mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-11 21:37:32 +00:00
feat: idp and login policy configurations (#619)
* feat: oidc config * fix: oidc configurations * feat: oidc idp config * feat: add oidc config test * fix: tests * fix: tests * feat: translate new events * feat: idp eventstore * feat: idp eventstore * fix: tests * feat: command side idp * feat: query side idp * feat: idp config on org * fix: tests * feat: authz idp on org * feat: org idps * feat: login policy * feat: login policy * feat: login policy * feat: add idp func on login policy * feat: add validation to loginpolicy and idp provider * feat: add default login policy * feat: login policy on org * feat: login policy on org * fix: id config handlers * fix: id config handlers * fix: create idp on org * fix: create idp on org * fix: not existing idp config * fix: default login policy * fix: add login policy on org * fix: idp provider search on org * fix: test * fix: remove idp on org * fix: test * fix: test * fix: remove admin idp * fix: logo src as byte * fix: migration * fix: tests * Update internal/iam/repository/eventsourcing/iam.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/iam_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/iam_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/org/repository/eventsourcing/org_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix: pr comments * fix: tests * Update types.go * fix: merge request changes * fix: reduce optimization Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com>
This commit is contained in:
Fabi
@@ -5,57 +5,61 @@ import (
|
||||
"github.com/caos/logging"
|
||||
admin_view "github.com/caos/zitadel/internal/admin/repository/eventsourcing/view"
|
||||
"github.com/caos/zitadel/internal/config/systemdefaults"
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
||||
es_sdk "github.com/caos/zitadel/internal/eventstore/sdk"
|
||||
iam_es_model "github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
org_es "github.com/caos/zitadel/internal/org/repository/eventsourcing"
|
||||
"strings"
|
||||
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
iam_es "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
|
||||
)
|
||||
|
||||
type IamRepository struct {
|
||||
type IAMRepository struct {
|
||||
SearchLimit uint64
|
||||
*iam_es.IamEventstore
|
||||
*iam_es.IAMEventstore
|
||||
OrgEvents *org_es.OrgEventstore
|
||||
View *admin_view.View
|
||||
SystemDefaults systemdefaults.SystemDefaults
|
||||
Roles []string
|
||||
}
|
||||
|
||||
func (repo *IamRepository) IamMemberByID(ctx context.Context, orgID, userID string) (*iam_model.IamMemberView, error) {
|
||||
member, err := repo.View.IamMemberByIDs(orgID, userID)
|
||||
func (repo *IAMRepository) IAMMemberByID(ctx context.Context, orgID, userID string) (*iam_model.IAMMemberView, error) {
|
||||
member, err := repo.View.IAMMemberByIDs(orgID, userID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return iam_es_model.IamMemberToModel(member), nil
|
||||
return iam_es_model.IAMMemberToModel(member), nil
|
||||
}
|
||||
|
||||
func (repo *IamRepository) AddIamMember(ctx context.Context, member *iam_model.IamMember) (*iam_model.IamMember, error) {
|
||||
func (repo *IAMRepository) AddIAMMember(ctx context.Context, member *iam_model.IAMMember) (*iam_model.IAMMember, error) {
|
||||
member.AggregateID = repo.SystemDefaults.IamID
|
||||
return repo.IamEventstore.AddIamMember(ctx, member)
|
||||
return repo.IAMEventstore.AddIAMMember(ctx, member)
|
||||
}
|
||||
|
||||
func (repo *IamRepository) ChangeIamMember(ctx context.Context, member *iam_model.IamMember) (*iam_model.IamMember, error) {
|
||||
func (repo *IAMRepository) ChangeIAMMember(ctx context.Context, member *iam_model.IAMMember) (*iam_model.IAMMember, error) {
|
||||
member.AggregateID = repo.SystemDefaults.IamID
|
||||
return repo.IamEventstore.ChangeIamMember(ctx, member)
|
||||
return repo.IAMEventstore.ChangeIAMMember(ctx, member)
|
||||
}
|
||||
|
||||
func (repo *IamRepository) RemoveIamMember(ctx context.Context, userID string) error {
|
||||
member := iam_model.NewIamMember(repo.SystemDefaults.IamID, userID)
|
||||
return repo.IamEventstore.RemoveIamMember(ctx, member)
|
||||
func (repo *IAMRepository) RemoveIAMMember(ctx context.Context, userID string) error {
|
||||
member := iam_model.NewIAMMember(repo.SystemDefaults.IamID, userID)
|
||||
return repo.IAMEventstore.RemoveIAMMember(ctx, member)
|
||||
}
|
||||
|
||||
func (repo *IamRepository) SearchIamMembers(ctx context.Context, request *iam_model.IamMemberSearchRequest) (*iam_model.IamMemberSearchResponse, error) {
|
||||
func (repo *IAMRepository) SearchIAMMembers(ctx context.Context, request *iam_model.IAMMemberSearchRequest) (*iam_model.IAMMemberSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
sequence, err := repo.View.GetLatestIamMemberSequence()
|
||||
sequence, err := repo.View.GetLatestIAMMemberSequence()
|
||||
logging.Log("EVENT-Slkci").OnError(err).Warn("could not read latest iam sequence")
|
||||
members, count, err := repo.View.SearchIamMembers(request)
|
||||
members, count, err := repo.View.SearchIAMMembers(request)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
result := &iam_model.IamMemberSearchResponse{
|
||||
result := &iam_model.IAMMemberSearchResponse{
|
||||
Offset: request.Offset,
|
||||
Limit: request.Limit,
|
||||
TotalResult: uint64(count),
|
||||
Result: iam_es_model.IamMembersToModel(members),
|
||||
TotalResult: count,
|
||||
Result: iam_es_model.IAMMembersToModel(members),
|
||||
}
|
||||
if err == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
@@ -64,7 +68,7 @@ func (repo *IamRepository) SearchIamMembers(ctx context.Context, request *iam_mo
|
||||
return result, nil
|
||||
}
|
||||
|
||||
func (repo *IamRepository) GetIamMemberRoles() []string {
|
||||
