feat: remove org (#4148)

* feat(command): remove org

* refactor: imports, unused code, error handling

* reduce org removed in action

* add org deletion to projections

* add org removal to projections

* add org removal to projections

* org removed projection

* lint import

* projections

* fix: table names in tests

* fix: table names in tests

* logging

* add org state

* fix(domain): add Owner removed to object details

* feat(ListQuery): add with owner removed

* fix(org-delete): add bool to functions to select with owner removed

* fix(org-delete): add bools to user grants with events to determine if dependencies lost owner

* fix(org-delete): add unit tests for owner removed and org removed events

* fix(org-delete): add handling of org remove for grants and members

* fix(org-delete): correction of unit tests for owner removed

* fix(org-delete): update projections, unit tests and get functions

* fix(org-delete): add change date to authnkeys and owner removed to org metadata

* fix(org-delete): include owner removed for login names

* fix(org-delete): some column fixes in projections and build for queries with owner removed

* indexes

* fix(org-delete): include review changes

* fix(org-delete): change user projection name after merge

* fix(org-delete): include review changes for project grant where no project owner is necessary

* fix(org-delete): include auth and adminapi tables with owner removed information

* fix(org-delete): cleanup username and orgdomain uniqueconstraints when org is removed

* fix(org-delete): add permissions for org.remove

* remove unnecessary unique constraints

* fix column order in primary keys

* fix(org-delete): include review changes

* fix(org-delete): add owner removed indexes and chang setup step to create tables

* fix(org-delete): move PK order of instance_id and change added user_grant from review

* fix(org-delete): no params for prepareUserQuery

* change to step 6

* merge main

* fix(org-delete): OldUserName rename to private

* fix linting

* cleanup

* fix: remove org test

* create prerelease

* chore: delete org-delete as prerelease

Co-authored-by: Stefan Benz <stefan@caos.ch>
Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>

internal/query/projection/authn_key.go

@@ -10,14 +10,16 @@ import (
 	"github.com/zitadel/zitadel/internal/eventstore/handler"
 	"github.com/zitadel/zitadel/internal/eventstore/handler/crdb"
 	"github.com/zitadel/zitadel/internal/repository/instance"
+	"github.com/zitadel/zitadel/internal/repository/org"
 	"github.com/zitadel/zitadel/internal/repository/project"
 	"github.com/zitadel/zitadel/internal/repository/user"
 )
 
 const (
-	AuthNKeyTable            = "projections.authn_keys"
+	AuthNKeyTable            = "projections.authn_keys2"
 	AuthNKeyIDCol            = "id"
 	AuthNKeyCreationDateCol  = "creation_date"
+	AuthNKeyChangeDateCol    = "change_date"
 	AuthNKeyResourceOwnerCol = "resource_owner"
 	AuthNKeyInstanceIDCol    = "instance_id"
 	AuthNKeyAggregateIDCol   = "aggregate_id"
@@ -28,6 +30,7 @@ const (
 	AuthNKeyPublicKeyCol     = "public_key"
 	AuthNKeyTypeCol          = "type"
 	AuthNKeyEnabledCol       = "enabled"
+	AuthNKeyOwnerRemovedCol  = "owner_removed"
 )
 
