feat: remove org (#4148)

* feat(command): remove org

* refactor: imports, unused code, error handling

* reduce org removed in action

* add org deletion to projections

* add org removal to projections

* add org removal to projections

* org removed projection

* lint import

* projections

* fix: table names in tests

* fix: table names in tests

* logging

* add org state

* fix(domain): add Owner removed to object details

* feat(ListQuery): add with owner removed

* fix(org-delete): add bool to functions to select with owner removed

* fix(org-delete): add bools to user grants with events to determine if dependencies lost owner

* fix(org-delete): add unit tests for owner removed and org removed events

* fix(org-delete): add handling of org remove for grants and members

* fix(org-delete): correction of unit tests for owner removed

* fix(org-delete): update projections, unit tests and get functions

* fix(org-delete): add change date to authnkeys and owner removed to org metadata

* fix(org-delete): include owner removed for login names

* fix(org-delete): some column fixes in projections and build for queries with owner removed

* indexes

* fix(org-delete): include review changes

* fix(org-delete): change user projection name after merge

* fix(org-delete): include review changes for project grant where no project owner is necessary

* fix(org-delete): include auth and adminapi tables with owner removed information

* fix(org-delete): cleanup username and orgdomain uniqueconstraints when org is removed

* fix(org-delete): add permissions for org.remove

* remove unnecessary unique constraints

* fix column order in primary keys

* fix(org-delete): include review changes

* fix(org-delete): add owner removed indexes and chang setup step to create tables

* fix(org-delete): move PK order of instance_id and change added user_grant from review

* fix(org-delete): no params for prepareUserQuery

* change to step 6

* merge main

* fix(org-delete): OldUserName rename to private

* fix linting

* cleanup

* fix: remove org test

* create prerelease

* chore: delete org-delete as prerelease

Co-authored-by: Stefan Benz <stefan@caos.ch>
Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>

internal/query/authn_key.go

@@ -28,6 +28,10 @@ var (
 		name:  projection.AuthNKeyCreationDateCol,
 		table: authNKeyTable,
 	}
+	AuthNKeyColumnChangeDate = Column{
+		name:  projection.AuthNKeyChangeDateCol,
+		table: authNKeyTable,
+	}
 	AuthNKeyColumnResourceOwner = Column{
 		name:  projection.AuthNKeyResourceOwnerCol,
 		table: authNKeyTable,
@@ -68,6 +72,10 @@ var (
 		name:  projection.AuthNKeyEnabledCol,
 		table: authNKeyTable,
 	}
+	AuthNKeyOwnerRemovedCol = Column{
+		name:  projection.AuthNKeyOwnerRemovedCol,
+		table: authNKeyTable,
+	}
 )
 
 type AuthNKeys struct {
@@ -78,6 +86,7 @@ type AuthNKeys struct {
 type AuthNKey struct {
 	ID            string
 	CreationDate  time.Time
+	ChangeDate    time.Time
 	ResourceOwner string
 	Sequence      uint64
 
@@ -93,6 +102,7 @@ type AuthNKeysData struct {
 type AuthNKeyData struct {
 	ID            string
 	CreationDate  time.Time
+	ChangeDate    time.Time
 	ResourceOwner string
 	Sequence      uint64
 
@@ -115,15 +125,17 @@ func (q *AuthNKeySearchQueries) toQuery(query sq.SelectBuilder) sq.SelectBuilder
 	return query
 }
 
