mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-13 11:34:26 +00:00
f3e6f3b23b
* feat(command): remove org * refactor: imports, unused code, error handling * reduce org removed in action * add org deletion to projections * add org removal to projections * add org removal to projections * org removed projection * lint import * projections * fix: table names in tests * fix: table names in tests * logging * add org state * fix(domain): add Owner removed to object details * feat(ListQuery): add with owner removed * fix(org-delete): add bool to functions to select with owner removed * fix(org-delete): add bools to user grants with events to determine if dependencies lost owner * fix(org-delete): add unit tests for owner removed and org removed events * fix(org-delete): add handling of org remove for grants and members * fix(org-delete): correction of unit tests for owner removed * fix(org-delete): update projections, unit tests and get functions * fix(org-delete): add change date to authnkeys and owner removed to org metadata * fix(org-delete): include owner removed for login names * fix(org-delete): some column fixes in projections and build for queries with owner removed * indexes * fix(org-delete): include review changes * fix(org-delete): change user projection name after merge * fix(org-delete): include review changes for project grant where no project owner is necessary * fix(org-delete): include auth and adminapi tables with owner removed information * fix(org-delete): cleanup username and orgdomain uniqueconstraints when org is removed * fix(org-delete): add permissions for org.remove * remove unnecessary unique constraints * fix column order in primary keys * fix(org-delete): include review changes * fix(org-delete): add owner removed indexes and chang setup step to create tables * fix(org-delete): move PK order of instance_id and change added user_grant from review * fix(org-delete): no params for prepareUserQuery * change to step 6 * merge main * fix(org-delete): OldUserName rename to private * fix linting * cleanup * fix: remove org test * create prerelease * chore: delete org-delete as prerelease Co-authored-by: Stefan Benz <stefan@caos.ch> Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
399 lines
11 KiB
Go
399 lines
11 KiB
Go
package query
|
|
|
|
import (
|
|
"context"
|
|
"database/sql"
|
|
errs "errors"
|
|
"time"
|
|
|
|
sq "github.com/Masterminds/squirrel"
|
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
|
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
"github.com/zitadel/zitadel/internal/errors"
|
|
"github.com/zitadel/zitadel/internal/query/projection"
|
|
)
|
|
|
|
var (
|
|
authNKeyTable = table{
|
|
name: projection.AuthNKeyTable,
|
|
instanceIDCol: projection.AuthNKeyInstanceIDCol,
|
|
}
|
|
AuthNKeyColumnID = Column{
|
|
name: projection.AuthNKeyIDCol,
|
|
table: authNKeyTable,
|
|
}
|
|
AuthNKeyColumnCreationDate = Column{
|
|
name: projection.AuthNKeyCreationDateCol,
|
|
table: authNKeyTable,
|
|
}
|
|
AuthNKeyColumnChangeDate = Column{
|
|
name: projection.AuthNKeyChangeDateCol,
|
|
table: authNKeyTable,
|
|
}
|
|
AuthNKeyColumnResourceOwner = Column{
|
|
name: projection.AuthNKeyResourceOwnerCol,
|
|
table: authNKeyTable,
|
|
}
|
|
AuthNKeyColumnInstanceID = Column{
|
|
name: projection.AuthNKeyInstanceIDCol,
|
|
table: authNKeyTable,
|
|
}
|
|
AuthNKeyColumnAggregateID = Column{
|
|
name: projection.AuthNKeyAggregateIDCol,
|
|
table: authNKeyTable,
|
|
}
|
|
AuthNKeyColumnSequence = Column{
|
|
name: projection.AuthNKeySequenceCol,
|
|
table: authNKeyTable,
|
|
}
|
|
AuthNKeyColumnObjectID = Column{
|
|
name: projection.AuthNKeyObjectIDCol,
|
|
table: authNKeyTable,
|
|
}
|
|
AuthNKeyColumnExpiration = Column{
|
|
name: projection.AuthNKeyExpirationCol,
|
|
table: authNKeyTable,
|
|
}
|
|
AuthNKeyColumnIdentifier = Column{
|
|
name: projection.AuthNKeyIdentifierCol,
|
|
table: authNKeyTable,
|
|
}
|
|
AuthNKeyColumnPublicKey = Column{
|
|
name: projection.AuthNKeyPublicKeyCol,
|
|
table: authNKeyTable,
|
|
}
|
|
AuthNKeyColumnType = Column{
