feat: remove org (#4148)

* feat(command): remove org * refactor: imports, unused code, error handling * reduce org removed in action * add org deletion to projections * add org removal to projections * add org removal to projections * org removed projection * lint import * projections * fix: table names in tests * fix: table names in tests * logging * add org state * fix(domain): add Owner removed to object details * feat(ListQuery): add with owner removed * fix(org-delete): add bool to functions to select with owner removed * fix(org-delete): add bools to user grants with events to determine if dependencies lost owner * fix(org-delete): add unit tests for owner removed and org removed events * fix(org-delete): add handling of org remove for grants and members * fix(org-delete): correction of unit tests for owner removed * fix(org-delete): update projections, unit tests and get functions * fix(org-delete): add change date to authnkeys and owner removed to org metadata * fix(org-delete): include owner removed for login names * fix(org-delete): some column fixes in projections and build for queries with owner removed * indexes * fix(org-delete): include review changes * fix(org-delete): change user projection name after merge * fix(org-delete): include review changes for project grant where no project owner is necessary * fix(org-delete): include auth and adminapi tables with owner removed information * fix(org-delete): cleanup username and orgdomain uniqueconstraints when org is removed * fix(org-delete): add permissions for org.remove * remove unnecessary unique constraints * fix column order in primary keys * fix(org-delete): include review changes * fix(org-delete): add owner removed indexes and chang setup step to create tables * fix(org-delete): move PK order of instance_id and change added user_grant from review * fix(org-delete): no params for prepareUserQuery * change to step 6 * merge main * fix(org-delete): OldUserName rename to private * fix linting * cleanup * fix: remove org test * create prerelease * chore: delete org-delete as prerelease Co-authored-by: Stefan Benz <stefan@caos.ch> Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2025-08-12 01:47:33 +00:00 · 2022-11-30 17:01:17 +01:00
parent 21a4e73bb6
commit f3e6f3b23b
304 changed files with 7293 additions and 3286 deletions
--- a/internal/user/model/external_idp_view.go
+++ b/internal/user/model/external_idp_view.go
@@ -36,6 +36,7 @@ const (
 	ExternalIDPSearchKeyIdpConfigID
 	ExternalIDPSearchKeyResourceOwner
 	ExternalIDPSearchKeyInstanceID
+	ExternalIDPSearchKeyOwnerRemoved
 )

 type ExternalIDPSearchQuery struct {
--- a/internal/user/model/user_session_view.go
+++ b/internal/user/model/user_session_view.go
@@ -46,6 +46,7 @@ const (
 	UserSessionSearchKeyState
 	UserSessionSearchKeyResourceOwner
 	UserSessionSearchKeyInstanceID
+	UserSessionSearchKeyOwnerRemoved
 )

 type UserSessionSearchQuery struct {
--- a/internal/user/model/user_view.go
+++ b/internal/user/model/user_view.go
@@ -94,6 +94,7 @@ const (
 	UserSearchKeyType
 	UserSearchKeyPreferredLoginName
 	UserSearchKeyInstanceID
+	UserSearchOwnerRemoved
 )

