Add additional permission integration tests to the user v2 query endpoints including some fixes to correctly check the permissions after the data is known which you want to query.
* feat: add query endpoints for user v2 api
* fix: correct integration tests
* fix: correct linting
* fix: correct linting
* fix: comment out permission check on user get and list
* fix: permission check on user v2 query
* fix: merge back origin/main
* fix: add search query in user emails
* fix: reset count for SearchUser if users are removed due to permissions
* fix: reset count for SearchUser if users are removed due to permissions
---------
Co-authored-by: Elio Bischof <elio@zitadel.com>
* start user by id
* ignore debug bin
* use new user by id
* new sql
* fix(sql): replace STRING with text for psql compatabilit
* some changes
* fix: correct user queries
* fix tests
* unify sql statements
* use specific get user methods
* search login name case insensitive
* refactor: optimise user statements
* add index
* fix queries
* fix: correct domain segregation
* return all login names
* fix queries
* improve readability
* query should be correct now
* cleanup statements
* fix username / loginname handling
* fix: psql doesn't support create view if not exists
* fix: create pre-release
* ignore release comments
* add lower fields
* fix: always to lower
* update to latest projection
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
* get key by id and cache them
* userinfo from events for v2 tokens
* improve keyset caching
* concurrent token and client checks
* client and project in single query
* logging and otel
* drop owner_removed column on apps and authN tables
* userinfo and project roles in go routines
* get oidc user info from projections and add actions
* add avatar URL
* some cleanup
* pull oidc work branch
* remove storage from server
* add config flag for experimental introspection
* legacy introspection flag
* drop owner_removed column on user projections
* drop owner_removed column on useer_metadata
* query userinfo unit test
* query introspection client test
* add user_grants to the userinfo query
* handle PAT scopes
* bring triggers back
* test instance keys query
* add userinfo unit tests
* unit test keys
* go mod tidy
* solve some bugs
* fix missing preferred login name
* do not run triggers in go routines, they seem to deadlock
* initialize the trigger handlers late with a sync.OnceValue
* Revert "do not run triggers in go routines, they seem to deadlock"
This reverts commit 2a03da2127.
* add missing translations
* chore: update go version for linting
* pin oidc version
* parse a global time location for query test
* fix linter complains
* upgrade go lint
* fix more linting issues
---------
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
* feat(user/v1): support composite queries
* fix: added proper error handling for NotQuery
* Added error when there are too many levels of nesting
* Add localization keys for english
* Update internal/api/grpc/user/query.go
This implementation increases parallel write capabilities of the eventstore.
Please have a look at the technical advisories: [05](https://zitadel.com/docs/support/advisory/a10005) and [06](https://zitadel.com/docs/support/advisory/a10006).
The implementation of eventstore.push is rewritten and stored events are migrated to a new table `eventstore.events2`.
If you are using cockroach: make sure that the database user of ZITADEL has `VIEWACTIVITY` grant. This is used to query events.
feat(storage): read only transactions for queries (#6415)
* fix: tests
* bastle wie en grosse
* fix(database): scan as callback
* fix tests
* fix merge failures
* remove as of system time
* refactor: remove unused test
* refacotr: remove unused lines
* reproduce #5808
Add an integration test that imports and gets N amount of human users.
- With N set to 1-10 the operation seems to succeed always
- With N set to 100 the operation seems to fail between 1 and 7 times.
* fix merge issue
* fix: reset the call timestamp after a bulk trigger
With the use of `AS OF SYSTEM TIME` in queries,
there was a change for the query package not
finding the latest projection verson after
a bulk trigger.
If events where processed in the bulk trigger,
the resulting row timestamp would be after the call
start timestamp.
This sometimes resulted in consistency issues when
Set and Get API methods are called in short succession.
For example a Import and Get user could sometimes result in a Not Found
error.
Although the issue was reported for the Management API user import,
it is likely this bug contributed to the flaky integration and e2e tests.
Fixes#5808
* trigger bulk action in GetSession
* don't use the new context in handler schedule
* disable reproduction test
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
Add functionality to configure the access token type on the service accounts to provide the oidc library with the necessary information to create the right type of access token.
Request an access_token for service users with OAuth 2.0 Client Credentials Grant. Added functionality to generate and remove a secret on service users.
