mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-13 03:24:26 +00:00
37ee5b4bab
* job queue * wg improvements * start handler * statement * statements * imporve handler * improve statement * statement in seperate file * move handlers * move query/old to query * handler * read models * bulk works * cleanup * contrib * rename readmodel to projection * rename read_models schema to projections * rename read_models schema to projections * search query as func, bulk iterates as long as new events * add event sequence less query * update checks for events between current sequence and sequence of first statement if it has previous sequence 0 * cleanup crdb projection * refactor projection handler * start with testing * tests for handler * remove todo * refactor statement: remove table name, add tests * improve projection handler shutdown, no savepoint if noop stmt, tests for stmt handler * tests * start failed events * seperate branch for contrib * move statement constructors to crdb pkg * correct import * Subscribe for eventtypes (#1800) * fix: is default (#1737) * fix: use email as username on global org (#1738) * fix: use email as username on global org * Update user_human.go * Update register_handler.go * chore(deps): update docusaurus (#1739) * chore: remove PAT and use GH Token (#1716) * chore: remove PAT and use GH Token * fix env * fix env * fix env * md lint * trigger ci * change user * fix GH bug * replace login part * chore: add GH Token to sem rel (#1746) * chore: add GH Token to sem rel * try branch * add GH Token * remove test branch again * docs: changes acme to acme-caos (#1744) * changes acme to acme-caos * Apply suggestions from code review Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: Maximilian Panne <maximilian.panne@gmail.com> Co-authored-by: Florian Forster <florian@caos.ch> * feat: add additional origins on applications (#1691) * feat: add additional origins on applications * app additional redirects * chore(deps-dev): bump @angular/cli from 11.2.8 to 11.2.11 in /console (#1706) * fix: show org with regex (#1688) * fix: flag mapping (#1699) * chore(deps-dev): bump @angular/cli from 11.2.8 to 11.2.11 in /console Bumps [@angular/cli](https://github.com/angular/angular-cli) from 11.2.8 to 11.2.11. - [Release notes](https://github.com/angular/angular-cli/releases) - [Commits](https://github.com/angular/angular-cli/compare/v11.2.8...v11.2.11) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump stylelint from 13.10.0 to 13.13.1 in /console (#1703) * fix: show org with regex (#1688) * fix: flag mapping (#1699) * chore(deps-dev): bump stylelint from 13.10.0 to 13.13.1 in /console Bumps [stylelint](https://github.com/stylelint/stylelint) from 13.10.0 to 13.13.1. - [Release notes](https://github.com/stylelint/stylelint/releases) - [Changelog](https://github.com/stylelint/stylelint/blob/master/CHANGELOG.md) - [Commits](https://github.com/stylelint/stylelint/compare/13.10.0...13.13.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @types/node from 14.14.37 to 15.0.1 in /console (#1702) * fix: show org with regex (#1688) * fix: flag mapping (#1699) * chore(deps-dev): bump @types/node from 14.14.37 to 15.0.1 in /console Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 14.14.37 to 15.0.1. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ts-protoc-gen from 0.14.0 to 0.15.0 in /console (#1701) * fix: show org with regex (#1688) * fix: flag mapping (#1699) * chore(deps): bump ts-protoc-gen from 0.14.0 to 0.15.0 in /console Bumps [ts-protoc-gen](https://github.com/improbable-eng/ts-protoc-gen) from 0.14.0 to 0.15.0. - [Release notes](https://github.com/improbable-eng/ts-protoc-gen/releases) - [Changelog](https://github.com/improbable-eng/ts-protoc-gen/blob/master/CHANGELOG.md) - [Commits](https://github.com/improbable-eng/ts-protoc-gen/compare/0.14.0...0.15.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @types/jasmine from 3.6.9 to 3.6.10 in /console (#1682) Bumps [@types/jasmine](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jasmine) from 3.6.9 to 3.6.10. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jasmine) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump @types/google-protobuf in /console (#1681) Bumps [@types/google-protobuf](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/google-protobuf) from 3.7.4 to 3.15.2. