mirror of
https://github.com/zitadel/zitadel.git
synced 2025-01-11 22:13:39 +00:00
3e1204524e
* fix: multiple setup steps * fix: test set up started * fix: possible nil pointers in setup * fix: validate executed step
226 lines
6.6 KiB
Go
226 lines
6.6 KiB
Go
package setup
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/caos/logging"
|
|
|
|
"github.com/caos/zitadel/internal/api/authz"
|
|
"github.com/caos/zitadel/internal/config/systemdefaults"
|
|
"github.com/caos/zitadel/internal/errors"
|
|
caos_errs "github.com/caos/zitadel/internal/errors"
|
|
es_int "github.com/caos/zitadel/internal/eventstore"
|
|
"github.com/caos/zitadel/internal/eventstore/models"
|
|
iam_model "github.com/caos/zitadel/internal/iam/model"
|
|
es_iam "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
|
|
iam_event "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
|
|
es_org "github.com/caos/zitadel/internal/org/repository/eventsourcing"
|
|
org_event "github.com/caos/zitadel/internal/org/repository/eventsourcing"
|
|
es_policy "github.com/caos/zitadel/internal/policy/repository/eventsourcing"
|
|
policy_event "github.com/caos/zitadel/internal/policy/repository/eventsourcing"
|
|
proj_model "github.com/caos/zitadel/internal/project/model"
|
|
es_proj "github.com/caos/zitadel/internal/project/repository/eventsourcing"
|
|
proj_event "github.com/caos/zitadel/internal/project/repository/eventsourcing"
|
|
es_usr "github.com/caos/zitadel/internal/user/repository/eventsourcing"
|
|
usr_event "github.com/caos/zitadel/internal/user/repository/eventsourcing"
|
|
)
|
|
|
|
type Setup struct {
|
|
iamID string
|
|
IamEvents *iam_event.IAMEventstore
|
|
OrgEvents *org_event.OrgEventstore
|
|
UserEvents *usr_event.UserEventstore
|
|
ProjectEvents *proj_event.ProjectEventstore
|
|
PolicyEvents *policy_event.PolicyEventstore
|
|
}
|
|
|
|
const (
|
|
OrgOwnerRole = "ORG_OWNER"
|
|
SetupUser = "SETUP"
|
|
OIDCResponseTypeCode = "CODE"
|
|
OIDCResponseTypeIDToken = "ID_TOKEN"
|
|
OIDCResponseTypeToken = "ID_TOKEN TOKEN"
|
|
OIDCGrantTypeAuthorizationCode = "AUTHORIZATION_CODE"
|
|
OIDCGrantTypeImplicit = "IMPLICIT"
|
|
OIDCGrantTypeRefreshToken = "REFRESH_TOKEN"
|
|
OIDCApplicationTypeNative = "NATIVE"
|
|
OIDCApplicationTypeUserAgent = "USER_AGENT"
|
|
OIDCApplicationTypeWeb = "WEB"
|
|
OIDCAuthMethodTypeNone = "NONE"
|
|
OIDCAuthMethodTypeBasic = "BASIC"
|
|
OIDCAuthMethodTypePost = "POST"
|
|
)
|
|
|
|
func StartSetup(esConfig es_int.Config, sd systemdefaults.SystemDefaults) (*Setup, error) {
|
|
setup := &Setup{
|
|
iamID: sd.IamID,
|
|
}
|
|
es, err := es_int.Start(esConfig)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
setup.IamEvents, err = es_iam.StartIAM(es_iam.IAMConfig{
|
|
Eventstore: es,
|
|
Cache: esConfig.Cache,
|
|
}, sd)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
setup.OrgEvents = es_org.StartOrg(es_org.OrgConfig{Eventstore: es, IAMDomain: sd.Domain}, sd)
|
|
|
|
setup.ProjectEvents, err = es_proj.StartProject(es_proj.ProjectConfig{
|
|
Eventstore: es,
|
|
Cache: esConfig.Cache,
|
|
}, sd)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
setup.UserEvents, err = es_usr.StartUser(es_usr.UserConfig{
|
|
Eventstore: es,
|
|
Cache: esConfig.Cache,
|
|
}, sd)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
setup.PolicyEvents, err = es_policy.StartPolicy(es_policy.PolicyConfig{
|
|
Eventstore: es,
|
|
Cache: esConfig.Cache,
|
|
}, sd)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return setup, nil
|
|
}
|
|
|
|
func (s *Setup) Execute(ctx context.Context, setUpConfig IAMSetUp) error {
|
|
logging.Log("SETUP-hwG32").Info("starting setup")
|
|
|
|
iam, err := s.IamEvents.IAMByID(ctx, s.iamID)
|
|
if err != nil && !caos_errs.IsNotFound(err) {
|
|
return err
|
|
}
|
|
