TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 19:17:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: idp and login policy configurations (#619)

Browse Source 
* feat: oidc config

* fix: oidc configurations

* feat: oidc idp config

* feat: add oidc config test

* fix: tests

* fix: tests

* feat: translate new events

* feat: idp eventstore

* feat: idp eventstore

* fix: tests

* feat: command side idp

* feat: query side idp

* feat: idp config on org

* fix: tests

* feat: authz idp on org

* feat: org idps

* feat: login policy

* feat: login policy

* feat: login policy

* feat: add idp func on login policy

* feat: add validation to loginpolicy and idp provider

* feat: add default login policy

* feat: login policy on org

* feat: login policy on org

* fix: id config handlers

* fix: id config handlers

* fix: create idp on org

* fix: create idp on org

* fix: not existing idp config

* fix: default login policy

* fix: add login policy on org

* fix: idp provider search on org

* fix: test

* fix: remove idp on org

* fix: test

* fix: test

* fix: remove admin idp

* fix: logo src as byte

* fix: migration

* fix: tests

* Update internal/iam/repository/eventsourcing/iam.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/iam_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/iam_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/model/login_policy.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/model/login_policy.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/org/repository/eventsourcing/org_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/model/login_policy_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/model/login_policy_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* fix: pr comments

* fix: tests

* Update types.go

* fix: merge request changes

* fix: reduce optimization

Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
This commit is contained in:
Fabi
2020-08-26 09:56:23 +02:00
committed by GitHub
parent f05c5bae24
commit db1d8f4efe
157 changed files with 37510 additions and 15698 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
internal/iam/model/iam.go
View File

@@ -4,16 +4,18 @@ import (
es_models "github.com/caos/zitadel/internal/eventstore/models"
)
type Iam struct {
type IAM struct {
es_models.ObjectRoot
GlobalOrgID string
IamProjectID string
SetUpDone bool
SetUpStarted bool
Members []*IamMember
GlobalOrgID string
IAMProjectID string
SetUpDone bool
SetUpStarted bool
Members []*IAMMember
IDPs []*IDPConfig
DefaultLoginPolicy *LoginPolicy
}
func (iam *Iam) GetMember(userID string) (int, *IamMember) {
func (iam *IAM) GetMember(userID string) (int, *IAMMember) {
for i, m := range iam.Members {
if m.UserID == userID {
return i, m
@@ -21,3 +23,12 @@ func (iam *Iam) GetMember(userID string) (int, *IamMember) {
}
return -1, nil
}
func (iam *IAM) GetIDP(idpID string) (int, *IDPConfig) {
for i, idp := range iam.IDPs {
if idp.IDPConfigID == idpID {
return i, idp
}
}
return -1, nil
}

8
internal/iam/model/iam_member.go
View File

@@ -2,17 +2,17 @@ package model
import es_models "github.com/caos/zitadel/internal/eventstore/models"
type IamMember struct {
type IAMMember struct {
es_models.ObjectRoot
UserID string
Roles []string
}
func NewIamMember(iamID, userID string) *IamMember {
return &IamMember{ObjectRoot: es_models.ObjectRoot{AggregateID: iamID}, UserID: userID}
func NewIAMMember(iamID, userID string) *IAMMember {
return &IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: iamID}, UserID: userID}
}
func (i *IamMember) IsValid() bool {
func (i *IAMMember) IsValid() bool {
return i.AggregateID != "" && i.UserID != "" && len(i.Roles) != 0
}

36
internal/iam/model/iam_member_view.go
View File

@@ -5,9 +5,9 @@ import (
"time"
)
type IamMemberView struct {
type IAMMemberView struct {
UserID string
IamID string
IAMID string
UserName string
Email string
FirstName string
@@ -19,42 +19,42 @@ type IamMemberView struct {
Sequence uint64
}
type IamMemberSearchRequest struct {
type IAMMemberSearchRequest struct {
Offset uint64
Limit uint64
SortingColumn IamMemberSearchKey
SortingColumn IAMMemberSearchKey
Asc bool
Queries []*IamMemberSearchQuery
Queries []*IAMMemberSearchQuery
}
type IamMemberSearchKey int32
type IAMMemberSearchKey int32
const (
IamMemberSearchKeyUnspecified IamMemberSearchKey = iota
IamMemberSearchKeyUserName
IamMemberSearchKeyEmail
IamMemberSearchKeyFirstName
IamMemberSearchKeyLastName
IamMemberSearchKeyIamID
IamMemberSearchKeyUserID
IAMMemberSearchKeyUnspecified IAMMemberSearchKey = iota
IAMMemberSearchKeyUserName
IAMMemberSearchKeyEmail
IAMMemberSearchKeyFirstName
IAMMemberSearchKeyLastName
IAMMemberSearchKeyIamID
IAMMemberSearchKeyUserID
)
type IamMemberSearchQuery struct {
Key IamMemberSearchKey
type IAMMemberSearchQuery struct {
Key IAMMemberSearchKey
Method model.SearchMethod
Value interface{}
}
type IamMemberSearchResponse struct {
type IAMMemberSearchResponse struct {
Offset uint64
Limit uint64
TotalResult uint64
Result []*IamMemberView
Result []*IAMMemberView
Sequence uint64
Timestamp time.Time
}
func (r *IamMemberSearchRequest) EnsureLimit(limit uint64) {
func (r *IAMMemberSearchRequest) EnsureLimit(limit uint64) {
if r.Limit == 0 || r.Limit > limit {
r.Limit = limit
}

74
internal/iam/model/idp_config.go Normal file
View File

@@ -0,0 +1,74 @@
package model
import (
"github.com/caos/zitadel/internal/crypto"
es_models "github.com/caos/zitadel/internal/eventstore/models"
)
type IDPConfig struct {
es_models.ObjectRoot
IDPConfigID string
Type IdpConfigType
Name string
LogoSrc []byte
State IDPConfigState
OIDCConfig *OIDCIDPConfig
}
type OIDCIDPConfig struct {
es_models.ObjectRoot
IDPConfigID string
ClientID string
ClientSecret *crypto.CryptoValue
ClientSecretString string
Issuer string
Scopes []string
}
type IdpConfigType int32
const (
IDPConfigTypeOIDC IdpConfigType = iota
IDPConfigTypeSAML
)
type IDPConfigState int32
const (
IDPConfigStateActive IDPConfigState = iota
IDPConfigStateInactive
IDPConfigStateRemoved
)
func NewIDPConfig(iamID, idpID string) *IDPConfig {
return &IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: iamID}, IDPConfigID: idpID}
}
func (idp *IDPConfig) IsValid(includeConfig bool) bool {
if idp.Name == "" || idp.AggregateID == "" {
return false
}
if !includeConfig {
return true
}
if idp.Type == IDPConfigTypeOIDC && !idp.OIDCConfig.IsValid(true) {
return false
}
return true
}
func (oi *OIDCIDPConfig) IsValid(withSecret bool) bool {
if withSecret {
return oi.ClientID != "" && oi.Issuer != "" && oi.ClientSecretString != ""
}
return oi.ClientID != "" && oi.Issuer != ""
}
func (oi *OIDCIDPConfig) CryptSecret(crypt crypto.Crypto) error {
cryptedSecret, err := crypto.Crypt([]byte(oi.ClientSecretString), crypt)
if err != nil {
return err
}
oi.ClientSecret = cryptedSecret
return nil
}

68
internal/iam/model/idp_config_view.go Normal file
View File

@@ -0,0 +1,68 @@
package model
import (
"github.com/caos/zitadel/internal/crypto"
"github.com/caos/zitadel/internal/model"
"time"
)
type IDPConfigView struct {
AggregateID string
IDPConfigID string
Name string
LogoSrc []byte
State IDPConfigState
CreationDate time.Time
ChangeDate time.Time
Sequence uint64
IDPProviderType IDPProviderType
IsOIDC bool
OIDCClientID string
OIDCClientSecret *crypto.CryptoValue
OIDCIssuer string
OIDCScopes []string
}
type IDPConfigSearchRequest struct {
Offset uint64
Limit uint64
SortingColumn IDPConfigSearchKey
Asc bool
Queries []*IDPConfigSearchQuery
}
type IDPConfigSearchKey int32
const (
IDPConfigSearchKeyUnspecified IDPConfigSearchKey = iota
IDPConfigSearchKeyName
IDPConfigSearchKeyAggregateID
IDPConfigSearchKeyIdpConfigID
IDPConfigSearchKeyIdpProviderType
)
type IDPConfigSearchQuery struct {
Key IDPConfigSearchKey
Method model.SearchMethod
Value interface{}
}
type IDPConfigSearchResponse struct {
Offset uint64
Limit uint64
TotalResult uint64
Result []*IDPConfigView
Sequence uint64
Timestamp time.Time
}
func (r *IDPConfigSearchRequest) EnsureLimit(limit uint64) {
if r.Limit == 0 || r.Limit > limit {
r.Limit = limit
}
}
func (r *IDPConfigSearchRequest) AppendMyOrgQuery(orgID, iamID string) {
r.Queries = append(r.Queries, &IDPConfigSearchQuery{Key: IDPConfigSearchKeyAggregateID, Method: model.SearchMethodIsOneOf, Value: []string{orgID, iamID}})
}

59
internal/iam/model/idp_provider_view.go Normal file
View File

@@ -0,0 +1,59 @@
package model
import (
"github.com/caos/zitadel/internal/model"
"time"
)
type IDPProviderView struct {
AggregateID string
IDPConfigID string
IDPProviderType IDPProviderType
Name string
IDPConfigType IdpConfigType
CreationDate time.Time
ChangeDate time.Time
Sequence uint64
}
type IDPProviderSearchRequest struct {
Offset uint64
Limit uint64
SortingColumn IDPProviderSearchKey
Asc bool
Queries []*IDPProviderSearchQuery
}
type IDPProviderSearchKey int32
const (
IDPProviderSearchKeyUnspecified IDPProviderSearchKey = iota
IDPProviderSearchKeyAggregateID
IDPProviderSearchKeyIdpConfigID
)
type IDPProviderSearchQuery struct {
Key IDPProviderSearchKey
Method model.SearchMethod
Value interface{}
}
type IDPProviderSearchResponse struct {
Offset uint64
Limit uint64
TotalResult uint64
Result []*IDPProviderView
Sequence uint64
Timestamp time.Time
}
func (r *IDPProviderSearchRequest) EnsureLimit(limit uint64) {
if r.Limit == 0 || r.Limit > limit {
r.Limit = limit
}
}
func (r *IDPProviderSearchRequest) AppendAggregateIDQuery(aggregateID string) {
r.Queries = append(r.Queries, &IDPProviderSearchQuery{Key: IDPProviderSearchKeyAggregateID, Method: model.SearchMethodEquals, Value: aggregateID})
}

53
internal/iam/model/login_policy.go Normal file
View File

@@ -0,0 +1,53 @@
package model
import (
"github.com/caos/zitadel/internal/eventstore/models"
)
type LoginPolicy struct {
models.ObjectRoot
State PolicyState
Default bool
AllowUsernamePassword bool
AllowRegister bool
AllowExternalIdp bool
IDPProviders []*IDPProvider
}
type IDPProvider struct {
models.ObjectRoot
Type IDPProviderType
IdpConfigID string
}
type PolicyState int32
const (
PolicyStateActive PolicyState = iota
PolicyStateRemoved
)
type IDPProviderType int32
const (
IDPProviderTypeSystem IDPProviderType = iota
IDPProviderTypeOrg
)
func (p *LoginPolicy) IsValid() bool {
return p.ObjectRoot.AggregateID != ""
}
func (p *IDPProvider) IsValid() bool {
return p.ObjectRoot.AggregateID != "" && p.IdpConfigID != ""
}
func (p *LoginPolicy) GetIdpProvider(id string) (int, *IDPProvider) {
for i, m := range p.IDPProviders {
if m.IdpConfigID == id {
return i, m
}
}
return -1, nil
}

48
internal/iam/model/login_policy_view.go Normal file
View File

@@ -0,0 +1,48 @@
package model
import (
"github.com/caos/zitadel/internal/model"
"time"
)
type LoginPolicyView struct {
AggregateID string
AllowUsernamePassword bool
AllowRegister bool
AllowExternalIDP bool
Default bool
CreationDate time.Time
ChangeDate time.Time
Sequence uint64
}
type LoginPolicySearchRequest struct {
Offset uint64
Limit uint64
SortingColumn LoginPolicySearchKey
Asc bool
Queries []*LoginPolicySearchQuery
}
type LoginPolicySearchKey int32
const (
LoginPolicySearchKeyUnspecified LoginPolicySearchKey = iota
LoginPolicySearchKeyAggregateID
)
type LoginPolicySearchQuery struct {
Key LoginPolicySearchKey
Method model.SearchMethod
Value interface{}
}
type LoginPolicySearchResponse struct {
Offset uint64
Limit uint64
TotalResult uint64
Result []*LoginPolicyView
Sequence uint64
Timestamp time.Time
}

12
internal/iam/repository/eventsourcing/cache.go
View File

@@ -8,26 +8,26 @@ import (
"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
)
type IamCache struct {
type IAMCache struct {
iamCache cache.Cache
}
func StartCache(conf *config.CacheConfig) (*IamCache, error) {
func StartCache(conf *config.CacheConfig) (*IAMCache, error) {
iamCache, err := conf.Config.NewCache()
logging.Log("EVENT-9siew").OnError(err).Panic("unable to create iam cache")
return &IamCache{iamCache: iamCache}, nil
return &IAMCache{iamCache: iamCache}, nil
}
func (c *IamCache) getIam(ID string) *model.Iam {
user := &model.Iam{ObjectRoot: models.ObjectRoot{AggregateID: ID}}
func (c *IAMCache) getIAM(ID string) *model.IAM {
user := &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: ID}}
if err := c.iamCache.Get(ID, user); err != nil {
logging.Log("EVENT-slo9x").WithError(err).Debug("error in getting cache")
}
return user
}
func (c *IamCache) cacheIam(iam *model.Iam) {
func (c *IAMCache) cacheIAM(iam *model.IAM) {
err := c.iamCache.Set(iam.AggregateID, iam)
if err != nil {
logging.Log("EVENT-os03w").WithError(err).Debug("error in setting iam cache")