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/google-protobuf) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump grpc from 1.24.5 to 1.24.7 in /console (#1666) Bumps [grpc](https://github.com/grpc/grpc-node) from 1.24.5 to 1.24.7. - [Release notes](https://github.com/grpc/grpc-node/releases) - [Commits](https://github.com/grpc/grpc-node/compare/grpc@1.24.5...grpc@1.24.7) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * lock * chore(deps-dev): bump @angular/language-service from 11.2.9 to 11.2.12 in /console (#1704) * fix: show org with regex (#1688) * fix: flag mapping (#1699) * chore(deps-dev): bump @angular/language-service in /console Bumps [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service) from 11.2.9 to 11.2.12. - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/master/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/11.2.12/packages/language-service) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * package lock * downgrade grpc * downgrade protobuf types * revert npm packs 🥸 Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Silvan <silvan.reusser@gmail.com> * docs: update run and start section texts (#1745) * update run and start section texts * adds showcase Co-authored-by: Maximilian Panne <maximilian.panne@gmail.com> * fix: additional origin list (#1753) * fix: handle api configs in authz handler (#1755) * fix(console): add model for api keys, fix toast, binding (#1757) * fix: add model for api keys, fix toast, binding * show api clientid * fix: missing patchvalue (#1758) * feat: refresh token (#1728) * begin refresh tokens * refresh tokens * list and revoke refresh tokens * handle remove * tests for refresh tokens * uniqueness and default expiration * rename oidc token methods * cleanup * migration version * Update internal/static/i18n/en.yaml Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * fixes * feat: update oidc pkg for refresh tokens Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * fix: correct json name of clientId in key.json (#1760) * fix: migration version (#1767) * start subscription * eventtypes * fix(login): links (#1778) * fix(login): href for help * fix(login): correct link to tos * fix: access tokens for service users and refresh token infos (#1779) * fix: access token for service user * handle info from refresh request * uniqueness * postpone access token uniqueness change * chore(coc): recommend code of conduct (#1782) * subscribe for events * feat(console): refresh toggle out of granttype context (#1785) * refresh toggle * disable if not code flow, lint * lint * fix: change oidc config order * accept refresh option within flow Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: refresh token activation (#1795) * fix: oidc grant type check * docs: add offline_access scope * docs: update refresh token status in supported grant types * fix: update oidc pkg * fix: check refresh token grant type (#1796) * configuration structs * org admins * failed events * fixes Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: mffap <mpa@caos.ch> Co-authored-by: Maximilian Panne <maximilian.panne@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * remove comment * aggregate reducer * remove eventtypes * add protoc-get-validate to mod * fix transaltion * upsert * add gender on org admins, allow to retry failed stmts after configurable time * remove if * sub queries * fix: tests * add builder to tests * new search query * rename searchquerybuilder to builder * remove comment from code * test with multiple queries * add filters test * current sequences * make org and org_admins work again * add aggregate type to current sequence * fix(contibute): listing * add validate module * fix: search queries * feat(eventstore): previous aggregate root sequence (#1810) * feat(eventstore): previous aggregate root sequence * fix tests * fix: eventstore v1 test * add col to all mocked rows * next try * fix mig * rename aggregate root to aggregate type * update comment Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com> * small refactorings * allow update multiple current sequences * unique log id * fix migrations * rename org admin to org owner * improve error handling and logging * fix(migration): optimize prev agg root seq * fix: projection handler test * fix: sub queries * small fixes * additional event types * correct org owner projection * fix primary key * feat(eventstore): jobs for projections (#2026) * fix: template names in login (#1974) * fix: template names in login * fix: error.html * fix: check for features on mgmt only (#1976) * fix: add sentry in ui, http and projection handlers (#1977) * fix: add sentry in ui, http and projection handlers * fix test * fix(eventstore): sub queries (#1805) * sub queries * fix: tests * add builder to tests * new search query * rename searchquerybuilder to builder * remove comment from code * test with multiple queries * add filters test * fix(contibute): listing * add validate module * fix: search queries * remove unused event type in query * ignore query if error in marshal * go mod tidy * update privacy policy query * update queries Co-authored-by: Livio Amstutz <livio.a@gmail.com> * feat: Extend oidc idp with oauth endpoints (#1980) * feat: add oauth attributes to oidc idp configuration * feat: return idpconfig id on create idp * feat: tests * feat: descriptions * feat: docs * feat: tests * docs: update to beta 3 (#1984) * fix: role assertion (#1986) * fix: enum to display access token role assertion * improve assertion descriptions * fix nil pointer * docs: eventstore (#1982) * docs: eventstore * Apply suggestions from code review Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: Florian Forster <florian@caos.ch> * fix(sentry): trigger sentry release (#1989) * feat(send sentry release): send sentry release * fix(moved step and added releasetag): moved step and added releasetag * fix: set version for sentry release (#1990) * feat(send sentry release): send sentry release * fix(moved step and added releasetag): moved step and added releasetag * fix(corrected var name): corrected var name Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: log error reason on terminate session (#1973) * fix: return default language file, if requested lang does not exist for default login texts (#1988) * fix: return default language file, if requested lang doesnt exists * feat: read default translation file * feat: docs * fix: race condition in auth request unmarshalling (#1993) * feat: handle ui_locales in login (#1994) * fix: handle ui_locales in login * move supportedlanguage func into i18n package * update oidc pkg * fix: handle closed channels on unsubscribe (#1995) * fix: give restore more time (#1997) * fix: translation file read (#2009) * feat: translation file read * feat: readme * fix: enable idp add button for iam users (#2010) * fix: filter event_data (#2011) * feat: Custom message files (#1992) * feat: add get custom message text to admin api * feat: read custom message texts from files * feat: get languages in apis * feat: get languages in apis * feat: get languages in apis * feat: pr feedback * feat: docs * feat: merge main * fix: sms notification (#2013) * fix: phone verifications * feat: fix password reset as sms * fix: phone verification * fix: grpc status in sentry and validation interceptors (#2012) * fix: remove oauth endpoints from oidc config proto (#2014) * try with view * fix(console): disable sw (#2021) * fix: disable sw * angular.json disable sw * project projections * fix typos * customize projections * customizable projections, add change date to projects Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: mffap <mpa@caos.ch> Co-authored-by: Christian Jakob <47860090+thesephirot@users.noreply.github.com> Co-authored-by: Elio Bischof <eliobischof@gmail.com> * env file * typo * correct users * correct migration * fix: merge fail * fix test * fix(tests): unordered matcher * improve currentSequenceMatcher * correct certs * correct certs * add zitadel database on database list * refctor switch in match * enable all handlers * Delete io.env * cleanup * add handlers * rename view to projection * rename view to projection * fix type typo * remove unnecessary logs * refactor stmts * simplify interval calculation * fix tests * fix unlock test * fix migration * migs * fix(operator): update cockroach and flyway versions (#2138) * chore(deps): bump k8s.io/apiextensions-apiserver from 0.19.2 to 0.21.3 Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) from 0.19.2 to 0.21.3. - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.19.2...v0.21.3) --- updated-dependencies: - dependency-name: k8s.io/apiextensions-apiserver dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump google.golang.org/api from 0.34.0 to 0.52.0 Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.34.0 to 0.52.