if iam != nil && (iam.SetUpDone == iam_model.StepCount-1 || iam.SetUpStarted != iam.SetUpDone) {
|
|
logging.Log("SETUP-cWEsn").Info("all steps done")
|
|
return nil
|
|
}
|
|
|
|
if iam == nil {
|
|
iam = &iam_model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: s.iamID}}
|
|
}
|
|
|
|
steps, err := setUpConfig.steps(iam.SetUpDone)
|
|
if err != nil || len(steps) == 0 {
|
|
return err
|
|
}
|
|
|
|
ctx = setSetUpContextData(ctx, s.iamID)
|
|
|
|
for _, step := range steps {
|
|
step.init(s)
|
|
if step.step() != iam.SetUpDone+1 {
|
|
logging.LogWithFields("SETUP-rxRM1", "step", step.step(), "previous", iam.SetUpDone).Warn("wrong step order")
|
|
return errors.ThrowPreconditionFailed(nil, "SETUP-wwAqO", "too few steps for this zitadel verison")
|
|
}
|
|
iam, err = s.IamEvents.StartSetup(ctx, s.iamID, step.step())
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
err = step.execute(ctx)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
err = s.validateExecutedStep(ctx)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
logging.Log("SETUP-ds31h").Info("setup done")
|
|
return nil
|
|
}
|
|
|
|
func (s *Setup) validateExecutedStep(ctx context.Context) error {
|
|
iam, err := s.IamEvents.IAMByID(ctx, s.iamID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if iam.SetUpStarted != iam.SetUpDone {
|
|
return errors.ThrowInternal(nil, "SETUP-QeukK", "started step is not equal to done")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func getOIDCResponseTypes(responseTypes []string) []proj_model.OIDCResponseType {
|
|
types := make([]proj_model.OIDCResponseType, len(responseTypes))
|
|
for i, t := range responseTypes {
|
|
types[i] = getOIDCResponseType(t)
|
|
}
|
|
return types
|
|
}
|
|
|
|
func getOIDCResponseType(responseType string) proj_model.OIDCResponseType {
|
|
switch responseType {
|
|
case OIDCResponseTypeCode:
|
|
return proj_model.OIDCResponseTypeCode
|
|
case OIDCResponseTypeIDToken:
|
|
return proj_model.OIDCResponseTypeIDToken
|
|
case OIDCResponseTypeToken:
|
|
return proj_model.OIDCResponseTypeIDTokenToken
|
|
}
|
|
return proj_model.OIDCResponseTypeCode
|
|
}
|
|
|
|
func getOIDCGrantTypes(grantTypes []string) []proj_model.OIDCGrantType {
|
|
types := make([]proj_model.OIDCGrantType, len(grantTypes))
|
|
for i, t := range grantTypes {
|
|
types[i] = getOIDCGrantType(t)
|
|
}
|
|
return types
|
|
}
|
|
|
|
func getOIDCGrantType(grantTypes string) proj_model.OIDCGrantType {
|
|
switch grantTypes {
|
|
case OIDCGrantTypeAuthorizationCode:
|
|
return proj_model.OIDCGrantTypeAuthorizationCode
|
|
case OIDCGrantTypeImplicit:
|
|
return proj_model.OIDCGrantTypeImplicit
|
|
case OIDCGrantTypeRefreshToken:
|
|
return proj_model.OIDCGrantTypeRefreshToken
|
|
}
|
|
return proj_model.OIDCGrantTypeAuthorizationCode
|
|
}
|
|
|
|
func getOIDCApplicationType(appType string) proj_model.OIDCApplicationType {
|
|
switch appType {
|
|
case OIDCApplicationTypeNative:
|
|
return proj_model.OIDCApplicationTypeNative
|
|
case OIDCApplicationTypeUserAgent:
|
|
return proj_model.OIDCApplicationTypeUserAgent
|
|
case OIDCApplicationTypeWeb:
|
|
return proj_model.OIDCApplicationTypeWeb
|
|
}
|
|
return proj_model.OIDCApplicationTypeWeb
|
|
}
|
|
|
|
func getOIDCAuthMethod(authMethod string) proj_model.OIDCAuthMethodType {
|
|
switch authMethod {
|
|
case OIDCAuthMethodTypeNone:
|
|
return proj_model.OIDCAuthMethodTypeNone
|
|
case OIDCAuthMethodTypeBasic:
|
|
return proj_model.OIDCAuthMethodTypeBasic
|
|
case OIDCAuthMethodTypePost:
|
|
return proj_model.OIDCAuthMethodTypePost
|
|
}
|
|
return proj_model.OIDCAuthMethodTypeBasic
|
|
}
|
|
|
|
func setSetUpContextData(ctx context.Context, orgID string) context.Context {
|
|
return authz.SetCtxData(ctx, authz.CtxData{UserID: SetupUser, OrgID: orgID})
|
|
}
|