TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 19:17:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: idp and login policy configurations (#619)

Browse Source 
* feat: oidc config

* fix: oidc configurations

* feat: oidc idp config

* feat: add oidc config test

* fix: tests

* fix: tests

* feat: translate new events

* feat: idp eventstore

* feat: idp eventstore

* fix: tests

* feat: command side idp

* feat: query side idp

* feat: idp config on org

* fix: tests

* feat: authz idp on org

* feat: org idps

* feat: login policy

* feat: login policy

* feat: login policy

* feat: add idp func on login policy

* feat: add validation to loginpolicy and idp provider

* feat: add default login policy

* feat: login policy on org

* feat: login policy on org

* fix: id config handlers

* fix: id config handlers

* fix: create idp on org

* fix: create idp on org

* fix: not existing idp config

* fix: default login policy

* fix: add login policy on org

* fix: idp provider search on org

* fix: test

* fix: remove idp on org

* fix: test

* fix: test

* fix: remove admin idp

* fix: logo src as byte

* fix: migration

* fix: tests

* Update internal/iam/repository/eventsourcing/iam.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/iam_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/iam_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/model/login_policy.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/model/login_policy.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/org/repository/eventsourcing/org_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/model/login_policy_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/model/login_policy_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* fix: pr comments

* fix: tests

* Update types.go

* fix: merge request changes

* fix: reduce optimization

Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
This commit is contained in:
Fabi
2020-08-26 09:56:23 +02:00
committed by GitHub
parent f05c5bae24
commit db1d8f4efe
157 changed files with 37510 additions and 15698 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
internal/org/model/org.go
View File

@@ -2,6 +2,7 @@ package model
import (
es_models "github.com/caos/zitadel/internal/eventstore/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/golang/protobuf/ptypes/timestamp"
"strings"
)
@@ -14,7 +15,10 @@ type Org struct {
Domains []*OrgDomain
Members []*OrgMember
OrgIamPolicy *OrgIamPolicy
OrgIamPolicy *OrgIAMPolicy
LoginPolicy *iam_model.LoginPolicy
IDPs []*iam_model.IDPConfig
}
type OrgChanges struct {
Changes []*OrgChange
@@ -58,6 +62,15 @@ func (o *Org) GetDomain(domain *OrgDomain) (int, *OrgDomain) {
return -1, nil
}
func (o *Org) GetIDP(idpID string) (int, *iam_model.IDPConfig) {
for i, idp := range o.IDPs {
if idp.IDPConfigID == idpID {
return i, idp
}
}
return -1, nil
}
func (o *Org) GetPrimaryDomain() *OrgDomain {
for _, d := range o.Domains {
if d.Primary {

2
internal/org/model/org_iam_policy.go
View File

@@ -4,7 +4,7 @@ import (
"github.com/caos/zitadel/internal/eventstore/models"
)
type OrgIamPolicy struct {
type OrgIAMPolicy struct {
models.ObjectRoot
Description string

