feat: remove org (#4148)

* feat(command): remove org * refactor: imports, unused code, error handling * reduce org removed in action * add org deletion to projections * add org removal to projections * add org removal to projections * org removed projection * lint import * projections * fix: table names in tests * fix: table names in tests * logging * add org state * fix(domain): add Owner removed to object details * feat(ListQuery): add with owner removed * fix(org-delete): add bool to functions to select with owner removed * fix(org-delete): add bools to user grants with events to determine if dependencies lost owner * fix(org-delete): add unit tests for owner removed and org removed events * fix(org-delete): add handling of org remove for grants and members * fix(org-delete): correction of unit tests for owner removed * fix(org-delete): update projections, unit tests and get functions * fix(org-delete): add change date to authnkeys and owner removed to org metadata * fix(org-delete): include owner removed for login names * fix(org-delete): some column fixes in projections and build for queries with owner removed * indexes * fix(org-delete): include review changes * fix(org-delete): change user projection name after merge * fix(org-delete): include review changes for project grant where no project owner is necessary * fix(org-delete): include auth and adminapi tables with owner removed information * fix(org-delete): cleanup username and orgdomain uniqueconstraints when org is removed * fix(org-delete): add permissions for org.remove * remove unnecessary unique constraints * fix column order in primary keys * fix(org-delete): include review changes * fix(org-delete): add owner removed indexes and chang setup step to create tables * fix(org-delete): move PK order of instance_id and change added user_grant from review * fix(org-delete): no params for prepareUserQuery * change to step 6 * merge main * fix(org-delete): OldUserName rename to private * fix linting * cleanup * fix: remove org test * create prerelease * chore: delete org-delete as prerelease Co-authored-by: Stefan Benz <stefan@caos.ch> Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2025-08-11 21:17:32 +00:00 · 2022-11-30 17:01:17 +01:00
parent 21a4e73bb6
commit f3e6f3b23b
304 changed files with 7293 additions and 3286 deletions
--- a/internal/query/app.go
+++ b/internal/query/app.go
@@ -122,6 +122,10 @@ var (
 		name:  projection.AppColumnSequence,
 		table: appsTable,
 	}
+	AppColumnOwnerRemoved = Column{
+		name:  projection.AppColumnOwnerRemoved,
+		table: appsTable,
+	}
 )

 var (
@@ -237,19 +241,21 @@ var (
 	}
 )

-func (q *Queries) AppByProjectAndAppID(ctx context.Context, shouldTriggerBulk bool, projectID, appID string) (*App, error) {
+func (q *Queries) AppByProjectAndAppID(ctx context.Context, shouldTriggerBulk bool, projectID, appID string, withOwnerRemoved bool) (*App, error) {
 	if shouldTriggerBulk {
 		projection.AppProjection.Trigger(ctx)
 	}

 	stmt, scan := prepareAppQuery()
-	query, args, err := stmt.Where(
-		sq.Eq{
-			AppColumnID.identifier():         appID,
-			AppColumnProjectID.identifier():  projectID,
-			AppColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
-		},
-	).ToSql()
+	eq := sq.Eq{
+		AppColumnID.identifier():         appID,
+		AppColumnProjectID.identifier():  projectID,
+		AppColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
+	}
+	if !withOwnerRemoved {
+		eq[AppColumnOwnerRemoved.identifier()] = false
+	}
+	query, args, err := stmt.Where(eq).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-AFDgg", "Errors.Query.SQLStatement")
 	}
@@ -258,14 +264,16 @@ func (q *Queries) AppByProjectAndAppID(ctx context.Context, shouldTriggerBulk bo
 	return scan(row)
 }

-func (q *Queries) AppByID(ctx context.Context, appID string) (*App, error) {
+func (q *Queries) AppByID(ctx context.Context, appID string, withOwnerRemoved bool) (*App, error) {
 	stmt, scan := prepareAppQuery()
-	query, args, err := stmt.Where(
-		sq.Eq{
-			AppColumnID.identifier():         appID,
-			AppColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
-		},
-	).ToSql()
+	eq := sq.Eq{
+		AppColumnID.identifier():         appID,
+		AppColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
+	}
+	if !withOwnerRemoved {
+		eq[AppColumnOwnerRemoved.identifier()] = false
+	}
+	query, args, err := stmt.Where(eq).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-immt9", "Errors.Query.SQLStatement")
 	}
@@ -274,14 +282,16 @@ func (q *Queries) AppByID(ctx context.Context, appID string) (*App, error) {
 	return scan(row)
 }

-func (q *Queries) AppBySAMLEntityID(ctx context.Context, entityID string) (*App, error) {
+func (q *Queries) AppBySAMLEntityID(ctx context.Context, entityID string, withOwnerRemoved bool) (*App, error) {
 	stmt, scan := prepareAppQuery()
-	query, args, err := stmt.Where(
-		sq.Eq{
-			AppSAMLConfigColumnEntityID.identifier(): entityID,
-			AppColumnInstanceID.identifier():         authz.GetInstance(ctx).InstanceID(),
-		},
-	).ToSql()
+	eq := sq.Eq{
+		AppSAMLConfigColumnEntityID.identifier(): entityID,
+		AppColumnInstanceID.identifier():         authz.GetInstance(ctx).InstanceID(),
+	}
+	if !withOwnerRemoved {
+		eq[AppColumnOwnerRemoved.identifier()] = false
+	}
+	query, args, err := stmt.Where(eq).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-JgUop", "Errors.Query.SQLStatement")
 	}
@@ -290,18 +300,20 @@ func (q *Queries) AppBySAMLEntityID(ctx context.Context, entityID string) (*App,
 	return scan(row)
 }

