IntenseFinance/zitadel
3
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-02-25 18:55:27 -06:00
Code Issues Packages Projects Releases Wiki Activity

fix: cleanup (#1312)

Browse Source 
* fix: remove unused code

* fix: remove unused code

* fix: remove unused code

* fix: remove unused code
This commit is contained in:
Fabi
2021-02-19 14:35:42 +01:00
committed by GitHub
parent 00fec8830a
commit a7cc57822b
63 changed files with 33 additions and 38138 deletions
Download Patch File Download Diff File Expand all files Collapse all files

99
internal/admin/repository/eventsourcing/eventstore/iam.go
View File

@@ -10,8 +10,6 @@ import (
"github.com/caos/logging"
admin_view "github.com/caos/zitadel/internal/admin/repository/eventsourcing/view"
"github.com/caos/zitadel/internal/config/systemdefaults"
es_models "github.com/caos/zitadel/internal/eventstore/models"
es_sdk "github.com/caos/zitadel/internal/eventstore/sdk"
iam_model "github.com/caos/zitadel/internal/iam/model"
iam_es "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/view/model"
@@ -70,48 +68,6 @@ func (repo *IAMRepository) GetIAMMemberRoles() []string {
return roles
}
func (repo *IAMRepository) RemoveIDPConfig(ctx context.Context, idpConfigID string) error {
aggregates := make([]*es_models.Aggregate, 0)
idp := iam_model.NewIDPConfig(repo.SystemDefaults.IamID, idpConfigID)
_, agg, err := repo.IAMEventstore.PrepareRemoveIDPConfig(ctx, idp)
if err != nil {
return err
}
aggregates = append(aggregates, agg)
providers, err := repo.View.IDPProvidersByIdpConfigID(idpConfigID)
if err != nil {
return err
}
for _, p := range providers {
if p.AggregateID == repo.SystemDefaults.IamID {
continue
}
provider := &iam_model.IDPProvider{ObjectRoot: es_models.ObjectRoot{AggregateID: p.AggregateID}, IDPConfigID: p.IDPConfigID}
providerAgg := new(es_models.Aggregate)
_, providerAgg, err = repo.OrgEvents.PrepareRemoveIDPProviderFromLoginPolicy(ctx, provider, true)
if err != nil {
return err
}
aggregates = append(aggregates, providerAgg)
}
externalIDPs, err := repo.View.ExternalIDPsByIDPConfigID(idpConfigID)
if err != nil {
return err
}
for _, externalIDP := range externalIDPs {
idpRemove := &usr_model.ExternalIDP{ObjectRoot: es_models.ObjectRoot{AggregateID: externalIDP.UserID}, IDPConfigID: externalIDP.IDPConfigID, UserID: externalIDP.ExternalUserID}
idpAgg := make([]*es_models.Aggregate, 0)
_, idpAgg, err = repo.UserEvents.PrepareRemoveExternalIDP(ctx, idpRemove, true)
if err != nil {
return err
}
aggregates = append(aggregates, idpAgg...)
}
return es_sdk.PushAggregates(ctx, repo.Eventstore.PushAggregates, nil, aggregates...)
}
func (repo *IAMRepository) IDPProvidersByIDPConfigID(ctx context.Context, idpConfigID string) ([]*iam_model.IDPProviderView, error) {
providers, err := repo.View.IDPProvidersByIdpConfigID(idpConfigID)
if err != nil {
@@ -213,31 +169,6 @@ func (repo *IAMRepository) SearchDefaultIDPProviders(ctx context.Context, reques
return result, nil
}
func (repo *IAMRepository) RemoveIDPProviderFromLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) error {
aggregates := make([]*es_models.Aggregate, 0)
provider.AggregateID = repo.SystemDefaults.IamID
_, removeAgg, err := repo.IAMEventstore.PrepareRemoveIDPProviderFromLoginPolicy(ctx, provider)
if err != nil {
return err
}
aggregates = append(aggregates, removeAgg)
externalIDPs, err := repo.View.ExternalIDPsByIDPConfigID(provider.IDPConfigID)
if err != nil {
return err
}
for _, externalIDP := range externalIDPs {
idpRemove := &usr_model.ExternalIDP{ObjectRoot: es_models.ObjectRoot{AggregateID: externalIDP.UserID}, IDPConfigID: externalIDP.IDPConfigID, UserID: externalIDP.ExternalUserID}
idpAgg := make([]*es_models.Aggregate, 0)
_, idpAgg, err = repo.UserEvents.PrepareRemoveExternalIDP(ctx, idpRemove, true)
if err != nil {
return err
}
aggregates = append(aggregates, idpAgg...)
}
return es_sdk.PushAggregates(ctx, repo.Eventstore.PushAggregates, nil, aggregates...)
}
func (repo *IAMRepository) SearchDefaultSecondFactors(ctx context.Context) (*iam_model.SecondFactorsSearchResponse, error) {
policy, err := repo.GetDefaultLoginPolicy(ctx)
if err != nil {
@@ -360,16 +291,6 @@ func (repo *IAMRepository) GetOrgIAMPolicy(ctx context.Context) (*iam_model.OrgI
return iam_es_model.OrgIAMViewToModel(policy), nil
}
func (repo *IAMRepository) AddDefaultOrgIAMPolicy(ctx context.Context, policy *iam_model.OrgIAMPolicy) (*iam_model.OrgIAMPolicy, error) {
policy.AggregateID = repo.SystemDefaults.IamID
return repo.IAMEventstore.AddOrgIAMPolicy(ctx, policy)
}
func (repo *IAMRepository) ChangeDefaultOrgIAMPolicy(ctx context.Context, policy *iam_model.OrgIAMPolicy) (*iam_model.OrgIAMPolicy, error) {
policy.AggregateID = repo.SystemDefaults.IamID
return repo.IAMEventstore.ChangeOrgIAMPolicy(ctx, policy)
}
func (repo *IAMRepository) GetDefaultLabelPolicy(ctx context.Context) (*iam_model.LabelPolicyView, error) {
policy, err := repo.View.LabelPolicyByAggregateID(repo.SystemDefaults.IamID)
if err != nil {
@@ -378,16 +299,6 @@ func (repo *IAMRepository) GetDefaultLabelPolicy(ctx context.Context) (*iam_mode
return iam_es_model.LabelPolicyViewToModel(policy), err
}
func (repo *IAMRepository) AddDefaultLabelPolicy(ctx context.Context, policy *iam_model.LabelPolicy) (*iam_model.LabelPolicy, error) {
policy.AggregateID = repo.SystemDefaults.IamID
return repo.IAMEventstore.AddLabelPolicy(ctx, policy)
}
func (repo *IAMRepository) ChangeDefaultLabelPolicy(ctx context.Context, policy *iam_model.LabelPolicy) (*iam_model.LabelPolicy, error) {
policy.AggregateID = repo.SystemDefaults.IamID
return repo.IAMEventstore.ChangeLabelPolicy(ctx, policy)
}
func (repo *IAMRepository) GetDefaultMailTemplate(ctx context.Context) (*iam_model.MailTemplateView, error) {
template, err := repo.View.MailTemplateByAggregateID(repo.SystemDefaults.IamID)
if err != nil {
@@ -433,13 +344,3 @@ func (repo *IAMRepository) GetDefaultMailText(ctx context.Context, textType stri
text.Default = true
return iam_es_model.MailTextViewToModel(text), err
}
func (repo *IAMRepository) AddDefaultMailText(ctx context.Context, text *iam_model.MailText) (*iam_model.MailText, error) {
text.AggregateID = repo.SystemDefaults.IamID
return repo.IAMEventstore.AddMailText(ctx, text)
}
func (repo *IAMRepository) ChangeDefaultMailText(ctx context.Context, text *iam_model.MailText) (*iam_model.MailText, error) {
text.AggregateID = repo.SystemDefaults.IamID
return repo.IAMEventstore.ChangeMailText(ctx, text)
}

64
internal/admin/repository/eventsourcing/eventstore/org.go
View File

@@ -5,16 +5,12 @@ import (
"github.com/caos/zitadel/internal/errors"
iam_model "github.com/caos/zitadel/internal/iam/model"
iam_view "github.com/caos/zitadel/internal/iam/repository/view/model"
"github.com/caos/zitadel/internal/telemetry/tracing"
"github.com/caos/logging"
admin_model "github.com/caos/zitadel/internal/admin/model"
admin_view "github.com/caos/zitadel/internal/admin/repository/eventsourcing/view"
"github.com/caos/zitadel/internal/config/systemdefaults"
"github.com/caos/zitadel/internal/eventstore"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/sdk"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/view/model"
org_model "github.com/caos/zitadel/internal/org/model"
org_es "github.com/caos/zitadel/internal/org/repository/eventsourcing"
@@ -22,10 +18,6 @@ import (
usr_es "github.com/caos/zitadel/internal/user/repository/eventsourcing"
)
const (
orgOwnerRole = "ORG_OWNER"
)
type OrgRepo struct {
Eventstore eventstore.Eventstore
OrgEventstore *org_es.OrgEventstore
@@ -37,50 +29,6 @@ type OrgRepo struct {
SystemDefaults systemdefaults.SystemDefaults
}
func (repo *OrgRepo) SetUpOrg(ctx context.Context, setUp *admin_model.SetupOrg) (*admin_model.SetupOrg, error) {
pwPolicy, err := repo.View.PasswordComplexityPolicyByAggregateID(repo.SystemDefaults.IamID)
if err != nil {
return nil, err
}
pwPolicyView := iam_view.PasswordComplexityViewToModel(pwPolicy)
orgPolicy, err := repo.GetDefaultOrgIAMPolicy(ctx)
if err != nil {
return nil, err
}
users := func(ctx context.Context, domain string) ([]*es_models.Aggregate, error) {
userIDs, err := repo.View.UserIDsByDomain(domain)
if err != nil {
return nil, err
}
return repo.UserEventstore.PrepareDomainClaimed(ctx, userIDs)
}
org, aggregates, err := repo.OrgEventstore.PrepareCreateOrg(ctx, setUp.Org, users)
if err != nil {
return nil, err
}
user, userAggregates, err := repo.UserEventstore.PrepareCreateUser(ctx, setUp.User, pwPolicyView, orgPolicy, org.AggregateID)
if err != nil {
return nil, err
}
aggregates = append(aggregates, userAggregates...)
setupModel := &Setup{Org: org, User: user}
member := org_model.NewOrgMemberWithRoles(org.AggregateID, user.AggregateID, orgOwnerRole)
_, memberAggregate, err := repo.OrgEventstore.PrepareAddOrgMember(ctx, member, org.AggregateID)
if err != nil {
return nil, err
}
aggregates = append(aggregates, memberAggregate)
err = sdk.PushAggregates(ctx, repo.Eventstore.PushAggregates, setupModel.AppendEvents, aggregates...)
if err != nil {
return nil, err
}
return SetupToModel(setupModel), nil
}
func (repo *OrgRepo) OrgByID(ctx context.Context, id string) (*org_model.Org, error) {
return repo.OrgEventstore.OrgByID(ctx, org_model.NewOrg(id))
}
@@ -129,15 +77,3 @@ func (repo *OrgRepo) GetDefaultOrgIAMPolicy(ctx context.Context) (*iam_model.Org
policy.Default = true
return iam_es_model.OrgIAMViewToModel(policy), err
}
func (repo *OrgRepo) CreateOrgIAMPolicy(ctx context.Context, policy *iam_model.OrgIAMPolicy) (*iam_model.OrgIAMPolicy, error) {
return repo.OrgEventstore.AddOrgIAMPolicy(ctx, policy)
}
func (repo *OrgRepo) ChangeOrgIAMPolicy(ctx context.Context, policy *iam_model.OrgIAMPolicy) (*iam_model.OrgIAMPolicy, error) {
return repo.OrgEventstore.ChangeOrgIAMPolicy(ctx, policy)
}
func (repo *OrgRepo) RemoveOrgIAMPolicy(ctx context.Context, id string) error {
return repo.OrgEventstore.RemoveOrgIAMPolicy(ctx, id)
}

2
internal/admin/repository/iam.go
View File

@@ -29,8 +29,6 @@ type IAMRepository interface {
GetDefaultMailTexts(ctx context.Context) (*iam_model.MailTextsView, error)
GetDefaultMailText(ctx context.Context, textType string, language string) (*iam_model.MailTextView, error)
AddDefaultMailText(ctx context.Context, mailText *iam_model.MailText) (*iam_model.MailText, error)
ChangeDefaultMailText(ctx context.Context, policy *iam_model.MailText) (*iam_model.MailText, error)
GetDefaultPasswordComplexityPolicy(ctx context.Context) (*iam_model.PasswordComplexityPolicyView, error)

53
internal/auth/repository/eventsourcing/eventstore/user.go
View File

@@ -4,7 +4,6 @@ import (
"context"
"github.com/caos/zitadel/internal/config/systemdefaults"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/view/model"
key_model "github.com/caos/zitadel/internal/key/model"
"github.com/caos/logging"
@@ -13,15 +12,11 @@ import (
"github.com/caos/zitadel/internal/auth/repository/eventsourcing/view"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/sdk"
key_view_model "github.com/caos/zitadel/internal/key/repository/view/model"
org_model "github.com/caos/zitadel/internal/org/model"
org_event "github.com/caos/zitadel/internal/org/repository/eventsourcing"
"github.com/caos/zitadel/internal/telemetry/tracing"
"github.com/caos/zitadel/internal/user/model"
user_event "github.com/caos/zitadel/internal/user/repository/eventsourcing"
usr_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
usr_view_model "github.com/caos/zitadel/internal/user/repository/view/model"
)
@@ -38,47 +33,6 @@ func (repo *UserRepo) Health(ctx context.Context) error {
return repo.UserEvents.Health(ctx)
}
func (repo *UserRepo) registerUser(ctx context.Context, registerUser *model.User, externalIDP *model.ExternalIDP, orgMember *org_model.OrgMember, resourceOwner string) (*model.User, error) {
policyResourceOwner := authz.GetCtxData(ctx).OrgID
if resourceOwner != "" {
policyResourceOwner = resourceOwner
}
pwPolicy, err := repo.View.PasswordComplexityPolicyByAggregateID(policyResourceOwner)
if errors.IsNotFound(err) {
pwPolicy, err = repo.View.PasswordComplexityPolicyByAggregateID(repo.SystemDefaults.IamID)
}
if err != nil {
return nil, err
}
pwPolicyView := iam_es_model.PasswordComplexityViewToModel(pwPolicy)
orgPolicy, err := repo.View.OrgIAMPolicyByAggregateID(policyResourceOwner)
if errors.IsNotFound(err) {
orgPolicy, err = repo.View.OrgIAMPolicyByAggregateID(repo.SystemDefaults.IamID)
}
if err != nil {
return nil, err
}
orgPolicyView := iam_es_model.OrgIAMViewToModel(orgPolicy)
user, aggregates, err := repo.UserEvents.PrepareRegisterUser(ctx, registerUser, externalIDP, pwPolicyView, orgPolicyView, resourceOwner)
if err != nil {
return nil, err
}
if orgMember != nil {
orgMember.UserID = user.AggregateID
_, memberAggregate, err := repo.OrgEvents.PrepareAddOrgMember(ctx, orgMember, policyResourceOwner)
if err != nil {
return nil, err
}
aggregates = append(aggregates, memberAggregate)
}
err = sdk.PushAggregates(ctx, repo.Eventstore.PushAggregates, user.AppendEvents, aggregates...)
if err != nil {
return nil, err
}
return usr_model.UserToModel(user), nil
}
func (repo *UserRepo) MyUser(ctx context.Context) (*model.UserView, error) {
return repo.UserByID(ctx, authz.GetCtxData(ctx).UserID)
}
@@ -247,13 +201,6 @@ func (repo *UserRepo) MyUserChanges(ctx context.Context, lastSequence uint64, li
return changes, nil
}
func checkIDs(ctx context.Context, obj es_models.ObjectRoot) error {
if obj.AggregateID != authz.GetCtxData(ctx).UserID {
return errors.ThrowPermissionDenied(nil, "EVENT-kFi9w", "object does not belong to user")
}
return nil
}
func (repo *UserRepo) MachineKeyByID(ctx context.Context, keyID string) (*key_model.AuthNKeyView, error) {
key, err := repo.View.AuthNKeyByID(keyID)
if err != nil {

1002
internal/iam/repository/eventsourcing/eventstore.go
View File

File diff suppressed because it is too large Load Diff

244
internal/iam/repository/eventsourcing/eventstore_mock_test.go
View File

@@ -1,244 +0,0 @@
package eventsourcing
import (
"encoding/json"
model2 "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/crypto"
"github.com/caos/zitadel/internal/id"
mock_cache "github.com/caos/zitadel/internal/cache/mock"
"github.com/caos/zitadel/internal/eventstore/mock"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/golang/mock/gomock"
)
func GetMockedEventstore(ctrl *gomock.Controller, mockEs *mock.MockEventstore) *IAMEventstore {
return &IAMEventstore{
Eventstore: mockEs,
iamCache: GetMockCache(ctrl),
idGenerator: GetSonyFlacke(),
}
}
func GetMockedEventstoreWithCrypto(ctrl *gomock.Controller, mockEs *mock.MockEventstore) *IAMEventstore {
return &IAMEventstore{
Eventstore: mockEs,
iamCache: GetMockCache(ctrl),
idGenerator: GetSonyFlacke(),
secretCrypto: crypto.NewBCrypt(10),
}
}
func GetMockCache(ctrl *gomock.Controller) *IAMCache {
mockCache := mock_cache.NewMockCache(ctrl)
mockCache.EXPECT().Get(gomock.Any(), gomock.Any()).Return(nil).AnyTimes()
mockCache.EXPECT().Set(gomock.Any(), gomock.Any()).Return(nil).AnyTimes()
return &IAMCache{iamCache: mockCache}
}
func GetSonyFlacke() id.Generator {
return id.SonyFlakeGenerator
}
func GetMockIAMByIDOK(ctrl *gomock.Controller) *IAMEventstore {
data, _ := json.Marshal(model.IAM{GlobalOrgID: "GlobalOrgID"})
events := []*es_models.Event{
{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
{AggregateID: "AggregateID", Sequence: 1, Type: model.GlobalOrgSet, Data: data},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockIamByIDNoEvents(ctrl *gomock.Controller) *IAMEventstore {
events := []*es_models.Event{}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIAM(ctrl *gomock.Controller) *IAMEventstore {
events := []*es_models.Event{
{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIAMWithCrypto(ctrl *gomock.Controller) *IAMEventstore {
events := []*es_models.Event{
{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstoreWithCrypto(ctrl, mockEs)
}
func GetMockManipulateIAMWithMember(ctrl *gomock.Controller) *IAMEventstore {
memberData, _ := json.Marshal(model.IAMMember{UserID: "UserID", Roles: []string{"Role"}})
events := []*es_models.Event{
{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMMemberAdded, Data: memberData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIAMWithOIDCIdp(ctrl *gomock.Controller) *IAMEventstore {
idpData, _ := json.Marshal(model.IDPConfig{IDPConfigID: "IDPConfigID", Name: "Name"})
oidcData, _ := json.Marshal(model.OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"})
events := []*es_models.Event{
{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
{AggregateID: "AggregateID", Sequence: 1, Type: model.IDPConfigAdded, Data: idpData},
{AggregateID: "AggregateID", Sequence: 1, Type: model.OIDCIDPConfigAdded, Data: oidcData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIAMWithLoginPolicy(ctrl *gomock.Controller) *IAMEventstore {
policyData, _ := json.Marshal(model.LoginPolicy{AllowRegister: true, AllowUsernamePassword: true, AllowExternalIdp: true})
idpProviderData, _ := json.Marshal(model.IDPProvider{IDPConfigID: "IDPConfigID", Type: 1})
events := []*es_models.Event{
{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
{AggregateID: "AggregateID", Sequence: 1, Type: model.LoginPolicyAdded, Data: policyData},
{AggregateID: "AggregateID", Sequence: 1, Type: model.LoginPolicyIDPProviderAdded, Data: idpProviderData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIAMWithLoginPolicyWithMFAs(ctrl *gomock.Controller) *IAMEventstore {
policyData, _ := json.Marshal(model.LoginPolicy{AllowRegister: true, AllowUsernamePassword: true, AllowExternalIdp: true})
idpProviderData, _ := json.Marshal(model.IDPProvider{IDPConfigID: "IDPConfigID", Type: 1})
secondFactor, _ := json.Marshal(model.MFA{MFAType: int32(model2.SecondFactorTypeOTP)})
multiFactor, _ := json.Marshal(model.MFA{MFAType: int32(model2.MultiFactorTypeU2FWithPIN)})
events := []*es_models.Event{
{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
{AggregateID: "AggregateID", Sequence: 1, Type: model.LoginPolicyAdded, Data: policyData},
{AggregateID: "AggregateID", Sequence: 1, Type: model.LoginPolicyIDPProviderAdded, Data: idpProviderData},
{AggregateID: "AggregateID", Sequence: 1, Type: model.LoginPolicySecondFactorAdded, Data: secondFactor},
{AggregateID: "AggregateID", Sequence: 1, Type: model.LoginPolicyMultiFactorAdded, Data: multiFactor},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIAMWithPasswodComplexityPolicy(ctrl *gomock.Controller) *IAMEventstore {
policyData, _ := json.Marshal(model.PasswordComplexityPolicy{MinLength: 10})
events := []*es_models.Event{
{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
{AggregateID: "AggregateID", Sequence: 1, Type: model.PasswordComplexityPolicyAdded, Data: policyData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIAMWithPasswordAgePolicy(ctrl *gomock.Controller) *IAMEventstore {
policyData, _ := json.Marshal(model.PasswordAgePolicy{MaxAgeDays: 10, ExpireWarnDays: 10})
events := []*es_models.Event{
{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
{AggregateID: "AggregateID", Sequence: 1, Type: model.PasswordAgePolicyAdded, Data: policyData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIAMWithPasswordLockoutPolicy(ctrl *gomock.Controller) *IAMEventstore {
policyData, _ := json.Marshal(model.PasswordLockoutPolicy{MaxAttempts: 10, ShowLockOutFailures: true})
events := []*es_models.Event{
{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
{AggregateID: "AggregateID", Sequence: 1, Type: model.PasswordLockoutPolicyAdded, Data: policyData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIAMWithOrgIAMPolicy(ctrl *gomock.Controller) *IAMEventstore {
policyData, _ := json.Marshal(model.OrgIAMPolicy{UserLoginMustBeDomain: true})
events := []*es_models.Event{
{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
{AggregateID: "AggregateID", Sequence: 1, Type: model.OrgIAMPolicyAdded, Data: policyData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIAMNotExisting(ctrl *gomock.Controller) *IAMEventstore {
events := []*es_models.Event{}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIAMWithLabelPolicy(ctrl *gomock.Controller) *IAMEventstore {
policyData, _ := json.Marshal(model.LabelPolicy{PrimaryColor: "000001", SecondaryColor: "FFFFF1"})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.LabelPolicyAdded, Data: policyData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIAMWithMailTemplate(ctrl *gomock.Controller) *IAMEventstore {
mailTemplate, _ := json.Marshal(model.MailTemplate{Template: []byte("<!doctype htm>")})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.MailTemplateAdded, Data: mailTemplate},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateIAMWithMailText(ctrl *gomock.Controller) *IAMEventstore {
mailText, _ := json.Marshal(model.MailText{MailTextType: "Type", Language: "DE"})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.IAMSetupStarted},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.MailTextAdded, Data: mailText},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}