328
internal/org/repository/eventsourcing/eventstore.go
View File

@@ -3,6 +3,8 @@ package eventsourcing
import (
"context"
"encoding/json"
iam_model "github.com/caos/zitadel/internal/iam/model"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
@@ -22,11 +24,13 @@ import (
type OrgEventstore struct {
eventstore.Eventstore
IAMDomain string
IamID string
idGenerator id.Generator
verificationAlgorithm crypto.EncryptionAlgorithm
verificationGenerator crypto.Generator
defaultOrgIamPolicy *org_model.OrgIamPolicy
defaultOrgIamPolicy *org_model.OrgIAMPolicy
verificationValidator func(domain string, token string, verifier string, checkType http_utils.CheckType) error
secretCrypto crypto.Crypto
}
type OrgConfig struct {
@@ -42,6 +46,10 @@ func StartOrg(conf OrgConfig, defaults systemdefaults.SystemDefaults) *OrgEvents
verificationAlg, err := crypto.NewAESCrypto(defaults.DomainVerification.VerificationKey)
logging.Log("EVENT-aZ22d").OnError(err).Panic("cannot create verificationAlgorithm for domain verification")
verificationGen := crypto.NewEncryptionGenerator(defaults.DomainVerification.VerificationGenerator, verificationAlg)
aesCrypto, err := crypto.NewAESCrypto(defaults.IDPConfigVerificationKey)
logging.Log("EVENT-Sn8du").OnError(err).Panic("cannot create verificationAlgorithm for idp config verification")
return &OrgEventstore{
Eventstore: conf.Eventstore,
idGenerator: id.SonyFlakeGenerator,
@@ -49,7 +57,9 @@ func StartOrg(conf OrgConfig, defaults systemdefaults.SystemDefaults) *OrgEvents
verificationGenerator: verificationGen,
verificationValidator: http_utils.ValidateDomain,
IAMDomain: conf.IAMDomain,
IamID: defaults.IamID,
defaultOrgIamPolicy: &policy,
secretCrypto: aesCrypto,
}
}
@@ -455,7 +465,7 @@ func (es *OrgEventstore) RemoveOrgMember(ctx context.Context, member *org_model.
return es_sdk.Push(ctx, es.PushAggregates, repoMember.AppendEvents, orgAggregate)
}
func (es *OrgEventstore) GetOrgIamPolicy(ctx context.Context, orgID string) (*org_model.OrgIamPolicy, error) {
func (es *OrgEventstore) GetOrgIAMPolicy(ctx context.Context, orgID string) (*org_model.OrgIAMPolicy, error) {
existing, err := es.OrgByID(ctx, org_model.NewOrg(orgID))
if err != nil && !errors.IsNotFound(err) {
return nil, err
@@ -466,7 +476,7 @@ func (es *OrgEventstore) GetOrgIamPolicy(ctx context.Context, orgID string) (*or
return es.defaultOrgIamPolicy, nil
}
func (es *OrgEventstore) AddOrgIamPolicy(ctx context.Context, policy *org_model.OrgIamPolicy) (*org_model.OrgIamPolicy, error) {
func (es *OrgEventstore) AddOrgIAMPolicy(ctx context.Context, policy *org_model.OrgIAMPolicy) (*org_model.OrgIAMPolicy, error) {
existing, err := es.OrgByID(ctx, org_model.NewOrg(policy.AggregateID))
if err != nil {
return nil, err
@@ -475,8 +485,8 @@ func (es *OrgEventstore) AddOrgIamPolicy(ctx context.Context, policy *org_model.
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-7Usj3", "Errors.Org.PolicyAlreadyExists")
}
repoOrg := model.OrgFromModel(existing)
repoPolicy := model.OrgIamPolicyFromModel(policy)
orgAggregate := OrgIamPolicyAddedAggregate(es.Eventstore.AggregateCreator(), repoOrg, repoPolicy)
repoPolicy := model.OrgIAMPolicyFromModel(policy)
orgAggregate := OrgIAMPolicyAddedAggregate(es.Eventstore.AggregateCreator(), repoOrg, repoPolicy)
if err != nil {
return nil, err
}
@@ -485,10 +495,10 @@ func (es *OrgEventstore) AddOrgIamPolicy(ctx context.Context, policy *org_model.
return nil, err
}
return model.OrgIamPolicyToModel(repoOrg.OrgIamPolicy), nil
return model.OrgIAMPolicyToModel(repoOrg.OrgIamPolicy), nil
}
func (es *OrgEventstore) ChangeOrgIamPolicy(ctx context.Context, policy *org_model.OrgIamPolicy) (*org_model.OrgIamPolicy, error) {
func (es *OrgEventstore) ChangeOrgIAMPolicy(ctx context.Context, policy *org_model.OrgIAMPolicy) (*org_model.OrgIAMPolicy, error) {
existing, err := es.OrgByID(ctx, org_model.NewOrg(policy.AggregateID))
if err != nil {
return nil, err
@@ -497,8 +507,8 @@ func (es *OrgEventstore) ChangeOrgIamPolicy(ctx context.Context, policy *org_mod
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-8juSd", "Errors.Org.PolicyNotExisting")
}
repoOrg := model.OrgFromModel(existing)
repoPolicy := model.OrgIamPolicyFromModel(policy)
orgAggregate := OrgIamPolicyChangedAggregate(es.Eventstore.AggregateCreator(), repoOrg, repoPolicy)
repoPolicy := model.OrgIAMPolicyFromModel(policy)
orgAggregate := OrgIAMPolicyChangedAggregate(es.Eventstore.AggregateCreator(), repoOrg, repoPolicy)
if err != nil {
return nil, err
}
@@ -507,10 +517,10 @@ func (es *OrgEventstore) ChangeOrgIamPolicy(ctx context.Context, policy *org_mod
return nil, err
}
return model.OrgIamPolicyToModel(repoOrg.OrgIamPolicy), nil
return model.OrgIAMPolicyToModel(repoOrg.OrgIamPolicy), nil
}
func (es *OrgEventstore) RemoveOrgIamPolicy(ctx context.Context, orgID string) error {
func (es *OrgEventstore) RemoveOrgIAMPolicy(ctx context.Context, orgID string) error {
existing, err := es.OrgByID(ctx, org_model.NewOrg(orgID))
if err != nil {
return err
@@ -525,3 +535,299 @@ func (es *OrgEventstore) RemoveOrgIamPolicy(ctx context.Context, orgID string) e
}
return es_sdk.Push(ctx, es.PushAggregates, repoOrg.AppendEvents, orgAggregate)
}
func (es *OrgEventstore) AddIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error) {
if idp == nil || !idp.IsValid(true) {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Ms89d", "Errors.Org.IdpInvalid")
}
existing, err := es.OrgByID(ctx, org_model.NewOrg(idp.AggregateID))
if err != nil {
return nil, err
}
id, err := es.idGenerator.Next()
if err != nil {
return nil, err
}
idp.IDPConfigID = id
if idp.OIDCConfig != nil {
idp.OIDCConfig.IDPConfigID = id
err = idp.OIDCConfig.CryptSecret(es.secretCrypto)
}
repoOrg := model.OrgFromModel(existing)
repoIdp := iam_es_model.IDPConfigFromModel(idp)
addAggregate := IDPConfigAddedAggregate(es.Eventstore.AggregateCreator(), repoOrg, repoIdp)
err = es_sdk.Push(ctx, es.PushAggregates, repoOrg.AppendEvents, addAggregate)
if err != nil {
return nil, err
}
if _, idpConfig := iam_es_model.GetIDPConfig(repoOrg.IDPs, idp.IDPConfigID); idpConfig != nil {
return iam_es_model.IDPConfigToModel(idpConfig), nil
}
return nil, errors.ThrowInternal(nil, "EVENT-Cmsj8d", "Errors.Internal")
}
func (es *OrgEventstore) ChangeIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error) {
if idp == nil || !idp.IsValid(false) {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Mslo9", "Errors.Org.IdpInvalid")
}
existing, err := es.OrgByID(ctx, org_model.NewOrg(idp.AggregateID))
if err != nil {
return nil, err
}
if _, i := existing.GetIDP(idp.IDPConfigID); i == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Aji8e", "Errors.Org.IdpNotExisting")
}
repoOrg := model.OrgFromModel(existing)
repoIdp := iam_es_model.IDPConfigFromModel(idp)
iamAggregate := IDPConfigChangedAggregate(es.Eventstore.AggregateCreator(), repoOrg, repoIdp)
err = es_sdk.Push(ctx, es.PushAggregates, repoOrg.AppendEvents, iamAggregate)
if err != nil {
return nil, err
}
if _, idpConfig := iam_es_model.GetIDPConfig(repoOrg.IDPs, idp.IDPConfigID); idpConfig != nil {
return iam_es_model.IDPConfigToModel(idpConfig), nil
}
return nil, errors.ThrowInternal(nil, "EVENT-Ml9xs", "Errors.Internal")
}
func (es *OrgEventstore) PrepareRemoveIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*model.Org, *es_models.Aggregate, error) {
if idp.IDPConfigID == "" {
return nil, nil, errors.ThrowPreconditionFailed(nil, "EVENT-Wz7sD", "Errors.Org.IDMissing")
}
existing, err := es.OrgByID(ctx, org_model.NewOrg(idp.AggregateID))
if err != nil {
return nil, nil, err
}
if _, i := existing.GetIDP(idp.IDPConfigID); i == nil {
return nil, nil, errors.ThrowPreconditionFailed(nil, "EVENT-Smiu8", "Errors.Org.IdpNotExisting")
}
repoOrg := model.OrgFromModel(existing)
repoIdp := iam_es_model.IDPConfigFromModel(idp)
provider := new(iam_es_model.IDPProvider)
if repoOrg.LoginPolicy != nil {
_, provider = iam_es_model.GetIDPProvider(repoOrg.LoginPolicy.IDPProviders, idp.IDPConfigID)
}
agg, err := IDPConfigRemovedAggregate(ctx, es.Eventstore.AggregateCreator(), repoOrg, repoIdp, provider)
if err != nil {
return nil, nil, err
}
return repoOrg, agg, nil
}
func (es *OrgEventstore) RemoveIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) error {
repoOrg, agg, err := es.PrepareRemoveIDPConfig(ctx, idp)
if err != nil {
return err
}
return es_sdk.PushAggregates(ctx, es.PushAggregates, repoOrg.AppendEvents, agg)
}
func (es *OrgEventstore) DeactivateIDPConfig(ctx context.Context, orgID, idpID string) (*iam_model.IDPConfig, error) {
if idpID == "" {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Smk8d", "Errors.Org.IDMissing")
}
existing, err := es.OrgByID(ctx, org_model.NewOrg(orgID))
if err != nil {
return nil, err
}
idp := &iam_model.IDPConfig{IDPConfigID: idpID}
if _, app := existing.GetIDP(idp.IDPConfigID); app == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Amk8d", "Errors.Org.IdpNotExisting")
}
repoOrg := model.OrgFromModel(existing)
repoIdp := iam_es_model.IDPConfigFromModel(idp)
iamAggregate := IDPConfigDeactivatedAggregate(es.Eventstore.AggregateCreator(), repoOrg, repoIdp)
err = es_sdk.Push(ctx, es.PushAggregates, repoOrg.AppendEvents, iamAggregate)
if err != nil {
return nil, err
}
if _, idpConfig := iam_es_model.GetIDPConfig(repoOrg.IDPs, idp.IDPConfigID); idpConfig != nil {
return iam_es_model.IDPConfigToModel(idpConfig), nil
}
return nil, errors.ThrowInternal(nil, "EVENT-Amk9c", "Errors.Internal")
}
func (es *OrgEventstore) ReactivateIDPConfig(ctx context.Context, orgID, idpID string) (*iam_model.IDPConfig, error) {
if idpID == "" {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Xm8df", "Errors.Org.IDMissing")
}
existing, err := es.OrgByID(ctx, org_model.NewOrg(orgID))
if err != nil {
return nil, err
}
idp := &iam_model.IDPConfig{IDPConfigID: idpID}
if _, i := existing.GetIDP(idp.IDPConfigID); i == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Qls0f", "Errors.Org.IdpNotExisting")
}
repoOrg := model.OrgFromModel(existing)
repoIdp := iam_es_model.IDPConfigFromModel(idp)
iamAggregate := IDPConfigReactivatedAggregate(es.Eventstore.AggregateCreator(), repoOrg, repoIdp)
err = es_sdk.Push(ctx, es.PushAggregates, repoOrg.AppendEvents, iamAggregate)
if err != nil {
return nil, err
}
if _, idpConfig := iam_es_model.GetIDPConfig(repoOrg.IDPs, idp.IDPConfigID); idpConfig != nil {
return iam_es_model.IDPConfigToModel(idpConfig), nil
}
return nil, errors.ThrowInternal(nil, "EVENT-Al90s", "Errors.Internal")
}
func (es *OrgEventstore) ChangeIDPOIDCConfig(ctx context.Context, config *iam_model.OIDCIDPConfig) (*iam_model.OIDCIDPConfig, error) {
if config == nil || !config.IsValid(false) {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Qs789", "Errors.Org.OIDCConfigInvalid")
}
existing, err := es.OrgByID(ctx, org_model.NewOrg(config.AggregateID))
if err != nil {
return nil, err
}
var idp *iam_model.IDPConfig
if _, idp = existing.GetIDP(config.IDPConfigID); idp == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-pso0s", "Errors.Org.IdpNoExisting")
}
if idp.Type != iam_model.IDPConfigTypeOIDC {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Fms8w", "Errors.IAM.IdpIsNotOIDC")
}
if config.ClientSecretString != "" {
err = idp.OIDCConfig.CryptSecret(es.secretCrypto)
} else {
config.ClientSecret = nil
}
repoOrg := model.OrgFromModel(existing)
repoConfig := iam_es_model.OIDCIDPConfigFromModel(config)
iamAggregate := OIDCIDPConfigChangedAggregate(es.Eventstore.AggregateCreator(), repoOrg, repoConfig)
err = es_sdk.Push(ctx, es.PushAggregates, repoOrg.AppendEvents, iamAggregate)
if err != nil {
return nil, err
}
if _, idpConfig := iam_es_model.GetIDPConfig(repoOrg.IDPs, idp.IDPConfigID); idpConfig != nil {
return iam_es_model.OIDCIDPConfigToModel(idpConfig.OIDCIDPConfig), nil
}
return nil, errors.ThrowInternal(nil, "EVENT-Sldk8", "Errors.Internal")
}
func (es *OrgEventstore) AddLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) {
if policy == nil || !policy.IsValid() {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Sjkl9", "Errors.Org.LoginPolicyInvalid")
}
existing, err := es.OrgByID(ctx, org_model.NewOrg(policy.AggregateID))
if err != nil {
return nil, err
}
repoOrg := model.OrgFromModel(existing)
repoLoginPolicy := iam_es_model.LoginPolicyFromModel(policy)
addAggregate := LoginPolicyAddedAggregate(es.Eventstore.AggregateCreator(), repoOrg, repoLoginPolicy)
err = es_sdk.Push(ctx, es.PushAggregates, repoOrg.AppendEvents, addAggregate)
if err != nil {
return nil, err
}
return iam_es_model.LoginPolicyToModel(repoOrg.LoginPolicy), nil
}
func (es *OrgEventstore) ChangeLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) {
if policy == nil || !policy.IsValid() {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Lso02", "Errors.Org.LoginPolicyInvalid")
}
existing, err := es.OrgByID(ctx, org_model.NewOrg(policy.AggregateID))
if err != nil {
return nil, err
}
repoOrg := model.OrgFromModel(existing)
repoLoginPolicy := iam_es_model.LoginPolicyFromModel(policy)
addAggregate := LoginPolicyChangedAggregate(es.Eventstore.AggregateCreator(), repoOrg, repoLoginPolicy)
err = es_sdk.Push(ctx, es.PushAggregates, repoOrg.AppendEvents, addAggregate)
if err != nil {
return nil, err
}
return iam_es_model.LoginPolicyToModel(repoOrg.LoginPolicy), nil
}
func (es *OrgEventstore) RemoveLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) error {
if policy == nil || !policy.IsValid() {
return errors.ThrowPreconditionFailed(nil, "EVENT-O0s9e", "Errors.Org.LoginPolicyInvalid")
}
existing, err := es.OrgByID(ctx, org_model.NewOrg(policy.AggregateID))
if err != nil {
return err
}
repoOrg := model.OrgFromModel(existing)
addAggregate := LoginPolicyRemovedAggregate(es.Eventstore.AggregateCreator(), repoOrg)
return es_sdk.Push(ctx, es.PushAggregates, repoOrg.AppendEvents, addAggregate)
}
func (es *OrgEventstore) GetIDPConfig(ctx context.Context, aggregateID, idpConfigID string) (*iam_model.IDPConfig, error) {
existing, err := es.OrgByID(ctx, org_model.NewOrg(aggregateID))
if err != nil {
return nil, err
}
if _, i := existing.GetIDP(idpConfigID); i != nil {
return i, nil
}
return nil, errors.ThrowNotFound(nil, "EVENT-Qlo0d", "Errors.Org.IdpNotExisting")
}
func (es *OrgEventstore) AddIDPProviderToLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) (*iam_model.IDPProvider, error) {
if provider == nil || !provider.IsValid() {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Sjd8e", "Errors.Org.IdpProviderInvalid")
}
existing, err := es.OrgByID(ctx, org_model.NewOrg(provider.AggregateID))
if err != nil {
return nil, err
}
if existing.LoginPolicy == nil {
return nil, errors.ThrowAlreadyExists(nil, "EVENT-sk9fW", "Errors.Org.LoginPolicy.NotExisting")
}
if _, m := existing.LoginPolicy.GetIdpProvider(provider.IdpConfigID); m != nil {
return nil, errors.ThrowAlreadyExists(nil, "EVENT-Lso9f", "Errors.Org.LoginPolicy.IdpProviderAlreadyExisting")
}
repoOrg := model.OrgFromModel(existing)
repoProvider := iam_es_model.IDPProviderFromModel(provider)
addAggregate := LoginPolicyIDPProviderAddedAggregate(es.Eventstore.AggregateCreator(), repoOrg, repoProvider, es.IamID)
err = es_sdk.Push(ctx, es.PushAggregates, repoOrg.AppendEvents, addAggregate)
if err != nil {
return nil, err
}
if _, m := iam_es_model.GetIDPProvider(repoOrg.LoginPolicy.IDPProviders, provider.IdpConfigID); m != nil {
return iam_es_model.IDPProviderToModel(m), nil
}
return nil, errors.ThrowInternal(nil, "EVENT-Slf9s", "Errors.Internal")
}
func (es *OrgEventstore) PrepareRemoveIDPProviderFromLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider, cascade bool) (*model.Org, *es_models.Aggregate, error) {
if provider == nil || !provider.IsValid() {
return nil, nil, errors.ThrowPreconditionFailed(nil, "EVENT-Esi8c", "Errors.IdpProviderInvalid")
}
existing, err := es.OrgByID(ctx, org_model.NewOrg(provider.AggregateID))
if err != nil {
return nil, nil, err
}
if _, m := existing.LoginPolicy.GetIdpProvider(provider.IdpConfigID); m == nil {
return nil, nil, errors.ThrowPreconditionFailed(nil, "EVENT-29skr", "Errors.IAM.LoginPolicy.IdpProviderNotExisting")
}
repoOrg := model.OrgFromModel(existing)
providerID := &iam_es_model.IDPProviderID{provider.IdpConfigID}
providerAggregates, err := LoginPolicyIDPProviderRemovedAggregate(ctx, es.Eventstore.AggregateCreator(), repoOrg, providerID, cascade)
if err != nil {
return nil, nil, err
}
return repoOrg, providerAggregates, nil
}
func (es *OrgEventstore) RemoveIDPProviderFromLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) error {
repoOrg, agg, err := es.PrepareRemoveIDPProviderFromLoginPolicy(ctx, provider, false)
if err != nil {
return err
}
return es_sdk.PushAggregates(ctx, es.PushAggregates, repoOrg.AppendEvents, agg)
}