 type authNKeyProjection struct {
@@ -42,6 +45,7 @@ func newAuthNKeyProjection(ctx context.Context, config crdb.StatementHandlerConf
 		crdb.NewTable([]*crdb.Column{
 			crdb.NewColumn(AuthNKeyIDCol, crdb.ColumnTypeText),
 			crdb.NewColumn(AuthNKeyCreationDateCol, crdb.ColumnTypeTimestamp),
+			crdb.NewColumn(AuthNKeyChangeDateCol, crdb.ColumnTypeTimestamp),
 			crdb.NewColumn(AuthNKeyResourceOwnerCol, crdb.ColumnTypeText),
 			crdb.NewColumn(AuthNKeyInstanceIDCol, crdb.ColumnTypeText),
 			crdb.NewColumn(AuthNKeyAggregateIDCol, crdb.ColumnTypeText),
@@ -52,10 +56,12 @@ func newAuthNKeyProjection(ctx context.Context, config crdb.StatementHandlerConf
 			crdb.NewColumn(AuthNKeyPublicKeyCol, crdb.ColumnTypeBytes),
 			crdb.NewColumn(AuthNKeyEnabledCol, crdb.ColumnTypeBool, crdb.Default(true)),
 			crdb.NewColumn(AuthNKeyTypeCol, crdb.ColumnTypeEnum, crdb.Default(0)),
+			crdb.NewColumn(AuthNKeyOwnerRemovedCol, crdb.ColumnTypeBool, crdb.Default(false)),
 		},
 			crdb.NewPrimaryKey(AuthNKeyInstanceIDCol, AuthNKeyIDCol),
-			crdb.WithIndex(crdb.NewIndex("enabled_idx", []string{AuthNKeyEnabledCol})),
-			crdb.WithIndex(crdb.NewIndex("identifier_idx", []string{AuthNKeyIdentifierCol})),
+			crdb.WithIndex(crdb.NewIndex("enabled", []string{AuthNKeyEnabledCol})),
+			crdb.WithIndex(crdb.NewIndex("identifier", []string{AuthNKeyIdentifierCol})),
+			crdb.WithIndex(crdb.NewIndex("owner_removed", []string{AuthNKeyOwnerRemovedCol})),
 		),
 	)
 	p.StatementHandler = crdb.NewStatementHandler(ctx, config)
@@ -110,6 +116,15 @@ func (p *authNKeyProjection) reducers() []handler.AggregateReducer {
 				},
 			},
 		},
+		{
+			Aggregate: org.AggregateType,
+			EventRedusers: []handler.EventReducer{
+				{
+					Event:  org.OrgRemovedEventType,
+					Reduce: p.reduceOwnerRemoved,
+				},
+			},
+		},
 		{
 			Aggregate: instance.AggregateType,
 			EventRedusers: []handler.EventReducer{
@@ -152,29 +167,30 @@ func (p *authNKeyProjection) reduceAuthNKeyAdded(event eventstore.Event) (*handl
 	default:
 		return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-Dgb32", "reduce.wrong.event.type %v", []eventstore.EventType{project.ApplicationKeyAddedEventType, user.MachineKeyAddedEventType})
 	}
-	return crdb.NewMultiStatement(
+	return crdb.NewCreateStatement(
 		&authNKeyEvent,
-		crdb.AddCreateStatement(
-			[]handler.Column{
-				handler.NewCol(AuthNKeyIDCol, authNKeyEvent.keyID),
-				handler.NewCol(AuthNKeyCreationDateCol, authNKeyEvent.CreationDate()),
-				handler.NewCol(AuthNKeyResourceOwnerCol, authNKeyEvent.Aggregate().ResourceOwner),
-				handler.NewCol(AuthNKeyInstanceIDCol, authNKeyEvent.Aggregate().InstanceID),
-				handler.NewCol(AuthNKeyAggregateIDCol, authNKeyEvent.Aggregate().ID),
-				handler.NewCol(AuthNKeySequenceCol, authNKeyEvent.Sequence()),
-				handler.NewCol(AuthNKeyObjectIDCol, authNKeyEvent.objectID),
-				handler.NewCol(AuthNKeyExpirationCol, authNKeyEvent.expiration),
-				handler.NewCol(AuthNKeyIdentifierCol, authNKeyEvent.identifier),
-				handler.NewCol(AuthNKeyPublicKeyCol, authNKeyEvent.publicKey),
-				handler.NewCol(AuthNKeyTypeCol, authNKeyEvent.keyType),
-			},
-		),
+		[]handler.Column{
+			handler.NewCol(AuthNKeyIDCol, authNKeyEvent.keyID),
+			handler.NewCol(AuthNKeyCreationDateCol, authNKeyEvent.CreationDate()),
+			handler.NewCol(AuthNKeyChangeDateCol, authNKeyEvent.CreationDate()),
+			handler.NewCol(AuthNKeyResourceOwnerCol, authNKeyEvent.Aggregate().ResourceOwner),
+			handler.NewCol(AuthNKeyInstanceIDCol, authNKeyEvent.Aggregate().InstanceID),
+			handler.NewCol(AuthNKeyAggregateIDCol, authNKeyEvent.Aggregate().ID),
+			handler.NewCol(AuthNKeySequenceCol, authNKeyEvent.Sequence()),
+			handler.NewCol(AuthNKeyObjectIDCol, authNKeyEvent.objectID),
+			handler.NewCol(AuthNKeyExpirationCol, authNKeyEvent.expiration),
+			handler.NewCol(AuthNKeyIdentifierCol, authNKeyEvent.identifier),
+			handler.NewCol(AuthNKeyPublicKeyCol, authNKeyEvent.publicKey),
+			handler.NewCol(AuthNKeyTypeCol, authNKeyEvent.keyType),
+		},
 	), nil
 }
 