426
internal/iam/repository/eventsourcing/eventstore.go
View File

@@ -4,40 +4,50 @@ import (
"context"
"github.com/caos/zitadel/internal/cache/config"
sd "github.com/caos/zitadel/internal/config/systemdefaults"
"github.com/caos/zitadel/internal/crypto"
caos_errs "github.com/caos/zitadel/internal/errors"
es_int "github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/models"
es_sdk "github.com/caos/zitadel/internal/eventstore/sdk"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/id"
)
type IamEventstore struct {
type IAMEventstore struct {
es_int.Eventstore
iamCache *IamCache
iamCache *IAMCache
idGenerator id.Generator
secretCrypto crypto.Crypto
}
type IamConfig struct {
type IAMConfig struct {
es_int.Eventstore
Cache *config.CacheConfig
}
func StartIam(conf IamConfig, systemDefaults sd.SystemDefaults) (*IamEventstore, error) {
func StartIAM(conf IAMConfig, systemDefaults sd.SystemDefaults) (*IAMEventstore, error) {
iamCache, err := StartCache(conf.Cache)
if err != nil {
return nil, err
}
return &IamEventstore{
Eventstore: conf.Eventstore,
iamCache: iamCache,
aesCrypto, err := crypto.NewAESCrypto(systemDefaults.IDPConfigVerificationKey)
if err != nil {
return nil, err
}
return &IAMEventstore{
Eventstore: conf.Eventstore,
iamCache: iamCache,
idGenerator: id.SonyFlakeGenerator,
secretCrypto: aesCrypto,
}, nil
}
func (es *IamEventstore) IamByID(ctx context.Context, id string) (*iam_model.Iam, error) {
iam := es.iamCache.getIam(id)
func (es *IAMEventstore) IAMByID(ctx context.Context, id string) (*iam_model.IAM, error) {
iam := es.iamCache.getIAM(id)
query, err := IamByIDQuery(iam.AggregateID, iam.Sequence)
query, err := IAMByIDQuery(iam.AggregateID, iam.Sequence)
if err != nil {
return nil, err
}
@@ -45,12 +55,12 @@ func (es *IamEventstore) IamByID(ctx context.Context, id string) (*iam_model.Iam
if err != nil && caos_errs.IsNotFound(err) && iam.Sequence == 0 {
return nil, err
}
es.iamCache.cacheIam(iam)
return model.IamToModel(iam), nil
es.iamCache.cacheIAM(iam)
return model.IAMToModel(iam), nil
}
func (es *IamEventstore) StartSetup(ctx context.Context, iamID string) (*iam_model.Iam, error) {
iam, err := es.IamByID(ctx, iamID)
func (es *IAMEventstore) StartSetup(ctx context.Context, iamID string) (*iam_model.IAM, error) {
iam, err := es.IAMByID(ctx, iamID)
if err != nil && !caos_errs.IsNotFound(err) {
return nil, err
}
@@ -59,132 +69,420 @@ func (es *IamEventstore) StartSetup(ctx context.Context, iamID string) (*iam_mod
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-9so34", "Setup already started")
}
repoIam := &model.Iam{ObjectRoot: models.ObjectRoot{AggregateID: iamID}}
createAggregate := IamSetupStartedAggregate(es.AggregateCreator(), repoIam)
repoIam := &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: iamID}}
createAggregate := IAMSetupStartedAggregate(es.AggregateCreator(), repoIam)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, createAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIam(repoIam)
return model.IamToModel(repoIam), nil
es.iamCache.cacheIAM(repoIam)
return model.IAMToModel(repoIam), nil
}
func (es *IamEventstore) SetupDone(ctx context.Context, iamID string) (*iam_model.Iam, error) {
iam, err := es.IamByID(ctx, iamID)
func (es *IAMEventstore) SetupDone(ctx context.Context, iamID string) (*iam_model.IAM, error) {
iam, err := es.IAMByID(ctx, iamID)
if err != nil {
return nil, err
}
repoIam := model.IamFromModel(iam)
createAggregate := IamSetupDoneAggregate(es.AggregateCreator(), repoIam)
repoIam := model.IAMFromModel(iam)
createAggregate := IAMSetupDoneAggregate(es.AggregateCreator(), repoIam)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, createAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIam(repoIam)
return model.IamToModel(repoIam), nil
es.iamCache.cacheIAM(repoIam)
return model.IAMToModel(repoIam), nil
}
func (es *IamEventstore) SetGlobalOrg(ctx context.Context, iamID, globalOrg string) (*iam_model.Iam, error) {
iam, err := es.IamByID(ctx, iamID)
func (es *IAMEventstore) SetGlobalOrg(ctx context.Context, iamID, globalOrg string) (*iam_model.IAM, error) {
iam, err := es.IAMByID(ctx, iamID)
if err != nil {
return nil, err
}
repoIam := model.IamFromModel(iam)
createAggregate := IamSetGlobalOrgAggregate(es.AggregateCreator(), repoIam, globalOrg)
repoIam := model.IAMFromModel(iam)
createAggregate := IAMSetGlobalOrgAggregate(es.AggregateCreator(), repoIam, globalOrg)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, createAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIam(repoIam)
return model.IamToModel(repoIam), nil
es.iamCache.cacheIAM(repoIam)
return model.IAMToModel(repoIam), nil
}
func (es *IamEventstore) SetIamProject(ctx context.Context, iamID, iamProjectID string) (*iam_model.Iam, error) {
iam, err := es.IamByID(ctx, iamID)
func (es *IAMEventstore) SetIAMProject(ctx context.Context, iamID, iamProjectID string) (*iam_model.IAM, error) {
iam, err := es.IAMByID(ctx, iamID)
if err != nil {
return nil, err
}
repoIam := model.IamFromModel(iam)
createAggregate := IamSetIamProjectAggregate(es.AggregateCreator(), repoIam, iamProjectID)
repoIam := model.IAMFromModel(iam)
createAggregate := IAMSetIamProjectAggregate(es.AggregateCreator(), repoIam, iamProjectID)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, createAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIam(repoIam)
return model.IamToModel(repoIam), nil
es.iamCache.cacheIAM(repoIam)
return model.IAMToModel(repoIam), nil
}
func (es *IamEventstore) AddIamMember(ctx context.Context, member *iam_model.IamMember) (*iam_model.IamMember, error) {
func (es *IAMEventstore) AddIAMMember(ctx context.Context, member *iam_model.IAMMember) (*iam_model.IAMMember, error) {
if !member.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-89osr", "Errors.Iam.MemberInvalid")
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-89osr", "Errors.IAM.MemberInvalid")
}
existing, err := es.IamByID(ctx, member.AggregateID)
existing, err := es.IAMByID(ctx, member.AggregateID)
if err != nil {
return nil, err
}
if _, m := existing.GetMember(member.UserID); m != nil {
return nil, caos_errs.ThrowAlreadyExists(nil, "EVENT-idke6", "Errors.Iam.MemberAlreadyExisting")
return nil, caos_errs.ThrowAlreadyExists(nil, "EVENT-idke6", "Errors.IAM.MemberAlreadyExisting")
}
repoIam := model.IamFromModel(existing)
repoMember := model.IamMemberFromModel(member)
repoIam := model.IAMFromModel(existing)
repoMember := model.IAMMemberFromModel(member)
addAggregate := IamMemberAddedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoMember)
addAggregate := IAMMemberAddedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoMember)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, addAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIam(repoIam)
es.iamCache.cacheIAM(repoIam)
if _, m := model.GetIamMember(repoIam.Members, member.UserID); m != nil {
return model.IamMemberToModel(m), nil
if _, m := model.GetIAMMember(repoIam.Members, member.UserID); m != nil {
return model.IAMMemberToModel(m), nil
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-s90pw", "Errors.Internal")
}
func (es *IamEventstore) ChangeIamMember(ctx context.Context, member *iam_model.IamMember) (*iam_model.IamMember, error) {
func (es *IAMEventstore) ChangeIAMMember(ctx context.Context, member *iam_model.IAMMember) (*iam_model.IAMMember, error) {
if !member.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-s9ipe", "Errors.Iam.MemberInvalid")
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-s9ipe", "Errors.IAM.MemberInvalid")
}
existing, err := es.IamByID(ctx, member.AggregateID)
existing, err := es.IAMByID(ctx, member.AggregateID)
if err != nil {
return nil, err
}
if _, m := existing.GetMember(member.UserID); m == nil {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-s7ucs", "Errors.Iam.MemberNotExisting")
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-s7ucs", "Errors.IAM.MemberNotExisting")
}
repoIam := model.IamFromModel(existing)
repoMember := model.IamMemberFromModel(member)
repoIam := model.IAMFromModel(existing)
repoMember := model.IAMMemberFromModel(member)
projectAggregate := IamMemberChangedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoMember)
projectAggregate := IAMMemberChangedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoMember)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, projectAggregate)
es.iamCache.cacheIam(repoIam)
es.iamCache.cacheIAM(repoIam)
if _, m := model.GetIamMember(repoIam.Members, member.UserID); m != nil {
return model.IamMemberToModel(m), nil
if _, m := model.GetIAMMember(repoIam.Members, member.UserID); m != nil {
return model.IAMMemberToModel(m), nil
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-29cws", "Errors.Internal")
}
func (es *IamEventstore) RemoveIamMember(ctx context.Context, member *iam_model.IamMember) error {
func (es *IAMEventstore) RemoveIAMMember(ctx context.Context, member *iam_model.IAMMember) error {
if member.UserID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-0pors", "Errors.Iam.MemberInvalid")
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-0pors", "Errors.IAM.MemberInvalid")
}
existing, err := es.IamByID(ctx, member.AggregateID)
existing, err := es.IAMByID(ctx, member.AggregateID)
if err != nil {
return err
}
if _, m := existing.GetMember(member.UserID); m == nil {
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-29skr", "Errors.Iam.MemberNotExisting")
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-29skr", "Errors.IAM.MemberNotExisting")
}
repoIam := model.IamFromModel(existing)
repoMember := model.IamMemberFromModel(member)
repoIam := model.IAMFromModel(existing)
repoMember := model.IAMMemberFromModel(member)
projectAggregate := IamMemberRemovedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoMember)
projectAggregate := IAMMemberRemovedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoMember)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, projectAggregate)
es.iamCache.cacheIam(repoIam)
es.iamCache.cacheIAM(repoIam)
return err
}
func (es *IAMEventstore) GetIDPConfig(ctx context.Context, aggregateID, idpConfigID string) (*iam_model.IDPConfig, error) {
existing, err := es.IAMByID(ctx, aggregateID)
if err != nil {
return nil, err
}
if _, existingIDP := existing.GetIDP(idpConfigID); existingIDP != nil {
return existingIDP, nil
}
return nil, caos_errs.ThrowNotFound(nil, "EVENT-Scj8s", "Errors.IAM.IdpNotExisting")
}
func (es *IAMEventstore) AddIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error) {
if idp == nil || !idp.IsValid(true) {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Ms89d", "Errors.IAM.IdpInvalid")
}
existing, err := es.IAMByID(ctx, idp.AggregateID)
if err != nil {
return nil, err
}
id, err := es.idGenerator.Next()
if err != nil {
return nil, err
}
idp.IDPConfigID = id
if idp.OIDCConfig != nil {
idp.OIDCConfig.IDPConfigID = id
err = idp.OIDCConfig.CryptSecret(es.secretCrypto)
if err != nil {
return nil, err
}
}
repoIam := model.IAMFromModel(existing)
repoIdp := model.IDPConfigFromModel(idp)
addAggregate := IDPConfigAddedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoIdp)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, addAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIAM(repoIam)
if _, idpConfig := model.GetIDPConfig(repoIam.IDPs, idp.IDPConfigID); idpConfig != nil {
return model.IDPConfigToModel(idpConfig), nil
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-Scj8s", "Errors.Internal")
}
func (es *IAMEventstore) ChangeIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error) {
if idp == nil || !idp.IsValid(false) {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Cms8o", "Errors.IAM.IdpInvalid")
}
existing, err := es.IAMByID(ctx, idp.AggregateID)
if err != nil {
return nil, err
}
if _, existingIDP := existing.GetIDP(idp.IDPConfigID); existingIDP == nil {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Cmlos", "Errors.IAM.IdpNotExisting")
}
repoIam := model.IAMFromModel(existing)
repoIdp := model.IDPConfigFromModel(idp)
iamAggregate := IDPConfigChangedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoIdp)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, iamAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIAM(repoIam)
if _, idpConfig := model.GetIDPConfig(repoIam.IDPs, idp.IDPConfigID); idpConfig != nil {
return model.IDPConfigToModel(idpConfig), nil
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-Xmlo0", "Errors.Internal")
}
func (es *IAMEventstore) PrepareRemoveIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*model.IAM, *models.Aggregate, error) {
if idp == nil || idp.IDPConfigID == "" {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Wz7sD", "Errors.IAM.IDMissing")
}
existing, err := es.IAMByID(ctx, idp.AggregateID)
if err != nil {
return nil, nil, err
}
if _, existingIDP := existing.GetIDP(idp.IDPConfigID); existingIDP == nil {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Smiu8", "Errors.IAM.IdpNotExisting")
}
repoIam := model.IAMFromModel(existing)
repoIdp := model.IDPConfigFromModel(idp)
provider := new(model.IDPProvider)
if repoIam.DefaultLoginPolicy != nil {
_, provider = model.GetIDPProvider(repoIam.DefaultLoginPolicy.IDPProviders, idp.IDPConfigID)
}
agg, err := IDPConfigRemovedAggregate(ctx, es.Eventstore.AggregateCreator(), repoIam, repoIdp, provider)
if err != nil {
return nil, nil, err
}
return repoIam, agg, nil
}
func (es *IAMEventstore) RemoveIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) error {
repoIam, agg, err := es.PrepareRemoveIDPConfig(ctx, idp)
if err != nil {
return err
}
err = es_sdk.PushAggregates(ctx, es.PushAggregates, repoIam.AppendEvents, agg)
if err != nil {
return err
}
es.iamCache.cacheIAM(repoIam)
return nil
}
func (es *IAMEventstore) DeactivateIDPConfig(ctx context.Context, iamID, idpID string) (*iam_model.IDPConfig, error) {
if idpID == "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Fbs8o", "Errors.IAM.IDMissing")
}
existing, err := es.IAMByID(ctx, iamID)
if err != nil {
return nil, err
}
idp := &iam_model.IDPConfig{IDPConfigID: idpID}
if _, existingIDP := existing.GetIDP(idp.IDPConfigID); existingIDP == nil {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Mci32", "Errors.IAM.IdpNotExisting")
}
repoIam := model.IAMFromModel(existing)
repoIdp := model.IDPConfigFromModel(idp)
iamAggregate := IDPConfigDeactivatedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoIdp)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, iamAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIAM(repoIam)
if _, idpConfig := model.GetIDPConfig(repoIam.IDPs, idp.IDPConfigID); idpConfig != nil {
return model.IDPConfigToModel(idpConfig), nil
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-Xnc8d", "Errors.Internal")
}
func (es *IAMEventstore) ReactivateIDPConfig(ctx context.Context, iamID, idpID string) (*iam_model.IDPConfig, error) {
if idpID == "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Wkjsf", "Errors.IAM.IDMissing")
}
iam, err := es.IAMByID(ctx, iamID)
if err != nil {
return nil, err
}
idp := &iam_model.IDPConfig{IDPConfigID: idpID}
if _, existingIDP := iam.GetIDP(idp.IDPConfigID); existingIDP == nil {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Sjc78", "Errors.IAM.IdpNotExisting")
}
repoIam := model.IAMFromModel(iam)
repoIdp := model.IDPConfigFromModel(idp)
iamAggregate := IDPConfigReactivatedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoIdp)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, iamAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIAM(repoIam)
if _, idpConfig := model.GetIDPConfig(repoIam.IDPs, idp.IDPConfigID); idpConfig != nil {
return model.IDPConfigToModel(idpConfig), nil
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-Snd4f", "Errors.Internal")
}
func (es *IAMEventstore) ChangeIDPOIDCConfig(ctx context.Context, config *iam_model.OIDCIDPConfig) (*iam_model.OIDCIDPConfig, error) {
if config == nil || !config.IsValid(false) {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-*5ki8", "Errors.IAM.OIDCConfigInvalid")
}
iam, err := es.IAMByID(ctx, config.AggregateID)
if err != nil {
return nil, err
}
var idp *iam_model.IDPConfig
if _, idp = iam.GetIDP(config.IDPConfigID); idp == nil {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-pso0s", "Errors.IAM.IdpNoExisting")
}
if idp.Type != iam_model.IDPConfigTypeOIDC {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Fms8w", "Errors.IAM.IdpIsNotOIDC")
}
if config.ClientSecretString != "" {
err = idp.OIDCConfig.CryptSecret(es.secretCrypto)
} else {
config.ClientSecret = nil
}
repoIam := model.IAMFromModel(iam)
repoConfig := model.OIDCIDPConfigFromModel(config)
iamAggregate := OIDCIDPConfigChangedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoConfig)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, iamAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIAM(repoIam)
if _, idpConfig := model.GetIDPConfig(repoIam.IDPs, idp.IDPConfigID); idpConfig != nil {
return model.OIDCIDPConfigToModel(idpConfig.OIDCIDPConfig), nil
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-Sldk8", "Errors.Internal")
}
func (es *IAMEventstore) AddLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) {
if policy == nil || !policy.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Lso02", "Errors.IAM.LoginPolicyInvalid")
}
iam, err := es.IAMByID(ctx, policy.AggregateID)
if err != nil {
return nil, err
}
repoIam := model.IAMFromModel(iam)
repoLoginPolicy := model.LoginPolicyFromModel(policy)
addAggregate := LoginPolicyAddedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoLoginPolicy)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, addAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIAM(repoIam)
return model.LoginPolicyToModel(repoIam.DefaultLoginPolicy), nil
}
func (es *IAMEventstore) ChangeLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) {
if policy == nil || !policy.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Lso02", "Errors.IAM.LoginPolicyInvalid")
}
iam, err := es.IAMByID(ctx, policy.AggregateID)
if err != nil {
return nil, err
}
repoIam := model.IAMFromModel(iam)
repoLoginPolicy := model.LoginPolicyFromModel(policy)
addAggregate := LoginPolicyChangedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoLoginPolicy)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, addAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIAM(repoIam)
return model.LoginPolicyToModel(repoIam.DefaultLoginPolicy), nil
}
func (es *IAMEventstore) AddIDPProviderToLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) (*iam_model.IDPProvider, error) {
if provider == nil || !provider.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Lso02", "Errors.IdpProviderInvalid")
}
iam, err := es.IAMByID(ctx, provider.AggregateID)
if err != nil {
return nil, err
}
if _, m := iam.DefaultLoginPolicy.GetIdpProvider(provider.IdpConfigID); m != nil {
return nil, caos_errs.ThrowAlreadyExists(nil, "EVENT-idke6", "Errors.IAM.LoginPolicy.IdpProviderAlreadyExisting")
}
repoIam := model.IAMFromModel(iam)
repoProvider := model.IDPProviderFromModel(provider)
addAggregate := LoginPolicyIDPProviderAddedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoProvider)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, addAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIAM(repoIam)
if _, m := model.GetIDPProvider(repoIam.DefaultLoginPolicy.IDPProviders, provider.IdpConfigID); m != nil {
return model.IDPProviderToModel(m), nil
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-Slf9s", "Errors.Internal")
}
func (es *IAMEventstore) RemoveIDPProviderFromLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) error {
if provider == nil || !provider.IsValid() {
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-Esi8c", "Errors.IdpProviderInvalid")
}
iam, err := es.IAMByID(ctx, provider.AggregateID)
if err != nil {
return err
}
if _, m := iam.DefaultLoginPolicy.GetIdpProvider(provider.IdpConfigID); m == nil {
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-29skr", "Errors.IAM.LoginPolicy.IdpProviderNotExisting")
}
repoIam := model.IAMFromModel(iam)
addAggregate := LoginPolicyIDPProviderRemovedAggregate(es.Eventstore.AggregateCreator(), repoIam, &model.IDPProviderID{provider.IdpConfigID})
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, addAggregate)
if err != nil {
return err
}
es.iamCache.cacheIAM(repoIam)
return nil
}

