mirror of
https://github.com/zitadel/zitadel.git
synced 2025-10-19 07:33:54 +00:00
feat: idp and login policy configurations (#619)
* feat: oidc config * fix: oidc configurations * feat: oidc idp config * feat: add oidc config test * fix: tests * fix: tests * feat: translate new events * feat: idp eventstore * feat: idp eventstore * fix: tests * feat: command side idp * feat: query side idp * feat: idp config on org * fix: tests * feat: authz idp on org * feat: org idps * feat: login policy * feat: login policy * feat: login policy * feat: add idp func on login policy * feat: add validation to loginpolicy and idp provider * feat: add default login policy * feat: login policy on org * feat: login policy on org * fix: id config handlers * fix: id config handlers * fix: create idp on org * fix: create idp on org * fix: not existing idp config * fix: default login policy * fix: add login policy on org * fix: idp provider search on org * fix: test * fix: remove idp on org * fix: test * fix: test * fix: remove admin idp * fix: logo src as byte * fix: migration * fix: tests * Update internal/iam/repository/eventsourcing/iam.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/iam_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/iam_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/org/repository/eventsourcing/org_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix: pr comments * fix: tests * Update types.go * fix: merge request changes * fix: reduce optimization Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com>
This commit is contained in:
Fabi
@@ -6,10 +6,10 @@ import (
|
||||
"github.com/caos/zitadel/internal/iam/repository/eventsourcing"
|
||||
)
|
||||
|
||||
type IamRepository struct {
|
||||
IamEvents *eventsourcing.IamEventstore
|
||||
type IAMRepository struct {
|
||||
IAMEvents *eventsourcing.IAMEventstore
|
||||
}
|
||||
|
||||
func (repo *IamRepository) IamByID(ctx context.Context, id string) (*iam_model.Iam, error) {
|
||||
return repo.IamEvents.IamByID(ctx, id)
|
||||
func (repo *IAMRepository) IAMByID(ctx context.Context, id string) (*iam_model.IAM, error) {
|
||||
return repo.IAMEvents.IAMByID(ctx, id)
|
||||
}
|
||||
|
||||
@@ -3,6 +3,11 @@ package eventstore
|
||||
import (
|
||||
"context"
|
||||
"github.com/caos/logging"
|
||||
"github.com/caos/zitadel/internal/config/systemdefaults"
|
||||
"github.com/caos/zitadel/internal/eventstore/models"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
iam_es_model "github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
iam_view_model "github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
"strings"
|
||||
|
||||
"github.com/caos/zitadel/internal/api/authz"
|
||||
@@ -25,9 +30,10 @@ const (
|
||||
type OrgRepository struct {
|
||||
SearchLimit uint64
|
||||
*org_es.OrgEventstore
|
||||
UserEvents *usr_es.UserEventstore
|
||||
View *mgmt_view.View
|
||||
Roles []string
|
||||
UserEvents *usr_es.UserEventstore
|
||||
View *mgmt_view.View
|
||||
Roles []string
|
||||
SystemDefaults systemdefaults.SystemDefaults
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) OrgByID(ctx context.Context, id string) (*org_model.OrgView, error) {
|
||||
@@ -79,15 +85,15 @@ func (repo *OrgRepository) ReactivateOrg(ctx context.Context, id string) (*org_m
|
||||
return repo.OrgEventstore.ReactivateOrg(ctx, id)
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) GetMyOrgIamPolicy(ctx context.Context) (*org_model.OrgIamPolicy, error) {
|
||||
return repo.OrgEventstore.GetOrgIamPolicy(ctx, authz.GetCtxData(ctx).OrgID)
|
||||
func (repo *OrgRepository) GetMyOrgIamPolicy(ctx context.Context) (*org_model.OrgIAMPolicy, error) {
|
||||
return repo.OrgEventstore.GetOrgIAMPolicy(ctx, authz.GetCtxData(ctx).OrgID)
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) SearchMyOrgDomains(ctx context.Context, request *org_model.OrgDomainSearchRequest) (*org_model.OrgDomainSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
request.Queries = append(request.Queries, &org_model.OrgDomainSearchQuery{Key: org_model.OrgDomainSearchKeyOrgID, Method: global_model.SearchMethodEquals, Value: authz.GetCtxData(ctx).OrgID})
|
||||
sequence, err := repo.View.GetLatestOrgDomainSequence()
|
||||
logging.Log("EVENT-SLowp").OnError(err).Warn("could not read latest org domain sequence")
|
||||
sequence, sequenceErr := repo.View.GetLatestOrgDomainSequence()
|
||||
logging.Log("EVENT-SLowp").OnError(sequenceErr).Warn("could not read latest org domain sequence")
|
||||
domains, count, err := repo.View.SearchOrgDomains(request)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -98,7 +104,7 @@ func (repo *OrgRepository) SearchMyOrgDomains(ctx context.Context, request *org_
|
||||
TotalResult: uint64(count),
|
||||
Result: model.OrgDomainsToModel(domains),
|
||||
}
|
||||
if err == nil {
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
@@ -178,8 +184,8 @@ func (repo *OrgRepository) RemoveMyOrgMember(ctx context.Context, userID string)
|
||||
func (repo *OrgRepository) SearchMyOrgMembers(ctx context.Context, request *org_model.OrgMemberSearchRequest) (*org_model.OrgMemberSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
request.Queries[len(request.Queries)-1] = &org_model.OrgMemberSearchQuery{Key: org_model.OrgMemberSearchKeyOrgID, Method: global_model.SearchMethodEquals, Value: authz.GetCtxData(ctx).OrgID}
|
||||
sequence, err := repo.View.GetLatestOrgMemberSequence()
|
||||
logging.Log("EVENT-Smu3d").OnError(err).Warn("could not read latest org member sequence")
|
||||
sequence, sequenceErr := repo.View.GetLatestOrgMemberSequence()
|
||||
logging.Log("EVENT-Smu3d").OnError(sequenceErr).Warn("could not read latest org member sequence")
|
||||
members, count, err := repo.View.SearchOrgMembers(request)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -187,10 +193,10 @@ func (repo *OrgRepository) SearchMyOrgMembers(ctx context.Context, request *org_
|
||||
result := &org_model.OrgMemberSearchResponse{
|
||||
Offset: request.Offset,
|
||||
Limit: request.Limit,
|
||||
TotalResult: uint64(count),
|
||||
TotalResult: count,
|
||||
Result: model.OrgMembersToModel(members),
|
||||
}
|
||||
if err == nil {
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
@@ -206,3 +212,132 @@ func (repo *OrgRepository) GetOrgMemberRoles() []string {
|
||||
}
|
||||
return roles
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) IDPConfigByID(ctx context.Context, idpConfigID string) (*iam_model.IDPConfigView, error) {
|
||||
idp, err := repo.View.IDPConfigByID(idpConfigID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return iam_view_model.IdpConfigViewToModel(idp), nil
|
||||
}
|
||||
func (repo *OrgRepository) AddOIDCIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error) {
|
||||
idp.AggregateID = authz.GetCtxData(ctx).OrgID
|
||||
return repo.OrgEventstore.AddIDPConfig(ctx, idp)
