TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 19:07:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: policies on aggregates (#799)

Browse Source 
* feat: move pw policy

* feat: default pw complexity policy

* fix: org password complexity policy

* fix: org password complexity policy

* fix: pw complexity policy with setup

* fix: age and lockout policies on aggregates

* fix: migration

* fix: org iam policy

* fix: org iam policy

* fix: org iam policy

* fix: tests

* fix: policy request

* fix: merge master

* fix(console): policies frontend (#817)

* fix policy build

* fix: age, complexity, lockout policies

* fix: ready return err of setup not done

* fix: fix remove policies in spoolers

* fix: fix remove policies in spoolers

* feat(console): policy settings for iam and org (#824)

* fix policy build

* fix: age, complexity, lockout policies

* fix pwd complexity

* policy remove action

* add imports

* fix accounts card, enable mgmt login policy

* lint

* add iam policy to admin

* toasts, i18n, show default

* routing, i18n

* reset policy, toast i18n, cleanup, routing

* policy delete permission

* lint style

* delete iam policy

* delete non project from grid list, i18n

* lint ts, style

* fix: remove instead delete

* feat(console): delete external idp from user (#835)

* dialog i18n, delete column and function

* dialog i18n

* fix rm button

* Update console/src/assets/i18n/de.json

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* Update console/src/assets/i18n/de.json

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* fix: revert env, rename policy, remove comments

* fix: lowercase sich

* fix: pr requests

* Update internal/iam/repository/eventsourcing/eventstore_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* fix: tests

* fix: tests

* fix(console): policies (#839)

* fix: nil pointer on get userdata (#815)

* fix: external login (#818)

* fix: external login

* fix: external login

* feat(console): delete user (#819)

* add action col to user table, i18n

* delete user from detail component

* lint

* fix(console): cleanup user detail and member components, user/me redirect, permission guards, filter, org policy guard, user table, scss cleanup (#808)

* fix: remove user.write guard for filtering

* border color

* fix user routing from member tables

* idp detail layout

* generic contact component

* fix redirect to auth user, user grant disable

* disable policy action without permission, i18n

* user-create flex fix, contact ng-content

* rm unused styles

* sidenav divider

* lint

* chore(deps-dev): bump @angular/cli from 10.1.3 to 10.1.4 in /console (#806)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps-dev): bump @angular/cli from 10.1.3 to 10.1.4 in /console

Bumps [@angular/cli](https://github.com/angular/angular-cli) from 10.1.3 to 10.1.4.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/compare/v10.1.3...v10.1.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump @angular/language-service from 10.1.3 to 10.1.4 in /console (#805)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps-dev): bump @angular/language-service in /console

Bumps [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service) from 10.1.3 to 10.1.4.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/master/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/10.1.4/packages/language-service)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump codelyzer from 6.0.0 to 6.0.1 in /console (#804)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps-dev): bump codelyzer from 6.0.0 to 6.0.1 in /console

Bumps [codelyzer](https://github.com/mgechev/codelyzer) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/mgechev/codelyzer/releases)
- [Changelog](https://github.com/mgechev/codelyzer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mgechev/codelyzer/commits/6.0.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump @angular-devkit/build-angular from 0.1000.8 to 0.1001.4 in /console (#803)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps-dev): bump @angular-devkit/build-angular in /console

Bumps [@angular-devkit/build-angular](https://github.com/angular/angular-cli) from 0.1000.8 to 0.1001.4.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>

* chore(deps): bump uuid from 8.3.0 to 8.3.1 in /console (#802)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps): bump uuid from 8.3.0 to 8.3.1 in /console

Bumps [uuid](https://github.com/uuidjs/uuid) from 8.3.0 to 8.3.1.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uuidjs/uuid/compare/v8.3.0...v8.3.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* create memberstable as common component

* iam member cleanup

* iam + org m table, user table service user avatar

* toast config

* fix selection emitter

* fix project grant table width

* project grant members refactor

* theme optimizations

* member table col delete

* lint

* fix table row color

* refactor grey color

* lint scss

* org list redirect on click, fix user table undef

* refresh table after grant add

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>

* fix(console): intercept navigator.language, set browser lang as default for user without explicit setting, user table outline, member create dialog import (#820)

* i18n interceptor, set language to browser lang

* nullcheck

* rm external idp log

* fix module imports, rm user displayname from i18n

* Update console/src/assets/i18n/de.json

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* fix: delete external idps from users (#822)

* fix(console): permission regex, account switcher null check, restrict app and member create access (#821)

* fix member table disable, gerneal regexp

* fix user session card, app disable

* memberships max count

* fix policy permissions

* permission check for member add dialog

* lint

* rm accounts log

* rm id regex

* fix: handle usermemberships on project and project grant delete (#825)

* fix: go handler

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>

* fix: tests

* fix: not needed error handling

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
This commit is contained in:
Fabi
2020-10-15 10:27:13 +02:00
committed by GitHub
parent adb24a52fc
commit fbb30840f1
248 changed files with 23960 additions and 13843 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
internal/iam/model/iam.go
View File

@@ -8,21 +8,27 @@ type Step int
const (
Step1 Step = iota + 1
//TODO: label policy
// Step2
Step2
Step3
Step4
Step5
//StepCount marks the the length of possible steps (StepCount-1 == last possible step)
StepCount
)
type IAM struct {
es_models.ObjectRoot
GlobalOrgID string
IAMProjectID string
SetUpDone Step
SetUpStarted Step
Members []*IAMMember
IDPs []*IDPConfig
DefaultLoginPolicy *LoginPolicy
GlobalOrgID string
IAMProjectID string
SetUpDone Step
SetUpStarted Step
Members []*IAMMember
IDPs []*IDPConfig
DefaultLoginPolicy *LoginPolicy
DefaultOrgIAMPolicy *OrgIAMPolicy
DefaultPasswordComplexityPolicy *PasswordComplexityPolicy
DefaultPasswordAgePolicy *PasswordAgePolicy
DefaultPasswordLockoutPolicy *PasswordLockoutPolicy
}
func (iam *IAM) GetMember(userID string) (int, *IAMMember) {

13
internal/iam/model/org_iam_policy.go Normal file
View File

@@ -0,0 +1,13 @@
package model
import (
"github.com/caos/zitadel/internal/eventstore/models"
)
type OrgIAMPolicy struct {
models.ObjectRoot
State PolicyState
UserLoginMustBeDomain bool
Default bool
}

47
internal/iam/model/org_iam_policy_view.go Normal file
View File

@@ -0,0 +1,47 @@
package model
import (
"github.com/caos/zitadel/internal/model"
"time"
)
type OrgIAMPolicyView struct {
AggregateID string
UserLoginMustBeDomain bool
IAMDomain string
Default bool
CreationDate time.Time
ChangeDate time.Time
Sequence uint64
}
type OrgIAMPolicySearchRequest struct {
Offset uint64
Limit uint64
SortingColumn OrgIAMPolicySearchKey
Asc bool
Queries []*OrgIAMPolicySearchQuery
}
type OrgIAMPolicySearchKey int32
const (
OrgIAMPolicySearchKeyUnspecified OrgIAMPolicySearchKey = iota
OrgIAMPolicySearchKeyAggregateID
)
type OrgIAMPolicySearchQuery struct {
Key OrgIAMPolicySearchKey
Method model.SearchMethod
Value interface{}
}
type OrgIAMPolicySearchResponse struct {
Offset uint64
Limit uint64
TotalResult uint64
Result []*OrgIAMPolicyView
Sequence uint64
Timestamp time.Time
}

13
internal/iam/model/password_age_policy.go Normal file
View File

@@ -0,0 +1,13 @@
package model
import (
"github.com/caos/zitadel/internal/eventstore/models"
)
type PasswordAgePolicy struct {
models.ObjectRoot
State PolicyState
MaxAgeDays uint64
ExpireWarnDays uint64
}

47
internal/iam/model/password_age_policy_view.go Normal file
View File

@@ -0,0 +1,47 @@
package model
import (
"github.com/caos/zitadel/internal/model"
"time"
)
type PasswordAgePolicyView struct {
AggregateID string
MaxAgeDays uint64
ExpireWarnDays uint64
Default bool
CreationDate time.Time
ChangeDate time.Time
Sequence uint64
}
type PasswordAgePolicySearchRequest struct {
Offset uint64
Limit uint64
SortingColumn PasswordAgePolicySearchKey
Asc bool
Queries []*PasswordAgePolicySearchQuery
}
type PasswordAgePolicySearchKey int32
const (
PasswordAgePolicySearchKeyUnspecified PasswordAgePolicySearchKey = iota
PasswordAgePolicySearchKeyAggregateID
)
type PasswordAgePolicySearchQuery struct {
Key PasswordAgePolicySearchKey
Method model.SearchMethod
Value interface{}
}
type PasswordAgePolicySearchResponse struct {
Offset uint64
Limit uint64
TotalResult uint64
Result []*PasswordAgePolicyView
Sequence uint64
Timestamp time.Time
}

32
internal/iam/model/password_complexity_policy.go Normal file
View File

@@ -0,0 +1,32 @@
package model
import (
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
"regexp"
)
var (
hasStringLowerCase = regexp.MustCompile(`[a-z]`).MatchString
hasStringUpperCase = regexp.MustCompile(`[A-Z]`).MatchString
hasNumber = regexp.MustCompile(`[0-9]`).MatchString
hasSymbol = regexp.MustCompile(`[^A-Za-z0-9]`).MatchString
)
type PasswordComplexityPolicy struct {
models.ObjectRoot
State PolicyState
MinLength uint64
HasLowercase bool
HasUppercase bool
HasNumber bool
HasSymbol bool
}
func (p *PasswordComplexityPolicy) IsValid() error {
if p.MinLength == 0 || p.MinLength > 72 {
return caos_errs.ThrowInvalidArgument(nil, "MODEL-Lsp0e", "Errors.User.PasswordComplexityPolicy.MinLengthNotAllowed")
}
return nil
}

74
internal/iam/model/password_complexity_policy_view.go Normal file
View File

@@ -0,0 +1,74 @@
package model
import (
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/model"
"time"
)
type PasswordComplexityPolicyView struct {
AggregateID string
MinLength uint64
HasLowercase bool
HasUppercase bool
HasNumber bool
HasSymbol bool
Default bool
CreationDate time.Time
ChangeDate time.Time
Sequence uint64
}
type PasswordComplexityPolicySearchRequest struct {
Offset uint64
Limit uint64
SortingColumn PasswordComplexityPolicySearchKey
Asc bool
Queries []*PasswordComplexityPolicySearchQuery
}
type PasswordComplexityPolicySearchKey int32
const (
PasswordComplexityPolicySearchKeyUnspecified PasswordComplexityPolicySearchKey = iota
PasswordComplexityPolicySearchKeyAggregateID
)
type PasswordComplexityPolicySearchQuery struct {
Key PasswordComplexityPolicySearchKey
Method model.SearchMethod
Value interface{}
}
type PasswordComplexityPolicySearchResponse struct {
Offset uint64
Limit uint64
TotalResult uint64
Result []*PasswordComplexityPolicyView
Sequence uint64
Timestamp time.Time
}
func (p *PasswordComplexityPolicyView) Check(password string) error {
if p.MinLength != 0 && uint64(len(password)) < p.MinLength {
return caos_errs.ThrowInvalidArgument(nil, "MODEL-HuJf6", "Errors.User.PasswordComplexityPolicy.MinLength")
}
if p.HasLowercase && !hasStringLowerCase(password) {
return caos_errs.ThrowInvalidArgument(nil, "MODEL-co3Xw", "Errors.User.PasswordComplexityPolicy.HasLower")
}
if p.HasUppercase && !hasStringUpperCase(password) {
return caos_errs.ThrowInvalidArgument(nil, "MODEL-VoaRj", "Errors.User.PasswordComplexityPolicy.HasUpper")
}
if p.HasNumber && !hasNumber(password) {
return caos_errs.ThrowInvalidArgument(nil, "MODEL-ZBv4H", "Errors.User.PasswordComplexityPolicy.HasNumber")
}
if p.HasSymbol && !hasSymbol(password) {
return caos_errs.ThrowInvalidArgument(nil, "MODEL-ZDLwA", "Errors.User.PasswordComplexityPolicy.HasSymbol")
}
return nil
}

197
internal/iam/model/password_complexity_policy_view_test.go Normal file
View File

