeSystem), IDPConfigID: "IDPConfigID"},
event: &es_models.Event{},
},
result: &IAM{DefaultLoginPolicy: &LoginPolicy{
AllowExternalIdp: true,
AllowRegister: true,
AllowUsernamePassword: true,
IDPProviders: []*IDPProvider{
{IDPConfigID: "IDPConfigID", Type: int32(model.IDPProviderTypeSystem)},
}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.provider != nil {
data, _ := json.Marshal(tt.args.provider)
tt.args.event.Data = data
}
tt.args.iam.appendAddIDPProviderToLoginPolicyEvent(tt.args.event)
if tt.result.DefaultLoginPolicy.AllowUsernamePassword != tt.args.iam.DefaultLoginPolicy.AllowUsernamePassword {
t.Errorf("got wrong result AllowUsernamePassword: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowUsernamePassword, tt.args.iam.DefaultLoginPolicy.AllowUsernamePassword)
}
if tt.result.DefaultLoginPolicy.AllowRegister != tt.args.iam.DefaultLoginPolicy.AllowRegister {
t.Errorf("got wrong result AllowRegister: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowRegister, tt.args.iam.DefaultLoginPolicy.AllowRegister)
}
if tt.result.DefaultLoginPolicy.AllowExternalIdp != tt.args.iam.DefaultLoginPolicy.AllowExternalIdp {
t.Errorf("got wrong result AllowExternalIDP: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowExternalIdp, tt.args.iam.DefaultLoginPolicy.AllowExternalIdp)
}
if len(tt.result.DefaultLoginPolicy.IDPProviders) != len(tt.args.iam.DefaultLoginPolicy.IDPProviders) {
t.Errorf("got wrong idp provider len: expected: %v, actual: %v ", len(tt.result.DefaultLoginPolicy.IDPProviders), len(tt.args.iam.DefaultLoginPolicy.IDPProviders))
}
if tt.result.DefaultLoginPolicy.IDPProviders[0].Type != tt.args.provider.Type {
t.Errorf("got wrong idp provider type: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.IDPProviders[0].Type, tt.args.provider.Type)
}
if tt.result.DefaultLoginPolicy.IDPProviders[0].IDPConfigID != tt.args.provider.IDPConfigID {
t.Errorf("got wrong idp provider idpconfigid: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.IDPProviders[0].IDPConfigID, tt.args.provider.IDPConfigID)
}
})
}
}
func TestRemoveAddIdpToPolicyEvent(t *testing.T) {
type args struct {
iam *IAM
provider *IDPProvider
event *es_models.Event
}
tests := []struct {
name string
args args
result *IAM
}{
{
name: "append add idp to login policy event",
args: args{
iam: &IAM{
DefaultLoginPolicy: &LoginPolicy{
AllowExternalIdp: true,
AllowRegister: true,
AllowUsernamePassword: true,
IDPProviders: []*IDPProvider{
{IDPConfigID: "IDPConfigID", Type: int32(model.IDPProviderTypeSystem)},
}}},
provider: &IDPProvider{Type: int32(model.IDPProviderTypeSystem), IDPConfigID: "IDPConfigID"},
event: &es_models.Event{},
},
result: &IAM{DefaultLoginPolicy: &LoginPolicy{
AllowExternalIdp: true,
AllowRegister: true,
AllowUsernamePassword: true,
IDPProviders: []*IDPProvider{}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.provider != nil {
data, _ := json.Marshal(tt.args.provider)
tt.args.event.Data = data
}
tt.args.iam.appendRemoveIDPProviderFromLoginPolicyEvent(tt.args.event)
if tt.result.DefaultLoginPolicy.AllowUsernamePassword != tt.args.iam.DefaultLoginPolicy.AllowUsernamePassword {
t.Errorf("got wrong result AllowUsernamePassword: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowUsernamePassword, tt.args.iam.DefaultLoginPolicy.AllowUsernamePassword)
}
if tt.result.DefaultLoginPolicy.AllowRegister != tt.args.iam.DefaultLoginPolicy.AllowRegister {
t.Errorf("got wrong result AllowRegister: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowRegister, tt.args.iam.DefaultLoginPolicy.AllowRegister)
}
if tt.result.DefaultLoginPolicy.AllowExternalIdp != tt.args.iam.DefaultLoginPolicy.AllowExternalIdp {
t.Errorf("got wrong result AllowExternalIDP: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowExternalIdp, tt.args.iam.DefaultLoginPolicy.AllowExternalIdp)
}
if len(tt.result.DefaultLoginPolicy.IDPProviders) != len(tt.args.iam.DefaultLoginPolicy.IDPProviders) {
t.Errorf("got wrong idp provider len: expected: %v, actual: %v ", len(tt.result.DefaultLoginPolicy.IDPProviders), len(tt.args.iam.DefaultLoginPolicy.IDPProviders))
}
})
}
}

View File

@ -0,0 +1,96 @@
package model
import (
"encoding/json"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/crypto"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/model"
"github.com/lib/pq"
"reflect"
)
type OIDCIDPConfig struct {
es_models.ObjectRoot
IDPConfigID string `json:"idpConfigId"`
ClientID string `json:"clientId"`
ClientSecret *crypto.CryptoValue `json:"clientSecret,omitempty"`
Issuer string `json:"issuer,omitempty"`
Scopes pq.StringArray `json:"scopes,omitempty"`
}
func (c *OIDCIDPConfig) Changes(changed *OIDCIDPConfig) map[string]interface{} {
changes := make(map[string]interface{}, 1)
changes["idpConfigId"] = c.IDPConfigID
if c.ClientID != changed.ClientID {
changes["clientId"] = changed.ClientID
}
if c.ClientSecret != nil {
changes["clientSecret"] = changed.ClientSecret
}
if c.Issuer != changed.Issuer {
changes["issuer"] = changed.Issuer
}
if !reflect.DeepEqual(c.Scopes, changed.Scopes) {
changes["scopes"] = changed.Scopes
}
return changes
}
func OIDCIDPConfigFromModel(config *model.OIDCIDPConfig) *OIDCIDPConfig {
return &OIDCIDPConfig{
ObjectRoot: config.ObjectRoot,
IDPConfigID: config.IDPConfigID,
ClientID: config.ClientID,
ClientSecret: config.ClientSecret,
Issuer: config.Issuer,
Scopes: config.Scopes,
}
}
func OIDCIDPConfigToModel(config *OIDCIDPConfig) *model.OIDCIDPConfig {
return &model.OIDCIDPConfig{
ObjectRoot: config.ObjectRoot,
IDPConfigID: config.IDPConfigID,
ClientID: config.ClientID,
ClientSecret: config.ClientSecret,
Issuer: config.Issuer,
Scopes: config.Scopes,
}
}
func (iam *IAM) appendAddOIDCIDPConfigEvent(event *es_models.Event) error {
config := new(OIDCIDPConfig)
err := config.SetData(event)
if err != nil {
return err
}
config.ObjectRoot.CreationDate = event.CreationDate
if i, idpConfig := GetIDPConfig(iam.IDPs, config.IDPConfigID); idpConfig != nil {
iam.IDPs[i].Type = int32(model.IDPConfigTypeOIDC)
iam.IDPs[i].OIDCIDPConfig = config
}
return nil
}
func (iam *IAM) appendChangeOIDCIDPConfigEvent(event *es_models.Event) error {
config := new(OIDCIDPConfig)
err := config.SetData(event)
if err != nil {
return err
}
if i, idpConfig := GetIDPConfig(iam.IDPs, config.IDPConfigID); idpConfig != nil {
iam.IDPs[i].OIDCIDPConfig.SetData(event)
}
return nil
}
func (o *OIDCIDPConfig) SetData(event *es_models.Event) error {
o.ObjectRoot.AppendEvent(event)
if err := json.Unmarshal(event.Data, o); err != nil {
logging.Log("EVEN-Msh8s").WithError(err).Error("could not unmarshal event data")
return err
}
return nil
}