func (repo *IAMRepository) GetIAMMemberRoles() []string {
|
||||
roles := make([]string, 0)
|
||||
for _, roleMap := range repo.Roles {
|
||||
if strings.HasPrefix(roleMap, "IAM") {
|
||||
@@ -73,3 +77,133 @@ func (repo *IamRepository) GetIamMemberRoles() []string {
|
||||
}
|
||||
return roles
|
||||
}
|
||||
|
||||
func (repo *IAMRepository) IDPConfigByID(ctx context.Context, idpConfigID string) (*iam_model.IDPConfigView, error) {
|
||||
idp, err := repo.View.IDPConfigByID(idpConfigID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return iam_es_model.IdpConfigViewToModel(idp), nil
|
||||
}
|
||||
func (repo *IAMRepository) AddOIDCIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error) {
|
||||
idp.AggregateID = repo.SystemDefaults.IamID
|
||||
return repo.IAMEventstore.AddIDPConfig(ctx, idp)
|
||||
}
|
||||
|
||||
func (repo *IAMRepository) ChangeIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error) {
|
||||
idp.AggregateID = repo.SystemDefaults.IamID
|
||||
return repo.IAMEventstore.ChangeIDPConfig(ctx, idp)
|
||||
}
|
||||
|
||||
func (repo *IAMRepository) DeactivateIDPConfig(ctx context.Context, idpConfigID string) (*iam_model.IDPConfig, error) {
|
||||
return repo.IAMEventstore.DeactivateIDPConfig(ctx, repo.SystemDefaults.IamID, idpConfigID)
|
||||
}
|
||||
|
||||
func (repo *IAMRepository) ReactivateIDPConfig(ctx context.Context, idpConfigID string) (*iam_model.IDPConfig, error) {
|
||||
return repo.IAMEventstore.ReactivateIDPConfig(ctx, repo.SystemDefaults.IamID, idpConfigID)
|
||||
}
|
||||
|
||||
func (repo *IAMRepository) RemoveIDPConfig(ctx context.Context, idpConfigID string) error {
|
||||
aggregates := make([]*es_models.Aggregate, 0)
|
||||
idp := iam_model.NewIDPConfig(repo.SystemDefaults.IamID, idpConfigID)
|
||||
_, agg, err := repo.IAMEventstore.PrepareRemoveIDPConfig(ctx, idp)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
aggregates = append(aggregates, agg)
|
||||
|
||||
providers, err := repo.View.IDPProvidersByIdpConfigID(idpConfigID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, p := range providers {
|
||||
if p.AggregateID == repo.SystemDefaults.IamID {
|
||||
continue
|
||||
}
|
||||
provider := &iam_model.IDPProvider{ObjectRoot: es_models.ObjectRoot{AggregateID: p.AggregateID}, IdpConfigID: p.IDPConfigID}
|
||||
providerAgg := new(es_models.Aggregate)
|
||||
_, providerAgg, err = repo.OrgEvents.PrepareRemoveIDPProviderFromLoginPolicy(ctx, provider, true)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
aggregates = append(aggregates, providerAgg)
|
||||
}
|
||||
|
||||
return es_sdk.PushAggregates(ctx, repo.Eventstore.PushAggregates, nil, aggregates...)
|
||||
}
|
||||
|
||||
func (repo *IAMRepository) ChangeOidcIDPConfig(ctx context.Context, oidcConfig *iam_model.OIDCIDPConfig) (*iam_model.OIDCIDPConfig, error) {
|
||||
oidcConfig.AggregateID = repo.SystemDefaults.IamID
|
||||
return repo.IAMEventstore.ChangeIDPOIDCConfig(ctx, oidcConfig)
|
||||
}
|
||||
|
||||
func (repo *IAMRepository) SearchIDPConfigs(ctx context.Context, request *iam_model.IDPConfigSearchRequest) (*iam_model.IDPConfigSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
sequence, err := repo.View.GetLatestIDPConfigSequence()
|
||||
logging.Log("EVENT-Dk8si").OnError(err).Warn("could not read latest idp config sequence")
|
||||
idps, count, err := repo.View.SearchIDPConfigs(request)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
result := &iam_model.IDPConfigSearchResponse{
|
||||
Offset: request.Offset,
|
||||
Limit: request.Limit,
|
||||
TotalResult: uint64(count),
|
||||
Result: iam_es_model.IdpConfigViewsToModel(idps),
|
||||
}
|
||||
if err == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
return result, nil
|
||||
}
|
||||
|
||||
func (repo *IAMRepository) GetDefaultLoginPolicy(ctx context.Context) (*iam_model.LoginPolicyView, error) {
|
||||
policy, err := repo.View.LoginPolicyByAggregateID(repo.SystemDefaults.IamID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return iam_es_model.LoginPolicyViewToModel(policy), err
|
||||
}
|
||||
|
||||
func (repo *IAMRepository) AddDefaultLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) {
|
||||
policy.AggregateID = repo.SystemDefaults.IamID
|
||||
return repo.IAMEventstore.AddLoginPolicy(ctx, policy)
|
||||
}
|
||||
|
||||
func (repo *IAMRepository) ChangeDefaultLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) {
|
||||
policy.AggregateID = repo.SystemDefaults.IamID
|
||||
return repo.IAMEventstore.ChangeLoginPolicy(ctx, policy)
|
||||
}
|
||||
|
||||
func (repo *IAMRepository) SearchDefaultIDPProviders(ctx context.Context, request *iam_model.IDPProviderSearchRequest) (*iam_model.IDPProviderSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
request.AppendAggregateIDQuery(repo.SystemDefaults.IamID)
|
||||
sequence, err := repo.View.GetLatestIDPProviderSequence()
|
||||
logging.Log("EVENT-Tuiks").OnError(err).Warn("could not read latest iam sequence")
|
||||
providers, count, err := repo.View.SearchIDPProviders(request)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
result := &iam_model.IDPProviderSearchResponse{
|
||||
Offset: request.Offset,
|
||||
Limit: request.Limit,
|
||||
TotalResult: count,
|
||||
Result: iam_es_model.IDPProviderViewsToModel(providers),
|
||||
}
|
||||
if err == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
return result, nil
|
||||
}
|
||||
|
||||
func (repo *IAMRepository) AddIDPProviderToLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) (*iam_model.IDPProvider, error) {
|
||||
provider.AggregateID = repo.SystemDefaults.IamID
|
||||
return repo.IAMEventstore.AddIDPProviderToLoginPolicy(ctx, provider)
|
||||
}
|
||||
|
||||
func (repo *IAMRepository) RemoveIdpProviderFromIdpProvider(ctx context.Context, provider *iam_model.IDPProvider) error {
|
||||
provider.AggregateID = repo.SystemDefaults.IamID