73
internal/org/repository/eventsourcing/eventstore_mock_test.go
View File

@@ -2,6 +2,10 @@ package eventsourcing
import (
"encoding/json"
"github.com/caos/zitadel/internal/crypto"
iam_model "github.com/caos/zitadel/internal/iam/model"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/id"
"github.com/caos/zitadel/internal/eventstore/mock"
es_models "github.com/caos/zitadel/internal/eventstore/models"
@@ -10,12 +14,24 @@ import (
"github.com/golang/mock/gomock"
)
func GetMockedEventstoreComplexity(ctrl *gomock.Controller, mockEs *mock.MockEventstore) *OrgEventstore {
func GetMockedEventstore(ctrl *gomock.Controller, mockEs *mock.MockEventstore) *OrgEventstore {
return &OrgEventstore{
Eventstore: mockEs,
Eventstore: mockEs,
idGenerator: GetSonyFlake(),
}
}
func GetMockedEventstoreWithCrypto(ctrl *gomock.Controller, mockEs *mock.MockEventstore) *OrgEventstore {
return &OrgEventstore{
Eventstore: mockEs,
idGenerator: GetSonyFlake(),
secretCrypto: crypto.NewBCrypt(10),
}
}
func GetSonyFlake() id.Generator {
return id.SonyFlakeGenerator
}
func GetMockChangesOrgOK(ctrl *gomock.Controller) *OrgEventstore {
org := model.Org{
Name: "MusterOrg",
@@ -29,12 +45,61 @@ func GetMockChangesOrgOK(ctrl *gomock.Controller) *OrgEventstore {
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
return GetMockedEventstoreComplexity(ctrl, mockEs)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockChangesOrgNoEvents(ctrl *gomock.Controller) *OrgEventstore {
events := []*es_models.Event{}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
return GetMockedEventstoreComplexity(ctrl, mockEs)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockChangesOrgWithCrypto(ctrl *gomock.Controller) *OrgEventstore {
org := model.Org{
Name: "MusterOrg",
}
data, _ := json.Marshal(org)
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.OrgAdded, Data: data},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstoreWithCrypto(ctrl, mockEs)
}
func GetMockChangesOrgWithOIDCIdp(ctrl *gomock.Controller) *OrgEventstore {
orgData, _ := json.Marshal(model.Org{Name: "MusterOrg"})
idpData, _ := json.Marshal(iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID", Name: "Name"})
oidcData, _ := json.Marshal(iam_es_model.OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.OrgAdded, Data: orgData},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IDPConfigAdded, Data: idpData},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.OIDCIDPConfigAdded, Data: oidcData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockChangesOrgWithLoginPolicy(ctrl *gomock.Controller) *OrgEventstore {
orgData, _ := json.Marshal(model.Org{Name: "MusterOrg"})
loginPolicy, _ := json.Marshal(iam_es_model.LoginPolicy{AllowRegister: true, AllowExternalIdp: true, AllowUsernamePassword: true})
idpData, _ := json.Marshal(iam_es_model.IDPProvider{IDPConfigID: "IDPConfigID", Type: int32(iam_model.IDPProviderTypeSystem)})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.OrgAdded, Data: orgData},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.LoginPolicyAdded, Data: loginPolicy},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.LoginPolicyIDPProviderAdded, Data: idpData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}

1041
internal/org/repository/eventsourcing/eventstore_test.go
View File

File diff suppressed because it is too large Load Diff

169
internal/org/repository/eventsourcing/login_policy.go Normal file
View File

@@ -0,0 +1,169 @@
package eventsourcing
import (
"context"
"github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
func LoginPolicyAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, policy *iam_es_model.LoginPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Smla8", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.OrgAggregate).
AggregateIDFilter(existing.AggregateID)
validation := checkExistingLoginPolicyValidation()
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.LoginPolicyAdded, policy)
}
}
func LoginPolicyChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, policy *iam_es_model.LoginPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Mlco9", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
changes := existing.LoginPolicy.Changes(policy)
if len(changes) == 0 {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Smk8d", "Errors.NoChangesFound")
}
return agg.AppendEvent(model.LoginPolicyChanged, changes)
}
}
func LoginPolicyRemovedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if existing == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-S8sio", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.LoginPolicyRemoved, nil)
}
}
func LoginPolicyIDPProviderAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, provider *iam_es_model.IDPProvider, iamID string) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if provider == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Sml9d", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.OrgAggregate, iam_es_model.IAMAggregate).
AggregateIDsFilter(existing.AggregateID, iamID)
validation := checkExistingLoginPolicyIDPProviderValidation(provider)
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.LoginPolicyIDPProviderAdded, provider)
}
}
func LoginPolicyIDPProviderRemovedAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, existing *model.Org, provider *iam_es_model.IDPProviderID, cascade bool) (*es_models.Aggregate, error) {
if provider == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Sml9d", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
eventType := model.LoginPolicyIDPProviderRemoved
if cascade {
eventType = model.LoginPolicyIDPProviderCascadeRemoved
}
return agg.AppendEvent(eventType, provider)
}
func checkExistingLoginPolicyValidation() func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
existing := false
for _, event := range events {
switch event.Type {
case model.LoginPolicyAdded:
existing = true
case model.LoginPolicyRemoved:
existing = false
}
}
if existing {
return errors.ThrowPreconditionFailed(nil, "EVENT-Nsh8u", "Errors.Org.LoginPolicy.AlreadyExists")
}
return nil
}
}
func checkExistingLoginPolicyIDPProviderValidation(idpProvider *iam_es_model.IDPProvider) func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
idpConfigs := make([]*iam_es_model.IDPConfig, 0)
idps := make([]*iam_es_model.IDPProvider, 0)
for _, event := range events {
switch event.Type {
case model.IDPConfigAdded, iam_es_model.IDPConfigAdded:
config := new(iam_es_model.IDPConfig)
config.SetData(event)
idpConfigs = append(idpConfigs, config)
if event.AggregateType == model.OrgAggregate {
config.Type = int32(iam_model.IDPProviderTypeOrg)
} else {
config.Type = int32(iam_model.IDPProviderTypeSystem)
}
case model.IDPConfigRemoved, iam_es_model.IDPConfigRemoved:
config := new(iam_es_model.IDPConfig)
config.SetData(event)
for i, p := range idpConfigs {
if p.IDPConfigID == config.IDPConfigID {
idpConfigs[i] = idpConfigs[len(idpConfigs)-1]
idpConfigs[len(idpConfigs)-1] = nil
idpConfigs = idpConfigs[:len(idpConfigs)-1]
}
}
case model.LoginPolicyIDPProviderAdded:
idp := new(iam_es_model.IDPProvider)
idp.SetData(event)
case model.LoginPolicyIDPProviderRemoved:
idp := new(iam_es_model.IDPProvider)
idp.SetData(event)
for i, p := range idps {
if p.IDPConfigID == idp.IDPConfigID {
idps[i] = idps[len(idps)-1]
idps[len(idps)-1] = nil
idps = idps[:len(idps)-1]
}
}
}
}
exists := false
for _, p := range idpConfigs {
if p.IDPConfigID == idpProvider.IDPConfigID && p.Type == idpProvider.Type {
exists = true
}
}
if !exists {
return errors.ThrowPreconditionFailed(nil, "EVENT-Djlo9", "Errors.IAM.IdpNotExisting")
}
for _, p := range idps {
if p.IDPConfigID == idpProvider.IDPConfigID {
return errors.ThrowPreconditionFailed(nil, "EVENT-us5Zw", "Errors.Org.LoginPolicy.IdpProviderAlreadyExisting")
}
}
return nil
}
}