View File

@ -0,0 +1,156 @@
package model
import (
"encoding/json"
"github.com/caos/zitadel/internal/crypto"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"testing"
)
func TestOIDCIdpConfigChanges(t *testing.T) {
type args struct {
existing *OIDCIDPConfig
new *OIDCIDPConfig
}
type res struct {
changesLen int
}
tests := []struct {
name string
args args
res res
}{
{
name: "all possible values change",
args: args{
existing: &OIDCIDPConfig{
IDPConfigID: "IDPConfigID",
ClientID: "ClientID",
ClientSecret: &crypto.CryptoValue{KeyID: "KeyID"},
Issuer: "Issuer",
Scopes: []string{"scope1"},
},
new: &OIDCIDPConfig{
IDPConfigID: "IDPConfigID",
ClientID: "ClientID2",
ClientSecret: &crypto.CryptoValue{KeyID: "KeyID2"},
Issuer: "Issuer2",
Scopes: []string{"scope1", "scope2"},
},
},
res: res{
changesLen: 5,
},
},
{
name: "no changes",
args: args{
existing: &OIDCIDPConfig{
IDPConfigID: "IDPConfigID",
ClientID: "ClientID",
Issuer: "Issuer",
Scopes: []string{"scope1"},
},
new: &OIDCIDPConfig{
IDPConfigID: "IDPConfigID",
ClientID: "ClientID",
Issuer: "Issuer",
Scopes: []string{"scope1"},
},
},
res: res{
changesLen: 1,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
changes := tt.args.existing.Changes(tt.args.new)
if len(changes) != tt.res.changesLen {
t.Errorf("got wrong changes len: expected: %v, actual: %v ", tt.res.changesLen, len(changes))
}
})
}
}
func TestAppendAddOIDCIdpConfigEvent(t *testing.T) {
type args struct {
iam *IAM
config *OIDCIDPConfig
event *es_models.Event
}
tests := []struct {
name string
args args
result *IAM
}{
{
name: "append add oidc idp config event",
args: args{
iam: &IAM{IDPs: []*IDPConfig{&IDPConfig{IDPConfigID: "IDPConfigID"}}},
config: &OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"},
event: &es_models.Event{},
},
result: &IAM{IDPs: []*IDPConfig{&IDPConfig{IDPConfigID: "IDPConfigID", OIDCIDPConfig: &OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"}}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.config != nil {
data, _ := json.Marshal(tt.args.config)
tt.args.event.Data = data
}
tt.args.iam.appendAddOIDCIDPConfigEvent(tt.args.event)
if len(tt.args.iam.IDPs) != 1 {
t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.iam.IDPs))
}
if tt.args.iam.IDPs[0].OIDCIDPConfig == nil {
t.Errorf("got wrong result should have oidc config actual: %v ", tt.args.iam.IDPs[0].OIDCIDPConfig)
}
if tt.args.iam.IDPs[0] == tt.result.IDPs[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.iam.IDPs[0])
}
})
}
}
func TestAppendChangeOIDCIdpConfigEvent(t *testing.T) {
type args struct {
iam *IAM
config *OIDCIDPConfig
event *es_models.Event
}
tests := []struct {
name string
args args
result *IAM
}{
{
name: "append change oidc idp config event",
args: args{
iam: &IAM{IDPs: []*IDPConfig{&IDPConfig{IDPConfigID: "IDPConfigID", OIDCIDPConfig: &OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"}}}},
config: &OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID Changed"},
event: &es_models.Event{},
},
result: &IAM{IDPs: []*IDPConfig{&IDPConfig{IDPConfigID: "IDPConfigID", OIDCIDPConfig: &OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID Changed"}}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.config != nil {
data, _ := json.Marshal(tt.args.config)
tt.args.event.Data = data
}
tt.args.iam.appendChangeOIDCIDPConfigEvent(tt.args.event)
if len(tt.args.iam.IDPs) != 1 {
t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.iam.IDPs))
}
if tt.args.iam.IDPs[0].OIDCIDPConfig == nil {
t.Errorf("got wrong result should have oidc config actual: %v ", tt.args.iam.IDPs[0].OIDCIDPConfig)
}
if tt.args.iam.IDPs[0] == tt.result.IDPs[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.iam.IDPs[0])
}
})
}
}

View File

@ -3,13 +3,31 @@ package model
import "github.com/caos/zitadel/internal/eventstore/models"
const (
IamAggregate models.AggregateType = "iam"
IAMAggregate models.AggregateType = "iam"
IamSetupStarted models.EventType = "iam.setup.started"
IamSetupDone models.EventType = "iam.setup.done"
IAMSetupStarted models.EventType = "iam.setup.started"
IAMSetupDone models.EventType = "iam.setup.done"
GlobalOrgSet models.EventType = "iam.global.org.set"
IamProjectSet models.EventType = "iam.project.iam.set"
IamMemberAdded models.EventType = "iam.member.added"
IamMemberChanged models.EventType = "iam.member.changed"
IamMemberRemoved models.EventType = "iam.member.removed"
IAMProjectSet models.EventType = "iam.project.iam.set"
IAMMemberAdded models.EventType = "iam.member.added"
IAMMemberChanged models.EventType = "iam.member.changed"
IAMMemberRemoved models.EventType = "iam.member.removed"
IDPConfigAdded models.EventType = "iam.idp.config.added"
IDPConfigChanged models.EventType = "iam.idp.config.changed"
IDPConfigRemoved models.EventType = "iam.idp.config.removed"
IDPConfigDeactivated models.EventType = "iam.idp.config.deactivated"
IDPConfigReactivated models.EventType = "iam.idp.config.reactivated"
OIDCIDPConfigAdded models.EventType = "iam.idp.oidc.config.added"
OIDCIDPConfigChanged models.EventType = "iam.idp.oidc.config.changed"
SAMLIDPConfigAdded models.EventType = "iam.idp.saml.config.added"
SAMLIDPConfigChanged models.EventType = "iam.idp.saml.config.changed"
LoginPolicyAdded models.EventType = "iam.policy.login.added"
LoginPolicyChanged models.EventType = "iam.policy.login.changed"
LoginPolicyIDPProviderAdded models.EventType = "iam.policy.login.idpprovider.added"
LoginPolicyIDPProviderRemoved models.EventType = "iam.policy.login.idpprovider.removed"
LoginPolicyIDPProviderCascadeRemoved models.EventType = "iam.policy.login.idpprovider.cascade.removed"
)

View File

@ -9,38 +9,38 @@ import (
"github.com/jinzhu/gorm"
)
func IamMemberByIDs(db *gorm.DB, table, orgID, userID string) (*model.IamMemberView, error) {
member := new(model.IamMemberView)
func IAMMemberByIDs(db *gorm.DB, table, orgID, userID string) (*model.IAMMemberView, error) {
member := new(model.IAMMemberView)
iamIDQuery := &model.IamMemberSearchQuery{Key: iam_model.IamMemberSearchKeyIamID, Value: orgID, Method: global_model.SearchMethodEquals}
userIDQuery := &model.IamMemberSearchQuery{Key: iam_model.IamMemberSearchKeyUserID, Value: userID, Method: global_model.SearchMethodEquals}
iamIDQuery := &model.IAMMemberSearchQuery{Key: iam_model.IAMMemberSearchKeyIamID, Value: orgID, Method: global_model.SearchMethodEquals}
userIDQuery := &model.IAMMemberSearchQuery{Key: iam_model.IAMMemberSearchKeyUserID, Value: userID, Method: global_model.SearchMethodEquals}
query := repository.PrepareGetByQuery(table, iamIDQuery, userIDQuery)
err := query(db, member)
if caos_errs.IsNotFound(err) {
return nil, caos_errs.ThrowNotFound(nil, "VIEW-Ahq2s", "Errors.Iam.MemberNotExisting")
return nil, caos_errs.ThrowNotFound(nil, "VIEW-Ahq2s", "Errors.IAM.MemberNotExisting")
}
return member, err
}
func SearchIamMembers(db *gorm.DB, table string, req *iam_model.IamMemberSearchRequest) ([]*model.IamMemberView, uint64, error) {
members := make([]*model.IamMemberView, 0)
query := repository.PrepareSearchQuery(table, model.IamMemberSearchRequest{Limit: req.Limit, Offset: req.Offset, Queries: req.Queries})
func SearchIAMMembers(db *gorm.DB, table string, req *iam_model.IAMMemberSearchRequest) ([]*model.IAMMemberView, uint64, error) {
members := make([]*model.IAMMemberView, 0)
query := repository.PrepareSearchQuery(table, model.IAMMemberSearchRequest{Limit: req.Limit, Offset: req.Offset, Queries: req.Queries})
count, err := query(db, &members)
if err != nil {
return nil, 0, err
}
return members, count, nil
}
func IamMembersByUserID(db *gorm.DB, table string, userID string) ([]*model.IamMemberView, error) {
members := make([]*model.IamMemberView, 0)
queries := []*iam_model.IamMemberSearchQuery{
func IAMMembersByUserID(db *gorm.DB, table string, userID string) ([]*model.IAMMemberView, error) {
members := make([]*model.IAMMemberView, 0)
queries := []*iam_model.IAMMemberSearchQuery{
{
Key: iam_model.IamMemberSearchKeyUserID,
Key: iam_model.IAMMemberSearchKeyUserID,
Value: userID,
Method: global_model.SearchMethodEquals,
},
}
query := repository.PrepareSearchQuery(table, model.IamMemberSearchRequest{Queries: queries})
query := repository.PrepareSearchQuery(table, model.IAMMemberSearchRequest{Queries: queries})
_, err := query(db, &members)
if err != nil {
return nil, err
@ -48,13 +48,13 @@ func IamMembersByUserID(db *gorm.DB, table string, userID string) ([]*model.IamM
return members, nil
}
func PutIamMember(db *gorm.DB, table string, role *model.IamMemberView) error {
func PutIAMMember(db *gorm.DB, table string, role *model.IAMMemberView) error {
save := repository.PrepareSave(table)
return save(db, role)
}
func DeleteIamMember(db *gorm.DB, table, orgID, userID string) error {
member, err := IamMemberByIDs(db, table, orgID, userID)
func DeleteIAMMember(db *gorm.DB, table, orgID, userID string) error {
member, err := IAMMemberByIDs(db, table, orgID, userID)
if err != nil {
return err
}