91
internal/iam/repository/eventsourcing/eventstore_mock_test.go
View File

@@ -2,6 +2,8 @@ package eventsourcing
import (
"encoding/json"
"github.com/caos/zitadel/internal/crypto"
"github.com/caos/zitadel/internal/id"
mock_cache "github.com/caos/zitadel/internal/cache/mock"
"github.com/caos/zitadel/internal/eventstore/mock"
@@ -10,24 +12,37 @@ import (
"github.com/golang/mock/gomock"
)
func GetMockedEventstore(ctrl *gomock.Controller, mockEs *mock.MockEventstore) *IamEventstore {
return &IamEventstore{
Eventstore: mockEs,
iamCache: GetMockCache(ctrl),
func GetMockedEventstore(ctrl *gomock.Controller, mockEs *mock.MockEventstore) *IAMEventstore {
return &IAMEventstore{
Eventstore: mockEs,
iamCache: GetMockCache(ctrl),
idGenerator: GetSonyFlacke(),
}
}
func GetMockCache(ctrl *gomock.Controller) *IamCache {
func GetMockedEventstoreWithCrypto(ctrl *gomock.Controller, mockEs *mock.MockEventstore) *IAMEventstore {
return &IAMEventstore{
Eventstore: mockEs,
iamCache: GetMockCache(ctrl),
idGenerator: GetSonyFlacke(),
secretCrypto: crypto.NewBCrypt(10),
}
}
func GetMockCache(ctrl *gomock.Controller) *IAMCache {
mockCache := mock_cache.NewMockCache(ctrl)
mockCache.EXPECT().Get(gomock.Any(), gomock.Any()).Return(nil).AnyTimes()
mockCache.EXPECT().Set(gomock.Any(), gomock.Any()).Return(nil).AnyTimes()
return &IamCache{iamCache: mockCache}
return &IAMCache{iamCache: mockCache}
}
func GetMockIamByIDOK(ctrl *gomock.Controller) *IamEventstore {
data, _ := json.Marshal(model.Iam{GlobalOrgID: "GlobalOrgID"})
func GetSonyFlacke() id.Generator {
return id.SonyFlakeGenerator
}
func GetMockIamByIDOK(ctrl *gomock.Controller) *IAMEventstore {
data, _ := json.Marshal(model.IAM{GlobalOrgID: "GlobalOrgID"})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IamSetupStarted},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.GlobalOrgSet, Data: data},
}
mockEs := mock.NewMockEventstore(ctrl)
@@ -35,16 +50,16 @@ func GetMockIamByIDOK(ctrl *gomock.Controller) *IamEventstore {
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockIamByIDNoEvents(ctrl *gomock.Controller) *IamEventstore {
func GetMockIamByIDNoEvents(ctrl *gomock.Controller) *IAMEventstore {
events := []*es_models.Event{}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIam(ctrl *gomock.Controller) *IamEventstore {
func GetMockManipulateIam(ctrl *gomock.Controller) *IAMEventstore {
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IamSetupStarted},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
@@ -53,11 +68,22 @@ func GetMockManipulateIam(ctrl *gomock.Controller) *IamEventstore {
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIamWithMember(ctrl *gomock.Controller) *IamEventstore {
memberData, _ := json.Marshal(model.IamMember{UserID: "UserID", Roles: []string{"Role"}})
func GetMockManipulateIamWithCrypto(ctrl *gomock.Controller) *IAMEventstore {
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IamSetupStarted},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IamMemberAdded, Data: memberData},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstoreWithCrypto(ctrl, mockEs)
}
func GetMockManipulateIamWithMember(ctrl *gomock.Controller) *IAMEventstore {
memberData, _ := json.Marshal(model.IAMMember{UserID: "UserID", Roles: []string{"Role"}})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMMemberAdded, Data: memberData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
@@ -65,7 +91,38 @@ func GetMockManipulateIamWithMember(ctrl *gomock.Controller) *IamEventstore {
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIamNotExisting(ctrl *gomock.Controller) *IamEventstore {
func GetMockManipulateIamWithOIDCIdp(ctrl *gomock.Controller) *IAMEventstore {
idpData, _ := json.Marshal(model.IDPConfig{IDPConfigID: "IDPConfigID", Name: "Name"})
oidcData, _ := json.Marshal(model.OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IDPConfigAdded, Data: idpData},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.OIDCIDPConfigAdded, Data: oidcData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIamWithLoginPolicy(ctrl *gomock.Controller) *IAMEventstore {
policyData, _ := json.Marshal(model.LoginPolicy{AllowRegister: true, AllowUsernamePassword: true, AllowExternalIdp: true})
idpProviderData, _ := json.Marshal(model.IDPProvider{IDPConfigID: "IDPConfigID", Type: 1})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.LoginPolicyAdded, Data: policyData},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.LoginPolicyIDPProviderAdded, Data: idpProviderData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIamNotExisting(ctrl *gomock.Controller) *IAMEventstore {
events := []*es_models.Event{}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)

1082
internal/iam/repository/eventsourcing/eventstore_test.go
View File

File diff suppressed because it is too large Load Diff

304
internal/iam/repository/eventsourcing/iam.go
View File

@@ -7,118 +7,358 @@ import (
"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
)
func IamByIDQuery(id string, latestSequence uint64) (*es_models.SearchQuery, error) {
func IAMByIDQuery(id string, latestSequence uint64) (*es_models.SearchQuery, error) {
if id == "" {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-0soe4", "Errors.Iam.IDMissing")
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-0soe4", "Errors.IAM.IDMissing")
}
return IamQuery(latestSequence).
return IAMQuery(latestSequence).
AggregateIDFilter(id), nil
}
func IamQuery(latestSequence uint64) *es_models.SearchQuery {
func IAMQuery(latestSequence uint64) *es_models.SearchQuery {
return es_models.NewSearchQuery().
AggregateTypeFilter(model.IamAggregate).
AggregateTypeFilter(model.IAMAggregate).
LatestSequenceFilter(latestSequence)
}
func IamAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, iam *model.Iam) (*es_models.Aggregate, error) {
func IAMAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, iam *model.IAM) (*es_models.Aggregate, error) {
if iam == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-lo04e", "Errors.Internal")
}
return aggCreator.NewAggregate(ctx, iam.AggregateID, model.IamAggregate, model.IamVersion, iam.Sequence)
return aggCreator.NewAggregate(ctx, iam.AggregateID, model.IAMAggregate, model.IAMVersion, iam.Sequence)
}
func IamAggregateOverwriteContext(ctx context.Context, aggCreator *es_models.AggregateCreator, iam *model.Iam, resourceOwnerID string, userID string) (*es_models.Aggregate, error) {
func IAMAggregateOverwriteContext(ctx context.Context, aggCreator *es_models.AggregateCreator, iam *model.IAM, resourceOwnerID string, userID string) (*es_models.Aggregate, error) {
if iam == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-dis83", "Errors.Internal")
}
return aggCreator.NewAggregate(ctx, iam.AggregateID, model.IamAggregate, model.IamVersion, iam.Sequence, es_models.OverwriteResourceOwner(resourceOwnerID), es_models.OverwriteEditorUser(userID))
return aggCreator.NewAggregate(ctx, iam.AggregateID, model.IAMAggregate, model.IAMVersion, iam.Sequence, es_models.OverwriteResourceOwner(resourceOwnerID), es_models.OverwriteEditorUser(userID))
}
func IamSetupStartedAggregate(aggCreator *es_models.AggregateCreator, iam *model.Iam) func(ctx context.Context) (*es_models.Aggregate, error) {
func IAMSetupStartedAggregate(aggCreator *es_models.AggregateCreator, iam *model.IAM) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
agg, err := IamAggregate(ctx, aggCreator, iam)
agg, err := IAMAggregate(ctx, aggCreator, iam)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.IamSetupStarted, nil)
return agg.AppendEvent(model.IAMSetupStarted, nil)
}
}
func IamSetupDoneAggregate(aggCreator *es_models.AggregateCreator, iam *model.Iam) func(ctx context.Context) (*es_models.Aggregate, error) {
func IAMSetupDoneAggregate(aggCreator *es_models.AggregateCreator, iam *model.IAM) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
agg, err := IamAggregate(ctx, aggCreator, iam)
agg, err := IAMAggregate(ctx, aggCreator, iam)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.IamSetupDone, nil)
return agg.AppendEvent(model.IAMSetupDone, nil)
}
}
func IamSetGlobalOrgAggregate(aggCreator *es_models.AggregateCreator, iam *model.Iam, globalOrg string) func(ctx context.Context) (*es_models.Aggregate, error) {
func IAMSetGlobalOrgAggregate(aggCreator *es_models.AggregateCreator, iam *model.IAM, globalOrg string) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if globalOrg == "" {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-8siwa", "Errors.Iam.GlobalOrgMissing")
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-8siwa", "Errors.IAM.GlobalOrgMissing")
}
agg, err := IamAggregate(ctx, aggCreator, iam)
agg, err := IAMAggregate(ctx, aggCreator, iam)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.GlobalOrgSet, &model.Iam{GlobalOrgID: globalOrg})
return agg.AppendEvent(model.GlobalOrgSet, &model.IAM{GlobalOrgID: globalOrg})
}
}
func IamSetIamProjectAggregate(aggCreator *es_models.AggregateCreator, iam *model.Iam, projectID string) func(ctx context.Context) (*es_models.Aggregate, error) {
func IAMSetIamProjectAggregate(aggCreator *es_models.AggregateCreator, iam *model.IAM, projectID string) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if projectID == "" {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-sjuw3", "Errors.Iam.IamProjectIDMisisng")
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-sjuw3", "Errors.IAM.IamProjectIDMisisng")
}
agg, err := IamAggregate(ctx, aggCreator, iam)
agg, err := IAMAggregate(ctx, aggCreator, iam)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.IamProjectSet, &model.Iam{IamProjectID: projectID})
return agg.AppendEvent(model.IAMProjectSet, &model.IAM{IAMProjectID: projectID})
}
}
func IamMemberAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Iam, member *model.IamMember) func(ctx context.Context) (*es_models.Aggregate, error) {
func IAMMemberAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, member *model.IAMMember) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if member == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-9sope", "Errors.Internal")
}
agg, err := IamAggregate(ctx, aggCreator, existing)
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.IamMemberAdded, member)
return agg.AppendEvent(model.IAMMemberAdded, member)
}
}
func IamMemberChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Iam, member *model.IamMember) func(ctx context.Context) (*es_models.Aggregate, error) {
func IAMMemberChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, member *model.IAMMember) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if member == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-38skf", "Errors.Internal")
}
agg, err := IamAggregate(ctx, aggCreator, existing)
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.IamMemberChanged, member)
return agg.AppendEvent(model.IAMMemberChanged, member)
}
}
func IamMemberRemovedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Iam, member *model.IamMember) func(ctx context.Context) (*es_models.Aggregate, error) {
func IAMMemberRemovedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, member *model.IAMMember) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if member == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-90lsw", "Errors.Internal")
}
agg, err := IamAggregate(ctx, aggCreator, existing)
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.IamMemberRemoved, member)
return agg.AppendEvent(model.IAMMemberRemoved, member)
}
}
func IDPConfigAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, idp *model.IDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if idp == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-MSn7d", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
agg, err = agg.AppendEvent(model.IDPConfigAdded, idp)
if err != nil {
return nil, err
}
if idp.OIDCIDPConfig != nil {
return agg.AppendEvent(model.OIDCIDPConfigAdded, idp.OIDCIDPConfig)
}
return agg, nil
}
}
func IDPConfigChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, idp *model.IDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if idp == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Amc7s", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
var changes map[string]interface{}
for _, i := range existing.IDPs {
if i.IDPConfigID == idp.IDPConfigID {
changes = i.Changes(idp)
}
}
return agg.AppendEvent(model.IDPConfigChanged, changes)
}
}
func IDPConfigRemovedAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, existing *model.IAM, idp *model.IDPConfig, provider *model.IDPProvider) (*es_models.Aggregate, error) {
if idp == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-se23g", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
agg, err = agg.AppendEvent(model.IDPConfigRemoved, &model.IDPConfigID{IDPConfigID: idp.IDPConfigID})
if err != nil {
return nil, err
}
if provider != nil {
return agg.AppendEvent(model.LoginPolicyIDPProviderCascadeRemoved, &model.IDPConfigID{IDPConfigID: idp.IDPConfigID})
}
return agg, nil
}
func IDPConfigDeactivatedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, idp *model.IDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if idp == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-slfi3", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.IDPConfigDeactivated, &model.IDPConfigID{IDPConfigID: idp.IDPConfigID})
}
}
func IDPConfigReactivatedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, idp *model.IDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if idp == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-slf32", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.IDPConfigReactivated, &model.IDPConfigID{IDPConfigID: idp.IDPConfigID})
}
}
func OIDCIDPConfigChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, config *model.OIDCIDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if config == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-slf32", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
var changes map[string]interface{}
for _, idp := range existing.IDPs {
if idp.IDPConfigID == config.IDPConfigID && idp.OIDCIDPConfig != nil {
changes = idp.OIDCIDPConfig.Changes(config)
}
}
if len(changes) <= 1 {
return nil, errors.ThrowPreconditionFailedf(nil, "EVENT-Cml9s", "Errors.NoChangesFound")
}
return agg.AppendEvent(model.OIDCIDPConfigChanged, changes)
}
}
func LoginPolicyAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, policy *model.LoginPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Smla8", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate).
EventTypesFilter(model.LoginPolicyAdded).
AggregateIDFilter(existing.AggregateID)
validation := checkExistingLoginPolicyValidation()
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.LoginPolicyAdded, policy)
}
}
func LoginPolicyChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, policy *model.LoginPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Mlco9", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
changes := existing.DefaultLoginPolicy.Changes(policy)
if len(changes) == 0 {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Smk8d", "Errors.NoChangesFound")
}
return agg.AppendEvent(model.LoginPolicyChanged, changes)
}
}
func LoginPolicyIDPProviderAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, provider *model.IDPProvider) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if provider == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Sml9d", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate).
AggregateIDFilter(existing.AggregateID)
validation := checkExistingLoginPolicyIDPProviderValidation(provider.IDPConfigID)
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.LoginPolicyIDPProviderAdded, provider)
}
}
func LoginPolicyIDPProviderRemovedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, provider *model.IDPProviderID) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if provider == nil || existing == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Sml9d", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.LoginPolicyIDPProviderRemoved, provider)
}
}
func checkExistingLoginPolicyValidation() func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
for _, event := range events {
switch event.Type {
case model.LoginPolicyAdded:
return errors.ThrowPreconditionFailed(nil, "EVENT-Ski9d", "Errors.IAM.LoginPolicy.AlreadyExists")
}
}
return nil
}
}
func checkExistingLoginPolicyIDPProviderValidation(idpConfigID string) func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
idpConfigs := make([]*model.IDPConfig, 0)
idps := make([]*model.IDPProvider, 0)
for _, event := range events {
switch event.Type {
case model.IDPConfigAdded:
config := new(model.IDPConfig)
config.SetData(event)
idpConfigs = append(idpConfigs, config)
case model.IDPConfigRemoved:
config := new(model.IDPConfig)
config.SetData(event)
for i, p := range idpConfigs {
if p.IDPConfigID == config.IDPConfigID {
idpConfigs[i] = idpConfigs[len(idpConfigs)-1]
idpConfigs[len(idpConfigs)-1] = nil
idpConfigs = idpConfigs[:len(idpConfigs)-1]
}
}
case model.LoginPolicyIDPProviderAdded:
idp := new(model.IDPProvider)
idp.SetData(event)
idps = append(idps, idp)
case model.LoginPolicyIDPProviderRemoved:
idp := new(model.IDPProvider)
idp.SetData(event)
for i, p := range idps {
if p.IDPConfigID == idp.IDPConfigID {
idps[i] = idps[len(idps)-1]
idps[len(idps)-1] = nil
idps = idps[:len(idps)-1]
}
}
}
}
exists := false
for _, p := range idpConfigs {
if p.IDPConfigID == idpConfigID {
exists = true
}
}
if !exists {
return errors.ThrowPreconditionFailed(nil, "EVENT-Djlo9", "Errors.IAM.IdpNotExisting")
}
for _, p := range idps {
if p.IDPConfigID == idpConfigID {
return errors.ThrowPreconditionFailed(nil, "EVENT-us5Zw", "Errors.IAM.LoginPolicy.IdpProviderAlreadyExisting")
}
}
return nil
}
}