452
internal/org/repository/eventsourcing/login_policy_test.go Normal file
View File

@@ -0,0 +1,452 @@
package eventsourcing
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
"testing"
)
func TestLoginPolicyAddedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.LoginPolicy
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add login polciy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
},
new: &iam_es_model.LoginPolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
AllowUsernamePassword: true,
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.LoginPolicyAdded},
},
},
{
name: "existing org nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "login policy config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
new: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := LoginPolicyAddedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestLoginPolicyChangedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.LoginPolicy
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "change login policy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
LoginPolicy: &iam_es_model.LoginPolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
},
},
new: &iam_es_model.LoginPolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
AllowUsernamePassword: true,
AllowRegister: true,
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.LoginPolicyChanged},
},
},
{
name: "existing org nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "login policy config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
new: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := LoginPolicyChangedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestLoginPolicyRemovedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "remove login policy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
LoginPolicy: &iam_es_model.LoginPolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
},
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.LoginPolicyRemoved},
},
},
{
name: "existing org nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := LoginPolicyRemovedAggregate(tt.args.aggCreator, tt.args.existing)(tt.args.ctx)
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestLoginPolicyIdpProviderAddedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.IDPProvider
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add idp provider to login policy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
},
new: &iam_es_model.IDPProvider{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
Type: int32(iam_model.IDPProviderTypeSystem),
IDPConfigID: "IDPConfigID",
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.LoginPolicyIDPProviderAdded},
},
},
{
name: "existing org nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "idp config config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
new: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := LoginPolicyIDPProviderAddedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new, "IAMID")(tt.args.ctx)
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestLoginPolicyIdpProviderRemovedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.IDPProviderID
cascade bool
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "remove idp provider to login policy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
LoginPolicy: &iam_es_model.LoginPolicy{
AllowUsernamePassword: true,
IDPProviders: []*iam_es_model.IDPProvider{
{IDPConfigID: "IDPConfigID", Type: int32(iam_model.IDPProviderTypeSystem)},
},
}},
new: &iam_es_model.IDPProviderID{
IDPConfigID: "IDPConfigID",
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.LoginPolicyIDPProviderRemoved},
},
},
{
name: "remove idp provider to login policy cascade",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
LoginPolicy: &iam_es_model.LoginPolicy{
AllowUsernamePassword: true,
IDPProviders: []*iam_es_model.IDPProvider{
{IDPConfigID: "IDPConfigID", Type: int32(iam_model.IDPProviderTypeSystem)},
},
}},
new: &iam_es_model.IDPProviderID{
IDPConfigID: "IDPConfigID",
},
cascade: true,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.LoginPolicyIDPProviderCascadeRemoved},
},
},
{
name: "existing org nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "idp config config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
new: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := LoginPolicyIDPProviderRemovedAggregate(tt.args.ctx, tt.args.aggCreator, tt.args.existing, tt.args.new, tt.args.cascade)
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}

85
internal/org/repository/eventsourcing/model/idp_config.go Normal file
View File

@@ -0,0 +1,85 @@
package model
import (
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/model"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
)
func (o *Org) appendAddIDPConfigEvent(event *es_models.Event) error {
idp := new(iam_es_model.IDPConfig)
err := idp.SetData(event)
if err != nil {
return err
}
idp.ObjectRoot.CreationDate = event.CreationDate
o.IDPs = append(o.IDPs, idp)
return nil
}
func (o *Org) appendChangeIDPConfigEvent(event *es_models.Event) error {
idp := new(iam_es_model.IDPConfig)
err := idp.SetData(event)
if err != nil {
return err
}
if i, idpConfig := iam_es_model.GetIDPConfig(o.IDPs, idp.IDPConfigID); idpConfig != nil {
o.IDPs[i].SetData(event)
}
return nil
}
func (o *Org) appendRemoveIDPConfigEvent(event *es_models.Event) error {
idp := new(iam_es_model.IDPConfig)
err := idp.SetData(event)
if err != nil {
return err
}
if i, idpConfig := iam_es_model.GetIDPConfig(o.IDPs, idp.IDPConfigID); idpConfig != nil {
o.IDPs[i] = o.IDPs[len(o.IDPs)-1]
o.IDPs[len(o.IDPs)-1] = nil
o.IDPs = o.IDPs[:len(o.IDPs)-1]
}
return nil
}
func (o *Org) appendIDPConfigStateEvent(event *es_models.Event, state model.IDPConfigState) error {
idp := new(iam_es_model.IDPConfig)
err := idp.SetData(event)
if err != nil {
return err
}
if i, idpConfig := iam_es_model.GetIDPConfig(o.IDPs, idp.IDPConfigID); idpConfig != nil {
idpConfig.State = int32(state)
o.IDPs[i] = idpConfig
}
return nil
}
func (o *Org) appendAddOIDCIDPConfigEvent(event *es_models.Event) error {
config := new(iam_es_model.OIDCIDPConfig)
err := config.SetData(event)
if err != nil {
return err
}
config.ObjectRoot.CreationDate = event.CreationDate
if i, idpConfig := iam_es_model.GetIDPConfig(o.IDPs, config.IDPConfigID); idpConfig != nil {
o.IDPs[i].Type = int32(model.IDPConfigTypeOIDC)
o.IDPs[i].OIDCIDPConfig = config
}
return nil
}
func (o *Org) appendChangeOIDCIDPConfigEvent(event *es_models.Event) error {
config := new(iam_es_model.OIDCIDPConfig)
err := config.SetData(event)
if err != nil {
return err
}
if i, idpConfig := iam_es_model.GetIDPConfig(o.IDPs, config.IDPConfigID); idpConfig != nil {
o.IDPs[i].OIDCIDPConfig.SetData(event)
}
return nil
}

252
internal/org/repository/eventsourcing/model/idp_config_test.go Normal file
View File

@@ -0,0 +1,252 @@
package model
import (
"encoding/json"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/model"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"testing"
)
func TestAppendAddIdpConfigEvent(t *testing.T) {
type args struct {
org *Org
idp *iam_es_model.IDPConfig
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append add idp config event",
args: args{
org: &Org{},
idp: &iam_es_model.IDPConfig{Name: "IDPConfig"},
event: &es_models.Event{},
},
result: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{Name: "IDPConfig"}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.idp != nil {
data, _ := json.Marshal(tt.args.idp)
tt.args.event.Data = data
}
tt.args.org.appendAddIDPConfigEvent(tt.args.event)
if len(tt.args.org.IDPs) != 1 {
t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.org.IDPs))
}
if tt.args.org.IDPs[0] == tt.result.IDPs[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.org.IDPs[0])
}
})
}
}
func TestAppendChangeIdpConfigEvent(t *testing.T) {
type args struct {
org *Org
idpConfig *iam_es_model.IDPConfig
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append change idp config event",
args: args{
org: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{Name: "IDPConfig"}}},
idpConfig: &iam_es_model.IDPConfig{Name: "IDPConfig Change"},
event: &es_models.Event{},
},
result: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{Name: "IDPConfig Change"}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.idpConfig != nil {
data, _ := json.Marshal(tt.args.idpConfig)
tt.args.event.Data = data
}
tt.args.org.appendChangeIDPConfigEvent(tt.args.event)
if len(tt.args.org.IDPs) != 1 {
t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.org.IDPs))
}
if tt.args.org.IDPs[0] == tt.result.IDPs[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.org.IDPs[0])
}
})
}
}
func TestAppendRemoveIDPEvent(t *testing.T) {
type args struct {
org *Org
idp *iam_es_model.IDPConfig
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append remove idp config event",
args: args{
org: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig"}}},
idp: &iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig"},
event: &es_models.Event{},
},
result: &Org{IDPs: []*iam_es_model.IDPConfig{}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.idp != nil {
data, _ := json.Marshal(tt.args.idp)
tt.args.event.Data = data
}
tt.args.org.appendRemoveIDPConfigEvent(tt.args.event)
if len(tt.args.org.IDPs) != 0 {
t.Errorf("got wrong result should have no apps actual: %v ", len(tt.args.org.IDPs))
}
})
}
}
func TestAppendAppStateEvent(t *testing.T) {
type args struct {
org *Org
idp *iam_es_model.IDPConfig
event *es_models.Event
state model.IDPConfigState
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append deactivate application event",
args: args{
org: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig", State: int32(model.IDPConfigStateActive)}}},
idp: &iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID"},
event: &es_models.Event{},
state: model.IDPConfigStateInactive,
},
result: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig", State: int32(model.IDPConfigStateInactive)}}},
},
{
name: "append reactivate application event",
args: args{
org: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig", State: int32(model.IDPConfigStateInactive)}}},
idp: &iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID"},
event: &es_models.Event{},
state: model.IDPConfigStateActive,
},
result: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID", Name: "IDPConfig", State: int32(model.IDPConfigStateActive)}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.idp != nil {
data, _ := json.Marshal(tt.args.idp)
tt.args.event.Data = data
}
tt.args.org.appendIDPConfigStateEvent(tt.args.event, tt.args.state)
if len(tt.args.org.IDPs) != 1 {
t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.org.IDPs))
}
if tt.args.org.IDPs[0] == tt.result.IDPs[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.org.IDPs[0])
}
})
}
}
func TestAppendAddOIDCIdpConfigEvent(t *testing.T) {
type args struct {
org *Org
config *iam_es_model.OIDCIDPConfig
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append add oidc idp config event",
args: args{
org: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID"}}},
config: &iam_es_model.OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"},
event: &es_models.Event{},
},
result: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID", OIDCIDPConfig: &iam_es_model.OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"}}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.config != nil {
data, _ := json.Marshal(tt.args.config)
tt.args.event.Data = data
}
tt.args.org.appendAddOIDCIDPConfigEvent(tt.args.event)
if len(tt.args.org.IDPs) != 1 {
t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.org.IDPs))
}
if tt.args.org.IDPs[0].OIDCIDPConfig == nil {
t.Errorf("got wrong result should have oidc config actual: %v ", tt.args.org.IDPs[0].OIDCIDPConfig)
}
if tt.args.org.IDPs[0] == tt.result.IDPs[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.org.IDPs[0])
}
})
}
}
func TestAppendChangeOIDCIdpConfigEvent(t *testing.T) {
type args struct {
org *Org
config *iam_es_model.OIDCIDPConfig
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append change oidc idp config event",
args: args{
org: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID", OIDCIDPConfig: &iam_es_model.OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"}}}},
config: &iam_es_model.OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID Changed"},
event: &es_models.Event{},
},
result: &Org{IDPs: []*iam_es_model.IDPConfig{&iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID", OIDCIDPConfig: &iam_es_model.OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID Changed"}}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.config != nil {
data, _ := json.Marshal(tt.args.config)
tt.args.event.Data = data
}
tt.args.org.appendChangeOIDCIDPConfigEvent(tt.args.event)
if len(tt.args.org.IDPs) != 1 {
t.Errorf("got wrong result should have one idpConfig actual: %v ", len(tt.args.org.IDPs))
}
if tt.args.org.IDPs[0].OIDCIDPConfig == nil {
t.Errorf("got wrong result should have oidc config actual: %v ", tt.args.org.IDPs[0].OIDCIDPConfig)
}
if tt.args.org.IDPs[0] == tt.result.IDPs[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.IDPs[0], tt.args.org.IDPs[0])
}
})
}
}