View File

@ -0,0 +1,78 @@
package view
import (
caos_errs "github.com/caos/zitadel/internal/errors"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_model "github.com/caos/zitadel/internal/model"
"github.com/caos/zitadel/internal/view/repository"
"github.com/jinzhu/gorm"
)
func GetIDPProviderByAggregateIDAndConfigID(db *gorm.DB, table, aggregateID, idpConfigID string) (*model.IDPProviderView, error) {
policy := new(model.IDPProviderView)
aggIDQuery := &model.IDPProviderSearchQuery{Key: iam_model.IDPProviderSearchKeyAggregateID, Value: aggregateID, Method: global_model.SearchMethodEquals}
idpConfigIDQuery := &model.IDPProviderSearchQuery{Key: iam_model.IDPProviderSearchKeyIdpConfigID, Value: idpConfigID, Method: global_model.SearchMethodEquals}
query := repository.PrepareGetByQuery(table, aggIDQuery, idpConfigIDQuery)
err := query(db, policy)
if caos_errs.IsNotFound(err) {
return nil, caos_errs.ThrowNotFound(nil, "VIEW-Skvi8", "Errors.IAM.LoginPolicy.IdpProviderNotExisting")
}
return policy, err
}
func IDPProvidersByIdpConfigID(db *gorm.DB, table string, idpConfigID string) ([]*model.IDPProviderView, error) {
members := make([]*model.IDPProviderView, 0)
queries := []*iam_model.IDPProviderSearchQuery{
{
Key: iam_model.IDPProviderSearchKeyIdpConfigID,
Value: idpConfigID,
Method: global_model.SearchMethodEquals,
},
}
query := repository.PrepareSearchQuery(table, model.IDPProviderSearchRequest{Queries: queries})
_, err := query(db, &members)
if err != nil {
return nil, err
}
return members, nil
}
func SearchIDPProviders(db *gorm.DB, table string, req *iam_model.IDPProviderSearchRequest) ([]*model.IDPProviderView, uint64, error) {
providers := make([]*model.IDPProviderView, 0)
query := repository.PrepareSearchQuery(table, model.IDPProviderSearchRequest{Limit: req.Limit, Offset: req.Offset, Queries: req.Queries})
count, err := query(db, &providers)
if err != nil {
return nil, 0, err
}
return providers, count, nil
}
func PutIDPProvider(db *gorm.DB, table string, provider *model.IDPProviderView) error {
save := repository.PrepareSave(table)
return save(db, provider)
}
func PutIDPProviders(db *gorm.DB, table string, providers ...*model.IDPProviderView) error {
save := repository.PrepareBulkSave(table)
p := make([]interface{}, len(providers))
for i, provider := range providers {
p[i] = provider
}
return save(db, p...)
}
func DeleteIDPProvider(db *gorm.DB, table, aggregateID, idpConfigID string) error {
delete := repository.PrepareDeleteByKeys(table,
repository.Key{Key: model.IDPProviderSearchKey(iam_model.IDPProviderSearchKeyAggregateID), Value: aggregateID},
repository.Key{Key: model.IDPProviderSearchKey(iam_model.IDPProviderSearchKeyIdpConfigID), Value: idpConfigID},
)
return delete(db)
}
func DeleteIDPProvidersByAggregateID(db *gorm.DB, table, aggregateID string) error {
delete := repository.PrepareDeleteByKeys(table,
repository.Key{Key: model.IDPProviderSearchKey(iam_model.IDPProviderSearchKeyAggregateID), Value: aggregateID},
)
return delete(db)
}

View File

@ -0,0 +1,42 @@
package view
import (
caos_errs "github.com/caos/zitadel/internal/errors"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_model "github.com/caos/zitadel/internal/model"
"github.com/caos/zitadel/internal/view/repository"
"github.com/jinzhu/gorm"
)
func IDPByID(db *gorm.DB, table, idpID string) (*model.IDPConfigView, error) {
idp := new(model.IDPConfigView)
userIDQuery := &model.IDPConfigSearchQuery{Key: iam_model.IDPConfigSearchKeyIdpConfigID, Value: idpID, Method: global_model.SearchMethodEquals}
query := repository.PrepareGetByQuery(table, userIDQuery)
err := query(db, idp)
if caos_errs.IsNotFound(err) {
return nil, caos_errs.ThrowNotFound(nil, "VIEW-Ahq2s", "Errors.IAM.IdpNotExisting")
}
return idp, err
}
func SearchIDPs(db *gorm.DB, table string, req *iam_model.IDPConfigSearchRequest) ([]*model.IDPConfigView, uint64, error) {
idps := make([]*model.IDPConfigView, 0)
query := repository.PrepareSearchQuery(table, model.IDPConfigSearchRequest{Limit: req.Limit, Offset: req.Offset, Queries: req.Queries})
count, err := query(db, &idps)
if err != nil {
return nil, 0, err
}
return idps, count, nil
}
func PutIDP(db *gorm.DB, table string, idp *model.IDPConfigView) error {
save := repository.PrepareSave(table)
return save(db, idp)
}
func DeleteIDP(db *gorm.DB, table, idpID string) error {
delete := repository.PrepareDeleteByKey(table, model.IDPConfigSearchKey(iam_model.IDPConfigSearchKeyIdpConfigID), idpID)
return delete(db)
}

View File

@ -0,0 +1,32 @@
package view
import (
caos_errs "github.com/caos/zitadel/internal/errors"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_model "github.com/caos/zitadel/internal/model"
"github.com/caos/zitadel/internal/view/repository"
"github.com/jinzhu/gorm"
)
func GetLoginPolicyByAggregateID(db *gorm.DB, table, aggregateID string) (*model.LoginPolicyView, error) {
policy := new(model.LoginPolicyView)
userIDQuery := &model.LoginPolicySearchQuery{Key: iam_model.LoginPolicySearchKeyAggregateID, Value: aggregateID, Method: global_model.SearchMethodEquals}
query := repository.PrepareGetByQuery(table, userIDQuery)
err := query(db, policy)
if caos_errs.IsNotFound(err) {
return nil, caos_errs.ThrowNotFound(nil, "VIEW-Lso0cs", "Errors.IAM.LoginPolicy.NotExisting")
}
return policy, err
}
func PutLoginPolicy(db *gorm.DB, table string, policy *model.LoginPolicyView) error {
save := repository.PrepareSave(table)
return save(db, policy)
}
func DeleteLoginPolicy(db *gorm.DB, table, aggregateID string) error {
delete := repository.PrepareDeleteByKey(table, model.LoginPolicySearchKey(iam_model.LoginPolicySearchKeyAggregateID), aggregateID)
return delete(db)
}

View File

@ -14,17 +14,17 @@ import (
)
const (
IamMemberKeyUserID = "user_id"
IamMemberKeyIamID = "iam_id"
IamMemberKeyUserName = "user_name"
IamMemberKeyEmail = "email"
IamMemberKeyFirstName = "first_name"
IamMemberKeyLastName = "last_name"
IAMMemberKeyUserID = "user_id"
IAMMemberKeyIamID = "iam_id"
IAMMemberKeyUserName = "user_name"
IAMMemberKeyEmail = "email"
IAMMemberKeyFirstName = "first_name"
IAMMemberKeyLastName = "last_name"
)
type IamMemberView struct {
type IAMMemberView struct {
UserID string `json:"userId" gorm:"column:user_id;primary_key"`
IamID string `json:"-" gorm:"column:iam_id"`
IAMID string `json:"-" gorm:"column:iam_id"`
UserName string `json:"-" gorm:"column:user_name"`
Email string `json:"-" gorm:"column:email_address"`
FirstName string `json:"-" gorm:"column:first_name"`
@ -37,10 +37,10 @@ type IamMemberView struct {
ChangeDate time.Time `json:"-" gorm:"column:change_date"`
}
func IamMemberViewFromModel(member *model.IamMemberView) *IamMemberView {
return &IamMemberView{
func IAMMemberViewFromModel(member *model.IAMMemberView) *IAMMemberView {
return &IAMMemberView{
UserID: member.UserID,
IamID: member.IamID,
IAMID: member.IAMID,
UserName: member.UserName,
Email: member.Email,
FirstName: member.FirstName,
@ -53,10 +53,10 @@ func IamMemberViewFromModel(member *model.IamMemberView) *IamMemberView {
}
}
func IamMemberToModel(member *IamMemberView) *model.IamMemberView {
return &model.IamMemberView{
func IAMMemberToModel(member *IAMMemberView) *model.IAMMemberView {
return &model.IAMMemberView{
UserID: member.UserID,
IamID: member.IamID,
IAMID: member.IAMID,
UserName: member.UserName,
Email: member.Email,
FirstName: member.FirstName,
@ -69,33 +69,33 @@ func IamMemberToModel(member *IamMemberView) *model.IamMemberView {
}
}
func IamMembersToModel(roles []*IamMemberView) []*model.IamMemberView {
result := make([]*model.IamMemberView, len(roles))
func IAMMembersToModel(roles []*IAMMemberView) []*model.IAMMemberView {
result := make([]*model.IAMMemberView, len(roles))
for i, r := range roles {
result[i] = IamMemberToModel(r)
result[i] = IAMMemberToModel(r)
}
return result
}
func (r *IamMemberView) AppendEvent(event *models.Event) (err error) {
func (r *IAMMemberView) AppendEvent(event *models.Event) (err error) {
r.Sequence = event.Sequence
r.ChangeDate = event.CreationDate
switch event.Type {
case es_model.IamMemberAdded:
case es_model.IAMMemberAdded:
r.setRootData(event)
r.CreationDate = event.CreationDate
err = r.SetData(event)
case es_model.IamMemberChanged:
case es_model.IAMMemberChanged:
err = r.SetData(event)
}
return err
}
func (r *IamMemberView) setRootData(event *models.Event) {
r.IamID = event.AggregateID
func (r *IAMMemberView) setRootData(event *models.Event) {
r.IAMID = event.AggregateID
}
func (r *IamMemberView) SetData(event *models.Event) error {
func (r *IAMMemberView) SetData(event *models.Event) error {
if err := json.Unmarshal(event.Data, r); err != nil {
logging.Log("EVEN-Psl89").WithError(err).Error("could not unmarshal event data")
return caos_errs.ThrowInternal(err, "MODEL-lub6s", "Could not unmarshal data")