 type UserSearchQuery struct {
--- a/internal/user/repository/view/external_idp_view.go
+++ b/internal/user/repository/view/external_idp_view.go
@@ -28,7 +28,12 @@ func ExternalIDPByExternalUserIDAndIDPConfigID(db *gorm.DB, table, externalUserI
 		Method: domain.SearchMethodEquals,
 		Value:  instanceID,
 	}
-	query := repository.PrepareGetByQuery(table, userIDQuery, idpConfigIDQuery, instanceIDQuery)
+	ownerRemovedQuery := &model.ExternalIDPSearchQuery{
+		Key:    usr_model.ExternalIDPSearchKeyOwnerRemoved,
+		Method: domain.SearchMethodEquals,
+		Value:  false,
+	}
+	query := repository.PrepareGetByQuery(table, userIDQuery, idpConfigIDQuery, instanceIDQuery, ownerRemovedQuery)
 	err := query(db, user)
 	if caos_errs.IsNotFound(err) {
 		return nil, caos_errs.ThrowNotFound(nil, "VIEW-Mso9f", "Errors.ExternalIDP.NotFound")
@@ -58,7 +63,12 @@ func ExternalIDPByExternalUserIDAndIDPConfigIDAndResourceOwner(db *gorm.DB, tabl
 		Method: domain.SearchMethodEquals,
 		Value:  instanceID,
 	}
-	query := repository.PrepareGetByQuery(table, userIDQuery, idpConfigIDQuery, resourceOwnerQuery, instanceIDQuery)
+	ownerRemovedQuery := &model.ExternalIDPSearchQuery{
+		Key:    usr_model.ExternalIDPSearchKeyOwnerRemoved,
+		Method: domain.SearchMethodEquals,
+		Value:  false,
+	}
+	query := repository.PrepareGetByQuery(table, userIDQuery, idpConfigIDQuery, resourceOwnerQuery, instanceIDQuery, ownerRemovedQuery)
 	err := query(db, user)
 	if caos_errs.IsNotFound(err) {
 		return nil, caos_errs.ThrowNotFound(nil, "VIEW-Sf8sd", "Errors.ExternalIDP.NotFound")
@@ -78,8 +88,13 @@ func ExternalIDPsByIDPConfigID(db *gorm.DB, table, idpConfigID, instanceID strin
 		Method: domain.SearchMethodEquals,
 		Value:  instanceID,
 	}
+	ownerRemovedQuery := &usr_model.ExternalIDPSearchQuery{
+		Key:    usr_model.ExternalIDPSearchKeyOwnerRemoved,
+		Method: domain.SearchMethodEquals,
+		Value:  false,
+	}
 	query := repository.PrepareSearchQuery(table, model.ExternalIDPSearchRequest{
-		Queries: []*usr_model.ExternalIDPSearchQuery{orgIDQuery, instanceIDQuery},
+		Queries: []*usr_model.ExternalIDPSearchQuery{orgIDQuery, instanceIDQuery, ownerRemovedQuery},
 	})
 	_, err := query(db, &externalIDPs)
 	return externalIDPs, err
@@ -120,3 +135,13 @@ func DeleteInstanceExternalIDPs(db *gorm.DB, table, instanceID string) error {
 	delete := repository.PrepareDeleteByKey(table, model.ExternalIDPSearchKey(usr_model.ExternalIDPSearchKeyInstanceID), instanceID)
 	return delete(db)
 }
+
+func UpdateOrgOwnerRemovedExternalIDPs(db *gorm.DB, table, instanceID, aggID string) error {
+	update := repository.PrepareUpdateByKeys(table,
+		model.ExternalIDPSearchKey(usr_model.ExternalIDPSearchKeyOwnerRemoved),
+		true,
+		repository.Key{Key: model.ExternalIDPSearchKey(usr_model.ExternalIDPSearchKeyInstanceID), Value: instanceID},
+		repository.Key{Key: model.ExternalIDPSearchKey(usr_model.ExternalIDPSearchKeyResourceOwner), Value: aggID},
+	)
+	return update(db)
+}
--- a/internal/user/repository/view/model/external_idp_query.go
+++ b/internal/user/repository/view/model/external_idp_query.go
@@ -61,6 +61,8 @@ func (key ExternalIDPSearchKey) ToColumnName() string {
 		return ExternalIDPKeyResourceOwner
 	case usr_model.ExternalIDPSearchKeyInstanceID:
 		return ExternalIDPKeyInstanceID
+	case usr_model.ExternalIDPSearchKeyOwnerRemoved:
+		return ExternalIDPKeyOwnerRemoved
 	default:
 		return ""
 	}
--- a/internal/user/repository/view/model/external_idps.go
+++ b/internal/user/repository/view/model/external_idps.go
@@ -18,6 +18,7 @@ const (
 	ExternalIDPKeyIDPConfigID    = "idp_config_id"
 	ExternalIDPKeyResourceOwner  = "resource_owner"
 	ExternalIDPKeyInstanceID     = "instance_id"
+	ExternalIDPKeyOwnerRemoved   = "owner_removed"
 )