|
||||
return repo.IAMEventstore.RemoveIDPProviderFromLoginPolicy(ctx, provider)
|
||||
}
|
||||
|
||||
@@ -4,9 +4,9 @@ import (
|
||||
"context"
|
||||
|
||||
"github.com/caos/logging"
|
||||
|
||||
admin_model "github.com/caos/zitadel/internal/admin/model"
|
||||
admin_view "github.com/caos/zitadel/internal/admin/repository/eventsourcing/view"
|
||||
"github.com/caos/zitadel/internal/config/systemdefaults"
|
||||
"github.com/caos/zitadel/internal/eventstore"
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
||||
"github.com/caos/zitadel/internal/eventstore/sdk"
|
||||
@@ -30,7 +30,8 @@ type OrgRepo struct {
|
||||
|
||||
View *admin_view.View
|
||||
|
||||
SearchLimit uint64
|
||||
SearchLimit uint64
|
||||
SystemDefaults systemdefaults.SystemDefaults
|
||||
}
|
||||
|
||||
func (repo *OrgRepo) SetUpOrg(ctx context.Context, setUp *admin_model.SetupOrg) (*admin_model.SetupOrg, error) {
|
||||
@@ -38,7 +39,7 @@ func (repo *OrgRepo) SetUpOrg(ctx context.Context, setUp *admin_model.SetupOrg)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
orgPolicy, err := repo.OrgEventstore.GetOrgIamPolicy(ctx, policy_model.DefaultPolicy)
|
||||
orgPolicy, err := repo.OrgEventstore.GetOrgIAMPolicy(ctx, policy_model.DefaultPolicy)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -105,18 +106,18 @@ func (repo *OrgRepo) IsOrgUnique(ctx context.Context, name, domain string) (isUn
|
||||
return repo.OrgEventstore.IsOrgUnique(ctx, name, domain)
|
||||
}
|
||||
|
||||
func (repo *OrgRepo) GetOrgIamPolicyByID(ctx context.Context, id string) (*org_model.OrgIamPolicy, error) {
|
||||
return repo.OrgEventstore.GetOrgIamPolicy(ctx, id)
|
||||
func (repo *OrgRepo) GetOrgIamPolicyByID(ctx context.Context, id string) (*org_model.OrgIAMPolicy, error) {
|
||||
return repo.OrgEventstore.GetOrgIAMPolicy(ctx, id)
|
||||
}
|
||||
|
||||
func (repo *OrgRepo) CreateOrgIamPolicy(ctx context.Context, policy *org_model.OrgIamPolicy) (*org_model.OrgIamPolicy, error) {
|
||||
return repo.OrgEventstore.AddOrgIamPolicy(ctx, policy)
|
||||
func (repo *OrgRepo) CreateOrgIamPolicy(ctx context.Context, policy *org_model.OrgIAMPolicy) (*org_model.OrgIAMPolicy, error) {
|
||||
return repo.OrgEventstore.AddOrgIAMPolicy(ctx, policy)
|
||||
}
|
||||
|
||||
func (repo *OrgRepo) ChangeOrgIamPolicy(ctx context.Context, policy *org_model.OrgIamPolicy) (*org_model.OrgIamPolicy, error) {
|
||||
return repo.OrgEventstore.ChangeOrgIamPolicy(ctx, policy)
|
||||
func (repo *OrgRepo) ChangeOrgIamPolicy(ctx context.Context, policy *org_model.OrgIAMPolicy) (*org_model.OrgIAMPolicy, error) {
|
||||
return repo.OrgEventstore.ChangeOrgIAMPolicy(ctx, policy)
|
||||
}
|
||||
|
||||
func (repo *OrgRepo) RemoveOrgIamPolicy(ctx context.Context, id string) error {
|
||||
return repo.OrgEventstore.RemoveOrgIamPolicy(ctx, id)
|
||||
return repo.OrgEventstore.RemoveOrgIAMPolicy(ctx, id)
|
||||
}
|
||||
|
||||
@@ -25,7 +25,7 @@ func (repo *UserRepo) CreateUser(ctx context.Context, user *usr_model.User) (*us
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
orgPolicy, err := repo.OrgEvents.GetOrgIamPolicy(ctx, authz.GetCtxData(ctx).OrgID)
|
||||
orgPolicy, err := repo.OrgEvents.GetOrgIAMPolicy(ctx, authz.GetCtxData(ctx).OrgID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -41,7 +41,7 @@ func (repo *UserRepo) RegisterUser(ctx context.Context, user *usr_model.User, re
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
orgPolicy, err := repo.OrgEvents.GetOrgIamPolicy(ctx, policyResourceOwner)
|
||||
orgPolicy, err := repo.OrgEvents.GetOrgIAMPolicy(ctx, policyResourceOwner)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -1,6 +1,8 @@
|
||||
package handler
|
||||
|
||||
import (
|
||||
"github.com/caos/zitadel/internal/config/systemdefaults"
|
||||
iam_event "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
|
||||
"time"
|
||||
|
||||
"github.com/caos/zitadel/internal/admin/repository/eventsourcing/view"
|
||||
@@ -26,13 +28,17 @@ type handler struct {
|
||||
|
||||
type EventstoreRepos struct {
|
||||
UserEvents *usr_event.UserEventstore
|
||||
IamEvents *iam_event.IAMEventstore
|
||||
OrgEvents *org_event.OrgEventstore
|
||||
}
|
||||
|
||||
func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, eventstore eventstore.Eventstore, repos EventstoreRepos) []query.Handler {
|
||||
func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, eventstore eventstore.Eventstore, repos EventstoreRepos, defaults systemdefaults.SystemDefaults) []query.Handler {
|
||||
return []query.Handler{
|
||||
&Org{handler: handler{view, bulkLimit, configs.cycleDuration("Org"), errorCount}},
|
||||
&IamMember{handler: handler{view, bulkLimit, configs.cycleDuration("IamMember"), errorCount}, userEvents: repos.UserEvents},
|
||||
&IDPConfig{handler: handler{view, bulkLimit, configs.cycleDuration("IDPConfig"), errorCount}},
|
||||
&LoginPolicy{handler: handler{view, bulkLimit, configs.cycleDuration("LoginPolicy"), errorCount}},
|
||||
&IDPProvider{handler: handler{view, bulkLimit, configs.cycleDuration("LoginPolicy"), errorCount}, systemDefaults: defaults, iamEvents: repos.IamEvents, orgEvents: repos.OrgEvents},
|
||||
&User{handler: handler{view, bulkLimit, configs.cycleDuration("User"), errorCount}, eventstore: eventstore, orgEvents: repos.OrgEvents},
|
||||
}
|
||||
}
|
||||
|
||||
@@ -29,18 +29,18 @@ func (m *IamMember) ViewModel() string {
|
||||
}
|
||||
|
||||
func (m *IamMember) EventQuery() (*models.SearchQuery, error) {
|
||||
sequence, err := m.view.GetLatestIamMemberSequence()
|
||||
sequence, err := m.view.GetLatestIAMMemberSequence()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return es_models.NewSearchQuery().
|
||||
AggregateTypeFilter(model.IamAggregate, usr_es_model.UserAggregate).
|
||||
AggregateTypeFilter(model.IAMAggregate, usr_es_model.UserAggregate).