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) ChangeIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error) {
|
||||
idp.AggregateID = authz.GetCtxData(ctx).OrgID
|
||||
return repo.OrgEventstore.ChangeIDPConfig(ctx, idp)
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) DeactivateIDPConfig(ctx context.Context, idpConfigID string) (*iam_model.IDPConfig, error) {
|
||||
return repo.OrgEventstore.DeactivateIDPConfig(ctx, authz.GetCtxData(ctx).OrgID, idpConfigID)
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) ReactivateIDPConfig(ctx context.Context, idpConfigID string) (*iam_model.IDPConfig, error) {
|
||||
return repo.OrgEventstore.ReactivateIDPConfig(ctx, authz.GetCtxData(ctx).OrgID, idpConfigID)
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) RemoveIDPConfig(ctx context.Context, idpConfigID string) error {
|
||||
idp := iam_model.NewIDPConfig(authz.GetCtxData(ctx).OrgID, idpConfigID)
|
||||
return repo.OrgEventstore.RemoveIDPConfig(ctx, idp)
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) ChangeOIDCIDPConfig(ctx context.Context, oidcConfig *iam_model.OIDCIDPConfig) (*iam_model.OIDCIDPConfig, error) {
|
||||
oidcConfig.AggregateID = authz.GetCtxData(ctx).OrgID
|
||||
return repo.OrgEventstore.ChangeIDPOIDCConfig(ctx, oidcConfig)
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) SearchIDPConfigs(ctx context.Context, request *iam_model.IDPConfigSearchRequest) (*iam_model.IDPConfigSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
request.AppendMyOrgQuery(authz.GetCtxData(ctx).OrgID, repo.SystemDefaults.IamID)
|
||||
|
||||
sequence, sequenceErr := repo.View.GetLatestIDPConfigSequence()
|
||||
logging.Log("EVENT-Dk8si").OnError(sequenceErr).Warn("could not read latest idp config sequence")
|
||||
idps, count, err := repo.View.SearchIDPConfigs(request)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
result := &iam_model.IDPConfigSearchResponse{
|
||||
Offset: request.Offset,
|
||||
Limit: request.Limit,
|
||||
TotalResult: count,
|
||||
Result: iam_view_model.IdpConfigViewsToModel(idps),
|
||||
}
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
return result, nil
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) GetLoginPolicy(ctx context.Context) (*iam_model.LoginPolicyView, error) {
|
||||
policy, err := repo.View.LoginPolicyByAggregateID(authz.GetCtxData(ctx).OrgID)
|
||||
if errors.IsNotFound(err) {
|
||||
policy, err = repo.View.LoginPolicyByAggregateID(repo.SystemDefaults.IamID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
policy.Default = true
|
||||
}
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return iam_es_model.LoginPolicyViewToModel(policy), err
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) AddLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) {
|
||||
policy.AggregateID = authz.GetCtxData(ctx).OrgID
|
||||
return repo.OrgEventstore.AddLoginPolicy(ctx, policy)
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) ChangeLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) {
|
||||
policy.AggregateID = authz.GetCtxData(ctx).OrgID
|
||||
return repo.OrgEventstore.ChangeLoginPolicy(ctx, policy)
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) RemoveLoginPolicy(ctx context.Context) error {
|
||||
policy := &iam_model.LoginPolicy{ObjectRoot: models.ObjectRoot{
|
||||
AggregateID: authz.GetCtxData(ctx).OrgID,
|
||||
}}
|
||||
return repo.OrgEventstore.RemoveLoginPolicy(ctx, policy)
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) SearchIDPProviders(ctx context.Context, request *iam_model.IDPProviderSearchRequest) (*iam_model.IDPProviderSearchResponse, error) {
|
||||
_, err := repo.View.LoginPolicyByAggregateID(authz.GetCtxData(ctx).OrgID)
|
||||
if err != nil {
|
||||
if errors.IsNotFound(err) {
|
||||
request.AppendAggregateIDQuery(repo.SystemDefaults.IamID)
|
||||
}
|
||||
} else {
|
||||
request.AppendAggregateIDQuery(authz.GetCtxData(ctx).OrgID)
|
||||
}
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
sequence, sequenceErr := repo.View.GetLatestIdpProviderSequence()
|
||||
logging.Log("EVENT-Tuiks").OnError(sequenceErr).Warn("could not read latest iam sequence")
|
||||
providers, count, err := repo.View.SearchIdpProviders(request)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
result := &iam_model.IDPProviderSearchResponse{
|
||||
Offset: request.Offset,
|
||||
Limit: request.Limit,
|
||||
TotalResult: count,
|
||||
Result: iam_es_model.IDPProviderViewsToModel(providers),
|
||||
}
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
return result, nil
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) AddIDPProviderToLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) (*iam_model.IDPProvider, error) {
|
||||
provider.AggregateID = authz.GetCtxData(ctx).OrgID
|
||||
return repo.OrgEventstore.AddIDPProviderToLoginPolicy(ctx, provider)
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) RemoveIDPProviderFromIdpProvider(ctx context.Context, provider *iam_model.IDPProvider) error {
|
||||
provider.AggregateID = authz.GetCtxData(ctx).OrgID
|
||||
return repo.OrgEventstore.RemoveIDPProviderFromLoginPolicy(ctx, provider)
|
||||
}
|
||||
|
||||
@@ -109,8 +109,8 @@ func (repo *ProjectRepo) RemoveProject(ctx context.Context, projectID string) er
|
||||
|
||||
func (repo *ProjectRepo) SearchProjects(ctx context.Context, request *proj_model.ProjectViewSearchRequest) (*proj_model.ProjectViewSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
sequence, err := repo.View.GetLatestProjectSequence()
|
||||
logging.Log("EVENT-Edc56").OnError(err).Warn("could not read latest project sequence")
|
||||
sequence, sequenceErr := repo.View.GetLatestProjectSequence()
|
||||
logging.Log("EVENT-Edc56").OnError(sequenceErr).Warn("could not read latest project sequence")
|
||||
|
||||
permissions := authz.GetRequestPermissionsFromCtx(ctx)
|
||||
if !authz.HasGlobalPermission(permissions) {
|
||||
@@ -130,7 +130,7 @@ func (repo *ProjectRepo) SearchProjects(ctx context.Context, request *proj_model
|
||||
TotalResult: uint64(0),
|
||||
Result: []*proj_model.ProjectView{},
|
||||
}
|
||||
if err == nil {
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
@@ -151,7 +151,7 @@ func (repo *ProjectRepo) SearchProjects(ctx context.Context, request *proj_model
|
||||
TotalResult: uint64(count),
|
||||
Result: model.ProjectsToModel(projects),
|
||||
}
|
||||
if err == nil {
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
@@ -189,8 +189,8 @@ func (repo *ProjectRepo) RemoveProjectMember(ctx context.Context, projectID, use
|
||||
|
||||
func (repo *ProjectRepo) SearchProjectMembers(ctx context.Context, request *proj_model.ProjectMemberSearchRequest) (*proj_model.ProjectMemberSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
sequence, err := repo.View.GetLatestProjectMemberSequence()
|
||||
logging.Log("EVENT-3dgt6").OnError(err).Warn("could not read latest project member sequence")