View File

@ -6,63 +6,63 @@ import (
"github.com/caos/zitadel/internal/view/repository"
)
type IamMemberSearchRequest iam_model.IamMemberSearchRequest
type IamMemberSearchQuery iam_model.IamMemberSearchQuery
type IamMemberSearchKey iam_model.IamMemberSearchKey
type IAMMemberSearchRequest iam_model.IAMMemberSearchRequest
type IAMMemberSearchQuery iam_model.IAMMemberSearchQuery
type IAMMemberSearchKey iam_model.IAMMemberSearchKey
func (req IamMemberSearchRequest) GetLimit() uint64 {
func (req IAMMemberSearchRequest) GetLimit() uint64 {
return req.Limit
}
func (req IamMemberSearchRequest) GetOffset() uint64 {
func (req IAMMemberSearchRequest) GetOffset() uint64 {
return req.Offset
}
func (req IamMemberSearchRequest) GetSortingColumn() repository.ColumnKey {
if req.SortingColumn == iam_model.IamMemberSearchKeyUnspecified {
func (req IAMMemberSearchRequest) GetSortingColumn() repository.ColumnKey {
if req.SortingColumn == iam_model.IAMMemberSearchKeyUnspecified {
return nil
}
return IamMemberSearchKey(req.SortingColumn)
return IAMMemberSearchKey(req.SortingColumn)
}
func (req IamMemberSearchRequest) GetAsc() bool {
func (req IAMMemberSearchRequest) GetAsc() bool {
return req.Asc
}
func (req IamMemberSearchRequest) GetQueries() []repository.SearchQuery {
func (req IAMMemberSearchRequest) GetQueries() []repository.SearchQuery {
result := make([]repository.SearchQuery, len(req.Queries))
for i, q := range req.Queries {
result[i] = IamMemberSearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
result[i] = IAMMemberSearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
}
return result
}
func (req IamMemberSearchQuery) GetKey() repository.ColumnKey {
return IamMemberSearchKey(req.Key)
func (req IAMMemberSearchQuery) GetKey() repository.ColumnKey {
return IAMMemberSearchKey(req.Key)
}
func (req IamMemberSearchQuery) GetMethod() global_model.SearchMethod {
func (req IAMMemberSearchQuery) GetMethod() global_model.SearchMethod {
return req.Method
}
func (req IamMemberSearchQuery) GetValue() interface{} {
func (req IAMMemberSearchQuery) GetValue() interface{} {
return req.Value
}
func (key IamMemberSearchKey) ToColumnName() string {
switch iam_model.IamMemberSearchKey(key) {
case iam_model.IamMemberSearchKeyEmail:
return IamMemberKeyEmail
case iam_model.IamMemberSearchKeyFirstName:
return IamMemberKeyFirstName
case iam_model.IamMemberSearchKeyLastName:
return IamMemberKeyLastName
case iam_model.IamMemberSearchKeyUserName:
return IamMemberKeyUserName
case iam_model.IamMemberSearchKeyUserID:
return IamMemberKeyUserID
case iam_model.IamMemberSearchKeyIamID:
return IamMemberKeyIamID
func (key IAMMemberSearchKey) ToColumnName() string {
switch iam_model.IAMMemberSearchKey(key) {
case iam_model.IAMMemberSearchKeyEmail:
return IAMMemberKeyEmail
case iam_model.IAMMemberSearchKeyFirstName:
return IAMMemberKeyFirstName
case iam_model.IAMMemberSearchKeyLastName:
return IAMMemberKeyLastName
case iam_model.IAMMemberSearchKeyUserName:
return IAMMemberKeyUserName
case iam_model.IAMMemberSearchKeyUserID:
return IAMMemberKeyUserID
case iam_model.IAMMemberSearchKeyIamID:
return IAMMemberKeyIamID
default:
return ""
}

View File

@ -0,0 +1,121 @@
package model
import (
"encoding/json"
"github.com/caos/zitadel/internal/crypto"
"time"
es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
"github.com/caos/logging"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/model"
"github.com/lib/pq"
)
const (
IDPConfigKeyIdpConfigID = "idp_config_id"
IDPConfigKeyAggregateID = "aggregate_id"
IDPConfigKeyName = "name"
IDPConfigKeyProviderType = "idp_provider_type"
)
type IDPConfigView struct {
IDPConfigID string `json:"idpConfigId" gorm:"column:idp_config_id;primary_key"`
AggregateID string `json:"-" gorm:"column:aggregate_id"`
Name string `json:"name" gorm:"column:name"`
LogoSrc []byte `json:"logoSrc" gorm:"column:logo_src"`
CreationDate time.Time `json:"-" gorm:"column:creation_date"`
ChangeDate time.Time `json:"-" gorm:"column:change_date"`
IDPState int32 `json:"-" gorm:"column:idp_state"`
IDPProviderType int32 `json:"-" gorm:"column:idp_provider_type"`
IsOIDC bool `json:"-" gorm:"column:is_oidc"`
OIDCClientID string `json:"clientId" gorm:"column:oidc_client_id"`
OIDCClientSecret *crypto.CryptoValue `json:"clientSecret" gorm:"column:oidc_client_secret"`
OIDCIssuer string `json:"issuer" gorm:"column:oidc_issuer"`
OIDCScopes pq.StringArray `json:"scopes" gorm:"column:oidc_scopes"`
Sequence uint64 `json:"-" gorm:"column:sequence"`
}
func IDPConfigViewFromModel(idp *model.IDPConfigView) *IDPConfigView {
return &IDPConfigView{
IDPConfigID: idp.IDPConfigID,
AggregateID: idp.AggregateID,
Name: idp.Name,
LogoSrc: idp.LogoSrc,
Sequence: idp.Sequence,
CreationDate: idp.CreationDate,
ChangeDate: idp.ChangeDate,
IDPProviderType: int32(idp.IDPProviderType),
IsOIDC: idp.IsOIDC,
OIDCClientID: idp.OIDCClientID,
OIDCClientSecret: idp.OIDCClientSecret,
OIDCIssuer: idp.OIDCIssuer,
OIDCScopes: idp.OIDCScopes,
}
}
func IdpConfigViewToModel(idp *IDPConfigView) *model.IDPConfigView {
return &model.IDPConfigView{
IDPConfigID: idp.IDPConfigID,
AggregateID: idp.AggregateID,
Name: idp.Name,
LogoSrc: idp.LogoSrc,
Sequence: idp.Sequence,
CreationDate: idp.CreationDate,
ChangeDate: idp.ChangeDate,
IDPProviderType: model.IDPProviderType(idp.IDPProviderType),
IsOIDC: idp.IsOIDC,
OIDCClientID: idp.OIDCClientID,
OIDCClientSecret: idp.OIDCClientSecret,
OIDCIssuer: idp.OIDCIssuer,
OIDCScopes: idp.OIDCScopes,
}
}
func IdpConfigViewsToModel(idps []*IDPConfigView) []*model.IDPConfigView {
result := make([]*model.IDPConfigView, len(idps))
for i, idp := range idps {
result[i] = IdpConfigViewToModel(idp)
}
return result
}
func (i *IDPConfigView) AppendEvent(providerType model.IDPProviderType, event *models.Event) (err error) {
i.Sequence = event.Sequence
i.ChangeDate = event.CreationDate
switch event.Type {
case es_model.IDPConfigAdded, org_es_model.IDPConfigAdded:
i.setRootData(event)
i.CreationDate = event.CreationDate
i.IDPProviderType = int32(providerType)
err = i.SetData(event)
case es_model.OIDCIDPConfigAdded, org_es_model.OIDCIDPConfigAdded:
i.IsOIDC = true
err = i.SetData(event)
case es_model.OIDCIDPConfigChanged, org_es_model.OIDCIDPConfigChanged,
es_model.IDPConfigChanged, org_es_model.IDPConfigChanged:
err = i.SetData(event)
case es_model.IDPConfigDeactivated, org_es_model.IDPConfigDeactivated:
i.IDPState = int32(model.IDPConfigStateInactive)
case es_model.IDPConfigReactivated, org_es_model.IDPConfigReactivated:
i.IDPState = int32(model.IDPConfigStateActive)
}
return err
}
func (r *IDPConfigView) setRootData(event *models.Event) {
r.AggregateID = event.AggregateID
}
func (r *IDPConfigView) SetData(event *models.Event) error {
if err := json.Unmarshal(event.Data, r); err != nil {
logging.Log("EVEN-Smkld").WithError(err).Error("could not unmarshal event data")
return caos_errs.ThrowInternal(err, "MODEL-lub6s", "Could not unmarshal data")
}
return nil
}