1050
internal/iam/repository/eventsourcing/iam_test.go
View File

File diff suppressed because it is too large Load Diff

83
internal/iam/repository/eventsourcing/model/iam.go
View File

@@ -9,45 +9,57 @@ import (
)
const (
IamVersion = "v1"
IAMVersion = "v1"
)
type Iam struct {
type IAM struct {
es_models.ObjectRoot
SetUpStarted bool `json:"-"`
SetUpDone bool `json:"-"`
GlobalOrgID string `json:"globalOrgId,omitempty"`
IamProjectID string `json:"iamProjectId,omitempty"`
Members []*IamMember `json:"-"`
SetUpStarted bool `json:"-"`
SetUpDone bool `json:"-"`
GlobalOrgID string `json:"globalOrgId,omitempty"`
IAMProjectID string `json:"iamProjectId,omitempty"`
Members []*IAMMember `json:"-"`
IDPs []*IDPConfig `json:"-"`
DefaultLoginPolicy *LoginPolicy `json:"-"`
}
func IamFromModel(iam *model.Iam) *Iam {
members := IamMembersFromModel(iam.Members)
converted := &Iam{
func IAMFromModel(iam *model.IAM) *IAM {
members := IAMMembersFromModel(iam.Members)
idps := IDPConfigsFromModel(iam.IDPs)
converted := &IAM{
ObjectRoot: iam.ObjectRoot,
SetUpStarted: iam.SetUpStarted,
SetUpDone: iam.SetUpDone,
GlobalOrgID: iam.GlobalOrgID,
IamProjectID: iam.IamProjectID,
IAMProjectID: iam.IAMProjectID,
Members: members,
IDPs: idps,
}
if iam.DefaultLoginPolicy != nil {
converted.DefaultLoginPolicy = LoginPolicyFromModel(iam.DefaultLoginPolicy)
}
return converted
}
func IamToModel(iam *Iam) *model.Iam {
members := IamMembersToModel(iam.Members)
converted := &model.Iam{
func IAMToModel(iam *IAM) *model.IAM {
members := IAMMembersToModel(iam.Members)
idps := IDPConfigsToModel(iam.IDPs)
converted := &model.IAM{
ObjectRoot: iam.ObjectRoot,
SetUpStarted: iam.SetUpStarted,
SetUpDone: iam.SetUpDone,
GlobalOrgID: iam.GlobalOrgID,
IamProjectID: iam.IamProjectID,
IAMProjectID: iam.IAMProjectID,
Members: members,
IDPs: idps,
}
if iam.DefaultLoginPolicy != nil {
converted.DefaultLoginPolicy = LoginPolicyToModel(iam.DefaultLoginPolicy)
}
return converted
}
func (i *Iam) AppendEvents(events ...*es_models.Event) error {
func (i *IAM) AppendEvents(events ...*es_models.Event) error {
for _, event := range events {
if err := i.AppendEvent(event); err != nil {
return err
@@ -56,27 +68,50 @@ func (i *Iam) AppendEvents(events ...*es_models.Event) error {
return nil
}
func (i *Iam) AppendEvent(event *es_models.Event) (err error) {
func (i *IAM) AppendEvent(event *es_models.Event) (err error) {
i.ObjectRoot.AppendEvent(event)
switch event.Type {
case IamSetupStarted:
case IAMSetupStarted:
i.SetUpStarted = true
case IamSetupDone:
case IAMSetupDone:
i.SetUpDone = true
case IamProjectSet,
case IAMProjectSet,
GlobalOrgSet:
err = i.SetData(event)
case IamMemberAdded:
case IAMMemberAdded:
err = i.appendAddMemberEvent(event)
case IamMemberChanged:
case IAMMemberChanged:
err = i.appendChangeMemberEvent(event)
case IamMemberRemoved:
case IAMMemberRemoved:
err = i.appendRemoveMemberEvent(event)
case IDPConfigAdded:
return i.appendAddIDPConfigEvent(event)
case IDPConfigChanged:
return i.appendChangeIDPConfigEvent(event)
case IDPConfigRemoved:
return i.appendRemoveIDPConfigEvent(event)
case IDPConfigDeactivated:
return i.appendIDPConfigStateEvent(event, model.IDPConfigStateInactive)
case IDPConfigReactivated:
return i.appendIDPConfigStateEvent(event, model.IDPConfigStateActive)
case OIDCIDPConfigAdded:
return i.appendAddOIDCIDPConfigEvent(event)
case OIDCIDPConfigChanged:
return i.appendChangeOIDCIDPConfigEvent(event)
case LoginPolicyAdded:
return i.appendAddLoginPolicyEvent(event)
case LoginPolicyChanged:
return i.appendChangeLoginPolicyEvent(event)
case LoginPolicyIDPProviderAdded:
return i.appendAddIDPProviderToLoginPolicyEvent(event)
case LoginPolicyIDPProviderRemoved:
return i.appendRemoveIDPProviderFromLoginPolicyEvent(event)
}
return err
}
func (i *Iam) SetData(event *es_models.Event) error {
func (i *IAM) SetData(event *es_models.Event) error {
i.ObjectRoot.AppendEvent(event)
if err := json.Unmarshal(event.Data, i); err != nil {
logging.Log("EVEN-9sie4").WithError(err).Error("could not unmarshal event data")

42
internal/iam/repository/eventsourcing/model/iam_member.go
View File

@@ -7,13 +7,13 @@ import (
"github.com/caos/zitadel/internal/iam/model"
)
type IamMember struct {
type IAMMember struct {
es_models.ObjectRoot
UserID string `json:"userId,omitempty"`
Roles []string `json:"roles,omitempty"`
}
func GetIamMember(members []*IamMember, id string) (int, *IamMember) {
func GetIAMMember(members []*IAMMember, id string) (int, *IAMMember) {
for i, m := range members {
if m.UserID == id {
return i, m
@@ -22,40 +22,40 @@ func GetIamMember(members []*IamMember, id string) (int, *IamMember) {
return -1, nil
}
func IamMembersToModel(members []*IamMember) []*model.IamMember {
convertedMembers := make([]*model.IamMember, len(members))
func IAMMembersToModel(members []*IAMMember) []*model.IAMMember {
convertedMembers := make([]*model.IAMMember, len(members))
for i, m := range members {
convertedMembers[i] = IamMemberToModel(m)
convertedMembers[i] = IAMMemberToModel(m)
}
return convertedMembers
}
func IamMembersFromModel(members []*model.IamMember) []*IamMember {
convertedMembers := make([]*IamMember, len(members))
func IAMMembersFromModel(members []*model.IAMMember) []*IAMMember {
convertedMembers := make([]*IAMMember, len(members))
for i, m := range members {
convertedMembers[i] = IamMemberFromModel(m)
convertedMembers[i] = IAMMemberFromModel(m)
}
return convertedMembers
}
func IamMemberFromModel(member *model.IamMember) *IamMember {
return &IamMember{
func IAMMemberFromModel(member *model.IAMMember) *IAMMember {
return &IAMMember{
ObjectRoot: member.ObjectRoot,
UserID: member.UserID,
Roles: member.Roles,
}
}
func IamMemberToModel(member *IamMember) *model.IamMember {
return &model.IamMember{
func IAMMemberToModel(member *IAMMember) *model.IAMMember {
return &model.IAMMember{
ObjectRoot: member.ObjectRoot,
UserID: member.UserID,
Roles: member.Roles,
}
}
func (iam *Iam) appendAddMemberEvent(event *es_models.Event) error {
member := &IamMember{}
func (iam *IAM) appendAddMemberEvent(event *es_models.Event) error {
member := &IAMMember{}
err := member.SetData(event)
if err != nil {
return err
@@ -65,25 +65,25 @@ func (iam *Iam) appendAddMemberEvent(event *es_models.Event) error {
return nil
}
func (iam *Iam) appendChangeMemberEvent(event *es_models.Event) error {
member := &IamMember{}
func (iam *IAM) appendChangeMemberEvent(event *es_models.Event) error {
member := &IAMMember{}
err := member.SetData(event)
if err != nil {
return err
}
if i, m := GetIamMember(iam.Members, member.UserID); m != nil {
if i, m := GetIAMMember(iam.Members, member.UserID); m != nil {
iam.Members[i] = member
}
return nil
}
func (iam *Iam) appendRemoveMemberEvent(event *es_models.Event) error {
member := &IamMember{}
func (iam *IAM) appendRemoveMemberEvent(event *es_models.Event) error {
member := &IAMMember{}
err := member.SetData(event)
if err != nil {
return err
}
if i, m := GetIamMember(iam.Members, member.UserID); m != nil {
if i, m := GetIAMMember(iam.Members, member.UserID); m != nil {
iam.Members[i] = iam.Members[len(iam.Members)-1]
iam.Members[len(iam.Members)-1] = nil
iam.Members = iam.Members[:len(iam.Members)-1]
@@ -91,7 +91,7 @@ func (iam *Iam) appendRemoveMemberEvent(event *es_models.Event) error {
return nil
}
func (m *IamMember) SetData(event *es_models.Event) error {
func (m *IAMMember) SetData(event *es_models.Event) error {
m.ObjectRoot.AppendEvent(event)
if err := json.Unmarshal(event.Data, m); err != nil {
logging.Log("EVEN-e4dkp").WithError(err).Error("could not unmarshal event data")

36
internal/iam/repository/eventsourcing/model/iam_member_test.go
View File

@@ -8,23 +8,23 @@ import (
func TestAppendAddMemberEvent(t *testing.T) {
type args struct {
iam *Iam
member *IamMember
iam *IAM
member *IAMMember
event *es_models.Event
}
tests := []struct {
name string
args args
result *Iam
result *IAM
}{
{
name: "append add member event",
args: args{
iam: &Iam{},
member: &IamMember{UserID: "UserID", Roles: []string{"Role"}},
iam: &IAM{},
member: &IAMMember{UserID: "UserID", Roles: []string{"Role"}},
event: &es_models.Event{},
},
result: &Iam{Members: []*IamMember{&IamMember{UserID: "UserID", Roles: []string{"Role"}}}},
result: &IAM{Members: []*IAMMember{&IAMMember{UserID: "UserID", Roles: []string{"Role"}}}},
},
}
for _, tt := range tests {
@@ -46,23 +46,23 @@ func TestAppendAddMemberEvent(t *testing.T) {
func TestAppendChangeMemberEvent(t *testing.T) {
type args struct {
iam *Iam
member *IamMember
iam *IAM
member *IAMMember
event *es_models.Event
}
tests := []struct {
name string
args args
result *Iam
result *IAM
}{
{
name: "append change member event",
args: args{
iam: &Iam{Members: []*IamMember{&IamMember{UserID: "UserID", Roles: []string{"Role"}}}},
member: &IamMember{UserID: "UserID", Roles: []string{"ChangedRole"}},
iam: &IAM{Members: []*IAMMember{&IAMMember{UserID: "UserID", Roles: []string{"Role"}}}},
member: &IAMMember{UserID: "UserID", Roles: []string{"ChangedRole"}},
event: &es_models.Event{},
},
result: &Iam{Members: []*IamMember{&IamMember{UserID: "UserID", Roles: []string{"ChangedRole"}}}},
result: &IAM{Members: []*IAMMember{&IAMMember{UserID: "UserID", Roles: []string{"ChangedRole"}}}},
},
}
for _, tt := range tests {
@@ -84,23 +84,23 @@ func TestAppendChangeMemberEvent(t *testing.T) {
func TestAppendRemoveMemberEvent(t *testing.T) {
type args struct {
iam *Iam
member *IamMember
iam *IAM
member *IAMMember
event *es_models.Event
}
tests := []struct {
name string
args args
result *Iam
result *IAM
}{
{
name: "append remove member event",
args: args{
iam: &Iam{Members: []*IamMember{&IamMember{UserID: "UserID", Roles: []string{"Role"}}}},
member: &IamMember{UserID: "UserID"},
iam: &IAM{Members: []*IAMMember{&IAMMember{UserID: "UserID", Roles: []string{"Role"}}}},
member: &IAMMember{UserID: "UserID"},
event: &es_models.Event{},
},
result: &Iam{Members: []*IamMember{}},
result: &IAM{Members: []*IAMMember{}},
},
}
for _, tt := range tests {

34
internal/iam/repository/eventsourcing/model/iam_test.go
View File

@@ -6,7 +6,7 @@ import (
"testing"
)
func mockIamData(iam *Iam) []byte {
func mockIamData(iam *IAM) []byte {
data, _ := json.Marshal(iam)
return data
}
@@ -14,44 +14,44 @@ func mockIamData(iam *Iam) []byte {
func TestProjectRoleAppendEvent(t *testing.T) {
type args struct {
event *es_models.Event
iam *Iam
iam *IAM
}
tests := []struct {
name string
args args
result *Iam
result *IAM
}{
{
name: "append set up start event",
args: args{
event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: IamSetupStarted, ResourceOwner: "OrgID"},
iam: &Iam{},
event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: IAMSetupStarted, ResourceOwner: "OrgID"},
iam: &IAM{},
},
result: &Iam{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true},
result: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true},
},
{
name: "append set up done event",
args: args{
event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: IamSetupDone, ResourceOwner: "OrgID"},
iam: &Iam{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true},
event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: IAMSetupDone, ResourceOwner: "OrgID"},
iam: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true},
},
result: &Iam{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true, SetUpDone: true},
result: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true, SetUpDone: true},
},
{
name: "append globalorg event",
args: args{
event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: GlobalOrgSet, ResourceOwner: "OrgID", Data: mockIamData(&Iam{GlobalOrgID: "GlobalOrg"})},
iam: &Iam{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true},
event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: GlobalOrgSet, ResourceOwner: "OrgID", Data: mockIamData(&IAM{GlobalOrgID: "GlobalOrg"})},
iam: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true},
},
result: &Iam{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true, GlobalOrgID: "GlobalOrg"},
result: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true, GlobalOrgID: "GlobalOrg"},
},
{
name: "append iamproject event",
args: args{
event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: IamProjectSet, ResourceOwner: "OrgID", Data: mockIamData(&Iam{IamProjectID: "IamProject"})},
iam: &Iam{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true},
event: &es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: IAMProjectSet, ResourceOwner: "OrgID", Data: mockIamData(&IAM{IAMProjectID: "IamProject"})},
iam: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true},
},
result: &Iam{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true, IamProjectID: "IamProject"},
result: &IAM{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SetUpStarted: true, IAMProjectID: "IamProject"},
},
}
for _, tt := range tests {
@@ -66,8 +66,8 @@ func TestProjectRoleAppendEvent(t *testing.T) {
if tt.args.iam.GlobalOrgID != tt.result.GlobalOrgID {
t.Errorf("got wrong result GlobalOrgID: expected: %v, actual: %v ", tt.result.GlobalOrgID, tt.args.iam.GlobalOrgID)
}
if tt.args.iam.IamProjectID != tt.result.IamProjectID {
t.Errorf("got wrong result IamProjectID: expected: %v, actual: %v ", tt.result.IamProjectID, tt.args.iam.IamProjectID)
if tt.args.iam.IAMProjectID != tt.result.IAMProjectID {
t.Errorf("got wrong result IAMProjectID: expected: %v, actual: %v ", tt.result.IAMProjectID, tt.args.iam.IAMProjectID)
}
})
}

151
internal/iam/repository/eventsourcing/model/idp_config.go Normal file
View File