|
||||
LatestSequenceFilter(sequence.CurrentSequence), nil
|
||||
}
|
||||
|
||||
func (m *IamMember) Reduce(event *models.Event) (err error) {
|
||||
switch event.AggregateType {
|
||||
case model.IamAggregate:
|
||||
case model.IAMAggregate:
|
||||
err = m.processIamMember(event)
|
||||
case usr_es_model.UserAggregate:
|
||||
err = m.processUser(event)
|
||||
@@ -49,46 +49,46 @@ func (m *IamMember) Reduce(event *models.Event) (err error) {
|
||||
}
|
||||
|
||||
func (m *IamMember) processIamMember(event *models.Event) (err error) {
|
||||
member := new(iam_model.IamMemberView)
|
||||
member := new(iam_model.IAMMemberView)
|
||||
switch event.Type {
|
||||
case model.IamMemberAdded:
|
||||
case model.IAMMemberAdded:
|
||||
member.AppendEvent(event)
|
||||
m.fillData(member)
|
||||
case model.IamMemberChanged:
|
||||
case model.IAMMemberChanged:
|
||||
err := member.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
member, err = m.view.IamMemberByIDs(event.AggregateID, member.UserID)
|
||||
member, err = m.view.IAMMemberByIDs(event.AggregateID, member.UserID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
member.AppendEvent(event)
|
||||
case model.IamMemberRemoved:
|
||||
case model.IAMMemberRemoved:
|
||||
err := member.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.DeleteIamMember(event.AggregateID, member.UserID, event.Sequence)
|
||||
return m.view.DeleteIAMMember(event.AggregateID, member.UserID, event.Sequence)
|
||||
default:
|
||||
return m.view.ProcessedIamMemberSequence(event.Sequence)
|
||||
return m.view.ProcessedIAMMemberSequence(event.Sequence)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.PutIamMember(member, member.Sequence)
|
||||
return m.view.PutIAMMember(member, member.Sequence)
|
||||
}
|
||||
|
||||
func (m *IamMember) processUser(event *models.Event) (err error) {
|
||||
switch event.Type {
|
||||
case usr_es_model.UserProfileChanged,
|
||||
usr_es_model.UserEmailChanged:
|
||||
members, err := m.view.IamMembersByUserID(event.AggregateID)
|
||||
members, err := m.view.IAMMembersByUserID(event.AggregateID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if len(members) == 0 {
|
||||
return m.view.ProcessedIamMemberSequence(event.Sequence)
|
||||
return m.view.ProcessedIAMMemberSequence(event.Sequence)
|
||||
}
|
||||
user, err := m.userEvents.UserByID(context.Background(), event.AggregateID)
|
||||
if err != nil {
|
||||
@@ -96,18 +96,18 @@ func (m *IamMember) processUser(event *models.Event) (err error) {
|
||||
}
|
||||
for _, member := range members {
|
||||
m.fillUserData(member, user)
|
||||
err = m.view.PutIamMember(member, event.Sequence)
|
||||
err = m.view.PutIAMMember(member, event.Sequence)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
default:
|
||||
return m.view.ProcessedIamMemberSequence(event.Sequence)
|
||||
return m.view.ProcessedIAMMemberSequence(event.Sequence)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (m *IamMember) fillData(member *iam_model.IamMemberView) (err error) {
|
||||
func (m *IamMember) fillData(member *iam_model.IAMMemberView) (err error) {
|
||||
user, err := m.userEvents.UserByID(context.Background(), member.UserID)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -116,7 +116,7 @@ func (m *IamMember) fillData(member *iam_model.IamMemberView) (err error) {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (m *IamMember) fillUserData(member *iam_model.IamMemberView, user *usr_model.User) {
|
||||
func (m *IamMember) fillUserData(member *iam_model.IAMMemberView, user *usr_model.User) {
|
||||
member.UserName = user.UserName
|
||||
member.FirstName = user.FirstName
|
||||
member.LastName = user.LastName
|
||||
@@ -125,5 +125,5 @@ func (m *IamMember) fillUserData(member *iam_model.IamMemberView, user *usr_mode
|
||||
}
|
||||
func (m *IamMember) OnError(event *models.Event, err error) error {
|
||||
logging.LogWithFields("SPOOL-Ld9ow", "id", event.AggregateID).WithError(err).Warn("something went wrong in iammember handler")
|
||||
return spooler.HandleError(event, err, m.view.GetLatestIamMemberFailedEvent, m.view.ProcessedIamMemberFailedEvent, m.view.ProcessedIamMemberSequence, m.errorCountUntilSkip)
|
||||
return spooler.HandleError(event, err, m.view.GetLatestIAMMemberFailedEvent, m.view.ProcessedIAMMemberFailedEvent, m.view.ProcessedIAMMemberSequence, m.errorCountUntilSkip)
|
||||
}
|
||||
|
||||
@@ -0,0 +1,79 @@
|
||||
package handler
|
||||
|
||||
import (
|
||||
"github.com/caos/logging"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
|
||||
"github.com/caos/zitadel/internal/eventstore/models"
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
||||
"github.com/caos/zitadel/internal/eventstore/spooler"
|
||||
"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
|
||||
iam_view_model "github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
)
|
||||
|
||||
type IDPConfig struct {
|
||||
handler
|
||||
}
|
||||
|
||||
const (
|
||||
idpConfigTable = "adminapi.idp_configs"
|
||||
)
|
||||
|
||||
func (m *IDPConfig) ViewModel() string {
|
||||
return idpConfigTable
|
||||
}
|
||||
|
||||
func (m *IDPConfig) EventQuery() (*models.SearchQuery, error) {
|
||||
sequence, err := m.view.GetLatestIDPConfigSequence()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return es_models.NewSearchQuery().
|
||||
AggregateTypeFilter(model.IAMAggregate).