View File

@ -0,0 +1,65 @@
package model
import (
iam_model "github.com/caos/zitadel/internal/iam/model"
global_model "github.com/caos/zitadel/internal/model"
"github.com/caos/zitadel/internal/view/repository"
)
type IDPConfigSearchRequest iam_model.IDPConfigSearchRequest
type IDPConfigSearchQuery iam_model.IDPConfigSearchQuery
type IDPConfigSearchKey iam_model.IDPConfigSearchKey
func (req IDPConfigSearchRequest) GetLimit() uint64 {
return req.Limit
}
func (req IDPConfigSearchRequest) GetOffset() uint64 {
return req.Offset
}
func (req IDPConfigSearchRequest) GetSortingColumn() repository.ColumnKey {
if req.SortingColumn == iam_model.IDPConfigSearchKeyUnspecified {
return nil
}
return IDPConfigSearchKey(req.SortingColumn)
}
func (req IDPConfigSearchRequest) GetAsc() bool {
return req.Asc
}
func (req IDPConfigSearchRequest) GetQueries() []repository.SearchQuery {
result := make([]repository.SearchQuery, len(req.Queries))
for i, q := range req.Queries {
result[i] = IDPConfigSearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
}
return result
}
func (req IDPConfigSearchQuery) GetKey() repository.ColumnKey {
return IDPConfigSearchKey(req.Key)
}
func (req IDPConfigSearchQuery) GetMethod() global_model.SearchMethod {
return req.Method
}
func (req IDPConfigSearchQuery) GetValue() interface{} {
return req.Value
}
func (key IDPConfigSearchKey) ToColumnName() string {
switch iam_model.IDPConfigSearchKey(key) {
case iam_model.IDPConfigSearchKeyAggregateID:
return IDPConfigKeyAggregateID
case iam_model.IDPConfigSearchKeyIdpConfigID:
return IDPConfigKeyIdpConfigID
case iam_model.IDPConfigSearchKeyName:
return IDPConfigKeyName
case iam_model.IDPConfigSearchKeyIdpProviderType:
return IDPConfigKeyProviderType
default:
return ""
}
}

View File

@ -0,0 +1,89 @@
package model
import (
"encoding/json"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
"time"
es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/logging"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/model"
)
const (
IDPProviderKeyAggregateID = "aggregate_id"
IDPProviderKeyIdpConfigID = "idp_config_id"
)
type IDPProviderView struct {
AggregateID string `json:"-" gorm:"column:aggregate_id;primary_key"`
IDPConfigID string `json:"idpConfigID" gorm:"column:idp_config_id;primary_key"`
CreationDate time.Time `json:"-" gorm:"column:creation_date"`
ChangeDate time.Time `json:"-" gorm:"column:change_date"`
Name string `json:"-" gorm:"column:name"`
IDPConfigType int32 `json:"-" gorm:"column:idp_config_type"`
IDPProviderType int32 `json:"idpProviderType" gorm:"column:idp_provider_type"`
Sequence uint64 `json:"-" gorm:"column:sequence"`
}
func IDPProviderViewFromModel(policy *model.IDPProviderView) *IDPProviderView {
return &IDPProviderView{
AggregateID: policy.AggregateID,
Sequence: policy.Sequence,
CreationDate: policy.CreationDate,
ChangeDate: policy.ChangeDate,
Name: policy.Name,
IDPConfigType: int32(policy.IDPConfigType),
IDPProviderType: int32(policy.IDPProviderType),
}
}
func IDPProviderViewToModel(policy *IDPProviderView) *model.IDPProviderView {
return &model.IDPProviderView{
AggregateID: policy.AggregateID,
Sequence: policy.Sequence,
CreationDate: policy.CreationDate,
ChangeDate: policy.ChangeDate,
Name: policy.Name,
IDPConfigType: model.IdpConfigType(policy.IDPConfigType),
IDPProviderType: model.IDPProviderType(policy.IDPProviderType),
}
}
func IDPProviderViewsToModel(providers []*IDPProviderView) []*model.IDPProviderView {
result := make([]*model.IDPProviderView, len(providers))
for i, r := range providers {
result[i] = IDPProviderViewToModel(r)
}
return result
}
func (i *IDPProviderView) AppendEvent(event *models.Event) (err error) {
i.Sequence = event.Sequence
i.ChangeDate = event.CreationDate
switch event.Type {
case es_model.LoginPolicyIDPProviderAdded, org_es_model.LoginPolicyIDPProviderAdded:
i.setRootData(event)
i.CreationDate = event.CreationDate
err = i.SetData(event)
}
return err
}
func (r *IDPProviderView) setRootData(event *models.Event) {
r.AggregateID = event.AggregateID
}
func (r *IDPProviderView) SetData(event *models.Event) error {
if err := json.Unmarshal(event.Data, r); err != nil {
logging.Log("EVEN-Lso0d").WithError(err).Error("could not unmarshal event data")
return caos_errs.ThrowInternal(err, "MODEL-Hs8uf", "Could not unmarshal data")
}
return nil
}

View File

@ -0,0 +1,61 @@
package model
import (
iam_model "github.com/caos/zitadel/internal/iam/model"
global_model "github.com/caos/zitadel/internal/model"
"github.com/caos/zitadel/internal/view/repository"
)
type IDPProviderSearchRequest iam_model.IDPProviderSearchRequest
type IDPProviderSearchQuery iam_model.IDPProviderSearchQuery
type IDPProviderSearchKey iam_model.IDPProviderSearchKey
func (req IDPProviderSearchRequest) GetLimit() uint64 {
return req.Limit
}
func (req IDPProviderSearchRequest) GetOffset() uint64 {
return req.Offset
}
func (req IDPProviderSearchRequest) GetSortingColumn() repository.ColumnKey {
if req.SortingColumn == iam_model.IDPProviderSearchKeyUnspecified {
return nil
}
return IDPProviderSearchKey(req.SortingColumn)
}
func (req IDPProviderSearchRequest) GetAsc() bool {
return req.Asc
}
func (req IDPProviderSearchRequest) GetQueries() []repository.SearchQuery {
result := make([]repository.SearchQuery, len(req.Queries))
for i, q := range req.Queries {
result[i] = IDPProviderSearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
}
return result
}
func (req IDPProviderSearchQuery) GetKey() repository.ColumnKey {
return IDPProviderSearchKey(req.Key)
}
func (req IDPProviderSearchQuery) GetMethod() global_model.SearchMethod {
return req.Method
}
func (req IDPProviderSearchQuery) GetValue() interface{} {
return req.Value
}
func (key IDPProviderSearchKey) ToColumnName() string {
switch iam_model.IDPProviderSearchKey(key) {
case iam_model.IDPProviderSearchKeyAggregateID:
return IDPProviderKeyAggregateID
case iam_model.IDPProviderSearchKeyIdpConfigID:
return IDPProviderKeyIdpConfigID
default:
return ""
}
}

View File

@ -0,0 +1,84 @@
package model
import (
"encoding/json"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
"time"
es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/logging"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/model"
)
const (
LoginPolicyKeyAggregateID = "aggregate_id"
)
type LoginPolicyView struct {
AggregateID string `json:"-" gorm:"column:aggregate_id;primary_key"`
CreationDate time.Time `json:"-" gorm:"column:creation_date"`
ChangeDate time.Time `json:"-" gorm:"column:change_date"`
State int32 `json:"-" gorm:"column:login_policy_state"`
AllowRegister bool `json:"allowRegister" gorm:"column:allow_register"`
AllowUsernamePassword bool `json:"allowUsernamePassword" gorm:"column:allow_username_password"`
AllowExternalIDP bool `json:"allowExternalIdp" gorm:"column:allow_external_idp"`
Default bool `json:"-" gorm:"-"`
Sequence uint64 `json:"-" gorm:"column:sequence"`
}
func LoginPolicyViewFromModel(policy *model.LoginPolicyView) *LoginPolicyView {
return &LoginPolicyView{
AggregateID: policy.AggregateID,
Sequence: policy.Sequence,
CreationDate: policy.CreationDate,
ChangeDate: policy.ChangeDate,
AllowRegister: policy.AllowRegister,
AllowExternalIDP: policy.AllowExternalIDP,
AllowUsernamePassword: policy.AllowUsernamePassword,
Default: policy.Default,
}
}
func LoginPolicyViewToModel(policy *LoginPolicyView) *model.LoginPolicyView {
return &model.LoginPolicyView{
AggregateID: policy.AggregateID,
Sequence: policy.Sequence,
CreationDate: policy.CreationDate,
ChangeDate: policy.ChangeDate,
AllowRegister: policy.AllowRegister,
AllowExternalIDP: policy.AllowExternalIDP,
AllowUsernamePassword: policy.AllowUsernamePassword,
Default: policy.Default,
}
}
func (i *LoginPolicyView) AppendEvent(event *models.Event) (err error) {
i.Sequence = event.Sequence
i.ChangeDate = event.CreationDate
switch event.Type {
case es_model.LoginPolicyAdded, org_es_model.LoginPolicyAdded:
i.setRootData(event)
i.CreationDate = event.CreationDate
err = i.SetData(event)
case es_model.LoginPolicyChanged, org_es_model.LoginPolicyChanged:
err = i.SetData(event)
}
return err
}
func (r *LoginPolicyView) setRootData(event *models.Event) {
r.AggregateID = event.AggregateID
}
func (r *LoginPolicyView) SetData(event *models.Event) error {
if err := json.Unmarshal(event.Data, r); err != nil {
logging.Log("EVEN-Kn7ds").WithError(err).Error("could not unmarshal event data")
return caos_errs.ThrowInternal(err, "MODEL-Hs8uf", "Could not unmarshal data")
}
return nil
}