* feat(command): remove org
* refactor: imports, unused code, error handling
* reduce org removed in action
* add org deletion to projections
* add org removal to projections
* add org removal to projections
* org removed projection
* lint import
* projections
* fix: table names in tests
* fix: table names in tests
* logging
* add org state
* fix(domain): add Owner removed to object details
* feat(ListQuery): add with owner removed
* fix(org-delete): add bool to functions to select with owner removed
* fix(org-delete): add bools to user grants with events to determine if dependencies lost owner
* fix(org-delete): add unit tests for owner removed and org removed events
* fix(org-delete): add handling of org remove for grants and members
* fix(org-delete): correction of unit tests for owner removed
* fix(org-delete): update projections, unit tests and get functions
* fix(org-delete): add change date to authnkeys and owner removed to org metadata
* fix(org-delete): include owner removed for login names
* fix(org-delete): some column fixes in projections and build for queries with owner removed
* indexes
* fix(org-delete): include review changes
* fix(org-delete): change user projection name after merge
* fix(org-delete): include review changes for project grant where no project owner is necessary
* fix(org-delete): include auth and adminapi tables with owner removed information
* fix(org-delete): cleanup username and orgdomain uniqueconstraints when org is removed
* fix(org-delete): add permissions for org.remove
* remove unnecessary unique constraints
* fix column order in primary keys
* fix(org-delete): include review changes
* fix(org-delete): add owner removed indexes and chang setup step to create tables
* fix(org-delete): move PK order of instance_id and change added user_grant from review
* fix(org-delete): no params for prepareUserQuery
* change to step 6
* merge main
* fix(org-delete): OldUserName rename to private
* fix linting
* cleanup
* fix: remove org test
* create prerelease
* chore: delete org-delete as prerelease
Co-authored-by: Stefan Benz <stefan@caos.ch>
Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
* fix(user): add search query for login name
* fix(user): change login name query to IN from EXISTS
* fix(loginname): include InQuery into ListQuery with SubSelect as possible datasource
* fix(user): apply suggestions from code review
Co-authored-by: Livio Spring <livio.a@gmail.com>
* fix: correct unit test for search query
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
* begin init checks for projections
* first projection checks
* debug notification providers with query fixes
* more projections and first index
* more projections
* more projections
* finish projections
* fix tests (remove db name)
* create tables in setup
* fix logging / error handling
* add tenant to views
* rename tenant to instance_id
* add instance_id to all projections
* add instance_id to all queries
* correct instance_id on projections
* add instance_id to failed_events
* use separate context for instance
* implement features projection
* implement features projection
* remove unique constraint from setup when migration failed
* add error to failed setup event
* add instance_id to primary keys
* fix IAM projection
* remove old migrations folder
* fix keysFromYAML test
* refactor(domain): add user type
* fix(projections): start with login names
* fix(login_policy): correct handling of user domain claimed event
* fix(projections): add members
* refactor: simplify member projections
* add migration for members
* add metadata to member projections
* refactor: login name projection
* fix: set correct suffixes on login name projections
* test(projections): login name reduces
* fix: correct cols in reduce member
* test(projections): org, iam, project members
* member additional cols and conds as opt,
add project grant members
* fix(migration): members
* fix(migration): correct database name
* migration version
* migs
* better naming for member cond and col
* split project and project grant members
* prepare member columns
* feat(queries): membership query
* test(queries): membership prepare
* fix(queries): multiple projections for latest sequence
* fix(api): use query for membership queries in auth and management
* feat: org member queries
* fix(api): use query for iam member calls
* fix(queries): org members
* fix(queries): project members
* fix(queries): project grant members
* fix(query): member queries and user avatar column
* member cols
* fix(queries): membership stmt
* fix user test
* fix user test
* fix(projections): add user grant projection
* fix(user_grant): handle state changes
* add state to migration
* fix(management): use query for user grant requests
* merge eventstore-naming into user-grant-projection
* feat(queries): user grants
* fix(migrations): version
* fix(api): user query for user grants
* fix(query): event mappers for usergrant aggregate
* fix(projection): correct aggregate for user grants
* fix(queries): user grant roles as list contains
* cleanup reducers
* fix avater_key to avatar_key
* tests
* cleanup
* cleanup
* add resourceowner query
* fix: user grant project name search query
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
* refactor(domain): add user type
* fix(projections): start with login names
* fix(login_policy): correct handling of user domain claimed event
* fix(projections): add members
* refactor: simplify member projections
* add migration for members
* add metadata to member projections
* refactor: login name projection
* fix: set correct suffixes on login name projections
* test(projections): login name reduces
* fix: correct cols in reduce member
* test(projections): org, iam, project members
* member additional cols and conds as opt,
add project grant members
* fix(migration): members
* fix(migration): correct database name
* migration version
* migs
* better naming for member cond and col
* split project and project grant members
* prepare member columns
* feat(queries): membership query
* test(queries): membership prepare
* fix(queries): multiple projections for latest sequence
* fix(api): use query for membership queries in auth and management
* fix(query): member queries and user avatar column
* member cols
* fix(queries): membership stmt
* fix user test
* fix user test
* fix: adaot config to commands (and queries)
* remove dependency on vv2 in v1
* add queries user to operator
* set password for queries on tests
* set password for queries on tests
* fix config