|
|
name: projection.AuthNKeyTypeCol,
|
|
table: authNKeyTable,
|
|
}
|
|
AuthNKeyColumnEnabled = Column{
|
|
name: projection.AuthNKeyEnabledCol,
|
|
table: authNKeyTable,
|
|
}
|
|
AuthNKeyOwnerRemovedCol = Column{
|
|
name: projection.AuthNKeyOwnerRemovedCol,
|
|
table: authNKeyTable,
|
|
}
|
|
)
|
|
|
|
type AuthNKeys struct {
|
|
SearchResponse
|
|
AuthNKeys []*AuthNKey
|
|
}
|
|
|
|
type AuthNKey struct {
|
|
ID string
|
|
CreationDate time.Time
|
|
ChangeDate time.Time
|
|
ResourceOwner string
|
|
Sequence uint64
|
|
|
|
Expiration time.Time
|
|
Type domain.AuthNKeyType
|
|
}
|
|
|
|
type AuthNKeysData struct {
|
|
SearchResponse
|
|
AuthNKeysData []*AuthNKeyData
|
|
}
|
|
|
|
type AuthNKeyData struct {
|
|
ID string
|
|
CreationDate time.Time
|
|
ChangeDate time.Time
|
|
ResourceOwner string
|
|
Sequence uint64
|
|
|
|
Expiration time.Time
|
|
Type domain.AuthNKeyType
|
|
Identifier string
|
|
PublicKey []byte
|
|
}
|
|
|
|
type AuthNKeySearchQueries struct {
|
|
SearchRequest
|
|
Queries []SearchQuery
|
|
}
|
|
|
|
func (q *AuthNKeySearchQueries) toQuery(query sq.SelectBuilder) sq.SelectBuilder {
|
|
query = q.SearchRequest.toQuery(query)
|
|
for _, q := range q.Queries {
|
|
query = q.toQuery(query)
|
|
}
|
|
return query
|
|
}
|
|
|
|
func (q *Queries) SearchAuthNKeys(ctx context.Context, queries *AuthNKeySearchQueries, withOwnerRemoved bool) (authNKeys *AuthNKeys, err error) {
|
|
query, scan := prepareAuthNKeysQuery()
|
|
query = queries.toQuery(query)
|
|
eq := sq.Eq{
|
|
AuthNKeyColumnEnabled.identifier(): true,
|
|
AuthNKeyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
|
|
}
|
|
if !withOwnerRemoved {
|
|
eq[AuthNKeyOwnerRemovedCol.identifier()] = false
|
|
}
|
|
stmt, args, err := query.Where(eq).ToSql()
|
|
if err != nil {
|
|
return nil, errors.ThrowInvalidArgument(err, "QUERY-SAf3f", "Errors.Query.InvalidRequest")
|
|
}
|
|
|
|
rows, err := q.client.QueryContext(ctx, stmt, args...)
|
|
if err != nil {
|
|
return nil, errors.ThrowInternal(err, "QUERY-Dbg53", "Errors.Internal")
|
|
}
|
|
authNKeys, err = scan(rows)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
authNKeys.LatestSequence, err = q.latestSequence(ctx, authNKeyTable)
|
|
return authNKeys, err
|
|
}
|
|
|
|
func (q *Queries) SearchAuthNKeysData(ctx context.Context, queries *AuthNKeySearchQueries, withOwnerRemoved bool) (authNKeys *AuthNKeysData, err error) {
|
|
query, scan := prepareAuthNKeysDataQuery()
|
|
query = queries.toQuery(query)
|
|
eq := sq.Eq{
|
|
AuthNKeyColumnEnabled.identifier(): true,
|
|
AuthNKeyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
|
|
}
|
|
if !withOwnerRemoved {
|
|
eq[AuthNKeyOwnerRemovedCol.identifier()] = false
|
|
}
|
|
stmt, args, err := query.Where(eq).ToSql()
|
|
if err != nil {
|
|
return nil, errors.ThrowInvalidArgument(err, "QUERY-SAg3f", "Errors.Query.InvalidRequest")
|
|
}
|
|
|
|
rows, err := q.client.QueryContext(ctx, stmt, args...)
|
|
if err != nil {
|
|
return nil, errors.ThrowInternal(err, "QUERY-Dbi53", "Errors.Internal")
|
|
}
|
|
authNKeys, err = scan(rows)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
authNKeys.LatestSequence, err = q.latestSequence(ctx, authNKeyTable)
|
|
return authNKeys, err
|
|
}
|
|
|
|
func (q *Queries) GetAuthNKeyByID(ctx context.Context, shouldTriggerBulk bool, id string, withOwnerRemoved bool, queries ...SearchQuery) (*AuthNKey, error) {
|
|
if shouldTriggerBulk {
|
|
projection.AuthNKeyProjection.Trigger(ctx)
|
|
}
|
|
|
|
query, scan := prepareAuthNKeyQuery()
|
|
for _, q := range queries {
|
|
query = q.toQuery(query)
|
|
}
|
|
eq := sq.Eq{
|
|
AuthNKeyColumnID.identifier(): id,
|
|
AuthNKeyColumnEnabled.identifier(): true,
|
|
AuthNKeyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
|
|
}
|
|
if !withOwnerRemoved {
|
|
eq[AuthNKeyOwnerRemovedCol.identifier()] = false
|
|
}
|
|
stmt, args, err := query.Where(eq).ToSql()
|
|
if err != nil {
|
|
return nil, errors.ThrowInternal(err, "QUERY-AGhg4", "Errors.Query.SQLStatement")
|
|
}
|
|
|
|
row := q.client.QueryRowContext(ctx, stmt, args...)
