zitadel/internal/query/idp_test.go
Silvan f3e6f3b23b
feat: remove org (#4148)
* feat(command): remove org

* refactor: imports, unused code, error handling

* reduce org removed in action

* add org deletion to projections

* add org removal to projections

* add org removal to projections

* org removed projection

* lint import

* projections

* fix: table names in tests

* fix: table names in tests

* logging

* add org state

* fix(domain): add Owner removed to object details

* feat(ListQuery): add with owner removed

* fix(org-delete): add bool to functions to select with owner removed

* fix(org-delete): add bools to user grants with events to determine if dependencies lost owner

* fix(org-delete): add unit tests for owner removed and org removed events

* fix(org-delete): add handling of org remove for grants and members

* fix(org-delete): correction of unit tests for owner removed

* fix(org-delete): update projections, unit tests and get functions

* fix(org-delete): add change date to authnkeys and owner removed to org metadata

* fix(org-delete): include owner removed for login names

* fix(org-delete): some column fixes in projections and build for queries with owner removed

* indexes

* fix(org-delete): include review changes

* fix(org-delete): change user projection name after merge

* fix(org-delete): include review changes for project grant where no project owner is necessary

* fix(org-delete): include auth and adminapi tables with owner removed information

* fix(org-delete): cleanup username and orgdomain uniqueconstraints when org is removed

* fix(org-delete): add permissions for org.remove

* remove unnecessary unique constraints

* fix column order in primary keys

* fix(org-delete): include review changes

* fix(org-delete): add owner removed indexes and chang setup step to create tables

* fix(org-delete): move PK order of instance_id and change added user_grant from review

* fix(org-delete): no params for prepareUserQuery

* change to step 6

* merge main

* fix(org-delete): OldUserName rename to private

* fix linting

* cleanup

* fix: remove org test

* create prerelease

* chore: delete org-delete as prerelease

Co-authored-by: Stefan Benz <stefan@caos.ch>
Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2022-11-30 17:01:17 +01:00

