mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-11 18:17:35 +00:00
feat: Check zitadel project (#191)
* feat: check if zitadel project is changed * feat: check if zitadel project is changed
This commit is contained in:
Fabi
@@ -4,6 +4,7 @@ import (
|
||||
"context"
|
||||
"github.com/caos/zitadel/internal/api/auth"
|
||||
authz_repo "github.com/caos/zitadel/internal/authz/repository/eventsourcing"
|
||||
"github.com/caos/zitadel/internal/config/systemdefaults"
|
||||
"github.com/caos/zitadel/internal/management/repository"
|
||||
|
||||
grpc_util "github.com/caos/zitadel/internal/api/grpc"
|
||||
@@ -15,8 +16,8 @@ type Config struct {
|
||||
GRPC grpc_util.Config
|
||||
}
|
||||
|
||||
func Start(ctx context.Context, conf Config, authZRepo *authz_repo.EsRepository, authZ auth.Config, repo repository.Repository) {
|
||||
grpcServer := grpc.StartServer(conf.GRPC.ToServerConfig(), authZRepo, authZ, repo)
|
||||
func Start(ctx context.Context, conf Config, authZRepo *authz_repo.EsRepository, authZ auth.Config, sd systemdefaults.SystemDefaults, repo repository.Repository) {
|
||||
grpcServer := grpc.StartServer(conf.GRPC.ToServerConfig(), authZRepo, authZ, sd, repo)
|
||||
grpcGateway := grpc.StartGateway(conf.GRPC.ToGatewayConfig())
|
||||
|
||||
server.StartServer(ctx, grpcServer)
|
||||
|
||||
@@ -37,6 +37,9 @@ func (s *Server) UpdateApplication(ctx context.Context, in *ApplicationUpdate) (
|
||||
return appFromModel(app), nil
|
||||
}
|
||||
func (s *Server) DeactivateApplication(ctx context.Context, in *ApplicationID) (*Application, error) {
|
||||
if s.IsZitadel(ctx, in.ProjectId) {
|
||||
return nil, errors.ThrowInvalidArgument(nil, "GRPC-LSped", "Zitadel Project Applications should not be deactivated")
|
||||
}
|
||||
app, err := s.project.DeactivateApplication(ctx, in.ProjectId, in.Id)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -52,11 +55,17 @@ func (s *Server) ReactivateApplication(ctx context.Context, in *ApplicationID) (
|
||||
}
|
||||
|
||||
func (s *Server) RemoveApplication(ctx context.Context, in *ApplicationID) (*empty.Empty, error) {
|
||||
if s.IsZitadel(ctx, in.ProjectId) {
|
||||
return nil, errors.ThrowInvalidArgument(nil, "GRPC-LSpee", "Zitadel Project Applications should not be removed")
|
||||
}
|
||||
err := s.project.RemoveApplication(ctx, in.ProjectId, in.Id)
|
||||
return &empty.Empty{}, err
|
||||
}
|
||||
|
||||
func (s *Server) UpdateApplicationOIDCConfig(ctx context.Context, in *OIDCConfigUpdate) (*OIDCConfig, error) {
|
||||
if s.IsZitadel(ctx, in.ProjectId) {
|
||||
return nil, errors.ThrowInvalidArgument(nil, "GRPC-LSpee", "Zitadel Project Applications OIdc Config should not be changed")
|
||||
}
|
||||
config, err := s.project.ChangeOIDCConfig(ctx, oidcConfigUpdateToModel(in))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -65,6 +74,9 @@ func (s *Server) UpdateApplicationOIDCConfig(ctx context.Context, in *OIDCConfig
|
||||
}
|
||||
|
||||
func (s *Server) RegenerateOIDCClientSecret(ctx context.Context, in *ApplicationID) (*ClientSecret, error) {
|
||||
if s.IsZitadel(ctx, in.ProjectId) {
|
||||
return nil, errors.ThrowInvalidArgument(nil, "GRPC-Lps4d", "Zitadel Project Applications OIdc Config should not be changed")