@@ -0,0 +1,151 @@
package model
import (
"bytes"
"encoding/json"
"github.com/caos/logging"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/model"
)
type IDPConfig struct {
es_models.ObjectRoot
IDPConfigID string `json:"idpConfigId"`
State int32 `json:"-"`
Name string `json:"name,omitempty"`
Type int32 `json:"idpType,omitempty"`
LogoSrc []byte `json:"logoSrc,omitempty"`
OIDCIDPConfig *OIDCIDPConfig `json:"-"`
}
type IDPConfigID struct {
es_models.ObjectRoot
IDPConfigID string `json:"idpConfigId"`
}
func GetIDPConfig(idps []*IDPConfig, id string) (int, *IDPConfig) {
for i, idp := range idps {
if idp.IDPConfigID == id {
return i, idp
}
}
return -1, nil
}
func (c *IDPConfig) Changes(changed *IDPConfig) map[string]interface{} {
changes := make(map[string]interface{}, 1)
changes["idpConfigId"] = c.IDPConfigID
if changed.Name != "" && c.Name != changed.Name {
changes["name"] = changed.Name
}
if changed.LogoSrc != nil && bytes.Equal(c.LogoSrc, changed.LogoSrc) {
changes["logoSrc"] = changed.LogoSrc
}
return changes
}
func IDPConfigsToModel(idps []*IDPConfig) []*model.IDPConfig {
convertedIDPConfigs := make([]*model.IDPConfig, len(idps))
for i, idp := range idps {
convertedIDPConfigs[i] = IDPConfigToModel(idp)
}
return convertedIDPConfigs
}
func IDPConfigsFromModel(idps []*model.IDPConfig) []*IDPConfig {
convertedIDPConfigs := make([]*IDPConfig, len(idps))
for i, idp := range idps {
convertedIDPConfigs[i] = IDPConfigFromModel(idp)
}
return convertedIDPConfigs
}
func IDPConfigFromModel(idp *model.IDPConfig) *IDPConfig {
converted := &IDPConfig{
ObjectRoot: idp.ObjectRoot,
IDPConfigID: idp.IDPConfigID,
Name: idp.Name,
State: int32(idp.State),
Type: int32(idp.Type),
LogoSrc: idp.LogoSrc,
}
if idp.OIDCConfig != nil {
converted.OIDCIDPConfig = OIDCIDPConfigFromModel(idp.OIDCConfig)
}
return converted
}
func IDPConfigToModel(idp *IDPConfig) *model.IDPConfig {
converted := &model.IDPConfig{
ObjectRoot: idp.ObjectRoot,
IDPConfigID: idp.IDPConfigID,
Name: idp.Name,
LogoSrc: idp.LogoSrc,
State: model.IDPConfigState(idp.State),
Type: model.IdpConfigType(idp.Type),
}
if idp.OIDCIDPConfig != nil {
converted.OIDCConfig = OIDCIDPConfigToModel(idp.OIDCIDPConfig)
}
return converted
}
func (iam *IAM) appendAddIDPConfigEvent(event *es_models.Event) error {
idp := new(IDPConfig)
err := idp.SetData(event)
if err != nil {
return err
}
idp.ObjectRoot.CreationDate = event.CreationDate
iam.IDPs = append(iam.IDPs, idp)
return nil
}
func (iam *IAM) appendChangeIDPConfigEvent(event *es_models.Event) error {
idp := new(IDPConfig)
err := idp.SetData(event)
if err != nil {
return err
}
if i, idpConfig := GetIDPConfig(iam.IDPs, idp.IDPConfigID); idpConfig != nil {
iam.IDPs[i].SetData(event)
}
return nil
}
func (iam *IAM) appendRemoveIDPConfigEvent(event *es_models.Event) error {
idp := new(IDPConfig)
err := idp.SetData(event)
if err != nil {
return err
}
if i, idpConfig := GetIDPConfig(iam.IDPs, idp.IDPConfigID); idpConfig != nil {
iam.IDPs[i] = iam.IDPs[len(iam.IDPs)-1]
iam.IDPs[len(iam.IDPs)-1] = nil
iam.IDPs = iam.IDPs[:len(iam.IDPs)-1]
}
return nil
}
func (iam *IAM) appendIDPConfigStateEvent(event *es_models.Event, state model.IDPConfigState) error {
idp := new(IDPConfig)
err := idp.SetData(event)
if err != nil {
return err
}
if i, idpConfig := GetIDPConfig(iam.IDPs, idp.IDPConfigID); idpConfig != nil {
idpConfig.State = int32(state)
iam.IDPs[i] = idpConfig
}
return nil
}
func (c *IDPConfig) SetData(event *es_models.Event) error {
c.ObjectRoot.AppendEvent(event)
if err := json.Unmarshal(event.Data, c); err != nil {
logging.Log("EVEN-Msj9w").WithError(err).Error("could not unmarshal event data")
return err
}
return nil
}

213
internal/iam/repository/eventsourcing/model/idp_config_test.go Normal file
View File

@@ -0,0 +1,213 @@
package model
import (
"encoding/json"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/model"
"testing"
)
func TestIdpConfigChanges(t *testing.T) {
type args struct {
existing *IDPConfig
new *IDPConfig
}
type res struct {
changesLen int
}
tests := []struct {
name string
args args
res res
}{
{
name: "idp config name changes",
args: args{
existing: &IDPConfig{IDPConfigID: "IDPConfigID", Name: "Name"},
new: &IDPConfig{IDPConfigID: "IDPConfigID", Name: "NameChanged"},
},
res: res{
changesLen: 2,
},
},
{
name: "no changes",
args: args{
existing: &IDPConfig{IDPConfigID: "IDPConfigID", Name: "Name"},
new: &IDPConfig{IDPConfigID: "IDPConfigID", Name: "Name"},
},
res: res{
changesLen: 1,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
changes := tt.args.existing.Changes(tt.args.new)
if len(changes) != tt.res.changesLen {
t.Errorf("got wrong changes len: expected: %v, actual: %v ", tt.res.changesLen, len(changes))
}
})
}
}
func TestAppendAddIdpConfigEvent(t *testing.T) {
type args struct {
iam *IAM
idp *IDPConfig
event *es_models.Event
}
tests := []struct {
name string
args args
result *IAM
}{
{
name: "append add idp config event",
args: args{
iam: &IAM{},
idp: &IDPConfig{Name: "IDPConfig"},
event: &es_models.Event{},
},
result: &IAM{IDPs: []*IDPConfig{&IDPConfig{Name: "IDPConfig"}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.idp != nil {
data, _ := json.Marshal(tt.args.idp)
tt.args.event.Data = data
}
tt.args.iam.appendAddIDPConfigEvent(tt.args.event)
if len(tt.args.iam.IDPs) != 1 {
t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.iam.IDPs))
}
if tt.args.iam.IDPs[0] == tt.result.IDPs[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.iam.IDPs[0])
}
})
}
}
func TestAppendChangeIdpConfigEvent(t *testing.T) {
type args struct {
iam *IAM
idpConfig *IDPConfig
event *es_models.Event
}
tests := []struct {
name string
args args
result *IAM
}{
{
name: "append change idp config event",
args: args{
iam: &IAM{IDPs: []*IDPConfig{&IDPConfig{Name: "IDPConfig"}}},
idpConfig: &IDPConfig{Name: "IDPConfig Change"},
event: &es_models.Event{},
},
result: &IAM{IDPs: []*IDPConfig{&IDPConfig{Name: "IDPConfig Change"}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.idpConfig != nil {
data, _ := json.Marshal(tt.args.idpConfig)
tt.args.event.Data = data
}
tt.args.iam.appendChangeIDPConfigEvent(tt.args.event)
if len(tt.args.iam.IDPs) != 1 {
t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.iam.IDPs))
}
if tt.args.iam.IDPs[0] == tt.result.IDPs[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.iam.IDPs[0])
}
})
}
}
func TestAppendRemoveIDPEvent(t *testing.T) {
type args struct {
iam *IAM
idp *IDPConfig
event *es_models.Event
}
tests := []struct {
name string
args args
result *IAM
}{
{
name: "append remove idp config event",
args: args{
iam: &IAM{IDPs: []*IDPConfig{&IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig"}}},
idp: &IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig"},
event: &es_models.Event{},
},
result: &IAM{IDPs: []*IDPConfig{}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.idp != nil {
data, _ := json.Marshal(tt.args.idp)
tt.args.event.Data = data
}
tt.args.iam.appendRemoveIDPConfigEvent(tt.args.event)
if len(tt.args.iam.IDPs) != 0 {
t.Errorf("got wrong result should have no apps actual: %v ", len(tt.args.iam.IDPs))
}
})
}
}
func TestAppendAppStateEvent(t *testing.T) {
type args struct {
iam *IAM
idp *IDPConfig
event *es_models.Event
state model.IDPConfigState
}
tests := []struct {
name string
args args
result *IAM
}{
{
name: "append deactivate application event",
args: args{
iam: &IAM{IDPs: []*IDPConfig{&IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig", State: int32(model.IDPConfigStateActive)}}},
idp: &IDPConfig{IDPConfigID: "IDPConfigID"},
event: &es_models.Event{},
state: model.IDPConfigStateInactive,
},
result: &IAM{IDPs: []*IDPConfig{&IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig", State: int32(model.IDPConfigStateInactive)}}},
},
{
name: "append reactivate application event",
args: args{
iam: &IAM{IDPs: []*IDPConfig{&IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig", State: int32(model.IDPConfigStateInactive)}}},
idp: &IDPConfig{IDPConfigID: "IDPConfigID"},
event: &es_models.Event{},
state: model.IDPConfigStateActive,
},
result: &IAM{IDPs: []*IDPConfig{&IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig", State: int32(model.IDPConfigStateActive)}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.idp != nil {
data, _ := json.Marshal(tt.args.idp)
tt.args.event.Data = data
}
tt.args.iam.appendIDPConfigStateEvent(tt.args.event, tt.args.state)
if len(tt.args.iam.IDPs) != 1 {
t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.iam.IDPs))
}
if tt.args.iam.IDPs[0] == tt.result.IDPs[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.iam.IDPs[0])
}
})
}
}

164
internal/iam/repository/eventsourcing/model/login_policy.go Normal file
View File

@@ -0,0 +1,164 @@
package model
import (
"encoding/json"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
)
type LoginPolicy struct {
models.ObjectRoot
State int32 `json:"-"`
AllowUsernamePassword bool `json:"allowUsernamePassword"`
AllowRegister bool `json:"allowRegister"`
AllowExternalIdp bool `json:"allowExternalIdp"`
IDPProviders []*IDPProvider `json:"-"`
}
type IDPProvider struct {
models.ObjectRoot
Type int32 `json:"idpProviderType"`
IDPConfigID string `json:"idpConfigId"`
}
type IDPProviderID struct {
IDPConfigID string `json:"idpConfigId"`
}
func GetIDPProvider(providers []*IDPProvider, id string) (int, *IDPProvider) {
for i, p := range providers {
if p.IDPConfigID == id {
return i, p
}
}
return -1, nil
}
func LoginPolicyToModel(policy *LoginPolicy) *iam_model.LoginPolicy {
idps := IDPProvidersToModel(policy.IDPProviders)
return &iam_model.LoginPolicy{
ObjectRoot: policy.ObjectRoot,
State: iam_model.PolicyState(policy.State),
AllowUsernamePassword: policy.AllowUsernamePassword,
AllowRegister: policy.AllowRegister,
AllowExternalIdp: policy.AllowExternalIdp,
IDPProviders: idps,
}
}
func LoginPolicyFromModel(policy *iam_model.LoginPolicy) *LoginPolicy {
idps := IDOProvidersFromModel(policy.IDPProviders)
return &LoginPolicy{
ObjectRoot: policy.ObjectRoot,
State: int32(policy.State),
AllowUsernamePassword: policy.AllowUsernamePassword,
AllowRegister: policy.AllowRegister,
AllowExternalIdp: policy.AllowExternalIdp,
IDPProviders: idps,
}
}
func IDPProvidersToModel(members []*IDPProvider) []*iam_model.IDPProvider {
convertedProviders := make([]*iam_model.IDPProvider, len(members))
for i, m := range members {
convertedProviders[i] = IDPProviderToModel(m)
}
return convertedProviders
}
func IDOProvidersFromModel(members []*iam_model.IDPProvider) []*IDPProvider {
convertedProviders := make([]*IDPProvider, len(members))
for i, m := range members {
convertedProviders[i] = IDPProviderFromModel(m)
}
return convertedProviders
}
func IDPProviderToModel(provider *IDPProvider) *iam_model.IDPProvider {
return &iam_model.IDPProvider{
ObjectRoot: provider.ObjectRoot,
Type: iam_model.IDPProviderType(provider.Type),
IdpConfigID: provider.IDPConfigID,
}
}
func IDPProviderFromModel(provider *iam_model.IDPProvider) *IDPProvider {
return &IDPProvider{
ObjectRoot: provider.ObjectRoot,
Type: int32(provider.Type),
IDPConfigID: provider.IdpConfigID,
}
}
func (p *LoginPolicy) Changes(changed *LoginPolicy) map[string]interface{} {
changes := make(map[string]interface{}, 2)
if changed.AllowUsernamePassword != p.AllowUsernamePassword {
changes["allowUsernamePassword"] = changed.AllowUsernamePassword
}
if changed.AllowRegister != p.AllowRegister {
changes["allowRegister"] = changed.AllowRegister
}
if changed.AllowExternalIdp != p.AllowExternalIdp {
changes["allowExternalIdp"] = changed.AllowExternalIdp
}
return changes
}
func (i *IAM) appendAddLoginPolicyEvent(event *es_models.Event) error {
i.DefaultLoginPolicy = new(LoginPolicy)
err := i.DefaultLoginPolicy.SetData(event)
if err != nil {
return err
}
i.DefaultLoginPolicy.ObjectRoot.CreationDate = event.CreationDate
return nil
}
func (i *IAM) appendChangeLoginPolicyEvent(event *es_models.Event) error {
return i.DefaultLoginPolicy.SetData(event)
}
func (iam *IAM) appendAddIDPProviderToLoginPolicyEvent(event *es_models.Event) error {
provider := new(IDPProvider)
err := provider.SetData(event)
if err != nil {
return err
}
provider.ObjectRoot.CreationDate = event.CreationDate
iam.DefaultLoginPolicy.IDPProviders = append(iam.DefaultLoginPolicy.IDPProviders, provider)
return nil
}
func (iam *IAM) appendRemoveIDPProviderFromLoginPolicyEvent(event *es_models.Event) error {
provider := new(IDPProvider)
err := provider.SetData(event)
if err != nil {
return err
}
if i, m := GetIDPProvider(iam.DefaultLoginPolicy.IDPProviders, provider.IDPConfigID); m != nil {
iam.DefaultLoginPolicy.IDPProviders[i] = iam.DefaultLoginPolicy.IDPProviders[len(iam.DefaultLoginPolicy.IDPProviders)-1]
iam.DefaultLoginPolicy.IDPProviders[len(iam.DefaultLoginPolicy.IDPProviders)-1] = nil
iam.DefaultLoginPolicy.IDPProviders = iam.DefaultLoginPolicy.IDPProviders[:len(iam.DefaultLoginPolicy.IDPProviders)-1]
}
return nil
}
func (p *LoginPolicy) SetData(event *es_models.Event) error {
err := json.Unmarshal(event.Data, p)
if err != nil {
return errors.ThrowInternal(err, "EVENT-7JS9d", "unable to unmarshal data")
}
return nil
}
func (p *IDPProvider) SetData(event *es_models.Event) error {
err := json.Unmarshal(event.Data, p)
if err != nil {
return errors.ThrowInternal(err, "EVENT-ldos9", "unable to unmarshal data")
}
return nil
}

253
internal/iam/repository/eventsourcing/model/login_policy_test.go Normal file
View File