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/master/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.34.0...v0.52.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * start update dependencies * update mods and otlp * fix(build): update to go 1.16 * old version for k8s mods * update k8s versions * update orbos * fix(operator): update cockroach and flyway version * Update images.go Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Stefan Benz <stefan@caos.ch> * fix import * fix typo * fix(migration): add org projection * fix(projection): correct table for org events in org owners * better insert stmt * fix typo * fix typo * set max connection lifetime * set max conns and conn lifetime in eventstore v1 * configure sql connection settings * add mig for agg type index * fix replace tab in yaml * check requeue at least 500ms * split column in column and condition * remove useless comment * mig versions * fix migs Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: mffap <mpa@caos.ch> Co-authored-by: Maximilian Panne <maximilian.panne@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Christian Jakob <47860090+thesephirot@users.noreply.github.com> Co-authored-by: Elio Bischof <eliobischof@gmail.com> Co-authored-by: Stefan Benz <stefan@caos.ch>
532 lines
16 KiB
Go
532 lines
16 KiB
Go
package handler
|
|
|
|
import (
|
|
"context"
|
|
"strings"
|
|
|
|
"github.com/caos/logging"
|
|
|
|
"github.com/caos/zitadel/internal/domain"
|
|
"github.com/caos/zitadel/internal/errors"
|
|
v1 "github.com/caos/zitadel/internal/eventstore/v1"
|
|
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
|
|
"github.com/caos/zitadel/internal/eventstore/v1/query"
|
|
es_sdk "github.com/caos/zitadel/internal/eventstore/v1/sdk"
|
|
"github.com/caos/zitadel/internal/eventstore/v1/spooler"
|
|
iam_model "github.com/caos/zitadel/internal/iam/model"
|
|
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
|
|
iam_view "github.com/caos/zitadel/internal/iam/repository/view"
|
|
org_model "github.com/caos/zitadel/internal/org/model"
|
|
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
|
|
org_view "github.com/caos/zitadel/internal/org/repository/view"
|
|
proj_model "github.com/caos/zitadel/internal/project/model"
|
|
proj_es_model "github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
|
|
proj_view "github.com/caos/zitadel/internal/project/repository/view"
|
|
usr_model "github.com/caos/zitadel/internal/user/model"
|
|
usr_es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
|
|
"github.com/caos/zitadel/internal/user/repository/view"
|
|
"github.com/caos/zitadel/internal/user/repository/view/model"
|
|
grant_es_model "github.com/caos/zitadel/internal/usergrant/repository/eventsourcing/model"
|
|
view_model "github.com/caos/zitadel/internal/usergrant/repository/view/model"
|
|
)
|
|
|
|
const (
|
|
userGrantTable = "auth.user_grants"
|
|
)
|
|
|
|
type UserGrant struct {
|
|
handler
|
|
iamID string
|
|
iamProjectID string
|
|
subscription *v1.Subscription
|
|
}
|
|
|
|
func newUserGrant(
|
|
handler handler,
|
|
iamID string,
|
|
) *UserGrant {
|
|
h := &UserGrant{
|
|
handler: handler,
|
|
iamID: iamID,
|
|
}
|
|
|
|
h.subscribe()
|
|
|
|
return h
|
|
}
|
|
|
|
func (k *UserGrant) subscribe() {
|
|
k.subscription = k.es.Subscribe(k.AggregateTypes()...)
|
|
go func() {
|
|
for event := range k.subscription.Events {
|
|
query.ReduceEvent(k, event)
|
|
}
|
|
}()
|
|
}
|
|
|
|
func (u *UserGrant) ViewModel() string {
|
|
return userGrantTable
|
|
}
|
|
|
|
func (u *UserGrant) Subscription() *v1.Subscription {
|
|
return u.subscription
|
|
}
|
|
|
|
func (_ *UserGrant) AggregateTypes() []es_models.AggregateType {
|
|
return []es_models.AggregateType{grant_es_model.UserGrantAggregate, iam_es_model.IAMAggregate, org_es_model.OrgAggregate, usr_es_model.UserAggregate, proj_es_model.ProjectAggregate}
|
|
}
|
|
|
|
func (u *UserGrant) CurrentSequence() (uint64, error) {
|
|
sequence, err := u.view.GetLatestUserGrantSequence()
|
|
if err != nil {
|
|
return 0, err
|
|
}
|
|
return sequence.CurrentSequence, nil
|
|
}
|
|
|
|
func (u *UserGrant) EventQuery() (*es_models.SearchQuery, error) {
|
|
if u.iamProjectID == "" {
|
|
err := u.setIamProjectID()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
sequence, err := u.view.GetLatestUserGrantSequence()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return es_models.NewSearchQuery().
|
|
AggregateTypeFilter(u.AggregateTypes()...).