@@ -0,0 +1,197 @@
package model
import (
"testing"
)
func TestCheckPasswordComplexityPolicy(t *testing.T) {
type args struct {
policy *PasswordComplexityPolicyView
password string
}
tests := []struct {
name string
args args
hasError bool
}{
{
name: "has minlength ok",
args: args{
policy: &PasswordComplexityPolicyView{
HasLowercase: false,
HasUppercase: false,
HasSymbol: false,
HasNumber: false,
MinLength: 10,
},
password: "password12",
},
hasError: false,
},
{
name: "has minlength not ok",
args: args{
policy: &PasswordComplexityPolicyView{
HasLowercase: false,
HasUppercase: false,
HasSymbol: false,
HasNumber: false,
MinLength: 10,
},
password: "password",
},
hasError: true,
},
{
name: "has lowercase ok",
args: args{
policy: &PasswordComplexityPolicyView{
HasLowercase: true,
HasUppercase: false,
HasSymbol: false,
HasNumber: false,
MinLength: 0,
},
password: "password",
},
hasError: false,
},
{
name: "has lowercase not ok",
args: args{
policy: &PasswordComplexityPolicyView{
HasLowercase: true,
HasUppercase: false,
HasSymbol: false,
HasNumber: false,
MinLength: 0,
},
password: "PASSWORD",
},
hasError: true,
},
{
name: "has uppercase ok",
args: args{
policy: &PasswordComplexityPolicyView{
HasLowercase: false,
HasUppercase: true,
HasSymbol: false,
HasNumber: false,
MinLength: 0,
},
password: "PASSWORD",
},
hasError: false,
},
{
name: "has uppercase not ok",
args: args{
policy: &PasswordComplexityPolicyView{
HasLowercase: false,
HasUppercase: true,
HasSymbol: false,
HasNumber: false,
MinLength: 0,
},
password: "password",
},
hasError: true,
},
{
name: "has symbol ok",
args: args{
policy: &PasswordComplexityPolicyView{
HasLowercase: false,
HasUppercase: false,
HasSymbol: true,
HasNumber: false,
MinLength: 0,
},
password: "!G$",
},
hasError: false,
},
{
name: "has symbol not ok",
args: args{
policy: &PasswordComplexityPolicyView{
HasLowercase: false,
HasUppercase: false,
HasSymbol: true,
HasNumber: false,
MinLength: 0,
},
password: "PASSWORD",
},
hasError: true,
},
{
name: "has number ok",
args: args{
policy: &PasswordComplexityPolicyView{
HasLowercase: false,
HasUppercase: false,
HasSymbol: false,
HasNumber: true,
MinLength: 0,
},
password: "123456",
},
hasError: false,
},
{
name: "has number not ok",
args: args{
policy: &PasswordComplexityPolicyView{
HasLowercase: false,
HasUppercase: false,
HasSymbol: false,
HasNumber: true,
MinLength: 0,
},
password: "PASSWORD",
},
hasError: true,
},
{
name: "has everything ok",
args: args{
policy: &PasswordComplexityPolicyView{
HasLowercase: true,
HasUppercase: true,
HasSymbol: true,
HasNumber: true,
MinLength: 10,
},
password: "Password1!",
},
hasError: false,
},
{
name: "has everything not ok",
args: args{
policy: &PasswordComplexityPolicyView{
HasLowercase: true,
HasUppercase: true,
HasSymbol: true,
HasNumber: true,
MinLength: 10,
},
password: "password",
},
hasError: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
err := tt.args.policy.Check(tt.args.password)
if !tt.hasError && err != nil {
t.Errorf("should not get err: %v", err)
}
if tt.hasError && err == nil {
t.Errorf("should have error: %v", err)
}
})
}
}

13
internal/iam/model/password_lockout_policy.go Normal file
View File

@@ -0,0 +1,13 @@
package model
import (
"github.com/caos/zitadel/internal/eventstore/models"
)
type PasswordLockoutPolicy struct {
models.ObjectRoot
State PolicyState
MaxAttempts uint64
ShowLockOutFailures bool
}

47
internal/iam/model/password_lockout_policy_view.go Normal file
View File

@@ -0,0 +1,47 @@
package model
import (
"github.com/caos/zitadel/internal/model"
"time"
)
type PasswordLockoutPolicyView struct {
AggregateID string
MaxAttempts uint64
ShowLockOutFailures bool
Default bool
CreationDate time.Time
ChangeDate time.Time
Sequence uint64
}
type PasswordLockoutPolicySearchRequest struct {
Offset uint64
Limit uint64
SortingColumn PasswordLockoutPolicySearchKey
Asc bool
Queries []*PasswordLockoutPolicySearchQuery
}
type PasswordLockoutPolicySearchKey int32
const (
PasswordLockoutPolicySearchKeyUnspecified PasswordLockoutPolicySearchKey = iota
PasswordLockoutPolicySearchKeyAggregateID
)
type PasswordLockoutPolicySearchQuery struct {
Key PasswordLockoutPolicySearchKey
Method model.SearchMethod
Value interface{}
}
type PasswordLockoutPolicySearchResponse struct {
Offset uint64
Limit uint64
TotalResult uint64
Result []*PasswordLockoutPolicyView
Sequence uint64
Timestamp time.Time
}

260
internal/iam/repository/eventsourcing/eventstore.go
View File

@@ -2,7 +2,6 @@ package eventsourcing
import (
"context"
"github.com/caos/zitadel/internal/cache/config"
sd "github.com/caos/zitadel/internal/config/systemdefaults"
"github.com/caos/zitadel/internal/crypto"
@@ -102,6 +101,15 @@ func (es *IAMEventstore) SetupDone(ctx context.Context, iamID string, step iam_m
return model.IAMToModel(repoIam), nil
}
func (es *IAMEventstore) PrepareSetupDone(ctx context.Context, iam *model.IAM, aggregate *models.Aggregate, step iam_model.Step) (*model.IAM, *models.Aggregate, func(ctx context.Context, aggregates ...*models.Aggregate) error, error) {
iam.SetUpDone = model.Step(step)
agg, err := IAMSetupDoneEvent(ctx, aggregate, iam)
if err != nil {
return nil, nil, nil, err
}
return iam, agg, es.PushAggregates, nil
}
func (es *IAMEventstore) SetGlobalOrg(ctx context.Context, iamID, globalOrg string) (*iam_model.IAM, error) {
iam, err := es.IAMByID(ctx, iamID)
if err != nil {
@@ -407,20 +415,31 @@ func (es *IAMEventstore) ChangeIDPOIDCConfig(ctx context.Context, config *iam_mo
return nil, caos_errs.ThrowInternal(nil, "EVENT-Sldk8", "Errors.Internal")
}
func (es *IAMEventstore) AddLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) {
func (es *IAMEventstore) PrepareAddLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*model.IAM, *models.Aggregate, error) {
if policy == nil || !policy.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Lso02", "Errors.IAM.LoginPolicyInvalid")
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Lso02", "Errors.IAM.LoginPolicyInvalid")
}
iam, err := es.IAMByID(ctx, policy.AggregateID)
if err != nil {
return nil, err
return nil, nil, err
}
repoIam := model.IAMFromModel(iam)
repoLoginPolicy := model.LoginPolicyFromModel(policy)
addAggregate := LoginPolicyAddedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoLoginPolicy)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, addAggregate)
addAggregate, err := LoginPolicyAddedAggregate(ctx, es.Eventstore.AggregateCreator(), repoIam, repoLoginPolicy)
if err != nil {
return nil, nil, err
}
return repoIam, addAggregate, nil
}
func (es *IAMEventstore) AddLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) {
repoIam, addAggregate, err := es.PrepareAddLoginPolicy(ctx, policy)
if err != nil {
return nil, err
}
err = es_sdk.PushAggregates(ctx, es.PushAggregates, repoIam.AppendEvents, addAggregate)
if err != nil {
return nil, err
}
@@ -506,3 +525,232 @@ func (es *IAMEventstore) RemoveIDPProviderFromLoginPolicy(ctx context.Context, p
es.iamCache.cacheIAM(repoIam)
return nil
}
func (es *IAMEventstore) PrepareAddPasswordComplexityPolicy(ctx context.Context, policy *iam_model.PasswordComplexityPolicy) (*model.IAM, *models.Aggregate, error) {
if policy == nil {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Lso02", "Errors.IAM.PasswordComplexityPolicy.Empty")
}
if err := policy.IsValid(); err != nil {
return nil, nil, err
}
iam, err := es.IAMByID(ctx, policy.AggregateID)
if err != nil {
return nil, nil, err
}
repoIam := model.IAMFromModel(iam)
repoPasswordComplexityPolicy := model.PasswordComplexityPolicyFromModel(policy)
addAggregate, err := PasswordComplexityPolicyAddedAggregate(ctx, es.Eventstore.AggregateCreator(), repoIam, repoPasswordComplexityPolicy)
if err != nil {
return nil, nil, err
}
return repoIam, addAggregate, nil
}
func (es *IAMEventstore) AddPasswordComplexityPolicy(ctx context.Context, policy *iam_model.PasswordComplexityPolicy) (*iam_model.PasswordComplexityPolicy, error) {
repoIam, addAggregate, err := es.PrepareAddPasswordComplexityPolicy(ctx, policy)
if err != nil {
return nil, err
}
err = es_sdk.PushAggregates(ctx, es.PushAggregates, repoIam.AppendEvents, addAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIAM(repoIam)
return model.PasswordComplexityPolicyToModel(repoIam.DefaultPasswordComplexityPolicy), nil
}
func (es *IAMEventstore) ChangePasswordComplexityPolicy(ctx context.Context, policy *iam_model.PasswordComplexityPolicy) (*iam_model.PasswordComplexityPolicy, error) {
if policy == nil {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Lso02", "Errors.IAM.PasswordComplexityPolicy.Empty")
}
if err := policy.IsValid(); err != nil {
return nil, err
}
iam, err := es.IAMByID(ctx, policy.AggregateID)
if err != nil {
return nil, err
}
repoIam := model.IAMFromModel(iam)
repoPasswordComplexityPolicy := model.PasswordComplexityPolicyFromModel(policy)
addAggregate := PasswordComplexityPolicyChangedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoPasswordComplexityPolicy)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, addAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIAM(repoIam)
return model.PasswordComplexityPolicyToModel(repoIam.DefaultPasswordComplexityPolicy), nil
}
func (es *IAMEventstore) PrepareAddPasswordAgePolicy(ctx context.Context, policy *iam_model.PasswordAgePolicy) (*model.IAM, *models.Aggregate, error) {
if policy == nil || policy.AggregateID == "" {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-2dGt6", "Errors.IAM.PasswordAgePolicy.Empty")
}
iam, err := es.IAMByID(ctx, policy.AggregateID)
if err != nil {
return nil, nil, err
}
repoIam := model.IAMFromModel(iam)
repoPasswordAgePolicy := model.PasswordAgePolicyFromModel(policy)
addAggregate, err := PasswordAgePolicyAddedAggregate(ctx, es.Eventstore.AggregateCreator(), repoIam, repoPasswordAgePolicy)
if err != nil {
return nil, nil, err
}
return repoIam, addAggregate, nil
}
func (es *IAMEventstore) AddPasswordAgePolicy(ctx context.Context, policy *iam_model.PasswordAgePolicy) (*iam_model.PasswordAgePolicy, error) {
repoIam, addAggregate, err := es.PrepareAddPasswordAgePolicy(ctx, policy)
if err != nil {
return nil, err
}
err = es_sdk.PushAggregates(ctx, es.PushAggregates, repoIam.AppendEvents, addAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIAM(repoIam)
return model.PasswordAgePolicyToModel(repoIam.DefaultPasswordAgePolicy), nil
}
func (es *IAMEventstore) ChangePasswordAgePolicy(ctx context.Context, policy *iam_model.PasswordAgePolicy) (*iam_model.PasswordAgePolicy, error) {
if policy == nil || policy.AggregateID == "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-2Fgt6", "Errors.IAM.PasswordAgePolicy.Empty")
}
iam, err := es.IAMByID(ctx, policy.AggregateID)
if err != nil {
return nil, err
}
repoIam := model.IAMFromModel(iam)
repoPasswordAgePolicy := model.PasswordAgePolicyFromModel(policy)
addAggregate := PasswordAgePolicyChangedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoPasswordAgePolicy)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, addAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIAM(repoIam)
return model.PasswordAgePolicyToModel(repoIam.DefaultPasswordAgePolicy), nil
}
func (es *IAMEventstore) PrepareAddPasswordLockoutPolicy(ctx context.Context, policy *iam_model.PasswordLockoutPolicy) (*model.IAM, *models.Aggregate, error) {
if policy == nil || policy.AggregateID == "" {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-3R56z", "Errors.IAM.PasswordLockoutPolicy.Empty")
}
iam, err := es.IAMByID(ctx, policy.AggregateID)
if err != nil {
return nil, nil, err
}
repoIam := model.IAMFromModel(iam)
repoPasswordLockoutPolicy := model.PasswordLockoutPolicyFromModel(policy)
addAggregate, err := PasswordLockoutPolicyAddedAggregate(ctx, es.Eventstore.AggregateCreator(), repoIam, repoPasswordLockoutPolicy)
if err != nil {
return nil, nil, err
}
return repoIam, addAggregate, nil
}
func (es *IAMEventstore) AddPasswordLockoutPolicy(ctx context.Context, policy *iam_model.PasswordLockoutPolicy) (*iam_model.PasswordLockoutPolicy, error) {
repoIam, addAggregate, err := es.PrepareAddPasswordLockoutPolicy(ctx, policy)
if err != nil {
return nil, err
}
err = es_sdk.PushAggregates(ctx, es.PushAggregates, repoIam.AppendEvents, addAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIAM(repoIam)
return model.PasswordLockoutPolicyToModel(repoIam.DefaultPasswordLockoutPolicy), nil
}
func (es *IAMEventstore) ChangePasswordLockoutPolicy(ctx context.Context, policy *iam_model.PasswordLockoutPolicy) (*iam_model.PasswordLockoutPolicy, error) {
if policy == nil || policy.AggregateID == "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-6Zsj9", "Errors.IAM.PasswordLockoutPolicy.Empty")
}
iam, err := es.IAMByID(ctx, policy.AggregateID)
if err != nil {
return nil, err
}
repoIam := model.IAMFromModel(iam)
repoPasswordLockoutPolicy := model.PasswordLockoutPolicyFromModel(policy)
addAggregate := PasswordLockoutPolicyChangedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoPasswordLockoutPolicy)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, addAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIAM(repoIam)
return model.PasswordLockoutPolicyToModel(repoIam.DefaultPasswordLockoutPolicy), nil
}
func (es *IAMEventstore) GetOrgIAMPolicy(ctx context.Context, iamID string) (*iam_model.OrgIAMPolicy, error) {
existingIAM, err := es.IAMByID(ctx, iamID)
if err != nil {
return nil, err
}
if existingIAM.DefaultOrgIAMPolicy == nil {
return nil, caos_errs.ThrowNotFound(nil, "EVENT-2Fj8s", "Errors.IAM.OrgIAM.NotExisting")
}
return existingIAM.DefaultOrgIAMPolicy, nil
}
func (es *IAMEventstore) PrepareAddOrgIAMPolicy(ctx context.Context, policy *iam_model.OrgIAMPolicy) (*model.IAM, *models.Aggregate, error) {
if policy == nil || policy.AggregateID == "" {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-3R56z", "Errors.IAM.OrgIAMPolicy.Empty")
}
iam, err := es.IAMByID(ctx, policy.AggregateID)
if err != nil {
return nil, nil, err
}
repoIam := model.IAMFromModel(iam)
repoOrgIAMPolicy := model.OrgIAMPolicyFromModel(policy)
addAggregate, err := OrgIAMPolicyAddedAggregate(ctx, es.Eventstore.AggregateCreator(), repoIam, repoOrgIAMPolicy)
if err != nil {
return nil, nil, err
}
return repoIam, addAggregate, nil
}
func (es *IAMEventstore) AddOrgIAMPolicy(ctx context.Context, policy *iam_model.OrgIAMPolicy) (*iam_model.OrgIAMPolicy, error) {
repoIam, addAggregate, err := es.PrepareAddOrgIAMPolicy(ctx, policy)
if err != nil {
return nil, err
}
err = es_sdk.PushAggregates(ctx, es.PushAggregates, repoIam.AppendEvents, addAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIAM(repoIam)
return model.OrgIAMPolicyToModel(repoIam.DefaultOrgIAMPolicy), nil
}
func (es *IAMEventstore) ChangeOrgIAMPolicy(ctx context.Context, policy *iam_model.OrgIAMPolicy) (*iam_model.OrgIAMPolicy, error) {
if policy == nil || policy.AggregateID == "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-6Zsj9", "Errors.IAM.OrgIAMPolicy.Empty")
}
iam, err := es.IAMByID(ctx, policy.AggregateID)
if err != nil {
return nil, err
}
repoIam := model.IAMFromModel(iam)
repoOrgIAMPolicy := model.OrgIAMPolicyFromModel(policy)
addAggregate := OrgIAMPolicyChangedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoOrgIAMPolicy)
err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, addAggregate)
if err != nil {
return nil, err
}
es.iamCache.cacheIAM(repoIam)
return model.OrgIAMPolicyToModel(repoIam.DefaultOrgIAMPolicy), nil
}

