* feat: add new org scope
* change default of UserLoginMustBeDomain to false
* return resource owner claims
* fix: use email style for first user
* fix: ensure email style for default users (backwards compatibility)
* change to external domain (as it was before UserLoginMustBeDomain change)
* update e2e tests to use email style usernames
* document new scope
* lint e2e
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
* feat: Configurable Unique Machine Identification
This change fixes Segfault on AWS App Runner with v2 #3625
The change introduces two new dependencies:
* github.com/drone/envsubst for supporting AWS ECS, which has its metadata endpoint described by an environment variable
* github.com/jarcoal/jpath so that only relevant data from a metadata response is used to identify the machine.
The change ads new configuration (see `defaults.yaml`):
* `Machine.Identification` enables configuration of how machines are uniquely identified - I'm not sure about the top level category `Machine`, as I don't have anything else to add to it. Happy to hear suggestions for better naming or structure here.
* `Machine.Identifiation.PrivateId` turns on or off the existing private IP based identification. Default is on.
* `Machine.Identification.Hostname` turns on or off using the OS hostname to identify the machine. Great for most cloud environments, where this tends to be set to something that identifies the machine uniquely. Enabled by default.
* `Machine.Identification.Webhook` configures identification based on the response to an HTTP GET request. Request headers can be configured, a JSONPath can be set for processing the response (no JSON parsing is done if this is not set), and the URL is allowed to contain environment variables in the format `"${var}"`.
The new flow for getting a unique machine id is:
1. PrivateIP (if enabled)
2. Hostname (if enabled)
3. Webhook (if enabled, to configured URL)
4. Give up and error out.
It's important that init configures machine identity first. Otherwise we could try to get an ID before configuring it. To prevent this from causing difficult to debug issues, where for example the default configuration was used, I've ensured that
the application will generate an error if the module hasn't been configured and you try to get an ID.
Misc changes:
* Spelling and gramatical corrections to `init.go::New()` long description.
* Spelling corrections to `verify_zitadel.go::newZitadel()`.
* Updated `production.md` and `development.md` based on the new build process. I think the run instructions are also out of date, but I'll leave that for someone else.
* `id.SonyFlakeGenerator` is now a function, which sets `id.sonyFlakeGenerator`, this allows us to defer initialization until configuration has been read.
* Update internal/id/config.go
Co-authored-by: Alexei-Barnes <82444470+Alexei-Barnes@users.noreply.github.com>
* Fix authored by @livio-a for tests
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* fix: rename iam command side to instance
* fix: rename iam command side to instance
* fix: rename iam command side to instance
* fix: rename iam command side to instance
* fix: rename orgiampolicy to domain policy
* fix: merge conflicts
* fix: protos
* fix: md files
* implement deprecated org iam policy again
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* begin init checks for projections
* first projection checks
* debug notification providers with query fixes
* more projections and first index
* more projections
* more projections
* finish projections
* fix tests (remove db name)
* create tables in setup
* fix logging / error handling
* add tenant to views
* rename tenant to instance_id
* add instance_id to all projections
* add instance_id to all queries
* correct instance_id on projections
* add instance_id to failed_events
* use separate context for instance
* implement features projection
* implement features projection
* remove unique constraint from setup when migration failed
* add error to failed setup event
* add instance_id to primary keys
* fix IAM projection
* remove old migrations folder
* fix keysFromYAML test
* refactor(domain): add user type
* fix(projections): start with login names
* fix(login_policy): correct handling of user domain claimed event
* fix(projections): add members
* refactor: simplify member projections
* add migration for members
* add metadata to member projections
* refactor: login name projection
* fix: set correct suffixes on login name projections
* test(projections): login name reduces
* fix: correct cols in reduce member
* test(projections): org, iam, project members
* member additional cols and conds as opt,
add project grant members
* fix(migration): members
* fix(migration): correct database name
* migration version
* migs
* better naming for member cond and col
* split project and project grant members
* prepare member columns
* feat(queries): membership query
* test(queries): membership prepare
* fix(queries): multiple projections for latest sequence
* fix(api): use query for membership queries in auth and management
* feat: org member queries
* fix(api): use query for iam member calls
* fix(queries): org members
* fix(queries): project members
* fix(queries): project grant members
* refactor: remove unsued methods in repo-interfaces
* start
* fix(query): membership
* fix(auth): list my project orgs
* fix(query): member queries and user avatar column
* refactor(auth): MyProjectOrgs
* fix(queries): member and membership stmts
* fix user test
* fix(management): use query for project (-grant) members
* fix(admin): use query for member calls
* fix(api): add domain to org mapping
* remove old idp
* membership
* refactor: remove old files
* idp
* refactor: use query for idps and idp user links
* refactor(eventstore): rename EventPusher to Command, EventReader to Event, PushEvents to Push and FilterEvents to Filter
* gloabl org check for org roles
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* refactor(domain): add user type
* fix(projections): start with login names
* fix(login_policy): correct handling of user domain claimed event
* fix(projections): add members
* refactor: simplify member projections
* add migration for members
* add metadata to member projections
* refactor: login name projection
* fix: set correct suffixes on login name projections
* test(projections): login name reduces
* fix: correct cols in reduce member
* test(projections): org, iam, project members
* member additional cols and conds as opt,
add project grant members
* fix(migration): members
* fix(migration): correct database name
* migration version
* migs
* better naming for member cond and col
* split project and project grant members
* prepare member columns
* feat(queries): membership query
* test(queries): membership prepare
* fix(queries): multiple projections for latest sequence
* fix(api): use query for membership queries in auth and management
* feat: org member queries
* fix(api): use query for iam member calls
* fix(queries): org members
* fix(queries): project members
* fix(queries): project grant members
* fix(query): member queries and user avatar column
* member cols
* fix(queries): membership stmt
* fix user test
* fix user test
* fix(membership): correct display name
* fix(projection): additional member manipulation events
* additional member tests
* fix(projections): additional events of idp links
* fix: use query for memberships (#2797)
* fix(api): use query for memberships
* remove comment
* handle err
* refactor(projections): idp user link user aggregate type
* fix(projections): handle old user events
* fix(api): add asset prefix
* no image for iam members