-func (q *Queries) ProjectByClientID(ctx context.Context, appID string) (*Project, error) {
+func (q *Queries) ProjectByClientID(ctx context.Context, appID string, withOwnerRemoved bool) (*Project, error) {
 	stmt, scan := prepareProjectByAppQuery()
-	query, args, err := stmt.Where(
-		sq.And{
-			sq.Eq{AppColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID()},
-			sq.Or{
-				sq.Eq{AppOIDCConfigColumnClientID.identifier(): appID},
-				sq.Eq{AppAPIConfigColumnClientID.identifier(): appID},
-				sq.Eq{AppSAMLConfigColumnAppID.identifier(): appID},
-			},
+	eq := sq.Eq{AppColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID()}
+	if !withOwnerRemoved {
+		eq[ProjectColumnOwnerRemoved.identifier()] = false
+	}
+	query, args, err := stmt.Where(sq.And{
+		eq,
+		sq.Or{
+			sq.Eq{AppOIDCConfigColumnClientID.identifier(): appID},
+			sq.Eq{AppAPIConfigColumnClientID.identifier(): appID},
+			sq.Eq{AppSAMLConfigColumnAppID.identifier(): appID},
 		},
-	).ToSql()
+	}).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-XhJi3", "Errors.Query.SQLStatement")
 	}
@@ -310,14 +322,16 @@ func (q *Queries) ProjectByClientID(ctx context.Context, appID string) (*Project
 	return scan(row)
 }

-func (q *Queries) ProjectIDFromOIDCClientID(ctx context.Context, appID string) (string, error) {
+func (q *Queries) ProjectIDFromOIDCClientID(ctx context.Context, appID string, withOwnerRemoved bool) (string, error) {
 	stmt, scan := prepareProjectIDByAppQuery()
-	query, args, err := stmt.Where(
-		sq.Eq{
-			AppOIDCConfigColumnClientID.identifier(): appID,
-			AppColumnInstanceID.identifier():         authz.GetInstance(ctx).InstanceID(),
-		},
-	).ToSql()
+	eq := sq.Eq{
+		AppOIDCConfigColumnClientID.identifier(): appID,
+		AppColumnInstanceID.identifier():         authz.GetInstance(ctx).InstanceID(),
+	}
+	if !withOwnerRemoved {
+		eq[AppColumnOwnerRemoved.identifier()] = false
+	}
+	query, args, err := stmt.Where(eq).ToSql()
 	if err != nil {
 		return "", errors.ThrowInternal(err, "QUERY-7d92U", "Errors.Query.SQLStatement")
 	}
@@ -326,18 +340,21 @@ func (q *Queries) ProjectIDFromOIDCClientID(ctx context.Context, appID string) (
 	return scan(row)
 }

-func (q *Queries) ProjectIDFromClientID(ctx context.Context, appID string) (string, error) {
+func (q *Queries) ProjectIDFromClientID(ctx context.Context, appID string, withOwnerRemoved bool) (string, error) {
 	stmt, scan := prepareProjectIDByAppQuery()
-	query, args, err := stmt.Where(
-		sq.And{
-			sq.Eq{AppColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID()},
-			sq.Or{
-				sq.Eq{AppOIDCConfigColumnClientID.identifier(): appID},
-				sq.Eq{AppAPIConfigColumnClientID.identifier(): appID},
-				sq.Eq{AppSAMLConfigColumnAppID.identifier(): appID},
-			},
+	eq := sq.Eq{AppColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID()}
+	if !withOwnerRemoved {
+		eq[AppColumnOwnerRemoved.identifier()] = false
+	}
+	where := sq.And{
+		eq,
+		sq.Or{
+			sq.Eq{AppOIDCConfigColumnClientID.identifier(): appID},
+			sq.Eq{AppAPIConfigColumnClientID.identifier(): appID},
+			sq.Eq{AppSAMLConfigColumnAppID.identifier(): appID},
 		},
-	).ToSql()
+	}
+	query, args, err := stmt.Where(where).ToSql()
 	if err != nil {
 		return "", errors.ThrowInternal(err, "QUERY-SDfg3", "Errors.Query.SQLStatement")
 	}
@@ -346,14 +363,16 @@ func (q *Queries) ProjectIDFromClientID(ctx context.Context, appID string) (stri
 	return scan(row)
 }