 type ExternalIDPView struct {
--- a/internal/user/repository/view/model/user.go
+++ b/internal/user/repository/view/model/user.go
@@ -32,6 +32,7 @@ const (
 	UserKeyPreferredLoginName = "preferred_login_name"
 	UserKeyType               = "user_type"
 	UserKeyInstanceID         = "instance_id"
+	UserKeyOwnerRemoved       = "owner_removed"
 )

 type userType string
--- a/internal/user/repository/view/model/user_query.go
+++ b/internal/user/repository/view/model/user_query.go
@@ -77,6 +77,8 @@ func (key UserSearchKey) ToColumnName() string {
 		return UserKeyType
 	case usr_model.UserSearchKeyInstanceID:
 		return UserKeyInstanceID
+	case usr_model.UserSearchOwnerRemoved:
+		return UserKeyOwnerRemoved
 	default:
 		return ""
 	}
--- a/internal/user/repository/view/model/user_session.go
+++ b/internal/user/repository/view/model/user_session.go
@@ -21,6 +21,7 @@ const (
 	UserSessionKeyState         = "state"
 	UserSessionKeyResourceOwner = "resource_owner"
 	UserSessionKeyInstanceID    = "instance_id"
+	UserSessionKeyOwnerRemoved  = "owner_removed"
 )

 type UserSessionView struct {
--- a/internal/user/repository/view/model/user_session_query.go
+++ b/internal/user/repository/view/model/user_session_query.go
@@ -61,6 +61,8 @@ func (key UserSessionSearchKey) ToColumnName() string {
 		return UserSessionKeyResourceOwner
 	case usr_model.UserSessionSearchKeyInstanceID:
 		return UserSessionKeyInstanceID
+	case usr_model.UserSessionSearchKeyOwnerRemoved:
+		return UserSessionKeyOwnerRemoved
 	default:
 		return ""
 	}
--- a/internal/user/repository/view/refresh_token_view.go
+++ b/internal/user/repository/view/refresh_token_view.go
@@ -90,12 +90,26 @@ func DeleteUserRefreshTokens(db *gorm.DB, table, userID, instanceID string) erro
 	return delete(db)
 }

-func DeleteApplicationRefreshTokens(db *gorm.DB, table string, appIDs []string) error {
-	delete := repository.PrepareDeleteByKey(table, usr_model.RefreshTokenSearchKey(model.RefreshTokenSearchKeyApplicationID), appIDs)
+func DeleteApplicationRefreshTokens(db *gorm.DB, table string, instanceID string, appIDs []string) error {
+	delete := repository.PrepareDeleteByKeys(table,
+		repository.Key{Key: usr_model.RefreshTokenSearchKey(model.RefreshTokenSearchKeyInstanceID), Value: instanceID},
+		repository.Key{Key: usr_model.RefreshTokenSearchKey(model.RefreshTokenSearchKeyApplicationID), Value: appIDs},
+	)
+	return delete(db)
+}
+
+func DeleteOrgRefreshTokens(db *gorm.DB, table string, instanceID, orgID string) error {
+	delete := repository.PrepareDeleteByKeys(table,
+		repository.Key{Key: usr_model.RefreshTokenSearchKey(model.RefreshTokenSearchKeyInstanceID), Value: instanceID},
+		repository.Key{Key: usr_model.RefreshTokenSearchKey(model.RefreshTokenSearchKeyResourceOwner), Value: orgID},
+	)
 	return delete(db)
 }

 func DeleteInstanceRefreshTokens(db *gorm.DB, table string, instanceID string) error {
-	delete := repository.PrepareDeleteByKey(table, usr_model.RefreshTokenSearchKey(model.RefreshTokenSearchKeyInstanceID), instanceID)
+	delete := repository.PrepareDeleteByKey(table,
+		usr_model.RefreshTokenSearchKey(model.RefreshTokenSearchKeyInstanceID),
+		instanceID,
+	)
 	return delete(db)
 }
--- a/internal/user/repository/view/token_view.go
+++ b/internal/user/repository/view/token_view.go
@@ -64,8 +64,8 @@ func PutTokens(db *gorm.DB, table string, tokens ...*usr_model.TokenView) error

