feat: idp and login policy configurations (#619)

* feat: oidc config * fix: oidc configurations * feat: oidc idp config * feat: add oidc config test * fix: tests * fix: tests * feat: translate new events * feat: idp eventstore * feat: idp eventstore * fix: tests * feat: command side idp * feat: query side idp * feat: idp config on org * fix: tests * feat: authz idp on org * feat: org idps * feat: login policy * feat: login policy * feat: login policy * feat: add idp func on login policy * feat: add validation to loginpolicy and idp provider * feat: add default login policy * feat: login policy on org * feat: login policy on org * fix: id config handlers * fix: id config handlers * fix: create idp on org * fix: create idp on org * fix: not existing idp config * fix: default login policy * fix: add login policy on org * fix: idp provider search on org * fix: test * fix: remove idp on org * fix: test * fix: test * fix: remove admin idp * fix: logo src as byte * fix: migration * fix: tests * Update internal/iam/repository/eventsourcing/iam.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/iam_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/iam_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/org/repository/eventsourcing/org_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix: pr comments * fix: tests * Update types.go * fix: merge request changes * fix: reduce optimization Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2025-08-12 04:07:31 +00:00 · 2020-08-26 09:56:23 +02:00
parent f05c5bae24
commit db1d8f4efe
157 changed files with 37510 additions and 15698 deletions
--- a/internal/authz/repository/eventsourcing/eventstore/iam.go
+++ b/internal/authz/repository/eventsourcing/eventstore/iam.go
@@ -7,14 +7,14 @@ import (
 )

 type IamRepo struct {
-	IamID     string
-	IamEvents *iam_event.IamEventstore
+	IAMID     string
+	IAMEvents *iam_event.IAMEventstore
 }

 func (repo *IamRepo) Health(ctx context.Context) error {
-	return repo.IamEvents.Health(ctx)
+	return repo.IAMEvents.Health(ctx)
 }

-func (repo *IamRepo) IamByID(ctx context.Context) (*model.Iam, error) {
-	return repo.IamEvents.IamByID(ctx, repo.IamID)
+func (repo *IamRepo) IamByID(ctx context.Context) (*model.IAM, error) {
+	return repo.IAMEvents.IAMByID(ctx, repo.IAMID)
 }
--- a/internal/authz/repository/eventsourcing/eventstore/token_verifier.go
+++ b/internal/authz/repository/eventsourcing/eventstore/token_verifier.go
@@ -13,8 +13,8 @@ import (

 type TokenVerifierRepo struct {
 	TokenVerificationKey [32]byte
-	IamID                string
-	IamEvents            *iam_event.IamEventstore
+	IAMID                string
+	IAMEvents            *iam_event.IAMEventstore
 	ProjectEvents        *proj_event.ProjectEventstore
 	View                 *view.View
 }
@@ -55,11 +55,11 @@ func (repo *TokenVerifierRepo) ExistsOrg(ctx context.Context, orgID string) erro
 }

 func (repo *TokenVerifierRepo) VerifierClientID(ctx context.Context, appName string) (string, error) {
-	iam, err := repo.IamEvents.IamByID(ctx, repo.IamID)
+	iam, err := repo.IAMEvents.IAMByID(ctx, repo.IAMID)
 	if err != nil {
 		return "", err
 	}
-	app, err := repo.View.ApplicationByProjecIDAndAppName(iam.IamProjectID, appName)
+	app, err := repo.View.ApplicationByProjecIDAndAppName(iam.IAMProjectID, appName)
 	if err != nil {
 		return "", err
 	}
--- a/internal/authz/repository/eventsourcing/eventstore/user_grant.go
+++ b/internal/authz/repository/eventsourcing/eventstore/user_grant.go
@@ -16,7 +16,7 @@ type UserGrantRepo struct {
 	IamID        string
 	IamProjectID string
 	Auth         authz.Config
-	IamEvents    *iam_event.IamEventstore
+	IamEvents    *iam_event.IAMEventstore
 }

 func (repo *UserGrantRepo) Health() error {
@@ -67,14 +67,14 @@ func (repo *UserGrantRepo) FillIamProjectID(ctx context.Context) error {
 	if repo.IamProjectID != "" {
 		return nil
 	}
-	iam, err := repo.IamEvents.IamByID(ctx, repo.IamID)
+	iam, err := repo.IamEvents.IAMByID(ctx, repo.IamID)
 	if err != nil {
 		return err
 	}
 	if !iam.SetUpDone {
 		return caos_errs.ThrowPreconditionFailed(nil, "EVENT-skiwS", "Setup not done")
 	}
-	repo.IamProjectID = iam.IamProjectID
+	repo.IamProjectID = iam.IAMProjectID
 	return nil
 }