3381
internal/iam/repository/eventsourcing/eventstore_test.go
View File

File diff suppressed because it is too large Load Diff

819
internal/iam/repository/eventsourcing/iam.go
View File

@@ -28,822 +28,3 @@ func IAMAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, i
}
return aggCreator.NewAggregate(ctx, iam.AggregateID, model.IAMAggregate, model.IAMVersion, iam.Sequence)
}
func IAMAggregateOverwriteContext(ctx context.Context, aggCreator *es_models.AggregateCreator, iam *model.IAM, resourceOwnerID string, userID string) (*es_models.Aggregate, error) {
if iam == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-dis83", "Errors.Internal")
}
return aggCreator.NewAggregate(ctx, iam.AggregateID, model.IAMAggregate, model.IAMVersion, iam.Sequence, es_models.OverwriteResourceOwner(resourceOwnerID), es_models.OverwriteEditorUser(userID))
}
func IAMSetupStartedAggregate(aggCreator *es_models.AggregateCreator, iam *model.IAM) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
agg, err := IAMAggregate(ctx, aggCreator, iam)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.IAMSetupStarted, &struct{ Step model.Step }{Step: iam.SetUpStarted})
}
}
func IAMSetupDoneAggregate(aggCreator *es_models.AggregateCreator, iam *model.IAM) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
agg, err := IAMAggregate(ctx, aggCreator, iam)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.IAMSetupDone, &struct{ Step model.Step }{Step: iam.SetUpDone})
}
}
func IAMSetupDoneEvent(ctx context.Context, agg *es_models.Aggregate, iam *model.IAM) (*es_models.Aggregate, error) {
return agg.AppendEvent(model.IAMSetupDone, &struct{ Step model.Step }{Step: iam.SetUpDone})
}
func IAMSetGlobalOrgAggregate(aggCreator *es_models.AggregateCreator, iam *model.IAM, globalOrg string) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if globalOrg == "" {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-8siwa", "Errors.IAM.GlobalOrgMissing")
}
agg, err := IAMAggregate(ctx, aggCreator, iam)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.GlobalOrgSet, &model.IAM{GlobalOrgID: globalOrg})
}
}
func IAMSetIamProjectAggregate(aggCreator *es_models.AggregateCreator, iam *model.IAM, projectID string) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if projectID == "" {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-sjuw3", "Errors.IAM.IAMProjectIDMissing")
}
agg, err := IAMAggregate(ctx, aggCreator, iam)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.IAMProjectSet, &model.IAM{IAMProjectID: projectID})
}
}
func IAMMemberAddedAggregate(aggCreator *es_models.AggregateCreator, existingIAM *model.IAM, member *model.IAMMember) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if member == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-9sope", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existingIAM)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.IAMMemberAdded, member)
}
}
func IAMMemberChangedAggregate(aggCreator *es_models.AggregateCreator, existingIAM *model.IAM, member *model.IAMMember) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if member == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-38skf", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existingIAM)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.IAMMemberChanged, member)
}
}
func IAMMemberRemovedAggregate(aggCreator *es_models.AggregateCreator, existingIAM *model.IAM, member *model.IAMMember) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if member == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-90lsw", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existingIAM)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.IAMMemberRemoved, member)
}
}
func IDPConfigAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, idp *model.IDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if idp == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-MSn7d", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
agg, err = agg.AppendEvent(model.IDPConfigAdded, idp)
if err != nil {
return nil, err
}
if idp.OIDCIDPConfig != nil {
return agg.AppendEvent(model.OIDCIDPConfigAdded, idp.OIDCIDPConfig)
}
return agg, nil
}
}
func IDPConfigChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, idp *model.IDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if idp == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Amc7s", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
var changes map[string]interface{}
for _, i := range existing.IDPs {
if i.IDPConfigID == idp.IDPConfigID {
changes = i.Changes(idp)
}
}
return agg.AppendEvent(model.IDPConfigChanged, changes)
}
}
func IDPConfigRemovedAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, existing *model.IAM, idp *model.IDPConfig, provider *model.IDPProvider) (*es_models.Aggregate, error) {
if idp == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-se23g", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
agg, err = agg.AppendEvent(model.IDPConfigRemoved, &model.IDPConfigID{IDPConfigID: idp.IDPConfigID})
if err != nil {
return nil, err
}
if provider != nil {
return agg.AppendEvent(model.LoginPolicyIDPProviderCascadeRemoved, &model.IDPConfigID{IDPConfigID: idp.IDPConfigID})
}
return agg, nil
}
func IDPConfigDeactivatedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, idp *model.IDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if idp == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-slfi3", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.IDPConfigDeactivated, &model.IDPConfigID{IDPConfigID: idp.IDPConfigID})
}
}
func IDPConfigReactivatedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, idp *model.IDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if idp == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-slf32", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.IDPConfigReactivated, &model.IDPConfigID{IDPConfigID: idp.IDPConfigID})
}
}
func OIDCIDPConfigChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, config *model.OIDCIDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if config == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-slf32", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
var changes map[string]interface{}
for _, idp := range existing.IDPs {
if idp.IDPConfigID == config.IDPConfigID && idp.OIDCIDPConfig != nil {
changes = idp.OIDCIDPConfig.Changes(config)
}
}
if len(changes) <= 1 {
return nil, errors.ThrowPreconditionFailedf(nil, "EVENT-Cml9s", "Errors.NoChangesFound")
}
return agg.AppendEvent(model.OIDCIDPConfigChanged, changes)
}
}
func LabelPolicyAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, policy *model.LabelPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-e248Y", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate).
EventTypesFilter(model.LabelPolicyAdded).
AggregateIDFilter(existing.AggregateID)
validation := checkExistingLabelPolicyValidation()
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.LabelPolicyAdded, policy)
}
}
func checkExistingLabelPolicyValidation() func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
for _, event := range events {
switch event.Type {
case model.LabelPolicyAdded:
return errors.ThrowPreconditionFailed(nil, "EVENT-KyLIK", "Errors.IAM.LabelPolicy.AlreadyExists")
}
}
return nil
}
}
func LabelPolicyChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, policy *model.LabelPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-uP6HQ", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
changes := existing.DefaultLabelPolicy.Changes(policy)
if len(changes) == 0 {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-hZE24", "Errors.NoChangesFound")
}
return agg.AppendEvent(model.LabelPolicyChanged, changes)
}
}
func LoginPolicyAddedAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, existing *model.IAM, policy *model.LoginPolicy) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Smla8", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate).
EventTypesFilter(model.LoginPolicyAdded).
AggregateIDFilter(existing.AggregateID)
validation := checkExistingLoginPolicyValidation()
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.LoginPolicyAdded, policy)
}
func LoginPolicyChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, policy *model.LoginPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Mlco9", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
changes := existing.DefaultLoginPolicy.Changes(policy)
if len(changes) == 0 {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Smk8d", "Errors.NoChangesFound")
}
return agg.AppendEvent(model.LoginPolicyChanged, changes)
}
}
func LoginPolicyIDPProviderAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, provider *model.IDPProvider) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if provider == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Sml9d", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate).
AggregateIDFilter(existing.AggregateID)
validation := checkExistingLoginPolicyIDPProviderValidation(provider.IDPConfigID)
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.LoginPolicyIDPProviderAdded, provider)
}
}
func LoginPolicyIDPProviderRemovedAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, existing *model.IAM, provider *model.IDPProviderID) (*es_models.Aggregate, error) {
if provider == nil || existing == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Sml9d", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.LoginPolicyIDPProviderRemoved, provider)
}
func LoginPolicySecondFactorAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, mfa *model.MFA) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if mfa == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-4Gm9s", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate).
AggregateIDFilter(existing.AggregateID)
validation := checkExistingLoginPolicySecondFactorValidation(mfa.MFAType)
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.LoginPolicySecondFactorAdded, mfa)
}
}
func LoginPolicySecondFactorRemovedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, mfa *model.MFA) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if mfa == nil || existing == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-5Bm9s", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.LoginPolicySecondFactorRemoved, mfa)
}
}
func LoginPolicyMultiFactorAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, mfa *model.MFA) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if mfa == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-4Gm9s", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate).
AggregateIDFilter(existing.AggregateID)
validation := checkExistingLoginPolicyMultiFactorValidation(mfa.MFAType)
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.LoginPolicyMultiFactorAdded, mfa)
}
}
func LoginPolicyMultiFactorRemovedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, mfa *model.MFA) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if mfa == nil || existing == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-6Mso9", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.LoginPolicyMultiFactorRemoved, mfa)
}
}
func PasswordComplexityPolicyAddedAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, existing *model.IAM, policy *model.PasswordComplexityPolicy) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Smla8", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate).
EventTypesFilter(model.PasswordComplexityPolicyAdded).
AggregateIDFilter(existing.AggregateID)
validation := checkExistingPasswordComplexityPolicyValidation()
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.PasswordComplexityPolicyAdded, policy)
}
func PasswordComplexityPolicyChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, policy *model.PasswordComplexityPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Mlco9", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
changes := existing.DefaultPasswordComplexityPolicy.Changes(policy)
if len(changes) == 0 {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Smk8d", "Errors.NoChangesFound")
}
return agg.AppendEvent(model.PasswordComplexityPolicyChanged, changes)
}
}
func PasswordAgePolicyAddedAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, existing *model.IAM, policy *model.PasswordAgePolicy) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-T7sui", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate).
EventTypesFilter(model.PasswordAgePolicyAdded).
AggregateIDFilter(existing.AggregateID)
validation := checkExistingPasswordAgePolicyValidation()
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.PasswordAgePolicyAdded, policy)
}
func PasswordAgePolicyChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, policy *model.PasswordAgePolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-3Gs0o", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
changes := existing.DefaultPasswordAgePolicy.Changes(policy)
if len(changes) == 0 {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-3Wdos", "Errors.NoChangesFound")
}
return agg.AppendEvent(model.PasswordAgePolicyChanged, changes)
}
}
func PasswordLockoutPolicyAddedAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, existing *model.IAM, policy *model.PasswordLockoutPolicy) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-w5Tds", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate).
EventTypesFilter(model.PasswordLockoutPolicyAdded).
AggregateIDFilter(existing.AggregateID)
validation := checkExistingPasswordLockoutPolicyValidation()
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.PasswordLockoutPolicyAdded, policy)
}
func PasswordLockoutPolicyChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, policy *model.PasswordLockoutPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-2D0fs", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
changes := existing.DefaultPasswordLockoutPolicy.Changes(policy)
if len(changes) == 0 {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-7Hsk9", "Errors.NoChangesFound")
}
return agg.AppendEvent(model.PasswordLockoutPolicyChanged, changes)
}
}
func OrgIAMPolicyAddedAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, existing *model.IAM, policy *model.OrgIAMPolicy) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-w5Tds", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate).
EventTypesFilter(model.OrgIAMPolicyAdded).
AggregateIDFilter(existing.AggregateID)
validation := checkExistingOrgIAMPolicyValidation()
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.OrgIAMPolicyAdded, policy)
}
func OrgIAMPolicyChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, policy *model.OrgIAMPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-2D0fs", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
changes := existing.DefaultOrgIAMPolicy.Changes(policy)
if len(changes) == 0 {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-7Hsk9", "Errors.NoChangesFound")
}
return agg.AppendEvent(model.OrgIAMPolicyChanged, changes)
}
}
func checkExistingLoginPolicyValidation() func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
for _, event := range events {
switch event.Type {
case model.LoginPolicyAdded:
return errors.ThrowPreconditionFailed(nil, "EVENT-Ski9d", "Errors.IAM.LoginPolicy.AlreadyExists")
}
}
return nil
}
}
func checkExistingPasswordComplexityPolicyValidation() func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
for _, event := range events {
switch event.Type {
case model.PasswordComplexityPolicyAdded:
return errors.ThrowPreconditionFailed(nil, "EVENT-Ski9d", "Errors.IAM.PasswordComplexityPolicy.AlreadyExists")
}
}
return nil
}
}
func checkExistingPasswordAgePolicyValidation() func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
for _, event := range events {
switch event.Type {
case model.PasswordAgePolicyAdded:
return errors.ThrowPreconditionFailed(nil, "EVENT-Ski9d", "Errors.IAM.PasswordAgePolicy.AlreadyExists")
}
}
return nil
}
}
func checkExistingPasswordLockoutPolicyValidation() func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
for _, event := range events {
switch event.Type {
case model.PasswordLockoutPolicyAdded:
return errors.ThrowPreconditionFailed(nil, "EVENT-Ski9d", "Errors.IAM.PasswordLockoutPolicy.AlreadyExists")
}
}
return nil
}
}
func checkExistingOrgIAMPolicyValidation() func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
for _, event := range events {
switch event.Type {
case model.OrgIAMPolicyAdded:
return errors.ThrowPreconditionFailed(nil, "EVENT-bSm8f", "Errors.IAM.OrgIAMPolicy.AlreadyExists")
}
}
return nil
}
}
func checkExistingLoginPolicyIDPProviderValidation(idpConfigID string) func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
idpConfigs := make([]*model.IDPConfig, 0)
idps := make([]*model.IDPProvider, 0)
for _, event := range events {
switch event.Type {
case model.IDPConfigAdded:
config := new(model.IDPConfig)
err := config.SetData(event)
if err != nil {
return err
}
idpConfigs = append(idpConfigs, config)
case model.IDPConfigRemoved:
config := new(model.IDPConfig)
err := config.SetData(event)
if err != nil {
return err
}
for i := len(idpConfigs) - 1; i >= 0; i-- {
if idpConfigs[i].IDPConfigID == config.IDPConfigID {
idpConfigs[i] = idpConfigs[len(idpConfigs)-1]
idpConfigs[len(idpConfigs)-1] = nil
idpConfigs = idpConfigs[:len(idpConfigs)-1]
break
}
}
case model.LoginPolicyIDPProviderAdded:
idp := new(model.IDPProvider)
err := idp.SetData(event)
if err != nil {
return err
}
idps = append(idps, idp)
case model.LoginPolicyIDPProviderRemoved:
idp := new(model.IDPProvider)
err := idp.SetData(event)
if err != nil {
return err
}
for i := len(idps) - 1; i >= 0; i-- {
if idps[i].IDPConfigID == idp.IDPConfigID {
idps[i] = idps[len(idps)-1]
idps[len(idps)-1] = nil
idps = idps[:len(idps)-1]
break
}
}
}
}
exists := false
for _, p := range idpConfigs {
if p.IDPConfigID == idpConfigID {
exists = true
}
}
if !exists {
return errors.ThrowPreconditionFailed(nil, "EVENT-Djlo9", "Errors.IAM.IdpNotExisting")
}
for _, p := range idps {
if p.IDPConfigID == idpConfigID {
return errors.ThrowPreconditionFailed(nil, "EVENT-us5Zw", "Errors.IAM.LoginPolicy.IdpProviderAlreadyExisting")
}
}
return nil
}
}
func MailTemplateAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, template *model.MailTemplate) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if template == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-ZCfDS", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate).
EventTypesFilter(model.MailTemplateAdded).
AggregateIDFilter(existing.AggregateID)
validation := checkExistingMailTemplateValidation()
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.MailTemplateAdded, template)
}
}
func checkExistingMailTemplateValidation() func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
for _, event := range events {
switch event.Type {
case model.MailTemplateAdded:
return errors.ThrowPreconditionFailed(nil, "EVENT-uKPiJ", "Errors.IAM.MailTemplate.AlreadyExists")
}
}
return nil
}
}
func MailTemplateChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, template *model.MailTemplate) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if template == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-s4PVD", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
changes := existing.DefaultMailTemplate.Changes(template)
if len(changes) == 0 {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-hxxSm", "Errors.NoChangesFound")
}
return agg.AppendEvent(model.MailTemplateChanged, changes)
}
}
func MailTextAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, text *model.MailText) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if text == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-ZCfDS", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existing)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.IAMAggregate).
EventTypesFilter(model.MailTextAdded).
AggregateIDFilter(existing.AggregateID)
validation := checkExistingMailTextValidation()
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.MailTextAdded, text)
}
}
func checkExistingMailTextValidation() func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
for _, event := range events {
switch event.Type {
case model.MailTextAdded:
return errors.ThrowPreconditionFailed(nil, "EVENT-ijzeq", "Errors.IAM.MailText.AlreadyExists")
}
}
return nil
}
}
func MailTextChangedAggregate(aggCreator *es_models.AggregateCreator, existingIAM *model.IAM, text *model.MailText) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if text == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-mgYpV", "Errors.Internal")
}
agg, err := IAMAggregate(ctx, aggCreator, existingIAM)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.MailTextChanged, text)
}
}
func checkExistingLoginPolicySecondFactorValidation(mfaType int32) func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
mfas := make([]int32, 0)
for _, event := range events {
switch event.Type {
case model.LoginPolicySecondFactorAdded:
idp := new(model.MFA)
err := idp.SetData(event)
if err != nil {
return err
}
mfas = append(mfas, idp.MFAType)
case model.LoginPolicySecondFactorRemoved:
mfa := new(model.MFA)
err := mfa.SetData(event)
if err != nil {
return err
}
for i := len(mfas) - 1; i >= 0; i-- {
if mfas[i] == mfa.MFAType {
mfas[i] = mfas[len(mfas)-1]
mfas[len(mfas)-1] = 0
mfas = mfas[:len(mfas)-1]
break
}
}
}
}
for _, m := range mfas {
if m == mfaType {
return errors.ThrowPreconditionFailed(nil, "EVENT-3vmHd", "Errors.IAM.LoginPolicy.MFA.AlreadyExisting")
}
}
return nil
}
}
func checkExistingLoginPolicyMultiFactorValidation(mfaType int32) func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
mfas := make([]int32, 0)
for _, event := range events {
switch event.Type {
case model.LoginPolicyMultiFactorAdded:
idp := new(model.MFA)
err := idp.SetData(event)
if err != nil {
return err
}
mfas = append(mfas, idp.MFAType)
case model.LoginPolicyMultiFactorRemoved:
mfa := new(model.MFA)
err := mfa.SetData(event)
if err != nil {
return err
}
for i := len(mfas) - 1; i >= 0; i-- {
if mfas[i] == mfa.MFAType {
mfas[i] = mfas[len(mfas)-1]
mfas[len(mfas)-1] = 0
mfas = mfas[:len(mfas)-1]
break
}
}
}
}
for _, m := range mfas {
if m == mfaType {
return errors.ThrowPreconditionFailed(nil, "EVENT-6Hsj89", "Errors.IAM.LoginPolicy.MFA.AlreadyExisting")
}
}
return nil
}
}

