zitadel/internal/api/grpc/admin/org.go
Livio Amstutz 5463244376
feat: encryption keys in database (#3265)
* enable overwrite of adminUser fields in defaults.yaml

* create schema and table

* cli: create keys

* cli: create keys

* read encryptionkey from db

* merge v2

* file names

* cleanup defaults.yaml

* remove custom errors

* load encryptionKeys on start

* cleanup

* fix merge

* update system defaults

* fix error message
2022-03-14 07:55:09 +01:00

91 lines
2.9 KiB
Go

package admin
import (
"context"
"google.golang.org/protobuf/types/known/timestamppb"
"github.com/caos/zitadel/internal/api/grpc/object"
org_grpc "github.com/caos/zitadel/internal/api/grpc/org"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/query"
admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
obj_pb "github.com/caos/zitadel/pkg/grpc/object"
)
func (s *Server) IsOrgUnique(ctx context.Context, req *admin_pb.IsOrgUniqueRequest) (*admin_pb.IsOrgUniqueResponse, error) {
isUnique, err := s.query.IsOrgUnique(ctx, req.Name, req.Domain)
return &admin_pb.IsOrgUniqueResponse{IsUnique: isUnique}, err
}
func (s *Server) GetOrgByID(ctx context.Context, req *admin_pb.GetOrgByIDRequest) (*admin_pb.GetOrgByIDResponse, error) {
org, err := s.query.OrgByID(ctx, req.Id)
if err != nil {
return nil, err
}
return &admin_pb.GetOrgByIDResponse{Org: org_grpc.OrgViewToPb(org)}, nil
}
func (s *Server) ListOrgs(ctx context.Context, req *admin_pb.ListOrgsRequest) (*admin_pb.ListOrgsResponse, error) {
queries, err := listOrgRequestToModel(req)
if err != nil {
return nil, err
}
orgs, err := s.query.SearchOrgs(ctx, queries)
if err != nil {
return nil, err
}
return &admin_pb.ListOrgsResponse{
Result: org_grpc.OrgViewsToPb(orgs.Orgs),
Details: &obj_pb.ListDetails{
TotalResult: orgs.Count,
ProcessedSequence: orgs.Sequence,
ViewTimestamp: timestamppb.New(orgs.Timestamp),
},
}, nil
}
func (s *Server) SetUpOrg(ctx context.Context, req *admin_pb.SetUpOrgRequest) (*admin_pb.SetUpOrgResponse, error) {
userIDs, err := s.getClaimedUserIDsOfOrgDomain(ctx, domain.NewIAMDomainName(req.Org.Name, s.iamDomain))
if err != nil {
return nil, err
}
human := setUpOrgHumanToDomain(req.User.(*admin_pb.SetUpOrgRequest_Human_).Human) //TODO: handle machine
org := setUpOrgOrgToDomain(req.Org)
initCodeGenerator, err := s.query.InitEncryptionGenerator(ctx, domain.SecretGeneratorTypeInitCode, s.userCodeAlg)
if err != nil {
return nil, err
}
phoneCodeGenerator, err := s.query.InitEncryptionGenerator(ctx, domain.SecretGeneratorTypeVerifyPhoneCode, s.userCodeAlg)
if err != nil {
return nil, err
}
objectDetails, err := s.command.SetUpOrg(ctx, org, human, initCodeGenerator, phoneCodeGenerator, userIDs, false)
if err != nil {
return nil, err
}
return &admin_pb.SetUpOrgResponse{
Details: object.DomainToAddDetailsPb(objectDetails),
}, nil
}
func (s *Server) getClaimedUserIDsOfOrgDomain(ctx context.Context, orgDomain string) ([]string, error) {
loginName, err := query.NewUserPreferredLoginNameSearchQuery("@"+orgDomain, query.TextEndsWithIgnoreCase)
if err != nil {
return nil, err
}
users, err := s.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: []query.SearchQuery{loginName}})
if err != nil {
return nil, err
}
if err != nil {
return nil, err
}
userIDs := make([]string, len(users.Users))
for i, user := range users.Users {
userIDs[i] = user.ID
}
return userIDs, nil
}