|
||||
sequence, sequenceErr := repo.View.GetLatestProjectMemberSequence()
|
||||
logging.Log("EVENT-3dgt6").OnError(sequenceErr).Warn("could not read latest project member sequence")
|
||||
members, count, err := repo.View.SearchProjectMembers(request)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -201,7 +201,7 @@ func (repo *ProjectRepo) SearchProjectMembers(ctx context.Context, request *proj
|
||||
TotalResult: uint64(count),
|
||||
Result: model.ProjectMembersToModel(members),
|
||||
}
|
||||
if err == nil {
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
@@ -261,8 +261,8 @@ func (repo *ProjectRepo) RemoveProjectRole(ctx context.Context, projectID, key s
|
||||
func (repo *ProjectRepo) SearchProjectRoles(ctx context.Context, projectID string, request *proj_model.ProjectRoleSearchRequest) (*proj_model.ProjectRoleSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
request.AppendProjectQuery(projectID)
|
||||
sequence, err := repo.View.GetLatestProjectRoleSequence()
|
||||
logging.Log("LSp0d-47suf").OnError(err).Warn("could not read latest project role sequence")
|
||||
sequence, sequenceErr := repo.View.GetLatestProjectRoleSequence()
|
||||
logging.Log("LSp0d-47suf").OnError(sequenceErr).Warn("could not read latest project role sequence")
|
||||
roles, count, err := repo.View.SearchProjectRoles(request)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -271,10 +271,10 @@ func (repo *ProjectRepo) SearchProjectRoles(ctx context.Context, projectID strin
|
||||
result := &proj_model.ProjectRoleSearchResponse{
|
||||
Offset: request.Offset,
|
||||
Limit: request.Limit,
|
||||
TotalResult: uint64(count),
|
||||
TotalResult: count,
|
||||
Result: model.ProjectRolesToModel(roles),
|
||||
}
|
||||
if err == nil {
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
@@ -352,8 +352,8 @@ func (repo *ProjectRepo) RemoveApplication(ctx context.Context, projectID, appID
|
||||
|
||||
func (repo *ProjectRepo) SearchApplications(ctx context.Context, request *proj_model.ApplicationSearchRequest) (*proj_model.ApplicationSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
sequence, err := repo.View.GetLatestApplicationSequence()
|
||||
logging.Log("EVENT-SKe8s").OnError(err).Warn("could not read latest application sequence")
|
||||
sequence, sequenceErr := repo.View.GetLatestApplicationSequence()
|
||||
logging.Log("EVENT-SKe8s").OnError(sequenceErr).Warn("could not read latest application sequence")
|
||||
apps, count, err := repo.View.SearchApplications(request)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -361,10 +361,10 @@ func (repo *ProjectRepo) SearchApplications(ctx context.Context, request *proj_m
|
||||
result := &proj_model.ApplicationSearchResponse{
|
||||
Offset: request.Offset,
|
||||
Limit: request.Limit,
|
||||
TotalResult: uint64(count),
|
||||
TotalResult: count,
|
||||
Result: model.ApplicationViewsToModel(apps),
|
||||
}
|
||||
if err == nil {
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
@@ -404,8 +404,8 @@ func (repo *ProjectRepo) ProjectGrantByID(ctx context.Context, grantID string) (
|
||||
|
||||
func (repo *ProjectRepo) SearchProjectGrants(ctx context.Context, request *proj_model.ProjectGrantViewSearchRequest) (*proj_model.ProjectGrantViewSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
sequence, err := repo.View.GetLatestProjectGrantSequence()
|
||||
logging.Log("EVENT-Skw9f").OnError(err).Warn("could not read latest project grant sequence")
|
||||
sequence, sequenceErr := repo.View.GetLatestProjectGrantSequence()
|
||||
logging.Log("EVENT-Skw9f").OnError(sequenceErr).Warn("could not read latest project grant sequence")
|
||||
projects, count, err := repo.View.SearchProjectGrants(request)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -413,10 +413,10 @@ func (repo *ProjectRepo) SearchProjectGrants(ctx context.Context, request *proj_
|
||||
result := &proj_model.ProjectGrantViewSearchResponse{
|
||||
Offset: request.Offset,
|
||||
Limit: request.Limit,
|
||||
TotalResult: uint64(count),
|
||||
TotalResult: count,
|
||||
Result: model.ProjectGrantsToModel(projects),
|
||||
}
|
||||
if err == nil {
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
@@ -425,8 +425,8 @@ func (repo *ProjectRepo) SearchProjectGrants(ctx context.Context, request *proj_
|
||||
|
||||
func (repo *ProjectRepo) SearchGrantedProjects(ctx context.Context, request *proj_model.ProjectGrantViewSearchRequest) (*proj_model.ProjectGrantViewSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
sequence, err := repo.View.GetLatestProjectGrantSequence()
|
||||
logging.Log("EVENT-Skw9f").OnError(err).Warn("could not read latest project grant sequence")
|
||||
sequence, sequenceErr := repo.View.GetLatestProjectGrantSequence()
|
||||
logging.Log("EVENT-Skw9f").OnError(sequenceErr).Warn("could not read latest project grant sequence")
|
||||
|
||||
permissions := authz.GetRequestPermissionsFromCtx(ctx)
|
||||
if !authz.HasGlobalPermission(permissions) {
|
||||
@@ -446,7 +446,7 @@ func (repo *ProjectRepo) SearchGrantedProjects(ctx context.Context, request *pro
|
||||
TotalResult: uint64(0),
|
||||
Result: []*proj_model.ProjectGrantView{},
|
||||
}
|
||||
if err == nil {
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
@@ -464,10 +464,10 @@ func (repo *ProjectRepo) SearchGrantedProjects(ctx context.Context, request *pro
|
||||
result := &proj_model.ProjectGrantViewSearchResponse{
|
||||
Offset: request.Offset,
|
||||
Limit: request.Limit,
|
||||
TotalResult: uint64(count),
|
||||
TotalResult: count,
|
||||
Result: model.ProjectGrantsToModel(projects),
|
||||
}
|
||||
if err == nil {
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
@@ -593,8 +593,8 @@ func (repo *ProjectRepo) RemoveProjectGrantMember(ctx context.Context, projectID
|
||||
|
||||
func (repo *ProjectRepo) SearchProjectGrantMembers(ctx context.Context, request *proj_model.ProjectGrantMemberSearchRequest) (*proj_model.ProjectGrantMemberSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
sequence, err := repo.View.GetLatestProjectGrantMemberSequence()
|
||||
logging.Log("EVENT-Du8sk").OnError(err).Warn("could not read latest project grant sequence")
|
||||
sequence, sequenceErr := repo.View.GetLatestProjectGrantMemberSequence()
|
||||
logging.Log("EVENT-Du8sk").OnError(sequenceErr).Warn("could not read latest project grant sequence")
|
||||
members, count, err := repo.View.SearchProjectGrantMembers(request)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -605,7 +605,7 @@ func (repo *ProjectRepo) SearchProjectGrantMembers(ctx context.Context, request
|
||||
TotalResult: uint64(count),
|
||||
Result: model.ProjectGrantMembersToModel(members),
|
||||
}
|
||||
if err == nil {
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
|
||||
@@ -57,7 +57,7 @@ func (repo *UserRepo) CreateUser(ctx context.Context, user *usr_model.User) (*us