90
internal/iam/repository/eventsourcing/eventstore_mock_test.go
View File

@@ -39,11 +39,11 @@ func GetSonyFlacke() id.Generator {
return id.SonyFlakeGenerator
}
func GetMockIamByIDOK(ctrl *gomock.Controller) *IAMEventstore {
func GetMockIAMByIDOK(ctrl *gomock.Controller) *IAMEventstore {
data, _ := json.Marshal(model.IAM{GlobalOrgID: "GlobalOrgID"})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.GlobalOrgSet, Data: data},
{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
{AggregateID: "AggregateID", Sequence: 1, Type: model.GlobalOrgSet, Data: data},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
@@ -57,9 +57,9 @@ func GetMockIamByIDNoEvents(ctrl *gomock.Controller) *IAMEventstore {
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIam(ctrl *gomock.Controller) *IAMEventstore {
func GetMockManipulateIAM(ctrl *gomock.Controller) *IAMEventstore {
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
@@ -68,9 +68,9 @@ func GetMockManipulateIam(ctrl *gomock.Controller) *IAMEventstore {
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIamWithCrypto(ctrl *gomock.Controller) *IAMEventstore {
func GetMockManipulateIAMWithCrypto(ctrl *gomock.Controller) *IAMEventstore {
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
@@ -79,11 +79,11 @@ func GetMockManipulateIamWithCrypto(ctrl *gomock.Controller) *IAMEventstore {
return GetMockedEventstoreWithCrypto(ctrl, mockEs)
}
func GetMockManipulateIamWithMember(ctrl *gomock.Controller) *IAMEventstore {
func GetMockManipulateIAMWithMember(ctrl *gomock.Controller) *IAMEventstore {
memberData, _ := json.Marshal(model.IAMMember{UserID: "UserID", Roles: []string{"Role"}})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMMemberAdded, Data: memberData},
{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMMemberAdded, Data: memberData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
@@ -92,13 +92,13 @@ func GetMockManipulateIamWithMember(ctrl *gomock.Controller) *IAMEventstore {
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIamWithOIDCIdp(ctrl *gomock.Controller) *IAMEventstore {
func GetMockManipulateIAMWithOIDCIdp(ctrl *gomock.Controller) *IAMEventstore {
idpData, _ := json.Marshal(model.IDPConfig{IDPConfigID: "IDPConfigID", Name: "Name"})
oidcData, _ := json.Marshal(model.OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IDPConfigAdded, Data: idpData},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.OIDCIDPConfigAdded, Data: oidcData},
{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
{AggregateID: "AggregateID", Sequence: 1, Type: model.IDPConfigAdded, Data: idpData},
{AggregateID: "AggregateID", Sequence: 1, Type: model.OIDCIDPConfigAdded, Data: oidcData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
@@ -107,13 +107,13 @@ func GetMockManipulateIamWithOIDCIdp(ctrl *gomock.Controller) *IAMEventstore {
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIamWithLoginPolicy(ctrl *gomock.Controller) *IAMEventstore {
func GetMockManipulateIAMWithLoginPolicy(ctrl *gomock.Controller) *IAMEventstore {
policyData, _ := json.Marshal(model.LoginPolicy{AllowRegister: true, AllowUsernamePassword: true, AllowExternalIdp: true})
idpProviderData, _ := json.Marshal(model.IDPProvider{IDPConfigID: "IDPConfigID", Type: 1})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.LoginPolicyAdded, Data: policyData},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.LoginPolicyIDPProviderAdded, Data: idpProviderData},
{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
{AggregateID: "AggregateID", Sequence: 1, Type: model.LoginPolicyAdded, Data: policyData},
{AggregateID: "AggregateID", Sequence: 1, Type: model.LoginPolicyIDPProviderAdded, Data: idpProviderData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
@@ -122,7 +122,59 @@ func GetMockManipulateIamWithLoginPolicy(ctrl *gomock.Controller) *IAMEventstore
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIamNotExisting(ctrl *gomock.Controller) *IAMEventstore {
func GetMockManipulateIAMWithPasswodComplexityPolicy(ctrl *gomock.Controller) *IAMEventstore {
policyData, _ := json.Marshal(model.PasswordComplexityPolicy{MinLength: 10})
events := []*es_models.Event{
{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
{AggregateID: "AggregateID", Sequence: 1, Type: model.PasswordComplexityPolicyAdded, Data: policyData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIAMWithPasswordAgePolicy(ctrl *gomock.Controller) *IAMEventstore {
policyData, _ := json.Marshal(model.PasswordAgePolicy{MaxAgeDays: 10, ExpireWarnDays: 10})
events := []*es_models.Event{
{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
{AggregateID: "AggregateID", Sequence: 1, Type: model.PasswordAgePolicyAdded, Data: policyData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIAMWithPasswordLockoutPolicy(ctrl *gomock.Controller) *IAMEventstore {
policyData, _ := json.Marshal(model.PasswordLockoutPolicy{MaxAttempts: 10, ShowLockOutFailures: true})
events := []*es_models.Event{
{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
{AggregateID: "AggregateID", Sequence: 1, Type: model.PasswordLockoutPolicyAdded, Data: policyData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIAMWithOrgIAMPolicy(ctrl *gomock.Controller) *IAMEventstore {
policyData, _ := json.Marshal(model.OrgIAMPolicy{UserLoginMustBeDomain: true})
events := []*es_models.Event{
{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
{AggregateID: "AggregateID", Sequence: 1, Type: model.OrgIAMPolicyAdded, Data: policyData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIAMNotExisting(ctrl *gomock.Controller) *IAMEventstore {
events := []*es_models.Event{}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)

1028
internal/iam/repository/eventsourcing/eventstore_test.go
View File

File diff suppressed because it is too large Load Diff

224
internal/iam/repository/eventsourcing/iam.go
View File

@@ -57,6 +57,10 @@ func IAMSetupDoneAggregate(aggCreator *es_models.AggregateCreator, iam *model.IA
}
}
func IAMSetupDoneEvent(ctx context.Context, agg *es_models.Aggregate, iam *model.IAM) (*es_models.Aggregate, error) {
return agg.AppendEvent(model.IAMSetupDone, &struct{ Step model.Step }{Step: iam.SetUpDone})
}
func IAMSetGlobalOrgAggregate(aggCreator *es_models.AggregateCreator, iam *model.IAM, globalOrg string) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if globalOrg == "" {
@@ -228,24 +232,22 @@ func OIDCIDPConfigChangedAggregate(aggCreator *es_models.AggregateCreator, exist
}
}
func LoginPolicyAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, policy *model.LoginPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Smla8", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate).
EventTypesFilter(model.LoginPolicyAdded).
AggregateIDFilter(existing.AggregateID)
validation := checkExistingLoginPolicyValidation()
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.LoginPolicyAdded, policy)
func LoginPolicyAddedAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, existing *model.IAM, policy *model.LoginPolicy) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Smla8", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate).
EventTypesFilter(model.LoginPolicyAdded).
AggregateIDFilter(existing.AggregateID)
validation := checkExistingLoginPolicyValidation()
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.LoginPolicyAdded, policy)
}
func LoginPolicyChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, policy *model.LoginPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
@@ -295,6 +297,146 @@ func LoginPolicyIDPProviderRemovedAggregate(ctx context.Context, aggCreator *es_
return agg.AppendEvent(model.LoginPolicyIDPProviderRemoved, provider)
}
func PasswordComplexityPolicyAddedAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, existing *model.IAM, policy *model.PasswordComplexityPolicy) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Smla8", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate).
EventTypesFilter(model.PasswordComplexityPolicyAdded).
AggregateIDFilter(existing.AggregateID)
validation := checkExistingPasswordComplexityPolicyValidation()
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.PasswordComplexityPolicyAdded, policy)
}
func PasswordComplexityPolicyChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, policy *model.PasswordComplexityPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Mlco9", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
changes := existing.DefaultPasswordComplexityPolicy.Changes(policy)
if len(changes) == 0 {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Smk8d", "Errors.NoChangesFound")
}
return agg.AppendEvent(model.PasswordComplexityPolicyChanged, changes)
}
}
func PasswordAgePolicyAddedAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, existing *model.IAM, policy *model.PasswordAgePolicy) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-T7sui", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate).
EventTypesFilter(model.PasswordAgePolicyAdded).
AggregateIDFilter(existing.AggregateID)
validation := checkExistingPasswordAgePolicyValidation()
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.PasswordAgePolicyAdded, policy)
}
func PasswordAgePolicyChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, policy *model.PasswordAgePolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-3Gs0o", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
changes := existing.DefaultPasswordAgePolicy.Changes(policy)
if len(changes) == 0 {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-3Wdos", "Errors.NoChangesFound")
}
return agg.AppendEvent(model.PasswordAgePolicyChanged, changes)
}
}
func PasswordLockoutPolicyAddedAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, existing *model.IAM, policy *model.PasswordLockoutPolicy) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-w5Tds", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate).
EventTypesFilter(model.PasswordLockoutPolicyAdded).
AggregateIDFilter(existing.AggregateID)
validation := checkExistingPasswordLockoutPolicyValidation()
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.PasswordLockoutPolicyAdded, policy)
}
func PasswordLockoutPolicyChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, policy *model.PasswordLockoutPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-2D0fs", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
changes := existing.DefaultPasswordLockoutPolicy.Changes(policy)
if len(changes) == 0 {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-7Hsk9", "Errors.NoChangesFound")
}
return agg.AppendEvent(model.PasswordLockoutPolicyChanged, changes)
}
}
func OrgIAMPolicyAddedAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, existing *model.IAM, policy *model.OrgIAMPolicy) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-w5Tds", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate).
EventTypesFilter(model.OrgIAMPolicyAdded).
AggregateIDFilter(existing.AggregateID)
validation := checkExistingOrgIAMPolicyValidation()
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.OrgIAMPolicyAdded, policy)
}
func OrgIAMPolicyChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, policy *model.OrgIAMPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-2D0fs", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
changes := existing.DefaultOrgIAMPolicy.Changes(policy)
if len(changes) == 0 {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-7Hsk9", "Errors.NoChangesFound")
}
return agg.AppendEvent(model.OrgIAMPolicyChanged, changes)
}
}
func checkExistingLoginPolicyValidation() func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
for _, event := range events {
@@ -307,6 +449,54 @@ func checkExistingLoginPolicyValidation() func(...*es_models.Event) error {
}
}
func checkExistingPasswordComplexityPolicyValidation() func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
for _, event := range events {
switch event.Type {
case model.PasswordComplexityPolicyAdded:
return errors.ThrowPreconditionFailed(nil, "EVENT-Ski9d", "Errors.IAM.PasswordComplexityPolicy.AlreadyExists")
}
}
return nil
}
}
func checkExistingPasswordAgePolicyValidation() func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
for _, event := range events {
switch event.Type {
case model.PasswordAgePolicyAdded:
return errors.ThrowPreconditionFailed(nil, "EVENT-Ski9d", "Errors.IAM.PasswordAgePolicy.AlreadyExists")
}
}
return nil
}
}
func checkExistingPasswordLockoutPolicyValidation() func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
for _, event := range events {
switch event.Type {
case model.PasswordLockoutPolicyAdded:
return errors.ThrowPreconditionFailed(nil, "EVENT-Ski9d", "Errors.IAM.PasswordLockoutPolicy.AlreadyExists")
}
}
return nil
}
}
func checkExistingOrgIAMPolicyValidation() func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
for _, event := range events {
switch event.Type {
case model.OrgIAMPolicyAdded:
return errors.ThrowPreconditionFailed(nil, "EVENT-bSm8f", "Errors.IAM.OrgIAMPolicy.AlreadyExists")
}
}
return nil
}
}
func checkExistingLoginPolicyIDPProviderValidation(idpConfigID string) func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
idpConfigs := make([]*model.IDPConfig, 0)

