mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 01:47:33 +00:00
feat: idp and login policy configurations (#619)
* feat: oidc config * fix: oidc configurations * feat: oidc idp config * feat: add oidc config test * fix: tests * fix: tests * feat: translate new events * feat: idp eventstore * feat: idp eventstore * fix: tests * feat: command side idp * feat: query side idp * feat: idp config on org * fix: tests * feat: authz idp on org * feat: org idps * feat: login policy * feat: login policy * feat: login policy * feat: add idp func on login policy * feat: add validation to loginpolicy and idp provider * feat: add default login policy * feat: login policy on org * feat: login policy on org * fix: id config handlers * fix: id config handlers * fix: create idp on org * fix: create idp on org * fix: not existing idp config * fix: default login policy * fix: add login policy on org * fix: idp provider search on org * fix: test * fix: remove idp on org * fix: test * fix: test * fix: remove admin idp * fix: logo src as byte * fix: migration * fix: tests * Update internal/iam/repository/eventsourcing/iam.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/iam_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/iam_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/org/repository/eventsourcing/org_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix: pr comments * fix: tests * Update types.go * fix: merge request changes * fix: reduce optimization Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com>
This commit is contained in:
Fabi
@@ -6,11 +6,11 @@ import (
|
||||
iam_event "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
|
||||
)
|
||||
|
||||
type IamRepository struct {
|
||||
IamID string
|
||||
IamEvents *iam_event.IamEventstore
|
||||
type IAMRepository struct {
|
||||
IAMID string
|
||||
IAMEvents *iam_event.IAMEventstore
|
||||
}
|
||||
|
||||
func (repo *IamRepository) GetIam(ctx context.Context) (*model.Iam, error) {
|
||||
return repo.IamEvents.IamByID(ctx, repo.IamID)
|
||||
func (repo *IAMRepository) GetIAM(ctx context.Context) (*model.IAM, error) {
|
||||
return repo.IAMEvents.IAMByID(ctx, repo.IAMID)
|
||||
}
|
||||
|
||||
@@ -56,7 +56,7 @@ func (repo *OrgRepository) RegisterOrg(ctx context.Context, register *auth_model
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
orgPolicy, err := repo.OrgEventstore.GetOrgIamPolicy(ctx, policy_model.DefaultPolicy)
|
||||
orgPolicy, err := repo.OrgEventstore.GetOrgIAMPolicy(ctx, policy_model.DefaultPolicy)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -94,6 +94,6 @@ func (repo *OrgRepository) RegisterOrg(ctx context.Context, register *auth_model
|
||||
return RegisterToModel(registerModel), nil
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) GetOrgIamPolicy(ctx context.Context, orgID string) (*org_model.OrgIamPolicy, error) {
|
||||
return repo.OrgEventstore.GetOrgIamPolicy(ctx, policy_model.DefaultPolicy)
|
||||
func (repo *OrgRepository) GetOrgIamPolicy(ctx context.Context, orgID string) (*org_model.OrgIAMPolicy, error) {
|
||||
return repo.OrgEventstore.GetOrgIAMPolicy(ctx, policy_model.DefaultPolicy)
|
||||
}
|
||||
|
||||
@@ -41,7 +41,7 @@ func (repo *UserRepo) Register(ctx context.Context, registerUser *model.User, or
