zitadel/internal/repository/user/machine_secret.go
Stefan Benz e2fdd3f077
feat: support client_credentials for service users (#5134)
Request an access_token for service users with OAuth 2.0 Client Credentials Grant. Added functionality to generate and remove a secret on service users.
2023-01-31 19:52:47 +00:00

172 lines
4.3 KiB
Go

package user
import (
"context"
"encoding/json"
"github.com/zitadel/zitadel/internal/crypto"
"github.com/zitadel/zitadel/internal/errors"
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/eventstore/repository"
)
const (
machineSecretPrefix = machineEventPrefix + "secret."
MachineSecretSetType = machineSecretPrefix + "set"
MachineSecretRemovedType = machineSecretPrefix + "removed"
MachineSecretCheckSucceededType = machineSecretPrefix + "check.succeeded"
MachineSecretCheckFailedType = machineSecretPrefix + "check.failed"
)
type MachineSecretSetEvent struct {
eventstore.BaseEvent `json:"-"`
ClientSecret *crypto.CryptoValue `json:"clientSecret,omitempty"`
}
func (e *MachineSecretSetEvent) Data() interface{} {
return e
}
func (e *MachineSecretSetEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
return nil
}
func NewMachineSecretSetEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
clientSecret *crypto.CryptoValue,
) *MachineSecretSetEvent {
return &MachineSecretSetEvent{
BaseEvent: *eventstore.NewBaseEventForPush(
ctx,
aggregate,
MachineSecretSetType,
),
ClientSecret: clientSecret,
}
}
func MachineSecretSetEventMapper(event *repository.Event) (eventstore.Event, error) {
credentialsSet := &MachineSecretSetEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, credentialsSet)
if err != nil {
return nil, errors.ThrowInternal(err, "USER-lopbqu", "unable to unmarshal machine secret set")
}
return credentialsSet, nil
}
type MachineSecretRemovedEvent struct {
eventstore.BaseEvent `json:"-"`
}
func (e *MachineSecretRemovedEvent) Data() interface{} {
return e
}
func (e *MachineSecretRemovedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
return nil
}
func NewMachineSecretRemovedEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
) *MachineSecretRemovedEvent {
return &MachineSecretRemovedEvent{
BaseEvent: *eventstore.NewBaseEventForPush(
ctx,
aggregate,
MachineSecretRemovedType,
),
}
}
func MachineSecretRemovedEventMapper(event *repository.Event) (eventstore.Event, error) {
credentialsRemoved := &MachineSecretRemovedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, credentialsRemoved)
if err != nil {
return nil, errors.ThrowInternal(err, "USER-quox9j2", "unable to unmarshal machine secret removed")
}
return credentialsRemoved, nil
}
type MachineSecretCheckSucceededEvent struct {
eventstore.BaseEvent `json:"-"`
}
func (e *MachineSecretCheckSucceededEvent) Data() interface{} {
return e
}
func (e *MachineSecretCheckSucceededEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
return nil
}
func NewMachineSecretCheckSucceededEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
) *MachineSecretCheckSucceededEvent {
return &MachineSecretCheckSucceededEvent{
BaseEvent: *eventstore.NewBaseEventForPush(
ctx,
aggregate,
MachineSecretCheckSucceededType,
),
}
}
func MachineSecretCheckSucceededEventMapper(event *repository.Event) (eventstore.Event, error) {
check := &MachineSecretCheckSucceededEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, check)
if err != nil {
return nil, errors.ThrowInternal(err, "USER-x002n1p", "unable to unmarshal machine secret check succeeded")
}
return check, nil
}
type MachineSecretCheckFailedEvent struct {
eventstore.BaseEvent `json:"-"`
}
func (e *MachineSecretCheckFailedEvent) Data() interface{} {
return e
}
func (e *MachineSecretCheckFailedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
return nil
}
func NewMachineSecretCheckFailedEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
) *MachineSecretCheckFailedEvent {
return &MachineSecretCheckFailedEvent{
BaseEvent: *eventstore.NewBaseEventForPush(
ctx,
aggregate,
MachineSecretCheckFailedType,
),
}
}
func MachineSecretCheckFailedEventMapper(event *repository.Event) (eventstore.Event, error) {
check := &MachineSecretCheckFailedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := json.Unmarshal(event.Data, check)
if err != nil {
return nil, errors.ThrowInternal(err, "USER-x7901b1l", "unable to unmarshal machine secret check failed")
}
return check, nil
}