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
orgPolicy, err := repo.OrgEvents.GetOrgIamPolicy(ctx, authz.GetCtxData(ctx).OrgID)
|
||||
orgPolicy, err := repo.OrgEvents.GetOrgIAMPolicy(ctx, authz.GetCtxData(ctx).OrgID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -73,7 +73,7 @@ func (repo *UserRepo) RegisterUser(ctx context.Context, user *usr_model.User, re
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
orgPolicy, err := repo.OrgEvents.GetOrgIamPolicy(ctx, authz.GetCtxData(ctx).OrgID)
|
||||
orgPolicy, err := repo.OrgEvents.GetOrgIAMPolicy(ctx, authz.GetCtxData(ctx).OrgID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -98,8 +98,8 @@ func (repo *UserRepo) UnlockUser(ctx context.Context, id string) (*usr_model.Use
|
||||
|
||||
func (repo *UserRepo) SearchUsers(ctx context.Context, request *usr_model.UserSearchRequest) (*usr_model.UserSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
sequence, err := repo.View.GetLatestUserSequence()
|
||||
logging.Log("EVENT-Lcn7d").OnError(err).Warn("could not read latest user sequence")
|
||||
sequence, sequenceErr := repo.View.GetLatestUserSequence()
|
||||
logging.Log("EVENT-Lcn7d").OnError(sequenceErr).Warn("could not read latest user sequence")
|
||||
users, count, err := repo.View.SearchUsers(request)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -110,7 +110,7 @@ func (repo *UserRepo) SearchUsers(ctx context.Context, request *usr_model.UserSe
|
||||
TotalResult: uint64(count),
|
||||
Result: model.UsersToModel(users),
|
||||
}
|
||||
if err == nil {
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
@@ -222,9 +222,8 @@ func (repo *UserRepo) ChangeAddress(ctx context.Context, address *usr_model.Addr
|
||||
|
||||
func (repo *UserRepo) SearchUserMemberships(ctx context.Context, request *usr_model.UserMembershipSearchRequest) (*usr_model.UserMembershipSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
request.AppendResourceOwnerAndIamQuery(authz.GetCtxData(ctx).OrgID, repo.SystemDefaults.IamID)
|
||||
sequence, err := repo.View.GetLatestUserMembershipSequence()
|
||||
logging.Log("EVENT-Dn7sf").OnError(err).Warn("could not read latest user sequence")
|
||||
sequence, sequenceErr := repo.View.GetLatestUserMembershipSequence()
|
||||
logging.Log("EVENT-Dn7sf").OnError(sequenceErr).Warn("could not read latest user sequence")
|
||||
|
||||
result := handleSearchUserMembershipsPermissions(ctx, request, sequence)
|
||||
if result != nil {
|
||||
@@ -241,7 +240,7 @@ func (repo *UserRepo) SearchUserMemberships(ctx context.Context, request *usr_mo
|
||||
TotalResult: count,
|
||||
Result: model.UserMembershipsToModel(memberships),
|
||||
}
|
||||
if err == nil {
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
|
||||
@@ -115,8 +115,8 @@ func (repo *UserGrantRepo) BulkRemoveUserGrant(ctx context.Context, grantIDs ...
|
||||
|
||||
func (repo *UserGrantRepo) SearchUserGrants(ctx context.Context, request *grant_model.UserGrantSearchRequest) (*grant_model.UserGrantSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
sequence, err := repo.View.GetLatestUserGrantSequence()
|
||||
logging.Log("EVENT-5Viwf").OnError(err).Warn("could not read latest user grant sequence")
|
||||
sequence, sequenceErr := repo.View.GetLatestUserGrantSequence()
|
||||
logging.Log("EVENT-5Viwf").OnError(sequenceErr).Warn("could not read latest user grant sequence")
|
||||
|
||||
result := handleSearchUserGrantPermissions(ctx, request, sequence)
|
||||
if result != nil {
|
||||
@@ -134,7 +134,7 @@ func (repo *UserGrantRepo) SearchUserGrants(ctx context.Context, request *grant_
|
||||
TotalResult: uint64(count),
|
||||
Result: model.UserGrantsToModel(grants),
|
||||
}
|
||||
if err == nil {
|
||||
if sequenceErr == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.CurrentTimestamp
|
||||
}
|
||||
|
||||
@@ -1,6 +1,8 @@
|
||||
package handler
|
||||
|
||||
import (
|
||||
"github.com/caos/zitadel/internal/config/systemdefaults"
|
||||
iam_event "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
|
||||
"time"
|
||||
|
||||
"github.com/caos/zitadel/internal/config/types"
|
||||
@@ -29,9 +31,10 @@ type EventstoreRepos struct {
|
||||
ProjectEvents *proj_event.ProjectEventstore
|
||||
UserEvents *usr_event.UserEventstore
|
||||
OrgEvents *org_event.OrgEventstore
|
||||
IamEvents *iam_event.IAMEventstore
|
||||
}
|
||||
|
||||
func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, eventstore eventstore.Eventstore, repos EventstoreRepos) []query.Handler {
|
||||
func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, eventstore eventstore.Eventstore, repos EventstoreRepos, defaults systemdefaults.SystemDefaults) []query.Handler {
|
||||
return []query.Handler{
|
||||
&Project{handler: handler{view, bulkLimit, configs.cycleDuration("Project"), errorCount}, eventstore: eventstore},
|
||||
&ProjectGrant{handler: handler{view, bulkLimit, configs.cycleDuration("ProjectGrant"), errorCount}, eventstore: eventstore, projectEvents: repos.ProjectEvents, orgEvents: repos.OrgEvents},
|
||||
@@ -45,6 +48,9 @@ func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, ev
|
||||
&OrgMember{handler: handler{view, bulkLimit, configs.cycleDuration("OrgMember"), errorCount}, userEvents: repos.UserEvents},
|
||||
&OrgDomain{handler: handler{view, bulkLimit, configs.cycleDuration("OrgDomain"), errorCount}},
|
||||
&UserMembership{handler: handler{view, bulkLimit, configs.cycleDuration("UserMembership"), errorCount}, orgEvents: repos.OrgEvents, projectEvents: repos.ProjectEvents},
|
||||
&IDPConfig{handler: handler{view, bulkLimit, configs.cycleDuration("IDPConfig"), errorCount}},
|
||||
&LoginPolicy{handler: handler{view, bulkLimit, configs.cycleDuration("LoginPolicy"), errorCount}},
|
||||
&IDPProvider{handler: handler{view, bulkLimit, configs.cycleDuration("IDPProvider"), errorCount}, systemDefaults: defaults, iamEvents: repos.IamEvents, orgEvents: repos.OrgEvents},
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -0,0 +1,82 @@
|
||||
package handler
|
||||
|
||||
import (
|
||||
"github.com/caos/logging"
|
||||
"github.com/caos/zitadel/internal/eventstore/models"
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
||||
"github.com/caos/zitadel/internal/eventstore/spooler"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
|
||||
iam_view_model "github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
|
||||
)
|
||||
|
||||
type IDPConfig struct {
|
||||
handler
|
||||
}
|
||||
|
||||
const (
|
||||
idpConfigTable = "management.idp_configs"
|
||||
)
|
||||
|
||||
func (m *IDPConfig) ViewModel() string {
|
||||
return idpConfigTable
|
||||
}
|
||||
|
||||
func (m *IDPConfig) EventQuery() (*models.SearchQuery, error) {
|
||||
sequence, err := m.view.GetLatestIDPConfigSequence()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return es_models.NewSearchQuery().