|
||||
LatestSequenceFilter(sequence.CurrentSequence), nil
|
||||
}
|
||||
|
||||
func (m *IDPConfig) Reduce(event *models.Event) (err error) {
|
||||
switch event.AggregateType {
|
||||
case model.IAMAggregate:
|
||||
err = m.processIDPConfig(event)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func (m *IDPConfig) processIDPConfig(event *models.Event) (err error) {
|
||||
idp := new(iam_view_model.IDPConfigView)
|
||||
switch event.Type {
|
||||
case model.IDPConfigAdded:
|
||||
err = idp.AppendEvent(iam_model.IDPProviderTypeSystem, event)
|
||||
case model.IDPConfigChanged,
|
||||
model.OIDCIDPConfigAdded,
|
||||
model.OIDCIDPConfigChanged:
|
||||
err = idp.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
idp, err = m.view.IDPConfigByID(idp.IDPConfigID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = idp.AppendEvent(iam_model.IDPProviderTypeSystem, event)
|
||||
case model.IDPConfigRemoved:
|
||||
err = idp.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.DeleteIDPConfig(idp.IDPConfigID, event.Sequence)
|
||||
default:
|
||||
return m.view.ProcessedIDPConfigSequence(event.Sequence)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.PutIDPConfig(idp, idp.Sequence)
|
||||
}
|
||||
|
||||
func (m *IDPConfig) OnError(event *models.Event, err error) error {
|
||||
logging.LogWithFields("SPOOL-Mslo9", "id", event.AggregateID).WithError(err).Warn("something went wrong in idp config handler")
|
||||
return spooler.HandleError(event, err, m.view.GetLatestIDPConfigFailedEvent, m.view.ProcessedIDPConfigFailedEvent, m.view.ProcessedIDPConfigSequence, m.errorCountUntilSkip)
|
||||
}
|
||||
114
internal/admin/repository/eventsourcing/handler/idp_providers.go
Normal file
114
internal/admin/repository/eventsourcing/handler/idp_providers.go
Normal file
@@ -0,0 +1,114 @@
|
||||
package handler
|
||||
|
||||
import (
|
||||
"context"
|
||||
"github.com/caos/logging"
|
||||
"github.com/caos/zitadel/internal/config/systemdefaults"
|
||||
"github.com/caos/zitadel/internal/iam/repository/eventsourcing"
|
||||
org_events "github.com/caos/zitadel/internal/org/repository/eventsourcing"
|
||||
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
|
||||
|
||||
"github.com/caos/zitadel/internal/eventstore/models"
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
||||
"github.com/caos/zitadel/internal/eventstore/spooler"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
|
||||
iam_view_model "github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
)
|
||||
|
||||
type IDPProvider struct {
|
||||
handler
|
||||
systemDefaults systemdefaults.SystemDefaults
|
||||
iamEvents *eventsourcing.IAMEventstore
|
||||
orgEvents *org_events.OrgEventstore
|
||||
}
|
||||
|
||||
const (
|
||||
idpProviderTable = "adminapi.idp_providers"
|
||||
)
|
||||
|
||||
func (m *IDPProvider) ViewModel() string {
|
||||
return idpProviderTable
|
||||
}
|
||||
|
||||
func (m *IDPProvider) EventQuery() (*models.SearchQuery, error) {
|
||||
sequence, err := m.view.GetLatestIDPProviderSequence()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return es_models.NewSearchQuery().
|
||||
AggregateTypeFilter(model.IAMAggregate, org_es_model.OrgAggregate).
|
||||
LatestSequenceFilter(sequence.CurrentSequence), nil
|
||||
}
|
||||
|
||||
func (m *IDPProvider) Reduce(event *models.Event) (err error) {
|
||||
switch event.AggregateType {
|
||||
case model.IAMAggregate, org_es_model.OrgAggregate:
|
||||
err = m.processIdpProvider(event)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func (m *IDPProvider) processIdpProvider(event *models.Event) (err error) {
|
||||
provider := new(iam_view_model.IDPProviderView)
|
||||
switch event.Type {
|
||||
case model.LoginPolicyIDPProviderAdded, org_es_model.LoginPolicyIDPProviderAdded:
|
||||
err = provider.AppendEvent(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = m.fillData(provider)
|
||||
case model.LoginPolicyIDPProviderRemoved, model.LoginPolicyIDPProviderCascadeRemoved,
|
||||
org_es_model.LoginPolicyIDPProviderRemoved, org_es_model.LoginPolicyIDPProviderCascadeRemoved:
|
||||
err = provider.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.DeleteIDPProvider(event.AggregateID, provider.IDPConfigID, event.Sequence)
|
||||
case model.IDPConfigChanged, org_es_model.IDPConfigChanged:
|
||||
config := new(iam_model.IDPConfig)
|
||||
config.AppendEvent(event)
|
||||
providers, err := m.view.IDPProvidersByIdpConfigID(config.IDPConfigID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
config, err = m.iamEvents.GetIDPConfig(context.Background(), provider.AggregateID, config.IDPConfigID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, provider := range providers {
|
||||
m.fillConfigData(provider, config)
|
||||
}
|
||||
return m.view.PutIDPProviders(event.Sequence, providers...)
|
||||
default:
|
||||
return m.view.ProcessedIDPProviderSequence(event.Sequence)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.PutIDPProvider(provider, provider.Sequence)
|
||||
}
|
||||
|
||||
func (m *IDPProvider) fillData(provider *iam_view_model.IDPProviderView) (err error) {
|
||||
var config *iam_model.IDPConfig
|
||||
if provider.IDPProviderType == int32(iam_model.IDPProviderTypeSystem) {
|
||||
config, err = m.iamEvents.GetIDPConfig(context.Background(), m.systemDefaults.IamID, provider.IDPConfigID)
|
||||
} else {
|
||||
config, err = m.orgEvents.GetIDPConfig(context.Background(), provider.AggregateID, provider.IDPConfigID)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
m.fillConfigData(provider, config)
|
||||
return nil
|
||||
}
|
||||
|
||||
func (m *IDPProvider) fillConfigData(provider *iam_view_model.IDPProviderView, config *iam_model.IDPConfig) {
|
||||
provider.Name = config.Name
|
||||
provider.IDPConfigType = int32(config.Type)
|
||||
}
|
||||
|
||||
func (m *IDPProvider) OnError(event *models.Event, err error) error {
|
||||
logging.LogWithFields("SPOOL-Msj8c", "id", event.AggregateID).WithError(err).Warn("something went wrong in idp provider handler")
|
||||
return spooler.HandleError(event, err, m.view.GetLatestIDPProviderFailedEvent, m.view.ProcessedIDPProviderFailedEvent, m.view.ProcessedIDPProviderSequence, m.errorCountUntilSkip)
|
||||
}
|
||||
@@ -0,0 +1,66 @@
|
||||
package handler
|
||||
|
||||
import (
|
||||
"github.com/caos/logging"
|
||||
|
||||
"github.com/caos/zitadel/internal/eventstore/models"
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
||||
"github.com/caos/zitadel/internal/eventstore/spooler"
|
||||
"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
)
|
||||
|
||||
type LoginPolicy struct {
|
||||
handler
|
||||
}
|
||||
|
||||
const (
|
||||
loginPolicyTable = "adminapi.login_policies"
|
||||
)
|
||||
|
||||
func (m *LoginPolicy) ViewModel() string {
|
||||
return loginPolicyTable
|
||||
}
|
||||
|
||||
func (m *LoginPolicy) EventQuery() (*models.SearchQuery, error) {
|
||||
sequence, err := m.view.GetLatestLoginPolicySequence()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return es_models.NewSearchQuery().
|
||||
AggregateTypeFilter(model.IAMAggregate).