-func (q *Queries) SearchAuthNKeys(ctx context.Context, queries *AuthNKeySearchQueries) (authNKeys *AuthNKeys, err error) {
+func (q *Queries) SearchAuthNKeys(ctx context.Context, queries *AuthNKeySearchQueries, withOwnerRemoved bool) (authNKeys *AuthNKeys, err error) {
 	query, scan := prepareAuthNKeysQuery()
 	query = queries.toQuery(query)
-	stmt, args, err := query.Where(
-		sq.Eq{
-			AuthNKeyColumnEnabled.identifier():    true,
-			AuthNKeyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
-		},
-	).ToSql()
+	eq := sq.Eq{
+		AuthNKeyColumnEnabled.identifier():    true,
+		AuthNKeyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
+	}
+	if !withOwnerRemoved {
+		eq[AuthNKeyOwnerRemovedCol.identifier()] = false
+	}
+	stmt, args, err := query.Where(eq).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInvalidArgument(err, "QUERY-SAf3f", "Errors.Query.InvalidRequest")
 	}
@@ -140,14 +152,17 @@ func (q *Queries) SearchAuthNKeys(ctx context.Context, queries *AuthNKeySearchQu
 	return authNKeys, err
 }
 
-func (q *Queries) SearchAuthNKeysData(ctx context.Context, queries *AuthNKeySearchQueries) (authNKeys *AuthNKeysData, err error) {
+func (q *Queries) SearchAuthNKeysData(ctx context.Context, queries *AuthNKeySearchQueries, withOwnerRemoved bool) (authNKeys *AuthNKeysData, err error) {
 	query, scan := prepareAuthNKeysDataQuery()
 	query = queries.toQuery(query)
-	stmt, args, err := query.Where(
-		sq.Eq{
-			AuthNKeyColumnEnabled.identifier(): true,
-		},
-	).ToSql()
+	eq := sq.Eq{
+		AuthNKeyColumnEnabled.identifier():    true,
+		AuthNKeyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
+	}
+	if !withOwnerRemoved {
+		eq[AuthNKeyOwnerRemovedCol.identifier()] = false
+	}
+	stmt, args, err := query.Where(eq).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInvalidArgument(err, "QUERY-SAg3f", "Errors.Query.InvalidRequest")
 	}
@@ -164,7 +179,7 @@ func (q *Queries) SearchAuthNKeysData(ctx context.Context, queries *AuthNKeySear
 	return authNKeys, err
 }
 
-func (q *Queries) GetAuthNKeyByID(ctx context.Context, shouldTriggerBulk bool, id string, queries ...SearchQuery) (*AuthNKey, error) {
+func (q *Queries) GetAuthNKeyByID(ctx context.Context, shouldTriggerBulk bool, id string, withOwnerRemoved bool, queries ...SearchQuery) (*AuthNKey, error) {
 	if shouldTriggerBulk {
 		projection.AuthNKeyProjection.Trigger(ctx)
 	}
@@ -173,12 +188,15 @@ func (q *Queries) GetAuthNKeyByID(ctx context.Context, shouldTriggerBulk bool, i
 	for _, q := range queries {
 		query = q.toQuery(query)
 	}
-	stmt, args, err := query.Where(
-		sq.Eq{
-			AuthNKeyColumnID.identifier():         id,
-			AuthNKeyColumnEnabled.identifier():    true,
-			AuthNKeyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
-		}).ToSql()
+	eq := sq.Eq{
+		AuthNKeyColumnID.identifier():         id,
+		AuthNKeyColumnEnabled.identifier():    true,
+		AuthNKeyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
+	}
+	if !withOwnerRemoved {
+		eq[AuthNKeyOwnerRemovedCol.identifier()] = false
+	}
+	stmt, args, err := query.Where(eq).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-AGhg4", "Errors.Query.SQLStatement")
 	}
@@ -187,21 +205,34 @@ func (q *Queries) GetAuthNKeyByID(ctx context.Context, shouldTriggerBulk bool, i
 	return scan(row)
 }
 