 func DeleteToken(db *gorm.DB, table, tokenID, instanceID string) error {
 	delete := repository.PrepareDeleteByKeys(table,
-		repository.Key{usr_model.TokenSearchKey(model.TokenSearchKeyTokenID), tokenID},
-		repository.Key{usr_model.TokenSearchKey(model.TokenSearchKeyInstanceID), instanceID},
+		repository.Key{Key: usr_model.TokenSearchKey(model.TokenSearchKeyTokenID), Value: tokenID},
+		repository.Key{Key: usr_model.TokenSearchKey(model.TokenSearchKeyInstanceID), Value: instanceID},
 	)
 	return delete(db)
 }
@@ -81,29 +81,40 @@ func DeleteSessionTokens(db *gorm.DB, table, agentID, userID, instanceID string)

 func DeleteUserTokens(db *gorm.DB, table, userID, instanceID string) error {
 	delete := repository.PrepareDeleteByKeys(table,
-		repository.Key{usr_model.TokenSearchKey(model.TokenSearchKeyUserID), userID},
-		repository.Key{usr_model.TokenSearchKey(model.TokenSearchKeyInstanceID), instanceID},
+		repository.Key{Key: usr_model.TokenSearchKey(model.TokenSearchKeyUserID), Value: userID},
+		repository.Key{Key: usr_model.TokenSearchKey(model.TokenSearchKeyInstanceID), Value: instanceID},
 	)
 	return delete(db)
 }

 func DeleteTokensFromRefreshToken(db *gorm.DB, table, refreshTokenID, instanceID string) error {
 	delete := repository.PrepareDeleteByKeys(table,
-		repository.Key{usr_model.TokenSearchKey(model.TokenSearchKeyRefreshTokenID), refreshTokenID},
-		repository.Key{usr_model.TokenSearchKey(model.TokenSearchKeyInstanceID), instanceID},
+		repository.Key{Key: usr_model.TokenSearchKey(model.TokenSearchKeyRefreshTokenID), Value: refreshTokenID},
+		repository.Key{Key: usr_model.TokenSearchKey(model.TokenSearchKeyInstanceID), Value: instanceID},
 	)
 	return delete(db)
 }

 func DeleteApplicationTokens(db *gorm.DB, table, instanceID string, appIDs []string) error {
 	delete := repository.PrepareDeleteByKeys(table,
-		repository.Key{usr_model.TokenSearchKey(model.TokenSearchKeyApplicationID), appIDs},
-		repository.Key{usr_model.TokenSearchKey(model.TokenSearchKeyInstanceID), instanceID},
+		repository.Key{Key: usr_model.TokenSearchKey(model.TokenSearchKeyApplicationID), Value: appIDs},
+		repository.Key{Key: usr_model.TokenSearchKey(model.TokenSearchKeyInstanceID), Value: instanceID},
 	)
 	return delete(db)
 }

 func DeleteInstanceTokens(db *gorm.DB, table, instanceID string) error {
-	delete := repository.PrepareDeleteByKey(table, usr_model.TokenSearchKey(model.TokenSearchKeyInstanceID), instanceID)
+	delete := repository.PrepareDeleteByKey(table,
+		usr_model.TokenSearchKey(model.TokenSearchKeyInstanceID),
+		instanceID,
+	)
+	return delete(db)
+}
+
+func DeleteOrgTokens(db *gorm.DB, table, instanceID, orgID string) error {
+	delete := repository.PrepareDeleteByKeys(table,
+		repository.Key{Key: usr_model.TokenSearchKey(model.TokenSearchKeyResourceOwner), Value: orgID},
+		repository.Key{Key: usr_model.TokenSearchKey(model.TokenSearchKeyInstanceID), Value: instanceID},
+	)
 	return delete(db)
 }
--- a/internal/user/repository/view/user_session_view.go
+++ b/internal/user/repository/view/user_session_view.go
@@ -120,13 +120,24 @@ func PutUserSessions(db *gorm.DB, table string, sessions ...*model.UserSessionVi