|
||||
LatestSequenceFilter(sequence.CurrentSequence), nil
|
||||
}
|
||||
|
||||
func (m *LoginPolicy) Reduce(event *models.Event) (err error) {
|
||||
switch event.AggregateType {
|
||||
case model.IAMAggregate:
|
||||
err = m.processLoginPolicy(event)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func (m *LoginPolicy) processLoginPolicy(event *models.Event) (err error) {
|
||||
policy := new(iam_model.LoginPolicyView)
|
||||
switch event.Type {
|
||||
case model.LoginPolicyAdded:
|
||||
err = policy.AppendEvent(event)
|
||||
case model.LoginPolicyChanged:
|
||||
policy, err = m.view.LoginPolicyByAggregateID(event.AggregateID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = policy.AppendEvent(event)
|
||||
default:
|
||||
return m.view.ProcessedLoginPolicySequence(event.Sequence)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.PutLoginPolicy(policy, policy.Sequence)
|
||||
}
|
||||
|
||||
func (m *LoginPolicy) OnError(event *models.Event, err error) error {
|
||||
logging.LogWithFields("SPOOL-Wj8sf", "id", event.AggregateID).WithError(err).Warn("something went wrong in login policy handler")
|
||||
return spooler.HandleError(event, err, m.view.GetLatestLoginPolicyFailedEvent, m.view.ProcessedLoginPolicyFailedEvent, m.view.ProcessedLoginPolicySequence, m.errorCountUntilSkip)
|
||||
}
|
||||
@@ -105,9 +105,9 @@ func (u *User) ProcessOrg(event *models.Event) (err error) {
|
||||
switch event.Type {
|
||||
case org_es_model.OrgDomainVerified,
|
||||
org_es_model.OrgDomainRemoved,
|
||||
org_es_model.OrgIamPolicyAdded,
|
||||
org_es_model.OrgIamPolicyChanged,
|
||||
org_es_model.OrgIamPolicyRemoved:
|
||||
org_es_model.OrgIAMPolicyAdded,
|
||||
org_es_model.OrgIAMPolicyChanged,
|
||||
org_es_model.OrgIAMPolicyRemoved:
|
||||
return u.fillLoginNamesOnOrgUsers(event)
|
||||
case org_es_model.OrgDomainPrimarySet:
|
||||
return u.fillPreferredLoginNamesOnOrgUsers(event)
|
||||
@@ -121,7 +121,7 @@ func (u *User) fillLoginNamesOnOrgUsers(event *models.Event) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
policy, err := u.orgEvents.GetOrgIamPolicy(context.Background(), event.ResourceOwner)
|
||||
policy, err := u.orgEvents.GetOrgIAMPolicy(context.Background(), event.ResourceOwner)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -140,7 +140,7 @@ func (u *User) fillPreferredLoginNamesOnOrgUsers(event *models.Event) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
policy, err := u.orgEvents.GetOrgIamPolicy(context.Background(), event.ResourceOwner)
|
||||
policy, err := u.orgEvents.GetOrgIAMPolicy(context.Background(), event.ResourceOwner)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -162,7 +162,7 @@ func (u *User) fillLoginNames(user *view_model.UserView) (err error) {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
policy, err := u.orgEvents.GetOrgIamPolicy(context.Background(), user.ResourceOwner)
|
||||
policy, err := u.orgEvents.GetOrgIAMPolicy(context.Background(), user.ResourceOwner)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -28,7 +28,7 @@ type Config struct {
|
||||
type EsRepository struct {
|
||||
spooler *es_spol.Spooler
|
||||
eventstore.OrgRepo
|
||||
eventstore.IamRepository
|
||||
eventstore.IAMRepository
|
||||
eventstore.AdministratorRepo
|
||||
}
|
||||
|
||||
@@ -38,7 +38,7 @@ func Start(ctx context.Context, conf Config, systemDefaults sd.SystemDefaults, r
|
||||
return nil, err
|
||||
}
|
||||
|
||||
iam, err := es_iam.StartIam(es_iam.IamConfig{
|
||||
iam, err := es_iam.StartIAM(es_iam.IAMConfig{
|
||||
Eventstore: es,
|
||||
Cache: conf.Eventstore.Cache,
|
||||
}, systemDefaults)
|
||||
@@ -71,7 +71,7 @@ func Start(ctx context.Context, conf Config, systemDefaults sd.SystemDefaults, r
|
||||
return nil, err
|
||||
}
|
||||
|
||||
spool := spooler.StartSpooler(conf.Spooler, es, view, sqlClient, handler.EventstoreRepos{UserEvents: user, OrgEvents: org})
|
||||
spool := spooler.StartSpooler(conf.Spooler, es, view, sqlClient, handler.EventstoreRepos{UserEvents: user, OrgEvents: org, IamEvents: iam}, systemDefaults)
|
||||
|
||||
return &EsRepository{
|
||||
spooler: spool,
|
||||
@@ -82,9 +82,11 @@ func Start(ctx context.Context, conf Config, systemDefaults sd.SystemDefaults, r
|
||||
PolicyEventstore: policy,
|
||||
View: view,
|
||||
SearchLimit: conf.SearchLimit,
|
||||
SystemDefaults: systemDefaults,
|
||||
},
|
||||
IamRepository: eventstore.IamRepository{
|
||||
IamEventstore: iam,
|
||||
IAMRepository: eventstore.IAMRepository{
|
||||
IAMEventstore: iam,
|
||||
OrgEvents: org,
|
||||
View: view,
|
||||
SystemDefaults: systemDefaults,
|
||||
SearchLimit: conf.SearchLimit,
|
||||
|
||||
@@ -2,6 +2,7 @@ package spooler
|
||||
|
||||
import (
|
||||
"database/sql"
|
||||
"github.com/caos/zitadel/internal/config/systemdefaults"
|
||||
|
||||
"github.com/caos/zitadel/internal/admin/repository/eventsourcing/handler"
|
||||
"github.com/caos/zitadel/internal/admin/repository/eventsourcing/view"
|
||||
@@ -16,12 +17,12 @@ type SpoolerConfig struct {
|
||||
Handlers handler.Configs
|
||||
}
|
||||
|
||||
func StartSpooler(c SpoolerConfig, es eventstore.Eventstore, view *view.View, sql *sql.DB, repos handler.EventstoreRepos) *spooler.Spooler {
|
||||
func StartSpooler(c SpoolerConfig, es eventstore.Eventstore, view *view.View, sql *sql.DB, repos handler.EventstoreRepos, defaults systemdefaults.SystemDefaults) *spooler.Spooler {
|
||||
spoolerConfig := spooler.Config{
|
||||
Eventstore: es,
|
||||
Locker: &locker{dbClient: sql},
|
||||
ConcurrentWorkers: c.ConcurrentWorkers,
|
||||
ViewHandlers: handler.Register(c.Handlers, c.BulkLimit, c.FailureCountUntilSkip, view, es, repos),
|
||||
ViewHandlers: handler.Register(c.Handlers, c.BulkLimit, c.FailureCountUntilSkip, view, es, repos, defaults),
|
||||
}
|
||||
spool := spoolerConfig.New()
|
||||
spool.Start()
|
||||
|
||||
@@ -12,46 +12,46 @@ const (
|
||||
iamMemberTable = "adminapi.iam_members"
|
||||
)
|
||||
|
||||
func (v *View) IamMemberByIDs(orgID, userID string) (*model.IamMemberView, error) {
|
||||
return view.IamMemberByIDs(v.Db, iamMemberTable, orgID, userID)
|
||||
func (v *View) IAMMemberByIDs(orgID, userID string) (*model.IAMMemberView, error) {
|
||||
return view.IAMMemberByIDs(v.Db, iamMemberTable, orgID, userID)
|
||||
}
|
||||
|
||||
func (v *View) SearchIamMembers(request *iam_model.IamMemberSearchRequest) ([]*model.IamMemberView, uint64, error) {