778
internal/iam/repository/eventsourcing/iam_test.go
View File

@@ -1158,7 +1158,7 @@ func TestLoginPolicyAddedAggregate(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := LoginPolicyAddedAggregate(tt.args.aggCreator, tt.args.existingIAM, tt.args.newPolicy)(tt.args.ctx)
agg, err := LoginPolicyAddedAggregate(tt.args.ctx, tt.args.aggCreator, tt.args.existingIAM, tt.args.newPolicy)
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
@@ -1467,3 +1467,779 @@ func TestLoginPolicyIdpProviderRemovedAggregate(t *testing.T) {
})
}
}
func TestPasswordComplexityPolicyAddedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existingIAM *model.IAM
newPolicy *model.PasswordComplexityPolicy
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add password complexity policy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: &model.IAM{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
IAMProjectID: "IAMProjectID"},
newPolicy: &model.PasswordComplexityPolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
MinLength: 10,
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.PasswordComplexityPolicyAdded},
},
},
{
name: "existing iam nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "complexity policy config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, IAMProjectID: "IAMProjectID"},
newPolicy: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := PasswordComplexityPolicyAddedAggregate(tt.args.ctx, tt.args.aggCreator, tt.args.existingIAM, tt.args.newPolicy)
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestPasswordComplexityPolicyChangedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existingIAM *model.IAM
newPolicy *model.PasswordComplexityPolicy
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "change password complexity policy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: &model.IAM{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
IAMProjectID: "IAMProjectID",
DefaultPasswordComplexityPolicy: &model.PasswordComplexityPolicy{
MinLength: 10,
}},
newPolicy: &model.PasswordComplexityPolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
MinLength: 5,
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.PasswordComplexityPolicyChanged},
},
},
{
name: "no changes",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: &model.IAM{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
IAMProjectID: "IAMProjectID",
DefaultPasswordComplexityPolicy: &model.PasswordComplexityPolicy{
MinLength: 10,
}},
newPolicy: &model.PasswordComplexityPolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
MinLength: 10,
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "complexity policy config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, IAMProjectID: "IAMProjectID"},
newPolicy: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := PasswordComplexityPolicyChangedAggregate(tt.args.aggCreator, tt.args.existingIAM, tt.args.newPolicy)(tt.args.ctx)
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestPasswordAgePolicyAddedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existingIAM *model.IAM
newPolicy *model.PasswordAgePolicy
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add password age policy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: &model.IAM{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
IAMProjectID: "IAMProjectID"},
newPolicy: &model.PasswordAgePolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
MaxAgeDays: 10,
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.PasswordAgePolicyAdded},
},
},
{
name: "existing iam nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "age policy config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, IAMProjectID: "IAMProjectID"},
newPolicy: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := PasswordAgePolicyAddedAggregate(tt.args.ctx, tt.args.aggCreator, tt.args.existingIAM, tt.args.newPolicy)
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestPasswordAgePolicyChangedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existingIAM *model.IAM
newPolicy *model.PasswordAgePolicy
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "change password age policy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: &model.IAM{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
IAMProjectID: "IAMProjectID",
DefaultPasswordAgePolicy: &model.PasswordAgePolicy{
MaxAgeDays: 10,
}},
newPolicy: &model.PasswordAgePolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
MaxAgeDays: 5,
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.PasswordAgePolicyChanged},
},
},
{
name: "no changes",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: &model.IAM{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
IAMProjectID: "IAMProjectID",
DefaultPasswordAgePolicy: &model.PasswordAgePolicy{
MaxAgeDays: 10,
}},
newPolicy: &model.PasswordAgePolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
MaxAgeDays: 10,
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "age policy config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, IAMProjectID: "IAMProjectID"},
newPolicy: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := PasswordAgePolicyChangedAggregate(tt.args.aggCreator, tt.args.existingIAM, tt.args.newPolicy)(tt.args.ctx)
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestPasswordLockoutPolicyAddedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existingIAM *model.IAM
newPolicy *model.PasswordLockoutPolicy
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add password lockout policy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: &model.IAM{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
IAMProjectID: "IAMProjectID"},
newPolicy: &model.PasswordLockoutPolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
MaxAttempts: 10,
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.PasswordLockoutPolicyAdded},
},
},
{
name: "existing iam nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "lockout policy config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, IAMProjectID: "IAMProjectID"},
newPolicy: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := PasswordLockoutPolicyAddedAggregate(tt.args.ctx, tt.args.aggCreator, tt.args.existingIAM, tt.args.newPolicy)
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestPasswordLockoutPolicyChangedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existingIAM *model.IAM
newPolicy *model.PasswordLockoutPolicy
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "change password lockout policy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: &model.IAM{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
IAMProjectID: "IAMProjectID",
DefaultPasswordLockoutPolicy: &model.PasswordLockoutPolicy{
MaxAttempts: 10,
}},
newPolicy: &model.PasswordLockoutPolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
MaxAttempts: 5,
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.PasswordLockoutPolicyChanged},
},
},
{
name: "no changes",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: &model.IAM{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
IAMProjectID: "IAMProjectID",
DefaultPasswordLockoutPolicy: &model.PasswordLockoutPolicy{
MaxAttempts: 10,
}},
newPolicy: &model.PasswordLockoutPolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
MaxAttempts: 10,
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "lockout policy config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, IAMProjectID: "IAMProjectID"},
newPolicy: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := PasswordLockoutPolicyChangedAggregate(tt.args.aggCreator, tt.args.existingIAM, tt.args.newPolicy)(tt.args.ctx)
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestOrgIAMPolicyAddedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existingIAM *model.IAM
newPolicy *model.OrgIAMPolicy
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add org iam policy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: &model.IAM{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
IAMProjectID: "IAMProjectID"},
newPolicy: &model.OrgIAMPolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
UserLoginMustBeDomain: true,
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.OrgIAMPolicyAdded},
},
},
{
name: "existing iam nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "lockout policy config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, IAMProjectID: "IAMProjectID"},
newPolicy: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := OrgIAMPolicyAddedAggregate(tt.args.ctx, tt.args.aggCreator, tt.args.existingIAM, tt.args.newPolicy)
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestOrgIAMPolicyChangedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existingIAM *model.IAM
newPolicy *model.OrgIAMPolicy
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "change org iam policy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: &model.IAM{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
IAMProjectID: "IAMProjectID",
DefaultOrgIAMPolicy: &model.OrgIAMPolicy{
UserLoginMustBeDomain: true,
}},
newPolicy: &model.OrgIAMPolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
UserLoginMustBeDomain: false,
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.OrgIAMPolicyChanged},
},
},
{
name: "no changes",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: &model.IAM{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
IAMProjectID: "IAMProjectID",
DefaultOrgIAMPolicy: &model.OrgIAMPolicy{
UserLoginMustBeDomain: true,
}},
newPolicy: &model.OrgIAMPolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
UserLoginMustBeDomain: true,
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing iam nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "org iam policy config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingIAM: &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, IAMProjectID: "IAMProjectID"},
newPolicy: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := OrgIAMPolicyChangedAggregate(tt.args.aggCreator, tt.args.existingIAM, tt.args.newPolicy)(tt.args.ctx)
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}

63
internal/iam/repository/eventsourcing/model/iam.go
View File

@@ -16,21 +16,24 @@ const (
type Step int
const (
Step1 = Step(model.Step1)
//TODO: label policy
// Step2 = Step(model.Step2)
Step1 = Step(model.Step1)
Step2 = Step(model.Step2)
StepCount = Step(model.StepCount)
)
type IAM struct {
es_models.ObjectRoot
SetUpStarted Step `json:"-"`
SetUpDone Step `json:"-"`
GlobalOrgID string `json:"globalOrgId,omitempty"`
IAMProjectID string `json:"iamProjectId,omitempty"`
Members []*IAMMember `json:"-"`
IDPs []*IDPConfig `json:"-"`
DefaultLoginPolicy *LoginPolicy `json:"-"`
SetUpStarted Step `json:"-"`
SetUpDone Step `json:"-"`
GlobalOrgID string `json:"globalOrgId,omitempty"`
IAMProjectID string `json:"iamProjectId,omitempty"`
Members []*IAMMember `json:"-"`
IDPs []*IDPConfig `json:"-"`
DefaultLoginPolicy *LoginPolicy `json:"-"`
DefaultOrgIAMPolicy *OrgIAMPolicy `json:"-"`
DefaultPasswordComplexityPolicy *PasswordComplexityPolicy `json:"-"`
DefaultPasswordAgePolicy *PasswordAgePolicy `json:"-"`
DefaultPasswordLockoutPolicy *PasswordLockoutPolicy `json:"-"`
}
func IAMFromModel(iam *model.IAM) *IAM {
@@ -48,6 +51,18 @@ func IAMFromModel(iam *model.IAM) *IAM {
if iam.DefaultLoginPolicy != nil {
converted.DefaultLoginPolicy = LoginPolicyFromModel(iam.DefaultLoginPolicy)
}
if iam.DefaultPasswordComplexityPolicy != nil {
converted.DefaultPasswordComplexityPolicy = PasswordComplexityPolicyFromModel(iam.DefaultPasswordComplexityPolicy)
}
if iam.DefaultPasswordAgePolicy != nil {
converted.DefaultPasswordAgePolicy = PasswordAgePolicyFromModel(iam.DefaultPasswordAgePolicy)
}
if iam.DefaultPasswordLockoutPolicy != nil {
converted.DefaultPasswordLockoutPolicy = PasswordLockoutPolicyFromModel(iam.DefaultPasswordLockoutPolicy)
}
if iam.DefaultOrgIAMPolicy != nil {
converted.DefaultOrgIAMPolicy = OrgIAMPolicyFromModel(iam.DefaultOrgIAMPolicy)
}
return converted
}
@@ -66,6 +81,18 @@ func IAMToModel(iam *IAM) *model.IAM {
if iam.DefaultLoginPolicy != nil {
converted.DefaultLoginPolicy = LoginPolicyToModel(iam.DefaultLoginPolicy)
}
if iam.DefaultPasswordComplexityPolicy != nil {
converted.DefaultPasswordComplexityPolicy = PasswordComplexityPolicyToModel(iam.DefaultPasswordComplexityPolicy)
}
if iam.DefaultPasswordAgePolicy != nil {
converted.DefaultPasswordAgePolicy = PasswordAgePolicyToModel(iam.DefaultPasswordAgePolicy)
}
if iam.DefaultPasswordLockoutPolicy != nil {
converted.DefaultPasswordLockoutPolicy = PasswordLockoutPolicyToModel(iam.DefaultPasswordLockoutPolicy)
}
if iam.DefaultOrgIAMPolicy != nil {
converted.DefaultOrgIAMPolicy = OrgIAMPolicyToModel(iam.DefaultOrgIAMPolicy)
}
return converted
}
@@ -134,6 +161,22 @@ func (i *IAM) AppendEvent(event *es_models.Event) (err error) {
return i.appendAddIDPProviderToLoginPolicyEvent(event)
case LoginPolicyIDPProviderRemoved:
return i.appendRemoveIDPProviderFromLoginPolicyEvent(event)
case PasswordComplexityPolicyAdded:
return i.appendAddPasswordComplexityPolicyEvent(event)
case PasswordComplexityPolicyChanged:
return i.appendChangePasswordComplexityPolicyEvent(event)
case PasswordAgePolicyAdded:
return i.appendAddPasswordAgePolicyEvent(event)
case PasswordAgePolicyChanged:
return i.appendChangePasswordAgePolicyEvent(event)
case PasswordLockoutPolicyAdded:
return i.appendAddPasswordLockoutPolicyEvent(event)
case PasswordLockoutPolicyChanged:
return i.appendChangePasswordLockoutPolicyEvent(event)
case OrgIAMPolicyAdded:
return i.appendAddOrgIAMPolicyEvent(event)
case OrgIAMPolicyChanged:
return i.appendChangeOrgIAMPolicyEvent(event)
}
return err