|
|
LatestSequenceFilter(sequence.CurrentSequence), nil
|
|
}
|
|
|
|
func (u *UserGrant) Reduce(event *es_models.Event) (err error) {
|
|
switch event.AggregateType {
|
|
case grant_es_model.UserGrantAggregate:
|
|
err = u.processUserGrant(event)
|
|
case usr_es_model.UserAggregate:
|
|
err = u.processUser(event)
|
|
case proj_es_model.ProjectAggregate:
|
|
err = u.processProject(event)
|
|
case iam_es_model.IAMAggregate:
|
|
err = u.processIAMMember(event, "IAM", false)
|
|
case org_es_model.OrgAggregate:
|
|
return u.processOrg(event)
|
|
}
|
|
return err
|
|
}
|
|
|
|
func (u *UserGrant) processUserGrant(event *es_models.Event) (err error) {
|
|
grant := new(view_model.UserGrantView)
|
|
switch event.Type {
|
|
case grant_es_model.UserGrantAdded:
|
|
err = grant.AppendEvent(event)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
err = u.fillData(grant, event.ResourceOwner)
|
|
case grant_es_model.UserGrantChanged,
|
|
grant_es_model.UserGrantCascadeChanged,
|
|
grant_es_model.UserGrantDeactivated,
|
|
grant_es_model.UserGrantReactivated:
|
|
grant, err = u.view.UserGrantByID(event.AggregateID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
err = grant.AppendEvent(event)
|
|
case grant_es_model.UserGrantRemoved, grant_es_model.UserGrantCascadeRemoved:
|
|
return u.view.DeleteUserGrant(event.AggregateID, event)
|
|
default:
|
|
return u.view.ProcessedUserGrantSequence(event)
|
|
}
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return u.view.PutUserGrant(grant, event)
|
|
}
|
|
|
|
func (u *UserGrant) processUser(event *es_models.Event) (err error) {
|
|
switch event.Type {
|
|
case usr_es_model.UserProfileChanged,
|
|
usr_es_model.UserEmailChanged,
|
|
usr_es_model.HumanProfileChanged,
|
|
usr_es_model.HumanEmailChanged,
|
|
usr_es_model.MachineChanged,
|
|
usr_es_model.HumanAvatarAdded,
|
|
usr_es_model.HumanAvatarRemoved:
|
|
grants, err := u.view.UserGrantsByUserID(event.AggregateID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if len(grants) == 0 {
|
|
return u.view.ProcessedUserGrantSequence(event)
|
|
}
|
|
user, err := u.getUserByID(event.AggregateID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
for _, grant := range grants {
|
|
u.fillUserData(grant, user)
|
|
}
|
|
return u.view.PutUserGrants(grants, event)
|
|
default:
|
|
return u.view.ProcessedUserGrantSequence(event)
|
|
}
|
|
}
|
|
|
|
func (u *UserGrant) processProject(event *es_models.Event) (err error) {
|
|
switch event.Type {
|
|
case proj_es_model.ProjectChanged:
|
|
grants, err := u.view.UserGrantsByProjectID(event.AggregateID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
project, err := u.getProjectByID(context.Background(), event.AggregateID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
for _, grant := range grants {
|
|
u.fillProjectData(grant, project)
|
|
}
|
|
return u.view.PutUserGrants(grants, event)
|
|
case proj_es_model.ProjectMemberAdded, proj_es_model.ProjectMemberChanged,
|
|
proj_es_model.ProjectMemberRemoved, proj_es_model.ProjectMemberCascadeRemoved:
|
|
member := new(proj_es_model.ProjectMember)
|
|
member.SetData(event)
|
|
return u.processMember(event, "PROJECT", event.AggregateID, member.UserID, member.Roles)
|
|
case proj_es_model.ProjectGrantMemberAdded, proj_es_model.ProjectGrantMemberChanged,
|
|
proj_es_model.ProjectGrantMemberRemoved, proj_es_model.ProjectGrantMemberCascadeRemoved:
|
|
member := new(proj_es_model.ProjectGrantMember)
|
|
member.SetData(event)
|
|
return u.processMember(event, "PROJECT_GRANT", member.GrantID, member.UserID, member.Roles)
|