|
||||
return view.SearchIamMembers(v.Db, iamMemberTable, request)
|
||||
func (v *View) SearchIAMMembers(request *iam_model.IAMMemberSearchRequest) ([]*model.IAMMemberView, uint64, error) {
|
||||
return view.SearchIAMMembers(v.Db, iamMemberTable, request)
|
||||
}
|
||||
|
||||
func (v *View) IamMembersByUserID(userID string) ([]*model.IamMemberView, error) {
|
||||
return view.IamMembersByUserID(v.Db, iamMemberTable, userID)
|
||||
func (v *View) IAMMembersByUserID(userID string) ([]*model.IAMMemberView, error) {
|
||||
return view.IAMMembersByUserID(v.Db, iamMemberTable, userID)
|
||||
}
|
||||
|
||||
func (v *View) PutIamMember(org *model.IamMemberView, sequence uint64) error {
|
||||
err := view.PutIamMember(v.Db, iamMemberTable, org)
|
||||
func (v *View) PutIAMMember(org *model.IAMMemberView, sequence uint64) error {
|
||||
err := view.PutIAMMember(v.Db, iamMemberTable, org)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedIamMemberSequence(sequence)
|
||||
return v.ProcessedIAMMemberSequence(sequence)
|
||||
}
|
||||
|
||||
func (v *View) DeleteIamMember(iamID, userID string, eventSequence uint64) error {
|
||||
err := view.DeleteIamMember(v.Db, iamMemberTable, iamID, userID)
|
||||
func (v *View) DeleteIAMMember(iamID, userID string, eventSequence uint64) error {
|
||||
err := view.DeleteIAMMember(v.Db, iamMemberTable, iamID, userID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedIamMemberSequence(eventSequence)
|
||||
return v.ProcessedIAMMemberSequence(eventSequence)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestIamMemberSequence() (*global_view.CurrentSequence, error) {
|
||||
func (v *View) GetLatestIAMMemberSequence() (*global_view.CurrentSequence, error) {
|
||||
return v.latestSequence(iamMemberTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedIamMemberSequence(eventSequence uint64) error {
|
||||
func (v *View) ProcessedIAMMemberSequence(eventSequence uint64) error {
|
||||
return v.saveCurrentSequence(iamMemberTable, eventSequence)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestIamMemberFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
|
||||
func (v *View) GetLatestIAMMemberFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
|
||||
return v.latestFailedEvent(iamMemberTable, sequence)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedIamMemberFailedEvent(failedEvent *global_view.FailedEvent) error {
|
||||
func (v *View) ProcessedIAMMemberFailedEvent(failedEvent *global_view.FailedEvent) error {
|
||||
return v.saveFailedEvent(failedEvent)
|
||||
}
|
||||
|
||||
53
internal/admin/repository/eventsourcing/view/idp_configs.go
Normal file
53
internal/admin/repository/eventsourcing/view/idp_configs.go
Normal file
@@ -0,0 +1,53 @@
|
||||
package view
|
||||
|
||||
import (
|
||||
"github.com/caos/zitadel/internal/errors"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
"github.com/caos/zitadel/internal/iam/repository/view"
|
||||
"github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
global_view "github.com/caos/zitadel/internal/view/repository"
|
||||
)
|
||||
|
||||
const (
|
||||
idpConfigTable = "adminapi.idp_configs"
|
||||
)
|
||||
|
||||
func (v *View) IDPConfigByID(idpID string) (*model.IDPConfigView, error) {
|
||||
return view.IDPByID(v.Db, idpConfigTable, idpID)
|
||||
}
|
||||
|
||||
func (v *View) SearchIDPConfigs(request *iam_model.IDPConfigSearchRequest) ([]*model.IDPConfigView, uint64, error) {
|
||||
return view.SearchIDPs(v.Db, idpConfigTable, request)
|
||||
}
|
||||
|
||||
func (v *View) PutIDPConfig(idp *model.IDPConfigView, sequence uint64) error {
|
||||
err := view.PutIDP(v.Db, idpConfigTable, idp)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedIDPConfigSequence(sequence)
|
||||
}
|
||||
|
||||
func (v *View) DeleteIDPConfig(idpID string, eventSequence uint64) error {
|
||||
err := view.DeleteIDP(v.Db, idpConfigTable, idpID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedIDPConfigSequence(eventSequence)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestIDPConfigSequence() (*global_view.CurrentSequence, error) {
|
||||
return v.latestSequence(idpConfigTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedIDPConfigSequence(eventSequence uint64) error {
|
||||
return v.saveCurrentSequence(idpConfigTable, eventSequence)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestIDPConfigFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
|
||||
return v.latestFailedEvent(idpConfigTable, sequence)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedIDPConfigFailedEvent(failedEvent *global_view.FailedEvent) error {
|
||||
return v.saveFailedEvent(failedEvent)
|
||||
}
|
||||
@@ -0,0 +1,65 @@
|
||||
package view
|
||||
|
||||
import (
|
||||
"github.com/caos/zitadel/internal/errors"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
"github.com/caos/zitadel/internal/iam/repository/view"
|
||||
"github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
global_view "github.com/caos/zitadel/internal/view/repository"
|
||||
)
|
||||
|
||||
const (
|
||||
idpProviderTable = "adminapi.idp_providers"
|
||||
)
|
||||
|
||||
func (v *View) IDPProviderByAggregateAndIdpConfigID(aggregateID, idpConfigID string) (*model.IDPProviderView, error) {
|
||||
return view.GetIDPProviderByAggregateIDAndConfigID(v.Db, idpProviderTable, aggregateID, idpConfigID)
|
||||
}
|
||||
|
||||
func (v *View) IDPProvidersByIdpConfigID(idpConfigID string) ([]*model.IDPProviderView, error) {
|
||||
return view.IDPProvidersByIdpConfigID(v.Db, idpProviderTable, idpConfigID)
|
||||
}
|
||||
|
||||
func (v *View) SearchIDPProviders(request *iam_model.IDPProviderSearchRequest) ([]*model.IDPProviderView, uint64, error) {
|
||||
return view.SearchIDPProviders(v.Db, idpProviderTable, request)
|
||||
}
|
||||
|
||||
func (v *View) PutIDPProvider(provider *model.IDPProviderView, sequence uint64) error {
|
||||
err := view.PutIDPProvider(v.Db, idpProviderTable, provider)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedIDPProviderSequence(sequence)
|
||||
}
|
||||
|
||||
func (v *View) PutIDPProviders(sequence uint64, providers ...*model.IDPProviderView) error {
|
||||
err := view.PutIDPProviders(v.Db, idpProviderTable, providers...)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedIDPProviderSequence(sequence)
|
||||
}
|
||||
|
||||