49
internal/org/repository/eventsourcing/model/login_policy.go Normal file
View File

@@ -0,0 +1,49 @@
package model
import (
es_models "github.com/caos/zitadel/internal/eventstore/models"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
)
func (o *Org) appendAddLoginPolicyEvent(event *es_models.Event) error {
o.LoginPolicy = new(iam_es_model.LoginPolicy)
err := o.LoginPolicy.SetData(event)
if err != nil {
return err
}
o.LoginPolicy.ObjectRoot.CreationDate = event.CreationDate
return nil
}
func (o *Org) appendChangeLoginPolicyEvent(event *es_models.Event) error {
return o.LoginPolicy.SetData(event)
}
func (o *Org) appendRemoveLoginPolicyEvent(event *es_models.Event) {
o.LoginPolicy = nil
}
func (o *Org) appendAddIdpProviderToLoginPolicyEvent(event *es_models.Event) error {
provider := &iam_es_model.IDPProvider{}
err := provider.SetData(event)
if err != nil {
return err
}
provider.ObjectRoot.CreationDate = event.CreationDate
o.LoginPolicy.IDPProviders = append(o.LoginPolicy.IDPProviders, provider)
return nil
}
func (o *Org) appendRemoveIdpProviderFromLoginPolicyEvent(event *es_models.Event) error {
provider := &iam_es_model.IDPProvider{}
err := provider.SetData(event)
if err != nil {
return err
}
if i, m := iam_es_model.GetIDPProvider(o.LoginPolicy.IDPProviders, provider.IDPConfigID); m != nil {
o.LoginPolicy.IDPProviders[i] = o.LoginPolicy.IDPProviders[len(o.LoginPolicy.IDPProviders)-1]
o.LoginPolicy.IDPProviders[len(o.LoginPolicy.IDPProviders)-1] = nil
o.LoginPolicy.IDPProviders = o.LoginPolicy.IDPProviders[:len(o.LoginPolicy.IDPProviders)-1]
}
return nil
}

210
internal/org/repository/eventsourcing/model/login_policy_test.go Normal file
View File

@@ -0,0 +1,210 @@
package model
import (
"encoding/json"
es_models "github.com/caos/zitadel/internal/eventstore/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"testing"
)
func TestAppendAddLoginPolicyEvent(t *testing.T) {
type args struct {
org *Org
policy *iam_es_model.LoginPolicy
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append add login policy event",
args: args{
org: &Org{},
policy: &iam_es_model.LoginPolicy{AllowUsernamePassword: true, AllowRegister: true, AllowExternalIdp: true},
event: &es_models.Event{},
},
result: &Org{LoginPolicy: &iam_es_model.LoginPolicy{AllowUsernamePassword: true, AllowRegister: true, AllowExternalIdp: true}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.policy != nil {
data, _ := json.Marshal(tt.args.policy)
tt.args.event.Data = data
}
tt.args.org.appendAddLoginPolicyEvent(tt.args.event)
if tt.result.LoginPolicy.AllowUsernamePassword != tt.args.org.LoginPolicy.AllowUsernamePassword {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowUsernamePassword, tt.args.org.LoginPolicy.AllowUsernamePassword)
}
if tt.result.LoginPolicy.AllowRegister != tt.args.org.LoginPolicy.AllowRegister {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowRegister, tt.args.org.LoginPolicy.AllowRegister)
}
if tt.result.LoginPolicy.AllowExternalIdp != tt.args.org.LoginPolicy.AllowExternalIdp {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowExternalIdp, tt.args.org.LoginPolicy.AllowExternalIdp)
}
})
}
}
func TestAppendChangeLoginPolicyEvent(t *testing.T) {
type args struct {
org *Org
policy *iam_es_model.LoginPolicy
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append change login policy event",
args: args{
org: &Org{LoginPolicy: &iam_es_model.LoginPolicy{
AllowExternalIdp: false,
AllowRegister: false,
AllowUsernamePassword: false,
}},
policy: &iam_es_model.LoginPolicy{AllowUsernamePassword: true, AllowRegister: true, AllowExternalIdp: true},
event: &es_models.Event{},
},
result: &Org{LoginPolicy: &iam_es_model.LoginPolicy{
AllowExternalIdp: true,
AllowRegister: true,
AllowUsernamePassword: true,
}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.policy != nil {
data, _ := json.Marshal(tt.args.policy)
tt.args.event.Data = data
}
tt.args.org.appendChangeLoginPolicyEvent(tt.args.event)
if tt.result.LoginPolicy.AllowUsernamePassword != tt.args.org.LoginPolicy.AllowUsernamePassword {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowUsernamePassword, tt.args.org.LoginPolicy.AllowUsernamePassword)
}
if tt.result.LoginPolicy.AllowRegister != tt.args.org.LoginPolicy.AllowRegister {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowRegister, tt.args.org.LoginPolicy.AllowRegister)
}
if tt.result.LoginPolicy.AllowExternalIdp != tt.args.org.LoginPolicy.AllowExternalIdp {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowExternalIdp, tt.args.org.LoginPolicy.AllowExternalIdp)
}
})
}
}
func TestAppendAddIdpToPolicyEvent(t *testing.T) {
type args struct {
org *Org
provider *iam_es_model.IDPProvider
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append add idp to login policy event",
args: args{
org: &Org{LoginPolicy: &iam_es_model.LoginPolicy{AllowExternalIdp: true, AllowRegister: true, AllowUsernamePassword: true}},
provider: &iam_es_model.IDPProvider{Type: int32(iam_model.IDPProviderTypeSystem), IDPConfigID: "IDPConfigID"},
event: &es_models.Event{},
},
result: &Org{LoginPolicy: &iam_es_model.LoginPolicy{
AllowExternalIdp: true,
AllowRegister: true,
AllowUsernamePassword: true,
IDPProviders: []*iam_es_model.IDPProvider{
{IDPConfigID: "IDPConfigID", Type: int32(iam_model.IDPProviderTypeSystem)},
}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.provider != nil {
data, _ := json.Marshal(tt.args.provider)
tt.args.event.Data = data
}
tt.args.org.appendAddIdpProviderToLoginPolicyEvent(tt.args.event)
if tt.result.LoginPolicy.AllowUsernamePassword != tt.args.org.LoginPolicy.AllowUsernamePassword {
t.Errorf("got wrong result AllowUsernamePassword: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowUsernamePassword, tt.args.org.LoginPolicy.AllowUsernamePassword)
}
if tt.result.LoginPolicy.AllowRegister != tt.args.org.LoginPolicy.AllowRegister {
t.Errorf("got wrong result AllowRegister: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowRegister, tt.args.org.LoginPolicy.AllowRegister)
}
if tt.result.LoginPolicy.AllowExternalIdp != tt.args.org.LoginPolicy.AllowExternalIdp {
t.Errorf("got wrong result AllowExternalIDP: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowExternalIdp, tt.args.org.LoginPolicy.AllowExternalIdp)
}
if len(tt.result.LoginPolicy.IDPProviders) != len(tt.args.org.LoginPolicy.IDPProviders) {
t.Errorf("got wrong idp provider len: expected: %v, actual: %v ", len(tt.result.LoginPolicy.IDPProviders), len(tt.args.org.LoginPolicy.IDPProviders))
}
if tt.result.LoginPolicy.IDPProviders[0].Type != tt.args.provider.Type {
t.Errorf("got wrong idp provider type: expected: %v, actual: %v ", tt.result.LoginPolicy.IDPProviders[0].Type, tt.args.provider.Type)
}
if tt.result.LoginPolicy.IDPProviders[0].IDPConfigID != tt.args.provider.IDPConfigID {
t.Errorf("got wrong idp provider idpconfigid: expected: %v, actual: %v ", tt.result.LoginPolicy.IDPProviders[0].IDPConfigID, tt.args.provider.IDPConfigID)
}
})
}
}
func TestRemoveAddIdpToPolicyEvent(t *testing.T) {
type args struct {
org *Org
provider *iam_es_model.IDPProvider
event *es_models.Event
}
tests := []struct {
name string
args args
result *Org
}{
{
name: "append add idp to login policy event",
args: args{
org: &Org{
LoginPolicy: &iam_es_model.LoginPolicy{
AllowExternalIdp: true,
AllowRegister: true,
AllowUsernamePassword: true,
IDPProviders: []*iam_es_model.IDPProvider{
{IDPConfigID: "IDPConfigID", Type: int32(iam_model.IDPProviderTypeSystem)},
}}},
provider: &iam_es_model.IDPProvider{Type: int32(iam_model.IDPProviderTypeSystem), IDPConfigID: "IDPConfigID"},
event: &es_models.Event{},
},
result: &Org{LoginPolicy: &iam_es_model.LoginPolicy{
AllowExternalIdp: true,
AllowRegister: true,
AllowUsernamePassword: true,
IDPProviders: []*iam_es_model.IDPProvider{}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.provider != nil {
data, _ := json.Marshal(tt.args.provider)
tt.args.event.Data = data
}
tt.args.org.appendRemoveIdpProviderFromLoginPolicyEvent(tt.args.event)
if tt.result.LoginPolicy.AllowUsernamePassword != tt.args.org.LoginPolicy.AllowUsernamePassword {
t.Errorf("got wrong result AllowUsernamePassword: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowUsernamePassword, tt.args.org.LoginPolicy.AllowUsernamePassword)
}
if tt.result.LoginPolicy.AllowRegister != tt.args.org.LoginPolicy.AllowRegister {
t.Errorf("got wrong result AllowRegister: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowRegister, tt.args.org.LoginPolicy.AllowRegister)
}
if tt.result.LoginPolicy.AllowExternalIdp != tt.args.org.LoginPolicy.AllowExternalIdp {
t.Errorf("got wrong result AllowExternalIDP: expected: %v, actual: %v ", tt.result.LoginPolicy.AllowExternalIdp, tt.args.org.LoginPolicy.AllowExternalIdp)
}
if len(tt.result.LoginPolicy.IDPProviders) != len(tt.args.org.LoginPolicy.IDPProviders) {
t.Errorf("got wrong idp provider len: expected: %v, actual: %v ", len(tt.result.LoginPolicy.IDPProviders), len(tt.args.org.LoginPolicy.IDPProviders))
}
})
}
}