View File

@ -0,0 +1,59 @@
package model
import (
iam_model "github.com/caos/zitadel/internal/iam/model"
global_model "github.com/caos/zitadel/internal/model"
"github.com/caos/zitadel/internal/view/repository"
)
type LoginPolicySearchRequest iam_model.LoginPolicySearchRequest
type LoginPolicySearchQuery iam_model.LoginPolicySearchQuery
type LoginPolicySearchKey iam_model.LoginPolicySearchKey
func (req LoginPolicySearchRequest) GetLimit() uint64 {
return req.Limit
}
func (req LoginPolicySearchRequest) GetOffset() uint64 {
return req.Offset
}
func (req LoginPolicySearchRequest) GetSortingColumn() repository.ColumnKey {
if req.SortingColumn == iam_model.LoginPolicySearchKeyUnspecified {
return nil
}
return LoginPolicySearchKey(req.SortingColumn)
}
func (req LoginPolicySearchRequest) GetAsc() bool {
return req.Asc
}
func (req LoginPolicySearchRequest) GetQueries() []repository.SearchQuery {
result := make([]repository.SearchQuery, len(req.Queries))
for i, q := range req.Queries {
result[i] = LoginPolicySearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
}
return result
}
func (req LoginPolicySearchQuery) GetKey() repository.ColumnKey {
return LoginPolicySearchKey(req.Key)
}
func (req LoginPolicySearchQuery) GetMethod() global_model.SearchMethod {
return req.Method
}
func (req LoginPolicySearchQuery) GetValue() interface{} {
return req.Value
}
func (key LoginPolicySearchKey) ToColumnName() string {
switch iam_model.LoginPolicySearchKey(key) {
case iam_model.LoginPolicySearchKeyAggregateID:
return LoginPolicyKeyAggregateID
default:
return ""
}
}

View File

@ -6,10 +6,10 @@ import (
"github.com/caos/zitadel/internal/iam/repository/eventsourcing"
)
type IamRepository struct {
IamEvents *eventsourcing.IamEventstore
type IAMRepository struct {
IAMEvents *eventsourcing.IAMEventstore
}
func (repo *IamRepository) IamByID(ctx context.Context, id string) (*iam_model.Iam, error) {
return repo.IamEvents.IamByID(ctx, id)
func (repo *IAMRepository) IAMByID(ctx context.Context, id string) (*iam_model.IAM, error) {
return repo.IAMEvents.IAMByID(ctx, id)
}

View File

@ -3,6 +3,11 @@ package eventstore
import (
"context"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/config/systemdefaults"
"github.com/caos/zitadel/internal/eventstore/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/view/model"
iam_view_model "github.com/caos/zitadel/internal/iam/repository/view/model"
"strings"
"github.com/caos/zitadel/internal/api/authz"
@ -25,9 +30,10 @@ const (
type OrgRepository struct {
SearchLimit uint64
*org_es.OrgEventstore
UserEvents *usr_es.UserEventstore
View *mgmt_view.View
Roles []string
UserEvents *usr_es.UserEventstore
View *mgmt_view.View
Roles []string
SystemDefaults systemdefaults.SystemDefaults
}
func (repo *OrgRepository) OrgByID(ctx context.Context, id string) (*org_model.OrgView, error) {
@ -79,15 +85,15 @@ func (repo *OrgRepository) ReactivateOrg(ctx context.Context, id string) (*org_m
return repo.OrgEventstore.ReactivateOrg(ctx, id)
}
func (repo *OrgRepository) GetMyOrgIamPolicy(ctx context.Context) (*org_model.OrgIamPolicy, error) {
return repo.OrgEventstore.GetOrgIamPolicy(ctx, authz.GetCtxData(ctx).OrgID)
func (repo *OrgRepository) GetMyOrgIamPolicy(ctx context.Context) (*org_model.OrgIAMPolicy, error) {
return repo.OrgEventstore.GetOrgIAMPolicy(ctx, authz.GetCtxData(ctx).OrgID)
}
func (repo *OrgRepository) SearchMyOrgDomains(ctx context.Context, request *org_model.OrgDomainSearchRequest) (*org_model.OrgDomainSearchResponse, error) {
request.EnsureLimit(repo.SearchLimit)
request.Queries = append(request.Queries, &org_model.OrgDomainSearchQuery{Key: org_model.OrgDomainSearchKeyOrgID, Method: global_model.SearchMethodEquals, Value: authz.GetCtxData(ctx).OrgID})
sequence, err := repo.View.GetLatestOrgDomainSequence()
logging.Log("EVENT-SLowp").OnError(err).Warn("could not read latest org domain sequence")
sequence, sequenceErr := repo.View.GetLatestOrgDomainSequence()
logging.Log("EVENT-SLowp").OnError(sequenceErr).Warn("could not read latest org domain sequence")
domains, count, err := repo.View.SearchOrgDomains(request)
if err != nil {
return nil, err
@ -98,7 +104,7 @@ func (repo *OrgRepository) SearchMyOrgDomains(ctx context.Context, request *org_
TotalResult: uint64(count),
Result: model.OrgDomainsToModel(domains),
}
if err == nil {
if sequenceErr == nil {
result.Sequence = sequence.CurrentSequence
result.Timestamp = sequence.CurrentTimestamp
}
@ -178,8 +184,8 @@ func (repo *OrgRepository) RemoveMyOrgMember(ctx context.Context, userID string)
func (repo *OrgRepository) SearchMyOrgMembers(ctx context.Context, request *org_model.OrgMemberSearchRequest) (*org_model.OrgMemberSearchResponse, error) {
request.EnsureLimit(repo.SearchLimit)
request.Queries[len(request.Queries)-1] = &org_model.OrgMemberSearchQuery{Key: org_model.OrgMemberSearchKeyOrgID, Method: global_model.SearchMethodEquals, Value: authz.GetCtxData(ctx).OrgID}
sequence, err := repo.View.GetLatestOrgMemberSequence()
logging.Log("EVENT-Smu3d").OnError(err).Warn("could not read latest org member sequence")
sequence, sequenceErr := repo.View.GetLatestOrgMemberSequence()
logging.Log("EVENT-Smu3d").OnError(sequenceErr).Warn("could not read latest org member sequence")
members, count, err := repo.View.SearchOrgMembers(request)
if err != nil {
return nil, err
@ -187,10 +193,10 @@ func (repo *OrgRepository) SearchMyOrgMembers(ctx context.Context, request *org_
result := &org_model.OrgMemberSearchResponse{
Offset: request.Offset,
Limit: request.Limit,
TotalResult: uint64(count),
TotalResult: count,
Result: model.OrgMembersToModel(members),
}
if err == nil {
if sequenceErr == nil {
result.Sequence = sequence.CurrentSequence
result.Timestamp = sequence.CurrentTimestamp
}
@ -206,3 +212,132 @@ func (repo *OrgRepository) GetOrgMemberRoles() []string {
}
return roles
}
func (repo *OrgRepository) IDPConfigByID(ctx context.Context, idpConfigID string) (*iam_model.IDPConfigView, error) {
idp, err := repo.View.IDPConfigByID(idpConfigID)
if err != nil {
return nil, err
}
return iam_view_model.IdpConfigViewToModel(idp), nil
}
func (repo *OrgRepository) AddOIDCIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error) {
idp.AggregateID = authz.GetCtxData(ctx).OrgID
return repo.OrgEventstore.AddIDPConfig(ctx, idp)
}
func (repo *OrgRepository) ChangeIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error) {
idp.AggregateID = authz.GetCtxData(ctx).OrgID
return repo.OrgEventstore.ChangeIDPConfig(ctx, idp)
}
func (repo *OrgRepository) DeactivateIDPConfig(ctx context.Context, idpConfigID string) (*iam_model.IDPConfig, error) {
return repo.OrgEventstore.DeactivateIDPConfig(ctx, authz.GetCtxData(ctx).OrgID, idpConfigID)
}
func (repo *OrgRepository) ReactivateIDPConfig(ctx context.Context, idpConfigID string) (*iam_model.IDPConfig, error) {
return repo.OrgEventstore.ReactivateIDPConfig(ctx, authz.GetCtxData(ctx).OrgID, idpConfigID)
}
func (repo *OrgRepository) RemoveIDPConfig(ctx context.Context, idpConfigID string) error {
idp := iam_model.NewIDPConfig(authz.GetCtxData(ctx).OrgID, idpConfigID)
return repo.OrgEventstore.RemoveIDPConfig(ctx, idp)
}
func (repo *OrgRepository) ChangeOIDCIDPConfig(ctx context.Context, oidcConfig *iam_model.OIDCIDPConfig) (*iam_model.OIDCIDPConfig, error) {
oidcConfig.AggregateID = authz.GetCtxData(ctx).OrgID
return repo.OrgEventstore.ChangeIDPOIDCConfig(ctx, oidcConfig)
}
func (repo *OrgRepository) SearchIDPConfigs(ctx context.Context, request *iam_model.IDPConfigSearchRequest) (*iam_model.IDPConfigSearchResponse, error) {
request.EnsureLimit(repo.SearchLimit)
request.AppendMyOrgQuery(authz.GetCtxData(ctx).OrgID, repo.SystemDefaults.IamID)
sequence, sequenceErr := repo.View.GetLatestIDPConfigSequence()
logging.Log("EVENT-Dk8si").OnError(sequenceErr).Warn("could not read latest idp config sequence")
idps, count, err := repo.View.SearchIDPConfigs(request)
if err != nil {
return nil, err
}
result := &iam_model.IDPConfigSearchResponse{
Offset: request.Offset,
Limit: request.Limit,
TotalResult: count,
Result: iam_view_model.IdpConfigViewsToModel(idps),
}
if sequenceErr == nil {
result.Sequence = sequence.CurrentSequence
result.Timestamp = sequence.CurrentTimestamp
}
return result, nil
}
func (repo *OrgRepository) GetLoginPolicy(ctx context.Context) (*iam_model.LoginPolicyView, error) {
policy, err := repo.View.LoginPolicyByAggregateID(authz.GetCtxData(ctx).OrgID)
if errors.IsNotFound(err) {
policy, err = repo.View.LoginPolicyByAggregateID(repo.SystemDefaults.IamID)
if err != nil {
return nil, err
}
policy.Default = true
}
if err != nil {
return nil, err
}
return iam_es_model.LoginPolicyViewToModel(policy), err
}
func (repo *OrgRepository) AddLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) {
policy.AggregateID = authz.GetCtxData(ctx).OrgID
return repo.OrgEventstore.AddLoginPolicy(ctx, policy)
}
func (repo *OrgRepository) ChangeLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) {
policy.AggregateID = authz.GetCtxData(ctx).OrgID
return repo.OrgEventstore.ChangeLoginPolicy(ctx, policy)
}
func (repo *OrgRepository) RemoveLoginPolicy(ctx context.Context) error {
policy := &iam_model.LoginPolicy{ObjectRoot: models.ObjectRoot{
AggregateID: authz.GetCtxData(ctx).OrgID,
}}
return repo.OrgEventstore.RemoveLoginPolicy(ctx, policy)
}
func (repo *OrgRepository) SearchIDPProviders(ctx context.Context, request *iam_model.IDPProviderSearchRequest) (*iam_model.IDPProviderSearchResponse, error) {
_, err := repo.View.LoginPolicyByAggregateID(authz.GetCtxData(ctx).OrgID)
if err != nil {
if errors.IsNotFound(err) {
request.AppendAggregateIDQuery(repo.SystemDefaults.IamID)
}
} else {
request.AppendAggregateIDQuery(authz.GetCtxData(ctx).OrgID)
}
request.EnsureLimit(repo.SearchLimit)
sequence, sequenceErr := repo.View.GetLatestIdpProviderSequence()
logging.Log("EVENT-Tuiks").OnError(sequenceErr).Warn("could not read latest iam sequence")
providers, count, err := repo.View.SearchIdpProviders(request)
if err != nil {
return nil, err
}
result := &iam_model.IDPProviderSearchResponse{
Offset: request.Offset,
Limit: request.Limit,
TotalResult: count,
Result: iam_es_model.IDPProviderViewsToModel(providers),
}
if sequenceErr == nil {
result.Sequence = sequence.CurrentSequence
result.Timestamp = sequence.CurrentTimestamp
}
return result, nil
}
func (repo *OrgRepository) AddIDPProviderToLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) (*iam_model.IDPProvider, error) {
provider.AggregateID = authz.GetCtxData(ctx).OrgID
return repo.OrgEventstore.AddIDPProviderToLoginPolicy(ctx, provider)
}
func (repo *OrgRepository) RemoveIDPProviderFromIdpProvider(ctx context.Context, provider *iam_model.IDPProvider) error {
provider.AggregateID = authz.GetCtxData(ctx).OrgID
return repo.OrgEventstore.RemoveIDPProviderFromLoginPolicy(ctx, provider)
}

