package command import ( "context" "reflect" "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/eventstore" "github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/domain" "github.com/zitadel/zitadel/internal/repository/idpconfig" "github.com/zitadel/zitadel/internal/repository/instance" ) type InstanceIDPOIDCConfigWriteModel struct { OIDCConfigWriteModel } func NewInstanceIDPOIDCConfigWriteModel(ctx context.Context, idpConfigID string) *InstanceIDPOIDCConfigWriteModel { return &InstanceIDPOIDCConfigWriteModel{ OIDCConfigWriteModel{ WriteModel: eventstore.WriteModel{ AggregateID: authz.GetInstance(ctx).InstanceID(), ResourceOwner: authz.GetInstance(ctx).InstanceID(), }, IDPConfigID: idpConfigID, }, } } func (wm *InstanceIDPOIDCConfigWriteModel) AppendEvents(events ...eventstore.Event) { for _, event := range events { switch e := event.(type) { case *instance.IDPOIDCConfigAddedEvent: if wm.IDPConfigID != e.IDPConfigID { continue } wm.OIDCConfigWriteModel.AppendEvents(&e.OIDCConfigAddedEvent) case *instance.IDPOIDCConfigChangedEvent: if wm.IDPConfigID != e.IDPConfigID { continue } wm.OIDCConfigWriteModel.AppendEvents(&e.OIDCConfigChangedEvent) case *instance.IDPConfigReactivatedEvent: if wm.IDPConfigID != e.ConfigID { continue } wm.OIDCConfigWriteModel.AppendEvents(&e.IDPConfigReactivatedEvent) case *instance.IDPConfigDeactivatedEvent: if wm.IDPConfigID != e.ConfigID { continue } wm.OIDCConfigWriteModel.AppendEvents(&e.IDPConfigDeactivatedEvent) case *instance.IDPConfigRemovedEvent: if wm.IDPConfigID != e.ConfigID { continue } wm.OIDCConfigWriteModel.AppendEvents(&e.IDPConfigRemovedEvent) default: wm.OIDCConfigWriteModel.AppendEvents(e) } } } func (wm *InstanceIDPOIDCConfigWriteModel) Reduce() error { if err := wm.OIDCConfigWriteModel.Reduce(); err != nil { return err } return wm.WriteModel.Reduce() } func (wm *InstanceIDPOIDCConfigWriteModel) Query() *eventstore.SearchQueryBuilder { return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent). ResourceOwner(wm.ResourceOwner). AddQuery(). AggregateTypes(instance.AggregateType). AggregateIDs(wm.AggregateID). EventTypes( instance.IDPOIDCConfigAddedEventType, instance.IDPOIDCConfigChangedEventType, instance.IDPConfigReactivatedEventType, instance.IDPConfigDeactivatedEventType, instance.IDPConfigRemovedEventType). Builder() } func (wm *InstanceIDPOIDCConfigWriteModel) NewChangedEvent( ctx context.Context, aggregate *eventstore.Aggregate, idpConfigID, clientID, issuer, authorizationEndpoint, tokenEndpoint, clientSecretString string, secretCrypto crypto.Crypto, idpDisplayNameMapping, userNameMapping domain.OIDCMappingField, scopes ...string, ) (*instance.IDPOIDCConfigChangedEvent, bool, error) { changes := make([]idpconfig.OIDCConfigChanges, 0) var clientSecret *crypto.CryptoValue var err error if clientSecretString != "" { clientSecret, err = crypto.Crypt([]byte(clientSecretString), secretCrypto) if err != nil { return nil, false, err } changes = append(changes, idpconfig.ChangeClientSecret(clientSecret)) } if wm.ClientID != clientID { changes = append(changes, idpconfig.ChangeClientID(clientID)) } if wm.Issuer != issuer { changes = append(changes, idpconfig.ChangeIssuer(issuer)) } if wm.AuthorizationEndpoint != authorizationEndpoint { changes = append(changes, idpconfig.ChangeAuthorizationEndpoint(authorizationEndpoint)) } if wm.TokenEndpoint != tokenEndpoint { changes = append(changes, idpconfig.ChangeTokenEndpoint(tokenEndpoint)) } if idpDisplayNameMapping.Valid() && wm.IDPDisplayNameMapping != idpDisplayNameMapping { changes = append(changes, idpconfig.ChangeIDPDisplayNameMapping(idpDisplayNameMapping)) } if userNameMapping.Valid() && wm.UserNameMapping != userNameMapping { changes = append(changes, idpconfig.ChangeUserNameMapping(userNameMapping)) } if !reflect.DeepEqual(wm.Scopes, scopes) { changes = append(changes, idpconfig.ChangeScopes(scopes)) } if len(changes) == 0 { return nil, false, nil } changeEvent, err := instance.NewIDPOIDCConfigChangedEvent(ctx, aggregate, idpConfigID, changes) if err != nil { return nil, false, err } return changeEvent, true, nil }