|
|
return scan(row)
|
|
}
|
|
|
|
func (q *Queries) GetAuthNKeyPublicKeyByIDAndIdentifier(ctx context.Context, id string, identifier string, withOwnerRemoved bool) ([]byte, error) {
|
|
stmt, scan := prepareAuthNKeyPublicKeyQuery()
|
|
eq := sq.And{
|
|
sq.Eq{
|
|
AuthNKeyColumnID.identifier(): id,
|
|
AuthNKeyColumnIdentifier.identifier(): identifier,
|
|
AuthNKeyColumnEnabled.identifier(): true,
|
|
AuthNKeyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
|
|
},
|
|
sq.Gt{
|
|
AuthNKeyColumnExpiration.identifier(): time.Now(),
|
|
},
|
|
}
|
|
if !withOwnerRemoved {
|
|
eq = sq.And{
|
|
sq.Eq{
|
|
AuthNKeyColumnID.identifier(): id,
|
|
AuthNKeyColumnIdentifier.identifier(): identifier,
|
|
AuthNKeyColumnEnabled.identifier(): true,
|
|
AuthNKeyColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
|
|
AuthNKeyOwnerRemovedCol.identifier(): false,
|
|
},
|
|
sq.Gt{
|
|
AuthNKeyColumnExpiration.identifier(): time.Now(),
|
|
},
|
|
}
|
|
}
|
|
query, args, err := stmt.Where(eq).ToSql()
|
|
if err != nil {
|
|
return nil, errors.ThrowInternal(err, "QUERY-DAb32", "Errors.Query.SQLStatement")
|
|
}
|
|
|
|
row := q.client.QueryRowContext(ctx, query, args...)
|
|
return scan(row)
|
|
}
|
|
|
|
func NewAuthNKeyResourceOwnerQuery(id string) (SearchQuery, error) {
|
|
return NewTextQuery(AuthNKeyColumnResourceOwner, id, TextEquals)
|
|
}
|
|
|
|
func NewAuthNKeyAggregateIDQuery(id string) (SearchQuery, error) {
|
|
return NewTextQuery(AuthNKeyColumnAggregateID, id, TextEquals)
|
|
}
|
|
|
|
func NewAuthNKeyObjectIDQuery(id string) (SearchQuery, error) {
|
|
return NewTextQuery(AuthNKeyColumnObjectID, id, TextEquals)
|
|
}
|
|
|
|
func prepareAuthNKeysQuery() (sq.SelectBuilder, func(rows *sql.Rows) (*AuthNKeys, error)) {
|
|
return sq.Select(
|
|
AuthNKeyColumnID.identifier(),
|
|
AuthNKeyColumnCreationDate.identifier(),
|
|
AuthNKeyColumnChangeDate.identifier(),
|
|
AuthNKeyColumnResourceOwner.identifier(),
|
|
AuthNKeyColumnSequence.identifier(),
|
|
AuthNKeyColumnExpiration.identifier(),
|
|
AuthNKeyColumnType.identifier(),
|
|
countColumn.identifier(),
|
|
).From(authNKeyTable.identifier()).PlaceholderFormat(sq.Dollar),
|
|
func(rows *sql.Rows) (*AuthNKeys, error) {
|
|
authNKeys := make([]*AuthNKey, 0)
|
|
var count uint64
|
|
for rows.Next() {
|
|
authNKey := new(AuthNKey)
|
|
err := rows.Scan(
|
|
&authNKey.ID,
|
|
&authNKey.CreationDate,
|
|
&authNKey.ChangeDate,
|
|
&authNKey.ResourceOwner,
|
|
&authNKey.Sequence,
|
|
&authNKey.Expiration,
|
|
&authNKey.Type,
|
|
&count,
|
|
)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
authNKeys = append(authNKeys, authNKey)
|
|
}
|
|
|
|
if err := rows.Close(); err != nil {
|
|
return nil, errors.ThrowInternal(err, "QUERY-Dgfn3", "Errors.Query.CloseRows")
|
|
}
|
|
|
|
return &AuthNKeys{
|
|
AuthNKeys: authNKeys,
|
|
SearchResponse: SearchResponse{
|
|
Count: count,
|
|
},
|
|
}, nil
|
|
}
|
|
}
|
|
|
|
func prepareAuthNKeyQuery() (sq.SelectBuilder, func(row *sql.Row) (*AuthNKey, error)) {