80
internal/org/repository/eventsourcing/model/org.go
View File

@@ -2,6 +2,8 @@ package model
import (
"encoding/json"
"github.com/caos/zitadel/internal/iam/model"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/models"
@@ -18,23 +20,30 @@ type Org struct {
Name string `json:"name,omitempty"`
State int32 `json:"-"`
Domains []*OrgDomain `json:"-"`
Members []*OrgMember `json:"-"`
OrgIamPolicy *OrgIamPolicy `json:"-"`
Domains []*OrgDomain `json:"-"`
Members []*OrgMember `json:"-"`
OrgIamPolicy *OrgIAMPolicy `json:"-"`
LoginPolicy *iam_es_model.LoginPolicy `json:"-"`
IDPs []*iam_es_model.IDPConfig `json:"-"`
}
func OrgFromModel(org *org_model.Org) *Org {
members := OrgMembersFromModel(org.Members)
domains := OrgDomainsFromModel(org.Domains)
idps := iam_es_model.IDPConfigsFromModel(org.IDPs)
converted := &Org{
ObjectRoot: org.ObjectRoot,
Name: org.Name,
State: int32(org.State),
Domains: domains,
Members: members,
IDPs: idps,
}
if org.OrgIamPolicy != nil {
converted.OrgIamPolicy = OrgIamPolicyFromModel(org.OrgIamPolicy)
converted.OrgIamPolicy = OrgIAMPolicyFromModel(org.OrgIamPolicy)
}
if org.LoginPolicy != nil {
converted.LoginPolicy = iam_es_model.LoginPolicyFromModel(org.LoginPolicy)
}
return converted
}
@@ -46,9 +55,13 @@ func OrgToModel(org *Org) *org_model.Org {
State: org_model.OrgState(org.State),
Domains: OrgDomainsToModel(org.Domains),
Members: OrgMembersToModel(org.Members),
IDPs: iam_es_model.IDPConfigsToModel(org.IDPs),
}
if org.OrgIamPolicy != nil {
converted.OrgIamPolicy = OrgIamPolicyToModel(org.OrgIamPolicy)
converted.OrgIamPolicy = OrgIAMPolicyToModel(org.OrgIamPolicy)
}
if org.LoginPolicy != nil {
converted.LoginPolicy = iam_es_model.LoginPolicyToModel(org.LoginPolicy)
}
return converted
}
@@ -71,16 +84,16 @@ func (o *Org) AppendEvents(events ...*es_models.Event) error {
return nil
}
func (o *Org) AppendEvent(event *es_models.Event) error {
func (o *Org) AppendEvent(event *es_models.Event) (err error) {
switch event.Type {
case OrgAdded:
*o = Org{}
err := o.setData(event)
err = o.setData(event)
if err != nil {
return err
}
case OrgChanged:
err := o.setData(event)
err = o.setData(event)
if err != nil {
return err
}
@@ -112,25 +125,50 @@ func (o *Org) AppendEvent(event *es_models.Event) error {
}
o.removeMember(member.UserID)
case OrgDomainAdded:
o.appendAddDomainEvent(event)
err = o.appendAddDomainEvent(event)
case OrgDomainVerificationAdded:
o.appendVerificationDomainEvent(event)
err = o.appendVerificationDomainEvent(event)
case OrgDomainVerified:
o.appendVerifyDomainEvent(event)
err = o.appendVerifyDomainEvent(event)
case OrgDomainPrimarySet:
o.appendPrimaryDomainEvent(event)
err = o.appendPrimaryDomainEvent(event)
case OrgDomainRemoved:
o.appendRemoveDomainEvent(event)
case OrgIamPolicyAdded:
o.appendAddOrgIamPolicyEvent(event)
case OrgIamPolicyChanged:
o.appendChangeOrgIamPolicyEvent(event)
case OrgIamPolicyRemoved:
o.appendRemoveOrgIamPolicyEvent()
err = o.appendRemoveDomainEvent(event)
case OrgIAMPolicyAdded:
err = o.appendAddOrgIAMPolicyEvent(event)
case OrgIAMPolicyChanged:
err = o.appendChangeOrgIAMPolicyEvent(event)
case OrgIAMPolicyRemoved:
o.appendRemoveOrgIAMPolicyEvent()
case IDPConfigAdded:
err = o.appendAddIDPConfigEvent(event)
case IDPConfigChanged:
err = o.appendChangeIDPConfigEvent(event)
case IDPConfigRemoved:
err = o.appendRemoveIDPConfigEvent(event)
case IDPConfigDeactivated:
err = o.appendIDPConfigStateEvent(event, model.IDPConfigStateInactive)
case IDPConfigReactivated:
err = o.appendIDPConfigStateEvent(event, model.IDPConfigStateActive)
case OIDCIDPConfigAdded:
err = o.appendAddOIDCIDPConfigEvent(event)
case OIDCIDPConfigChanged:
err = o.appendChangeOIDCIDPConfigEvent(event)
case LoginPolicyAdded:
err = o.appendAddLoginPolicyEvent(event)
case LoginPolicyChanged:
err = o.appendChangeLoginPolicyEvent(event)
case LoginPolicyRemoved:
o.appendRemoveLoginPolicyEvent(event)
case LoginPolicyIDPProviderAdded:
err = o.appendAddIdpProviderToLoginPolicyEvent(event)
case LoginPolicyIDPProviderRemoved:
err = o.appendRemoveIdpProviderFromLoginPolicyEvent(event)
}
if err != nil {
return err
}
o.ObjectRoot.AppendEvent(event)
return nil
}

22
internal/org/repository/eventsourcing/model/org_iam_policy.go
View File

@@ -8,7 +8,7 @@ import (
org_model "github.com/caos/zitadel/internal/org/model"
)
type OrgIamPolicy struct {
type OrgIAMPolicy struct {
models.ObjectRoot
Description string `json:"description,omitempty"`
@@ -16,24 +16,24 @@ type OrgIamPolicy struct {
UserLoginMustBeDomain bool `json:"userLoginMustBeDomain"`
}
func OrgIamPolicyToModel(policy *OrgIamPolicy) *org_model.OrgIamPolicy {
return &org_model.OrgIamPolicy{
func OrgIAMPolicyToModel(policy *OrgIAMPolicy) *org_model.OrgIAMPolicy {
return &org_model.OrgIAMPolicy{
ObjectRoot: policy.ObjectRoot,
State: org_model.PolicyState(policy.State),
UserLoginMustBeDomain: policy.UserLoginMustBeDomain,
}
}
func OrgIamPolicyFromModel(policy *org_model.OrgIamPolicy) *OrgIamPolicy {
return &OrgIamPolicy{
func OrgIAMPolicyFromModel(policy *org_model.OrgIAMPolicy) *OrgIAMPolicy {
return &OrgIAMPolicy{
ObjectRoot: policy.ObjectRoot,
State: int32(policy.State),
UserLoginMustBeDomain: policy.UserLoginMustBeDomain,
}
}
func (o *Org) appendAddOrgIamPolicyEvent(event *es_models.Event) error {
o.OrgIamPolicy = new(OrgIamPolicy)
func (o *Org) appendAddOrgIAMPolicyEvent(event *es_models.Event) error {
o.OrgIamPolicy = new(OrgIAMPolicy)
err := o.OrgIamPolicy.SetData(event)
if err != nil {
return err
@@ -42,15 +42,15 @@ func (o *Org) appendAddOrgIamPolicyEvent(event *es_models.Event) error {
return nil
}
func (o *Org) appendChangeOrgIamPolicyEvent(event *es_models.Event) error {
func (o *Org) appendChangeOrgIAMPolicyEvent(event *es_models.Event) error {
return o.OrgIamPolicy.SetData(event)
}
func (o *Org) appendRemoveOrgIamPolicyEvent() {
func (o *Org) appendRemoveOrgIAMPolicyEvent() {
o.OrgIamPolicy = nil
}
func (p *OrgIamPolicy) Changes(changed *OrgIamPolicy) map[string]interface{} {
func (p *OrgIAMPolicy) Changes(changed *OrgIAMPolicy) map[string]interface{} {
changes := make(map[string]interface{}, 2)
if changed.Description != p.Description {
@@ -63,7 +63,7 @@ func (p *OrgIamPolicy) Changes(changed *OrgIamPolicy) map[string]interface{} {
return changes
}
func (p *OrgIamPolicy) SetData(event *es_models.Event) error {
func (p *OrgIAMPolicy) SetData(event *es_models.Event) error {
err := json.Unmarshal(event.Data, p)
if err != nil {
return errors.ThrowInternal(err, "EVENT-7JS9d", "unable to unmarshal data")