|
||||
}
|
||||
config, err := s.project.ChangeOIDConfigSecret(ctx, in.ProjectId, in.Id)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
||||
@@ -16,6 +16,9 @@ func (s *Server) CreateProject(ctx context.Context, in *ProjectCreateRequest) (*
|
||||
return projectFromModel(project), nil
|
||||
}
|
||||
func (s *Server) UpdateProject(ctx context.Context, in *ProjectUpdateRequest) (*Project, error) {
|
||||
if s.IsZitadel(ctx, in.Id) {
|
||||
return nil, errors.ThrowInvalidArgument(nil, "GRPC-SFH8d", "Zitadel Project should not be updated")
|
||||
}
|
||||
project, err := s.project.UpdateProject(ctx, projectUpdateToModel(in))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -23,6 +26,9 @@ func (s *Server) UpdateProject(ctx context.Context, in *ProjectUpdateRequest) (*
|
||||
return projectFromModel(project), nil
|
||||
}
|
||||
func (s *Server) DeactivateProject(ctx context.Context, in *ProjectID) (*Project, error) {
|
||||
if s.IsZitadel(ctx, in.Id) {
|
||||
return nil, errors.ThrowInvalidArgument(nil, "GRPC-PS9cs", "Zitadel Project should not be deactivated")
|
||||
}
|
||||
project, err := s.project.DeactivateProject(ctx, in.Id)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -30,6 +36,9 @@ func (s *Server) DeactivateProject(ctx context.Context, in *ProjectID) (*Project
|
||||
return projectFromModel(project), nil
|
||||
}
|
||||
func (s *Server) ReactivateProject(ctx context.Context, in *ProjectID) (*Project, error) {
|
||||
if s.IsZitadel(ctx, in.Id) {
|
||||
return nil, errors.ThrowInvalidArgument(nil, "GRPC-LSpe2", "Zitadel Project should not be reactivated")
|
||||
}
|
||||
project, err := s.project.ReactivateProject(ctx, in.Id)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -65,6 +74,9 @@ func (s *Server) GetGrantedProjectGrantByID(ctx context.Context, in *ProjectGran
|
||||
}
|
||||
|
||||
func (s *Server) AddProjectRole(ctx context.Context, in *ProjectRoleAdd) (*ProjectRole, error) {
|
||||
if s.IsZitadel(ctx, in.Id) {
|
||||
return nil, errors.ThrowInvalidArgument(nil, "GRPC-PS9cs", "Zitadel Project should not get new role")
|
||||
}
|
||||
role, err := s.project.AddProjectRole(ctx, projectRoleAddToModel(in))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -72,6 +84,9 @@ func (s *Server) AddProjectRole(ctx context.Context, in *ProjectRoleAdd) (*Proje
|
||||
return projectRoleFromModel(role), nil
|
||||
}
|
||||
func (s *Server) ChangeProjectRole(ctx context.Context, in *ProjectRoleChange) (*ProjectRole, error) {
|
||||
if s.IsZitadel(ctx, in.Id) {
|
||||
return nil, errors.ThrowInvalidArgument(nil, "GRPC-LASj8", "Zitadel Project should not change roles")
|
||||
}
|
||||
role, err := s.project.ChangeProjectRole(ctx, projectRoleChangeToModel(in))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -80,6 +95,9 @@ func (s *Server) ChangeProjectRole(ctx context.Context, in *ProjectRoleChange) (
|
||||
}
|
||||
|
||||
func (s *Server) RemoveProjectRole(ctx context.Context, in *ProjectRoleRemove) (*empty.Empty, error) {
|
||||
if s.IsZitadel(ctx, in.Id) {
|
||||
return nil, errors.ThrowInvalidArgument(nil, "GRPC-Psn7s", "do not remove roles from Zitadel Project")
|
||||
}
|
||||
err := s.project.RemoveProjectRole(ctx, in.Id, in.Key)
|
||||