View File

@ -109,8 +109,8 @@ func (repo *ProjectRepo) RemoveProject(ctx context.Context, projectID string) er
func (repo *ProjectRepo) SearchProjects(ctx context.Context, request *proj_model.ProjectViewSearchRequest) (*proj_model.ProjectViewSearchResponse, error) {
request.EnsureLimit(repo.SearchLimit)
sequence, err := repo.View.GetLatestProjectSequence()
logging.Log("EVENT-Edc56").OnError(err).Warn("could not read latest project sequence")
sequence, sequenceErr := repo.View.GetLatestProjectSequence()
logging.Log("EVENT-Edc56").OnError(sequenceErr).Warn("could not read latest project sequence")
permissions := authz.GetRequestPermissionsFromCtx(ctx)
if !authz.HasGlobalPermission(permissions) {
@ -130,7 +130,7 @@ func (repo *ProjectRepo) SearchProjects(ctx context.Context, request *proj_model
TotalResult: uint64(0),
Result: []*proj_model.ProjectView{},
}
if err == nil {
if sequenceErr == nil {
result.Sequence = sequence.CurrentSequence
result.Timestamp = sequence.CurrentTimestamp
}
@ -151,7 +151,7 @@ func (repo *ProjectRepo) SearchProjects(ctx context.Context, request *proj_model
TotalResult: uint64(count),
Result: model.ProjectsToModel(projects),
}
if err == nil {
if sequenceErr == nil {
result.Sequence = sequence.CurrentSequence
result.Timestamp = sequence.CurrentTimestamp
}
@ -189,8 +189,8 @@ func (repo *ProjectRepo) RemoveProjectMember(ctx context.Context, projectID, use
func (repo *ProjectRepo) SearchProjectMembers(ctx context.Context, request *proj_model.ProjectMemberSearchRequest) (*proj_model.ProjectMemberSearchResponse, error) {
request.EnsureLimit(repo.SearchLimit)
sequence, err := repo.View.GetLatestProjectMemberSequence()
logging.Log("EVENT-3dgt6").OnError(err).Warn("could not read latest project member sequence")
sequence, sequenceErr := repo.View.GetLatestProjectMemberSequence()
logging.Log("EVENT-3dgt6").OnError(sequenceErr).Warn("could not read latest project member sequence")
members, count, err := repo.View.SearchProjectMembers(request)
if err != nil {
return nil, err
@ -201,7 +201,7 @@ func (repo *ProjectRepo) SearchProjectMembers(ctx context.Context, request *proj
TotalResult: uint64(count),
Result: model.ProjectMembersToModel(members),
}
if err == nil {
if sequenceErr == nil {
result.Sequence = sequence.CurrentSequence
result.Timestamp = sequence.CurrentTimestamp
}
@ -261,8 +261,8 @@ func (repo *ProjectRepo) RemoveProjectRole(ctx context.Context, projectID, key s
func (repo *ProjectRepo) SearchProjectRoles(ctx context.Context, projectID string, request *proj_model.ProjectRoleSearchRequest) (*proj_model.ProjectRoleSearchResponse, error) {
request.EnsureLimit(repo.SearchLimit)
request.AppendProjectQuery(projectID)
sequence, err := repo.View.GetLatestProjectRoleSequence()
logging.Log("LSp0d-47suf").OnError(err).Warn("could not read latest project role sequence")
sequence, sequenceErr := repo.View.GetLatestProjectRoleSequence()
logging.Log("LSp0d-47suf").OnError(sequenceErr).Warn("could not read latest project role sequence")
roles, count, err := repo.View.SearchProjectRoles(request)
if err != nil {
return nil, err
@ -271,10 +271,10 @@ func (repo *ProjectRepo) SearchProjectRoles(ctx context.Context, projectID strin
result := &proj_model.ProjectRoleSearchResponse{
Offset: request.Offset,
Limit: request.Limit,
TotalResult: uint64(count),
TotalResult: count,
Result: model.ProjectRolesToModel(roles),
}
if err == nil {
if sequenceErr == nil {
result.Sequence = sequence.CurrentSequence
result.Timestamp = sequence.CurrentTimestamp
}
@ -352,8 +352,8 @@ func (repo *ProjectRepo) RemoveApplication(ctx context.Context, projectID, appID
func (repo *ProjectRepo) SearchApplications(ctx context.Context, request *proj_model.ApplicationSearchRequest) (*proj_model.ApplicationSearchResponse, error) {
request.EnsureLimit(repo.SearchLimit)
sequence, err := repo.View.GetLatestApplicationSequence()
logging.Log("EVENT-SKe8s").OnError(err).Warn("could not read latest application sequence")
sequence, sequenceErr := repo.View.GetLatestApplicationSequence()
logging.Log("EVENT-SKe8s").OnError(sequenceErr).Warn("could not read latest application sequence")
apps, count, err := repo.View.SearchApplications(request)
if err != nil {
return nil, err
@ -361,10 +361,10 @@ func (repo *ProjectRepo) SearchApplications(ctx context.Context, request *proj_m
result := &proj_model.ApplicationSearchResponse{
Offset: request.Offset,
Limit: request.Limit,
TotalResult: uint64(count),
TotalResult: count,
Result: model.ApplicationViewsToModel(apps),
}
if err == nil {
if sequenceErr == nil {
result.Sequence = sequence.CurrentSequence
result.Timestamp = sequence.CurrentTimestamp
}
@ -404,8 +404,8 @@ func (repo *ProjectRepo) ProjectGrantByID(ctx context.Context, grantID string) (
func (repo *ProjectRepo) SearchProjectGrants(ctx context.Context, request *proj_model.ProjectGrantViewSearchRequest) (*proj_model.ProjectGrantViewSearchResponse, error) {
request.EnsureLimit(repo.SearchLimit)
sequence, err := repo.View.GetLatestProjectGrantSequence()
logging.Log("EVENT-Skw9f").OnError(err).Warn("could not read latest project grant sequence")
sequence, sequenceErr := repo.View.GetLatestProjectGrantSequence()
logging.Log("EVENT-Skw9f").OnError(sequenceErr).Warn("could not read latest project grant sequence")
projects, count, err := repo.View.SearchProjectGrants(request)
if err != nil {
return nil, err
@ -413,10 +413,10 @@ func (repo *ProjectRepo) SearchProjectGrants(ctx context.Context, request *proj_
result := &proj_model.ProjectGrantViewSearchResponse{
Offset: request.Offset,
Limit: request.Limit,
TotalResult: uint64(count),
TotalResult: count,
Result: model.ProjectGrantsToModel(projects),
}
if err == nil {
if sequenceErr == nil {
result.Sequence = sequence.CurrentSequence
result.Timestamp = sequence.CurrentTimestamp
}
@ -425,8 +425,8 @@ func (repo *ProjectRepo) SearchProjectGrants(ctx context.Context, request *proj_
func (repo *ProjectRepo) SearchGrantedProjects(ctx context.Context, request *proj_model.ProjectGrantViewSearchRequest) (*proj_model.ProjectGrantViewSearchResponse, error) {
request.EnsureLimit(repo.SearchLimit)
sequence, err := repo.View.GetLatestProjectGrantSequence()
logging.Log("EVENT-Skw9f").OnError(err).Warn("could not read latest project grant sequence")
sequence, sequenceErr := repo.View.GetLatestProjectGrantSequence()
logging.Log("EVENT-Skw9f").OnError(sequenceErr).Warn("could not read latest project grant sequence")
permissions := authz.GetRequestPermissionsFromCtx(ctx)
if !authz.HasGlobalPermission(permissions) {
@ -446,7 +446,7 @@ func (repo *ProjectRepo) SearchGrantedProjects(ctx context.Context, request *pro
TotalResult: uint64(0),
Result: []*proj_model.ProjectGrantView{},
}
if err == nil {
if sequenceErr == nil {
result.Sequence = sequence.CurrentSequence
result.Timestamp = sequence.CurrentTimestamp
}
@ -464,10 +464,10 @@ func (repo *ProjectRepo) SearchGrantedProjects(ctx context.Context, request *pro
result := &proj_model.ProjectGrantViewSearchResponse{
Offset: request.Offset,
Limit: request.Limit,
TotalResult: uint64(count),
TotalResult: count,
Result: model.ProjectGrantsToModel(projects),
}
if err == nil {
if sequenceErr == nil {
result.Sequence = sequence.CurrentSequence
result.Timestamp = sequence.CurrentTimestamp
}
@ -593,8 +593,8 @@ func (repo *ProjectRepo) RemoveProjectGrantMember(ctx context.Context, projectID
func (repo *ProjectRepo) SearchProjectGrantMembers(ctx context.Context, request *proj_model.ProjectGrantMemberSearchRequest) (*proj_model.ProjectGrantMemberSearchResponse, error) {
request.EnsureLimit(repo.SearchLimit)
sequence, err := repo.View.GetLatestProjectGrantMemberSequence()
logging.Log("EVENT-Du8sk").OnError(err).Warn("could not read latest project grant sequence")
sequence, sequenceErr := repo.View.GetLatestProjectGrantMemberSequence()
logging.Log("EVENT-Du8sk").OnError(sequenceErr).Warn("could not read latest project grant sequence")
members, count, err := repo.View.SearchProjectGrantMembers(request)
if err != nil {
return nil, err
@ -605,7 +605,7 @@ func (repo *ProjectRepo) SearchProjectGrantMembers(ctx context.Context, request
TotalResult: uint64(count),
Result: model.ProjectGrantMembersToModel(members),
}
if err == nil {
if sequenceErr == nil {
result.Sequence = sequence.CurrentSequence
result.Timestamp = sequence.CurrentTimestamp
}