2599
internal/iam/repository/eventsourcing/iam_test.go
View File

File diff suppressed because it is too large Load Diff

269
internal/management/repository/eventsourcing/eventstore/org.go
View File

@@ -11,9 +11,6 @@ import (
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/config/systemdefaults"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/sdk"
iam_model "github.com/caos/zitadel/internal/iam/model"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/view/model"
iam_view_model "github.com/caos/zitadel/internal/iam/repository/view/model"
@@ -21,10 +18,8 @@ import (
global_model "github.com/caos/zitadel/internal/model"
org_model "github.com/caos/zitadel/internal/org/model"
org_es "github.com/caos/zitadel/internal/org/repository/eventsourcing"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/org/repository/view/model"
"github.com/caos/zitadel/internal/telemetry/tracing"
usr_model "github.com/caos/zitadel/internal/user/model"
usr_es "github.com/caos/zitadel/internal/user/repository/eventsourcing"
)
@@ -58,39 +53,6 @@ func (repo *OrgRepository) OrgByDomainGlobal(ctx context.Context, domain string)
return repo.OrgByID(ctx, verifiedDomain.OrgID)
}
func (repo *OrgRepository) CreateOrg(ctx context.Context, name string) (*org_model.Org, error) {
org, aggregates, err := repo.OrgEventstore.PrepareCreateOrg(ctx, &org_model.Org{Name: name}, nil)
if err != nil {
return nil, err
}
member := org_model.NewOrgMemberWithRoles(org.AggregateID, authz.GetCtxData(ctx).UserID, orgOwnerRole)
_, memberAggregate, err := repo.OrgEventstore.PrepareAddOrgMember(ctx, member, org.AggregateID)
if err != nil {
return nil, err
}
aggregates = append(aggregates, memberAggregate)
err = sdk.PushAggregates(ctx, repo.Eventstore.PushAggregates, org.AppendEvents, aggregates...)
if err != nil {
return nil, err
}
return org_es_model.OrgToModel(org), nil
}
func (repo *OrgRepository) UpdateOrg(ctx context.Context, org *org_model.Org) (*org_model.Org, error) {
return nil, errors.ThrowUnimplemented(nil, "EVENT-RkurR", "not implemented")
}
func (repo *OrgRepository) DeactivateOrg(ctx context.Context, id string) (*org_model.Org, error) {
return repo.OrgEventstore.DeactivateOrg(ctx, id)
}
func (repo *OrgRepository) ReactivateOrg(ctx context.Context, id string) (*org_model.Org, error) {
return repo.OrgEventstore.ReactivateOrg(ctx, id)
}
func (repo *OrgRepository) GetMyOrgIamPolicy(ctx context.Context) (*iam_model.OrgIAMPolicyView, error) {
policy, err := repo.View.OrgIAMPolicyByAggregateID(authz.GetCtxData(ctx).OrgID)
if errors.IsNotFound(err) {
@@ -128,38 +90,6 @@ func (repo *OrgRepository) SearchMyOrgDomains(ctx context.Context, request *org_
return result, nil
}
func (repo *OrgRepository) AddMyOrgDomain(ctx context.Context, domain *org_model.OrgDomain) (*org_model.OrgDomain, error) {
domain.AggregateID = authz.GetCtxData(ctx).OrgID
return repo.OrgEventstore.AddOrgDomain(ctx, domain)
}
func (repo *OrgRepository) GenerateMyOrgDomainValidation(ctx context.Context, domain *org_model.OrgDomain) (string, string, error) {
domain.AggregateID = authz.GetCtxData(ctx).OrgID
return repo.OrgEventstore.GenerateOrgDomainValidation(ctx, domain)
}
func (repo *OrgRepository) ValidateMyOrgDomain(ctx context.Context, domain *org_model.OrgDomain) error {
domain.AggregateID = authz.GetCtxData(ctx).OrgID
users := func(ctx context.Context, domain string) ([]*es_models.Aggregate, error) {
userIDs, err := repo.View.UserIDsByDomain(domain)
if err != nil {
return nil, err
}
return repo.UserEvents.PrepareDomainClaimed(ctx, userIDs)
}
return repo.OrgEventstore.ValidateOrgDomain(ctx, domain, users)
}
func (repo *OrgRepository) SetMyPrimaryOrgDomain(ctx context.Context, domain *org_model.OrgDomain) error {
domain.AggregateID = authz.GetCtxData(ctx).OrgID
return repo.OrgEventstore.SetPrimaryOrgDomain(ctx, domain)
}
func (repo *OrgRepository) RemoveMyOrgDomain(ctx context.Context, domain string) error {
d := org_model.NewOrgDomain(authz.GetCtxData(ctx).OrgID, domain)
return repo.OrgEventstore.RemoveOrgDomain(ctx, d)
}
func (repo *OrgRepository) OrgChanges(ctx context.Context, id string, lastSequence uint64, limit uint64, sortAscending bool) (*org_model.OrgChanges, error) {
changes, err := repo.OrgEventstore.OrgChanges(ctx, id, lastSequence, limit, sortAscending)
if err != nil {
@@ -188,21 +118,6 @@ func (repo *OrgRepository) OrgMemberByID(ctx context.Context, orgID, userID stri
return model.OrgMemberToModel(member), nil
}
func (repo *OrgRepository) AddMyOrgMember(ctx context.Context, member *org_model.OrgMember) (*org_model.OrgMember, error) {
member.AggregateID = authz.GetCtxData(ctx).OrgID
return repo.OrgEventstore.AddOrgMember(ctx, member)
}
func (repo *OrgRepository) ChangeMyOrgMember(ctx context.Context, member *org_model.OrgMember) (*org_model.OrgMember, error) {
member.AggregateID = authz.GetCtxData(ctx).OrgID
return repo.OrgEventstore.ChangeOrgMember(ctx, member)
}
func (repo *OrgRepository) RemoveMyOrgMember(ctx context.Context, userID string) error {
member := org_model.NewOrgMember(authz.GetCtxData(ctx).OrgID, userID)
return repo.OrgEventstore.RemoveOrgMember(ctx, member)
}
func (repo *OrgRepository) SearchMyOrgMembers(ctx context.Context, request *org_model.OrgMemberSearchRequest) (*org_model.OrgMemberSearchResponse, error) {
request.EnsureLimit(repo.SearchLimit)
request.Queries[len(request.Queries)-1] = &org_model.OrgMemberSearchQuery{Key: org_model.OrgMemberSearchKeyOrgID, Method: global_model.SearchMethodEquals, Value: authz.GetCtxData(ctx).OrgID}
@@ -242,52 +157,6 @@ func (repo *OrgRepository) IDPConfigByID(ctx context.Context, idpConfigID string
}
return iam_view_model.IDPConfigViewToModel(idp), nil
}
func (repo *OrgRepository) AddOIDCIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error) {
idp.AggregateID = authz.GetCtxData(ctx).OrgID
return repo.OrgEventstore.AddIDPConfig(ctx, idp)
}
func (repo *OrgRepository) ChangeIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error) {
idp.AggregateID = authz.GetCtxData(ctx).OrgID
return repo.OrgEventstore.ChangeIDPConfig(ctx, idp)
}
func (repo *OrgRepository) DeactivateIDPConfig(ctx context.Context, idpConfigID string) (*iam_model.IDPConfig, error) {
return repo.OrgEventstore.DeactivateIDPConfig(ctx, authz.GetCtxData(ctx).OrgID, idpConfigID)
}
func (repo *OrgRepository) ReactivateIDPConfig(ctx context.Context, idpConfigID string) (*iam_model.IDPConfig, error) {
return repo.OrgEventstore.ReactivateIDPConfig(ctx, authz.GetCtxData(ctx).OrgID, idpConfigID)
}
func (repo *OrgRepository) RemoveIDPConfig(ctx context.Context, idpConfigID string) error {
aggregates := make([]*es_models.Aggregate, 0)
idp := iam_model.NewIDPConfig(authz.GetCtxData(ctx).OrgID, idpConfigID)
_, agg, err := repo.OrgEventstore.PrepareRemoveIDPConfig(ctx, idp)
if err != nil {
}
aggregates = append(aggregates, agg)
externalIDPs, err := repo.View.ExternalIDPsByIDPConfigID(idpConfigID)
if err != nil {
return err
}
for _, externalIDP := range externalIDPs {
idpRemove := &usr_model.ExternalIDP{ObjectRoot: es_models.ObjectRoot{AggregateID: externalIDP.UserID}, IDPConfigID: externalIDP.IDPConfigID, UserID: externalIDP.ExternalUserID}
idpAgg := make([]*es_models.Aggregate, 0)
_, idpAgg, err = repo.UserEvents.PrepareRemoveExternalIDP(ctx, idpRemove, true)
if err != nil {
return err
}
aggregates = append(aggregates, idpAgg...)
}
return sdk.PushAggregates(ctx, repo.Eventstore.PushAggregates, nil, aggregates...)
}
func (repo *OrgRepository) ChangeOIDCIDPConfig(ctx context.Context, oidcConfig *iam_model.OIDCIDPConfig) (*iam_model.OIDCIDPConfig, error) {
oidcConfig.AggregateID = authz.GetCtxData(ctx).OrgID
return repo.OrgEventstore.ChangeIDPOIDCConfig(ctx, oidcConfig)
}
func (repo *OrgRepository) SearchIDPConfigs(ctx context.Context, request *iam_model.IDPConfigSearchRequest) (*iam_model.IDPConfigSearchResponse, error) {
request.EnsureLimit(repo.SearchLimit)
@@ -327,16 +196,6 @@ func (repo *OrgRepository) GetLabelPolicy(ctx context.Context) (*iam_model.Label
return iam_es_model.LabelPolicyViewToModel(policy), err
}
func (repo *OrgRepository) AddLabelPolicy(ctx context.Context, policy *iam_model.LabelPolicy) (*iam_model.LabelPolicy, error) {
policy.AggregateID = authz.GetCtxData(ctx).OrgID
return repo.OrgEventstore.AddLabelPolicy(ctx, policy)
}
func (repo *OrgRepository) ChangeLabelPolicy(ctx context.Context, policy *iam_model.LabelPolicy) (*iam_model.LabelPolicy, error) {
policy.AggregateID = authz.GetCtxData(ctx).OrgID
return repo.OrgEventstore.ChangeLabelPolicy(ctx, policy)
}
func (repo *OrgRepository) GetLoginPolicy(ctx context.Context) (*iam_model.LoginPolicyView, error) {
policy, viewErr := repo.View.LoginPolicyByAggregateID(authz.GetCtxData(ctx).OrgID)
if viewErr != nil && !errors.IsNotFound(viewErr) {
@@ -396,23 +255,6 @@ func (repo *OrgRepository) GetDefaultLoginPolicy(ctx context.Context) (*iam_mode
return iam_es_model.LoginPolicyViewToModel(policy), nil
}
func (repo *OrgRepository) AddLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) {
policy.AggregateID = authz.GetCtxData(ctx).OrgID
return repo.OrgEventstore.AddLoginPolicy(ctx, policy)
}
func (repo *OrgRepository) ChangeLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) {
policy.AggregateID = authz.GetCtxData(ctx).OrgID
return repo.OrgEventstore.ChangeLoginPolicy(ctx, policy)
}
func (repo *OrgRepository) RemoveLoginPolicy(ctx context.Context) error {
policy := &iam_model.LoginPolicy{ObjectRoot: models.ObjectRoot{
AggregateID: authz.GetCtxData(ctx).OrgID,
}}
return repo.OrgEventstore.RemoveLoginPolicy(ctx, policy)
}
func (repo *OrgRepository) SearchIDPProviders(ctx context.Context, request *iam_model.IDPProviderSearchRequest) (*iam_model.IDPProviderSearchResponse, error) {
policy, err := repo.View.LoginPolicyByAggregateID(authz.GetCtxData(ctx).OrgID)
if err != nil {
@@ -443,35 +285,6 @@ func (repo *OrgRepository) SearchIDPProviders(ctx context.Context, request *iam_
return result, nil
}
func (repo *OrgRepository) AddIDPProviderToLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) (*iam_model.IDPProvider, error) {
provider.AggregateID = authz.GetCtxData(ctx).OrgID
return repo.OrgEventstore.AddIDPProviderToLoginPolicy(ctx, provider)
}
func (repo *OrgRepository) RemoveIDPProviderFromIdpProvider(ctx context.Context, provider *iam_model.IDPProvider) error {
aggregates := make([]*es_models.Aggregate, 0)
provider.AggregateID = authz.GetCtxData(ctx).OrgID
_, agg, err := repo.OrgEventstore.PrepareRemoveIDPProviderFromLoginPolicy(ctx, provider, false)
if err != nil {
return err
}
aggregates = append(aggregates, agg)
externalIDPs, err := repo.View.ExternalIDPsByIDPConfigID(provider.IDPConfigID)
if err != nil {
return err
}
for _, externalIDP := range externalIDPs {
idpRemove := &usr_model.ExternalIDP{ObjectRoot: es_models.ObjectRoot{AggregateID: externalIDP.UserID}, IDPConfigID: externalIDP.IDPConfigID, UserID: externalIDP.ExternalUserID}
idpAgg := make([]*es_models.Aggregate, 0)
_, idpAgg, err = repo.UserEvents.PrepareRemoveExternalIDP(ctx, idpRemove, true)
if err != nil {
return err
}
aggregates = append(aggregates, idpAgg...)
}
return sdk.PushAggregates(ctx, repo.Eventstore.PushAggregates, nil, aggregates...)
}
func (repo *OrgRepository) SearchSecondFactors(ctx context.Context) (*iam_model.SecondFactorsSearchResponse, error) {
policy, err := repo.GetLoginPolicy(ctx)
if err != nil {
@@ -483,14 +296,6 @@ func (repo *OrgRepository) SearchSecondFactors(ctx context.Context) (*iam_model.
}, nil
}
func (repo *OrgRepository) AddSecondFactorToLoginPolicy(ctx context.Context, mfa iam_model.SecondFactorType) (iam_model.SecondFactorType, error) {
return repo.OrgEventstore.AddSecondFactorToLoginPolicy(ctx, authz.GetCtxData(ctx).OrgID, mfa)
}
func (repo *OrgRepository) RemoveSecondFactorFromLoginPolicy(ctx context.Context, mfa iam_model.SecondFactorType) error {
return repo.OrgEventstore.RemoveSecondFactorFromLoginPolicy(ctx, authz.GetCtxData(ctx).OrgID, mfa)
}
func (repo *OrgRepository) SearchMultiFactors(ctx context.Context) (*iam_model.MultiFactorsSearchResponse, error) {
policy, err := repo.GetLoginPolicy(ctx)
if err != nil {
@@ -502,14 +307,6 @@ func (repo *OrgRepository) SearchMultiFactors(ctx context.Context) (*iam_model.M
}, nil
}
func (repo *OrgRepository) AddMultiFactorToLoginPolicy(ctx context.Context, mfa iam_model.MultiFactorType) (iam_model.MultiFactorType, error) {
return repo.OrgEventstore.AddMultiFactorToLoginPolicy(ctx, authz.GetCtxData(ctx).OrgID, mfa)
}
func (repo *OrgRepository) RemoveMultiFactorFromLoginPolicy(ctx context.Context, mfa iam_model.MultiFactorType) error {
return repo.OrgEventstore.RemoveMultiFactorFromLoginPolicy(ctx, authz.GetCtxData(ctx).OrgID, mfa)
}
func (repo *OrgRepository) GetPasswordComplexityPolicy(ctx context.Context) (*iam_model.PasswordComplexityPolicyView, error) {
policy, viewErr := repo.View.PasswordComplexityPolicyByAggregateID(authz.GetCtxData(ctx).OrgID)
if viewErr != nil && !errors.IsNotFound(viewErr) {
@@ -561,23 +358,6 @@ func (repo *OrgRepository) GetDefaultPasswordComplexityPolicy(ctx context.Contex
return iam_es_model.PasswordComplexityViewToModel(policy), nil
}
func (repo *OrgRepository) AddPasswordComplexityPolicy(ctx context.Context, policy *iam_model.PasswordComplexityPolicy) (*iam_model.PasswordComplexityPolicy, error) {
policy.AggregateID = authz.GetCtxData(ctx).OrgID
return repo.OrgEventstore.AddPasswordComplexityPolicy(ctx, policy)
}
func (repo *OrgRepository) ChangePasswordComplexityPolicy(ctx context.Context, policy *iam_model.PasswordComplexityPolicy) (*iam_model.PasswordComplexityPolicy, error) {
policy.AggregateID = authz.GetCtxData(ctx).OrgID
return repo.OrgEventstore.ChangePasswordComplexityPolicy(ctx, policy)
}
func (repo *OrgRepository) RemovePasswordComplexityPolicy(ctx context.Context) error {
policy := &iam_model.PasswordComplexityPolicy{ObjectRoot: models.ObjectRoot{
AggregateID: authz.GetCtxData(ctx).OrgID,
}}
return repo.OrgEventstore.RemovePasswordComplexityPolicy(ctx, policy)
}
func (repo *OrgRepository) GetPasswordAgePolicy(ctx context.Context) (*iam_model.PasswordAgePolicyView, error) {
policy, viewErr := repo.View.PasswordAgePolicyByAggregateID(authz.GetCtxData(ctx).OrgID)
if viewErr != nil && !errors.IsNotFound(viewErr) {
@@ -629,23 +409,6 @@ func (repo *OrgRepository) GetDefaultPasswordAgePolicy(ctx context.Context) (*ia
return iam_es_model.PasswordAgeViewToModel(policy), nil
}
func (repo *OrgRepository) AddPasswordAgePolicy(ctx context.Context, policy *iam_model.PasswordAgePolicy) (*iam_model.PasswordAgePolicy, error) {
policy.AggregateID = authz.GetCtxData(ctx).OrgID
return repo.OrgEventstore.AddPasswordAgePolicy(ctx, policy)
}
func (repo *OrgRepository) ChangePasswordAgePolicy(ctx context.Context, policy *iam_model.PasswordAgePolicy) (*iam_model.PasswordAgePolicy, error) {
policy.AggregateID = authz.GetCtxData(ctx).OrgID
return repo.OrgEventstore.ChangePasswordAgePolicy(ctx, policy)
}
func (repo *OrgRepository) RemovePasswordAgePolicy(ctx context.Context) error {
policy := &iam_model.PasswordAgePolicy{ObjectRoot: models.ObjectRoot{
AggregateID: authz.GetCtxData(ctx).OrgID,
}}
return repo.OrgEventstore.RemovePasswordAgePolicy(ctx, policy)
}
func (repo *OrgRepository) GetPasswordLockoutPolicy(ctx context.Context) (*iam_model.PasswordLockoutPolicyView, error) {
policy, viewErr := repo.View.PasswordLockoutPolicyByAggregateID(authz.GetCtxData(ctx).OrgID)
if viewErr != nil && !errors.IsNotFound(viewErr) {
@@ -697,23 +460,6 @@ func (repo *OrgRepository) GetDefaultPasswordLockoutPolicy(ctx context.Context)
return iam_es_model.PasswordLockoutViewToModel(policy), nil
}
func (repo *OrgRepository) AddPasswordLockoutPolicy(ctx context.Context, policy *iam_model.PasswordLockoutPolicy) (*iam_model.PasswordLockoutPolicy, error) {
policy.AggregateID = authz.GetCtxData(ctx).OrgID
return repo.OrgEventstore.AddPasswordLockoutPolicy(ctx, policy)
}
func (repo *OrgRepository) ChangePasswordLockoutPolicy(ctx context.Context, policy *iam_model.PasswordLockoutPolicy) (*iam_model.PasswordLockoutPolicy, error) {
policy.AggregateID = authz.GetCtxData(ctx).OrgID
return repo.OrgEventstore.ChangePasswordLockoutPolicy(ctx, policy)
}
func (repo *OrgRepository) RemovePasswordLockoutPolicy(ctx context.Context) error {
policy := &iam_model.PasswordLockoutPolicy{ObjectRoot: models.ObjectRoot{
AggregateID: authz.GetCtxData(ctx).OrgID,
}}
return repo.OrgEventstore.RemovePasswordLockoutPolicy(ctx, policy)
}
func (repo *OrgRepository) GetDefaultMailTemplate(ctx context.Context) (*iam_model.MailTemplateView, error) {
template, err := repo.View.MailTemplateByAggregateID(repo.SystemDefaults.IamID)
if err != nil {
@@ -761,18 +507,3 @@ func (repo *OrgRepository) GetMailTexts(ctx context.Context) (*iam_model.MailTex
}
return iam_es_model.MailTextsViewToModel(texts, defaultIn), err
}
func (repo *OrgRepository) AddMailText(ctx context.Context, text *iam_model.MailText) (*iam_model.MailText, error) {
text.AggregateID = authz.GetCtxData(ctx).OrgID
return repo.OrgEventstore.AddMailText(ctx, text)
}
func (repo *OrgRepository) ChangeMailText(ctx context.Context, text *iam_model.MailText) (*iam_model.MailText, error) {
text.AggregateID = authz.GetCtxData(ctx).OrgID
return repo.OrgEventstore.ChangeMailText(ctx, text)
}
func (repo *OrgRepository) RemoveMailText(ctx context.Context, text *iam_model.MailText) error {
text.AggregateID = authz.GetCtxData(ctx).OrgID
return repo.OrgEventstore.RemoveMailText(ctx, text)
}