740 lines
18 KiB
Go

package query
import (
"database/sql"
"database/sql/driver"
"errors"
"fmt"
"regexp"
"testing"
"github.com/zitadel/zitadel/internal/crypto"
"github.com/zitadel/zitadel/internal/database"
"github.com/zitadel/zitadel/internal/domain"
errs "github.com/zitadel/zitadel/internal/errors"
)
var (
idpQuery = `SELECT projections.idps3.id,` +
` projections.idps3.resource_owner,` +
` projections.idps3.creation_date,` +
` projections.idps3.change_date,` +
` projections.idps3.sequence,` +
` projections.idps3.state,` +
` projections.idps3.name,` +
` projections.idps3.styling_type,` +
` projections.idps3.owner_type,` +
` projections.idps3.auto_register,` +
` projections.idps3_oidc_config.idp_id,` +
` projections.idps3_oidc_config.client_id,` +
` projections.idps3_oidc_config.client_secret,` +
` projections.idps3_oidc_config.issuer,` +
` projections.idps3_oidc_config.scopes,` +
` projections.idps3_oidc_config.display_name_mapping,` +
` projections.idps3_oidc_config.username_mapping,` +
` projections.idps3_oidc_config.authorization_endpoint,` +
` projections.idps3_oidc_config.token_endpoint,` +
` projections.idps3_jwt_config.idp_id,` +
` projections.idps3_jwt_config.issuer,` +
` projections.idps3_jwt_config.keys_endpoint,` +
` projections.idps3_jwt_config.header_name,` +
` projections.idps3_jwt_config.endpoint` +
` FROM projections.idps3` +
` LEFT JOIN projections.idps3_oidc_config ON projections.idps3.id = projections.idps3_oidc_config.idp_id AND projections.idps3.instance_id = projections.idps3_oidc_config.instance_id` +
` LEFT JOIN projections.idps3_jwt_config ON projections.idps3.id = projections.idps3_jwt_config.idp_id AND projections.idps3.instance_id = projections.idps3_jwt_config.instance_id`
idpCols = []string{
"id",
"resource_owner",
"creation_date",
"change_date",
"sequence",
"state",
"name",
"styling_type",
"owner_type",
"auto_register",
// oidc config
"idp_id",
"client_id",
"client_secret",
"issuer",
"scopes",
"display_name_mapping",
"username_mapping",
"authorization_endpoint",
"token_endpoint",
// jwt config
"idp_id",
"issuer",
"keys_endpoint",
"header_name",
"endpoint",
}
idpsQuery = `SELECT projections.idps3.id,` +
` projections.idps3.resource_owner,` +
` projections.idps3.creation_date,` +
` projections.idps3.change_date,` +
` projections.idps3.sequence,` +
` projections.idps3.state,` +
` projections.idps3.name,` +
` projections.idps3.styling_type,` +
` projections.idps3.owner_type,` +
` projections.idps3.auto_register,` +
` projections.idps3_oidc_config.idp_id,` +
` projections.idps3_oidc_config.client_id,` +
` projections.idps3_oidc_config.client_secret,` +
` projections.idps3_oidc_config.issuer,` +
` projections.idps3_oidc_config.scopes,` +
` projections.idps3_oidc_config.display_name_mapping,` +
` projections.idps3_oidc_config.username_mapping,` +
` projections.idps3_oidc_config.authorization_endpoint,` +
` projections.idps3_oidc_config.token_endpoint,` +
` projections.idps3_jwt_config.idp_id,` +
` projections.idps3_jwt_config.issuer,` +
` projections.idps3_jwt_config.keys_endpoint,` +
` projections.idps3_jwt_config.header_name,` +
` projections.idps3_jwt_config.endpoint,` +
` COUNT(*) OVER ()` +
` FROM projections.idps3` +
` LEFT JOIN projections.idps3_oidc_config ON projections.idps3.id = projections.idps3_oidc_config.idp_id AND projections.idps3.instance_id = projections.idps3_oidc_config.instance_id` +
` LEFT JOIN projections.idps3_jwt_config ON projections.idps3.id = projections.idps3_jwt_config.idp_id AND projections.idps3.instance_id = projections.idps3_jwt_config.instance_id`