7
internal/org/repository/eventsourcing/model/org_test.go
View File

@@ -93,13 +93,6 @@ func TestAppendEvent(t *testing.T) {
},
result: &Org{ObjectRoot: es_models.ObjectRoot{AggregateID: "ID"}, State: int32(model.OrgStateActive)},
},
{
name: "append added domain event",
args: args{
event: &es_models.Event{AggregateID: "ID", Sequence: 1, Type: OrgDomainAdded},
},
result: &Org{ObjectRoot: es_models.ObjectRoot{AggregateID: "ID"}, State: int32(model.OrgStateActive)},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {

25
internal/org/repository/eventsourcing/model/types.go
View File

@@ -29,7 +29,26 @@ const (
OrgMemberChanged models.EventType = "org.member.changed"
OrgMemberRemoved models.EventType = "org.member.removed"
OrgIamPolicyAdded models.EventType = "org.iam.policy.added"
OrgIamPolicyChanged models.EventType = "org.iam.policy.changed"
OrgIamPolicyRemoved models.EventType = "org.iam.policy.removed"
OrgIAMPolicyAdded models.EventType = "org.iam.policy.added"
OrgIAMPolicyChanged models.EventType = "org.iam.policy.changed"
OrgIAMPolicyRemoved models.EventType = "org.iam.policy.removed"
IDPConfigAdded models.EventType = "org.idp.config.added"
IDPConfigChanged models.EventType = "org.idp.config.changed"
IDPConfigRemoved models.EventType = "org.idp.config.removed"
IDPConfigDeactivated models.EventType = "org.idp.config.deactivated"
IDPConfigReactivated models.EventType = "org.idp.config.reactivated"
OIDCIDPConfigAdded models.EventType = "org.idp.oidc.config.added"
OIDCIDPConfigChanged models.EventType = "org.idp.oidc.config.changed"
SAMLIDPConfigAdded models.EventType = "org.idp.saml.config.added"
SAMLIDPConfigChanged models.EventType = "org.idp.saml.config.changed"
LoginPolicyAdded models.EventType = "org.policy.login.added"
LoginPolicyChanged models.EventType = "org.policy.login.changed"
LoginPolicyRemoved models.EventType = "org.policy.login.removed"
LoginPolicyIDPProviderAdded models.EventType = "org.policy.login.idpprovider.added"
LoginPolicyIDPProviderRemoved models.EventType = "org.policy.login.idpprovider.removed"
LoginPolicyIDPProviderCascadeRemoved models.EventType = "org.policy.login.idpprovider.cascade.removed"
)

114
internal/org/repository/eventsourcing/org.go
View File

@@ -5,6 +5,7 @@ import (
"github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/models"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
org_model "github.com/caos/zitadel/internal/org/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
@@ -339,6 +340,119 @@ func OrgDomainRemovedAggregate(ctx context.Context, aggCreator *es_models.Aggreg
return append(aggregates, domainAgregate), nil
}
func IDPConfigAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, idp *iam_es_model.IDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if idp == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-MSki8", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
agg.AppendEvent(model.IDPConfigAdded, idp)
if idp.OIDCIDPConfig != nil {
agg.AppendEvent(model.OIDCIDPConfigAdded, idp.OIDCIDPConfig)
}
return agg, nil
}
}
func IDPConfigChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, idp *iam_es_model.IDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if idp == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Akdi8", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
var changes map[string]interface{}
for _, i := range existing.IDPs {
if i.IDPConfigID == idp.IDPConfigID {
changes = i.Changes(idp)
}
}
agg.AppendEvent(model.IDPConfigChanged, changes)
return agg, nil
}
}
func IDPConfigRemovedAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, existing *model.Org, idp *iam_es_model.IDPConfig, provider *iam_es_model.IDPProvider) (*es_models.Aggregate, error) {
if idp == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Mlso9", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
agg, err = agg.AppendEvent(model.IDPConfigRemoved, &iam_es_model.IDPConfigID{IDPConfigID: idp.IDPConfigID})
if err != nil {
return nil, err
}
if provider != nil {
return agg.AppendEvent(model.LoginPolicyIDPProviderCascadeRemoved, &iam_es_model.IDPProviderID{IDPConfigID: provider.IDPConfigID})
}
return agg, nil
}
func IDPConfigDeactivatedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, idp *iam_es_model.IDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if idp == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-3sz7d", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
agg.AppendEvent(model.IDPConfigDeactivated, &iam_es_model.IDPConfigID{IDPConfigID: idp.IDPConfigID})
return agg, nil
}
}
func IDPConfigReactivatedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, idp *iam_es_model.IDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if idp == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-4jdiS", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
agg.AppendEvent(model.IDPConfigReactivated, &iam_es_model.IDPConfigID{IDPConfigID: idp.IDPConfigID})
return agg, nil
}
}
func OIDCIDPConfigChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, config *iam_es_model.OIDCIDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if config == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-6Fjso", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
var changes map[string]interface{}
for _, idp := range existing.IDPs {
if idp.IDPConfigID == config.IDPConfigID {
if idp.OIDCIDPConfig != nil {
changes = idp.OIDCIDPConfig.Changes(config)
}
}
}
if len(changes) <= 1 {
return nil, errors.ThrowPreconditionFailedf(nil, "EVENT-Rks9u", "Errors.NoChangesFound")
}
agg.AppendEvent(model.OIDCIDPConfigChanged, changes)
return agg, nil
}
}
func isEventValidation(aggregate *es_models.Aggregate, eventType es_models.EventType) func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
if len(events) == 0 {

10
internal/org/repository/eventsourcing/org_iam_policy.go
View File

@@ -7,7 +7,7 @@ import (
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
func OrgIamPolicyAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, policy *model.OrgIamPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
func OrgIAMPolicyAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, policy *model.OrgIAMPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-i9sJS", "Errors.Internal")
@@ -16,11 +16,11 @@ func OrgIamPolicyAddedAggregate(aggCreator *es_models.AggregateCreator, existing
if err != nil {
return nil, err
}
return agg.AppendEvent(model.OrgIamPolicyAdded, policy)
return agg.AppendEvent(model.OrgIAMPolicyAdded, policy)
}
}
func OrgIamPolicyChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, policy *model.OrgIamPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
func OrgIAMPolicyChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, policy *model.OrgIAMPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-9Ksie", "Errors.Internal")
@@ -33,7 +33,7 @@ func OrgIamPolicyChangedAggregate(aggCreator *es_models.AggregateCreator, existi
if len(changes) == 0 {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Js6Vs", "Errors.NoChangesFound")
}
return agg.AppendEvent(model.OrgIamPolicyChanged, changes)
return agg.AppendEvent(model.OrgIAMPolicyChanged, changes)
}
}
@@ -43,6 +43,6 @@ func OrgIamPolicyRemovedAggregate(aggCreator *es_models.AggregateCreator, existi
if err != nil {
return nil, err
}
return agg.AppendEvent(model.OrgIamPolicyRemoved, nil)
return agg.AppendEvent(model.OrgIAMPolicyRemoved, nil)
}
}