@@ -0,0 +1,253 @@
package model
import (
"encoding/json"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/model"
"testing"
)
func TestLoginPolicyChanges(t *testing.T) {
type args struct {
existing *LoginPolicy
new *LoginPolicy
}
type res struct {
changesLen int
}
tests := []struct {
name string
args args
res res
}{
{
name: "loginpolicy all attributes change",
args: args{
existing: &LoginPolicy{AllowUsernamePassword: false, AllowRegister: false, AllowExternalIdp: false},
new: &LoginPolicy{AllowUsernamePassword: true, AllowRegister: true, AllowExternalIdp: true},
},
res: res{
changesLen: 3,
},
},
{
name: "no changes",
args: args{
existing: &LoginPolicy{AllowUsernamePassword: false, AllowRegister: false, AllowExternalIdp: false},
new: &LoginPolicy{AllowUsernamePassword: false, AllowRegister: false, AllowExternalIdp: false},
},
res: res{
changesLen: 0,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
changes := tt.args.existing.Changes(tt.args.new)
if len(changes) != tt.res.changesLen {
t.Errorf("got wrong changes len: expected: %v, actual: %v ", tt.res.changesLen, len(changes))
}
})
}
}
func TestAppendAddLoginPolicyEvent(t *testing.T) {
type args struct {
iam *IAM
policy *LoginPolicy
event *es_models.Event
}
tests := []struct {
name string
args args
result *IAM
}{
{
name: "append add login policy event",
args: args{
iam: new(IAM),
policy: &LoginPolicy{AllowUsernamePassword: true, AllowRegister: true, AllowExternalIdp: true},
event: new(es_models.Event),
},
result: &IAM{DefaultLoginPolicy: &LoginPolicy{AllowUsernamePassword: true, AllowRegister: true, AllowExternalIdp: true}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.policy != nil {
data, _ := json.Marshal(tt.args.policy)
tt.args.event.Data = data
}
tt.args.iam.appendAddLoginPolicyEvent(tt.args.event)
if tt.result.DefaultLoginPolicy.AllowUsernamePassword != tt.args.iam.DefaultLoginPolicy.AllowUsernamePassword {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowUsernamePassword, tt.args.iam.DefaultLoginPolicy.AllowUsernamePassword)
}
if tt.result.DefaultLoginPolicy.AllowRegister != tt.args.iam.DefaultLoginPolicy.AllowRegister {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowRegister, tt.args.iam.DefaultLoginPolicy.AllowRegister)
}
if tt.result.DefaultLoginPolicy.AllowExternalIdp != tt.args.iam.DefaultLoginPolicy.AllowExternalIdp {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowExternalIdp, tt.args.iam.DefaultLoginPolicy.AllowExternalIdp)
}
})
}
}
func TestAppendChangeLoginPolicyEvent(t *testing.T) {
type args struct {
iam *IAM
policy *LoginPolicy
event *es_models.Event
}
tests := []struct {
name string
args args
result *IAM
}{
{
name: "append change login policy event",
args: args{
iam: &IAM{DefaultLoginPolicy: &LoginPolicy{
AllowExternalIdp: false,
AllowRegister: false,
AllowUsernamePassword: false,
}},
policy: &LoginPolicy{AllowUsernamePassword: true, AllowRegister: true, AllowExternalIdp: true},
event: &es_models.Event{},
},
result: &IAM{DefaultLoginPolicy: &LoginPolicy{
AllowExternalIdp: true,
AllowRegister: true,
AllowUsernamePassword: true,
}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.policy != nil {
data, _ := json.Marshal(tt.args.policy)
tt.args.event.Data = data
}
tt.args.iam.appendChangeLoginPolicyEvent(tt.args.event)
if tt.result.DefaultLoginPolicy.AllowUsernamePassword != tt.args.iam.DefaultLoginPolicy.AllowUsernamePassword {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowUsernamePassword, tt.args.iam.DefaultLoginPolicy.AllowUsernamePassword)
}
if tt.result.DefaultLoginPolicy.AllowRegister != tt.args.iam.DefaultLoginPolicy.AllowRegister {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowRegister, tt.args.iam.DefaultLoginPolicy.AllowRegister)
}
if tt.result.DefaultLoginPolicy.AllowExternalIdp != tt.args.iam.DefaultLoginPolicy.AllowExternalIdp {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowExternalIdp, tt.args.iam.DefaultLoginPolicy.AllowExternalIdp)
}
})
}
}
func TestAppendAddIdpToPolicyEvent(t *testing.T) {
type args struct {
iam *IAM
provider *IDPProvider
event *es_models.Event
}
tests := []struct {
name string
args args
result *IAM
}{
{
name: "append add idp to login policy event",
args: args{
iam: &IAM{DefaultLoginPolicy: &LoginPolicy{AllowExternalIdp: true, AllowRegister: true, AllowUsernamePassword: true}},
provider: &IDPProvider{Type: int32(model.IDPProviderTypeSystem), IDPConfigID: "IDPConfigID"},
event: &es_models.Event{},
},
result: &IAM{DefaultLoginPolicy: &LoginPolicy{
AllowExternalIdp: true,
AllowRegister: true,
AllowUsernamePassword: true,
IDPProviders: []*IDPProvider{
{IDPConfigID: "IDPConfigID", Type: int32(model.IDPProviderTypeSystem)},
}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.provider != nil {
data, _ := json.Marshal(tt.args.provider)
tt.args.event.Data = data
}
tt.args.iam.appendAddIDPProviderToLoginPolicyEvent(tt.args.event)
if tt.result.DefaultLoginPolicy.AllowUsernamePassword != tt.args.iam.DefaultLoginPolicy.AllowUsernamePassword {
t.Errorf("got wrong result AllowUsernamePassword: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowUsernamePassword, tt.args.iam.DefaultLoginPolicy.AllowUsernamePassword)
}
if tt.result.DefaultLoginPolicy.AllowRegister != tt.args.iam.DefaultLoginPolicy.AllowRegister {
t.Errorf("got wrong result AllowRegister: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowRegister, tt.args.iam.DefaultLoginPolicy.AllowRegister)
}
if tt.result.DefaultLoginPolicy.AllowExternalIdp != tt.args.iam.DefaultLoginPolicy.AllowExternalIdp {
t.Errorf("got wrong result AllowExternalIDP: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowExternalIdp, tt.args.iam.DefaultLoginPolicy.AllowExternalIdp)
}
if len(tt.result.DefaultLoginPolicy.IDPProviders) != len(tt.args.iam.DefaultLoginPolicy.IDPProviders) {
t.Errorf("got wrong idp provider len: expected: %v, actual: %v ", len(tt.result.DefaultLoginPolicy.IDPProviders), len(tt.args.iam.DefaultLoginPolicy.IDPProviders))
}
if tt.result.DefaultLoginPolicy.IDPProviders[0].Type != tt.args.provider.Type {
t.Errorf("got wrong idp provider type: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.IDPProviders[0].Type, tt.args.provider.Type)
}
if tt.result.DefaultLoginPolicy.IDPProviders[0].IDPConfigID != tt.args.provider.IDPConfigID {
t.Errorf("got wrong idp provider idpconfigid: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.IDPProviders[0].IDPConfigID, tt.args.provider.IDPConfigID)
}
})
}
}
func TestRemoveAddIdpToPolicyEvent(t *testing.T) {
type args struct {
iam *IAM
provider *IDPProvider
event *es_models.Event
}
tests := []struct {
name string
args args
result *IAM
}{
{
name: "append add idp to login policy event",
args: args{
iam: &IAM{
DefaultLoginPolicy: &LoginPolicy{
AllowExternalIdp: true,
AllowRegister: true,
AllowUsernamePassword: true,
IDPProviders: []*IDPProvider{
{IDPConfigID: "IDPConfigID", Type: int32(model.IDPProviderTypeSystem)},
}}},
provider: &IDPProvider{Type: int32(model.IDPProviderTypeSystem), IDPConfigID: "IDPConfigID"},
event: &es_models.Event{},
},
result: &IAM{DefaultLoginPolicy: &LoginPolicy{
AllowExternalIdp: true,
AllowRegister: true,
AllowUsernamePassword: true,
IDPProviders: []*IDPProvider{}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.provider != nil {
data, _ := json.Marshal(tt.args.provider)
tt.args.event.Data = data
}
tt.args.iam.appendRemoveIDPProviderFromLoginPolicyEvent(tt.args.event)
if tt.result.DefaultLoginPolicy.AllowUsernamePassword != tt.args.iam.DefaultLoginPolicy.AllowUsernamePassword {
t.Errorf("got wrong result AllowUsernamePassword: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowUsernamePassword, tt.args.iam.DefaultLoginPolicy.AllowUsernamePassword)
}
if tt.result.DefaultLoginPolicy.AllowRegister != tt.args.iam.DefaultLoginPolicy.AllowRegister {
t.Errorf("got wrong result AllowRegister: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowRegister, tt.args.iam.DefaultLoginPolicy.AllowRegister)
}
if tt.result.DefaultLoginPolicy.AllowExternalIdp != tt.args.iam.DefaultLoginPolicy.AllowExternalIdp {
t.Errorf("got wrong result AllowExternalIDP: expected: %v, actual: %v ", tt.result.DefaultLoginPolicy.AllowExternalIdp, tt.args.iam.DefaultLoginPolicy.AllowExternalIdp)
}
if len(tt.result.DefaultLoginPolicy.IDPProviders) != len(tt.args.iam.DefaultLoginPolicy.IDPProviders) {
t.Errorf("got wrong idp provider len: expected: %v, actual: %v ", len(tt.result.DefaultLoginPolicy.IDPProviders), len(tt.args.iam.DefaultLoginPolicy.IDPProviders))
}
})
}
}

96
internal/iam/repository/eventsourcing/model/oidc_idp_config.go Normal file
View File

@@ -0,0 +1,96 @@
package model
import (
"encoding/json"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/crypto"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/model"
"github.com/lib/pq"
"reflect"
)
type OIDCIDPConfig struct {
es_models.ObjectRoot
IDPConfigID string `json:"idpConfigId"`
ClientID string `json:"clientId"`
ClientSecret *crypto.CryptoValue `json:"clientSecret,omitempty"`
Issuer string `json:"issuer,omitempty"`
Scopes pq.StringArray `json:"scopes,omitempty"`
}
func (c *OIDCIDPConfig) Changes(changed *OIDCIDPConfig) map[string]interface{} {
changes := make(map[string]interface{}, 1)
changes["idpConfigId"] = c.IDPConfigID
if c.ClientID != changed.ClientID {
changes["clientId"] = changed.ClientID
}
if c.ClientSecret != nil {
changes["clientSecret"] = changed.ClientSecret
}
if c.Issuer != changed.Issuer {
changes["issuer"] = changed.Issuer
}
if !reflect.DeepEqual(c.Scopes, changed.Scopes) {
changes["scopes"] = changed.Scopes
}
return changes
}
func OIDCIDPConfigFromModel(config *model.OIDCIDPConfig) *OIDCIDPConfig {
return &OIDCIDPConfig{
ObjectRoot: config.ObjectRoot,
IDPConfigID: config.IDPConfigID,
ClientID: config.ClientID,
ClientSecret: config.ClientSecret,
Issuer: config.Issuer,
Scopes: config.Scopes,
}
}
func OIDCIDPConfigToModel(config *OIDCIDPConfig) *model.OIDCIDPConfig {
return &model.OIDCIDPConfig{
ObjectRoot: config.ObjectRoot,
IDPConfigID: config.IDPConfigID,
ClientID: config.ClientID,
ClientSecret: config.ClientSecret,
Issuer: config.Issuer,
Scopes: config.Scopes,
}
}
func (iam *IAM) appendAddOIDCIDPConfigEvent(event *es_models.Event) error {
config := new(OIDCIDPConfig)
err := config.SetData(event)
if err != nil {
return err
}
config.ObjectRoot.CreationDate = event.CreationDate
if i, idpConfig := GetIDPConfig(iam.IDPs, config.IDPConfigID); idpConfig != nil {
iam.IDPs[i].Type = int32(model.IDPConfigTypeOIDC)
iam.IDPs[i].OIDCIDPConfig = config
}
return nil
}
func (iam *IAM) appendChangeOIDCIDPConfigEvent(event *es_models.Event) error {
config := new(OIDCIDPConfig)
err := config.SetData(event)
if err != nil {
return err
}
if i, idpConfig := GetIDPConfig(iam.IDPs, config.IDPConfigID); idpConfig != nil {
iam.IDPs[i].OIDCIDPConfig.SetData(event)
}
return nil
}
func (o *OIDCIDPConfig) SetData(event *es_models.Event) error {
o.ObjectRoot.AppendEvent(event)
if err := json.Unmarshal(event.Data, o); err != nil {
logging.Log("EVEN-Msh8s").WithError(err).Error("could not unmarshal event data")
return err
}
return nil
}

156
internal/iam/repository/eventsourcing/model/oidc_idp_config_test.go Normal file
View File

@@ -0,0 +1,156 @@
package model
import (
"encoding/json"
"github.com/caos/zitadel/internal/crypto"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"testing"
)
func TestOIDCIdpConfigChanges(t *testing.T) {
type args struct {
existing *OIDCIDPConfig
new *OIDCIDPConfig
}
type res struct {
changesLen int
}
tests := []struct {
name string
args args
res res
}{
{
name: "all possible values change",
args: args{
existing: &OIDCIDPConfig{
IDPConfigID: "IDPConfigID",
ClientID: "ClientID",
ClientSecret: &crypto.CryptoValue{KeyID: "KeyID"},
Issuer: "Issuer",
Scopes: []string{"scope1"},
},
new: &OIDCIDPConfig{
IDPConfigID: "IDPConfigID",
ClientID: "ClientID2",
ClientSecret: &crypto.CryptoValue{KeyID: "KeyID2"},
Issuer: "Issuer2",
Scopes: []string{"scope1", "scope2"},
},
},
res: res{
changesLen: 5,
},
},
{
name: "no changes",
args: args{
existing: &OIDCIDPConfig{
IDPConfigID: "IDPConfigID",
ClientID: "ClientID",
Issuer: "Issuer",
Scopes: []string{"scope1"},
},
new: &OIDCIDPConfig{
IDPConfigID: "IDPConfigID",
ClientID: "ClientID",
Issuer: "Issuer",
Scopes: []string{"scope1"},
},
},
res: res{
changesLen: 1,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
changes := tt.args.existing.Changes(tt.args.new)
if len(changes) != tt.res.changesLen {
t.Errorf("got wrong changes len: expected: %v, actual: %v ", tt.res.changesLen, len(changes))
}
})
}
}
func TestAppendAddOIDCIdpConfigEvent(t *testing.T) {
type args struct {
iam *IAM
config *OIDCIDPConfig
event *es_models.Event
}
tests := []struct {
name string
args args
result *IAM
}{
{
name: "append add oidc idp config event",
args: args{
iam: &IAM{IDPs: []*IDPConfig{&IDPConfig{IDPConfigID: "IDPConfigID"}}},
config: &OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"},
event: &es_models.Event{},
},
result: &IAM{IDPs: []*IDPConfig{&IDPConfig{IDPConfigID: "IDPConfigID", OIDCIDPConfig: &OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"}}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.config != nil {
data, _ := json.Marshal(tt.args.config)
tt.args.event.Data = data
}
tt.args.iam.appendAddOIDCIDPConfigEvent(tt.args.event)
if len(tt.args.iam.IDPs) != 1 {
t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.iam.IDPs))
}
if tt.args.iam.IDPs[0].OIDCIDPConfig == nil {
t.Errorf("got wrong result should have oidc config actual: %v ", tt.args.iam.IDPs[0].OIDCIDPConfig)
}
if tt.args.iam.IDPs[0] == tt.result.IDPs[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.iam.IDPs[0])
}
})
}
}
func TestAppendChangeOIDCIdpConfigEvent(t *testing.T) {
type args struct {
iam *IAM
config *OIDCIDPConfig
event *es_models.Event
}
tests := []struct {
name string
args args
result *IAM
}{
{
name: "append change oidc idp config event",
args: args{
iam: &IAM{IDPs: []*IDPConfig{&IDPConfig{IDPConfigID: "IDPConfigID", OIDCIDPConfig: &OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"}}}},
config: &OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID Changed"},
event: &es_models.Event{},
},
result: &IAM{IDPs: []*IDPConfig{&IDPConfig{IDPConfigID: "IDPConfigID", OIDCIDPConfig: &OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID Changed"}}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.config != nil {
data, _ := json.Marshal(tt.args.config)
tt.args.event.Data = data
}
tt.args.iam.appendChangeOIDCIDPConfigEvent(tt.args.event)
if len(tt.args.iam.IDPs) != 1 {
t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.iam.IDPs))
}
if tt.args.iam.IDPs[0].OIDCIDPConfig == nil {
t.Errorf("got wrong result should have oidc config actual: %v ", tt.args.iam.IDPs[0].OIDCIDPConfig)
}
if tt.args.iam.IDPs[0] == tt.result.IDPs[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.iam.IDPs[0])
}
})
}
}

32
internal/iam/repository/eventsourcing/model/types.go
View File

@@ -3,13 +3,31 @@ package model
import "github.com/caos/zitadel/internal/eventstore/models"
const (
IamAggregate models.AggregateType = "iam"
IAMAggregate models.AggregateType = "iam"
IamSetupStarted models.EventType = "iam.setup.started"
IamSetupDone models.EventType = "iam.setup.done"
IAMSetupStarted models.EventType = "iam.setup.started"
IAMSetupDone models.EventType = "iam.setup.done"
GlobalOrgSet models.EventType = "iam.global.org.set"
IamProjectSet models.EventType = "iam.project.iam.set"
IamMemberAdded models.EventType = "iam.member.added"
IamMemberChanged models.EventType = "iam.member.changed"
IamMemberRemoved models.EventType = "iam.member.removed"
IAMProjectSet models.EventType = "iam.project.iam.set"
IAMMemberAdded models.EventType = "iam.member.added"
IAMMemberChanged models.EventType = "iam.member.changed"
IAMMemberRemoved models.EventType = "iam.member.removed"
IDPConfigAdded models.EventType = "iam.idp.config.added"
IDPConfigChanged models.EventType = "iam.idp.config.changed"
IDPConfigRemoved models.EventType = "iam.idp.config.removed"
IDPConfigDeactivated models.EventType = "iam.idp.config.deactivated"
IDPConfigReactivated models.EventType = "iam.idp.config.reactivated"
OIDCIDPConfigAdded models.EventType = "iam.idp.oidc.config.added"
OIDCIDPConfigChanged models.EventType = "iam.idp.oidc.config.changed"
SAMLIDPConfigAdded models.EventType = "iam.idp.saml.config.added"
SAMLIDPConfigChanged models.EventType = "iam.idp.saml.config.changed"
LoginPolicyAdded models.EventType = "iam.policy.login.added"
LoginPolicyChanged models.EventType = "iam.policy.login.changed"
LoginPolicyIDPProviderAdded models.EventType = "iam.policy.login.idpprovider.added"
LoginPolicyIDPProviderRemoved models.EventType = "iam.policy.login.idpprovider.removed"
LoginPolicyIDPProviderCascadeRemoved models.EventType = "iam.policy.login.idpprovider.cascade.removed"
)