63
internal/iam/repository/eventsourcing/model/org_iam_policy.go Normal file
View File

@@ -0,0 +1,63 @@
package model
import (
"encoding/json"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
)
type OrgIAMPolicy struct {
models.ObjectRoot
State int32 `json:"-"`
UserLoginMustBeDomain bool `json:"userLoginMustBeDomain"`
}
func OrgIAMPolicyFromModel(policy *iam_model.OrgIAMPolicy) *OrgIAMPolicy {
return &OrgIAMPolicy{
ObjectRoot: policy.ObjectRoot,
State: int32(policy.State),
UserLoginMustBeDomain: policy.UserLoginMustBeDomain,
}
}
func OrgIAMPolicyToModel(policy *OrgIAMPolicy) *iam_model.OrgIAMPolicy {
return &iam_model.OrgIAMPolicy{
ObjectRoot: policy.ObjectRoot,
State: iam_model.PolicyState(policy.State),
UserLoginMustBeDomain: policy.UserLoginMustBeDomain,
}
}
func (p *OrgIAMPolicy) Changes(changed *OrgIAMPolicy) map[string]interface{} {
changes := make(map[string]interface{}, 1)
if p.UserLoginMustBeDomain != changed.UserLoginMustBeDomain {
changes["userLoginMustBeDomain"] = changed.UserLoginMustBeDomain
}
return changes
}
func (i *IAM) appendAddOrgIAMPolicyEvent(event *es_models.Event) error {
i.DefaultOrgIAMPolicy = new(OrgIAMPolicy)
err := i.DefaultOrgIAMPolicy.SetData(event)
if err != nil {
return err
}
i.DefaultOrgIAMPolicy.ObjectRoot.CreationDate = event.CreationDate
return nil
}
func (i *IAM) appendChangeOrgIAMPolicyEvent(event *es_models.Event) error {
return i.DefaultOrgIAMPolicy.SetData(event)
}
func (p *OrgIAMPolicy) SetData(event *es_models.Event) error {
err := json.Unmarshal(event.Data, p)
if err != nil {
return errors.ThrowInternal(err, "EVENT-7JS9d", "unable to unmarshal data")
}
return nil
}

125
internal/iam/repository/eventsourcing/model/org_iam_policy_test.go Normal file
View File

@@ -0,0 +1,125 @@
package model
import (
"encoding/json"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"testing"
)
func TestOrgIAMPolicyChanges(t *testing.T) {
type args struct {
existing *OrgIAMPolicy
new *OrgIAMPolicy
}
type res struct {
changesLen int
}
tests := []struct {
name string
args args
res res
}{
{
name: "org iam policy all attributes change",
args: args{
existing: &OrgIAMPolicy{UserLoginMustBeDomain: true},
new: &OrgIAMPolicy{UserLoginMustBeDomain: false},
},
res: res{
changesLen: 1,
},
},
{
name: "no changes",
args: args{
existing: &OrgIAMPolicy{UserLoginMustBeDomain: true},
new: &OrgIAMPolicy{UserLoginMustBeDomain: true},
},
res: res{
changesLen: 0,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
changes := tt.args.existing.Changes(tt.args.new)
if len(changes) != tt.res.changesLen {
t.Errorf("got wrong changes len: expected: %v, actual: %v ", tt.res.changesLen, len(changes))
}
})
}
}
func TestAppendAddOrgIAMPolicyEvent(t *testing.T) {
type args struct {
iam *IAM
policy *OrgIAMPolicy
event *es_models.Event
}
tests := []struct {
name string
args args
result *IAM
}{
{
name: "append add org iam policy event",
args: args{
iam: new(IAM),
policy: &OrgIAMPolicy{UserLoginMustBeDomain: true},
event: new(es_models.Event),
},
result: &IAM{DefaultOrgIAMPolicy: &OrgIAMPolicy{UserLoginMustBeDomain: true}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.policy != nil {
data, _ := json.Marshal(tt.args.policy)
tt.args.event.Data = data
}
tt.args.iam.appendAddOrgIAMPolicyEvent(tt.args.event)
if tt.result.DefaultOrgIAMPolicy.UserLoginMustBeDomain != tt.args.iam.DefaultOrgIAMPolicy.UserLoginMustBeDomain {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultOrgIAMPolicy.UserLoginMustBeDomain, tt.args.iam.DefaultOrgIAMPolicy.UserLoginMustBeDomain)
}
})
}
}
func TestAppendChangeOrgIAMPolicyEvent(t *testing.T) {
type args struct {
iam *IAM
policy *OrgIAMPolicy
event *es_models.Event
}
tests := []struct {
name string
args args
result *IAM
}{
{
name: "append change org iam policy event",
args: args{
iam: &IAM{DefaultOrgIAMPolicy: &OrgIAMPolicy{
UserLoginMustBeDomain: true,
}},
policy: &OrgIAMPolicy{UserLoginMustBeDomain: false},
event: &es_models.Event{},
},
result: &IAM{DefaultOrgIAMPolicy: &OrgIAMPolicy{
UserLoginMustBeDomain: false,
}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.policy != nil {
data, _ := json.Marshal(tt.args.policy)
tt.args.event.Data = data
}
tt.args.iam.appendChangeOrgIAMPolicyEvent(tt.args.event)
if tt.result.DefaultOrgIAMPolicy.UserLoginMustBeDomain != tt.args.iam.DefaultOrgIAMPolicy.UserLoginMustBeDomain {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultOrgIAMPolicy.UserLoginMustBeDomain, tt.args.iam.DefaultOrgIAMPolicy.UserLoginMustBeDomain)
}
})
}
}

69
internal/iam/repository/eventsourcing/model/password_age_policy.go Normal file
View File

@@ -0,0 +1,69 @@
package model
import (
"encoding/json"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
)
type PasswordAgePolicy struct {
models.ObjectRoot
State int32 `json:"-"`
MaxAgeDays uint64 `json:"maxAgeDays"`
ExpireWarnDays uint64 `json:"expireWarnDays"`
}
func PasswordAgePolicyFromModel(policy *iam_model.PasswordAgePolicy) *PasswordAgePolicy {
return &PasswordAgePolicy{
ObjectRoot: policy.ObjectRoot,
State: int32(policy.State),
MaxAgeDays: policy.MaxAgeDays,
ExpireWarnDays: policy.ExpireWarnDays,
}
}
func PasswordAgePolicyToModel(policy *PasswordAgePolicy) *iam_model.PasswordAgePolicy {
return &iam_model.PasswordAgePolicy{
ObjectRoot: policy.ObjectRoot,
State: iam_model.PolicyState(policy.State),
MaxAgeDays: policy.MaxAgeDays,
ExpireWarnDays: policy.ExpireWarnDays,
}
}
func (p *PasswordAgePolicy) Changes(changed *PasswordAgePolicy) map[string]interface{} {
changes := make(map[string]interface{}, 1)
if p.MaxAgeDays != changed.MaxAgeDays {
changes["maxAgeDays"] = changed.MaxAgeDays
}
if p.ExpireWarnDays != changed.ExpireWarnDays {
changes["expireWarnDays"] = changed.ExpireWarnDays
}
return changes
}
func (i *IAM) appendAddPasswordAgePolicyEvent(event *es_models.Event) error {
i.DefaultPasswordAgePolicy = new(PasswordAgePolicy)
err := i.DefaultPasswordAgePolicy.SetData(event)
if err != nil {
return err
}
i.DefaultPasswordAgePolicy.ObjectRoot.CreationDate = event.CreationDate
return nil
}
func (i *IAM) appendChangePasswordAgePolicyEvent(event *es_models.Event) error {
return i.DefaultPasswordAgePolicy.SetData(event)
}
func (p *PasswordAgePolicy) SetData(event *es_models.Event) error {
err := json.Unmarshal(event.Data, p)
if err != nil {
return errors.ThrowInternal(err, "EVENT-7JS9d", "unable to unmarshal data")
}
return nil
}

128
internal/iam/repository/eventsourcing/model/password_age_policy_test.go Normal file
View File

@@ -0,0 +1,128 @@
package model
import (
"encoding/json"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"testing"
)
func TestPasswordAgePolicyChanges(t *testing.T) {
type args struct {
existing *PasswordAgePolicy
new *PasswordAgePolicy
}
type res struct {
changesLen int
}
tests := []struct {
name string
args args
res res
}{
{
name: "age policy all attributes change",
args: args{
existing: &PasswordAgePolicy{MaxAgeDays: 365, ExpireWarnDays: 5},
new: &PasswordAgePolicy{MaxAgeDays: 730, ExpireWarnDays: 10},
},
res: res{
changesLen: 2,
},
},
{
name: "no changes",
args: args{
existing: &PasswordAgePolicy{MaxAgeDays: 10, ExpireWarnDays: 10},
new: &PasswordAgePolicy{MaxAgeDays: 10, ExpireWarnDays: 10},
},
res: res{
changesLen: 0,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
changes := tt.args.existing.Changes(tt.args.new)
if len(changes) != tt.res.changesLen {
t.Errorf("got wrong changes len: expected: %v, actual: %v ", tt.res.changesLen, len(changes))
}
})
}
}
func TestAppendAddPasswordAgePolicyEvent(t *testing.T) {
type args struct {
iam *IAM
policy *PasswordAgePolicy
event *es_models.Event
}
tests := []struct {
name string
args args
result *IAM
}{
{
name: "append add password age policy event",
args: args{
iam: new(IAM),
policy: &PasswordAgePolicy{MaxAgeDays: 10, ExpireWarnDays: 10},
event: new(es_models.Event),
},
result: &IAM{DefaultPasswordAgePolicy: &PasswordAgePolicy{MaxAgeDays: 10, ExpireWarnDays: 10}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.policy != nil {
data, _ := json.Marshal(tt.args.policy)
tt.args.event.Data = data
}
tt.args.iam.appendAddPasswordAgePolicyEvent(tt.args.event)
if tt.result.DefaultPasswordAgePolicy.MaxAgeDays != tt.args.iam.DefaultPasswordAgePolicy.MaxAgeDays {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultPasswordAgePolicy.MaxAgeDays, tt.args.iam.DefaultPasswordAgePolicy.MaxAgeDays)
}
if tt.result.DefaultPasswordAgePolicy.ExpireWarnDays != tt.args.iam.DefaultPasswordAgePolicy.ExpireWarnDays {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultPasswordAgePolicy.ExpireWarnDays, tt.args.iam.DefaultPasswordAgePolicy.ExpireWarnDays)
}
})
}
}
func TestAppendChangePasswordAgePolicyEvent(t *testing.T) {
type args struct {
iam *IAM
policy *PasswordAgePolicy
event *es_models.Event
}
tests := []struct {
name string
args args
result *IAM
}{
{
name: "append change password age policy event",
args: args{
iam: &IAM{DefaultPasswordAgePolicy: &PasswordAgePolicy{
MaxAgeDays: 10,
}},
policy: &PasswordAgePolicy{MaxAgeDays: 5},
event: &es_models.Event{},
},
result: &IAM{DefaultPasswordAgePolicy: &PasswordAgePolicy{
MaxAgeDays: 5,
}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.policy != nil {
data, _ := json.Marshal(tt.args.policy)
tt.args.event.Data = data
}
tt.args.iam.appendChangePasswordAgePolicyEvent(tt.args.event)
if tt.result.DefaultPasswordAgePolicy.MaxAgeDays != tt.args.iam.DefaultPasswordAgePolicy.MaxAgeDays {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultPasswordAgePolicy.MaxAgeDays, tt.args.iam.DefaultPasswordAgePolicy.MaxAgeDays)
}
})
}
}

87
internal/iam/repository/eventsourcing/model/password_complexity_policy.go Normal file
View File