38
internal/org/repository/eventsourcing/org_iam_policy_test.go
View File

@@ -20,7 +20,7 @@ func TestOrgIamPolicyAddedAggregates(t *testing.T) {
ctx context.Context
aggCreator *es_models.AggregateCreator
org *model.Org
policy *model.OrgIamPolicy
policy *model.OrgIAMPolicy
}
tests := []struct {
name string
@@ -48,21 +48,21 @@ func TestOrgIamPolicyAddedAggregates(t *testing.T) {
Sequence: 5,
},
},
policy: &model.OrgIamPolicy{
policy: &model.OrgIAMPolicy{
Description: "description",
UserLoginMustBeDomain: true,
},
},
res: res{
eventsCount: 1,
eventType: model.OrgIamPolicyAdded,
eventType: model.OrgIAMPolicyAdded,
isErr: nil,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg := OrgIamPolicyAddedAggregate(tt.args.aggCreator, tt.args.org, tt.args.policy)
agg := OrgIAMPolicyAddedAggregate(tt.args.aggCreator, tt.args.org, tt.args.policy)
got, err := agg(tt.args.ctx)
if tt.res.isErr == nil && err != nil {
t.Errorf("no error expected got %T: %v", err, err)
@@ -71,10 +71,10 @@ func TestOrgIamPolicyAddedAggregates(t *testing.T) {
t.Errorf("wrong error got %T: %v", err, err)
}
if tt.res.isErr == nil && got.Events[0].Type != tt.res.eventType {
t.Errorf("OrgIamPolicyAddedAggregate() event type = %v, wanted count %v", got.Events[0].Type, tt.res.eventType)
t.Errorf("OrgIAMPolicyAddedAggregate() event type = %v, wanted count %v", got.Events[0].Type, tt.res.eventType)
}
if tt.res.isErr == nil && len(got.Events) != tt.res.eventsCount {
t.Errorf("OrgIamPolicyAddedAggregate() event count = %d, wanted count %d", len(got.Events), tt.res.eventsCount)
t.Errorf("OrgIAMPolicyAddedAggregate() event count = %d, wanted count %d", len(got.Events), tt.res.eventsCount)
}
})
}
@@ -90,7 +90,7 @@ func TestOrgIamPolicyChangedAggregates(t *testing.T) {
ctx context.Context
aggCreator *es_models.AggregateCreator
org *model.Org
policy *model.OrgIamPolicy
policy *model.OrgIAMPolicy
}
tests := []struct {
name string
@@ -117,19 +117,19 @@ func TestOrgIamPolicyChangedAggregates(t *testing.T) {
AggregateID: "sdaf",
Sequence: 5,
},
OrgIamPolicy: &model.OrgIamPolicy{
OrgIamPolicy: &model.OrgIAMPolicy{
Description: "description",
UserLoginMustBeDomain: true,
},
},
policy: &model.OrgIamPolicy{
policy: &model.OrgIAMPolicy{
Description: "description",
UserLoginMustBeDomain: false,
},
},
res: res{
eventsCount: 1,
eventType: model.OrgIamPolicyChanged,
eventType: model.OrgIAMPolicyChanged,
isErr: nil,
},
},
@@ -143,12 +143,12 @@ func TestOrgIamPolicyChangedAggregates(t *testing.T) {
AggregateID: "sdaf",
Sequence: 5,
},
OrgIamPolicy: &model.OrgIamPolicy{
OrgIamPolicy: &model.OrgIAMPolicy{
Description: "description",
UserLoginMustBeDomain: true,
},
},
policy: &model.OrgIamPolicy{
policy: &model.OrgIAMPolicy{
Description: "description",
UserLoginMustBeDomain: true,
},
@@ -160,7 +160,7 @@ func TestOrgIamPolicyChangedAggregates(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg := OrgIamPolicyChangedAggregate(tt.args.aggCreator, tt.args.org, tt.args.policy)
agg := OrgIAMPolicyChangedAggregate(tt.args.aggCreator, tt.args.org, tt.args.policy)
got, err := agg(tt.args.ctx)
if tt.res.isErr == nil && err != nil {
t.Errorf("no error expected got %T: %v", err, err)
@@ -169,10 +169,10 @@ func TestOrgIamPolicyChangedAggregates(t *testing.T) {
t.Errorf("wrong error got %T: %v", err, err)
}
if tt.res.isErr == nil && got.Events[0].Type != tt.res.eventType {
t.Errorf("OrgIamPolicyChangedAggregate() event type = %v, wanted count %v", got.Events[0].Type, tt.res.eventType)
t.Errorf("OrgIAMPolicyChangedAggregate() event type = %v, wanted count %v", got.Events[0].Type, tt.res.eventType)
}
if tt.res.isErr == nil && len(got.Events) != tt.res.eventsCount {
t.Errorf("OrgIamPolicyChangedAggregate() event count = %d, wanted count %d", len(got.Events), tt.res.eventsCount)
t.Errorf("OrgIAMPolicyChangedAggregate() event count = %d, wanted count %d", len(got.Events), tt.res.eventsCount)
}
})
}
@@ -204,7 +204,7 @@ func TestOrgIamPolicyRemovedAggregates(t *testing.T) {
AggregateID: "sdaf",
Sequence: 5,
},
OrgIamPolicy: &model.OrgIamPolicy{
OrgIamPolicy: &model.OrgIAMPolicy{
Description: "description",
UserLoginMustBeDomain: true,
},
@@ -212,7 +212,7 @@ func TestOrgIamPolicyRemovedAggregates(t *testing.T) {
},
res: res{
eventsCount: 1,
eventType: model.OrgIamPolicyRemoved,
eventType: model.OrgIAMPolicyRemoved,
isErr: nil,
},
},
@@ -228,10 +228,10 @@ func TestOrgIamPolicyRemovedAggregates(t *testing.T) {
t.Errorf("wrong error got %T: %v", err, err)
}
if tt.res.isErr == nil && got.Events[0].Type != tt.res.eventType {
t.Errorf("OrgIamPolicyChangedAggregate() event type = %v, wanted count %v", got.Events[0].Type, tt.res.eventType)
t.Errorf("OrgIAMPolicyChangedAggregate() event type = %v, wanted count %v", got.Events[0].Type, tt.res.eventType)
}
if tt.res.isErr == nil && len(got.Events) != tt.res.eventsCount {
t.Errorf("OrgIamPolicyChangedAggregate() event count = %d, wanted count %d", len(got.Events), tt.res.eventsCount)
t.Errorf("OrgIAMPolicyChangedAggregate() event count = %d, wanted count %d", len(got.Events), tt.res.eventsCount)
}
})
}

581
internal/org/repository/eventsourcing/org_test.go
View File

@@ -2,6 +2,7 @@ package eventsourcing
import (
"context"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"testing"
"github.com/caos/zitadel/internal/api/authz"
@@ -847,3 +848,583 @@ func TestOrgDomainRemovedAggregates(t *testing.T) {
})
}
}
func TestIdpConfigAddedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.IDPConfig
aggCreator *es_models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []es_models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add oidc idp configuration",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, Name: "Name"},
new: &iam_es_model.IDPConfig{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"},
IDPConfigID: "IDPConfigID",
Name: "Name",
OIDCIDPConfig: &iam_es_model.OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"},
},
aggCreator: es_models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 2,
eventTypes: []es_models.EventType{model.IDPConfigAdded, model.OIDCIDPConfigAdded},
},
},
{
name: "existing iam nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: es_models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: errors.IsPreconditionFailed,
},
},
{
name: "idp config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, Name: "Name"},
new: nil,
aggCreator: es_models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: errors.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := IDPConfigAddedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestIdpConfigurationChangedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.IDPConfig
aggCreator *es_models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []es_models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "change idp configuration",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"},
Name: "Name",
IDPs: []*iam_es_model.IDPConfig{
{IDPConfigID: "IDPConfigID", Name: "IDPName"},
}},
new: &iam_es_model.IDPConfig{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"},
IDPConfigID: "IDPConfigID",
Name: "NameChanged",
},
aggCreator: es_models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []es_models.EventType{model.IDPConfigChanged},
},
},
{
name: "existing iam nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: es_models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: errors.IsPreconditionFailed,
},
},
{
name: "idp config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, Name: "Name"},
new: nil,
aggCreator: es_models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: errors.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := IDPConfigChangedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestIdpConfigurationRemovedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.IDPConfig
provider *iam_es_model.IDPProvider
aggCreator *es_models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []es_models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "remove idp config",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"},
Name: "Name",
IDPs: []*iam_es_model.IDPConfig{
{IDPConfigID: "IDPConfigID", Name: "Name"},
}},
new: &iam_es_model.IDPConfig{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"},
IDPConfigID: "IDPConfigID",
Name: "Name",
},
aggCreator: es_models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []es_models.EventType{model.IDPConfigRemoved},
},
},
{
name: "remove idp config with provider",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"},
Name: "Name",
IDPs: []*iam_es_model.IDPConfig{
{IDPConfigID: "IDPConfigID", Name: "Name"},
}},
new: &iam_es_model.IDPConfig{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"},
IDPConfigID: "IDPConfigID",
Name: "Name",
},
provider: &iam_es_model.IDPProvider{
IDPConfigID: "IDPConfigID",
},
aggCreator: es_models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 2,
eventTypes: []es_models.EventType{model.IDPConfigRemoved, model.LoginPolicyIDPProviderCascadeRemoved},
},
},
{
name: "existing iam nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: es_models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: errors.IsPreconditionFailed,
},
},
{
name: "idp config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, Name: "Name"},
new: nil,
aggCreator: es_models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: errors.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := IDPConfigRemovedAggregate(tt.args.ctx, tt.args.aggCreator, tt.args.existing, tt.args.new, tt.args.provider)
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestIdpConfigurationDeactivatedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.IDPConfig
aggCreator *es_models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []es_models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "deactivate idp config",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"},
Name: "Name",
IDPs: []*iam_es_model.IDPConfig{
{IDPConfigID: "IDPConfigID", Name: "Name"},
}},
new: &iam_es_model.IDPConfig{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"},
IDPConfigID: "IDPConfigID",
Name: "Name",
},
aggCreator: es_models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []es_models.EventType{model.IDPConfigDeactivated},
},
},
{
name: "existing iam nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: es_models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: errors.IsPreconditionFailed,
},
},
{
name: "idp config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, Name: "Name"},
new: nil,
aggCreator: es_models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: errors.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := IDPConfigDeactivatedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestIdpConfigurationReactivatedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.IDPConfig
aggCreator *es_models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []es_models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "deactivate app",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"},
Name: "Name",
IDPs: []*iam_es_model.IDPConfig{
{IDPConfigID: "IDPConfigID", Name: "Name"},
}},
new: &iam_es_model.IDPConfig{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"},
IDPConfigID: "IDPConfigID",
Name: "Name",
},
aggCreator: es_models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []es_models.EventType{model.IDPConfigReactivated},
},
},
{
name: "existing iam nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: es_models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: errors.IsPreconditionFailed,
},
},
{
name: "idp config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, Name: "Name"},
new: nil,
aggCreator: es_models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: errors.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := IDPConfigReactivatedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestOIDCConfigChangedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.OIDCIDPConfig
aggCreator *es_models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []es_models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "change oidc config",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"},
Name: "Name",
IDPs: []*iam_es_model.IDPConfig{
{IDPConfigID: "IDPConfigID", Name: "Name", OIDCIDPConfig: &iam_es_model.OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"}},
}},
new: &iam_es_model.OIDCIDPConfig{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"},
IDPConfigID: "IDPConfigID",
ClientID: "ClientIDChanged",
},
aggCreator: es_models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []es_models.EventType{model.OIDCIDPConfigChanged},
},
},
{
name: "no changes",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"},
Name: "Name",
IDPs: []*iam_es_model.IDPConfig{
{IDPConfigID: "IDPConfigID", Name: "Name", OIDCIDPConfig: &iam_es_model.OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"}},
}},
new: &iam_es_model.OIDCIDPConfig{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"},
IDPConfigID: "IDPConfigID",
ClientID: "ClientID",
},
aggCreator: es_models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: errors.IsPreconditionFailed,
},
},
{
name: "existing iam nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: es_models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: errors.IsPreconditionFailed,
},
},
{
name: "oidc config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, Name: "Name"},
new: nil,
aggCreator: es_models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: errors.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := OIDCIDPConfigChangedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}