 func DeleteUserSessions(db *gorm.DB, table, userID, instanceID string) error {
 	delete := repository.PrepareDeleteByKeys(table,
-		repository.Key{model.UserSessionSearchKey(usr_model.UserSessionSearchKeyUserID), userID},
-		repository.Key{model.UserSessionSearchKey(usr_model.UserSessionSearchKeyInstanceID), instanceID},
+		repository.Key{Key: model.UserSessionSearchKey(usr_model.UserSessionSearchKeyUserID), Value: userID},
+		repository.Key{Key: model.UserSessionSearchKey(usr_model.UserSessionSearchKeyInstanceID), Value: instanceID},
 	)
 	return delete(db)
 }

 func DeleteInstanceUserSessions(db *gorm.DB, table, instanceID string) error {
-	delete := repository.PrepareDeleteByKey(table, model.UserSessionSearchKey(usr_model.UserSessionSearchKeyInstanceID), instanceID)
+	delete := repository.PrepareDeleteByKey(table,
+		model.UserSessionSearchKey(usr_model.UserSessionSearchKeyInstanceID),
+		instanceID,
+	)
+	return delete(db)
+}
+
+func DeleteOrgUserSessions(db *gorm.DB, table, instanceID, orgID string) error {
+	delete := repository.PrepareDeleteByKeys(table,
+		repository.Key{Key: model.UserSessionSearchKey(usr_model.UserSessionSearchKeyResourceOwner), Value: orgID},
+		repository.Key{Key: model.UserSessionSearchKey(usr_model.UserSessionSearchKeyInstanceID), Value: instanceID},
+	)
 	return delete(db)
 }
--- a/internal/user/repository/view/user_view.go
+++ b/internal/user/repository/view/user_view.go
@@ -23,7 +23,12 @@ func UserByID(db *gorm.DB, table, userID, instanceID string) (*model.UserView, e
 		Method: domain.SearchMethodEquals,
 		Value:  instanceID,
 	}
-	query := repository.PrepareGetByQuery(table, userIDQuery, instanceIDQuery)
+	ownerRemovedQuery := &model.UserSearchQuery{
+		Key:    usr_model.UserSearchOwnerRemoved,
+		Method: domain.SearchMethodEquals,
+		Value:  false,
+	}
+	query := repository.PrepareGetByQuery(table, userIDQuery, instanceIDQuery, ownerRemovedQuery)
 	err := query(db, user)
 	if caos_errs.IsNotFound(err) {
 		return nil, caos_errs.ThrowNotFound(nil, "VIEW-sj8Sw", "Errors.User.NotFound")
@@ -44,7 +49,12 @@ func UserByUserName(db *gorm.DB, table, userName, instanceID string) (*model.Use
 		Method: domain.SearchMethodEquals,
 		Value:  instanceID,
 	}
-	query := repository.PrepareGetByQuery(table, userNameQuery, instanceIDQuery)
+	ownerRemovedQuery := &model.UserSearchQuery{
+		Key:    usr_model.UserSearchOwnerRemoved,
+		Method: domain.SearchMethodEquals,
+		Value:  false,
+	}
+	query := repository.PrepareGetByQuery(table, userNameQuery, instanceIDQuery, ownerRemovedQuery)
 	err := query(db, user)
 	if caos_errs.IsNotFound(err) {
 		return nil, caos_errs.ThrowNotFound(nil, "VIEW-Lso9s", "Errors.User.NotFound")
@@ -65,7 +75,12 @@ func UserByLoginName(db *gorm.DB, table, loginName, instanceID string) (*model.U
 		Method: domain.SearchMethodEquals,
 		Value:  instanceID,
 	}
-	query := repository.PrepareGetByQuery(table, loginNameQuery, instanceIDQuery)
+	ownerRemovedQuery := &model.UserSearchQuery{
+		Key:    usr_model.UserSearchOwnerRemoved,
+		Method: domain.SearchMethodEquals,
+		Value:  false,
+	}
+	query := repository.PrepareGetByQuery(table, loginNameQuery, instanceIDQuery, ownerRemovedQuery)
 	err := query(db, user)
 	if caos_errs.IsNotFound(err) {