|
||||
AggregateTypeFilter(model.OrgAggregate, iam_es_model.IAMAggregate).
|
||||
LatestSequenceFilter(sequence.CurrentSequence), nil
|
||||
}
|
||||
|
||||
func (m *IDPConfig) Reduce(event *models.Event) (err error) {
|
||||
switch event.AggregateType {
|
||||
case model.OrgAggregate:
|
||||
err = m.processIdpConfig(iam_model.IDPProviderTypeOrg, event)
|
||||
case iam_es_model.IAMAggregate:
|
||||
err = m.processIdpConfig(iam_model.IDPProviderTypeSystem, event)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func (m *IDPConfig) processIdpConfig(providerType iam_model.IDPProviderType, event *models.Event) (err error) {
|
||||
idp := new(iam_view_model.IDPConfigView)
|
||||
switch event.Type {
|
||||
case model.IDPConfigAdded,
|
||||
iam_es_model.IDPConfigAdded:
|
||||
err = idp.AppendEvent(providerType, event)
|
||||
case model.IDPConfigChanged, iam_es_model.IDPConfigChanged,
|
||||
model.OIDCIDPConfigAdded, iam_es_model.OIDCIDPConfigAdded,
|
||||
model.OIDCIDPConfigChanged, iam_es_model.OIDCIDPConfigChanged:
|
||||
err = idp.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
idp, err = m.view.IDPConfigByID(idp.IDPConfigID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = idp.AppendEvent(providerType, event)
|
||||
case model.IDPConfigRemoved, iam_es_model.IDPConfigRemoved:
|
||||
err = idp.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.DeleteIDPConfig(idp.IDPConfigID, event.Sequence)
|
||||
default:
|
||||
return m.view.ProcessedIDPConfigSequence(event.Sequence)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.PutIDPConfig(idp, idp.Sequence)
|
||||
}
|
||||
|
||||
func (m *IDPConfig) OnError(event *models.Event, err error) error {
|
||||
logging.LogWithFields("SPOOL-Nxu8s", "id", event.AggregateID).WithError(err).Warn("something went wrong in idp config handler")
|
||||
return spooler.HandleError(event, err, m.view.GetLatestIDPConfigFailedEvent, m.view.ProcessedIDPConfigFailedEvent, m.view.ProcessedIDPConfigSequence, m.errorCountUntilSkip)
|
||||
}
|
||||
@@ -0,0 +1,120 @@
|
||||
package handler
|
||||
|
||||
import (
|
||||
"context"
|
||||
"github.com/caos/logging"
|
||||
"github.com/caos/zitadel/internal/config/systemdefaults"
|
||||
"github.com/caos/zitadel/internal/iam/repository/eventsourcing"
|
||||
org_es "github.com/caos/zitadel/internal/org/repository/eventsourcing"
|
||||
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
|
||||
|
||||
"github.com/caos/zitadel/internal/eventstore/models"
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
||||
"github.com/caos/zitadel/internal/eventstore/spooler"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
|
||||
iam_view_model "github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
)
|
||||
|
||||
type IDPProvider struct {
|
||||
handler
|
||||
systemDefaults systemdefaults.SystemDefaults
|
||||
iamEvents *eventsourcing.IAMEventstore
|
||||
orgEvents *org_es.OrgEventstore
|
||||
}
|
||||
|
||||
const (
|
||||
idpProviderTable = "management.idp_providers"
|
||||
)
|
||||
|
||||
func (m *IDPProvider) ViewModel() string {
|
||||
return idpProviderTable
|
||||
}
|
||||
|
||||
func (m *IDPProvider) EventQuery() (*models.SearchQuery, error) {
|
||||
sequence, err := m.view.GetLatestIdpProviderSequence()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return es_models.NewSearchQuery().
|
||||
AggregateTypeFilter(model.IAMAggregate, org_es_model.OrgAggregate).
|
||||
LatestSequenceFilter(sequence.CurrentSequence), nil
|
||||
}
|
||||
|
||||
func (m *IDPProvider) Reduce(event *models.Event) (err error) {
|
||||
switch event.AggregateType {
|
||||
case model.IAMAggregate, org_es_model.OrgAggregate:
|
||||
err = m.processIdpProvider(event)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func (m *IDPProvider) processIdpProvider(event *models.Event) (err error) {
|
||||
provider := new(iam_view_model.IDPProviderView)
|
||||
switch event.Type {
|
||||
case model.LoginPolicyIDPProviderAdded, org_es_model.LoginPolicyIDPProviderAdded:
|
||||
err = provider.AppendEvent(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = m.fillData(provider)
|
||||
case model.LoginPolicyIDPProviderRemoved, model.LoginPolicyIDPProviderCascadeRemoved,
|
||||
org_es_model.LoginPolicyIDPProviderRemoved, org_es_model.LoginPolicyIDPProviderCascadeRemoved:
|
||||
err = provider.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.DeleteIdpProvider(event.AggregateID, provider.IDPConfigID, event.Sequence)
|
||||
case model.IDPConfigChanged, org_es_model.IDPConfigChanged:
|
||||
config := new(iam_model.IDPConfig)
|
||||
config.AppendEvent(event)
|
||||
providers, err := m.view.IdpProvidersByIdpConfigID(event.AggregateID, config.IDPConfigID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if provider.IDPProviderType == int32(iam_model.IDPProviderTypeSystem) {
|
||||
config, err = m.iamEvents.GetIDPConfig(context.Background(), provider.AggregateID, config.IDPConfigID)
|
||||
} else {
|
||||
config, err = m.orgEvents.GetIDPConfig(context.Background(), provider.AggregateID, provider.IDPConfigID)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, provider := range providers {
|
||||
m.fillConfigData(provider, config)
|
||||
}
|
||||
return m.view.PutIdpProviders(event.Sequence, providers...)