@@ -0,0 +1,87 @@
package model
import (
"encoding/json"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
)
type PasswordComplexityPolicy struct {
models.ObjectRoot
State int32 `json:"-"`
MinLength uint64 `json:"minLength"`
HasLowercase bool `json:"hasLowercase"`
HasUppercase bool `json:"hasUppercase"`
HasNumber bool `json:"hasNumber"`
HasSymbol bool `json:"hasSymbol"`
}
func PasswordComplexityPolicyFromModel(policy *iam_model.PasswordComplexityPolicy) *PasswordComplexityPolicy {
return &PasswordComplexityPolicy{
ObjectRoot: policy.ObjectRoot,
State: int32(policy.State),
MinLength: policy.MinLength,
HasLowercase: policy.HasLowercase,
HasUppercase: policy.HasUppercase,
HasNumber: policy.HasNumber,
HasSymbol: policy.HasSymbol,
}
}
func PasswordComplexityPolicyToModel(policy *PasswordComplexityPolicy) *iam_model.PasswordComplexityPolicy {
return &iam_model.PasswordComplexityPolicy{
ObjectRoot: policy.ObjectRoot,
State: iam_model.PolicyState(policy.State),
MinLength: policy.MinLength,
HasLowercase: policy.HasLowercase,
HasUppercase: policy.HasUppercase,
HasNumber: policy.HasNumber,
HasSymbol: policy.HasSymbol,
}
}
func (p *PasswordComplexityPolicy) Changes(changed *PasswordComplexityPolicy) map[string]interface{} {
changes := make(map[string]interface{}, 1)
if p.MinLength != changed.MinLength {
changes["minLength"] = changed.MinLength
}
if p.HasLowercase != changed.HasLowercase {
changes["hasLowercase"] = changed.HasLowercase
}
if p.HasUppercase != changed.HasUppercase {
changes["hasUppercase"] = changed.HasUppercase
}
if p.HasNumber != changed.HasNumber {
changes["hasNumber"] = changed.HasNumber
}
if p.HasSymbol != changed.HasSymbol {
changes["hasSymbol"] = changed.HasSymbol
}
return changes
}
func (i *IAM) appendAddPasswordComplexityPolicyEvent(event *es_models.Event) error {
i.DefaultPasswordComplexityPolicy = new(PasswordComplexityPolicy)
err := i.DefaultPasswordComplexityPolicy.SetData(event)
if err != nil {
return err
}
i.DefaultPasswordComplexityPolicy.ObjectRoot.CreationDate = event.CreationDate
return nil
}
func (i *IAM) appendChangePasswordComplexityPolicyEvent(event *es_models.Event) error {
return i.DefaultPasswordComplexityPolicy.SetData(event)
}
func (p *PasswordComplexityPolicy) SetData(event *es_models.Event) error {
err := json.Unmarshal(event.Data, p)
if err != nil {
return errors.ThrowInternal(err, "EVENT-7JS9d", "unable to unmarshal data")
}
return nil
}

137
internal/iam/repository/eventsourcing/model/password_complexity_policy_test.go Normal file
View File

@@ -0,0 +1,137 @@
package model
import (
"encoding/json"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"testing"
)
func TestPasswordComplexityPolicyChanges(t *testing.T) {
type args struct {
existing *PasswordComplexityPolicy
new *PasswordComplexityPolicy
}
type res struct {
changesLen int
}
tests := []struct {
name string
args args
res res
}{
{
name: "loginpolicy all attributes change",
args: args{
existing: &PasswordComplexityPolicy{MinLength: 10, HasUppercase: true, HasLowercase: true, HasNumber: true, HasSymbol: true},
new: &PasswordComplexityPolicy{MinLength: 5, HasUppercase: false, HasLowercase: false, HasNumber: false, HasSymbol: false},
},
res: res{
changesLen: 5,
},
},
{
name: "no changes",
args: args{
existing: &PasswordComplexityPolicy{MinLength: 10, HasUppercase: true, HasLowercase: true, HasNumber: true, HasSymbol: true},
new: &PasswordComplexityPolicy{MinLength: 10, HasUppercase: true, HasLowercase: true, HasNumber: true, HasSymbol: true},
},
res: res{
changesLen: 0,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
changes := tt.args.existing.Changes(tt.args.new)
if len(changes) != tt.res.changesLen {
t.Errorf("got wrong changes len: expected: %v, actual: %v ", tt.res.changesLen, len(changes))
}
})
}
}
func TestAppendAddPasswordComplexityPolicyEvent(t *testing.T) {
type args struct {
iam *IAM
policy *PasswordComplexityPolicy
event *es_models.Event
}
tests := []struct {
name string
args args
result *IAM
}{
{
name: "append add password complexity policy event",
args: args{
iam: new(IAM),
policy: &PasswordComplexityPolicy{MinLength: 10, HasUppercase: true, HasLowercase: true, HasNumber: true, HasSymbol: true},
event: new(es_models.Event),
},
result: &IAM{DefaultPasswordComplexityPolicy: &PasswordComplexityPolicy{MinLength: 10, HasUppercase: true, HasLowercase: true, HasNumber: true, HasSymbol: true}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.policy != nil {
data, _ := json.Marshal(tt.args.policy)
tt.args.event.Data = data
}
tt.args.iam.appendAddPasswordComplexityPolicyEvent(tt.args.event)
if tt.result.DefaultPasswordComplexityPolicy.MinLength != tt.args.iam.DefaultPasswordComplexityPolicy.MinLength {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultPasswordComplexityPolicy.MinLength, tt.args.iam.DefaultPasswordComplexityPolicy.MinLength)
}
if tt.result.DefaultPasswordComplexityPolicy.HasUppercase != tt.args.iam.DefaultPasswordComplexityPolicy.HasUppercase {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultPasswordComplexityPolicy.HasUppercase, tt.args.iam.DefaultPasswordComplexityPolicy.HasUppercase)
}
if tt.result.DefaultPasswordComplexityPolicy.HasLowercase != tt.args.iam.DefaultPasswordComplexityPolicy.HasLowercase {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultPasswordComplexityPolicy.HasLowercase, tt.args.iam.DefaultPasswordComplexityPolicy.HasLowercase)
}
if tt.result.DefaultPasswordComplexityPolicy.HasNumber != tt.args.iam.DefaultPasswordComplexityPolicy.HasNumber {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultPasswordComplexityPolicy.HasNumber, tt.args.iam.DefaultPasswordComplexityPolicy.HasNumber)
}
if tt.result.DefaultPasswordComplexityPolicy.HasSymbol != tt.args.iam.DefaultPasswordComplexityPolicy.HasSymbol {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultPasswordComplexityPolicy.HasSymbol, tt.args.iam.DefaultPasswordComplexityPolicy.HasSymbol)
}
})
}
}
func TestAppendChangePasswordComplexityPolicyEvent(t *testing.T) {
type args struct {
iam *IAM
policy *PasswordComplexityPolicy
event *es_models.Event
}
tests := []struct {
name string
args args
result *IAM
}{
{
name: "append change password complexity policy event",
args: args{
iam: &IAM{DefaultPasswordComplexityPolicy: &PasswordComplexityPolicy{
MinLength: 10,
}},
policy: &PasswordComplexityPolicy{MinLength: 5},
event: &es_models.Event{},
},
result: &IAM{DefaultPasswordComplexityPolicy: &PasswordComplexityPolicy{
MinLength: 5,
}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.policy != nil {
data, _ := json.Marshal(tt.args.policy)
tt.args.event.Data = data
}
tt.args.iam.appendChangePasswordComplexityPolicyEvent(tt.args.event)
if tt.result.DefaultPasswordComplexityPolicy.MinLength != tt.args.iam.DefaultPasswordComplexityPolicy.MinLength {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultPasswordComplexityPolicy.MinLength, tt.args.iam.DefaultPasswordComplexityPolicy.MinLength)
}
})
}
}

69
internal/iam/repository/eventsourcing/model/password_lockout_policy.go Normal file
View File

@@ -0,0 +1,69 @@
package model
import (
"encoding/json"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
)
type PasswordLockoutPolicy struct {
models.ObjectRoot
State int32 `json:"-"`
MaxAttempts uint64 `json:"maxAttempts"`
ShowLockOutFailures bool `json:"showLockOutFailures"`
}
func PasswordLockoutPolicyFromModel(policy *iam_model.PasswordLockoutPolicy) *PasswordLockoutPolicy {
return &PasswordLockoutPolicy{
ObjectRoot: policy.ObjectRoot,
State: int32(policy.State),
MaxAttempts: policy.MaxAttempts,
ShowLockOutFailures: policy.ShowLockOutFailures,
}
}
func PasswordLockoutPolicyToModel(policy *PasswordLockoutPolicy) *iam_model.PasswordLockoutPolicy {
return &iam_model.PasswordLockoutPolicy{
ObjectRoot: policy.ObjectRoot,
State: iam_model.PolicyState(policy.State),
MaxAttempts: policy.MaxAttempts,
ShowLockOutFailures: policy.ShowLockOutFailures,
}
}
func (p *PasswordLockoutPolicy) Changes(changed *PasswordLockoutPolicy) map[string]interface{} {
changes := make(map[string]interface{}, 2)
if p.MaxAttempts != changed.MaxAttempts {
changes["maxAttempts"] = changed.MaxAttempts
}
if p.ShowLockOutFailures != changed.ShowLockOutFailures {
changes["showLockOutFailures"] = changed.ShowLockOutFailures
}
return changes
}
func (i *IAM) appendAddPasswordLockoutPolicyEvent(event *es_models.Event) error {
i.DefaultPasswordLockoutPolicy = new(PasswordLockoutPolicy)
err := i.DefaultPasswordLockoutPolicy.SetData(event)
if err != nil {
return err
}
i.DefaultPasswordLockoutPolicy.ObjectRoot.CreationDate = event.CreationDate
return nil
}
func (i *IAM) appendChangePasswordLockoutPolicyEvent(event *es_models.Event) error {
return i.DefaultPasswordLockoutPolicy.SetData(event)
}
func (p *PasswordLockoutPolicy) SetData(event *es_models.Event) error {
err := json.Unmarshal(event.Data, p)
if err != nil {
return errors.ThrowInternal(err, "EVENT-7JS9d", "unable to unmarshal data")
}
return nil
}

128
internal/iam/repository/eventsourcing/model/password_lockout_policy_test.go Normal file
View File

@@ -0,0 +1,128 @@
package model
import (
"encoding/json"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"testing"
)
func TestPasswordLockoutPolicyChanges(t *testing.T) {
type args struct {
existing *PasswordLockoutPolicy
new *PasswordLockoutPolicy
}
type res struct {
changesLen int
}
tests := []struct {
name string
args args
res res
}{
{
name: "lockout policy all attributes change",
args: args{
existing: &PasswordLockoutPolicy{MaxAttempts: 365, ShowLockOutFailures: true},
new: &PasswordLockoutPolicy{MaxAttempts: 730, ShowLockOutFailures: false},
},
res: res{
changesLen: 2,
},
},
{
name: "no changes",
args: args{
existing: &PasswordLockoutPolicy{MaxAttempts: 10, ShowLockOutFailures: true},
new: &PasswordLockoutPolicy{MaxAttempts: 10, ShowLockOutFailures: true},
},
res: res{
changesLen: 0,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
changes := tt.args.existing.Changes(tt.args.new)
if len(changes) != tt.res.changesLen {
t.Errorf("got wrong changes len: expected: %v, actual: %v ", tt.res.changesLen, len(changes))
}
})
}
}
func TestAppendAddPasswordLockoutPolicyEvent(t *testing.T) {
type args struct {
iam *IAM
policy *PasswordLockoutPolicy
event *es_models.Event
}
tests := []struct {
name string
args args
result *IAM
}{
{
name: "append add password lockout policy event",
args: args{
iam: new(IAM),
policy: &PasswordLockoutPolicy{MaxAttempts: 10, ShowLockOutFailures: true},
event: new(es_models.Event),
},
result: &IAM{DefaultPasswordLockoutPolicy: &PasswordLockoutPolicy{MaxAttempts: 10, ShowLockOutFailures: true}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.policy != nil {
data, _ := json.Marshal(tt.args.policy)
tt.args.event.Data = data
}
tt.args.iam.appendAddPasswordLockoutPolicyEvent(tt.args.event)
if tt.result.DefaultPasswordLockoutPolicy.MaxAttempts != tt.args.iam.DefaultPasswordLockoutPolicy.MaxAttempts {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultPasswordLockoutPolicy.MaxAttempts, tt.args.iam.DefaultPasswordLockoutPolicy.MaxAttempts)
}
if tt.result.DefaultPasswordLockoutPolicy.ShowLockOutFailures != tt.args.iam.DefaultPasswordLockoutPolicy.ShowLockOutFailures {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultPasswordLockoutPolicy.ShowLockOutFailures, tt.args.iam.DefaultPasswordLockoutPolicy.ShowLockOutFailures)
}
})
}
}
func TestAppendChangePasswordLockoutPolicyEvent(t *testing.T) {
type args struct {
iam *IAM
policy *PasswordLockoutPolicy
event *es_models.Event
}
tests := []struct {
name string
args args
result *IAM
}{
{
name: "append change password lockout policy event",
args: args{
iam: &IAM{DefaultPasswordLockoutPolicy: &PasswordLockoutPolicy{
MaxAttempts: 10,
}},
policy: &PasswordLockoutPolicy{MaxAttempts: 5},
event: &es_models.Event{},
},
result: &IAM{DefaultPasswordLockoutPolicy: &PasswordLockoutPolicy{
MaxAttempts: 5,
}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.policy != nil {
data, _ := json.Marshal(tt.args.policy)
tt.args.event.Data = data
}
tt.args.iam.appendChangePasswordLockoutPolicyEvent(tt.args.event)
if tt.result.DefaultPasswordLockoutPolicy.MaxAttempts != tt.args.iam.DefaultPasswordLockoutPolicy.MaxAttempts {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.DefaultPasswordLockoutPolicy.MaxAttempts, tt.args.iam.DefaultPasswordLockoutPolicy.MaxAttempts)
}
})
}
}