idpsCols = []string{
"id",
"resource_owner",
"creation_date",
"change_date",
"sequence",
"state",
"name",
"styling_type",
"owner_type",
"auto_register",
// oidc config
"idp_id",
"client_id",
"client_secret",
"issuer",
"scopes",
"display_name_mapping",
"username_mapping",
"authorization_endpoint",
"token_endpoint",
// jwt config
"idp_id",
"issuer",
"keys_endpoint",
"header_name",
"endpoint",
"count",
}
)
func Test_IDPPrepares(t *testing.T) {
type want struct {
sqlExpectations sqlExpectation
err checkErr
}
tests := []struct {
name string
prepare interface{}
want want
object interface{}
}{
{
name: "prepareIDPByIDQuery no result",
prepare: prepareIDPByIDQuery,
want: want{
sqlExpectations: mockQuery(
regexp.QuoteMeta(idpQuery),
nil,
nil,
),
err: func(err error) (error, bool) {
if !errs.IsNotFound(err) {
return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false
}
return nil, true
},
},
object: (*IDP)(nil),
},
{
name: "prepareIDPByIDQuery oidc idp",
prepare: prepareIDPByIDQuery,
want: want{
sqlExpectations: mockQuery(
regexp.QuoteMeta(idpQuery),
idpCols,
[]driver.Value{
"idp-id",
"ro",
testNow,
testNow,
uint64(20211109),
domain.IDPConfigStateActive,
"idp-name",
domain.IDPConfigStylingTypeGoogle,
domain.IdentityProviderTypeOrg,
true,
// oidc config
"idp-id",
"oidc-client-id",
nil,
"oidc-issuer",
database.StringArray{"scope"},
domain.OIDCMappingFieldEmail,
domain.OIDCMappingFieldPreferredLoginName,
"auth.endpoint.ch",
"token.endpoint.ch",
// jwt config
nil,
nil,
nil,
nil,
nil,
},
),
},
object: &IDP{
CreationDate: testNow,
ChangeDate: testNow,
Sequence: 20211109,
ResourceOwner: "ro",
ID: "idp-id",
State: domain.IDPConfigStateActive,
Name: "idp-name",
StylingType: domain.IDPConfigStylingTypeGoogle,
OwnerType: domain.IdentityProviderTypeOrg,
AutoRegister: true,
OIDCIDP: &OIDCIDP{
IDPID: "idp-id",
ClientID: "oidc-client-id",
ClientSecret: &crypto.CryptoValue{},
Issuer: "oidc-issuer",
Scopes: database.StringArray{"scope"},
DisplayNameMapping: domain.OIDCMappingFieldEmail,
UsernameMapping: domain.OIDCMappingFieldPreferredLoginName,
AuthorizationEndpoint: "auth.endpoint.ch",
TokenEndpoint: "token.endpoint.ch",
},
},
},
{
name: "prepareIDPByIDQuery jwt config",
prepare: prepareIDPByIDQuery,
want: want{
sqlExpectations: mockQuery(
regexp.QuoteMeta(idpQuery),
idpCols,
[]driver.Value{
"idp-id",
"ro",
testNow,
testNow,
uint64(20211109),
domain.IDPConfigStateActive,
"idp-name",
domain.IDPConfigStylingTypeGoogle,
domain.IdentityProviderTypeOrg,
true,
// oidc config
nil,
nil,
nil,
nil,
nil,
nil,
nil,
nil,
nil,
// jwt config
"idp-id",
"jwt-issuer",
"key.ch",
"x-header-name",
"jwt.endpoint.ch",
},
),
},
object: &IDP{
CreationDate: testNow,
ChangeDate: testNow,
Sequence: 20211109,
ResourceOwner: "ro",
ID: "idp-id",
State: domain.IDPConfigStateActive,
Name: "idp-name",
StylingType: domain.IDPConfigStylingTypeGoogle,
OwnerType: domain.IdentityProviderTypeOrg,
AutoRegister: true,
JWTIDP: &JWTIDP{
IDPID: "idp-id",
Issuer: "jwt-issuer",
KeysEndpoint: "key.ch",
HeaderName: "x-header-name",
Endpoint: "jwt.endpoint.ch",
},
},
},
{
name: "prepareIDPByIDQuery no config",
prepare: prepareIDPByIDQuery,
want: want{
sqlExpectations: mockQuery(
regexp.QuoteMeta(idpQuery),
idpCols,
[]driver.Value{
"idp-id",
"ro",
testNow,
testNow,
uint64(20211109),
domain.IDPConfigStateActive,
"idp-name",
domain.IDPConfigStylingTypeGoogle,
domain.IdentityProviderTypeOrg,
true,
// oidc config
nil,
nil,
nil,
nil,
nil,
nil,
nil,
nil,
nil,
// jwt config
nil,
nil,
nil,
nil,
nil,
},
),
},
object: &IDP{