|
||||
case org_es_model.LoginPolicyRemoved:
|
||||
return m.view.DeleteIdpProvidersByAggregateID(event.AggregateID, event.Sequence)
|
||||
default:
|
||||
return m.view.ProcessedIdpProviderSequence(event.Sequence)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.PutIdpProvider(provider, provider.Sequence)
|
||||
}
|
||||
|
||||
func (m *IDPProvider) fillData(provider *iam_view_model.IDPProviderView) (err error) {
|
||||
var config *iam_model.IDPConfig
|
||||
if provider.IDPProviderType == int32(iam_model.IDPProviderTypeSystem) {
|
||||
config, err = m.iamEvents.GetIDPConfig(context.Background(), m.systemDefaults.IamID, provider.IDPConfigID)
|
||||
} else {
|
||||
config, err = m.orgEvents.GetIDPConfig(context.Background(), provider.AggregateID, provider.IDPConfigID)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
m.fillConfigData(provider, config)
|
||||
return nil
|
||||
}
|
||||
|
||||
func (m *IDPProvider) fillConfigData(provider *iam_view_model.IDPProviderView, config *iam_model.IDPConfig) {
|
||||
provider.Name = config.Name
|
||||
provider.IDPConfigType = int32(config.Type)
|
||||
}
|
||||
|
||||
func (m *IDPProvider) OnError(event *models.Event, err error) error {
|
||||
logging.LogWithFields("SPOOL-Msj8c", "id", event.AggregateID).WithError(err).Warn("something went wrong in idp provider handler")
|
||||
return spooler.HandleError(event, err, m.view.GetLatestIdpProviderFailedEvent, m.view.ProcessedIdpProviderFailedEvent, m.view.ProcessedIdpProviderSequence, m.errorCountUntilSkip)
|
||||
}
|
||||
@@ -0,0 +1,67 @@
|
||||
package handler
|
||||
|
||||
import (
|
||||
"github.com/caos/logging"
|
||||
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
|
||||
|
||||
"github.com/caos/zitadel/internal/eventstore/models"
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
||||
"github.com/caos/zitadel/internal/eventstore/spooler"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
|
||||
)
|
||||
|
||||
type LoginPolicy struct {
|
||||
handler
|
||||
}
|
||||
|
||||
const (
|
||||
loginPolicyTable = "management.login_policies"
|
||||
)
|
||||
|
||||
func (m *LoginPolicy) ViewModel() string {
|
||||
return loginPolicyTable
|
||||
}
|
||||
|
||||
func (m *LoginPolicy) EventQuery() (*models.SearchQuery, error) {
|
||||
sequence, err := m.view.GetLatestLoginPolicySequence()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return es_models.NewSearchQuery().
|
||||
AggregateTypeFilter(model.OrgAggregate, iam_es_model.IAMAggregate).
|
||||
LatestSequenceFilter(sequence.CurrentSequence), nil
|
||||
}
|
||||
|
||||
func (m *LoginPolicy) Reduce(event *models.Event) (err error) {
|
||||
switch event.AggregateType {
|
||||
case model.OrgAggregate, iam_es_model.IAMAggregate:
|
||||
err = m.processLoginPolicy(event)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func (m *LoginPolicy) processLoginPolicy(event *models.Event) (err error) {
|
||||
policy := new(iam_model.LoginPolicyView)
|
||||
switch event.Type {
|
||||
case iam_es_model.LoginPolicyAdded, model.LoginPolicyAdded:
|
||||
err = policy.AppendEvent(event)
|
||||
case iam_es_model.LoginPolicyChanged, model.LoginPolicyChanged:
|
||||
policy, err = m.view.LoginPolicyByAggregateID(event.AggregateID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = policy.AppendEvent(event)
|
||||
default:
|
||||
return m.view.ProcessedLoginPolicySequence(event.Sequence)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return m.view.PutLoginPolicy(policy, policy.Sequence)
|
||||
}
|
||||
|
||||
func (m *LoginPolicy) OnError(event *models.Event, err error) error {
|
||||
logging.LogWithFields("SPOOL-4Djo9", "id", event.AggregateID).WithError(err).Warn("something went wrong in login policy handler")
|
||||
return spooler.HandleError(event, err, m.view.GetLatestLoginPolicyFailedEvent, m.view.ProcessedLoginPolicyFailedEvent, m.view.ProcessedLoginPolicySequence, m.errorCountUntilSkip)
|
||||
}
|
||||
@@ -105,9 +105,9 @@ func (u *User) ProcessOrg(event *models.Event) (err error) {
|
||||
switch event.Type {
|
||||
case org_es_model.OrgDomainVerified,
|
||||
org_es_model.OrgDomainRemoved,
|
||||
org_es_model.OrgIamPolicyAdded,
|
||||
org_es_model.OrgIamPolicyChanged,
|
||||
org_es_model.OrgIamPolicyRemoved:
|
||||
org_es_model.OrgIAMPolicyAdded,
|
||||
org_es_model.OrgIAMPolicyChanged,
|
||||
org_es_model.OrgIAMPolicyRemoved:
|
||||
return u.fillLoginNamesOnOrgUsers(event)
|
||||
case org_es_model.OrgDomainPrimarySet:
|
||||
return u.fillPreferredLoginNamesOnOrgUsers(event)
|
||||
@@ -121,7 +121,7 @@ func (u *User) fillLoginNamesOnOrgUsers(event *models.Event) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
policy, err := u.orgEvents.GetOrgIamPolicy(context.Background(), event.ResourceOwner)
|
||||
policy, err := u.orgEvents.GetOrgIAMPolicy(context.Background(), event.ResourceOwner)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -140,7 +140,7 @@ func (u *User) fillPreferredLoginNamesOnOrgUsers(event *models.Event) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
policy, err := u.orgEvents.GetOrgIamPolicy(context.Background(), event.ResourceOwner)
|
||||
policy, err := u.orgEvents.GetOrgIAMPolicy(context.Background(), event.ResourceOwner)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -162,7 +162,7 @@ func (u *User) fillLoginNames(user *view_model.UserView) (err error) {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
policy, err := u.orgEvents.GetOrgIamPolicy(context.Background(), user.ResourceOwner)
|
||||
policy, err := u.orgEvents.GetOrgIAMPolicy(context.Background(), user.ResourceOwner)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -38,13 +38,13 @@ func (m *UserMembership) EventQuery() (*models.SearchQuery, error) {
|
||||
return nil, err
|
||||
}
|
||||
return es_models.NewSearchQuery().
|
||||
AggregateTypeFilter(iam_es_model.IamAggregate, org_es_model.OrgAggregate, proj_es_model.ProjectAggregate).
|
||||
AggregateTypeFilter(iam_es_model.IAMAggregate, org_es_model.OrgAggregate, proj_es_model.ProjectAggregate).