 		return nil, caos_errs.ThrowNotFound(nil, "VIEW-AD4qs", "Errors.User.NotFound")
@@ -91,7 +106,12 @@ func UserByLoginNameAndResourceOwner(db *gorm.DB, table, loginName, resourceOwne
 		Method: domain.SearchMethodEquals,
 		Value:  instanceID,
 	}
-	query := repository.PrepareGetByQuery(table, loginNameQuery, resourceOwnerQuery, instanceIDQuery)
+	ownerRemovedQuery := &model.UserSearchQuery{
+		Key:    usr_model.UserSearchOwnerRemoved,
+		Method: domain.SearchMethodEquals,
+		Value:  false,
+	}
+	query := repository.PrepareGetByQuery(table, loginNameQuery, resourceOwnerQuery, instanceIDQuery, ownerRemovedQuery)
 	err := query(db, user)
 	if caos_errs.IsNotFound(err) {
 		return nil, caos_errs.ThrowNotFound(nil, "VIEW-AD4qs", "Errors.User.NotFoundOnOrg")
@@ -112,8 +132,13 @@ func UsersByOrgID(db *gorm.DB, table, orgID, instanceID string) ([]*model.UserVi
 		Method: domain.SearchMethodEquals,
 		Value:  instanceID,
 	}
+	ownerRemovedQuery := &usr_model.UserSearchQuery{
+		Key:    usr_model.UserSearchOwnerRemoved,
+		Method: domain.SearchMethodEquals,
+		Value:  false,
+	}
 	query := repository.PrepareSearchQuery(table, model.UserSearchRequest{
-		Queries: []*usr_model.UserSearchQuery{orgIDQuery, instanceIDQuery},
+		Queries: []*usr_model.UserSearchQuery{orgIDQuery, instanceIDQuery, ownerRemovedQuery},
 	})
 	_, err := query(db, &users)
 	return users, err
@@ -134,8 +159,13 @@ func UserIDsByDomain(db *gorm.DB, table, orgDomain, instanceID string) ([]string
 		Method: domain.SearchMethodEquals,
 		Value:  instanceID,
 	}
+	ownerRemovedQuery := &usr_model.UserSearchQuery{
+		Key:    usr_model.UserSearchOwnerRemoved,
+		Method: domain.SearchMethodEquals,
+		Value:  false,
+	}
 	query := repository.PrepareSearchQuery(table, model.UserSearchRequest{
-		Queries: []*usr_model.UserSearchQuery{orgIDQuery, instanceIDQuery},
+		Queries: []*usr_model.UserSearchQuery{orgIDQuery, instanceIDQuery, ownerRemovedQuery},
 	})
 	_, err := query(db, &ids)
 	if err != nil {
@@ -163,6 +193,7 @@ func GetGlobalUserByLoginName(db *gorm.DB, table, loginName, instanceID string)
 	query := repository.PrepareGetByQuery(table,
 		&model.UserSearchQuery{Key: usr_model.UserSearchKeyLoginNames, Value: loginName, Method: domain.SearchMethodListContains},
 		&model.UserSearchQuery{Key: usr_model.UserSearchKeyInstanceID, Value: instanceID, Method: domain.SearchMethodEquals},
+		&model.UserSearchQuery{Key: usr_model.UserSearchOwnerRemoved, Value: false, Method: domain.SearchMethodEquals},
 	)
 	err := query(db, user)
 	if caos_errs.IsNotFound(err) {
@@ -209,3 +240,13 @@ func DeleteInstanceUsers(db *gorm.DB, table, instanceID string) error {
 	delete := repository.PrepareDeleteByKey(table, model.UserSearchKey(usr_model.UserSearchKeyInstanceID), instanceID)
 	return delete(db)
 }
+
+func UpdateOrgOwnerRemovedUsers(db *gorm.DB, table, instanceID, aggID string) error {
+	update := repository.PrepareUpdateByKeys(table,
+		model.UserSearchKey(usr_model.UserSearchOwnerRemoved),
+		true,
+		repository.Key{Key: model.UserSearchKey(usr_model.UserSearchKeyInstanceID), Value: instanceID},
+		repository.Key{Key: model.UserSearchKey(usr_model.UserSearchKeyResourceOwner), Value: aggID},
+	)
+	return update(db)
+}