mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-12 11:04:25 +00:00
e2fdd3f077
Request an access_token for service users with OAuth 2.0 Client Credentials Grant. Added functionality to generate and remove a secret on service users.
172 lines
4.3 KiB
Go
172 lines
4.3 KiB
Go
package user
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
|
|
"github.com/zitadel/zitadel/internal/crypto"
|
|
"github.com/zitadel/zitadel/internal/errors"
|
|
"github.com/zitadel/zitadel/internal/eventstore"
|
|
"github.com/zitadel/zitadel/internal/eventstore/repository"
|
|
)
|
|
|
|
const (
|
|
machineSecretPrefix = machineEventPrefix + "secret."
|
|
MachineSecretSetType = machineSecretPrefix + "set"
|
|
MachineSecretRemovedType = machineSecretPrefix + "removed"
|
|
MachineSecretCheckSucceededType = machineSecretPrefix + "check.succeeded"
|
|
MachineSecretCheckFailedType = machineSecretPrefix + "check.failed"
|
|
)
|
|
|
|
type MachineSecretSetEvent struct {
|
|
eventstore.BaseEvent `json:"-"`
|
|
|
|
ClientSecret *crypto.CryptoValue `json:"clientSecret,omitempty"`
|
|
}
|
|
|
|
func (e *MachineSecretSetEvent) Data() interface{} {
|
|
return e
|
|
}
|
|
|
|
func (e *MachineSecretSetEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
|
|
return nil
|
|
}
|
|
|
|
func NewMachineSecretSetEvent(
|
|
ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
clientSecret *crypto.CryptoValue,
|
|
) *MachineSecretSetEvent {
|
|
return &MachineSecretSetEvent{
|
|
BaseEvent: *eventstore.NewBaseEventForPush(
|
|
ctx,
|
|
aggregate,
|
|
MachineSecretSetType,
|
|
),
|
|
ClientSecret: clientSecret,
|
|
}
|
|
}
|
|
|
|
func MachineSecretSetEventMapper(event *repository.Event) (eventstore.Event, error) {
|
|
credentialsSet := &MachineSecretSetEvent{
|
|
BaseEvent: *eventstore.BaseEventFromRepo(event),
|
|
}
|
|
err := json.Unmarshal(event.Data, credentialsSet)
|
|
if err != nil {
|
|
return nil, errors.ThrowInternal(err, "USER-lopbqu", "unable to unmarshal machine secret set")
|
|
}
|
|
|
|
return credentialsSet, nil
|
|
}
|
|
|
|
type MachineSecretRemovedEvent struct {
|
|
eventstore.BaseEvent `json:"-"`
|
|
}
|
|
|
|
func (e *MachineSecretRemovedEvent) Data() interface{} {
|
|
return e
|
|
}
|
|
|
|
func (e *MachineSecretRemovedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
|
|
return nil
|
|
}
|
|
|
|
func NewMachineSecretRemovedEvent(
|
|
ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
) *MachineSecretRemovedEvent {
|
|
return &MachineSecretRemovedEvent{
|
|
BaseEvent: *eventstore.NewBaseEventForPush(
|
|
ctx,
|
|
aggregate,
|
|
MachineSecretRemovedType,
|
|
),
|
|
}
|
|
}
|
|
|
|
func MachineSecretRemovedEventMapper(event *repository.Event) (eventstore.Event, error) {
|
|
credentialsRemoved := &MachineSecretRemovedEvent{
|
|
BaseEvent: *eventstore.BaseEventFromRepo(event),
|
|
}
|
|
err := json.Unmarshal(event.Data, credentialsRemoved)
|
|
if err != nil {
|
|
return nil, errors.ThrowInternal(err, "USER-quox9j2", "unable to unmarshal machine secret removed")
|
|
}
|
|
|
|
return credentialsRemoved, nil
|
|
}
|
|
|
|
type MachineSecretCheckSucceededEvent struct {
|
|
eventstore.BaseEvent `json:"-"`
|
|
}
|
|
|
|
func (e *MachineSecretCheckSucceededEvent) Data() interface{} {
|
|
return e
|
|
}
|
|
|
|
func (e *MachineSecretCheckSucceededEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
|
|
return nil
|
|
}
|
|
|
|
func NewMachineSecretCheckSucceededEvent(
|
|
ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
) *MachineSecretCheckSucceededEvent {
|
|
return &MachineSecretCheckSucceededEvent{
|
|
BaseEvent: *eventstore.NewBaseEventForPush(
|
|
ctx,
|
|
aggregate,
|
|
MachineSecretCheckSucceededType,
|
|
),
|
|
}
|
|
}
|
|
|
|
func MachineSecretCheckSucceededEventMapper(event *repository.Event) (eventstore.Event, error) {
|
|
check := &MachineSecretCheckSucceededEvent{
|
|
BaseEvent: *eventstore.BaseEventFromRepo(event),
|
|
}
|
|
err := json.Unmarshal(event.Data, check)
|
|
if err != nil {
|
|
return nil, errors.ThrowInternal(err, "USER-x002n1p", "unable to unmarshal machine secret check succeeded")
|
|
}
|
|
|
|
return check, nil
|
|
}
|
|
|
|
type MachineSecretCheckFailedEvent struct {
|
|
eventstore.BaseEvent `json:"-"`
|
|
}
|
|
|
|
func (e *MachineSecretCheckFailedEvent) Data() interface{} {
|
|
return e
|
|
}
|
|
|
|
func (e *MachineSecretCheckFailedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
|
|
return nil
|
|
}
|
|
|
|
func NewMachineSecretCheckFailedEvent(
|
|
ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
) *MachineSecretCheckFailedEvent {
|
|
return &MachineSecretCheckFailedEvent{
|
|
BaseEvent: *eventstore.NewBaseEventForPush(
|
|
ctx,
|
|
aggregate,
|
|
MachineSecretCheckFailedType,
|
|
),
|
|
}
|
|
}
|
|
|
|
func MachineSecretCheckFailedEventMapper(event *repository.Event) (eventstore.Event, error) {
|
|
check := &MachineSecretCheckFailedEvent{
|
|
BaseEvent: *eventstore.BaseEventFromRepo(event),
|
|
}
|
|
err := json.Unmarshal(event.Data, check)
|
|
if err != nil {
|
|
return nil, errors.ThrowInternal(err, "USER-x7901b1l", "unable to unmarshal machine secret check failed")
|
|
}
|
|
|
|
return check, nil
|
|
}
|