32
internal/iam/repository/view/iam_member_view.go
View File

@@ -9,38 +9,38 @@ import (
"github.com/jinzhu/gorm"
)
func IamMemberByIDs(db *gorm.DB, table, orgID, userID string) (*model.IamMemberView, error) {
member := new(model.IamMemberView)
func IAMMemberByIDs(db *gorm.DB, table, orgID, userID string) (*model.IAMMemberView, error) {
member := new(model.IAMMemberView)
iamIDQuery := &model.IamMemberSearchQuery{Key: iam_model.IamMemberSearchKeyIamID, Value: orgID, Method: global_model.SearchMethodEquals}
userIDQuery := &model.IamMemberSearchQuery{Key: iam_model.IamMemberSearchKeyUserID, Value: userID, Method: global_model.SearchMethodEquals}
iamIDQuery := &model.IAMMemberSearchQuery{Key: iam_model.IAMMemberSearchKeyIamID, Value: orgID, Method: global_model.SearchMethodEquals}
userIDQuery := &model.IAMMemberSearchQuery{Key: iam_model.IAMMemberSearchKeyUserID, Value: userID, Method: global_model.SearchMethodEquals}
query := repository.PrepareGetByQuery(table, iamIDQuery, userIDQuery)
err := query(db, member)
if caos_errs.IsNotFound(err) {
return nil, caos_errs.ThrowNotFound(nil, "VIEW-Ahq2s", "Errors.Iam.MemberNotExisting")
return nil, caos_errs.ThrowNotFound(nil, "VIEW-Ahq2s", "Errors.IAM.MemberNotExisting")
}
return member, err
}
func SearchIamMembers(db *gorm.DB, table string, req *iam_model.IamMemberSearchRequest) ([]*model.IamMemberView, uint64, error) {
members := make([]*model.IamMemberView, 0)
query := repository.PrepareSearchQuery(table, model.IamMemberSearchRequest{Limit: req.Limit, Offset: req.Offset, Queries: req.Queries})
func SearchIAMMembers(db *gorm.DB, table string, req *iam_model.IAMMemberSearchRequest) ([]*model.IAMMemberView, uint64, error) {
members := make([]*model.IAMMemberView, 0)
query := repository.PrepareSearchQuery(table, model.IAMMemberSearchRequest{Limit: req.Limit, Offset: req.Offset, Queries: req.Queries})
count, err := query(db, &members)
if err != nil {
return nil, 0, err
}
return members, count, nil
}
func IamMembersByUserID(db *gorm.DB, table string, userID string) ([]*model.IamMemberView, error) {
members := make([]*model.IamMemberView, 0)
queries := []*iam_model.IamMemberSearchQuery{
func IAMMembersByUserID(db *gorm.DB, table string, userID string) ([]*model.IAMMemberView, error) {
members := make([]*model.IAMMemberView, 0)
queries := []*iam_model.IAMMemberSearchQuery{
{
Key: iam_model.IamMemberSearchKeyUserID,
Key: iam_model.IAMMemberSearchKeyUserID,
Value: userID,
Method: global_model.SearchMethodEquals,
},
}
query := repository.PrepareSearchQuery(table, model.IamMemberSearchRequest{Queries: queries})
query := repository.PrepareSearchQuery(table, model.IAMMemberSearchRequest{Queries: queries})
_, err := query(db, &members)
if err != nil {
return nil, err
@@ -48,13 +48,13 @@ func IamMembersByUserID(db *gorm.DB, table string, userID string) ([]*model.IamM
return members, nil
}
func PutIamMember(db *gorm.DB, table string, role *model.IamMemberView) error {
func PutIAMMember(db *gorm.DB, table string, role *model.IAMMemberView) error {
save := repository.PrepareSave(table)
return save(db, role)
}
func DeleteIamMember(db *gorm.DB, table, orgID, userID string) error {
member, err := IamMemberByIDs(db, table, orgID, userID)
func DeleteIAMMember(db *gorm.DB, table, orgID, userID string) error {
member, err := IAMMemberByIDs(db, table, orgID, userID)
if err != nil {
return err
}

78
internal/iam/repository/view/idp_provider_view.go Normal file
View File

@@ -0,0 +1,78 @@
package view
import (
caos_errs "github.com/caos/zitadel/internal/errors"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_model "github.com/caos/zitadel/internal/model"
"github.com/caos/zitadel/internal/view/repository"
"github.com/jinzhu/gorm"
)
func GetIDPProviderByAggregateIDAndConfigID(db *gorm.DB, table, aggregateID, idpConfigID string) (*model.IDPProviderView, error) {
policy := new(model.IDPProviderView)
aggIDQuery := &model.IDPProviderSearchQuery{Key: iam_model.IDPProviderSearchKeyAggregateID, Value: aggregateID, Method: global_model.SearchMethodEquals}
idpConfigIDQuery := &model.IDPProviderSearchQuery{Key: iam_model.IDPProviderSearchKeyIdpConfigID, Value: idpConfigID, Method: global_model.SearchMethodEquals}
query := repository.PrepareGetByQuery(table, aggIDQuery, idpConfigIDQuery)
err := query(db, policy)
if caos_errs.IsNotFound(err) {
return nil, caos_errs.ThrowNotFound(nil, "VIEW-Skvi8", "Errors.IAM.LoginPolicy.IdpProviderNotExisting")
}
return policy, err
}
func IDPProvidersByIdpConfigID(db *gorm.DB, table string, idpConfigID string) ([]*model.IDPProviderView, error) {
members := make([]*model.IDPProviderView, 0)
queries := []*iam_model.IDPProviderSearchQuery{
{
Key: iam_model.IDPProviderSearchKeyIdpConfigID,
Value: idpConfigID,
Method: global_model.SearchMethodEquals,
},
}
query := repository.PrepareSearchQuery(table, model.IDPProviderSearchRequest{Queries: queries})
_, err := query(db, &members)
if err != nil {
return nil, err
}
return members, nil
}
func SearchIDPProviders(db *gorm.DB, table string, req *iam_model.IDPProviderSearchRequest) ([]*model.IDPProviderView, uint64, error) {
providers := make([]*model.IDPProviderView, 0)
query := repository.PrepareSearchQuery(table, model.IDPProviderSearchRequest{Limit: req.Limit, Offset: req.Offset, Queries: req.Queries})
count, err := query(db, &providers)
if err != nil {
return nil, 0, err
}
return providers, count, nil
}
func PutIDPProvider(db *gorm.DB, table string, provider *model.IDPProviderView) error {
save := repository.PrepareSave(table)
return save(db, provider)
}
func PutIDPProviders(db *gorm.DB, table string, providers ...*model.IDPProviderView) error {
save := repository.PrepareBulkSave(table)
p := make([]interface{}, len(providers))
for i, provider := range providers {
p[i] = provider
}
return save(db, p...)
}
func DeleteIDPProvider(db *gorm.DB, table, aggregateID, idpConfigID string) error {
delete := repository.PrepareDeleteByKeys(table,
repository.Key{Key: model.IDPProviderSearchKey(iam_model.IDPProviderSearchKeyAggregateID), Value: aggregateID},
repository.Key{Key: model.IDPProviderSearchKey(iam_model.IDPProviderSearchKeyIdpConfigID), Value: idpConfigID},
)
return delete(db)
}
func DeleteIDPProvidersByAggregateID(db *gorm.DB, table, aggregateID string) error {
delete := repository.PrepareDeleteByKeys(table,
repository.Key{Key: model.IDPProviderSearchKey(iam_model.IDPProviderSearchKeyAggregateID), Value: aggregateID},
)
return delete(db)
}

42
internal/iam/repository/view/idp_view.go Normal file
View File

@@ -0,0 +1,42 @@
package view
import (
caos_errs "github.com/caos/zitadel/internal/errors"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_model "github.com/caos/zitadel/internal/model"
"github.com/caos/zitadel/internal/view/repository"
"github.com/jinzhu/gorm"
)
func IDPByID(db *gorm.DB, table, idpID string) (*model.IDPConfigView, error) {
idp := new(model.IDPConfigView)
userIDQuery := &model.IDPConfigSearchQuery{Key: iam_model.IDPConfigSearchKeyIdpConfigID, Value: idpID, Method: global_model.SearchMethodEquals}
query := repository.PrepareGetByQuery(table, userIDQuery)
err := query(db, idp)
if caos_errs.IsNotFound(err) {
return nil, caos_errs.ThrowNotFound(nil, "VIEW-Ahq2s", "Errors.IAM.IdpNotExisting")
}
return idp, err
}
func SearchIDPs(db *gorm.DB, table string, req *iam_model.IDPConfigSearchRequest) ([]*model.IDPConfigView, uint64, error) {
idps := make([]*model.IDPConfigView, 0)
query := repository.PrepareSearchQuery(table, model.IDPConfigSearchRequest{Limit: req.Limit, Offset: req.Offset, Queries: req.Queries})
count, err := query(db, &idps)
if err != nil {
return nil, 0, err
}
return idps, count, nil
}
func PutIDP(db *gorm.DB, table string, idp *model.IDPConfigView) error {
save := repository.PrepareSave(table)
return save(db, idp)
}
func DeleteIDP(db *gorm.DB, table, idpID string) error {
delete := repository.PrepareDeleteByKey(table, model.IDPConfigSearchKey(iam_model.IDPConfigSearchKeyIdpConfigID), idpID)
return delete(db)
}

32
internal/iam/repository/view/login_policy_view.go Normal file
View File

@@ -0,0 +1,32 @@
package view
import (
caos_errs "github.com/caos/zitadel/internal/errors"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_model "github.com/caos/zitadel/internal/model"
"github.com/caos/zitadel/internal/view/repository"
"github.com/jinzhu/gorm"
)
func GetLoginPolicyByAggregateID(db *gorm.DB, table, aggregateID string) (*model.LoginPolicyView, error) {
policy := new(model.LoginPolicyView)
userIDQuery := &model.LoginPolicySearchQuery{Key: iam_model.LoginPolicySearchKeyAggregateID, Value: aggregateID, Method: global_model.SearchMethodEquals}
query := repository.PrepareGetByQuery(table, userIDQuery)
err := query(db, policy)
if caos_errs.IsNotFound(err) {
return nil, caos_errs.ThrowNotFound(nil, "VIEW-Lso0cs", "Errors.IAM.LoginPolicy.NotExisting")
}
return policy, err
}
func PutLoginPolicy(db *gorm.DB, table string, policy *model.LoginPolicyView) error {
save := repository.PrepareSave(table)
return save(db, policy)
}
func DeleteLoginPolicy(db *gorm.DB, table, aggregateID string) error {
delete := repository.PrepareDeleteByKey(table, model.LoginPolicySearchKey(iam_model.LoginPolicySearchKeyAggregateID), aggregateID)
return delete(db)
}

46
internal/iam/repository/view/model/iam_member.go
View File

@@ -14,17 +14,17 @@ import (
)
const (
IamMemberKeyUserID = "user_id"
IamMemberKeyIamID = "iam_id"
IamMemberKeyUserName = "user_name"
IamMemberKeyEmail = "email"
IamMemberKeyFirstName = "first_name"
IamMemberKeyLastName = "last_name"
IAMMemberKeyUserID = "user_id"
IAMMemberKeyIamID = "iam_id"
IAMMemberKeyUserName = "user_name"
IAMMemberKeyEmail = "email"
IAMMemberKeyFirstName = "first_name"
IAMMemberKeyLastName = "last_name"
)
type IamMemberView struct {
type IAMMemberView struct {
UserID string `json:"userId" gorm:"column:user_id;primary_key"`
IamID string `json:"-" gorm:"column:iam_id"`
IAMID string `json:"-" gorm:"column:iam_id"`
UserName string `json:"-" gorm:"column:user_name"`
Email string `json:"-" gorm:"column:email_address"`
FirstName string `json:"-" gorm:"column:first_name"`
@@ -37,10 +37,10 @@ type IamMemberView struct {
ChangeDate time.Time `json:"-" gorm:"column:change_date"`
}
func IamMemberViewFromModel(member *model.IamMemberView) *IamMemberView {
return &IamMemberView{
func IAMMemberViewFromModel(member *model.IAMMemberView) *IAMMemberView {
return &IAMMemberView{
UserID: member.UserID,
IamID: member.IamID,
IAMID: member.IAMID,
UserName: member.UserName,
Email: member.Email,
FirstName: member.FirstName,
@@ -53,10 +53,10 @@ func IamMemberViewFromModel(member *model.IamMemberView) *IamMemberView {
}
}
func IamMemberToModel(member *IamMemberView) *model.IamMemberView {
return &model.IamMemberView{
func IAMMemberToModel(member *IAMMemberView) *model.IAMMemberView {
return &model.IAMMemberView{
UserID: member.UserID,
IamID: member.IamID,
IAMID: member.IAMID,
UserName: member.UserName,
Email: member.Email,
FirstName: member.FirstName,
@@ -69,33 +69,33 @@ func IamMemberToModel(member *IamMemberView) *model.IamMemberView {
}
}
func IamMembersToModel(roles []*IamMemberView) []*model.IamMemberView {
result := make([]*model.IamMemberView, len(roles))
func IAMMembersToModel(roles []*IAMMemberView) []*model.IAMMemberView {
result := make([]*model.IAMMemberView, len(roles))
for i, r := range roles {
result[i] = IamMemberToModel(r)
result[i] = IAMMemberToModel(r)
}
return result
}
func (r *IamMemberView) AppendEvent(event *models.Event) (err error) {
func (r *IAMMemberView) AppendEvent(event *models.Event) (err error) {
r.Sequence = event.Sequence
r.ChangeDate = event.CreationDate
switch event.Type {
case es_model.IamMemberAdded:
case es_model.IAMMemberAdded:
r.setRootData(event)
r.CreationDate = event.CreationDate
err = r.SetData(event)
case es_model.IamMemberChanged:
case es_model.IAMMemberChanged:
err = r.SetData(event)
}
return err
}
func (r *IamMemberView) setRootData(event *models.Event) {
r.IamID = event.AggregateID
func (r *IAMMemberView) setRootData(event *models.Event) {
r.IAMID = event.AggregateID
}
func (r *IamMemberView) SetData(event *models.Event) error {
func (r *IAMMemberView) SetData(event *models.Event) error {
if err := json.Unmarshal(event.Data, r); err != nil {
logging.Log("EVEN-Psl89").WithError(err).Error("could not unmarshal event data")
return caos_errs.ThrowInternal(err, "MODEL-lub6s", "Could not unmarshal data")

58
internal/iam/repository/view/model/iam_member_query.go
View File

@@ -6,63 +6,63 @@ import (
"github.com/caos/zitadel/internal/view/repository"
)
type IamMemberSearchRequest iam_model.IamMemberSearchRequest
type IamMemberSearchQuery iam_model.IamMemberSearchQuery
type IamMemberSearchKey iam_model.IamMemberSearchKey
type IAMMemberSearchRequest iam_model.IAMMemberSearchRequest
type IAMMemberSearchQuery iam_model.IAMMemberSearchQuery
type IAMMemberSearchKey iam_model.IAMMemberSearchKey
func (req IamMemberSearchRequest) GetLimit() uint64 {
func (req IAMMemberSearchRequest) GetLimit() uint64 {
return req.Limit
}
func (req IamMemberSearchRequest) GetOffset() uint64 {
func (req IAMMemberSearchRequest) GetOffset() uint64 {
return req.Offset
}
func (req IamMemberSearchRequest) GetSortingColumn() repository.ColumnKey {
if req.SortingColumn == iam_model.IamMemberSearchKeyUnspecified {
func (req IAMMemberSearchRequest) GetSortingColumn() repository.ColumnKey {
if req.SortingColumn == iam_model.IAMMemberSearchKeyUnspecified {
return nil
}
return IamMemberSearchKey(req.SortingColumn)
return IAMMemberSearchKey(req.SortingColumn)
}
func (req IamMemberSearchRequest) GetAsc() bool {
func (req IAMMemberSearchRequest) GetAsc() bool {
return req.Asc
}
func (req IamMemberSearchRequest) GetQueries() []repository.SearchQuery {
func (req IAMMemberSearchRequest) GetQueries() []repository.SearchQuery {
result := make([]repository.SearchQuery, len(req.Queries))
for i, q := range req.Queries {
result[i] = IamMemberSearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
result[i] = IAMMemberSearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
}
return result
}
func (req IamMemberSearchQuery) GetKey() repository.ColumnKey {
return IamMemberSearchKey(req.Key)
func (req IAMMemberSearchQuery) GetKey() repository.ColumnKey {
return IAMMemberSearchKey(req.Key)
}
func (req IamMemberSearchQuery) GetMethod() global_model.SearchMethod {
func (req IAMMemberSearchQuery) GetMethod() global_model.SearchMethod {
return req.Method
}
func (req IamMemberSearchQuery) GetValue() interface{} {
func (req IAMMemberSearchQuery) GetValue() interface{} {
return req.Value
}
func (key IamMemberSearchKey) ToColumnName() string {
switch iam_model.IamMemberSearchKey(key) {
case iam_model.IamMemberSearchKeyEmail:
return IamMemberKeyEmail
case iam_model.IamMemberSearchKeyFirstName:
return IamMemberKeyFirstName
case iam_model.IamMemberSearchKeyLastName:
return IamMemberKeyLastName
case iam_model.IamMemberSearchKeyUserName:
return IamMemberKeyUserName
case iam_model.IamMemberSearchKeyUserID:
return IamMemberKeyUserID
case iam_model.IamMemberSearchKeyIamID:
return IamMemberKeyIamID
func (key IAMMemberSearchKey) ToColumnName() string {
switch iam_model.IAMMemberSearchKey(key) {
case iam_model.IAMMemberSearchKeyEmail:
return IAMMemberKeyEmail
case iam_model.IAMMemberSearchKeyFirstName:
return IAMMemberKeyFirstName
case iam_model.IAMMemberSearchKeyLastName:
return IAMMemberKeyLastName
case iam_model.IAMMemberSearchKeyUserName:
return IAMMemberKeyUserName
case iam_model.IAMMemberSearchKeyUserID:
return IAMMemberKeyUserID
case iam_model.IAMMemberSearchKeyIamID:
return IAMMemberKeyIamID
default:
return ""
}