-func (q *Queries) GetAuthNKeyPublicKeyByIDAndIdentifier(ctx context.Context, id string, identifier string) ([]byte, error) {
+func (q *Queries) GetAuthNKeyPublicKeyByIDAndIdentifier(ctx context.Context, id string, identifier string, withOwnerRemoved bool) ([]byte, error) {
 	stmt, scan := prepareAuthNKeyPublicKeyQuery()
-	query, args, err := stmt.Where(
-		sq.And{
+	eq := sq.And{
+		sq.Eq{
+			AuthNKeyColumnID.identifier():         id,
+			AuthNKeyColumnIdentifier.identifier(): identifier,
+			AuthNKeyColumnEnabled.identifier():    true,
+			AuthNKeyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
+		},
+		sq.Gt{
+			AuthNKeyColumnExpiration.identifier(): time.Now(),
+		},
+	}
+	if !withOwnerRemoved {
+		eq = sq.And{
 			sq.Eq{
 				AuthNKeyColumnID.identifier():         id,
 				AuthNKeyColumnIdentifier.identifier(): identifier,
 				AuthNKeyColumnEnabled.identifier():    true,
 				AuthNKeyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
+				AuthNKeyOwnerRemovedCol.identifier():  false,
 			},
 			sq.Gt{
 				AuthNKeyColumnExpiration.identifier(): time.Now(),
 			},
-		},
-	).ToSql()
+		}
+	}
+	query, args, err := stmt.Where(eq).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-DAb32", "Errors.Query.SQLStatement")
 	}
@@ -226,6 +257,7 @@ func prepareAuthNKeysQuery() (sq.SelectBuilder, func(rows *sql.Rows) (*AuthNKeys
 	return sq.Select(
 			AuthNKeyColumnID.identifier(),
 			AuthNKeyColumnCreationDate.identifier(),
+			AuthNKeyColumnChangeDate.identifier(),
 			AuthNKeyColumnResourceOwner.identifier(),
 			AuthNKeyColumnSequence.identifier(),
 			AuthNKeyColumnExpiration.identifier(),
@@ -240,6 +272,7 @@ func prepareAuthNKeysQuery() (sq.SelectBuilder, func(rows *sql.Rows) (*AuthNKeys
 				err := rows.Scan(
 					&authNKey.ID,
 					&authNKey.CreationDate,
+					&authNKey.ChangeDate,
 					&authNKey.ResourceOwner,
 					&authNKey.Sequence,
 					&authNKey.Expiration,
@@ -269,6 +302,7 @@ func prepareAuthNKeyQuery() (sq.SelectBuilder, func(row *sql.Row) (*AuthNKey, er
 	return sq.Select(
 			AuthNKeyColumnID.identifier(),
 			AuthNKeyColumnCreationDate.identifier(),
+			AuthNKeyColumnChangeDate.identifier(),
 			AuthNKeyColumnResourceOwner.identifier(),
 			AuthNKeyColumnSequence.identifier(),
 			AuthNKeyColumnExpiration.identifier(),
@@ -279,6 +313,7 @@ func prepareAuthNKeyQuery() (sq.SelectBuilder, func(row *sql.Row) (*AuthNKey, er
 			err := row.Scan(
 				&authNKey.ID,
 				&authNKey.CreationDate,
+				&authNKey.ChangeDate,
 				&authNKey.ResourceOwner,
 				&authNKey.Sequence,
 				&authNKey.Expiration,
@@ -317,6 +352,7 @@ func prepareAuthNKeysDataQuery() (sq.SelectBuilder, func(rows *sql.Rows) (*AuthN
 	return sq.Select(
 			AuthNKeyColumnID.identifier(),
 			AuthNKeyColumnCreationDate.identifier(),
+			AuthNKeyColumnChangeDate.identifier(),
 			AuthNKeyColumnResourceOwner.identifier(),
 			AuthNKeyColumnSequence.identifier(),
 			AuthNKeyColumnExpiration.identifier(),
@@ -333,6 +369,7 @@ func prepareAuthNKeysDataQuery() (sq.SelectBuilder, func(rows *sql.Rows) (*AuthN
 				err := rows.Scan(
 					&authNKey.ID,
 					&authNKey.CreationDate,
+					&authNKey.ChangeDate,
 					&authNKey.ResourceOwner,
 					&authNKey.Sequence,
 					&authNKey.Expiration,