|
||||
LatestSequenceFilter(sequence.CurrentSequence), nil
|
||||
}
|
||||
|
||||
func (m *UserMembership) Reduce(event *models.Event) (err error) {
|
||||
switch event.AggregateType {
|
||||
case iam_es_model.IamAggregate:
|
||||
case iam_es_model.IAMAggregate:
|
||||
err = m.processIam(event)
|
||||
case org_es_model.OrgAggregate:
|
||||
err = m.processOrg(event)
|
||||
@@ -61,15 +61,15 @@ func (m *UserMembership) processIam(event *models.Event) (err error) {
|
||||
return err
|
||||
}
|
||||
switch event.Type {
|
||||
case iam_es_model.IamMemberAdded:
|
||||
case iam_es_model.IAMMemberAdded:
|
||||
m.fillIamDisplayName(member)
|
||||
case iam_es_model.IamMemberChanged:
|
||||
case iam_es_model.IAMMemberChanged:
|
||||
member, err = m.view.UserMembershipByIDs(member.UserID, event.AggregateID, event.AggregateID, usr_model.MemberTypeIam)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = member.AppendEvent(event)
|
||||
case iam_es_model.IamMemberRemoved:
|
||||
case iam_es_model.IAMMemberRemoved:
|
||||
return m.view.DeleteUserMembership(member.UserID, event.AggregateID, event.AggregateID, usr_model.MemberTypeIam, event.Sequence)
|
||||
default:
|
||||
return m.view.ProcessedUserMembershipSequence(event.Sequence)
|
||||
|
||||
@@ -35,7 +35,7 @@ type EsRepository struct {
|
||||
eventstore.UserRepo
|
||||
eventstore.UserGrantRepo
|
||||
eventstore.PolicyRepo
|
||||
eventstore.IamRepository
|
||||
eventstore.IAMRepository
|
||||
}
|
||||
|
||||
func Start(conf Config, systemDefaults sd.SystemDefaults, roles []string) (*EsRepository, error) {
|
||||
@@ -83,24 +83,24 @@ func Start(conf Config, systemDefaults sd.SystemDefaults, roles []string) (*EsRe
|
||||
}
|
||||
org := es_org.StartOrg(es_org.OrgConfig{Eventstore: es, IAMDomain: conf.Domain}, systemDefaults)
|
||||
|
||||
iam, err := es_iam.StartIam(es_iam.IamConfig{
|
||||
iam, err := es_iam.StartIAM(es_iam.IAMConfig{
|
||||
Eventstore: es,
|
||||
Cache: conf.Eventstore.Cache,
|
||||
}, systemDefaults)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
eventstoreRepos := handler.EventstoreRepos{ProjectEvents: project, UserEvents: user, OrgEvents: org}
|
||||
spool := spooler.StartSpooler(conf.Spooler, es, view, sqlClient, eventstoreRepos)
|
||||
eventstoreRepos := handler.EventstoreRepos{ProjectEvents: project, UserEvents: user, OrgEvents: org, IamEvents: iam}
|
||||
spool := spooler.StartSpooler(conf.Spooler, es, view, sqlClient, eventstoreRepos, systemDefaults)
|
||||
|
||||
return &EsRepository{
|
||||
spooler: spool,
|
||||
OrgRepository: eventstore.OrgRepository{conf.SearchLimit, org, user, view, roles},
|
||||
OrgRepository: eventstore.OrgRepository{conf.SearchLimit, org, user, view, roles, systemDefaults},
|
||||
ProjectRepo: eventstore.ProjectRepo{es, conf.SearchLimit, project, usergrant, user, view, roles},
|
||||
UserRepo: eventstore.UserRepo{conf.SearchLimit, user, policy, org, view, systemDefaults},
|
||||
UserGrantRepo: eventstore.UserGrantRepo{conf.SearchLimit, usergrant, view},
|
||||
PolicyRepo: eventstore.PolicyRepo{policy},
|
||||
IamRepository: eventstore.IamRepository{iam},
|
||||
IAMRepository: eventstore.IAMRepository{iam},
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
||||
@@ -2,6 +2,7 @@ package spooler
|
||||
|
||||
import (
|
||||
"database/sql"
|
||||
"github.com/caos/zitadel/internal/config/systemdefaults"
|
||||
|
||||
"github.com/caos/zitadel/internal/eventstore"
|
||||
"github.com/caos/zitadel/internal/eventstore/spooler"
|
||||
@@ -16,12 +17,12 @@ type SpoolerConfig struct {
|
||||
Handlers handler.Configs
|
||||
}
|
||||
|
||||
func StartSpooler(c SpoolerConfig, es eventstore.Eventstore, view *view.View, sql *sql.DB, eventstoreRepos handler.EventstoreRepos) *spooler.Spooler {
|
||||
func StartSpooler(c SpoolerConfig, es eventstore.Eventstore, view *view.View, sql *sql.DB, eventstoreRepos handler.EventstoreRepos, defaults systemdefaults.SystemDefaults) *spooler.Spooler {
|
||||
spoolerConfig := spooler.Config{
|
||||
Eventstore: es,
|
||||
Locker: &locker{dbClient: sql},
|
||||
ConcurrentWorkers: c.ConcurrentWorkers,
|
||||
ViewHandlers: handler.Register(c.Handlers, c.BulkLimit, c.FailureCountUntilSkip, view, es, eventstoreRepos),
|
||||
ViewHandlers: handler.Register(c.Handlers, c.BulkLimit, c.FailureCountUntilSkip, view, es, eventstoreRepos, defaults),
|
||||
}
|
||||
spool := spoolerConfig.New()
|
||||
spool.Start()
|
||||
|
||||
@@ -0,0 +1,53 @@
|
||||
package view
|
||||
|
||||
import (
|
||||
"github.com/caos/zitadel/internal/errors"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
"github.com/caos/zitadel/internal/iam/repository/view"
|
||||
iam_es_model "github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
global_view "github.com/caos/zitadel/internal/view/repository"
|
||||
)
|
||||
|
||||
const (
|
||||
idpConfigTable = "management.idp_configs"
|
||||
)
|
||||
|
||||
func (v *View) IDPConfigByID(idpID string) (*iam_es_model.IDPConfigView, error) {
|
||||
return view.IDPByID(v.Db, idpConfigTable, idpID)
|
||||
}
|
||||
|
||||
func (v *View) SearchIDPConfigs(request *iam_model.IDPConfigSearchRequest) ([]*iam_es_model.IDPConfigView, uint64, error) {
|
||||
return view.SearchIDPs(v.Db, idpConfigTable, request)
|
||||
}
|
||||
|
||||
func (v *View) PutIDPConfig(idp *iam_es_model.IDPConfigView, sequence uint64) error {
|
||||
err := view.PutIDP(v.Db, idpConfigTable, idp)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedIDPConfigSequence(sequence)
|
||||
}
|
||||
|
||||
func (v *View) DeleteIDPConfig(idpID string, eventSequence uint64) error {
|
||||
err := view.DeleteIDP(v.Db, idpConfigTable, idpID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedIDPConfigSequence(eventSequence)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestIDPConfigSequence() (*global_view.CurrentSequence, error) {
|
||||
return v.latestSequence(idpConfigTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedIDPConfigSequence(eventSequence uint64) error {
|
||||
return v.saveCurrentSequence(idpConfigTable, eventSequence)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestIDPConfigFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
|
||||
return v.latestFailedEvent(idpConfigTable, sequence)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedIDPConfigFailedEvent(failedEvent *global_view.FailedEvent) error {
|
||||
return v.saveFailedEvent(failedEvent)
|
||||
}
|
||||
@@ -0,0 +1,73 @@
|
||||
package view
|
||||
|
||||
import (
|
||||
"github.com/caos/zitadel/internal/errors"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
"github.com/caos/zitadel/internal/iam/repository/view"
|
||||
"github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