--- a/internal/authz/repository/eventsourcing/handler/handler.go
+++ b/internal/authz/repository/eventsourcing/handler/handler.go
@@ -26,7 +26,7 @@ type handler struct {
 }

 type EventstoreRepos struct {
-	IamEvents *iam_events.IamEventstore
+	IamEvents *iam_events.IAMEventstore
 }

 func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, eventstore eventstore.Eventstore, repos EventstoreRepos, systemDefaults sd.SystemDefaults) []query.Handler {
--- a/internal/authz/repository/eventsourcing/handler/user_grant.go
+++ b/internal/authz/repository/eventsourcing/handler/user_grant.go
@@ -22,7 +22,7 @@ import (
 type UserGrant struct {
 	handler
 	eventstore   eventstore.Eventstore
-	iamEvents    *iam_events.IamEventstore
+	iamEvents    *iam_events.IAMEventstore
 	iamID        string
 	iamProjectID string
 }
@@ -47,7 +47,7 @@ func (u *UserGrant) EventQuery() (*models.SearchQuery, error) {
 		return nil, err
 	}
 	return es_models.NewSearchQuery().
-		AggregateTypeFilter(iam_es_model.IamAggregate, org_es_model.OrgAggregate, proj_es_model.ProjectAggregate).
+		AggregateTypeFilter(iam_es_model.IAMAggregate, org_es_model.OrgAggregate, proj_es_model.ProjectAggregate).
 		LatestSequenceFilter(sequence.CurrentSequence), nil
 }

@@ -55,7 +55,7 @@ func (u *UserGrant) Reduce(event *models.Event) (err error) {
 	switch event.AggregateType {
 	case proj_es_model.ProjectAggregate:
 		err = u.processProject(event)
-	case iam_es_model.IamAggregate:
+	case iam_es_model.IAMAggregate:
 		err = u.processIamMember(event, "IAM", false)
 	case org_es_model.OrgAggregate:
 		return u.processOrg(event)
@@ -92,10 +92,10 @@ func (u *UserGrant) processOrg(event *models.Event) (err error) {
 }

 func (u *UserGrant) processIamMember(event *models.Event, rolePrefix string, suffix bool) error {
-	member := new(iam_es_model.IamMember)
+	member := new(iam_es_model.IAMMember)

 	switch event.Type {
-	case iam_es_model.IamMemberAdded, iam_es_model.IamMemberChanged:
+	case iam_es_model.IAMMemberAdded, iam_es_model.IAMMemberChanged:
 		member.SetData(event)

 		grant, err := u.view.UserGrantByIDs(u.iamID, u.iamProjectID, member.UserID)
@@ -126,7 +126,7 @@ func (u *UserGrant) processIamMember(event *models.Event, rolePrefix string, suf
 		grant.Sequence = event.Sequence
 		grant.ChangeDate = event.CreationDate
 		return u.view.PutUserGrant(grant, grant.Sequence)
-	case iam_es_model.IamMemberRemoved:
+	case iam_es_model.IAMMemberRemoved:
 		member.SetData(event)
 		grant, err := u.view.UserGrantByIDs(u.iamID, u.iamProjectID, member.UserID)
 		if err != nil {
@@ -210,14 +210,14 @@ func (u *UserGrant) setIamProjectID() error {
 	if u.iamProjectID != "" {
 		return nil
 	}
-	iam, err := u.iamEvents.IamByID(context.Background(), u.iamID)
+	iam, err := u.iamEvents.IAMByID(context.Background(), u.iamID)
 	if err != nil {
 		return err
 	}
 	if !iam.SetUpDone {
 		return caos_errs.ThrowPreconditionFailed(nil, "HANDL-s5DTs", "Setup not done")
 	}
-	u.iamProjectID = iam.IamProjectID
+	u.iamProjectID = iam.IAMProjectID
 	return nil
 }

--- a/internal/authz/repository/eventsourcing/repository.go
+++ b/internal/authz/repository/eventsourcing/repository.go
@@ -51,7 +51,7 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults) (*
 		return nil, err
 	}

-	iam, err := es_iam.StartIam(es_iam.IamConfig{
+	iam, err := es_iam.StartIAM(es_iam.IAMConfig{
 		Eventstore: es,
 		Cache:      conf.Eventstore.Cache,
 	}, systemDefaults)
@@ -77,13 +77,13 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults) (*
 			IamEvents: iam,
 		},
 		eventstore.IamRepo{
-			IamID:     systemDefaults.IamID,
-			IamEvents: iam,
+			IAMID:     systemDefaults.IamID,
+			IAMEvents: iam,
 		},
 		eventstore.TokenVerifierRepo{
 			//TODO: Add Token Verification Key
-			IamID:         systemDefaults.IamID,
-			IamEvents:     iam,
+			IAMID:         systemDefaults.IamID,
+			IAMEvents:     iam,
 			ProjectEvents: project,
 			View:          view,
 		},
--- a/internal/authz/repository/iam.go
+++ b/internal/authz/repository/iam.go
@@ -5,7 +5,7 @@ import (
 	"github.com/caos/zitadel/internal/iam/model"
 )

-type IamRepository interface {
+type IAMRepository interface {
 	Health(ctx context.Context) error
-	IamByID(ctx context.Context, id string) (*model.Iam, error)
+	IAMByID(ctx context.Context, id string) (*model.IAM, error)
 }
--- a/internal/authz/repository/repository.go
+++ b/internal/authz/repository/repository.go
@@ -7,5 +7,5 @@ import (
 type Repository interface {
 	Health(context.Context) error
 	UserGrantRepository
-	IamRepository
+	IAMRepository
 }