 func (p *authNKeyProjection) reduceAuthNKeyEnabledChanged(event eventstore.Event) (*handler.Statement, error) {
 	var appID string
 	var enabled bool
+	var changeDate time.Time
+	var sequence uint64
 	switch e := event.(type) {
 	case *project.APIConfigChangedEvent:
 		if e.AuthMethodType == nil {
@@ -182,18 +198,26 @@ func (p *authNKeyProjection) reduceAuthNKeyEnabledChanged(event eventstore.Event
 		}
 		appID = e.AppID
 		enabled = *e.AuthMethodType == domain.APIAuthMethodTypePrivateKeyJWT
+		changeDate = e.CreationDate()
+		sequence = e.Sequence()
 	case *project.OIDCConfigChangedEvent:
 		if e.AuthMethodType == nil {
 			return crdb.NewNoOpStatement(event), nil
 		}
 		appID = e.AppID
 		enabled = *e.AuthMethodType == domain.OIDCAuthMethodTypePrivateKeyJWT
+		changeDate = e.CreationDate()
+		sequence = e.Sequence()
 	default:
 		return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-Dbrt1", "reduce.wrong.event.type %v", []eventstore.EventType{project.APIConfigChangedType, project.OIDCConfigChangedType})
 	}
 	return crdb.NewUpdateStatement(
 		event,
-		[]handler.Column{handler.NewCol(AuthNKeyEnabledCol, enabled)},
+		[]handler.Column{
+			handler.NewCol(AuthNKeyChangeDateCol, changeDate),
+			handler.NewCol(AuthNKeySequenceCol, sequence),
+			handler.NewCol(AuthNKeyEnabledCol, enabled),
+		},
 		[]handler.Condition{
 			handler.NewCond(AuthNKeyObjectIDCol, appID),
 			handler.NewCond(AuthNKeyInstanceIDCol, event.Aggregate().InstanceID),
@@ -225,3 +249,23 @@ func (p *authNKeyProjection) reduceAuthNKeyRemoved(event eventstore.Event) (*han
 		},
 	), nil
 }
+
+func (p *authNKeyProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) {
+	e, ok := event.(*org.OrgRemovedEvent)
+	if !ok {
+		return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-Hyd1f", "reduce.wrong.event.type %s", org.OrgRemovedEventType)
+	}
+
+	return crdb.NewUpdateStatement(
+		e,
+		[]handler.Column{
+			handler.NewCol(AuthNKeyChangeDateCol, e.CreationDate()),
+			handler.NewCol(AuthNKeySequenceCol, e.Sequence()),
+			handler.NewCol(AuthNKeyOwnerRemovedCol, true),
+		},
+		[]handler.Condition{
+			handler.NewCond(AuthNKeyInstanceIDCol, e.Aggregate().InstanceID),
+			handler.NewCond(AuthNKeyResourceOwnerCol, e.Aggregate().ID),
+		},
+	), nil
+}