global_view "github.com/caos/zitadel/internal/view/repository"
|
||||
)
|
||||
|
||||
const (
|
||||
idpProviderTable = "management.idp_providers"
|
||||
)
|
||||
|
||||
func (v *View) IdpProviderByAggregateAndIdpConfigID(aggregateID, idpConfigID string) (*model.IDPProviderView, error) {
|
||||
return view.GetIDPProviderByAggregateIDAndConfigID(v.Db, idpProviderTable, aggregateID, idpConfigID)
|
||||
}
|
||||
|
||||
func (v *View) IdpProvidersByIdpConfigID(aggregateID, idpConfigID string) ([]*model.IDPProviderView, error) {
|
||||
return view.IDPProvidersByIdpConfigID(v.Db, idpProviderTable, idpConfigID)
|
||||
}
|
||||
|
||||
func (v *View) SearchIdpProviders(request *iam_model.IDPProviderSearchRequest) ([]*model.IDPProviderView, uint64, error) {
|
||||
return view.SearchIDPProviders(v.Db, idpProviderTable, request)
|
||||
}
|
||||
|
||||
func (v *View) PutIdpProvider(provider *model.IDPProviderView, sequence uint64) error {
|
||||
err := view.PutIDPProvider(v.Db, idpProviderTable, provider)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedIdpProviderSequence(sequence)
|
||||
}
|
||||
|
||||
func (v *View) PutIdpProviders(sequence uint64, providers ...*model.IDPProviderView) error {
|
||||
err := view.PutIDPProviders(v.Db, idpProviderTable, providers...)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedIdpProviderSequence(sequence)
|
||||
}
|
||||
|
||||
func (v *View) DeleteIdpProvider(aggregateID, idpConfigID string, eventSequence uint64) error {
|
||||
err := view.DeleteIDPProvider(v.Db, idpProviderTable, aggregateID, idpConfigID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedIdpProviderSequence(eventSequence)
|
||||
}
|
||||
|
||||
func (v *View) DeleteIdpProvidersByAggregateID(aggregateID string, eventSequence uint64) error {
|
||||
err := view.DeleteIDPProvidersByAggregateID(v.Db, idpProviderTable, aggregateID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedIdpProviderSequence(eventSequence)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestIdpProviderSequence() (*global_view.CurrentSequence, error) {
|
||||
return v.latestSequence(idpProviderTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedIdpProviderSequence(eventSequence uint64) error {
|
||||
return v.saveCurrentSequence(idpProviderTable, eventSequence)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestIdpProviderFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
|
||||
return v.latestFailedEvent(idpProviderTable, sequence)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedIdpProviderFailedEvent(failedEvent *global_view.FailedEvent) error {
|
||||
return v.saveFailedEvent(failedEvent)
|
||||
}
|
||||
@@ -0,0 +1,48 @@
|
||||
package view
|
||||
|
||||
import (
|
||||
"github.com/caos/zitadel/internal/errors"
|
||||
"github.com/caos/zitadel/internal/iam/repository/view"
|
||||
"github.com/caos/zitadel/internal/iam/repository/view/model"
|
||||
global_view "github.com/caos/zitadel/internal/view/repository"
|
||||
)
|
||||
|
||||
const (
|
||||
loginPolicyTable = "management.login_policies"
|
||||
)
|
||||
|
||||
func (v *View) LoginPolicyByAggregateID(aggregateID string) (*model.LoginPolicyView, error) {
|
||||
return view.GetLoginPolicyByAggregateID(v.Db, loginPolicyTable, aggregateID)
|
||||
}
|
||||
|
||||
func (v *View) PutLoginPolicy(policy *model.LoginPolicyView, sequence uint64) error {
|
||||
err := view.PutLoginPolicy(v.Db, loginPolicyTable, policy)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedLoginPolicySequence(sequence)
|
||||
}
|
||||
|
||||
func (v *View) DeleteLoginPolicy(aggregateID string, eventSequence uint64) error {
|
||||
err := view.DeleteLoginPolicy(v.Db, loginPolicyTable, aggregateID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedLoginPolicySequence(eventSequence)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestLoginPolicySequence() (*global_view.CurrentSequence, error) {
|
||||
return v.latestSequence(loginPolicyTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedLoginPolicySequence(eventSequence uint64) error {
|
||||
return v.saveCurrentSequence(loginPolicyTable, eventSequence)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestLoginPolicyFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
|
||||
return v.latestFailedEvent(loginPolicyTable, sequence)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedLoginPolicyFailedEvent(failedEvent *global_view.FailedEvent) error {
|
||||
return v.saveFailedEvent(failedEvent)
|
||||
}
|
||||
@@ -6,5 +6,5 @@ import (
|
||||
)
|
||||
|
||||
type IamRepository interface {
|
||||
IamByID(ctx context.Context, id string) (*iam_model.Iam, error)
|
||||
IAMByID(ctx context.Context, id string) (*iam_model.IAM, error)
|
||||
}
|
||||
|
||||
@@ -2,6 +2,7 @@ package repository
|
||||
|
||||
import (
|
||||
"context"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
|
||||
org_model "github.com/caos/zitadel/internal/org/model"
|
||||
)
|
||||
@@ -29,5 +30,22 @@ type OrgRepository interface {
|
||||
|
||||
GetOrgMemberRoles() []string
|
||||
|
||||
GetMyOrgIamPolicy(ctx context.Context) (*org_model.OrgIamPolicy, error)
|
||||
GetMyOrgIamPolicy(ctx context.Context) (*org_model.OrgIAMPolicy, error)
|
||||
|
||||
SearchIDPConfigs(ctx context.Context, request *iam_model.IDPConfigSearchRequest) (*iam_model.IDPConfigSearchResponse, error)
|
||||
IDPConfigByID(ctx context.Context, id string) (*iam_model.IDPConfigView, error)
|
||||
AddOIDCIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error)
|
||||
ChangeIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error)
|
||||
DeactivateIDPConfig(ctx context.Context, idpConfigID string) (*iam_model.IDPConfig, error)
|
||||
ReactivateIDPConfig(ctx context.Context, idpConfigID string) (*iam_model.IDPConfig, error)
|
||||
RemoveIDPConfig(ctx context.Context, idpConfigID string) error
|
||||
ChangeOIDCIDPConfig(ctx context.Context, oidcConfig *iam_model.OIDCIDPConfig) (*iam_model.OIDCIDPConfig, error)
|
||||
|
||||
GetLoginPolicy(ctx context.Context) (*iam_model.LoginPolicyView, error)
|
||||
AddLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error)
|
||||
ChangeLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error)
|
||||
RemoveLoginPolicy(ctx context.Context) error
|
||||
SearchIDPProviders(ctx context.Context, request *iam_model.IDPProviderSearchRequest) (*iam_model.IDPProviderSearchResponse, error)
|
||||
AddIDPProviderToLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) (*iam_model.IDPProvider, error)
|
||||
RemoveIDPProviderFromLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) error
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user