12
internal/iam/repository/eventsourcing/model/types.go
View File

@@ -30,4 +30,16 @@ const (
LoginPolicyIDPProviderAdded models.EventType = "iam.policy.login.idpprovider.added"
LoginPolicyIDPProviderRemoved models.EventType = "iam.policy.login.idpprovider.removed"
LoginPolicyIDPProviderCascadeRemoved models.EventType = "iam.policy.login.idpprovider.cascade.removed"
PasswordComplexityPolicyAdded models.EventType = "iam.policy.password.complexity.added"
PasswordComplexityPolicyChanged models.EventType = "iam.policy.password.complexity.changed"
PasswordAgePolicyAdded models.EventType = "iam.policy.password.age.added"
PasswordAgePolicyChanged models.EventType = "iam.policy.password.age.changed"
PasswordLockoutPolicyAdded models.EventType = "iam.policy.password.lockout.added"
PasswordLockoutPolicyChanged models.EventType = "iam.policy.password.lockout.changed"
OrgIAMPolicyAdded models.EventType = "iam.policy.org.iam.added"
OrgIAMPolicyChanged models.EventType = "iam.policy.org.iam.changed"
)

78
internal/iam/repository/view/model/org_iam_policy.go Normal file
View File

@@ -0,0 +1,78 @@
package model
import (
"encoding/json"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
"time"
es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/logging"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/model"
)
const (
OrgIAMPolicyKeyAggregateID = "aggregate_id"
)
type OrgIAMPolicyView struct {
AggregateID string `json:"-" gorm:"column:aggregate_id;primary_key"`
CreationDate time.Time `json:"-" gorm:"column:creation_date"`
ChangeDate time.Time `json:"-" gorm:"column:change_date"`
State int32 `json:"-" gorm:"column:org_iam_policy_state"`
UserLoginMustBeDomain bool `json:"userLoginMustBeDomain" gorm:"column:user_login_must_be_domain"`
Default bool `json:"-" gorm:"-"`
Sequence uint64 `json:"-" gorm:"column:sequence"`
}
func OrgIAMViewFromModel(policy *model.OrgIAMPolicyView) *OrgIAMPolicyView {
return &OrgIAMPolicyView{
AggregateID: policy.AggregateID,
Sequence: policy.Sequence,
CreationDate: policy.CreationDate,
ChangeDate: policy.ChangeDate,
Default: policy.Default,
UserLoginMustBeDomain: policy.UserLoginMustBeDomain,
}
}
func OrgIAMViewToModel(policy *OrgIAMPolicyView) *model.OrgIAMPolicyView {
return &model.OrgIAMPolicyView{
AggregateID: policy.AggregateID,
Sequence: policy.Sequence,
CreationDate: policy.CreationDate,
ChangeDate: policy.ChangeDate,
UserLoginMustBeDomain: policy.UserLoginMustBeDomain,
Default: policy.Default,
}
}
func (i *OrgIAMPolicyView) AppendEvent(event *models.Event) (err error) {
i.Sequence = event.Sequence
i.ChangeDate = event.CreationDate
switch event.Type {
case es_model.OrgIAMPolicyAdded, org_es_model.OrgIAMPolicyAdded:
i.setRootData(event)
i.CreationDate = event.CreationDate
err = i.SetData(event)
case es_model.OrgIAMPolicyChanged, org_es_model.OrgIAMPolicyChanged:
err = i.SetData(event)
}
return err
}
func (r *OrgIAMPolicyView) setRootData(event *models.Event) {
r.AggregateID = event.AggregateID
}
func (r *OrgIAMPolicyView) SetData(event *models.Event) error {
if err := json.Unmarshal(event.Data, r); err != nil {
logging.Log("EVEN-Dmi9g").WithError(err).Error("could not unmarshal event data")
return caos_errs.ThrowInternal(err, "MODEL-Hs8uf", "Could not unmarshal data")
}
return nil
}

59
internal/iam/repository/view/model/org_iam_policy_query.go Normal file
View File

@@ -0,0 +1,59 @@
package model
import (
iam_model "github.com/caos/zitadel/internal/iam/model"
global_model "github.com/caos/zitadel/internal/model"
"github.com/caos/zitadel/internal/view/repository"
)
type OrgIAMPolicySearchRequest iam_model.OrgIAMPolicySearchRequest
type OrgIAMPolicySearchQuery iam_model.OrgIAMPolicySearchQuery
type OrgIAMPolicySearchKey iam_model.OrgIAMPolicySearchKey
func (req OrgIAMPolicySearchRequest) GetLimit() uint64 {
return req.Limit
}
func (req OrgIAMPolicySearchRequest) GetOffset() uint64 {
return req.Offset
}
func (req OrgIAMPolicySearchRequest) GetSortingColumn() repository.ColumnKey {
if req.SortingColumn == iam_model.OrgIAMPolicySearchKeyUnspecified {
return nil
}
return OrgIAMPolicySearchKey(req.SortingColumn)
}
func (req OrgIAMPolicySearchRequest) GetAsc() bool {
return req.Asc
}
func (req OrgIAMPolicySearchRequest) GetQueries() []repository.SearchQuery {
result := make([]repository.SearchQuery, len(req.Queries))
for i, q := range req.Queries {
result[i] = OrgIAMPolicySearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
}
return result
}
func (req OrgIAMPolicySearchQuery) GetKey() repository.ColumnKey {
return OrgIAMPolicySearchKey(req.Key)
}
func (req OrgIAMPolicySearchQuery) GetMethod() global_model.SearchMethod {
return req.Method
}
func (req OrgIAMPolicySearchQuery) GetValue() interface{} {
return req.Value
}
func (key OrgIAMPolicySearchKey) ToColumnName() string {
switch iam_model.OrgIAMPolicySearchKey(key) {
case iam_model.OrgIAMPolicySearchKeyAggregateID:
return OrgIAMPolicyKeyAggregateID
default:
return ""
}
}

81
internal/iam/repository/view/model/password_age_policy.go Normal file
View File

@@ -0,0 +1,81 @@
package model
import (
"encoding/json"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
"time"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/logging"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/model"
)
const (
PasswordAgeKeyAggregateID = "aggregate_id"
)
type PasswordAgePolicyView struct {
AggregateID string `json:"-" gorm:"column:aggregate_id;primary_key"`
CreationDate time.Time `json:"-" gorm:"column:creation_date"`
ChangeDate time.Time `json:"-" gorm:"column:change_date"`
State int32 `json:"-" gorm:"column:age_policy_state"`
MaxAgeDays uint64 `json:"maxAgeDays" gorm:"column:max_age_days"`
ExpireWarnDays uint64 `json:"expireWarnDays" gorm:"column:expire_warn_days"`
Default bool `json:"-" gorm:"-"`
Sequence uint64 `json:"-" gorm:"column:sequence"`
}
func PasswordAgeViewFromModel(policy *model.PasswordAgePolicyView) *PasswordAgePolicyView {
return &PasswordAgePolicyView{
AggregateID: policy.AggregateID,
Sequence: policy.Sequence,
CreationDate: policy.CreationDate,
ChangeDate: policy.ChangeDate,
MaxAgeDays: policy.MaxAgeDays,
ExpireWarnDays: policy.ExpireWarnDays,
Default: policy.Default,
}
}
func PasswordAgeViewToModel(policy *PasswordAgePolicyView) *model.PasswordAgePolicyView {
return &model.PasswordAgePolicyView{
AggregateID: policy.AggregateID,
Sequence: policy.Sequence,
CreationDate: policy.CreationDate,
ChangeDate: policy.ChangeDate,
MaxAgeDays: policy.MaxAgeDays,
ExpireWarnDays: policy.ExpireWarnDays,
Default: policy.Default,
}
}
func (i *PasswordAgePolicyView) AppendEvent(event *models.Event) (err error) {
i.Sequence = event.Sequence
i.ChangeDate = event.CreationDate
switch event.Type {
case iam_es_model.PasswordAgePolicyAdded, org_es_model.PasswordAgePolicyAdded:
i.setRootData(event)
i.CreationDate = event.CreationDate
err = i.SetData(event)
case iam_es_model.PasswordAgePolicyChanged, org_es_model.PasswordAgePolicyChanged:
err = i.SetData(event)
}
return err
}
func (r *PasswordAgePolicyView) setRootData(event *models.Event) {
r.AggregateID = event.AggregateID
}
func (r *PasswordAgePolicyView) SetData(event *models.Event) error {
if err := json.Unmarshal(event.Data, r); err != nil {
logging.Log("EVEN-gH9os").WithError(err).Error("could not unmarshal event data")
return caos_errs.ThrowInternal(err, "MODEL-Hs8uf", "Could not unmarshal data")
}
return nil
}

59
internal/iam/repository/view/model/password_age_policy_query.go Normal file
View File

@@ -0,0 +1,59 @@
package model
import (
iam_model "github.com/caos/zitadel/internal/iam/model"
global_model "github.com/caos/zitadel/internal/model"
"github.com/caos/zitadel/internal/view/repository"
)
type PasswordAgePolicySearchRequest iam_model.PasswordAgePolicySearchRequest
type PasswordAgePolicySearchQuery iam_model.PasswordAgePolicySearchQuery
type PasswordAgePolicySearchKey iam_model.PasswordAgePolicySearchKey
func (req PasswordAgePolicySearchRequest) GetLimit() uint64 {
return req.Limit
}
func (req PasswordAgePolicySearchRequest) GetOffset() uint64 {
return req.Offset
}
func (req PasswordAgePolicySearchRequest) GetSortingColumn() repository.ColumnKey {
if req.SortingColumn == iam_model.PasswordAgePolicySearchKeyUnspecified {
return nil
}
return PasswordAgePolicySearchKey(req.SortingColumn)
}
func (req PasswordAgePolicySearchRequest) GetAsc() bool {
return req.Asc
}
func (req PasswordAgePolicySearchRequest) GetQueries() []repository.SearchQuery {
result := make([]repository.SearchQuery, len(req.Queries))
for i, q := range req.Queries {
result[i] = PasswordAgePolicySearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
}
return result
}
func (req PasswordAgePolicySearchQuery) GetKey() repository.ColumnKey {
return PasswordAgePolicySearchKey(req.Key)
}
func (req PasswordAgePolicySearchQuery) GetMethod() global_model.SearchMethod {
return req.Method
}
func (req PasswordAgePolicySearchQuery) GetValue() interface{} {
return req.Value
}
func (key PasswordAgePolicySearchKey) ToColumnName() string {
switch iam_model.PasswordAgePolicySearchKey(key) {
case iam_model.PasswordAgePolicySearchKeyAggregateID:
return PasswordAgeKeyAggregateID
default:
return ""
}
}

90
internal/iam/repository/view/model/password_complexity_policy.go Normal file
View File

@@ -0,0 +1,90 @@
package model
import (
"encoding/json"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
"time"
es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/logging"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/model"
)
const (
PasswordComplexityKeyAggregateID = "aggregate_id"
)
type PasswordComplexityPolicyView struct {
AggregateID string `json:"-" gorm:"column:aggregate_id;primary_key"`
CreationDate time.Time `json:"-" gorm:"column:creation_date"`
ChangeDate time.Time `json:"-" gorm:"column:change_date"`
State int32 `json:"-" gorm:"column:complexity_policy_state"`
MinLength uint64 `json:"minLength" gorm:"column:min_length"`
HasLowercase bool `json:"hasLowercase" gorm:"column:has_lowercase"`
HasUppercase bool `json:"hasUppercase" gorm:"column:has_uppercase"`
HasSymbol bool `json:"hasSymbol" gorm:"column:has_symbol"`
HasNumber bool `json:"hasNumber" gorm:"column:has_number"`
Default bool `json:"-" gorm:"-"`
Sequence uint64 `json:"-" gorm:"column:sequence"`
}
func PasswordComplexityViewFromModel(policy *model.PasswordComplexityPolicyView) *PasswordComplexityPolicyView {
return &PasswordComplexityPolicyView{
AggregateID: policy.AggregateID,
Sequence: policy.Sequence,
CreationDate: policy.CreationDate,
ChangeDate: policy.ChangeDate,
MinLength: policy.MinLength,
HasLowercase: policy.HasLowercase,
HasUppercase: policy.HasUppercase,
HasSymbol: policy.HasSymbol,
HasNumber: policy.HasNumber,
Default: policy.Default,
}
}
func PasswordComplexityViewToModel(policy *PasswordComplexityPolicyView) *model.PasswordComplexityPolicyView {
return &model.PasswordComplexityPolicyView{
AggregateID: policy.AggregateID,
Sequence: policy.Sequence,
CreationDate: policy.CreationDate,
ChangeDate: policy.ChangeDate,
MinLength: policy.MinLength,
HasLowercase: policy.HasLowercase,
HasUppercase: policy.HasUppercase,
HasSymbol: policy.HasSymbol,
HasNumber: policy.HasNumber,
Default: policy.Default,
}
}
func (i *PasswordComplexityPolicyView) AppendEvent(event *models.Event) (err error) {
i.Sequence = event.Sequence
i.ChangeDate = event.CreationDate
switch event.Type {
case es_model.PasswordComplexityPolicyAdded, org_es_model.PasswordComplexityPolicyAdded:
i.setRootData(event)
i.CreationDate = event.CreationDate
err = i.SetData(event)
case es_model.PasswordComplexityPolicyChanged, org_es_model.PasswordComplexityPolicyChanged:
err = i.SetData(event)
}
return err
}
func (r *PasswordComplexityPolicyView) setRootData(event *models.Event) {
r.AggregateID = event.AggregateID
}
func (r *PasswordComplexityPolicyView) SetData(event *models.Event) error {
if err := json.Unmarshal(event.Data, r); err != nil {
logging.Log("EVEN-Dmi9g").WithError(err).Error("could not unmarshal event data")
return caos_errs.ThrowInternal(err, "MODEL-Hs8uf", "Could not unmarshal data")
}
return nil
}