|
default:
|
|
return u.view.ProcessedUserGrantSequence(event)
|
|
}
|
|
}
|
|
|
|
func (u *UserGrant) processOrg(event *es_models.Event) (err error) {
|
|
switch event.Type {
|
|
case org_es_model.OrgMemberAdded, org_es_model.OrgMemberChanged,
|
|
org_es_model.OrgMemberRemoved, org_es_model.OrgMemberCascadeRemoved:
|
|
member := new(org_es_model.OrgMember)
|
|
member.SetData(event)
|
|
return u.processMember(event, "ORG", "", member.UserID, member.Roles)
|
|
case org_es_model.OrgChanged:
|
|
grants, err := u.view.UserGrantsByProjectID(event.AggregateID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if len(grants) == 0 {
|
|
return u.view.ProcessedUserGrantSequence(event)
|
|
}
|
|
org, err := u.getOrgByID(context.Background(), event.AggregateID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
for _, grant := range grants {
|
|
u.fillOrgData(grant, org)
|
|
}
|
|
return u.view.PutUserGrants(grants, event)
|
|
default:
|
|
return u.view.ProcessedUserGrantSequence(event)
|
|
}
|
|
}
|
|
|
|
func (u *UserGrant) processIAMMember(event *es_models.Event, rolePrefix string, suffix bool) error {
|
|
member := new(iam_es_model.IAMMember)
|
|
|
|
switch event.Type {
|
|
case iam_es_model.IAMMemberAdded, iam_es_model.IAMMemberChanged:
|
|
member.SetData(event)
|
|
|
|
grant, err := u.view.UserGrantByIDs(u.iamID, u.iamProjectID, member.UserID)
|
|
if err != nil && !errors.IsNotFound(err) {
|
|
return err
|
|
}
|
|
if errors.IsNotFound(err) {
|
|
grant = &view_model.UserGrantView{
|
|
ID: u.iamProjectID + member.UserID,
|
|
ResourceOwner: u.iamID,
|
|
OrgName: u.iamID,
|
|
ProjectID: u.iamProjectID,
|
|
UserID: member.UserID,
|
|
RoleKeys: member.Roles,
|
|
CreationDate: event.CreationDate,
|
|
}
|
|
if suffix {
|
|
grant.RoleKeys = suffixRoles(event.AggregateID, grant.RoleKeys)
|
|
}
|
|
} else {
|
|
newRoles := member.Roles
|
|
if grant.RoleKeys != nil {
|
|
grant.RoleKeys = mergeExistingRoles(rolePrefix, "", grant.RoleKeys, newRoles)
|
|
} else {
|
|
grant.RoleKeys = newRoles
|
|
}
|
|
}
|
|
grant.Sequence = event.Sequence
|
|
grant.ChangeDate = event.CreationDate
|
|
return u.view.PutUserGrant(grant, event)
|
|
case iam_es_model.IAMMemberRemoved,
|
|
iam_es_model.IAMMemberCascadeRemoved:
|
|
member.SetData(event)
|
|
grant, err := u.view.UserGrantByIDs(u.iamID, u.iamProjectID, member.UserID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return u.view.DeleteUserGrant(grant.ID, event)
|
|
default:
|
|
return u.view.ProcessedUserGrantSequence(event)
|
|
}
|
|
}
|
|
|
|
func (u *UserGrant) processMember(event *es_models.Event, rolePrefix, roleSuffix string, userID string, roleKeys []string) error {
|
|
switch event.Type {
|
|
case org_es_model.OrgMemberAdded, proj_es_model.ProjectMemberAdded, proj_es_model.ProjectGrantMemberAdded,
|
|
org_es_model.OrgMemberChanged, proj_es_model.ProjectMemberChanged, proj_es_model.ProjectGrantMemberChanged:
|
|
|
|
grant, err := u.view.UserGrantByIDs(event.ResourceOwner, u.iamProjectID, userID)
|
|
if err != nil && !errors.IsNotFound(err) {
|
|
return err
|
|
}
|
|
if roleSuffix != "" {
|
|
roleKeys = suffixRoles(roleSuffix, roleKeys)
|
|
}
|
|
if errors.IsNotFound(err) {
|
|
grant = &view_model.UserGrantView{
|
|
ID: u.iamProjectID + event.ResourceOwner + userID,
|
|
ResourceOwner: event.ResourceOwner,
|
|
ProjectID: u.iamProjectID,
|
|
UserID: userID,
|
|
RoleKeys: roleKeys,
|
|
CreationDate: event.CreationDate,
|
|
}
|
|
u.fillData(grant, event.ResourceOwner)
|
|
} else {
|
|
newRoles := roleKeys
|
|
if grant.RoleKeys != nil {
|
|