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
orgPolicy, err := repo.OrgEvents.GetOrgIamPolicy(ctx, policyResourceOwner)
|
||||
orgPolicy, err := repo.OrgEvents.GetOrgIAMPolicy(ctx, policyResourceOwner)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -32,7 +32,7 @@ type EventstoreRepos struct {
|
||||
UserEvents *usr_event.UserEventstore
|
||||
ProjectEvents *proj_event.ProjectEventstore
|
||||
OrgEvents *org_events.OrgEventstore
|
||||
IamEvents *iam_events.IamEventstore
|
||||
IamEvents *iam_events.IAMEventstore
|
||||
}
|
||||
|
||||
func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, eventstore eventstore.Eventstore, repos EventstoreRepos, systemDefaults sd.SystemDefaults) []query.Handler {
|
||||
|
||||
@@ -109,7 +109,7 @@ func (u *User) fillLoginNames(user *view_model.UserView) (err error) {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
policy, err := u.orgEvents.GetOrgIamPolicy(context.Background(), user.ResourceOwner)
|
||||
policy, err := u.orgEvents.GetOrgIAMPolicy(context.Background(), user.ResourceOwner)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -122,9 +122,9 @@ func (u *User) ProcessOrg(event *models.Event) (err error) {
|
||||
switch event.Type {
|
||||
case org_es_model.OrgDomainVerified,
|
||||
org_es_model.OrgDomainRemoved,
|
||||
org_es_model.OrgIamPolicyAdded,
|
||||
org_es_model.OrgIamPolicyChanged,
|
||||
org_es_model.OrgIamPolicyRemoved:
|
||||
org_es_model.OrgIAMPolicyAdded,
|
||||
org_es_model.OrgIAMPolicyChanged,
|
||||
org_es_model.OrgIAMPolicyRemoved:
|
||||
return u.fillLoginNamesOnOrgUsers(event)
|
||||
case org_es_model.OrgDomainPrimarySet:
|
||||
return u.fillPreferredLoginNamesOnOrgUsers(event)
|
||||
@@ -138,7 +138,7 @@ func (u *User) fillLoginNamesOnOrgUsers(event *models.Event) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
policy, err := u.orgEvents.GetOrgIamPolicy(context.Background(), event.ResourceOwner)
|
||||
policy, err := u.orgEvents.GetOrgIAMPolicy(context.Background(), event.ResourceOwner)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -161,7 +161,7 @@ func (u *User) fillPreferredLoginNamesOnOrgUsers(event *models.Event) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
policy, err := u.orgEvents.GetOrgIamPolicy(context.Background(), event.ResourceOwner)
|
||||
policy, err := u.orgEvents.GetOrgIAMPolicy(context.Background(), event.ResourceOwner)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -33,7 +33,7 @@ type UserGrant struct {
|
||||
projectEvents *proj_event.ProjectEventstore
|
||||
userEvents *usr_events.UserEventstore
|
||||
orgEvents *org_events.OrgEventstore
|
||||
iamEvents *iam_events.IamEventstore
|
||||
iamEvents *iam_events.IAMEventstore
|
||||
iamID string
|
||||
iamProjectID string
|
||||
}
|
||||
@@ -58,7 +58,7 @@ func (u *UserGrant) EventQuery() (*models.SearchQuery, error) {
|
||||
return nil, err
|
||||
}
|
||||
return es_models.NewSearchQuery().
|
||||
AggregateTypeFilter(grant_es_model.UserGrantAggregate, iam_es_model.IamAggregate, org_es_model.OrgAggregate, usr_es_model.UserAggregate, proj_es_model.ProjectAggregate).
|
||||
AggregateTypeFilter(grant_es_model.UserGrantAggregate, iam_es_model.IAMAggregate, org_es_model.OrgAggregate, usr_es_model.UserAggregate, proj_es_model.ProjectAggregate).