CreationDate: testNow,
ChangeDate: testNow,
Sequence: 20211109,
ResourceOwner: "ro",
ID: "idp-id",
State: domain.IDPConfigStateActive,
Name: "idp-name",
StylingType: domain.IDPConfigStylingTypeGoogle,
OwnerType: domain.IdentityProviderTypeOrg,
AutoRegister: true,
},
},
{
name: "prepareIDPByIDQuery sql err",
prepare: prepareIDPByIDQuery,
want: want{
sqlExpectations: mockQueryErr(
regexp.QuoteMeta(idpQuery),
sql.ErrConnDone,
),
err: func(err error) (error, bool) {
if !errors.Is(err, sql.ErrConnDone) {
return fmt.Errorf("err should be sql.ErrConnDone got: %w", err), false
}
return nil, true
},
},
object: nil,
},
{
name: "prepareIDPsQuery no result",
prepare: prepareIDPsQuery,
want: want{
sqlExpectations: mockQueries(
regexp.QuoteMeta(idpsQuery),
nil,
nil,
),
err: func(err error) (error, bool) {
if !errs.IsNotFound(err) {
return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false
}
return nil, true
},
},
object: &IDPs{IDPs: []*IDP{}},
},
{
name: "prepareIDPsQuery oidc idp",
prepare: prepareIDPsQuery,
want: want{
sqlExpectations: mockQueries(
regexp.QuoteMeta(idpsQuery),
idpsCols,
[][]driver.Value{
{
"idp-id",
"ro",
testNow,
testNow,
uint64(20211109),
domain.IDPConfigStateActive,
"idp-name",
domain.IDPConfigStylingTypeGoogle,
domain.IdentityProviderTypeOrg,
true,
// oidc config
"idp-id",
"oidc-client-id",
nil,
"oidc-issuer",
database.StringArray{"scope"},
domain.OIDCMappingFieldEmail,
domain.OIDCMappingFieldPreferredLoginName,
"auth.endpoint.ch",
"token.endpoint.ch",
// jwt config
nil,
nil,
nil,
nil,
nil,
},
},
),
},
object: &IDPs{
SearchResponse: SearchResponse{
Count: 1,
},
IDPs: []*IDP{
{
CreationDate: testNow,
ChangeDate: testNow,
Sequence: 20211109,
ResourceOwner: "ro",
ID: "idp-id",
State: domain.IDPConfigStateActive,
Name: "idp-name",
StylingType: domain.IDPConfigStylingTypeGoogle,
OwnerType: domain.IdentityProviderTypeOrg,
AutoRegister: true,
OIDCIDP: &OIDCIDP{
IDPID: "idp-id",
ClientID: "oidc-client-id",
ClientSecret: &crypto.CryptoValue{},
Issuer: "oidc-issuer",
Scopes: database.StringArray{"scope"},
DisplayNameMapping: domain.OIDCMappingFieldEmail,
UsernameMapping: domain.OIDCMappingFieldPreferredLoginName,
AuthorizationEndpoint: "auth.endpoint.ch",
TokenEndpoint: "token.endpoint.ch",
},
},
},
},
},
{
name: "prepareIDPsQuery jwt config",
prepare: prepareIDPsQuery,
want: want{
sqlExpectations: mockQueries(
regexp.QuoteMeta(idpsQuery),
idpsCols,
[][]driver.Value{
{
"idp-id",
"ro",
testNow,
testNow,
uint64(20211109),
domain.IDPConfigStateActive,
"idp-name",
domain.IDPConfigStylingTypeGoogle,
domain.IdentityProviderTypeOrg,
true,
// oidc config
nil,
nil,
nil,
nil,
nil,
nil,
nil,
nil,
nil,
// jwt config
"idp-id",
"jwt-issuer",
"key.ch",
"x-header-name",
"jwt.endpoint.ch",
},
},
),
},
object: &IDPs{
SearchResponse: SearchResponse{
Count: 1,
},
IDPs: []*IDP{
{
CreationDate: testNow,
ChangeDate: testNow,
Sequence: 20211109,
ResourceOwner: "ro",
ID: "idp-id",
State: domain.IDPConfigStateActive,
Name: "idp-name",
StylingType: domain.IDPConfigStylingTypeGoogle,
OwnerType: domain.IdentityProviderTypeOrg,
AutoRegister: true,
JWTIDP: &JWTIDP{
IDPID: "idp-id",
Issuer: "jwt-issuer",
KeysEndpoint: "key.ch",
HeaderName: "x-header-name",
Endpoint: "jwt.endpoint.ch",
},
},
},
},
},
{
name: "prepareIDPsQuery no config",
prepare: prepareIDPsQuery,
want: want{
sqlExpectations: mockQueries(
regexp.QuoteMeta(idpsQuery),
idpsCols,
[][]driver.Value{
{
"idp-id",
"ro",
testNow,
testNow,
uint64(20211109),
domain.IDPConfigStateActive,
"idp-name",
domain.IDPConfigStylingTypeGoogle,
domain.IdentityProviderTypeOrg,