grant.RoleKeys = mergeExistingRoles(rolePrefix, roleSuffix, grant.RoleKeys, newRoles)
|
|
} else {
|
|
grant.RoleKeys = newRoles
|
|
}
|
|
}
|
|
grant.Sequence = event.Sequence
|
|
grant.ChangeDate = event.CreationDate
|
|
return u.view.PutUserGrant(grant, event)
|
|
case org_es_model.OrgMemberRemoved,
|
|
org_es_model.OrgMemberCascadeRemoved,
|
|
proj_es_model.ProjectMemberRemoved,
|
|
proj_es_model.ProjectMemberCascadeRemoved,
|
|
proj_es_model.ProjectGrantMemberRemoved,
|
|
proj_es_model.ProjectGrantMemberCascadeRemoved:
|
|
|
|
grant, err := u.view.UserGrantByIDs(event.ResourceOwner, u.iamProjectID, userID)
|
|
if err != nil && !errors.IsNotFound(err) {
|
|
return err
|
|
}
|
|
if errors.IsNotFound(err) {
|
|
return u.view.ProcessedUserGrantSequence(event)
|
|
}
|
|
if roleSuffix != "" {
|
|
roleKeys = suffixRoles(roleSuffix, roleKeys)
|
|
}
|
|
if grant.RoleKeys == nil {
|
|
return u.view.ProcessedUserGrantSequence(event)
|
|
}
|
|
grant.RoleKeys = mergeExistingRoles(rolePrefix, roleSuffix, grant.RoleKeys, nil)
|
|
return u.view.PutUserGrant(grant, event)
|
|
default:
|
|
return u.view.ProcessedUserGrantSequence(event)
|
|
}
|
|
}
|
|
|
|
func suffixRoles(suffix string, roles []string) []string {
|
|
suffixedRoles := make([]string, len(roles))
|
|
for i := 0; i < len(roles); i++ {
|
|
suffixedRoles[i] = roles[i] + ":" + suffix
|
|
}
|
|
return suffixedRoles
|
|
}
|
|
|
|
func mergeExistingRoles(rolePrefix, suffix string, existingRoles, newRoles []string) []string {
|
|
mergedRoles := make([]string, 0)
|
|
for _, existingRole := range existingRoles {
|
|
if !strings.HasPrefix(existingRole, rolePrefix) {
|
|
mergedRoles = append(mergedRoles, existingRole)
|
|
continue
|
|
}
|
|
if suffix != "" && !strings.HasSuffix(existingRole, suffix) {
|
|
mergedRoles = append(mergedRoles, existingRole)
|
|
}
|
|
}
|
|
return append(mergedRoles, newRoles...)
|
|
}
|
|
|
|
func (u *UserGrant) setIamProjectID() error {
|
|
if u.iamProjectID != "" {
|
|
return nil
|
|
}
|
|
iam, err := u.getIAMByID(context.Background())
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if iam.SetUpDone < domain.StepCount-1 {
|
|
return errors.ThrowPreconditionFailed(nil, "HANDL-s5DTs", "Setup not done")
|
|
}
|
|
u.iamProjectID = iam.IAMProjectID
|
|
return nil
|
|
}
|
|
|
|
func (u *UserGrant) fillData(grant *view_model.UserGrantView, resourceOwner string) (err error) {
|
|
user, err := u.getUserByID(grant.UserID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
u.fillUserData(grant, user)
|
|
project, err := u.getProjectByID(context.Background(), grant.ProjectID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
u.fillProjectData(grant, project)
|
|
|
|
org, err := u.getOrgByID(context.TODO(), resourceOwner)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
u.fillOrgData(grant, org)
|
|
return nil
|
|
}
|
|
|
|
func (u *UserGrant) fillUserData(grant *view_model.UserGrantView, user *model.UserView) {
|
|
grant.UserName = user.UserName
|
|
grant.UserResourceOwner = user.ResourceOwner
|
|
if user.HumanView != nil {
|
|
grant.FirstName = user.FirstName
|
|
grant.LastName = user.LastName
|
|
grant.DisplayName = user.FirstName + " " + user.LastName
|
|
grant.Email = user.Email
|
|
grant.AvatarKey = user.AvatarKey
|
|
}
|
|
if user.MachineView != nil {
|
|
grant.DisplayName = user.MachineView.Name
|
|
}
|
|
}
|
|
|
|
func (u *UserGrant) fillProjectData(grant *view_model.UserGrantView, project *proj_model.Project) {
|
|
grant.ProjectName = project.Name
|
|
grant.ProjectOwner = project.ResourceOwner
|
|
}
|
|
|
|