func (v *View) DeleteIDPProvider(aggregateID, idpConfigID string, eventSequence uint64) error {
|
||||
err := view.DeleteIDPProvider(v.Db, idpProviderTable, aggregateID, idpConfigID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedIDPProviderSequence(eventSequence)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestIDPProviderSequence() (*global_view.CurrentSequence, error) {
|
||||
return v.latestSequence(idpProviderTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedIDPProviderSequence(eventSequence uint64) error {
|
||||
return v.saveCurrentSequence(idpProviderTable, eventSequence)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestIDPProviderFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
|
||||
return v.latestFailedEvent(idpProviderTable, sequence)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedIDPProviderFailedEvent(failedEvent *global_view.FailedEvent) error {
|
||||
return v.saveFailedEvent(failedEvent)
|
||||
}
|
||||
@@ -0,0 +1,48 @@
|
||||
package view
|
||||
|
||||
import (
|
||||
"github.com/caos/zitadel/internal/errors"
|
||||
"github.com/caos/zitadel/internal/iam/repository/view"
|
||||
"github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
global_view "github.com/caos/zitadel/internal/view/repository"
|
||||
)
|
||||
|
||||
const (
|
||||
loginPolicyTable = "adminapi.login_policies"
|
||||
)
|
||||
|
||||
func (v *View) LoginPolicyByAggregateID(aggregateID string) (*model.LoginPolicyView, error) {
|
||||
return view.GetLoginPolicyByAggregateID(v.Db, loginPolicyTable, aggregateID)
|
||||
}
|
||||
|
||||
func (v *View) PutLoginPolicy(policy *model.LoginPolicyView, sequence uint64) error {
|
||||
err := view.PutLoginPolicy(v.Db, loginPolicyTable, policy)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedLoginPolicySequence(sequence)
|
||||
}
|
||||
|
||||
func (v *View) DeleteLoginPolicy(aggregateID string, eventSequence uint64) error {
|
||||
err := view.DeleteLoginPolicy(v.Db, loginPolicyTable, aggregateID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedLoginPolicySequence(eventSequence)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestLoginPolicySequence() (*global_view.CurrentSequence, error) {
|
||||
return v.latestSequence(loginPolicyTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedLoginPolicySequence(eventSequence uint64) error {
|
||||
return v.saveCurrentSequence(loginPolicyTable, eventSequence)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestLoginPolicyFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
|
||||
return v.latestFailedEvent(loginPolicyTable, sequence)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedLoginPolicyFailedEvent(failedEvent *global_view.FailedEvent) error {
|
||||
return v.saveFailedEvent(failedEvent)
|
||||
}
|
||||
@@ -5,11 +5,27 @@ import (
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
)
|
||||
|
||||
type IamRepository interface {
|
||||
SearchIamMembers(ctx context.Context, request *iam_model.IamMemberSearchRequest) (*iam_model.IamMemberSearchResponse, error)
|
||||
AddIamMember(ctx context.Context, member *iam_model.IamMember) (*iam_model.IamMember, error)
|
||||
ChangeIamMember(ctx context.Context, member *iam_model.IamMember) (*iam_model.IamMember, error)
|
||||
RemoveIamMember(ctx context.Context, userID string) error
|
||||
type IAMRepository interface {
|
||||
SearchIAMMembers(ctx context.Context, request *iam_model.IAMMemberSearchRequest) (*iam_model.IAMMemberSearchResponse, error)
|
||||
AddIAMMember(ctx context.Context, member *iam_model.IAMMember) (*iam_model.IAMMember, error)
|
||||
ChangeIAMMember(ctx context.Context, member *iam_model.IAMMember) (*iam_model.IAMMember, error)
|
||||
RemoveIAMMember(ctx context.Context, userID string) error
|
||||
|
||||
GetIamMemberRoles() []string
|
||||
GetIAMMemberRoles() []string
|
||||
|
||||
SearchIDPConfigs(ctx context.Context, request *iam_model.IDPConfigSearchRequest) (*iam_model.IDPConfigSearchResponse, error)
|
||||
IDPConfigByID(ctx context.Context, id string) (*iam_model.IDPConfigView, error)
|
||||
AddOIDCIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error)
|
||||
ChangeIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error)
|
||||
DeactivateIDPConfig(ctx context.Context, idpConfigID string) (*iam_model.IDPConfig, error)
|
||||
ReactivateIDPConfig(ctx context.Context, idpConfigID string) (*iam_model.IDPConfig, error)
|
||||
RemoveIDPConfig(ctx context.Context, idpConfigID string) error
|
||||
ChangeOidcIDPConfig(ctx context.Context, oidcConfig *iam_model.OIDCIDPConfig) (*iam_model.OIDCIDPConfig, error)
|
||||
|
||||
GetDefaultLoginPolicy(ctx context.Context) (*iam_model.LoginPolicyView, error)
|
||||
AddDefaultLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error)
|
||||
ChangeDefaultLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error)
|
||||
SearchDefaultIDPProviders(ctx context.Context, request *iam_model.IDPProviderSearchRequest) (*iam_model.IDPProviderSearchResponse, error)
|
||||
AddIDPProviderToLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) (*iam_model.IDPProvider, error)
|
||||
RemoveIDPProviderFromLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) error
|
||||
}
|
||||
|
||||
@@ -13,8 +13,8 @@ type OrgRepository interface {
|
||||
OrgByID(ctx context.Context, id string) (*org_model.Org, error)
|
||||
SearchOrgs(ctx context.Context, query *org_model.OrgSearchRequest) (*org_model.OrgSearchResult, error)
|
||||
|
||||
GetOrgIamPolicyByID(ctx context.Context, id string) (*org_model.OrgIamPolicy, error)
|
||||
CreateOrgIamPolicy(ctx context.Context, policy *org_model.OrgIamPolicy) (*org_model.OrgIamPolicy, error)
|
||||
ChangeOrgIamPolicy(ctx context.Context, policy *org_model.OrgIamPolicy) (*org_model.OrgIamPolicy, error)
|
||||
GetOrgIamPolicyByID(ctx context.Context, id string) (*org_model.OrgIAMPolicy, error)
|
||||
CreateOrgIamPolicy(ctx context.Context, policy *org_model.OrgIAMPolicy) (*org_model.OrgIAMPolicy, error)
|
||||
ChangeOrgIamPolicy(ctx context.Context, policy *org_model.OrgIAMPolicy) (*org_model.OrgIAMPolicy, error)
|
||||
RemoveOrgIamPolicy(ctx context.Context, id string) error
|
||||
}
|
||||
|
||||
@@ -5,6 +5,6 @@ import "context"
|
||||
type Repository interface {
|
||||
Health(ctx context.Context) error
|
||||
OrgRepository
|
||||
IamRepository
|
||||
IAMRepository
|
||||
AdministratorRepository
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user