-func (q *Queries) ProjectByOIDCClientID(ctx context.Context, id string) (*Project, error) {
+func (q *Queries) ProjectByOIDCClientID(ctx context.Context, id string, withOwnerRemoved bool) (*Project, error) {
 	stmt, scan := prepareProjectByAppQuery()
-	query, args, err := stmt.Where(
-		sq.Eq{
-			AppOIDCConfigColumnClientID.identifier(): id,
-			AppColumnInstanceID.identifier():         authz.GetInstance(ctx).InstanceID(),
-		},
-	).ToSql()
+	eq := sq.Eq{
+		AppOIDCConfigColumnClientID.identifier(): id,
+		AppColumnInstanceID.identifier():         authz.GetInstance(ctx).InstanceID(),
+	}
+	if !withOwnerRemoved {
+		eq[AppColumnOwnerRemoved.identifier()] = false
+	}
+	query, args, err := stmt.Where(eq).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-XhJi4", "Errors.Query.SQLStatement")
 	}
@@ -362,14 +381,16 @@ func (q *Queries) ProjectByOIDCClientID(ctx context.Context, id string) (*Projec
 	return scan(row)
 }

-func (q *Queries) AppByOIDCClientID(ctx context.Context, clientID string) (*App, error) {
+func (q *Queries) AppByOIDCClientID(ctx context.Context, clientID string, withOwnerRemoved bool) (*App, error) {
 	stmt, scan := prepareAppQuery()
-	query, args, err := stmt.Where(
-		sq.Eq{
-			AppOIDCConfigColumnClientID.identifier(): clientID,
-			AppColumnInstanceID.identifier():         authz.GetInstance(ctx).InstanceID(),
-		},
-	).ToSql()
+	eq := sq.Eq{
+		AppOIDCConfigColumnClientID.identifier(): clientID,
+		AppColumnInstanceID.identifier():         authz.GetInstance(ctx).InstanceID(),
+	}
+	if !withOwnerRemoved {
+		eq[AppColumnOwnerRemoved.identifier()] = false
+	}
+	query, args, err := stmt.Where(eq).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-JgVop", "Errors.Query.SQLStatement")
 	}
@@ -378,17 +399,20 @@ func (q *Queries) AppByOIDCClientID(ctx context.Context, clientID string) (*App,
 	return scan(row)
 }

-func (q *Queries) AppByClientID(ctx context.Context, clientID string) (*App, error) {
+func (q *Queries) AppByClientID(ctx context.Context, clientID string, withOwnerRemoved bool) (*App, error) {
 	stmt, scan := prepareAppQuery()
-	query, args, err := stmt.Where(
-		sq.And{
-			sq.Eq{AppColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID()},
-			sq.Or{
-				sq.Eq{AppOIDCConfigColumnClientID.identifier(): clientID},
-				sq.Eq{AppAPIConfigColumnClientID.identifier(): clientID},
-			},
+	var eq []sq.Sqlizer
+	eq = append(eq, sq.And{
+		sq.Eq{AppColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID()},
+		sq.Or{
+			sq.Eq{AppOIDCConfigColumnClientID.identifier(): clientID},
+			sq.Eq{AppAPIConfigColumnClientID.identifier(): clientID},
 		},
-	).ToSql()
+	})
+	if !withOwnerRemoved {
+		eq = append(eq, sq.Eq{AppColumnOwnerRemoved.identifier(): false})
+	}
+	query, args, err := stmt.Where(eq).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-Dfge2", "Errors.Query.SQLStatement")
 	}
@@ -397,12 +421,13 @@ func (q *Queries) AppByClientID(ctx context.Context, clientID string) (*App, err
 	return scan(row)
 }

-func (q *Queries) SearchApps(ctx context.Context, queries *AppSearchQueries) (*Apps, error) {
+func (q *Queries) SearchApps(ctx context.Context, queries *AppSearchQueries, withOwnerRemoved bool) (*Apps, error) {
 	query, scan := prepareAppsQuery()
-	stmt, args, err := queries.toQuery(query).
-		Where(
-			sq.Eq{AppColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID()},
-		).ToSql()
+	eq := sq.Eq{AppColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID()}
+	if !withOwnerRemoved {
+		eq[AppColumnOwnerRemoved.identifier()] = false
+	}
+	stmt, args, err := queries.toQuery(query).Where(eq).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInvalidArgument(err, "QUERY-fajp8", "Errors.Query.InvalidRequest")
 	}
@@ -419,12 +444,13 @@ func (q *Queries) SearchApps(ctx context.Context, queries *AppSearchQueries) (*A
 	return apps, err
 }

-func (q *Queries) SearchClientIDs(ctx context.Context, queries *AppSearchQueries) ([]string, error) {
+func (q *Queries) SearchClientIDs(ctx context.Context, queries *AppSearchQueries, withOwnerRemoved bool) ([]string, error) {
 	query, scan := prepareClientIDsQuery()
-	stmt, args, err := queries.toQuery(query).
-		Where(
-			sq.Eq{AppColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID()},
-		).ToSql()
+	eq := sq.Eq{AppColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID()}
+	if !withOwnerRemoved {
+		eq[AppColumnOwnerRemoved.identifier()] = false
+	}
+	stmt, args, err := queries.toQuery(query).Where(eq).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInvalidArgument(err, "QUERY-fajp8", "Errors.Query.InvalidRequest")
 	}