24
internal/management/repository/eventsourcing/eventstore/project.go
View File

@@ -18,19 +18,17 @@ import (
proj_event "github.com/caos/zitadel/internal/project/repository/eventsourcing"
"github.com/caos/zitadel/internal/project/repository/view/model"
usr_event "github.com/caos/zitadel/internal/user/repository/eventsourcing"
usr_grant_event "github.com/caos/zitadel/internal/usergrant/repository/eventsourcing"
)
type ProjectRepo struct {
es_int.Eventstore
SearchLimit uint64
ProjectEvents *proj_event.ProjectEventstore
UserGrantEvents *usr_grant_event.UserGrantEventStore
UserEvents *usr_event.UserEventstore
IAMEvents *iam_event.IAMEventstore
View *view.View
Roles []string
IAMID string
SearchLimit uint64
ProjectEvents *proj_event.ProjectEventstore
UserEvents *usr_event.UserEventstore
IAMEvents *iam_event.IAMEventstore
View *view.View
Roles []string
IAMID string
}
func (repo *ProjectRepo) ProjectByID(ctx context.Context, id string) (*proj_model.ProjectView, error) {
@@ -332,18 +330,10 @@ func (repo *ProjectRepo) RemoveClientKey(ctx context.Context, projectID, applica
return repo.ProjectEvents.RemoveApplicationKey(ctx, projectID, applicationID, keyID)
}
func (repo *ProjectRepo) ChangeOIDCConfig(ctx context.Context, config *proj_model.OIDCConfig) (*proj_model.OIDCConfig, error) {
return repo.ProjectEvents.ChangeOIDCConfig(ctx, config)
}
func (repo *ProjectRepo) ChangeAPIConfig(ctx context.Context, config *proj_model.APIConfig) (*proj_model.APIConfig, error) {
return repo.ProjectEvents.ChangeAPIConfig(ctx, config)
}
func (repo *ProjectRepo) ChangeOIDConfigSecret(ctx context.Context, projectID, appID string) (*proj_model.OIDCConfig, error) {
return repo.ProjectEvents.ChangeOIDCConfigSecret(ctx, projectID, appID)
}
func (repo *ProjectRepo) ChangeAPIConfigSecret(ctx context.Context, projectID, appID string) (*proj_model.APIConfig, error) {
return repo.ProjectEvents.ChangeAPIConfigSecret(ctx, projectID, appID)
}

12
internal/management/repository/eventsourcing/eventstore/user.go
View File

@@ -18,18 +18,16 @@ import (
usr_model "github.com/caos/zitadel/internal/user/model"
usr_event "github.com/caos/zitadel/internal/user/repository/eventsourcing"
"github.com/caos/zitadel/internal/user/repository/view/model"
usr_grant_event "github.com/caos/zitadel/internal/usergrant/repository/eventsourcing"
"github.com/caos/zitadel/internal/view/repository"
)
type UserRepo struct {
es_int.Eventstore
SearchLimit uint64
UserEvents *usr_event.UserEventstore
OrgEvents *org_event.OrgEventstore
UserGrantEvents *usr_grant_event.UserGrantEventStore
View *view.View
SystemDefaults systemdefaults.SystemDefaults
SearchLimit uint64
UserEvents *usr_event.UserEventstore
OrgEvents *org_event.OrgEventstore
View *view.View
SystemDefaults systemdefaults.SystemDefaults
}
func (repo *UserRepo) UserByID(ctx context.Context, id string) (*usr_model.UserView, error) {

6
internal/management/repository/eventsourcing/eventstore/user_grant.go
View File

@@ -8,15 +8,13 @@ import (
"github.com/caos/zitadel/internal/management/repository/eventsourcing/view"
global_model "github.com/caos/zitadel/internal/model"
grant_model "github.com/caos/zitadel/internal/usergrant/model"
grant_event "github.com/caos/zitadel/internal/usergrant/repository/eventsourcing"
"github.com/caos/zitadel/internal/usergrant/repository/view/model"
"github.com/caos/zitadel/internal/view/repository"
)
type UserGrantRepo struct {
SearchLimit uint64
UserGrantEvents *grant_event.UserGrantEventStore
View *view.View
SearchLimit uint64
View *view.View
}
func (repo *UserGrantRepo) UserGrantByID(ctx context.Context, grantID string) (*grant_model.UserGrantView, error) {

11
internal/management/repository/eventsourcing/repository.go
View File

@@ -17,7 +17,6 @@ import (
es_org "github.com/caos/zitadel/internal/org/repository/eventsourcing"
es_proj "github.com/caos/zitadel/internal/project/repository/eventsourcing"
es_usr "github.com/caos/zitadel/internal/user/repository/eventsourcing"
es_grant "github.com/caos/zitadel/internal/usergrant/repository/eventsourcing"
)
type Config struct {
@@ -68,10 +67,6 @@ func Start(conf Config, systemDefaults sd.SystemDefaults, roles []string) (*EsRe
if err != nil {
return nil, err
}
usergrant, err := es_grant.StartUserGrant(es_grant.UserGrantConfig{
Eventstore: es,
Cache: conf.Eventstore.Cache,
})
if err != nil {
return nil, err
}
@@ -94,9 +89,9 @@ func Start(conf Config, systemDefaults sd.SystemDefaults, roles []string) (*EsRe
return &EsRepository{
spooler: spool,
OrgRepository: eventstore.OrgRepository{conf.SearchLimit, org, user, iam, view, roles, systemDefaults},
ProjectRepo: eventstore.ProjectRepo{es, conf.SearchLimit, project, usergrant, user, iam, view, roles, systemDefaults.IamID},
UserRepo: eventstore.UserRepo{es, conf.SearchLimit, user, org, usergrant, view, systemDefaults},
UserGrantRepo: eventstore.UserGrantRepo{conf.SearchLimit, usergrant, view},
ProjectRepo: eventstore.ProjectRepo{es, conf.SearchLimit, project, user, iam, view, roles, systemDefaults.IamID},
UserRepo: eventstore.UserRepo{es, conf.SearchLimit, user, org, view, systemDefaults},
UserGrantRepo: eventstore.UserGrantRepo{conf.SearchLimit, view},
IAMRepository: eventstore.IAMRepository{
IAMV2Query: iamV2Query,
},

3
internal/management/repository/org.go
View File

@@ -45,7 +45,4 @@ type OrgRepository interface {
GetDefaultMailTexts(ctx context.Context) (*iam_model.MailTextsView, error)
GetMailTexts(ctx context.Context) (*iam_model.MailTextsView, error)
AddMailText(ctx context.Context, mailText *iam_model.MailText) (*iam_model.MailText, error)
ChangeMailText(ctx context.Context, mailText *iam_model.MailText) (*iam_model.MailText, error)
RemoveMailText(ctx context.Context, mailText *iam_model.MailText) error
}

1
internal/management/repository/project.go
View File

@@ -26,7 +26,6 @@ type ProjectRepository interface {
ApplicationByID(ctx context.Context, projectID, appID string) (*model.ApplicationView, error)
AddApplication(ctx context.Context, app *model.Application) (*model.Application, error)
ChangeAPIConfig(ctx context.Context, config *model.APIConfig) (*model.APIConfig, error)
ChangeOIDConfigSecret(ctx context.Context, projectID, appID string) (*model.OIDCConfig, error)
ChangeAPIConfigSecret(ctx context.Context, projectID, appID string) (*model.APIConfig, error)
SearchApplications(ctx context.Context, request *model.ApplicationSearchRequest) (*model.ApplicationSearchResponse, error)
ApplicationChanges(ctx context.Context, id string, secId string, lastSequence uint64, limit uint64, sortAscending bool) (*model.ApplicationChanges, error)

1082
internal/org/repository/eventsourcing/eventstore.go
View File

File diff suppressed because it is too large Load Diff

222
internal/org/repository/eventsourcing/eventstore_mock_test.go
View File

@@ -1,222 +0,0 @@
package eventsourcing
import (
"encoding/json"
"github.com/caos/zitadel/internal/crypto"
iam_model "github.com/caos/zitadel/internal/iam/model"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/id"
"github.com/caos/zitadel/internal/eventstore/mock"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
repo_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
"github.com/golang/mock/gomock"
)
func GetMockedEventstore(ctrl *gomock.Controller, mockEs *mock.MockEventstore) *OrgEventstore {
return &OrgEventstore{
Eventstore: mockEs,
idGenerator: GetSonyFlake(),
}
}
func GetMockedEventstoreWithCrypto(ctrl *gomock.Controller, mockEs *mock.MockEventstore) *OrgEventstore {
return &OrgEventstore{
Eventstore: mockEs,
idGenerator: GetSonyFlake(),
secretCrypto: crypto.NewBCrypt(10),
}
}
func GetSonyFlake() id.Generator {
return id.SonyFlakeGenerator
}
func GetMockChangesOrgOK(ctrl *gomock.Controller) *OrgEventstore {
org := model.Org{
Name: "MusterOrg",
}
data, err := json.Marshal(org)
if err != nil {
}
events := []*es_models.Event{
{AggregateID: "AggregateID", Sequence: 1, AggregateType: repo_model.OrgAggregate, Data: data},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockChangesOrgNoEvents(ctrl *gomock.Controller) *OrgEventstore {
events := []*es_models.Event{}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockChangesOrgWithCrypto(ctrl *gomock.Controller) *OrgEventstore {
org := model.Org{
Name: "MusterOrg",
}
data, _ := json.Marshal(org)
events := []*es_models.Event{
{AggregateID: "AggregateID", Sequence: 1, Type: model.OrgAdded, Data: data},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstoreWithCrypto(ctrl, mockEs)
}
func GetMockChangesOrgWithOIDCIdp(ctrl *gomock.Controller) *OrgEventstore {
orgData, _ := json.Marshal(model.Org{Name: "MusterOrg"})
idpData, _ := json.Marshal(iam_es_model.IDPConfig{IDPConfigID: "IDPConfigID", Name: "Name"})
oidcData, _ := json.Marshal(iam_es_model.OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"})
events := []*es_models.Event{
{AggregateID: "AggregateID", Sequence: 1, Type: model.OrgAdded, Data: orgData},
{AggregateID: "AggregateID", Sequence: 1, Type: model.IDPConfigAdded, Data: idpData},
{AggregateID: "AggregateID", Sequence: 1, Type: model.OIDCIDPConfigAdded, Data: oidcData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockChangesOrgWithLoginPolicy(ctrl *gomock.Controller) *OrgEventstore {
orgData, _ := json.Marshal(model.Org{Name: "MusterOrg"})
loginPolicy, _ := json.Marshal(iam_es_model.LoginPolicy{AllowRegister: true, AllowExternalIdp: true, AllowUsernamePassword: true})
idpData, _ := json.Marshal(iam_es_model.IDPProvider{IDPConfigID: "IDPConfigID", Type: int32(iam_model.IDPProviderTypeSystem)})
events := []*es_models.Event{
{AggregateID: "AggregateID", Sequence: 1, Type: model.OrgAdded, Data: orgData},
{AggregateID: "AggregateID", Sequence: 1, Type: model.LoginPolicyAdded, Data: loginPolicy},
{AggregateID: "AggregateID", Sequence: 1, Type: model.LoginPolicyIDPProviderAdded, Data: idpData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockChangesOrgWithLoginPolicyWithMFA(ctrl *gomock.Controller) *OrgEventstore {
orgData, _ := json.Marshal(model.Org{Name: "MusterOrg"})
loginPolicy, _ := json.Marshal(iam_es_model.LoginPolicy{AllowRegister: true, AllowExternalIdp: true, AllowUsernamePassword: true})
idpData, _ := json.Marshal(iam_es_model.IDPProvider{IDPConfigID: "IDPConfigID", Type: int32(iam_model.IDPProviderTypeSystem)})
secondFactor, _ := json.Marshal(iam_es_model.MFA{MFAType: int32(iam_model.SecondFactorTypeOTP)})
multiFactor, _ := json.Marshal(iam_es_model.MFA{MFAType: int32(iam_model.MultiFactorTypeU2FWithPIN)})
events := []*es_models.Event{
{AggregateID: "AggregateID", Sequence: 1, Type: model.OrgAdded, Data: orgData},
{AggregateID: "AggregateID", Sequence: 1, Type: model.LoginPolicyAdded, Data: loginPolicy},
{AggregateID: "AggregateID", Sequence: 1, Type: model.LoginPolicyIDPProviderAdded, Data: idpData},
{AggregateID: "AggregateID", Sequence: 1, Type: model.LoginPolicySecondFactorAdded, Data: secondFactor},
{AggregateID: "AggregateID", Sequence: 1, Type: model.LoginPolicyMultiFactorAdded, Data: multiFactor},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockChangesOrgWithPasswordComplexityPolicy(ctrl *gomock.Controller) *OrgEventstore {
orgData, _ := json.Marshal(model.Org{Name: "MusterOrg"})
passwordComplexityPolicy, _ := json.Marshal(iam_es_model.PasswordComplexityPolicy{
MinLength: 10,
HasLowercase: true,
HasUppercase: true,
HasSymbol: true,
HasNumber: true,
})
events := []*es_models.Event{
{AggregateID: "AggregateID", Sequence: 1, Type: model.OrgAdded, Data: orgData},
{AggregateID: "AggregateID", Sequence: 1, Type: model.PasswordComplexityPolicyAdded, Data: passwordComplexityPolicy},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockChangesOrgWithPasswordLockoutPolicy(ctrl *gomock.Controller) *OrgEventstore {
orgData, _ := json.Marshal(model.Org{Name: "MusterOrg"})
passwordLockoutPolicy, _ := json.Marshal(iam_es_model.PasswordLockoutPolicy{
MaxAttempts: 10,
ShowLockOutFailures: true,
})
events := []*es_models.Event{
{AggregateID: "AggregateID", Sequence: 1, Type: model.OrgAdded, Data: orgData},
{AggregateID: "AggregateID", Sequence: 1, Type: model.PasswordLockoutPolicyAdded, Data: passwordLockoutPolicy},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockChangesOrgWithPasswordAgePolicy(ctrl *gomock.Controller) *OrgEventstore {
orgData, _ := json.Marshal(model.Org{Name: "MusterOrg"})
passwordAgePolicy, _ := json.Marshal(iam_es_model.PasswordAgePolicy{
MaxAgeDays: 10,
ExpireWarnDays: 10,
})
events := []*es_models.Event{
{AggregateID: "AggregateID", Sequence: 1, Type: model.OrgAdded, Data: orgData},
{AggregateID: "AggregateID", Sequence: 1, Type: model.PasswordAgePolicyAdded, Data: passwordAgePolicy},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockChangesOrgWithLabelPolicy(ctrl *gomock.Controller) *OrgEventstore {
orgData, _ := json.Marshal(model.Org{Name: "MusterOrg"})
labelPolicy, _ := json.Marshal(iam_es_model.LabelPolicy{PrimaryColor: "000001", SecondaryColor: "FFFFF1"})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.OrgAdded, Data: orgData},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.LabelPolicyAdded, Data: labelPolicy},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockChangesOrgWithMailTemplate(ctrl *gomock.Controller) *OrgEventstore {
orgData, _ := json.Marshal(model.Org{Name: "MusterOrg"})
mailTemplate, _ := json.Marshal(iam_es_model.MailTemplate{Template: []byte("<!doctype htm>")})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.OrgAdded, Data: orgData},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.MailTemplateAdded, Data: mailTemplate},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockChangesOrgWithMailText(ctrl *gomock.Controller) *OrgEventstore {
orgData, _ := json.Marshal(model.Org{Name: "MusterOrg"})
mailText, _ := json.Marshal(iam_es_model.MailText{MailTextType: "Type", Language: "DE"})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.OrgAdded, Data: orgData},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.MailTextAdded, Data: mailText},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}

4322
internal/org/repository/eventsourcing/eventstore_test.go
View File

File diff suppressed because it is too large Load Diff

77
internal/org/repository/eventsourcing/label_policy.go
View File

@@ -1,77 +0,0 @@
package eventsourcing
import (
"context"
"github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/models"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
func LabelPolicyAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, policy *iam_es_model.LabelPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-TUWod", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.OrgAggregate).
AggregateIDFilter(existing.AggregateID)
validation := checkExistingLabelPolicyValidation()
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.LabelPolicyAdded, policy)
}
}
func LabelPolicyChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, policy *iam_es_model.LabelPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-unRI2", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
changes := existing.LabelPolicy.Changes(policy)
if len(changes) == 0 {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Tz130", "Errors.NoChangesFound")
}
return agg.AppendEvent(model.LabelPolicyChanged, changes)
}
}
func LabelPolicyRemovedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if existing == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-v7E9b", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.LabelPolicyRemoved, nil)
}
}
func checkExistingLabelPolicyValidation() func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
existing := false
for _, event := range events {
switch event.Type {
case model.LabelPolicyAdded:
existing = true
case model.LabelPolicyRemoved:
existing = false
}
}
if existing {
return errors.ThrowPreconditionFailed(nil, "EVENT-g9mCI", "Errors.Org.LabelPolicy.AlreadyExists")
}
return nil
}
}

186
internal/org/repository/eventsourcing/label_policy_test.go
View File

@@ -1,186 +0,0 @@
package eventsourcing
import (
"context"
"testing"
"github.com/caos/zitadel/internal/api/authz"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
func TestLabelPolicyAddedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.LabelPolicy
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add label policy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
},
new: &iam_es_model.LabelPolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
PrimaryColor: "000000",
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.LabelPolicyAdded},
},
},
{
name: "existing org nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "label policy config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
new: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := LabelPolicyAddedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestLabelPolicyChangedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.LabelPolicy
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "change label policy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
LabelPolicy: &iam_es_model.LabelPolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
},
},
new: &iam_es_model.LabelPolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
PrimaryColor: "000000",
SecondaryColor: "FFFFFF",
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.LabelPolicyChanged},
},
},
{
name: "existing org nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "label policy config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
new: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := LabelPolicyChangedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}