View File

@ -57,7 +57,7 @@ func (repo *UserRepo) CreateUser(ctx context.Context, user *usr_model.User) (*us
if err != nil {
return nil, err
}
orgPolicy, err := repo.OrgEvents.GetOrgIamPolicy(ctx, authz.GetCtxData(ctx).OrgID)
orgPolicy, err := repo.OrgEvents.GetOrgIAMPolicy(ctx, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
@ -73,7 +73,7 @@ func (repo *UserRepo) RegisterUser(ctx context.Context, user *usr_model.User, re
if err != nil {
return nil, err
}
orgPolicy, err := repo.OrgEvents.GetOrgIamPolicy(ctx, authz.GetCtxData(ctx).OrgID)
orgPolicy, err := repo.OrgEvents.GetOrgIAMPolicy(ctx, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
@ -98,8 +98,8 @@ func (repo *UserRepo) UnlockUser(ctx context.Context, id string) (*usr_model.Use
func (repo *UserRepo) SearchUsers(ctx context.Context, request *usr_model.UserSearchRequest) (*usr_model.UserSearchResponse, error) {
request.EnsureLimit(repo.SearchLimit)
sequence, err := repo.View.GetLatestUserSequence()
logging.Log("EVENT-Lcn7d").OnError(err).Warn("could not read latest user sequence")
sequence, sequenceErr := repo.View.GetLatestUserSequence()
logging.Log("EVENT-Lcn7d").OnError(sequenceErr).Warn("could not read latest user sequence")
users, count, err := repo.View.SearchUsers(request)
if err != nil {
return nil, err
@ -110,7 +110,7 @@ func (repo *UserRepo) SearchUsers(ctx context.Context, request *usr_model.UserSe
TotalResult: uint64(count),
Result: model.UsersToModel(users),
}
if err == nil {
if sequenceErr == nil {
result.Sequence = sequence.CurrentSequence
result.Timestamp = sequence.CurrentTimestamp
}
@ -222,9 +222,8 @@ func (repo *UserRepo) ChangeAddress(ctx context.Context, address *usr_model.Addr
func (repo *UserRepo) SearchUserMemberships(ctx context.Context, request *usr_model.UserMembershipSearchRequest) (*usr_model.UserMembershipSearchResponse, error) {
request.EnsureLimit(repo.SearchLimit)
request.AppendResourceOwnerAndIamQuery(authz.GetCtxData(ctx).OrgID, repo.SystemDefaults.IamID)
sequence, err := repo.View.GetLatestUserMembershipSequence()
logging.Log("EVENT-Dn7sf").OnError(err).Warn("could not read latest user sequence")
sequence, sequenceErr := repo.View.GetLatestUserMembershipSequence()
logging.Log("EVENT-Dn7sf").OnError(sequenceErr).Warn("could not read latest user sequence")
result := handleSearchUserMembershipsPermissions(ctx, request, sequence)
if result != nil {
@ -241,7 +240,7 @@ func (repo *UserRepo) SearchUserMemberships(ctx context.Context, request *usr_mo
TotalResult: count,
Result: model.UserMembershipsToModel(memberships),
}
if err == nil {
if sequenceErr == nil {
result.Sequence = sequence.CurrentSequence
result.Timestamp = sequence.CurrentTimestamp
}

View File

@ -115,8 +115,8 @@ func (repo *UserGrantRepo) BulkRemoveUserGrant(ctx context.Context, grantIDs ...
func (repo *UserGrantRepo) SearchUserGrants(ctx context.Context, request *grant_model.UserGrantSearchRequest) (*grant_model.UserGrantSearchResponse, error) {
request.EnsureLimit(repo.SearchLimit)
sequence, err := repo.View.GetLatestUserGrantSequence()
logging.Log("EVENT-5Viwf").OnError(err).Warn("could not read latest user grant sequence")
sequence, sequenceErr := repo.View.GetLatestUserGrantSequence()
logging.Log("EVENT-5Viwf").OnError(sequenceErr).Warn("could not read latest user grant sequence")
result := handleSearchUserGrantPermissions(ctx, request, sequence)
if result != nil {
@ -134,7 +134,7 @@ func (repo *UserGrantRepo) SearchUserGrants(ctx context.Context, request *grant_
TotalResult: uint64(count),
Result: model.UserGrantsToModel(grants),
}
if err == nil {
if sequenceErr == nil {
result.Sequence = sequence.CurrentSequence
result.Timestamp = sequence.CurrentTimestamp
}

View File

@ -1,6 +1,8 @@
package handler
import (
"github.com/caos/zitadel/internal/config/systemdefaults"
iam_event "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
"time"
"github.com/caos/zitadel/internal/config/types"
@ -29,9 +31,10 @@ type EventstoreRepos struct {
ProjectEvents *proj_event.ProjectEventstore
UserEvents *usr_event.UserEventstore
OrgEvents *org_event.OrgEventstore
IamEvents *iam_event.IAMEventstore
}
func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, eventstore eventstore.Eventstore, repos EventstoreRepos) []query.Handler {
func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, eventstore eventstore.Eventstore, repos EventstoreRepos, defaults systemdefaults.SystemDefaults) []query.Handler {
return []query.Handler{
&Project{handler: handler{view, bulkLimit, configs.cycleDuration("Project"), errorCount}, eventstore: eventstore},
&ProjectGrant{handler: handler{view, bulkLimit, configs.cycleDuration("ProjectGrant"), errorCount}, eventstore: eventstore, projectEvents: repos.ProjectEvents, orgEvents: repos.OrgEvents},
@ -45,6 +48,9 @@ func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, ev
&OrgMember{handler: handler{view, bulkLimit, configs.cycleDuration("OrgMember"), errorCount}, userEvents: repos.UserEvents},
&OrgDomain{handler: handler{view, bulkLimit, configs.cycleDuration("OrgDomain"), errorCount}},
&UserMembership{handler: handler{view, bulkLimit, configs.cycleDuration("UserMembership"), errorCount}, orgEvents: repos.OrgEvents, projectEvents: repos.ProjectEvents},
&IDPConfig{handler: handler{view, bulkLimit, configs.cycleDuration("IDPConfig"), errorCount}},
&LoginPolicy{handler: handler{view, bulkLimit, configs.cycleDuration("LoginPolicy"), errorCount}},
&IDPProvider{handler: handler{view, bulkLimit, configs.cycleDuration("IDPProvider"), errorCount}, systemDefaults: defaults, iamEvents: repos.IamEvents, orgEvents: repos.OrgEvents},
}
}

Some files were not shown because too many files have changed in this diff Show More