func (u *UserGrant) fillOrgData(grant *view_model.UserGrantView, org *org_model.Org) {
|
|
grant.OrgName = org.Name
|
|
for _, domain := range org.Domains {
|
|
if domain.Primary {
|
|
grant.OrgPrimaryDomain = domain.Domain
|
|
break
|
|
}
|
|
}
|
|
}
|
|
|
|
func (u *UserGrant) OnError(event *es_models.Event, err error) error {
|
|
logging.LogWithFields("SPOOL-UZmc7", "id", event.AggregateID).WithError(err).Warn("something went wrong in user grant handler")
|
|
return spooler.HandleError(event, err, u.view.GetLatestUserGrantFailedEvent, u.view.ProcessedUserGrantFailedEvent, u.view.ProcessedUserGrantSequence, u.errorCountUntilSkip)
|
|
}
|
|
|
|
func (u *UserGrant) OnSuccess() error {
|
|
return spooler.HandleSuccess(u.view.UpdateUserGrantSpoolerRunTimestamp)
|
|
}
|
|
|
|
func (u *UserGrant) getUserByID(userID string) (*model.UserView, error) {
|
|
user, usrErr := u.view.UserByID(userID)
|
|
if usrErr != nil && !errors.IsNotFound(usrErr) {
|
|
return nil, usrErr
|
|
}
|
|
if user == nil {
|
|
user = &model.UserView{}
|
|
}
|
|
events, err := u.getUserEvents(userID, user.Sequence)
|
|
if err != nil {
|
|
return user, usrErr
|
|
}
|
|
userCopy := *user
|
|
for _, event := range events {
|
|
if err := userCopy.AppendEvent(event); err != nil {
|
|
return user, nil
|
|
}
|
|
}
|
|
if userCopy.State == int32(usr_model.UserStateDeleted) {
|
|
return nil, errors.ThrowNotFound(nil, "HANDLER-m9dos", "Errors.User.NotFound")
|
|
}
|
|
return &userCopy, nil
|
|
}
|
|
|
|
func (u *UserGrant) getUserEvents(userID string, sequence uint64) ([]*es_models.Event, error) {
|
|
query, err := view.UserByIDQuery(userID, sequence)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return u.es.FilterEvents(context.Background(), query)
|
|
}
|
|
|
|
func (u *UserGrant) getOrgByID(ctx context.Context, orgID string) (*org_model.Org, error) {
|
|
query, err := org_view.OrgByIDQuery(orgID, 0)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
esOrg := &org_es_model.Org{
|
|
ObjectRoot: es_models.ObjectRoot{
|
|
AggregateID: orgID,
|
|
},
|
|
}
|
|
err = es_sdk.Filter(ctx, u.Eventstore().FilterEvents, esOrg.AppendEvents, query)
|
|
if err != nil && !errors.IsNotFound(err) {
|
|
return nil, err
|
|
}
|
|
if esOrg.Sequence == 0 {
|
|
return nil, errors.ThrowNotFound(nil, "EVENT-3m9vs", "Errors.Org.NotFound")
|
|
}
|
|
|
|
return org_es_model.OrgToModel(esOrg), nil
|
|
}
|
|
|
|
func (u *UserGrant) getProjectByID(ctx context.Context, projID string) (*proj_model.Project, error) {
|
|
query, err := proj_view.ProjectByIDQuery(projID, 0)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
esProject := &proj_es_model.Project{
|
|
ObjectRoot: es_models.ObjectRoot{
|
|
AggregateID: projID,
|
|
},
|
|
}
|
|
err = es_sdk.Filter(ctx, u.Eventstore().FilterEvents, esProject.AppendEvents, query)
|
|
if err != nil && !errors.IsNotFound(err) {
|
|
return nil, err
|
|
}
|
|
if esProject.Sequence == 0 {
|
|
return nil, errors.ThrowNotFound(nil, "EVENT-DAfng", "Errors.Project.NotFound")
|
|
}
|
|
|
|
return proj_es_model.ProjectToModel(esProject), nil
|
|
}
|
|
|
|
func (u *UserGrant) getIAMByID(ctx context.Context) (*iam_model.IAM, error) {
|
|
query, err := iam_view.IAMByIDQuery(domain.IAMID, 0)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
iam := &iam_es_model.IAM{
|
|
ObjectRoot: es_models.ObjectRoot{
|
|
AggregateID: domain.IAMID,
|
|
},
|
|
}
|
|
err = es_sdk.Filter(ctx, u.Eventstore().FilterEvents, iam.AppendEvents, query)
|
|
if err != nil && errors.IsNotFound(err) && iam.Sequence == 0 {
|
|
return nil, err
|
|
}
|
|
return iam_es_model.IAMToModel(iam), nil
|
|
}
|