331
internal/org/repository/eventsourcing/login_policy.go
View File

@@ -1,331 +0,0 @@
package eventsourcing
import (
"context"
"github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
func LoginPolicyAddedAggregate(aggCreator *es_models.AggregateCreator, org *model.Org, policy *iam_es_model.LoginPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Smla8", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, org.AggregateID, org.Sequence)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.OrgAggregate).
AggregateIDFilter(org.AggregateID)
validation := checkExistingLoginPolicyValidation()
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.LoginPolicyAdded, policy)
}
}
func LoginPolicyChangedAggregate(aggCreator *es_models.AggregateCreator, org *model.Org, policy *iam_es_model.LoginPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Mlco9", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, org.AggregateID, org.Sequence)
if err != nil {
return nil, err
}
changes := org.LoginPolicy.Changes(policy)
if len(changes) == 0 {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Smk8d", "Errors.NoChangesFound")
}
return agg.AppendEvent(model.LoginPolicyChanged, changes)
}
}
func LoginPolicyRemovedAggregate(aggCreator *es_models.AggregateCreator, org *model.Org) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if org == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-S8sio", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, org.AggregateID, org.Sequence)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.LoginPolicyRemoved, nil)
}
}
func LoginPolicyIDPProviderAddedAggregate(aggCreator *es_models.AggregateCreator, org *model.Org, provider *iam_es_model.IDPProvider, iamID string) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if provider == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Sml9d", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, org.AggregateID, org.Sequence)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.OrgAggregate, iam_es_model.IAMAggregate).
AggregateIDsFilter(org.AggregateID, iamID)
validation := checkExistingLoginPolicyIDPProviderValidation(provider)
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.LoginPolicyIDPProviderAdded, provider)
}
}
func LoginPolicyIDPProviderRemovedAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, org *model.Org, provider *iam_es_model.IDPProviderID, cascade bool) (*es_models.Aggregate, error) {
if provider == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Sml9d", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, org.AggregateID, org.Sequence)
if err != nil {
return nil, err
}
eventType := model.LoginPolicyIDPProviderRemoved
if cascade {
eventType = model.LoginPolicyIDPProviderCascadeRemoved
}
return agg.AppendEvent(eventType, provider)
}
func LoginPolicySecondFactorAddedAggregate(aggCreator *es_models.AggregateCreator, org *model.Org, mfa *iam_es_model.MFA, iamID string) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if mfa == nil || org == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-5Gk9s", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, org.AggregateID, org.Sequence)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.OrgAggregate).
AggregateIDsFilter(org.AggregateID)
validation := checkExistingLoginPolicySecondFactorValidation(mfa.MFAType)
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.LoginPolicySecondFactorAdded, mfa)
}
}
func LoginPolicySecondFactorRemovedAggregate(aggCreator *es_models.AggregateCreator, org *model.Org, mfa *iam_es_model.MFA) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if mfa == nil || org == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Sml9d", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, org.AggregateID, org.Sequence)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.LoginPolicySecondFactorRemoved, mfa)
}
}
func LoginPolicyMultiFactorAddedAggregate(aggCreator *es_models.AggregateCreator, org *model.Org, mfa *iam_es_model.MFA, iamID string) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if mfa == nil || org == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-4Bm9s", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, org.AggregateID, org.Sequence)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.OrgAggregate).
AggregateIDsFilter(org.AggregateID)
validation := checkExistingLoginPolicyMultiFactorValidation(mfa.MFAType)
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.LoginPolicyMultiFactorAdded, mfa)
}
}
func LoginPolicyMultiFactorRemovedAggregate(aggCreator *es_models.AggregateCreator, org *model.Org, mfa *iam_es_model.MFA) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if mfa == nil || org == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-6Nm9s", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, org.AggregateID, org.Sequence)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.LoginPolicyMultiFactorRemoved, mfa)
}
}
func checkExistingLoginPolicyValidation() func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
existing := false
for _, event := range events {
switch event.Type {
case model.LoginPolicyAdded:
existing = true
case model.LoginPolicyRemoved:
existing = false
}
}
if existing {
return errors.ThrowPreconditionFailed(nil, "EVENT-Nsh8u", "Errors.Org.LoginPolicy.AlreadyExists")
}
return nil
}
}
func checkExistingLoginPolicyIDPProviderValidation(idpProvider *iam_es_model.IDPProvider) func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
idpConfigs := make([]*iam_es_model.IDPConfig, 0)
idps := make([]*iam_es_model.IDPProvider, 0)
for _, event := range events {
switch event.Type {
case model.IDPConfigAdded, iam_es_model.IDPConfigAdded:
config := new(iam_es_model.IDPConfig)
err := config.SetData(event)
if err != nil {
return err
}
idpConfigs = append(idpConfigs, config)
if event.AggregateType == model.OrgAggregate {
config.Type = int32(iam_model.IDPProviderTypeOrg)
} else {
config.Type = int32(iam_model.IDPProviderTypeSystem)
}
case model.IDPConfigRemoved, iam_es_model.IDPConfigRemoved:
config := new(iam_es_model.IDPConfig)
err := config.SetData(event)
if err != nil {
return err
}
for i := len(idpConfigs) - 1; i >= 0; i-- {
if idpConfigs[i].IDPConfigID == config.IDPConfigID {
idpConfigs[i] = idpConfigs[len(idpConfigs)-1]
idpConfigs[len(idpConfigs)-1] = nil
idpConfigs = idpConfigs[:len(idpConfigs)-1]
break
}
}
case model.LoginPolicyIDPProviderAdded:
idp := new(iam_es_model.IDPProvider)
err := idp.SetData(event)
if err != nil {
return err
}
idps = append(idps, idp)
case model.LoginPolicyIDPProviderRemoved, model.LoginPolicyIDPProviderCascadeRemoved:
idp := new(iam_es_model.IDPProvider)
err := idp.SetData(event)
if err != nil {
return err
}
for i := len(idps) - 1; i >= 0; i-- {
if idps[i].IDPConfigID == idp.IDPConfigID {
idps[i] = idps[len(idps)-1]
idps[len(idps)-1] = nil
idps = idps[:len(idps)-1]
break
}
}
case model.LoginPolicyRemoved:
idps = make([]*iam_es_model.IDPProvider, 0)
}
}
exists := false
for _, p := range idpConfigs {
if p.IDPConfigID == idpProvider.IDPConfigID && p.Type == idpProvider.Type {
exists = true
}
}
if !exists {
return errors.ThrowPreconditionFailed(nil, "EVENT-Djlo9", "Errors.IAM.IdpNotExisting")
}
for _, p := range idps {
if p.IDPConfigID == idpProvider.IDPConfigID {
return errors.ThrowPreconditionFailed(nil, "EVENT-us5Zw", "Errors.Org.LoginPolicy.IdpProviderAlreadyExisting")
}
}
return nil
}
}
func checkExistingLoginPolicySecondFactorValidation(mfaType int32) func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
mfas := make([]int32, 0)
for _, event := range events {
switch event.Type {
case model.LoginPolicySecondFactorAdded:
mfa := new(iam_es_model.MFA)
err := mfa.SetData(event)
if err != nil {
return err
}
mfas = append(mfas, mfa.MFAType)
case model.LoginPolicySecondFactorRemoved:
idp := new(iam_es_model.IDPProvider)
err := idp.SetData(event)
if err != nil {
return err
}
for i := len(mfas) - 1; i >= 0; i-- {
if mfas[i] == mfaType {
mfas[i] = mfas[len(mfas)-1]
mfas[len(mfas)-1] = 0
mfas = mfas[:len(mfas)-1]
break
}
}
case model.LoginPolicyRemoved:
mfas = make([]int32, 0)
}
}
for _, m := range mfas {
if m == mfaType {
return errors.ThrowPreconditionFailed(nil, "EVENT-4Bo0sw", "Errors.Org.LoginPolicy.MFA.AlreadyExisting")
}
}
return nil
}
}
func checkExistingLoginPolicyMultiFactorValidation(mfaType int32) func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
mfas := make([]int32, 0)
for _, event := range events {
switch event.Type {
case model.LoginPolicyMultiFactorAdded:
mfa := new(iam_es_model.MFA)
err := mfa.SetData(event)
if err != nil {
return err
}
mfas = append(mfas, mfa.MFAType)
case model.LoginPolicyMultiFactorRemoved:
idp := new(iam_es_model.IDPProvider)
err := idp.SetData(event)
if err != nil {
return err
}
for i := len(mfas) - 1; i >= 0; i-- {
if mfas[i] == mfaType {
mfas[i] = mfas[len(mfas)-1]
mfas[len(mfas)-1] = 0
mfas = mfas[:len(mfas)-1]
break
}
}
case model.LoginPolicyRemoved:
mfas = make([]int32, 0)
}
}
for _, m := range mfas {
if m == mfaType {
return errors.ThrowPreconditionFailed(nil, "EVENT-4Bo0sw", "Errors.Org.LoginPolicy.MFA.AlreadyExisting")
}
}
return nil
}
}

793
internal/org/repository/eventsourcing/login_policy_test.go
View File

@@ -1,793 +0,0 @@
package eventsourcing
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
"testing"
)
func TestLoginPolicyAddedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.LoginPolicy
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add login polciy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
},
new: &iam_es_model.LoginPolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
AllowUsernamePassword: true,
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.LoginPolicyAdded},
},
},
{
name: "existing org nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "login policy config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
new: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := LoginPolicyAddedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
if tt.res.wantErr && !tt.res.errFunc(err) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
})
}
}
func TestLoginPolicyChangedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.LoginPolicy
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "change login policy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
LoginPolicy: &iam_es_model.LoginPolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
},
},
new: &iam_es_model.LoginPolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
AllowUsernamePassword: true,
AllowRegister: true,
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.LoginPolicyChanged},
},
},
{
name: "existing org nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "login policy config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
new: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := LoginPolicyChangedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
if tt.res.wantErr && !tt.res.errFunc(err) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
})
}
}
func TestLoginPolicyRemovedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "remove login policy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
LoginPolicy: &iam_es_model.LoginPolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
},
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.LoginPolicyRemoved},
},
},
{
name: "existing org nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := LoginPolicyRemovedAggregate(tt.args.aggCreator, tt.args.existing)(tt.args.ctx)
if tt.res.wantErr && !tt.res.errFunc(err) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
}
})
}
}
func TestLoginPolicyIdpProviderAddedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.IDPProvider
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add idp provider to login policy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
},
new: &iam_es_model.IDPProvider{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
Type: int32(iam_model.IDPProviderTypeSystem),
IDPConfigID: "IDPConfigID",
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.LoginPolicyIDPProviderAdded},
},
},
{
name: "existing org nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "idp config config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
new: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := LoginPolicyIDPProviderAddedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new, "iamID")(tt.args.ctx)
if tt.res.wantErr && !tt.res.errFunc(err) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
})
}
}
func TestLoginPolicyIdpProviderRemovedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.IDPProviderID
cascade bool
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "remove idp provider to login policy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
LoginPolicy: &iam_es_model.LoginPolicy{
AllowUsernamePassword: true,
IDPProviders: []*iam_es_model.IDPProvider{
{IDPConfigID: "IDPConfigID", Type: int32(iam_model.IDPProviderTypeSystem)},
},
}},
new: &iam_es_model.IDPProviderID{
IDPConfigID: "IDPConfigID",
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.LoginPolicyIDPProviderRemoved},
},
},
{
name: "remove idp provider to login policy cascade",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
LoginPolicy: &iam_es_model.LoginPolicy{
AllowUsernamePassword: true,
IDPProviders: []*iam_es_model.IDPProvider{
{IDPConfigID: "IDPConfigID", Type: int32(iam_model.IDPProviderTypeSystem)},
},
}},
new: &iam_es_model.IDPProviderID{
IDPConfigID: "IDPConfigID",
},
cascade: true,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.LoginPolicyIDPProviderCascadeRemoved},
},
},
{
name: "existing org nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "idp config config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
new: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := LoginPolicyIDPProviderRemovedAggregate(tt.args.ctx, tt.args.aggCreator, tt.args.existing, tt.args.new, tt.args.cascade)
if tt.res.wantErr && !tt.res.errFunc(err) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
})
}
}
func TestLoginPolicySecondFactorAddedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.MFA
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add second factor to login policy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
},
new: &iam_es_model.MFA{
MFAType: int32(iam_model.SecondFactorTypeOTP),
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.LoginPolicySecondFactorAdded},
},
},
{
name: "existing org nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "mfa nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
new: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := LoginPolicySecondFactorAddedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new, "iamID")(tt.args.ctx)
if tt.res.wantErr && !tt.res.errFunc(err) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if !tt.res.wantErr && (agg == nil || len(agg.Events) != tt.res.eventLen) {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
return
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
})
}
}
func TestLoginPolicySecondFactorRemovedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.MFA
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "remove second factor from login policy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
LoginPolicy: &iam_es_model.LoginPolicy{
AllowUsernamePassword: true,
SecondFactors: []int32{
int32(iam_model.SecondFactorTypeOTP),
},
}},
new: &iam_es_model.MFA{
MFAType: int32(iam_model.SecondFactorTypeOTP),
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.LoginPolicySecondFactorRemoved},
},
},
{
name: "existing org nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "mfa nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
new: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := LoginPolicySecondFactorRemovedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
if tt.res.wantErr && !tt.res.errFunc(err) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
})
}
}
func TestLoginPolicyMultiFactorAddedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.MFA
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add mfa to login policy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
},
new: &iam_es_model.MFA{
MFAType: int32(iam_model.MultiFactorTypeU2FWithPIN),
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.LoginPolicyMultiFactorAdded},
},
},
{
name: "existing org nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "mfa nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
new: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := LoginPolicyMultiFactorAddedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new, "iamID")(tt.args.ctx)
if tt.res.wantErr && !tt.res.errFunc(err) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if !tt.res.wantErr && (agg == nil || len(agg.Events) != tt.res.eventLen) {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
return
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
})
}
}
func TestLoginPolicyMultiFactorRemovedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.MFA
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "remove mfa from login policy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
LoginPolicy: &iam_es_model.LoginPolicy{
AllowUsernamePassword: true,
MultiFactors: []int32{
int32(iam_model.MultiFactorTypeU2FWithPIN),
},
}},
new: &iam_es_model.MFA{
MFAType: int32(iam_model.MultiFactorTypeU2FWithPIN),
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.LoginPolicyMultiFactorRemoved},
},
},
{
name: "existing org nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "mfa nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
new: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := LoginPolicyMultiFactorRemovedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
if tt.res.wantErr && !tt.res.errFunc(err) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
})
}
}

77
internal/org/repository/eventsourcing/mail_template.go
View File

@@ -1,77 +0,0 @@
package eventsourcing
import (
"context"
"github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/models"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
func MailTemplateAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, policy *iam_es_model.MailTemplate) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-4BeRi", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.OrgAggregate).
AggregateIDFilter(existing.AggregateID)
validation := checkExistingMailTemplateValidation()
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.MailTemplateAdded, policy)
}
}
func MailTemplateChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, template *iam_es_model.MailTemplate) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if template == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-yzXO0", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
changes := existing.MailTemplate.Changes(template)
if len(changes) == 0 {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-erTCI", "Errors.NoChangesFound")
}
return agg.AppendEvent(model.MailTemplateChanged, changes)
}
}
func MailTemplateRemovedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if existing == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-2jVit", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.MailTemplateRemoved, nil)
}
}
func checkExistingMailTemplateValidation() func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
existing := false
for _, event := range events {
switch event.Type {
case model.MailTemplateAdded:
existing = true
case model.MailTemplateRemoved:
existing = false
}
}
if existing {
return errors.ThrowPreconditionFailed(nil, "EVENT-aUH4D", "Errors.Org.MailTemplate.AlreadyExists")
}
return nil
}
}

185
internal/org/repository/eventsourcing/mail_template_test.go
View File

@@ -1,185 +0,0 @@
package eventsourcing
import (
"context"
"testing"
"github.com/caos/zitadel/internal/api/authz"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
func TestMailTemplateAddedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.MailTemplate
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add mailtemplate",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
},
new: &iam_es_model.MailTemplate{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
Template: []byte("<!doctype html>"),
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.MailTemplateAdded},
},
},
{
name: "existing org nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "mailtemplate config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
new: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := MailTemplateAddedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestMailTemplateChangedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.MailTemplate
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "change mailtemplate",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
MailTemplate: &iam_es_model.MailTemplate{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
},
},
new: &iam_es_model.MailTemplate{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
Template: []byte("<!doctype html>"),
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.MailTemplateChanged},
},
},
{
name: "existing org nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "mailtemplate config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
new: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := MailTemplateChangedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}

94
internal/org/repository/eventsourcing/mail_text.go
View File

@@ -1,94 +0,0 @@
package eventsourcing
import (
"context"
"github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/models"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
func MailTextAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, mailText *iam_es_model.MailText) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if mailText == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Gk3Cn", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.OrgAggregate).
AggregateIDFilter(existing.AggregateID)
validation := checkExistingMailTextValidation(mailText, existing.MailTexts)
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.MailTextAdded, mailText)
}
}
func MailTextChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, mailText *iam_es_model.MailText) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if mailText == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Hog8a", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
changes := make(map[string]interface{}, 2)
for _, exMailText := range existing.MailTexts {
if exMailText.MailTextType == mailText.MailTextType && exMailText.Language == mailText.Language {
changes = exMailText.Changes(mailText)
if len(changes) == 0 {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-DuRxA", "Errors.NoChangesFound")
}
}
}
return agg.AppendEvent(model.MailTextChanged, changes)
}
}
func MailTextRemovedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, mailText *iam_es_model.MailText) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if existing == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-cJ5Wp", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
changes := make(map[string]interface{}, 2)
for _, exMailText := range existing.MailTexts {
if exMailText.MailTextType == mailText.MailTextType && exMailText.Language == mailText.Language {
mailText.ButtonText = exMailText.ButtonText
mailText.Greeting = exMailText.Greeting
mailText.Text = exMailText.Text
mailText.Title = exMailText.Title
mailText.Subject = exMailText.Subject
mailText.PreHeader = exMailText.PreHeader
changes = exMailText.Changes(mailText)
if len(changes) == 0 {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-DuRxA", "Errors.NoChangesFound")
}
}
}
return agg.AppendEvent(model.MailTextRemoved, changes)
}
}
func checkExistingMailTextValidation(mailText *iam_es_model.MailText, existingMailTexts []*iam_es_model.MailText) func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
existing := false
for _, text := range existingMailTexts {
if text.MailTextType == mailText.MailTextType && text.Language == mailText.Language {
existing = true
}
}
if existing {
return errors.ThrowPreconditionFailed(nil, "EVENT-zEZh7", "Errors.Org.MailText.AlreadyExists")
}
return nil
}
}

188
internal/org/repository/eventsourcing/mail_text_test.go
View File

@@ -1,188 +0,0 @@
package eventsourcing
import (
"context"
"testing"
"github.com/caos/zitadel/internal/api/authz"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
func TestMailTextAddedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.MailText
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add mailtext",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
},
new: &iam_es_model.MailText{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
MailTextType: "Type",
Language: "DE",
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.MailTextAdded},
},
},
{
name: "existing org nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "mailtext config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
new: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := MailTextAddedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestMailTextChangedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.MailText
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "change mailtext",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
MailTexts: []*iam_es_model.MailText{&iam_es_model.MailText{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
},
},
new: &iam_es_model.MailText{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
MailTextType: "Type",
Language: "DE",
Subject: "Subject",
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.MailTextChanged},
},
},
{
name: "existing org nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "mailtext config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
new: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := MailTextChangedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}