59
internal/iam/repository/view/model/password_complexity_policy_query.go Normal file
View File

@@ -0,0 +1,59 @@
package model
import (
iam_model "github.com/caos/zitadel/internal/iam/model"
global_model "github.com/caos/zitadel/internal/model"
"github.com/caos/zitadel/internal/view/repository"
)
type PasswordComplexityPolicySearchRequest iam_model.PasswordComplexityPolicySearchRequest
type PasswordComplexityPolicySearchQuery iam_model.PasswordComplexityPolicySearchQuery
type PasswordComplexityPolicySearchKey iam_model.PasswordComplexityPolicySearchKey
func (req PasswordComplexityPolicySearchRequest) GetLimit() uint64 {
return req.Limit
}
func (req PasswordComplexityPolicySearchRequest) GetOffset() uint64 {
return req.Offset
}
func (req PasswordComplexityPolicySearchRequest) GetSortingColumn() repository.ColumnKey {
if req.SortingColumn == iam_model.PasswordComplexityPolicySearchKeyUnspecified {
return nil
}
return PasswordComplexityPolicySearchKey(req.SortingColumn)
}
func (req PasswordComplexityPolicySearchRequest) GetAsc() bool {
return req.Asc
}
func (req PasswordComplexityPolicySearchRequest) GetQueries() []repository.SearchQuery {
result := make([]repository.SearchQuery, len(req.Queries))
for i, q := range req.Queries {
result[i] = PasswordComplexityPolicySearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
}
return result
}
func (req PasswordComplexityPolicySearchQuery) GetKey() repository.ColumnKey {
return PasswordComplexityPolicySearchKey(req.Key)
}
func (req PasswordComplexityPolicySearchQuery) GetMethod() global_model.SearchMethod {
return req.Method
}
func (req PasswordComplexityPolicySearchQuery) GetValue() interface{} {
return req.Value
}
func (key PasswordComplexityPolicySearchKey) ToColumnName() string {
switch iam_model.PasswordComplexityPolicySearchKey(key) {
case iam_model.PasswordComplexityPolicySearchKeyAggregateID:
return PasswordComplexityKeyAggregateID
default:
return ""
}
}

81
internal/iam/repository/view/model/password_lockout_policy.go Normal file
View File

@@ -0,0 +1,81 @@
package model
import (
"encoding/json"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
"time"
es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/logging"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/model"
)
const (
PasswordLockoutKeyAggregateID = "aggregate_id"
)
type PasswordLockoutPolicyView struct {
AggregateID string `json:"-" gorm:"column:aggregate_id;primary_key"`
CreationDate time.Time `json:"-" gorm:"column:creation_date"`
ChangeDate time.Time `json:"-" gorm:"column:change_date"`
State int32 `json:"-" gorm:"column:lockout_policy_state"`
MaxAttempts uint64 `json:"maxAttempts" gorm:"column:max_attempts"`
ShowLockOutFailures bool `json:"showLockOutFailures" gorm:"column:show_lockout_failures"`
Default bool `json:"-" gorm:"-"`
Sequence uint64 `json:"-" gorm:"column:sequence"`
}
func PasswordLockoutViewFromModel(policy *model.PasswordLockoutPolicyView) *PasswordLockoutPolicyView {
return &PasswordLockoutPolicyView{
AggregateID: policy.AggregateID,
Sequence: policy.Sequence,
CreationDate: policy.CreationDate,
ChangeDate: policy.ChangeDate,
MaxAttempts: policy.MaxAttempts,
ShowLockOutFailures: policy.ShowLockOutFailures,
Default: policy.Default,
}
}
func PasswordLockoutViewToModel(policy *PasswordLockoutPolicyView) *model.PasswordLockoutPolicyView {
return &model.PasswordLockoutPolicyView{
AggregateID: policy.AggregateID,
Sequence: policy.Sequence,
CreationDate: policy.CreationDate,
ChangeDate: policy.ChangeDate,
MaxAttempts: policy.MaxAttempts,
ShowLockOutFailures: policy.ShowLockOutFailures,
Default: policy.Default,
}
}
func (i *PasswordLockoutPolicyView) AppendEvent(event *models.Event) (err error) {
i.Sequence = event.Sequence
i.ChangeDate = event.CreationDate
switch event.Type {
case es_model.PasswordLockoutPolicyAdded, org_es_model.PasswordLockoutPolicyAdded:
i.setRootData(event)
i.CreationDate = event.CreationDate
err = i.SetData(event)
case es_model.PasswordLockoutPolicyChanged, org_es_model.PasswordLockoutPolicyChanged:
err = i.SetData(event)
}
return err
}
func (r *PasswordLockoutPolicyView) setRootData(event *models.Event) {
r.AggregateID = event.AggregateID
}
func (r *PasswordLockoutPolicyView) SetData(event *models.Event) error {
if err := json.Unmarshal(event.Data, r); err != nil {
logging.Log("EVEN-gHls0").WithError(err).Error("could not unmarshal event data")
return caos_errs.ThrowInternal(err, "MODEL-Hs8uf", "Could not unmarshal data")
}
return nil
}

59
internal/iam/repository/view/model/password_lockout_policy_query.go Normal file
View File

@@ -0,0 +1,59 @@
package model
import (
iam_model "github.com/caos/zitadel/internal/iam/model"
global_model "github.com/caos/zitadel/internal/model"
"github.com/caos/zitadel/internal/view/repository"
)
type PasswordLockoutPolicySearchRequest iam_model.PasswordLockoutPolicySearchRequest
type PasswordLockoutPolicySearchQuery iam_model.PasswordLockoutPolicySearchQuery
type PasswordLockoutPolicySearchKey iam_model.PasswordLockoutPolicySearchKey
func (req PasswordLockoutPolicySearchRequest) GetLimit() uint64 {
return req.Limit
}
func (req PasswordLockoutPolicySearchRequest) GetOffset() uint64 {
return req.Offset
}
func (req PasswordLockoutPolicySearchRequest) GetSortingColumn() repository.ColumnKey {
if req.SortingColumn == iam_model.PasswordLockoutPolicySearchKeyUnspecified {
return nil
}
return PasswordLockoutPolicySearchKey(req.SortingColumn)
}
func (req PasswordLockoutPolicySearchRequest) GetAsc() bool {
return req.Asc
}
func (req PasswordLockoutPolicySearchRequest) GetQueries() []repository.SearchQuery {
result := make([]repository.SearchQuery, len(req.Queries))
for i, q := range req.Queries {
result[i] = PasswordLockoutPolicySearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
}
return result
}
func (req PasswordLockoutPolicySearchQuery) GetKey() repository.ColumnKey {
return PasswordLockoutPolicySearchKey(req.Key)
}
func (req PasswordLockoutPolicySearchQuery) GetMethod() global_model.SearchMethod {
return req.Method
}
func (req PasswordLockoutPolicySearchQuery) GetValue() interface{} {
return req.Value
}
func (key PasswordLockoutPolicySearchKey) ToColumnName() string {
switch iam_model.PasswordLockoutPolicySearchKey(key) {
case iam_model.PasswordLockoutPolicySearchKeyAggregateID:
return PasswordLockoutKeyAggregateID
default:
return ""
}
}

32
internal/iam/repository/view/org_iam_policy_view.go Normal file
View File

@@ -0,0 +1,32 @@
package view
import (
caos_errs "github.com/caos/zitadel/internal/errors"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_model "github.com/caos/zitadel/internal/model"
"github.com/caos/zitadel/internal/view/repository"
"github.com/jinzhu/gorm"
)
func GetOrgIAMPolicyByAggregateID(db *gorm.DB, table, aggregateID string) (*model.OrgIAMPolicyView, error) {
policy := new(model.OrgIAMPolicyView)
userIDQuery := &model.OrgIAMPolicySearchQuery{Key: iam_model.OrgIAMPolicySearchKeyAggregateID, Value: aggregateID, Method: global_model.SearchMethodEquals}
query := repository.PrepareGetByQuery(table, userIDQuery)
err := query(db, policy)
if caos_errs.IsNotFound(err) {
return nil, caos_errs.ThrowNotFound(nil, "VIEW-5fi9s", "Errors.IAM.OrgIAMPolicy.NotExisting")
}
return policy, err
}
func PutOrgIAMPolicy(db *gorm.DB, table string, policy *model.OrgIAMPolicyView) error {
save := repository.PrepareSave(table)
return save(db, policy)
}
func DeleteOrgIAMPolicy(db *gorm.DB, table, aggregateID string) error {
delete := repository.PrepareDeleteByKey(table, model.OrgIAMPolicySearchKey(iam_model.OrgIAMPolicySearchKeyAggregateID), aggregateID)
return delete(db)
}

32
internal/iam/repository/view/password_age_policy_view.go Normal file
View File

@@ -0,0 +1,32 @@
package view
import (
caos_errs "github.com/caos/zitadel/internal/errors"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_model "github.com/caos/zitadel/internal/model"
"github.com/caos/zitadel/internal/view/repository"
"github.com/jinzhu/gorm"
)
func GetPasswordAgePolicyByAggregateID(db *gorm.DB, table, aggregateID string) (*model.PasswordAgePolicyView, error) {
policy := new(model.PasswordAgePolicyView)
userIDQuery := &model.PasswordAgePolicySearchQuery{Key: iam_model.PasswordAgePolicySearchKeyAggregateID, Value: aggregateID, Method: global_model.SearchMethodEquals}
query := repository.PrepareGetByQuery(table, userIDQuery)
err := query(db, policy)
if caos_errs.IsNotFound(err) {
return nil, caos_errs.ThrowNotFound(nil, "VIEW-Lso0cs", "Errors.IAM.PasswordAgePolicy.NotExisting")
}
return policy, err
}
func PutPasswordAgePolicy(db *gorm.DB, table string, policy *model.PasswordAgePolicyView) error {
save := repository.PrepareSave(table)
return save(db, policy)
}
func DeletePasswordAgePolicy(db *gorm.DB, table, aggregateID string) error {
delete := repository.PrepareDeleteByKey(table, model.PasswordAgePolicySearchKey(iam_model.PasswordAgePolicySearchKeyAggregateID), aggregateID)
return delete(db)
}

32
internal/iam/repository/view/password_complexity_policy_view.go Normal file
View File

@@ -0,0 +1,32 @@
package view
import (
caos_errs "github.com/caos/zitadel/internal/errors"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_model "github.com/caos/zitadel/internal/model"
"github.com/caos/zitadel/internal/view/repository"
"github.com/jinzhu/gorm"
)
func GetPasswordComplexityPolicyByAggregateID(db *gorm.DB, table, aggregateID string) (*model.PasswordComplexityPolicyView, error) {
policy := new(model.PasswordComplexityPolicyView)
userIDQuery := &model.PasswordComplexityPolicySearchQuery{Key: iam_model.PasswordComplexityPolicySearchKeyAggregateID, Value: aggregateID, Method: global_model.SearchMethodEquals}
query := repository.PrepareGetByQuery(table, userIDQuery)
err := query(db, policy)
if caos_errs.IsNotFound(err) {
return nil, caos_errs.ThrowNotFound(nil, "VIEW-Lso0cs", "Errors.IAM.PasswordComplexityPolicy.NotExisting")
}
return policy, err
}
func PutPasswordComplexityPolicy(db *gorm.DB, table string, policy *model.PasswordComplexityPolicyView) error {
save := repository.PrepareSave(table)
return save(db, policy)
}
func DeletePasswordComplexityPolicy(db *gorm.DB, table, aggregateID string) error {
delete := repository.PrepareDeleteByKey(table, model.PasswordComplexityPolicySearchKey(iam_model.PasswordComplexityPolicySearchKeyAggregateID), aggregateID)
return delete(db)
}

32
internal/iam/repository/view/password_lockout_policy_view.go Normal file
View File

@@ -0,0 +1,32 @@
package view
import (
caos_errs "github.com/caos/zitadel/internal/errors"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/iam/repository/view/model"
global_model "github.com/caos/zitadel/internal/model"
"github.com/caos/zitadel/internal/view/repository"
"github.com/jinzhu/gorm"
)
func GetPasswordLockoutPolicyByAggregateID(db *gorm.DB, table, aggregateID string) (*model.PasswordLockoutPolicyView, error) {
policy := new(model.PasswordLockoutPolicyView)
userIDQuery := &model.PasswordLockoutPolicySearchQuery{Key: iam_model.PasswordLockoutPolicySearchKeyAggregateID, Value: aggregateID, Method: global_model.SearchMethodEquals}
query := repository.PrepareGetByQuery(table, userIDQuery)
err := query(db, policy)
if caos_errs.IsNotFound(err) {
return nil, caos_errs.ThrowNotFound(nil, "VIEW-Lso0cs", "Errors.IAM.PasswordLockoutPolicy.NotExisting")
}
return policy, err
}
func PutPasswordLockoutPolicy(db *gorm.DB, table string, policy *model.PasswordLockoutPolicyView) error {
save := repository.PrepareSave(table)
return save(db, policy)
}
func DeletePasswordLockoutPolicy(db *gorm.DB, table, aggregateID string) error {
delete := repository.PrepareDeleteByKey(table, model.PasswordLockoutPolicySearchKey(iam_model.PasswordLockoutPolicySearchKeyAggregateID), aggregateID)
return delete(db)
}