true,
// oidc config
nil,
nil,
nil,
nil,
nil,
nil,
nil,
nil,
nil,
// jwt config
nil,
nil,
nil,
nil,
nil,
},
},
),
},
object: &IDPs{
SearchResponse: SearchResponse{
Count: 1,
},
IDPs: []*IDP{
{
CreationDate: testNow,
ChangeDate: testNow,
Sequence: 20211109,
ResourceOwner: "ro",
ID: "idp-id",
State: domain.IDPConfigStateActive,
Name: "idp-name",
StylingType: domain.IDPConfigStylingTypeGoogle,
OwnerType: domain.IdentityProviderTypeOrg,
AutoRegister: true,
},
},
},
},
{
name: "prepareIDPsQuery all config types",
prepare: prepareIDPsQuery,
want: want{
sqlExpectations: mockQueries(
regexp.QuoteMeta(idpsQuery),
idpsCols,
[][]driver.Value{
{
"idp-id-1",
"ro",
testNow,
testNow,
uint64(20211109),
domain.IDPConfigStateActive,
"idp-name",
domain.IDPConfigStylingTypeGoogle,
domain.IdentityProviderTypeOrg,
true,
// oidc config
nil,
nil,
nil,
nil,
nil,
nil,
nil,
nil,
nil,
// jwt config
nil,
nil,
nil,
nil,
nil,
},
{
"idp-id-2",
"ro",
testNow,
testNow,
uint64(20211109),
domain.IDPConfigStateActive,
"idp-name",
domain.IDPConfigStylingTypeGoogle,
domain.IdentityProviderTypeOrg,
true,
// oidc config
"idp-id",
"oidc-client-id",
nil,
"oidc-issuer",
database.StringArray{"scope"},
domain.OIDCMappingFieldEmail,
domain.OIDCMappingFieldPreferredLoginName,
"auth.endpoint.ch",
"token.endpoint.ch",
// jwt config
nil,
nil,
nil,
nil,
nil,
},
{
"idp-id-3",
"ro",
testNow,
testNow,
uint64(20211109),
domain.IDPConfigStateActive,
"idp-name",
domain.IDPConfigStylingTypeGoogle,
domain.IdentityProviderTypeOrg,
true,
// oidc config
nil,
nil,
nil,
nil,
nil,
nil,
nil,
nil,
nil,
// jwt config
"idp-id",
"jwt-issuer",
"key.ch",
"x-header-name",
"jwt.endpoint.ch",
},
},
),
},
object: &IDPs{
SearchResponse: SearchResponse{
Count: 3,
},
IDPs: []*IDP{
{
CreationDate: testNow,
ChangeDate: testNow,
Sequence: 20211109,
ResourceOwner: "ro",
ID: "idp-id-1",
State: domain.IDPConfigStateActive,
Name: "idp-name",
StylingType: domain.IDPConfigStylingTypeGoogle,
OwnerType: domain.IdentityProviderTypeOrg,
AutoRegister: true,
},
{
CreationDate: testNow,
ChangeDate: testNow,
Sequence: 20211109,
ResourceOwner: "ro",
ID: "idp-id-2",
State: domain.IDPConfigStateActive,
Name: "idp-name",
StylingType: domain.IDPConfigStylingTypeGoogle,
OwnerType: domain.IdentityProviderTypeOrg,
AutoRegister: true,
OIDCIDP: &OIDCIDP{
IDPID: "idp-id",
ClientID: "oidc-client-id",
ClientSecret: &crypto.CryptoValue{},
Issuer: "oidc-issuer",
Scopes: database.StringArray{"scope"},
DisplayNameMapping: domain.OIDCMappingFieldEmail,
UsernameMapping: domain.OIDCMappingFieldPreferredLoginName,
AuthorizationEndpoint: "auth.endpoint.ch",
TokenEndpoint: "token.endpoint.ch",
},
},
{
CreationDate: testNow,
ChangeDate: testNow,
Sequence: 20211109,
ResourceOwner: "ro",
ID: "idp-id-3",
State: domain.IDPConfigStateActive,
Name: "idp-name",
StylingType: domain.IDPConfigStylingTypeGoogle,
OwnerType: domain.IdentityProviderTypeOrg,
AutoRegister: true,
JWTIDP: &JWTIDP{
IDPID: "idp-id",
Issuer: "jwt-issuer",
KeysEndpoint: "key.ch",
HeaderName: "x-header-name",
Endpoint: "jwt.endpoint.ch",
},
},
},
},
},
{
name: "prepareIDPsQuery sql err",
prepare: prepareIDPsQuery,
want: want{
sqlExpectations: mockQueryErr(
regexp.QuoteMeta(idpsQuery),
sql.ErrConnDone,
),
err: func(err error) (error, bool) {
if !errors.Is(err, sql.ErrConnDone) {
return fmt.Errorf("err should be sql.ErrConnDone got: %w", err), false
}
return nil, true
},
},
object: nil,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
assertPrepare(t, tt.prepare, tt.object, tt.want.sqlExpectations, tt.want.err)
})
}
}