427
internal/org/repository/eventsourcing/org.go
View File

@@ -5,8 +5,6 @@ import (
"github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/models"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
org_model "github.com/caos/zitadel/internal/org/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
@@ -43,428 +41,3 @@ func OrgQuery(latestSequence uint64) *es_models.SearchQuery {
func OrgAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, id string, sequence uint64) (*es_models.Aggregate, error) {
return aggCreator.NewAggregate(ctx, id, model.OrgAggregate, model.OrgVersion, sequence, es_models.OverwriteResourceOwner(id))
}
func orgCreatedAggregates(ctx context.Context, aggCreator *es_models.AggregateCreator, org *model.Org, users func(context.Context, string) ([]*es_models.Aggregate, error)) (_ []*es_models.Aggregate, err error) {
if org == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-kdie7", "Errors.Internal")
}
agg, err := aggCreator.NewAggregate(ctx, org.AggregateID, model.OrgAggregate, model.OrgVersion, org.Sequence, es_models.OverwriteResourceOwner(org.AggregateID))
if err != nil {
return nil, err
}
agg, err = agg.AppendEvent(model.OrgAdded, org)
if err != nil {
return nil, err
}
aggregates := make([]*es_models.Aggregate, 0)
aggregates, err = addDomainAggregateAndEvents(ctx, aggCreator, agg, aggregates, org, users)
if err != nil {
return nil, err
}
nameAggregate, err := reservedUniqueNameAggregate(ctx, aggCreator, org.AggregateID, org.Name)
if err != nil {
return nil, err
}
aggregates = append(aggregates, nameAggregate)
return append(aggregates, agg), nil
}
func addDomainAggregateAndEvents(ctx context.Context, aggCreator *es_models.AggregateCreator, orgAggregate *es_models.Aggregate, aggregates []*es_models.Aggregate, org *model.Org, users func(context.Context, string) ([]*es_models.Aggregate, error)) ([]*es_models.Aggregate, error) {
for _, domain := range org.Domains {
orgAggregate, err := orgAggregate.AppendEvent(model.OrgDomainAdded, domain)
if err != nil {
return nil, err
}
if domain.Verified {
domainAggregates, err := orgDomainVerified(ctx, aggCreator, orgAggregate, org, domain, users)
if err != nil {
return nil, err
}
aggregates = append(aggregates, domainAggregates...)
}
if domain.Primary {
orgAggregate, err = orgAggregate.AppendEvent(model.OrgDomainPrimarySet, domain)
if err != nil {
return nil, err
}
}
}
return aggregates, nil
}
func OrgUpdateAggregates(ctx context.Context, aggCreator *es_models.AggregateCreator, existingOrg *model.Org, updatedOrg *model.Org) ([]*es_models.Aggregate, error) {
if existingOrg == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-dk83d", "Errors.Internal")
}
if updatedOrg == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-dhr74", "Errors.Internal")
}
changes := existingOrg.Changes(updatedOrg)
if len(changes) == 0 {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-E0hc5", "Errors.NoChangesFound")
}
aggregates := make([]*es_models.Aggregate, 0, 3)
if name, ok := changes["name"]; ok {
nameAggregate, err := reservedUniqueNameAggregate(ctx, aggCreator, "", name.(string))
if err != nil {
return nil, err
}
aggregates = append(aggregates, nameAggregate)
nameReleasedAggregate, err := releasedUniqueNameAggregate(ctx, aggCreator, "", existingOrg.Name)
if err != nil {
return nil, err
}
aggregates = append(aggregates, nameReleasedAggregate)
}
orgAggregate, err := OrgAggregate(ctx, aggCreator, existingOrg.AggregateID, existingOrg.Sequence)
if err != nil {
return nil, err
}
orgAggregate, err = orgAggregate.AppendEvent(model.OrgChanged, changes)
if err != nil {
return nil, err
}
aggregates = append(aggregates, orgAggregate)
return aggregates, nil
}
func orgDeactivateAggregate(aggCreator *es_models.AggregateCreator, org *model.Org) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if org == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-R03z8", "Errors.Internal")
}
if org.State == int32(org_model.OrgStateInactive) {
return nil, errors.ThrowInvalidArgument(nil, "EVENT-mcPH0", "Errors.Internal.AlreadyDeactivated")
}
agg, err := OrgAggregate(ctx, aggCreator, org.AggregateID, org.Sequence)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.OrgDeactivated, nil)
}
}
func orgReactivateAggregate(aggCreator *es_models.AggregateCreator, org *model.Org) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if org == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-cTHLd", "Errors.Internal")
}
if org.State == int32(org_model.OrgStateActive) {
return nil, errors.ThrowInvalidArgument(nil, "EVENT-pUSMs", "Errors.Org.AlreadyActive")
}
agg, err := OrgAggregate(ctx, aggCreator, org.AggregateID, org.Sequence)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.OrgReactivated, nil)
}
}
func reservedUniqueDomainAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, resourceOwner, domain string) (*es_models.Aggregate, error) {
aggregate, err := aggCreator.NewAggregate(ctx, domain, model.OrgDomainAggregate, model.OrgVersion, 0)
if resourceOwner != "" {
aggregate, err = aggCreator.NewAggregate(ctx, domain, model.OrgDomainAggregate, model.OrgVersion, 0, es_models.OverwriteResourceOwner(resourceOwner))
}
if err != nil {
return nil, err
}
aggregate, err = aggregate.AppendEvent(model.OrgDomainReserved, nil)
if err != nil {
return nil, err
}
return aggregate.SetPrecondition(OrgDomainUniqueQuery(domain), isEventValidation(aggregate, model.OrgDomainReserved)), nil
}
func releasedUniqueDomainAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, resourceOwner, domain string) (*es_models.Aggregate, error) {
aggregate, err := aggCreator.NewAggregate(ctx, domain, model.OrgDomainAggregate, model.OrgVersion, 0)
if resourceOwner != "" {
aggregate, err = aggCreator.NewAggregate(ctx, domain, model.OrgDomainAggregate, model.OrgVersion, 0, es_models.OverwriteResourceOwner(resourceOwner))
}
if err != nil {
return nil, err
}
aggregate, err = aggregate.AppendEvent(model.OrgDomainReleased, nil)
if err != nil {
return nil, err
}
return aggregate.SetPrecondition(OrgDomainUniqueQuery(domain), isEventValidation(aggregate, model.OrgDomainReleased)), nil
}
func reservedUniqueNameAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, resourceOwner, name string) (aggregate *es_models.Aggregate, err error) {
aggregate, err = aggCreator.NewAggregate(ctx, name, model.OrgNameAggregate, model.OrgVersion, 0)
if resourceOwner != "" {
aggregate, err = aggCreator.NewAggregate(ctx, name, model.OrgNameAggregate, model.OrgVersion, 0, es_models.OverwriteResourceOwner(resourceOwner))
}
if err != nil {
return nil, err
}
aggregate, err = aggregate.AppendEvent(model.OrgNameReserved, nil)
if err != nil {
return nil, err
}
return aggregate.SetPrecondition(OrgNameUniqueQuery(name), isEventValidation(aggregate, model.OrgNameReserved)), nil
}
func releasedUniqueNameAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, resourceOwner, name string) (aggregate *es_models.Aggregate, err error) {
aggregate, err = aggCreator.NewAggregate(ctx, name, model.OrgNameAggregate, model.OrgVersion, 0)
if resourceOwner != "" {
aggregate, err = aggCreator.NewAggregate(ctx, name, model.OrgNameAggregate, model.OrgVersion, 0, es_models.OverwriteResourceOwner(resourceOwner))
}
if err != nil {
return nil, err
}
aggregate, err = aggregate.AppendEvent(model.OrgNameReleased, nil)
if err != nil {
return nil, err
}
return aggregate.SetPrecondition(OrgNameUniqueQuery(name), isEventValidation(aggregate, model.OrgNameReleased)), nil
}
func OrgDomainAddedAggregate(aggCreator *es_models.AggregateCreator, existingOrg *model.Org, domain *model.OrgDomain) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if domain == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-OSid3", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existingOrg.AggregateID, existingOrg.Sequence)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.OrgDomainAdded, domain)
}
}
func OrgDomainValidationGeneratedAggregate(aggCreator *es_models.AggregateCreator, existingOrg *model.Org, domain *model.OrgDomain) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if domain == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-GD2gq", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existingOrg.AggregateID, existingOrg.Sequence)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.OrgDomainVerificationAdded, domain)
}
}
func OrgDomainValidationFailedAggregate(aggCreator *es_models.AggregateCreator, existingOrg *model.Org, domain *model.OrgDomain) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if domain == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-BHF52", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existingOrg.AggregateID, existingOrg.Sequence)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.OrgDomainVerificationFailed, domain)
}
}
func OrgDomainVerifiedAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, existingOrg *model.Org, domain *model.OrgDomain, users func(context.Context, string) ([]*es_models.Aggregate, error)) ([]*es_models.Aggregate, error) {
if domain == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-DHs7s", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existingOrg.AggregateID, existingOrg.Sequence)
if err != nil {
return nil, err
}
aggregates, err := orgDomainVerified(ctx, aggCreator, agg, existingOrg, domain, users)
if err != nil {
return nil, err
}
return append(aggregates, agg), nil
}
func orgDomainVerified(ctx context.Context, aggCreator *es_models.AggregateCreator, agg *es_models.Aggregate, existingOrg *model.Org, domain *model.OrgDomain, users func(context.Context, string) ([]*es_models.Aggregate, error)) ([]*es_models.Aggregate, error) {
agg, err := agg.AppendEvent(model.OrgDomainVerified, domain)
if err != nil {
return nil, err
}
domainAgregate, err := reservedUniqueDomainAggregate(ctx, aggCreator, existingOrg.AggregateID, domain.Domain)
if err != nil {
return nil, err
}
aggregates := []*es_models.Aggregate{domainAgregate}
if users != nil {
userAggregates, err := users(ctx, domain.Domain)
if err != nil {
return nil, errors.ThrowPreconditionFailed(err, "EVENT-HBwsw", "Errors.Internal")
}
aggregates = append(aggregates, userAggregates...)
}
return aggregates, nil
}
func OrgDomainSetPrimaryAggregate(aggCreator *es_models.AggregateCreator, existingOrg *model.Org, domain *model.OrgDomain) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if domain == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-PSw3j", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existingOrg.AggregateID, existingOrg.Sequence)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.OrgDomainPrimarySet, domain)
}
}
func OrgDomainRemovedAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, existingOrg *model.Org, domain *model.OrgDomain) ([]*es_models.Aggregate, error) {
if domain == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-si8dW", "Errors.Internal")
}
aggregates := make([]*es_models.Aggregate, 0, 2)
agg, err := OrgAggregate(ctx, aggCreator, existingOrg.AggregateID, existingOrg.Sequence)
if err != nil {
return nil, err
}
agg, err = agg.AppendEvent(model.OrgDomainRemoved, domain)
if err != nil {
return nil, err
}
aggregates = append(aggregates, agg)
domainAgregate, err := releasedUniqueDomainAggregate(ctx, aggCreator, existingOrg.AggregateID, domain.Domain)
if err != nil {
return nil, err
}
return append(aggregates, domainAgregate), nil
}
func IDPConfigAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, idp *iam_es_model.IDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if idp == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-MSki8", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
agg.AppendEvent(model.IDPConfigAdded, idp)
if idp.OIDCIDPConfig != nil {
agg.AppendEvent(model.OIDCIDPConfigAdded, idp.OIDCIDPConfig)
}
return agg, nil
}
}
func IDPConfigChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, idp *iam_es_model.IDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if idp == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Akdi8", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
var changes map[string]interface{}
for _, i := range existing.IDPs {
if i.IDPConfigID == idp.IDPConfigID {
changes = i.Changes(idp)
}
}
agg.AppendEvent(model.IDPConfigChanged, changes)
return agg, nil
}
}
func IDPConfigRemovedAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, existing *model.Org, idp *iam_es_model.IDPConfig, provider *iam_es_model.IDPProvider) (*es_models.Aggregate, error) {
if idp == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Mlso9", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
agg, err = agg.AppendEvent(model.IDPConfigRemoved, &iam_es_model.IDPConfigID{IDPConfigID: idp.IDPConfigID})
if err != nil {
return nil, err
}
if provider != nil {
return agg.AppendEvent(model.LoginPolicyIDPProviderCascadeRemoved, &iam_es_model.IDPProviderID{IDPConfigID: provider.IDPConfigID})
}
return agg, nil
}
func IDPConfigDeactivatedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, idp *iam_es_model.IDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if idp == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-3sz7d", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
agg.AppendEvent(model.IDPConfigDeactivated, &iam_es_model.IDPConfigID{IDPConfigID: idp.IDPConfigID})
return agg, nil
}
}
func IDPConfigReactivatedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, idp *iam_es_model.IDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if idp == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-4jdiS", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
agg.AppendEvent(model.IDPConfigReactivated, &iam_es_model.IDPConfigID{IDPConfigID: idp.IDPConfigID})
return agg, nil
}
}
func OIDCIDPConfigChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, config *iam_es_model.OIDCIDPConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if config == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-6Fjso", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
var changes map[string]interface{}
for _, idp := range existing.IDPs {
if idp.IDPConfigID == config.IDPConfigID {
if idp.OIDCIDPConfig != nil {
changes = idp.OIDCIDPConfig.Changes(config)
}
}
}
if len(changes) <= 1 {
return nil, errors.ThrowPreconditionFailedf(nil, "EVENT-Rks9u", "Errors.NoChangesFound")
}
agg.AppendEvent(model.OIDCIDPConfigChanged, changes)
return agg, nil
}
}
func isEventValidation(aggregate *es_models.Aggregate, eventType es_models.EventType) func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
if len(events) == 0 {
aggregate.PreviousSequence = 0
return nil
}
if events[0].Type == eventType {
return errors.ThrowPreconditionFailedf(nil, "EVENT-eJQqe", "user is already %v", eventType)
}
aggregate.PreviousSequence = events[0].Sequence
return nil
}
}

50
internal/org/repository/eventsourcing/org_iam_policy.go
View File

@@ -1,50 +0,0 @@
package eventsourcing
import (
"context"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
func OrgIAMPolicyAddedAggregate(aggCreator *es_models.AggregateCreator, org *model.Org, policy *iam_es_model.OrgIAMPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-i9sJS", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, org.AggregateID, org.Sequence)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.OrgIAMPolicyAdded, policy)
}
}
func OrgIAMPolicyChangedAggregate(aggCreator *es_models.AggregateCreator, org *model.Org, policy *iam_es_model.OrgIAMPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-9Ksie", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, org.AggregateID, org.Sequence)
if err != nil {
return nil, err
}
changes := org.OrgIAMPolicy.Changes(policy)
if len(changes) == 0 {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Js6Vs", "Errors.NoChangesFound")
}
return agg.AppendEvent(model.OrgIAMPolicyChanged, changes)
}
}
func OrgIamPolicyRemovedAggregate(aggCreator *es_models.AggregateCreator, org *model.Org) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
agg, err := OrgAggregate(ctx, aggCreator, org.AggregateID, org.Sequence)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.OrgIAMPolicyRemoved, nil)
}
}

233
internal/org/repository/eventsourcing/org_iam_policy_test.go
View File

@@ -1,233 +0,0 @@
package eventsourcing
import (
"context"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"testing"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
func TestOrgIamPolicyAddedAggregates(t *testing.T) {
type res struct {
eventsCount int
eventType es_models.EventType
isErr func(error) bool
}
type args struct {
ctx context.Context
aggCreator *es_models.AggregateCreator
org *model.Org
policy *iam_es_model.OrgIAMPolicy
}
tests := []struct {
name string
args args
res res
}{
{
name: "no policy error",
args: args{
ctx: authz.NewMockContext("org", "user"),
aggCreator: es_models.NewAggregateCreator("test"),
},
res: res{
isErr: errors.IsPreconditionFailed,
},
},
{
name: "policy successful",
args: args{
ctx: authz.NewMockContext("org", "user"),
aggCreator: es_models.NewAggregateCreator("test"),
org: &model.Org{
ObjectRoot: es_models.ObjectRoot{
AggregateID: "sdaf",
Sequence: 5,
},
},
policy: &iam_es_model.OrgIAMPolicy{
UserLoginMustBeDomain: true,
},
},
res: res{
eventsCount: 1,
eventType: model.OrgIAMPolicyAdded,
isErr: nil,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg := OrgIAMPolicyAddedAggregate(tt.args.aggCreator, tt.args.org, tt.args.policy)
got, err := agg(tt.args.ctx)
if tt.res.isErr == nil && err != nil {
t.Errorf("no error expected got %T: %v", err, err)
}
if tt.res.isErr != nil && !tt.res.isErr(err) {
t.Errorf("wrong error got %T: %v", err, err)
}
if tt.res.isErr == nil && got.Events[0].Type != tt.res.eventType {
t.Errorf("OrgIAMPolicyAddedAggregate() event type = %v, wanted count %v", got.Events[0].Type, tt.res.eventType)
}
if tt.res.isErr == nil && len(got.Events) != tt.res.eventsCount {
t.Errorf("OrgIAMPolicyAddedAggregate() event count = %d, wanted count %d", len(got.Events), tt.res.eventsCount)
}
})
}
}
func TestOrgIamPolicyChangedAggregates(t *testing.T) {
type res struct {
eventsCount int
eventType es_models.EventType
isErr func(error) bool
}
type args struct {
ctx context.Context
aggCreator *es_models.AggregateCreator
org *model.Org
policy *iam_es_model.OrgIAMPolicy
}
tests := []struct {
name string
args args
res res
}{
{
name: "no policy error",
args: args{
ctx: authz.NewMockContext("org", "user"),
aggCreator: es_models.NewAggregateCreator("test"),
},
res: res{
isErr: errors.IsPreconditionFailed,
},
},
{
name: "policy successful",
args: args{
ctx: authz.NewMockContext("org", "user"),
aggCreator: es_models.NewAggregateCreator("test"),
org: &model.Org{
ObjectRoot: es_models.ObjectRoot{
AggregateID: "sdaf",
Sequence: 5,
},
OrgIAMPolicy: &iam_es_model.OrgIAMPolicy{
UserLoginMustBeDomain: true,
},
},
policy: &iam_es_model.OrgIAMPolicy{
UserLoginMustBeDomain: false,
},
},
res: res{
eventsCount: 1,
eventType: model.OrgIAMPolicyChanged,
isErr: nil,
},
},
{
name: "policy no changes",
args: args{
ctx: authz.NewMockContext("org", "user"),
aggCreator: es_models.NewAggregateCreator("test"),
org: &model.Org{
ObjectRoot: es_models.ObjectRoot{
AggregateID: "sdaf",
Sequence: 5,
},
OrgIAMPolicy: &iam_es_model.OrgIAMPolicy{
UserLoginMustBeDomain: true,
},
},
policy: &iam_es_model.OrgIAMPolicy{
UserLoginMustBeDomain: true,
},
},
res: res{
isErr: errors.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg := OrgIAMPolicyChangedAggregate(tt.args.aggCreator, tt.args.org, tt.args.policy)
got, err := agg(tt.args.ctx)
if tt.res.isErr == nil && err != nil {
t.Errorf("no error expected got %T: %v", err, err)
}
if tt.res.isErr != nil && !tt.res.isErr(err) {
t.Errorf("wrong error got %T: %v", err, err)
}
if tt.res.isErr == nil && got.Events[0].Type != tt.res.eventType {
t.Errorf("OrgIAMPolicyChangedAggregate() event type = %v, wanted count %v", got.Events[0].Type, tt.res.eventType)
}
if tt.res.isErr == nil && len(got.Events) != tt.res.eventsCount {
t.Errorf("OrgIAMPolicyChangedAggregate() event count = %d, wanted count %d", len(got.Events), tt.res.eventsCount)
}
})
}
}
func TestOrgIamPolicyRemovedAggregates(t *testing.T) {
type res struct {
eventsCount int
eventType es_models.EventType
isErr func(error) bool
}
type args struct {
ctx context.Context
aggCreator *es_models.AggregateCreator
org *model.Org
}
tests := []struct {
name string
args args
res res
}{
{
name: "policy successful",
args: args{
ctx: authz.NewMockContext("org", "user"),
aggCreator: es_models.NewAggregateCreator("test"),
org: &model.Org{
ObjectRoot: es_models.ObjectRoot{
AggregateID: "sdaf",
Sequence: 5,
},
OrgIAMPolicy: &iam_es_model.OrgIAMPolicy{
UserLoginMustBeDomain: true,
},
},
},
res: res{
eventsCount: 1,
eventType: model.OrgIAMPolicyRemoved,
isErr: nil,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg := OrgIamPolicyRemovedAggregate(tt.args.aggCreator, tt.args.org)
got, err := agg(tt.args.ctx)
if tt.res.isErr == nil && err != nil {
t.Errorf("no error expected got %T: %v", err, err)
}
if tt.res.isErr != nil && !tt.res.isErr(err) {
t.Errorf("wrong error got %T: %v", err, err)
}
if tt.res.isErr == nil && got.Events[0].Type != tt.res.eventType {
t.Errorf("OrgIAMPolicyChangedAggregate() event type = %v, wanted count %v", got.Events[0].Type, tt.res.eventType)
}
if tt.res.isErr == nil && len(got.Events) != tt.res.eventsCount {
t.Errorf("OrgIAMPolicyChangedAggregate() event count = %d, wanted count %d", len(got.Events), tt.res.eventsCount)
}
})
}
}

97
internal/org/repository/eventsourcing/org_member.go
View File

@@ -1,97 +0,0 @@
package eventsourcing
import (
"context"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/models"
usr_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
)
func orgMemberAddedAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, member *model.OrgMember, resourceOwner string) (agg *es_models.Aggregate, err error) {
if member == nil {
return nil, errors.ThrowInvalidArgument(nil, "EVENT-c63Ap", "Errors.Internal")
}
if resourceOwner != "" {
agg, err = aggCreator.NewAggregate(ctx, member.AggregateID, model.OrgAggregate, model.OrgVersion, member.Sequence, es_models.OverwriteResourceOwner(resourceOwner))
} else {
agg, err = aggCreator.NewAggregate(ctx, member.AggregateID, model.OrgAggregate, model.OrgVersion, member.Sequence)
}
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.OrgAggregate, usr_model.UserAggregate).
AggregateIDsFilter(member.AggregateID, member.UserID)
validation := addMemberValidation(agg, member)
return agg.SetPrecondition(validationQuery, validation).AppendEvent(model.OrgMemberAdded, member)
}
func orgMemberChangedAggregate(aggCreator *es_models.AggregateCreator, org *model.Org, existingMember, member *model.OrgMember) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if member == nil || org == nil || existingMember == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-d34fs", "Errors.Internal")
}
changes := existingMember.Changes(member)
if len(changes) == 0 {
return nil, errors.ThrowInvalidArgument(nil, "EVENT-VLMGn", "Errors.NoChangesFound")
}
agg, err := OrgAggregate(ctx, aggCreator, org.AggregateID, org.Sequence)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.OrgMemberChanged, changes)
}
}
func orgMemberRemovedAggregate(aggCreator *es_models.AggregateCreator, org *model.Org, member *model.OrgMember) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if member == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-vNPVX", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, org.AggregateID, org.Sequence)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.OrgMemberRemoved, member)
}
}
func addMemberValidation(aggregate *es_models.Aggregate, member *model.OrgMember) func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
existsOrg := false
existsUser := false
isMember := false
for _, event := range events {
switch event.AggregateType {
case usr_model.UserAggregate:
existsUser = true
case model.OrgAggregate:
aggregate.PreviousSequence = event.Sequence
existsOrg = true
switch event.Type {
case model.OrgMemberAdded, model.OrgMemberRemoved:
manipulatedMember, err := model.OrgMemberFromEvent(new(model.OrgMember), event)
if err != nil {
return errors.ThrowInternal(err, "EVENT-Eg8St", "unable to validate object")
}
if manipulatedMember.UserID == member.UserID {
isMember = event.Type == model.OrgMemberAdded
}
}
}
}
if existsOrg && existsUser && !isMember {
return nil
}
return errors.ThrowPreconditionFailed(nil, "EVENT-3OfIm", "conditions not met")
}
}