|
||||
LatestSequenceFilter(sequence.CurrentSequence), nil
|
||||
}
|
||||
|
||||
@@ -70,7 +70,7 @@ func (u *UserGrant) Reduce(event *models.Event) (err error) {
|
||||
err = u.processUser(event)
|
||||
case proj_es_model.ProjectAggregate:
|
||||
err = u.processProject(event)
|
||||
case iam_es_model.IamAggregate:
|
||||
case iam_es_model.IAMAggregate:
|
||||
err = u.processIamMember(event, "IAM", false)
|
||||
case org_es_model.OrgAggregate:
|
||||
return u.processOrg(event)
|
||||
@@ -176,10 +176,10 @@ func (u *UserGrant) processOrg(event *models.Event) (err error) {
|
||||
}
|
||||
|
||||
func (u *UserGrant) processIamMember(event *models.Event, rolePrefix string, suffix bool) error {
|
||||
member := new(iam_es_model.IamMember)
|
||||
member := new(iam_es_model.IAMMember)
|
||||
|
||||
switch event.Type {
|
||||
case iam_es_model.IamMemberAdded, iam_es_model.IamMemberChanged:
|
||||
case iam_es_model.IAMMemberAdded, iam_es_model.IAMMemberChanged:
|
||||
member.SetData(event)
|
||||
|
||||
grant, err := u.view.UserGrantByIDs(u.iamID, u.iamProjectID, member.UserID)
|
||||
@@ -210,7 +210,7 @@ func (u *UserGrant) processIamMember(event *models.Event, rolePrefix string, suf
|
||||
grant.Sequence = event.Sequence
|
||||
grant.ChangeDate = event.CreationDate
|
||||
return u.view.PutUserGrant(grant, grant.Sequence)
|
||||
case iam_es_model.IamMemberRemoved:
|
||||
case iam_es_model.IAMMemberRemoved:
|
||||
member.SetData(event)
|
||||
grant, err := u.view.UserGrantByIDs(u.iamID, u.iamProjectID, member.UserID)
|
||||
if err != nil {
|
||||
@@ -295,14 +295,14 @@ func (u *UserGrant) setIamProjectID() error {
|
||||
if u.iamProjectID != "" {
|
||||
return nil
|
||||
}
|
||||
iam, err := u.iamEvents.IamByID(context.Background(), u.iamID)
|
||||
iam, err := u.iamEvents.IAMByID(context.Background(), u.iamID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if !iam.SetUpDone {
|
||||
return caos_errs.ThrowPreconditionFailed(nil, "HANDL-s5DTs", "Setup not done")
|
||||
}
|
||||
u.iamProjectID = iam.IamProjectID
|
||||
u.iamProjectID = iam.IAMProjectID
|
||||
return nil
|
||||
}
|
||||
|
||||
|
||||
@@ -44,7 +44,7 @@ type EsRepository struct {
|
||||
eventstore.UserSessionRepo
|
||||
eventstore.UserGrantRepo
|
||||
eventstore.OrgRepository
|
||||
eventstore.IamRepository
|
||||
eventstore.IAMRepository
|
||||
eventstore.PolicyRepo
|
||||
}
|
||||
|
||||
@@ -109,8 +109,8 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults, au
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
iam, err := es_iam.StartIam(
|
||||
es_iam.IamConfig{
|
||||
iam, err := es_iam.StartIAM(
|
||||
es_iam.IAMConfig{
|
||||
Eventstore: es,
|
||||
Cache: conf.Eventstore.Cache,
|
||||
},
|
||||
@@ -174,9 +174,9 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults, au
|
||||
PolicyEventstore: policy,
|
||||
UserEventstore: user,
|
||||
},
|
||||
eventstore.IamRepository{
|
||||
IamEvents: iam,
|
||||
IamID: systemDefaults.IamID,
|
||||
eventstore.IAMRepository{
|
||||
IAMEvents: iam,
|
||||
IAMID: systemDefaults.IamID,
|
||||
},
|
||||
eventstore.PolicyRepo{
|
||||
PolicyEvents: policy,
|
||||
|
||||
@@ -6,6 +6,6 @@ import (
|
||||
"github.com/caos/zitadel/internal/iam/model"
|
||||
)
|
||||
|
||||
type IamRepository interface {
|
||||
GetIam(ctx context.Context) (*model.Iam, error)
|
||||
type IAMRepository interface {
|
||||
GetIAM(ctx context.Context) (*model.IAM, error)
|
||||
}
|
||||
|
||||
@@ -8,5 +8,5 @@ import (
|
||||
|
||||
type OrgRepository interface {
|
||||
RegisterOrg(context.Context, *auth_model.RegisterOrg) (*auth_model.RegisterOrg, error)
|
||||
GetOrgIamPolicy(ctx context.Context, orgID string) (*org_model.OrgIamPolicy, error)
|
||||
GetOrgIamPolicy(ctx context.Context, orgID string) (*org_model.OrgIAMPolicy, error)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user