return &empty.Empty{}, err
|
||||
}
|
||||
@@ -98,3 +116,14 @@ func (s *Server) SearchProjectRoles(ctx context.Context, in *ProjectRoleSearchRe
|
||||
func (s *Server) ProjectChanges(ctx context.Context, changesRequest *ChangeRequest) (*Changes, error) {
|
||||
return nil, errors.ThrowUnimplemented(nil, "GRPC-mci3f", "Not implemented")
|
||||
}
|
||||
|
||||
func (s *Server) IsZitadel(ctx context.Context, projectID string) bool {
|
||||
iam, err := s.iam.IamByID(ctx, s.systemDefaults.IamID)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
if iam.IamProjectID == projectID {
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
@@ -5,6 +5,7 @@ import (
|
||||
grpc_util "github.com/caos/zitadel/internal/api/grpc"
|
||||
"github.com/caos/zitadel/internal/api/grpc/server/middleware"
|
||||
authz_repo "github.com/caos/zitadel/internal/authz/repository/eventsourcing"
|
||||
"github.com/caos/zitadel/internal/config/systemdefaults"
|
||||
mgmt_auth "github.com/caos/zitadel/internal/management/auth"
|
||||
"github.com/caos/zitadel/internal/management/repository"
|
||||
grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware"
|
||||
@@ -14,26 +15,30 @@ import (
|
||||
var _ ManagementServiceServer = (*Server)(nil)
|
||||
|
||||
type Server struct {
|
||||
port string
|
||||
project repository.ProjectRepository
|
||||
policy repository.PolicyRepository
|
||||
org repository.OrgRepository
|
||||
user repository.UserRepository
|
||||
usergrant repository.UserGrantRepository
|
||||
verifier *mgmt_auth.TokenVerifier
|
||||
authZ auth.Config
|
||||
port string
|
||||
project repository.ProjectRepository
|
||||
policy repository.PolicyRepository
|
||||
org repository.OrgRepository
|
||||
user repository.UserRepository
|
||||
usergrant repository.UserGrantRepository
|
||||
iam repository.IamRepository
|
||||
verifier *mgmt_auth.TokenVerifier
|
||||
authZ auth.Config
|
||||
systemDefaults systemdefaults.SystemDefaults
|
||||
}
|
||||
|
||||
func StartServer(conf grpc_util.ServerConfig, authZRepo *authz_repo.EsRepository, authZ auth.Config, repo repository.Repository) *Server {
|
||||
func StartServer(conf grpc_util.ServerConfig, authZRepo *authz_repo.EsRepository, authZ auth.Config, sd systemdefaults.SystemDefaults, repo repository.Repository) *Server {
|
||||
return &Server{
|
||||
port: conf.Port,
|
||||
project: repo,
|
||||
policy: repo,
|
||||
org: repo,
|
||||
user: repo,
|
||||
usergrant: repo,
|
||||
authZ: authZ,
|
||||
verifier: mgmt_auth.Start(authZRepo),
|
||||
port: conf.Port,
|
||||
project: repo,
|
||||
policy: repo,
|
||||
org: repo,
|
||||
user: repo,
|
||||
usergrant: repo,
|
||||
iam: repo,
|
||||
authZ: authZ,
|
||||
verifier: mgmt_auth.Start(authZRepo),
|
||||
systemDefaults: sd,
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -24,5 +24,5 @@ func Start(ctx context.Context, config Config, authZRepo *authz_repo.EsRepositor
|
||||
repo, err := eventsourcing.Start(config.Repository, systemDefaults, roles)
|
||||
logging.Log("MAIN-9uBxp").OnError(err).Panic("unable to start app")
|
||||
|
||||
api.Start(ctx, config.API, authZRepo, authZ, repo)
|
||||
api.Start(ctx, config.API, authZRepo, authZ, systemDefaults, repo)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user