409
internal/org/repository/eventsourcing/org_member_test.go
View File

@@ -1,409 +0,0 @@
package eventsourcing
import (
"context"
"testing"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
usr_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
)
func TestOrgMemberAddedAggregate(t *testing.T) {
type res struct {
isErr func(error) bool
eventCount int
}
type args struct {
aggCreator *es_models.AggregateCreator
member *model.OrgMember
ctx context.Context
}
tests := []struct {
name string
args args
res res
}{
{
name: "no member",
args: args{
aggCreator: es_models.NewAggregateCreator("test"),
ctx: authz.NewMockContext("org", "user"),
member: nil,
},
res: res{
isErr: errors.IsErrorInvalidArgument,
},
},
{
name: "member added sucessfully",
args: args{
aggCreator: es_models.NewAggregateCreator("test"),
ctx: authz.NewMockContext("org", "user"),
member: &model.OrgMember{
ObjectRoot: es_models.ObjectRoot{AggregateID: "asdf", Sequence: 234},
},
},
res: res{
isErr: nil,
eventCount: 1,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
aggregate, err := orgMemberAddedAggregate(tt.args.ctx, tt.args.aggCreator, tt.args.member, "")
if tt.res.isErr == nil && err != nil {
t.Errorf("no error expected got: %v", err)
}
if tt.res.isErr != nil && !tt.res.isErr(err) {
t.Errorf("wrong error got %T: %v", err, err)
}
if tt.res.isErr == nil && aggregate == nil {
t.Error("aggregate must not be nil")
}
if tt.res.isErr == nil && len(aggregate.Events) != tt.res.eventCount {
t.Error("wrong amount of events")
}
})
}
}
func TestOrgMemberChangedAggregate(t *testing.T) {
type res struct {
isErr func(error) bool
eventCount int
}
type args struct {
aggCreator *es_models.AggregateCreator
org *model.Org
existingMember *model.OrgMember
member *model.OrgMember
ctx context.Context
}
tests := []struct {
name string
args args
res res
}{
{
name: "no member",
args: args{
aggCreator: es_models.NewAggregateCreator("test"),
ctx: authz.NewMockContext("org", "user"),
org: &model.Org{},
member: nil,
existingMember: &model.OrgMember{},
},
res: res{
isErr: errors.IsPreconditionFailed,
},
},
{
name: "no existing member",
args: args{
aggCreator: es_models.NewAggregateCreator("test"),
ctx: authz.NewMockContext("org", "user"),
org: &model.Org{},
existingMember: nil,
member: &model.OrgMember{},
},
res: res{
isErr: errors.IsPreconditionFailed,
},
},
{
name: "no changes",
args: args{
aggCreator: es_models.NewAggregateCreator("test"),
ctx: authz.NewMockContext("org", "user"),
member: &model.OrgMember{
ObjectRoot: es_models.ObjectRoot{AggregateID: "asdf", Sequence: 234},
},
existingMember: &model.OrgMember{
ObjectRoot: es_models.ObjectRoot{AggregateID: "asdf", Sequence: 234},
},
org: &model.Org{},
},
res: res{
isErr: errors.IsErrorInvalidArgument,
},
},
{
name: "with changes success",
args: args{
aggCreator: es_models.NewAggregateCreator("test"),
ctx: authz.NewMockContext("org", "user"),
member: &model.OrgMember{
ObjectRoot: es_models.ObjectRoot{AggregateID: "asdf", Sequence: 234},
Roles: []string{"asdf"},
},
existingMember: &model.OrgMember{
ObjectRoot: es_models.ObjectRoot{AggregateID: "asdf", Sequence: 234},
Roles: []string{"asdf", "woeri"},
},
org: &model.Org{
ObjectRoot: es_models.ObjectRoot{AggregateID: "asdf", Sequence: 234},
},
},
res: res{
isErr: nil,
eventCount: 1,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
aggregateCreator := orgMemberChangedAggregate(tt.args.aggCreator, tt.args.org, tt.args.existingMember, tt.args.member)
aggregate, err := aggregateCreator(tt.args.ctx)
if tt.res.isErr == nil && err != nil {
t.Errorf("no error expected got: %v", err)
}
if tt.res.isErr != nil && !tt.res.isErr(err) {
t.Errorf("wrong error got %T: %v", err, err)
}
if tt.res.isErr == nil && aggregate == nil {
t.Error("aggregate must not be nil")
}
if tt.res.isErr == nil && len(aggregate.Events) != tt.res.eventCount {
t.Error("wrong amount of events")
}
})
}
}
func TestOrgMemberRemovedAggregate(t *testing.T) {
type res struct {
isErr func(error) bool
eventCount int
}
type args struct {
aggCreator *es_models.AggregateCreator
org *model.Org
member *model.OrgMember
ctx context.Context
}
tests := []struct {
name string
args args
res res
}{
{
name: "no member",
args: args{
aggCreator: es_models.NewAggregateCreator("test"),
ctx: authz.NewMockContext("org", "user"),
org: &model.Org{},
member: nil,
},
res: res{
isErr: errors.IsPreconditionFailed,
},
},
{
name: "member added sucessfully",
args: args{
aggCreator: es_models.NewAggregateCreator("test"),
ctx: authz.NewMockContext("org", "user"),
org: &model.Org{
ObjectRoot: es_models.ObjectRoot{AggregateID: "asdf", Sequence: 234},
},
member: &model.OrgMember{
ObjectRoot: es_models.ObjectRoot{AggregateID: "asdf", Sequence: 234},
},
},
res: res{
isErr: nil,
eventCount: 1,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
aggregateCreator := orgMemberRemovedAggregate(tt.args.aggCreator, tt.args.org, tt.args.member)
aggregate, err := aggregateCreator(tt.args.ctx)
if tt.res.isErr == nil && err != nil {
t.Errorf("no error expected got: %v", err)
}
if tt.res.isErr != nil && !tt.res.isErr(err) {
t.Errorf("wrong error got %T: %v", err, err)
}
if tt.res.isErr == nil && aggregate == nil {
t.Error("aggregate must not be nil")
}
if tt.res.isErr == nil && len(aggregate.Events) != tt.res.eventCount {
t.Error("wrong amount of events")
}
})
}
}
func Test_addMemberValidation(t *testing.T) {
type res struct {
isErr func(error) bool
preivousSequence uint64
}
type args struct {
aggregate *es_models.Aggregate
events []*es_models.Event
member *model.OrgMember
}
tests := []struct {
name string
args args
res res
}{
{
name: "no events",
args: args{
aggregate: &es_models.Aggregate{},
},
res: res{
isErr: errors.IsPreconditionFailed,
},
},
{
name: "only org events",
args: args{
aggregate: &es_models.Aggregate{},
events: []*es_models.Event{
{
AggregateType: model.OrgAggregate,
Sequence: 13,
},
{
AggregateType: model.OrgAggregate,
Sequence: 142,
},
{
AggregateType: model.OrgAggregate,
Sequence: 1234,
Type: model.OrgMemberAdded,
Data: []byte(`{"userId":"hodor"}`),
},
},
member: &model.OrgMember{UserID: "hodor"},
},
res: res{
isErr: errors.IsPreconditionFailed,
},
},
{
name: "only user events",
args: args{
aggregate: &es_models.Aggregate{},
events: []*es_models.Event{
{
AggregateType: usr_model.UserAggregate,
Sequence: 13,
},
{
AggregateType: usr_model.UserAggregate,
Sequence: 142,
},
},
member: &model.OrgMember{UserID: "hodor"},
},
res: res{
isErr: errors.IsPreconditionFailed,
},
},
{
name: "user, org events success",
args: args{
aggregate: &es_models.Aggregate{},
events: []*es_models.Event{
{
AggregateType: usr_model.UserAggregate,
Sequence: 13,
},
{
AggregateType: model.OrgAggregate,
Sequence: 142,
},
},
member: &model.OrgMember{UserID: "hodor"},
},
res: res{
isErr: nil,
preivousSequence: 142,
},
},
{
name: "user, org and member events success",
args: args{
aggregate: &es_models.Aggregate{},
events: []*es_models.Event{
{
AggregateType: usr_model.UserAggregate,
Sequence: 13,
},
{
AggregateType: model.OrgAggregate,
Sequence: 142,
},
{
AggregateType: model.OrgAggregate,
Sequence: 1234,
Type: model.OrgMemberAdded,
Data: []byte(`{"userId":"hodor"}`),
},
{
AggregateType: model.OrgAggregate,
Sequence: 1236,
Type: model.OrgMemberRemoved,
Data: []byte(`{"userId":"hodor"}`),
},
},
member: &model.OrgMember{UserID: "hodor"},
},
res: res{
isErr: nil,
preivousSequence: 1236,
},
},
{
name: "user, org and member added events fail",
args: args{
aggregate: &es_models.Aggregate{},
events: []*es_models.Event{
{
AggregateType: usr_model.UserAggregate,
Sequence: 13,
},
{
AggregateType: model.OrgAggregate,
Sequence: 142,
},
{
AggregateType: model.OrgAggregate,
Sequence: 1234,
Type: model.OrgMemberAdded,
Data: []byte(`{"userId":"hodor"}`),
},
},
member: &model.OrgMember{UserID: "hodor"},
},
res: res{
isErr: errors.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
validaiton := addMemberValidation(tt.args.aggregate, tt.args.member)
err := validaiton(tt.args.events...)
if tt.res.isErr == nil && err != nil {
t.Errorf("no error expected got: %v", err)
}
if tt.res.isErr != nil && !tt.res.isErr(err) {
t.Errorf("wrong error got %T: %v", err, err)
}
if tt.res.isErr == nil && tt.args.aggregate.PreviousSequence != tt.res.preivousSequence {
t.Errorf("wrong previous sequence got: %d want %d", tt.args.aggregate.PreviousSequence, tt.res.preivousSequence)
}
})
}
}

1430
internal/org/repository/eventsourcing/org_test.go
View File

File diff suppressed because it is too large Load Diff

76
internal/org/repository/eventsourcing/password_age_policy.go
View File

@@ -1,76 +0,0 @@
package eventsourcing
import (
"context"
"github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/models"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
func PasswordAgePolicyAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, policy *iam_es_model.PasswordAgePolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Hms9d", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.OrgAggregate).
AggregateIDFilter(existing.AggregateID)
validation := checkExistingPasswordAgePolicyValidation()
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.PasswordAgePolicyAdded, policy)
}
}
func PasswordAgePolicyChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, policy *iam_es_model.PasswordAgePolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-3Gms0f", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
changes := existing.PasswordAgePolicy.Changes(policy)
if len(changes) == 0 {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Ls0rs", "Errors.NoChangesFound")
}
return agg.AppendEvent(model.PasswordAgePolicyChanged, changes)
}
}
func PasswordAgePolicyRemovedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if existing == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-4Gsk9", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.PasswordAgePolicyRemoved, nil)
}
}
func checkExistingPasswordAgePolicyValidation() func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
existing := false
for _, event := range events {
switch event.Type {
case model.PasswordAgePolicyAdded:
existing = true
case model.PasswordAgePolicyRemoved:
existing = false
}
}
if existing {
return errors.ThrowPreconditionFailed(nil, "EVENT-2Fjs0", "Errors.Org.PasswordAgePolicy.AlreadyExists")
}
return nil
}
}

258
internal/org/repository/eventsourcing/password_age_policy_test.go
View File

@@ -1,258 +0,0 @@
package eventsourcing
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
"testing"
)
func TestPasswordAgePolicyAddedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.PasswordAgePolicy
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add password age policy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
},
new: &iam_es_model.PasswordAgePolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
MaxAgeDays: 10,
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.PasswordAgePolicyAdded},
},
},
{
name: "existing org nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "password age policy config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
new: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := PasswordAgePolicyAddedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
})
}
}
func TestPasswordAgePolicyChangedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.PasswordAgePolicy
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "change password age policy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
PasswordAgePolicy: &iam_es_model.PasswordAgePolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
},
},
new: &iam_es_model.PasswordAgePolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
MaxAgeDays: 5,
ExpireWarnDays: 5,
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.PasswordAgePolicyChanged},
},
},
{
name: "existing org nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "password age policy config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
new: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := PasswordAgePolicyChangedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if !tt.res.wantErr && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
})
}
}
func TestPasswordAgePolicyRemovedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "remove password age policy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
PasswordAgePolicy: &iam_es_model.PasswordAgePolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
},
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.PasswordAgePolicyRemoved},
},
},
{
name: "existing org nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := PasswordAgePolicyRemovedAggregate(tt.args.aggCreator, tt.args.existing)(tt.args.ctx)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
}
})
}
}

76
internal/org/repository/eventsourcing/password_complexity_policy.go
View File

@@ -1,76 +0,0 @@
package eventsourcing
import (
"context"
"github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/models"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
func PasswordComplexityPolicyAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, policy *iam_es_model.PasswordComplexityPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-F8iso", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.OrgAggregate).
AggregateIDFilter(existing.AggregateID)
validation := checkExistingPasswordComplexityPolicyValidation()
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.PasswordComplexityPolicyAdded, policy)
}
}
func PasswordComplexityPolicyChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, policy *iam_es_model.PasswordComplexityPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-2dFT5", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
changes := existing.PasswordComplexityPolicy.Changes(policy)
if len(changes) == 0 {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Smk8d", "Errors.NoChangesFound")
}
return agg.AppendEvent(model.PasswordComplexityPolicyChanged, changes)
}
}
func PasswordComplexityPolicyRemovedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if existing == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Lso9f", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.PasswordComplexityPolicyRemoved, nil)
}
}
func checkExistingPasswordComplexityPolicyValidation() func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
existing := false
for _, event := range events {
switch event.Type {
case model.PasswordComplexityPolicyAdded:
existing = true
case model.PasswordComplexityPolicyRemoved:
existing = false
}
}
if existing {
return errors.ThrowPreconditionFailed(nil, "EVENT-5Fjs8", "Errors.Org.PasswordComplexityPolicy.AlreadyExists")
}
return nil
}
}

258
internal/org/repository/eventsourcing/password_complexity_policy_test.go
View File

@@ -1,258 +0,0 @@
package eventsourcing
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
"testing"
)
func TestPasswordComplexityPolicyAddedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.PasswordComplexityPolicy
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add password complexity polciy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
},
new: &iam_es_model.PasswordComplexityPolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
MinLength: 10,
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.PasswordComplexityPolicyAdded},
},
},
{
name: "existing org nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "password complexity policy config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
new: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := PasswordComplexityPolicyAddedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
})
}
}
func TestPasswordComplexityPolicyChangedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.PasswordComplexityPolicy
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "change password complexity policy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
PasswordComplexityPolicy: &iam_es_model.PasswordComplexityPolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
},
},
new: &iam_es_model.PasswordComplexityPolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
MinLength: 5,
HasLowercase: true,
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.PasswordComplexityPolicyChanged},
},
},
{
name: "existing org nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "password complexity policy config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
new: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := PasswordComplexityPolicyChangedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
})
}
}
func TestPasswordComplexityPolicyRemovedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "remove password complexity policy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
PasswordComplexityPolicy: &iam_es_model.PasswordComplexityPolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
},
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.PasswordComplexityPolicyRemoved},
},
},
{
name: "existing org nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := PasswordComplexityPolicyRemovedAggregate(tt.args.aggCreator, tt.args.existing)(tt.args.ctx)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
}
})
}
}

76
internal/org/repository/eventsourcing/password_lockout_policy.go
View File

@@ -1,76 +0,0 @@
package eventsourcing
import (
"context"
"github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/models"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
)
func PasswordLockoutPolicyAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, policy *iam_es_model.PasswordLockoutPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-4Tfi9", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.OrgAggregate).
AggregateIDFilter(existing.AggregateID)
validation := checkExistingPasswordLockoutPolicyValidation()
agg.SetPrecondition(validationQuery, validation)
return agg.AppendEvent(model.PasswordLockoutPolicyAdded, policy)
}
}
func PasswordLockoutPolicyChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org, policy *iam_es_model.PasswordLockoutPolicy) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if policy == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-5lf9s", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
changes := existing.PasswordLockoutPolicy.Changes(policy)
if len(changes) == 0 {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-1dj9G", "Errors.NoChangesFound")
}
return agg.AppendEvent(model.PasswordLockoutPolicyChanged, changes)
}
}
func PasswordLockoutPolicyRemovedAggregate(aggCreator *es_models.AggregateCreator, existing *model.Org) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if existing == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-6Hsl0", "Errors.Internal")
}
agg, err := OrgAggregate(ctx, aggCreator, existing.AggregateID, existing.Sequence)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.PasswordLockoutPolicyRemoved, nil)
}
}
func checkExistingPasswordLockoutPolicyValidation() func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
existing := false
for _, event := range events {
switch event.Type {
case model.PasswordLockoutPolicyAdded:
existing = true
case model.PasswordLockoutPolicyRemoved:
existing = false
}
}
if existing {
return errors.ThrowPreconditionFailed(nil, "EVENT-2Dfl0", "Errors.Org.PasswordLockoutPolicy.AlreadyExists")
}
return nil
}
}

258
internal/org/repository/eventsourcing/password_lockout_policy_test.go
View File

@@ -1,258 +0,0 @@
package eventsourcing
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
"testing"
)
func TestPasswordLockoutPolicyAddedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.PasswordLockoutPolicy
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add password lockout polciy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
},
new: &iam_es_model.PasswordLockoutPolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
MaxAttempts: 10,
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.PasswordLockoutPolicyAdded},
},
},
{
name: "existing org nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "password lockout policy config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
new: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := PasswordLockoutPolicyAddedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
})
}
}
func TestPasswordLockoutPolicyChangedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
new *iam_es_model.PasswordLockoutPolicy
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "change password lockout policy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
PasswordLockoutPolicy: &iam_es_model.PasswordLockoutPolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
},
},
new: &iam_es_model.PasswordLockoutPolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
MaxAttempts: 5,
ShowLockOutFailures: true,
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.PasswordLockoutPolicyChanged},
},
},
{
name: "existing org nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "password lockout policy config nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
new: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := PasswordLockoutPolicyChangedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
})
}
}
func TestPasswordLockoutPolicyRemovedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existing *model.Org
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "remove password lockout policy",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: &model.Org{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
PasswordLockoutPolicy: &iam_es_model.PasswordLockoutPolicy{
ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"},
},
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.PasswordLockoutPolicyRemoved},
},
},
{
name: "existing org nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existing: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := PasswordLockoutPolicyRemovedAggregate(tt.args.aggCreator, tt.args.existing)(tt.args.ctx)
if (tt.res.wantErr && !tt.res.errFunc(err)) || (err != nil && !tt.res.wantErr) {
t.Errorf("got wrong err: %v ", err)
return
}
if tt.res.wantErr && tt.res.errFunc(err) {
return
}
if len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
}
})
}
}

4
internal/project/model/project_role.go
View File

@@ -10,10 +10,6 @@ type ProjectRole struct {
Group string
}
func NewProjectRole(projectID, key string) *ProjectRole {
return &ProjectRole{ObjectRoot: es_models.ObjectRoot{AggregateID: projectID}, Key: key}
}
func (p *ProjectRole) IsValid() bool {
return p.AggregateID != "" && p.Key != ""
}