121
internal/iam/repository/view/model/idp_config.go Normal file
View File

@@ -0,0 +1,121 @@
package model
import (
"encoding/json"
"github.com/caos/zitadel/internal/crypto"
"time"
es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
"github.com/caos/logging"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/model"
"github.com/lib/pq"
)
const (
IDPConfigKeyIdpConfigID = "idp_config_id"
IDPConfigKeyAggregateID = "aggregate_id"
IDPConfigKeyName = "name"
IDPConfigKeyProviderType = "idp_provider_type"
)
type IDPConfigView struct {
IDPConfigID string `json:"idpConfigId" gorm:"column:idp_config_id;primary_key"`
AggregateID string `json:"-" gorm:"column:aggregate_id"`
Name string `json:"name" gorm:"column:name"`
LogoSrc []byte `json:"logoSrc" gorm:"column:logo_src"`
CreationDate time.Time `json:"-" gorm:"column:creation_date"`
ChangeDate time.Time `json:"-" gorm:"column:change_date"`
IDPState int32 `json:"-" gorm:"column:idp_state"`
IDPProviderType int32 `json:"-" gorm:"column:idp_provider_type"`
IsOIDC bool `json:"-" gorm:"column:is_oidc"`
OIDCClientID string `json:"clientId" gorm:"column:oidc_client_id"`
OIDCClientSecret *crypto.CryptoValue `json:"clientSecret" gorm:"column:oidc_client_secret"`
OIDCIssuer string `json:"issuer" gorm:"column:oidc_issuer"`
OIDCScopes pq.StringArray `json:"scopes" gorm:"column:oidc_scopes"`
Sequence uint64 `json:"-" gorm:"column:sequence"`
}
func IDPConfigViewFromModel(idp *model.IDPConfigView) *IDPConfigView {
return &IDPConfigView{
IDPConfigID: idp.IDPConfigID,
AggregateID: idp.AggregateID,
Name: idp.Name,
LogoSrc: idp.LogoSrc,
Sequence: idp.Sequence,
CreationDate: idp.CreationDate,
ChangeDate: idp.ChangeDate,
IDPProviderType: int32(idp.IDPProviderType),
IsOIDC: idp.IsOIDC,
OIDCClientID: idp.OIDCClientID,
OIDCClientSecret: idp.OIDCClientSecret,
OIDCIssuer: idp.OIDCIssuer,
OIDCScopes: idp.OIDCScopes,
}
}
func IdpConfigViewToModel(idp *IDPConfigView) *model.IDPConfigView {
return &model.IDPConfigView{
IDPConfigID: idp.IDPConfigID,
AggregateID: idp.AggregateID,
Name: idp.Name,
LogoSrc: idp.LogoSrc,
Sequence: idp.Sequence,
CreationDate: idp.CreationDate,
ChangeDate: idp.ChangeDate,
IDPProviderType: model.IDPProviderType(idp.IDPProviderType),
IsOIDC: idp.IsOIDC,
OIDCClientID: idp.OIDCClientID,
OIDCClientSecret: idp.OIDCClientSecret,
OIDCIssuer: idp.OIDCIssuer,
OIDCScopes: idp.OIDCScopes,
}
}
func IdpConfigViewsToModel(idps []*IDPConfigView) []*model.IDPConfigView {
result := make([]*model.IDPConfigView, len(idps))
for i, idp := range idps {
result[i] = IdpConfigViewToModel(idp)
}
return result
}
func (i *IDPConfigView) AppendEvent(providerType model.IDPProviderType, event *models.Event) (err error) {
i.Sequence = event.Sequence
i.ChangeDate = event.CreationDate
switch event.Type {
case es_model.IDPConfigAdded, org_es_model.IDPConfigAdded:
i.setRootData(event)
i.CreationDate = event.CreationDate
i.IDPProviderType = int32(providerType)
err = i.SetData(event)
case es_model.OIDCIDPConfigAdded, org_es_model.OIDCIDPConfigAdded:
i.IsOIDC = true
err = i.SetData(event)
case es_model.OIDCIDPConfigChanged, org_es_model.OIDCIDPConfigChanged,
es_model.IDPConfigChanged, org_es_model.IDPConfigChanged:
err = i.SetData(event)
case es_model.IDPConfigDeactivated, org_es_model.IDPConfigDeactivated:
i.IDPState = int32(model.IDPConfigStateInactive)
case es_model.IDPConfigReactivated, org_es_model.IDPConfigReactivated:
i.IDPState = int32(model.IDPConfigStateActive)
}
return err
}
func (r *IDPConfigView) setRootData(event *models.Event) {
r.AggregateID = event.AggregateID
}
func (r *IDPConfigView) SetData(event *models.Event) error {
if err := json.Unmarshal(event.Data, r); err != nil {
logging.Log("EVEN-Smkld").WithError(err).Error("could not unmarshal event data")
return caos_errs.ThrowInternal(err, "MODEL-lub6s", "Could not unmarshal data")
}
return nil
}

65
internal/iam/repository/view/model/idp_config_query.go Normal file
View File

@@ -0,0 +1,65 @@
package model
import (
iam_model "github.com/caos/zitadel/internal/iam/model"
global_model "github.com/caos/zitadel/internal/model"
"github.com/caos/zitadel/internal/view/repository"
)
type IDPConfigSearchRequest iam_model.IDPConfigSearchRequest
type IDPConfigSearchQuery iam_model.IDPConfigSearchQuery
type IDPConfigSearchKey iam_model.IDPConfigSearchKey
func (req IDPConfigSearchRequest) GetLimit() uint64 {
return req.Limit
}
func (req IDPConfigSearchRequest) GetOffset() uint64 {
return req.Offset
}
func (req IDPConfigSearchRequest) GetSortingColumn() repository.ColumnKey {
if req.SortingColumn == iam_model.IDPConfigSearchKeyUnspecified {
return nil
}
return IDPConfigSearchKey(req.SortingColumn)
}
func (req IDPConfigSearchRequest) GetAsc() bool {
return req.Asc
}
func (req IDPConfigSearchRequest) GetQueries() []repository.SearchQuery {
result := make([]repository.SearchQuery, len(req.Queries))
for i, q := range req.Queries {
result[i] = IDPConfigSearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
}
return result
}
func (req IDPConfigSearchQuery) GetKey() repository.ColumnKey {
return IDPConfigSearchKey(req.Key)
}
func (req IDPConfigSearchQuery) GetMethod() global_model.SearchMethod {
return req.Method
}
func (req IDPConfigSearchQuery) GetValue() interface{} {
return req.Value
}
func (key IDPConfigSearchKey) ToColumnName() string {
switch iam_model.IDPConfigSearchKey(key) {
case iam_model.IDPConfigSearchKeyAggregateID:
return IDPConfigKeyAggregateID
case iam_model.IDPConfigSearchKeyIdpConfigID:
return IDPConfigKeyIdpConfigID
case iam_model.IDPConfigSearchKeyName:
return IDPConfigKeyName
case iam_model.IDPConfigSearchKeyIdpProviderType:
return IDPConfigKeyProviderType
default:
return ""
}
}

89
internal/iam/repository/view/model/idp_provider.go Normal file
View File

@@ -0,0 +1,89 @@
package model
import (
"encoding/json"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
"time"
es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/logging"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/model"
)
const (
IDPProviderKeyAggregateID = "aggregate_id"
IDPProviderKeyIdpConfigID = "idp_config_id"
)
type IDPProviderView struct {
AggregateID string `json:"-" gorm:"column:aggregate_id;primary_key"`
IDPConfigID string `json:"idpConfigID" gorm:"column:idp_config_id;primary_key"`
CreationDate time.Time `json:"-" gorm:"column:creation_date"`
ChangeDate time.Time `json:"-" gorm:"column:change_date"`
Name string `json:"-" gorm:"column:name"`
IDPConfigType int32 `json:"-" gorm:"column:idp_config_type"`
IDPProviderType int32 `json:"idpProviderType" gorm:"column:idp_provider_type"`
Sequence uint64 `json:"-" gorm:"column:sequence"`
}
func IDPProviderViewFromModel(policy *model.IDPProviderView) *IDPProviderView {
return &IDPProviderView{
AggregateID: policy.AggregateID,
Sequence: policy.Sequence,
CreationDate: policy.CreationDate,
ChangeDate: policy.ChangeDate,
Name: policy.Name,
IDPConfigType: int32(policy.IDPConfigType),
IDPProviderType: int32(policy.IDPProviderType),
}
}
func IDPProviderViewToModel(policy *IDPProviderView) *model.IDPProviderView {
return &model.IDPProviderView{
AggregateID: policy.AggregateID,
Sequence: policy.Sequence,
CreationDate: policy.CreationDate,
ChangeDate: policy.ChangeDate,
Name: policy.Name,
IDPConfigType: model.IdpConfigType(policy.IDPConfigType),
IDPProviderType: model.IDPProviderType(policy.IDPProviderType),
}
}
func IDPProviderViewsToModel(providers []*IDPProviderView) []*model.IDPProviderView {
result := make([]*model.IDPProviderView, len(providers))
for i, r := range providers {
result[i] = IDPProviderViewToModel(r)
}
return result
}
func (i *IDPProviderView) AppendEvent(event *models.Event) (err error) {
i.Sequence = event.Sequence
i.ChangeDate = event.CreationDate
switch event.Type {
case es_model.LoginPolicyIDPProviderAdded, org_es_model.LoginPolicyIDPProviderAdded:
i.setRootData(event)
i.CreationDate = event.CreationDate
err = i.SetData(event)
}
return err
}
func (r *IDPProviderView) setRootData(event *models.Event) {
r.AggregateID = event.AggregateID
}
func (r *IDPProviderView) SetData(event *models.Event) error {
if err := json.Unmarshal(event.Data, r); err != nil {
logging.Log("EVEN-Lso0d").WithError(err).Error("could not unmarshal event data")
return caos_errs.ThrowInternal(err, "MODEL-Hs8uf", "Could not unmarshal data")
}
return nil
}

61
internal/iam/repository/view/model/idp_provider_query.go Normal file
View File

@@ -0,0 +1,61 @@
package model
import (
iam_model "github.com/caos/zitadel/internal/iam/model"
global_model "github.com/caos/zitadel/internal/model"
"github.com/caos/zitadel/internal/view/repository"
)
type IDPProviderSearchRequest iam_model.IDPProviderSearchRequest
type IDPProviderSearchQuery iam_model.IDPProviderSearchQuery
type IDPProviderSearchKey iam_model.IDPProviderSearchKey
func (req IDPProviderSearchRequest) GetLimit() uint64 {
return req.Limit
}
func (req IDPProviderSearchRequest) GetOffset() uint64 {
return req.Offset
}
func (req IDPProviderSearchRequest) GetSortingColumn() repository.ColumnKey {
if req.SortingColumn == iam_model.IDPProviderSearchKeyUnspecified {
return nil
}
return IDPProviderSearchKey(req.SortingColumn)
}
func (req IDPProviderSearchRequest) GetAsc() bool {
return req.Asc
}
func (req IDPProviderSearchRequest) GetQueries() []repository.SearchQuery {
result := make([]repository.SearchQuery, len(req.Queries))
for i, q := range req.Queries {
result[i] = IDPProviderSearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
}
return result
}
func (req IDPProviderSearchQuery) GetKey() repository.ColumnKey {
return IDPProviderSearchKey(req.Key)
}
func (req IDPProviderSearchQuery) GetMethod() global_model.SearchMethod {
return req.Method
}
func (req IDPProviderSearchQuery) GetValue() interface{} {
return req.Value
}
func (key IDPProviderSearchKey) ToColumnName() string {
switch iam_model.IDPProviderSearchKey(key) {
case iam_model.IDPProviderSearchKeyAggregateID:
return IDPProviderKeyAggregateID
case iam_model.IDPProviderSearchKeyIdpConfigID:
return IDPProviderKeyIdpConfigID
default:
return ""
}
}

84
internal/iam/repository/view/model/login_policy.go Normal file
View File

@@ -0,0 +1,84 @@
package model
import (
"encoding/json"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
"time"
es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/logging"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/model"
)
const (
LoginPolicyKeyAggregateID = "aggregate_id"
)
type LoginPolicyView struct {
AggregateID string `json:"-" gorm:"column:aggregate_id;primary_key"`
CreationDate time.Time `json:"-" gorm:"column:creation_date"`
ChangeDate time.Time `json:"-" gorm:"column:change_date"`
State int32 `json:"-" gorm:"column:login_policy_state"`
AllowRegister bool `json:"allowRegister" gorm:"column:allow_register"`
AllowUsernamePassword bool `json:"allowUsernamePassword" gorm:"column:allow_username_password"`
AllowExternalIDP bool `json:"allowExternalIdp" gorm:"column:allow_external_idp"`
Default bool `json:"-" gorm:"-"`
Sequence uint64 `json:"-" gorm:"column:sequence"`
}
func LoginPolicyViewFromModel(policy *model.LoginPolicyView) *LoginPolicyView {
return &LoginPolicyView{
AggregateID: policy.AggregateID,
Sequence: policy.Sequence,
CreationDate: policy.CreationDate,
ChangeDate: policy.ChangeDate,
AllowRegister: policy.AllowRegister,
AllowExternalIDP: policy.AllowExternalIDP,
AllowUsernamePassword: policy.AllowUsernamePassword,
Default: policy.Default,
}
}
func LoginPolicyViewToModel(policy *LoginPolicyView) *model.LoginPolicyView {
return &model.LoginPolicyView{
AggregateID: policy.AggregateID,
Sequence: policy.Sequence,
CreationDate: policy.CreationDate,
ChangeDate: policy.ChangeDate,
AllowRegister: policy.AllowRegister,
AllowExternalIDP: policy.AllowExternalIDP,
AllowUsernamePassword: policy.AllowUsernamePassword,
Default: policy.Default,
}
}
func (i *LoginPolicyView) AppendEvent(event *models.Event) (err error) {
i.Sequence = event.Sequence
i.ChangeDate = event.CreationDate
switch event.Type {
case es_model.LoginPolicyAdded, org_es_model.LoginPolicyAdded:
i.setRootData(event)
i.CreationDate = event.CreationDate
err = i.SetData(event)
case es_model.LoginPolicyChanged, org_es_model.LoginPolicyChanged:
err = i.SetData(event)
}
return err
}
func (r *LoginPolicyView) setRootData(event *models.Event) {
r.AggregateID = event.AggregateID
}
func (r *LoginPolicyView) SetData(event *models.Event) error {
if err := json.Unmarshal(event.Data, r); err != nil {
logging.Log("EVEN-Kn7ds").WithError(err).Error("could not unmarshal event data")
return caos_errs.ThrowInternal(err, "MODEL-Hs8uf", "Could not unmarshal data")
}
return nil
}

59
internal/iam/repository/view/model/login_policy_query.go Normal file
View File

@@ -0,0 +1,59 @@
package model
import (
iam_model "github.com/caos/zitadel/internal/iam/model"
global_model "github.com/caos/zitadel/internal/model"
"github.com/caos/zitadel/internal/view/repository"
)
type LoginPolicySearchRequest iam_model.LoginPolicySearchRequest
type LoginPolicySearchQuery iam_model.LoginPolicySearchQuery
type LoginPolicySearchKey iam_model.LoginPolicySearchKey
func (req LoginPolicySearchRequest) GetLimit() uint64 {
return req.Limit
}
func (req LoginPolicySearchRequest) GetOffset() uint64 {
return req.Offset
}
func (req LoginPolicySearchRequest) GetSortingColumn() repository.ColumnKey {
if req.SortingColumn == iam_model.LoginPolicySearchKeyUnspecified {
return nil
}
return LoginPolicySearchKey(req.SortingColumn)
}
func (req LoginPolicySearchRequest) GetAsc() bool {
return req.Asc
}
func (req LoginPolicySearchRequest) GetQueries() []repository.SearchQuery {
result := make([]repository.SearchQuery, len(req.Queries))
for i, q := range req.Queries {
result[i] = LoginPolicySearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
}
return result
}
func (req LoginPolicySearchQuery) GetKey() repository.ColumnKey {
return LoginPolicySearchKey(req.Key)
}
func (req LoginPolicySearchQuery) GetMethod() global_model.SearchMethod {
return req.Method
}
func (req LoginPolicySearchQuery) GetValue() interface{} {
return req.Value
}
func (key LoginPolicySearchKey) ToColumnName() string {
switch iam_model.LoginPolicySearchKey(key) {
case iam_model.LoginPolicySearchKeyAggregateID:
return LoginPolicyKeyAggregateID
default:
return ""
}
}