|
|
return sq.Select(
|
|
AuthNKeyColumnID.identifier(),
|
|
AuthNKeyColumnCreationDate.identifier(),
|
|
AuthNKeyColumnChangeDate.identifier(),
|
|
AuthNKeyColumnResourceOwner.identifier(),
|
|
AuthNKeyColumnSequence.identifier(),
|
|
AuthNKeyColumnExpiration.identifier(),
|
|
AuthNKeyColumnType.identifier(),
|
|
).From(authNKeyTable.identifier()).PlaceholderFormat(sq.Dollar),
|
|
func(row *sql.Row) (*AuthNKey, error) {
|
|
authNKey := new(AuthNKey)
|
|
err := row.Scan(
|
|
&authNKey.ID,
|
|
&authNKey.CreationDate,
|
|
&authNKey.ChangeDate,
|
|
&authNKey.ResourceOwner,
|
|
&authNKey.Sequence,
|
|
&authNKey.Expiration,
|
|
&authNKey.Type,
|
|
)
|
|
if err != nil {
|
|
if errs.Is(err, sql.ErrNoRows) {
|
|
return nil, errors.ThrowNotFound(err, "QUERY-Dgr3g", "Errors.AuthNKey.NotFound")
|
|
}
|
|
return nil, errors.ThrowInternal(err, "QUERY-BGnbr", "Errors.Internal")
|
|
}
|
|
return authNKey, nil
|
|
}
|
|
}
|
|
|
|
func prepareAuthNKeyPublicKeyQuery() (sq.SelectBuilder, func(row *sql.Row) ([]byte, error)) {
|
|
return sq.Select(
|
|
AuthNKeyColumnPublicKey.identifier(),
|
|
).From(authNKeyTable.identifier()).PlaceholderFormat(sq.Dollar),
|
|
func(row *sql.Row) ([]byte, error) {
|
|
var publicKey []byte
|
|
err := row.Scan(
|
|
&publicKey,
|
|
)
|
|
if err != nil {
|
|
if errs.Is(err, sql.ErrNoRows) {
|
|
return nil, errors.ThrowNotFound(err, "QUERY-SDf32", "Errors.AuthNKey.NotFound")
|
|
}
|
|
return nil, errors.ThrowInternal(err, "QUERY-Bfs2a", "Errors.Internal")
|
|
}
|
|
return publicKey, nil
|
|
}
|
|
}
|
|
|
|
func prepareAuthNKeysDataQuery() (sq.SelectBuilder, func(rows *sql.Rows) (*AuthNKeysData, error)) {
|
|
return sq.Select(
|
|
AuthNKeyColumnID.identifier(),
|
|
AuthNKeyColumnCreationDate.identifier(),
|
|
AuthNKeyColumnChangeDate.identifier(),
|
|
AuthNKeyColumnResourceOwner.identifier(),
|
|
AuthNKeyColumnSequence.identifier(),
|
|
AuthNKeyColumnExpiration.identifier(),
|
|
AuthNKeyColumnType.identifier(),
|
|
AuthNKeyColumnIdentifier.identifier(),
|
|
AuthNKeyColumnPublicKey.identifier(),
|
|
countColumn.identifier(),
|
|
).From(authNKeyTable.identifier()).PlaceholderFormat(sq.Dollar),
|
|
func(rows *sql.Rows) (*AuthNKeysData, error) {
|
|
authNKeys := make([]*AuthNKeyData, 0)
|
|
var count uint64
|
|
for rows.Next() {
|
|
authNKey := new(AuthNKeyData)
|
|
err := rows.Scan(
|
|
&authNKey.ID,
|
|
&authNKey.CreationDate,
|
|
&authNKey.ChangeDate,
|
|
&authNKey.ResourceOwner,
|
|
&authNKey.Sequence,
|
|
&authNKey.Expiration,
|
|
&authNKey.Type,
|
|
&authNKey.Identifier,
|
|
&authNKey.PublicKey,
|
|
&count,
|
|
)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
authNKeys = append(authNKeys, authNKey)
|
|
}
|
|
|
|
if err := rows.Close(); err != nil {
|
|
return nil, errors.ThrowInternal(err, "QUERY-Dgfn3", "Errors.Query.CloseRows")
|
|
}
|
|
|
|
return &AuthNKeysData{
|
|
AuthNKeysData: authNKeys,
|
|
SearchResponse: SearchResponse{
|
|
Count: count,
|
|
},
|
|
}, nil
|
|
}
|
|
}
|