782
internal/project/repository/eventsourcing/eventstore.go
View File

@@ -9,7 +9,6 @@ import (
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/cache/config"
sd "github.com/caos/zitadel/internal/config/systemdefaults"
"github.com/caos/zitadel/internal/crypto"
@@ -87,352 +86,6 @@ func (es *ProjectEventstore) ProjectEventsByID(ctx context.Context, id string, s
return es.FilterEvents(ctx, query)
}
func (es *ProjectEventstore) CreateProject(ctx context.Context, project *proj_model.Project, global bool) (*proj_model.Project, error) {
if !project.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-IOVCC", "Errors.Project.Invalid")
}
id, err := es.idGenerator.Next()
if err != nil {
return nil, err
}
project.AggregateID = id
project.State = proj_model.ProjectStateActive
repoProject := model.ProjectFromModel(project)
projectRole := projectOwnerRole
if global {
projectRole = projectOwnerGlobalRole
}
member := &model.ProjectMember{
UserID: authz.GetCtxData(ctx).UserID,
Roles: []string{projectRole},
}
createAggregate := ProjectCreateAggregate(es.AggregateCreator(), repoProject, member)
err = es_sdk.Push(ctx, es.PushAggregates, repoProject.AppendEvents, createAggregate)
if err != nil {
return nil, err
}
es.projectCache.cacheProject(repoProject)
return model.ProjectToModel(repoProject), nil
}
func (es *ProjectEventstore) UpdateProject(ctx context.Context, project *proj_model.Project) (*proj_model.Project, error) {
if !project.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-7eBD6", "Errors.Project.Invalid")
}
existingProject, err := es.ProjectByID(ctx, project.AggregateID)
if err != nil {
return nil, err
}
repoExisting := model.ProjectFromModel(existingProject)
repoNew := model.ProjectFromModel(project)
updateAggregate := ProjectUpdateAggregate(es.AggregateCreator(), repoExisting, repoNew)
err = es_sdk.Push(ctx, es.PushAggregates, repoExisting.AppendEvents, updateAggregate)
if err != nil {
return nil, err
}
es.projectCache.cacheProject(repoExisting)
return model.ProjectToModel(repoExisting), nil
}
func (es *ProjectEventstore) DeactivateProject(ctx context.Context, id string) (*proj_model.Project, error) {
existingProject, err := es.ProjectByID(ctx, id)
if err != nil {
return nil, err
}
if !existingProject.IsActive() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-die45", "Errors.Project.NotActive")
}
repoExisting := model.ProjectFromModel(existingProject)
aggregate := ProjectDeactivateAggregate(es.AggregateCreator(), repoExisting)
err = es_sdk.Push(ctx, es.PushAggregates, repoExisting.AppendEvents, aggregate)
if err != nil {
return nil, err
}
es.projectCache.cacheProject(repoExisting)
return model.ProjectToModel(repoExisting), nil
}
func (es *ProjectEventstore) ReactivateProject(ctx context.Context, id string) (*proj_model.Project, error) {
existingProject, err := es.ProjectByID(ctx, id)
if err != nil {
return nil, err
}
if existingProject.IsActive() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-die45", "Errors.Project.NotInactive")
}
repoExisting := model.ProjectFromModel(existingProject)
aggregate := ProjectReactivateAggregate(es.AggregateCreator(), repoExisting)
err = es_sdk.Push(ctx, es.PushAggregates, repoExisting.AppendEvents, aggregate)
if err != nil {
return nil, err
}
es.projectCache.cacheProject(repoExisting)
return model.ProjectToModel(repoExisting), nil
}
func (es *ProjectEventstore) RemoveProject(ctx context.Context, proj *proj_model.Project) error {
project, aggregate, err := es.PrepareRemoveProject(ctx, proj)
if err != nil {
return err
}
err = es_sdk.PushAggregates(ctx, es.PushAggregates, project.AppendEvents, aggregate)
if err != nil {
return err
}
es.projectCache.cacheProject(project)
return nil
}
func (es *ProjectEventstore) PrepareRemoveProject(ctx context.Context, proj *proj_model.Project) (*model.Project, *es_models.Aggregate, error) {
if proj.AggregateID == "" {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Akbov", "Errors.ProjectInvalid")
}
existingProject, err := es.ProjectByID(ctx, proj.AggregateID)
if err != nil {
return nil, nil, err
}
repoProject := model.ProjectFromModel(existingProject)
projectAggregate, err := ProjectRemovedAggregate(ctx, es.Eventstore.AggregateCreator(), repoProject)
if err != nil {
return nil, nil, err
}
return repoProject, projectAggregate, nil
}
func (es *ProjectEventstore) ProjectMemberByIDs(ctx context.Context, member *proj_model.ProjectMember) (*proj_model.ProjectMember, error) {
if member.UserID == "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-ld93d", "Errors.Project.UserIDMissing")
}
project, err := es.ProjectByID(ctx, member.AggregateID)
if err != nil {
return nil, err
}
if _, m := project.GetMember(member.UserID); m != nil {
return m, nil
}
return nil, caos_errs.ThrowNotFound(nil, "EVENT-3udjs", "Errors.Project.Member.NotFound")
}
func (es *ProjectEventstore) AddProjectMember(ctx context.Context, member *proj_model.ProjectMember) (*proj_model.ProjectMember, error) {
if !member.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-2OWkC", "Errors.Project.Member.Invalid")
}
existingProject, err := es.ProjectByID(ctx, member.AggregateID)
if err != nil {
return nil, err
}
if _, m := existingProject.GetMember(member.UserID); m != nil {
return nil, caos_errs.ThrowAlreadyExists(nil, "EVENT-idke6", "Errors.Project.Member.AlreadyExists")
}
repoProject := model.ProjectFromModel(existingProject)
repoMember := model.ProjectMemberFromModel(member)
addAggregate := ProjectMemberAddedAggregate(es.Eventstore.AggregateCreator(), repoProject, repoMember)
err = es_sdk.Push(ctx, es.PushAggregates, repoProject.AppendEvents, addAggregate)
if err != nil {
return nil, err
}
es.projectCache.cacheProject(repoProject)
if _, m := model.GetProjectMember(repoProject.Members, member.UserID); m != nil {
return model.ProjectMemberToModel(m), nil
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-rfQWv", "Errors.Internal")
}
func (es *ProjectEventstore) ChangeProjectMember(ctx context.Context, member *proj_model.ProjectMember) (*proj_model.ProjectMember, error) {
if !member.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Buh04", "Errors.Project.Member.Invalid")
}
existingProject, err := es.ProjectByID(ctx, member.AggregateID)
if err != nil {
return nil, err
}
if _, m := existingProject.GetMember(member.UserID); m == nil {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-oe39f", "Errors.Project.Member.NotExisting")
}
repoProject := model.ProjectFromModel(existingProject)
repoMember := model.ProjectMemberFromModel(member)
projectAggregate := ProjectMemberChangedAggregate(es.Eventstore.AggregateCreator(), repoProject, repoMember)
err = es_sdk.Push(ctx, es.PushAggregates, repoProject.AppendEvents, projectAggregate)
if err != nil {
return nil, err
}
es.projectCache.cacheProject(repoProject)
if _, m := model.GetProjectMember(repoProject.Members, member.UserID); m != nil {
return model.ProjectMemberToModel(m), nil
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-pLyzi", "Errors.Internal")
}
func (es *ProjectEventstore) RemoveProjectMember(ctx context.Context, member *proj_model.ProjectMember) error {
if member.UserID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-d43fs", "Errors.Project.Member.Invalid")
}
existingProject, err := es.ProjectByID(ctx, member.AggregateID)
if err != nil {
return err
}
if _, m := existingProject.GetMember(member.UserID); m == nil {
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-swf34", "Errors.Project.Member.NotExisting")
}
repoProject := model.ProjectFromModel(existingProject)
repoMember := model.ProjectMemberFromModel(member)
projectAggregate := ProjectMemberRemovedAggregate(es.Eventstore.AggregateCreator(), repoProject, repoMember)
err = es_sdk.Push(ctx, es.PushAggregates, repoProject.AppendEvents, projectAggregate)
if err != nil {
return err
}
es.projectCache.cacheProject(repoProject)
return err
}
func (es *ProjectEventstore) PrepareRemoveProjectMember(ctx context.Context, member *proj_model.ProjectMember) (*model.ProjectMember, *es_models.Aggregate, error) {
if member.UserID == "" {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-tCXHE", "Errors.Project.Member.Invalid")
}
existingProject, err := es.ProjectByID(ctx, member.AggregateID)
if err != nil {
return nil, nil, err
}
if _, m := existingProject.GetMember(member.UserID); m == nil {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-wPcg5", "Errors.Project.Member.NotExisting")
}
repoProject := model.ProjectFromModel(existingProject)
repoMember := model.ProjectMemberFromModel(member)
projectAggregate := ProjectMemberRemovedAggregate(es.Eventstore.AggregateCreator(), repoProject, repoMember)
agg, err := projectAggregate(ctx)
if err != nil {
return nil, nil, err
}
return repoMember, agg, err
}
func (es *ProjectEventstore) AddProjectRoles(ctx context.Context, roles ...*proj_model.ProjectRole) (*proj_model.ProjectRole, error) {
if roles == nil || len(roles) == 0 {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-uOJAs", "Errors.Project.MinimumOneRoleNeeded")
}
for _, role := range roles {
if !role.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-iduG4", "Errors.Project.Role.Invalid")
}
}
existingProject, err := es.ProjectByID(ctx, roles[0].AggregateID)
if err != nil {
return nil, err
}
for _, role := range roles {
if existingProject.ContainsRole(role) {
return nil, caos_errs.ThrowAlreadyExists(nil, "EVENT-sk35t", "Errors.Project.Role.AlreadyExists")
}
}
repoProject := model.ProjectFromModel(existingProject)
repoRoles := model.ProjectRolesFromModel(roles)
projectAggregate := ProjectRoleAddedAggregate(es.Eventstore.AggregateCreator(), repoProject, repoRoles...)
err = es_sdk.Push(ctx, es.PushAggregates, repoProject.AppendEvents, projectAggregate)
if err != nil {
return nil, err
}
if len(repoRoles) > 1 {
return nil, nil
}
es.projectCache.cacheProject(repoProject)
if _, r := model.GetProjectRole(repoProject.Roles, repoRoles[0].Key); r != nil {
return model.ProjectRoleToModel(r), nil
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-sie83", "Errors.Internal")
}
func (es *ProjectEventstore) ChangeProjectRole(ctx context.Context, role *proj_model.ProjectRole) (*proj_model.ProjectRole, error) {
if !role.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-9die3", "Errors.Project.Role.Invalid")
}
existingProject, err := es.ProjectByID(ctx, role.AggregateID)
if err != nil {
return nil, err
}
if !existingProject.ContainsRole(role) {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-die34", "Errors.Project.Role.NotExisting")
}
repoProject := model.ProjectFromModel(existingProject)
repoRole := model.ProjectRoleFromModel(role)
projectAggregate := ProjectRoleChangedAggregate(es.Eventstore.AggregateCreator(), repoProject, repoRole)
err = es_sdk.Push(ctx, es.PushAggregates, repoProject.AppendEvents, projectAggregate)
if err != nil {
return nil, err
}
es.projectCache.cacheProject(repoProject)
if _, r := model.GetProjectRole(repoProject.Roles, role.Key); r != nil {
return model.ProjectRoleToModel(r), nil
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-sl1or", "Errors.Internal")
}
func (es *ProjectEventstore) PrepareRemoveProjectRole(ctx context.Context, role *proj_model.ProjectRole) (*model.Project, *es_models.Aggregate, error) {
if role.Key == "" {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-id823", "Errors.Project.Role.Invalid")
}
existingProject, err := es.ProjectByID(ctx, role.AggregateID)
if err != nil {
return nil, nil, err
}
if !existingProject.ContainsRole(role) {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-oe823", "Errors.Project.Role.NotExisting")
}
repoProject := model.ProjectFromModel(existingProject)
repoRole := model.ProjectRoleFromModel(role)
grants := es.RemoveRoleFromGrants(repoProject, role.Key)
projectAggregate, err := ProjectRoleRemovedAggregate(ctx, es.Eventstore.AggregateCreator(), repoProject, repoRole, grants)
if err != nil {
return nil, nil, err
}
return repoProject, projectAggregate, nil
}
func (es *ProjectEventstore) RemoveRoleFromGrants(existingProject *model.Project, roleKey string) []*model.ProjectGrant {
grants := make([]*model.ProjectGrant, len(existingProject.Grants))
for i, grant := range existingProject.Grants {
newGrant := *grant
roles := make([]string, 0)
for _, role := range newGrant.RoleKeys {
if role != roleKey {
roles = append(roles, role)
}
}
newGrant.RoleKeys = roles
grants[i] = &newGrant
}
return grants
}
func (es *ProjectEventstore) RemoveProjectRole(ctx context.Context, role *proj_model.ProjectRole) error {
project, aggregate, err := es.PrepareRemoveProjectRole(ctx, role)
if err != nil {
return err
}
err = es_sdk.PushAggregates(ctx, es.PushAggregates, project.AppendEvents, aggregate)
if err != nil {
return err
}
es.projectCache.cacheProject(project)
return nil
}
func (es *ProjectEventstore) ProjectChanges(ctx context.Context, id string, lastSequence uint64, limit uint64, sortAscending bool) (*proj_model.ProjectChanges, error) {
query := ChangesQuery(id, lastSequence, limit, sortAscending)
@@ -494,21 +147,6 @@ func ChangesQuery(projectID string, latestSequence, limit uint64, sortAscending
return query
}
func (es *ProjectEventstore) ApplicationByIDs(ctx context.Context, projectID, appID string) (*proj_model.Application, error) {
if projectID == "" || appID == "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-ld93d", "Errors.Project.IDMissing")
}
project, err := es.ProjectByID(ctx, projectID)
if err != nil {
return nil, err
}
if _, a := project.GetApp(appID); a != nil {
return a, nil
}
return nil, caos_errs.ThrowNotFound(nil, "EVENT-8ei2s", "Errors.Project.App.NotFound")
}
func (es *ProjectEventstore) AddApplication(ctx context.Context, app *proj_model.Application) (*proj_model.Application, error) {
if app == nil || !app.IsValid(true) {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-9eidw", "Errors.Project.App.Invalid")
@@ -568,75 +206,6 @@ func (es *ProjectEventstore) AddApplication(ctx context.Context, app *proj_model
return nil, caos_errs.ThrowInternal(nil, "EVENT-GvPct", "Errors.Internal")
}
func (es *ProjectEventstore) ChangeApplication(ctx context.Context, app *proj_model.Application) (*proj_model.Application, error) {
if app == nil || !app.IsValid(false) {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-dieuw", "Errors.Project.App.Invalid")
}
existingProject, err := es.ProjectByID(ctx, app.AggregateID)
if err != nil {
return nil, err
}
if _, app := existingProject.GetApp(app.AppID); app == nil {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-die83", "Errors.Project.App.NotExisting")
}
repoProject := model.ProjectFromModel(existingProject)
repoApp := model.AppFromModel(app)
projectAggregate := ApplicationChangedAggregate(es.Eventstore.AggregateCreator(), repoProject, repoApp)
err = es_sdk.Push(ctx, es.PushAggregates, repoProject.AppendEvents, projectAggregate)
if err != nil {
return nil, err
}
es.projectCache.cacheProject(repoProject)
if _, a := model.GetApplication(repoProject.Applications, app.AppID); a != nil {
return model.AppToModel(a), nil
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-dksi8", "Errors.Internal")
}
func (es *ProjectEventstore) RemoveApplication(ctx context.Context, app *proj_model.Application) error {
if app.AppID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-id832", "Errors.Project.IDMissing")
}
existingProject, err := es.ProjectByID(ctx, app.AggregateID)
if err != nil {
return err
}
if _, app := existingProject.GetApp(app.AppID); app == nil {
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-di83s", "Errors.Project.App.NotExisting")
}
repoProject := model.ProjectFromModel(existingProject)
appRepo := model.AppFromModel(app)
projectAggregate := ApplicationRemovedAggregate(es.Eventstore.AggregateCreator(), repoProject, appRepo)
err = es_sdk.Push(ctx, es.PushAggregates, repoProject.AppendEvents, projectAggregate)
if err != nil {
return err
}
es.projectCache.cacheProject(repoProject)
return nil
}
func (es *ProjectEventstore) PrepareRemoveApplication(ctx context.Context, app *proj_model.Application) (*model.Application, *es_models.Aggregate, error) {
if app.AppID == "" {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-xu0Wy", "Errors.Project.IDMissing")
}
existingProject, err := es.ProjectByID(ctx, app.AggregateID)
if err != nil {
return nil, nil, err
}
if _, app := existingProject.GetApp(app.AppID); app == nil {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-gaOD2", "Errors.Project.App.NotExisting")
}
repoProject := model.ProjectFromModel(existingProject)
appRepo := model.AppFromModel(app)
projectAggregate := ApplicationRemovedAggregate(es.Eventstore.AggregateCreator(), repoProject, appRepo)
agg, err := projectAggregate(ctx)
if err != nil {
return nil, nil, err
}
return appRepo, agg, nil
}
func (es *ProjectEventstore) ApplicationChanges(ctx context.Context, projectID string, appID string, lastSequence uint64, limit uint64, sortAscending bool) (*proj_model.ApplicationChanges, error) {
query := ChangesQuery(projectID, lastSequence, limit, sortAscending)
@@ -683,90 +252,6 @@ func (es *ProjectEventstore) ApplicationChanges(ctx context.Context, projectID s
}, nil
}
func (es *ProjectEventstore) DeactivateApplication(ctx context.Context, projectID, appID string) (*proj_model.Application, error) {
if appID == "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-dlp9e", "Errors.Project.IDMissing")
}
existingProject, err := es.ProjectByID(ctx, projectID)
if err != nil {
return nil, err
}
app := &proj_model.Application{AppID: appID}
if _, app := existingProject.GetApp(app.AppID); app == nil {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-slpe9", "Errors.Project.App.NotExisting")
}
repoProject := model.ProjectFromModel(existingProject)
repoApp := model.AppFromModel(app)
projectAggregate := ApplicationDeactivatedAggregate(es.Eventstore.AggregateCreator(), repoProject, repoApp)
err = es_sdk.Push(ctx, es.PushAggregates, repoProject.AppendEvents, projectAggregate)
if err != nil {
return nil, err
}
es.projectCache.cacheProject(repoProject)
if _, a := model.GetApplication(repoProject.Applications, app.AppID); a != nil {
return model.AppToModel(a), nil
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-sie83", "Errors.Internal")
}
func (es *ProjectEventstore) ReactivateApplication(ctx context.Context, projectID, appID string) (*proj_model.Application, error) {
if appID == "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-0odi2", "Errors.Project.IDMissing")
}
existingProject, err := es.ProjectByID(ctx, projectID)
if err != nil {
return nil, err
}
app := &proj_model.Application{AppID: appID}
if _, app := existingProject.GetApp(app.AppID); app == nil {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-ld92d", "Errors.Project.App.NotExisting")
}
repoProject := model.ProjectFromModel(existingProject)
repoApp := model.AppFromModel(app)
projectAggregate := ApplicationReactivatedAggregate(es.Eventstore.AggregateCreator(), repoProject, repoApp)
err = es_sdk.Push(ctx, es.PushAggregates, repoProject.AppendEvents, projectAggregate)
if err != nil {
return nil, err
}
es.projectCache.cacheProject(repoProject)
if _, a := model.GetApplication(repoProject.Applications, app.AppID); a != nil {
return model.AppToModel(a), nil
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-sld93", "Errors.Internal")
}
func (es *ProjectEventstore) ChangeOIDCConfig(ctx context.Context, config *proj_model.OIDCConfig) (*proj_model.OIDCConfig, error) {
if config == nil || !config.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-du834", "Errors.Project.App.OIDCConfigInvalid")
}
existingProject, err := es.ProjectByID(ctx, config.AggregateID)
if err != nil {
return nil, err
}
var app *proj_model.Application
if _, app = existingProject.GetApp(config.AppID); app == nil {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-dkso8", "Errors.Project.AppNoExisting")
}
if app.Type != proj_model.AppTypeOIDC {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-98uje", "Errors.Project.App.IsNotOIDC")
}
repoProject := model.ProjectFromModel(existingProject)
repoConfig := model.OIDCConfigFromModel(config)
projectAggregate := OIDCConfigChangedAggregate(es.Eventstore.AggregateCreator(), repoProject, repoConfig)
err = es_sdk.Push(ctx, es.PushAggregates, repoProject.AppendEvents, projectAggregate)
if err != nil {
return nil, err
}
es.projectCache.cacheProject(repoProject)
if _, a := model.GetApplication(repoProject.Applications, app.AppID); a != nil {
return model.OIDCConfigToModel(a.OIDCConfig), nil
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-dk87s", "Errors.Internal")
}
func (es *ProjectEventstore) ChangeAPIConfig(ctx context.Context, config *proj_model.APIConfig) (*proj_model.APIConfig, error) {
if config == nil || !config.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-SDg54", "Errors.Project.APIConfigInvalid")
@@ -995,270 +480,3 @@ func (es *ProjectEventstore) RemoveApplicationKey(ctx context.Context, projectID
es.projectCache.cacheProject(repoProject)
return nil
}
func (es *ProjectEventstore) ProjectGrantByIDs(ctx context.Context, projectID, grantID string) (*proj_model.ProjectGrant, error) {
if grantID == "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-e8die", "Errors.Project.IDMissing")
}
project, err := es.ProjectByID(ctx, projectID)
if err != nil {
return nil, err
}
if _, g := project.GetGrant(grantID); g != nil {
return g, nil
}
return nil, caos_errs.ThrowNotFound(nil, "EVENT-slo45", "Errors.Project.Grant.NotFound")
}
func (es *ProjectEventstore) AddProjectGrant(ctx context.Context, grant *proj_model.ProjectGrant) (*proj_model.ProjectGrant, error) {
if grant == nil || !grant.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-37dhs", "Errors.Project.Grant.Invalid")
}
project, err := es.ProjectByID(ctx, grant.AggregateID)
if err != nil {
return nil, err
}
if project.ContainsGrantForOrg(grant.GrantedOrgID) {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-7ug4g", "Errors.Project.Grant.AlreadyExists")
}
if !project.ContainsRoles(grant.RoleKeys) {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-di83d", "Errors.Project.Grant.HasNotExistingRole")
}
id, err := es.idGenerator.Next()
if err != nil {
return nil, err
}
grant.GrantID = id
repoProject := model.ProjectFromModel(project)
repoGrant := model.GrantFromModel(grant)
addAggregate := ProjectGrantAddedAggregate(es.Eventstore.AggregateCreator(), repoProject, repoGrant)
err = es_sdk.Push(ctx, es.PushAggregates, repoProject.AppendEvents, addAggregate)
if err != nil {
return nil, err
}
if _, g := model.GetProjectGrant(repoProject.Grants, grant.GrantID); g != nil {
return model.GrantToModel(g), nil
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-sk3t5", "Errors.Internal")
}
func (es *ProjectEventstore) PrepareChangeProjectGrant(ctx context.Context, grant *proj_model.ProjectGrant) (*model.Project, func(ctx context.Context) (*es_models.Aggregate, error), []string, error) {
if grant == nil && grant.GrantID == "" {
return nil, nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-8sie3", "Errors.Project.Grant.Invalid")
}
existingProject, err := es.ProjectByID(ctx, grant.AggregateID)
if err != nil {
return nil, nil, nil, err
}
_, existingGrant := existingProject.GetGrant(grant.GrantID)
if existingGrant == nil {
return nil, nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-die83", "Errors.Project.Grant.NotExisting")
}
if !existingProject.ContainsRoles(grant.RoleKeys) {
return nil, nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-di83d", "Error.Project.Grant.HasNotExistingRole")
}
removedRoles := existingGrant.GetRemovedRoles(grant.RoleKeys)
repoProject := model.ProjectFromModel(existingProject)
repoGrant := model.GrantFromModel(grant)
projectAggregate := ProjectGrantChangedAggregate(es.Eventstore.AggregateCreator(), repoProject, repoGrant)
return repoProject, projectAggregate, removedRoles, nil
}
func (es *ProjectEventstore) RemoveProjectGrant(ctx context.Context, grant *proj_model.ProjectGrant) error {
repoProject, projectAggregate, err := es.PrepareRemoveProjectGrant(ctx, grant)
if err != nil {
return err
}
err = es_sdk.Push(ctx, es.PushAggregates, repoProject.AppendEvents, projectAggregate)
if err != nil {
return err
}
es.projectCache.cacheProject(repoProject)
return nil
}
func (es *ProjectEventstore) RemoveProjectGrants(ctx context.Context, grants ...*proj_model.ProjectGrant) error {
aggregates := make([]*es_models.Aggregate, len(grants))
for i, grant := range grants {
_, projectAggregate, err := es.PrepareRemoveProjectGrant(ctx, grant)
if err != nil {
return err
}
agg, err := projectAggregate(ctx)
if err != nil {
return err
}
aggregates[i] = agg
}
return es_sdk.PushAggregates(ctx, es.PushAggregates, nil, aggregates...)
}
func (es *ProjectEventstore) PrepareRemoveProjectGrant(ctx context.Context, grant *proj_model.ProjectGrant) (*model.Project, func(ctx context.Context) (*es_models.Aggregate, error), error) {
if grant.GrantID == "" {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-8eud6", "Errors.Project.IDMissing")
}
existingProject, err := es.ProjectByID(ctx, grant.AggregateID)
if err != nil {
return nil, nil, err
}
if _, g := existingProject.GetGrant(grant.GrantID); g == nil {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-9ie3s", "Errors.Project.Grant.NotExisting")
}
repoProject := model.ProjectFromModel(existingProject)
grantRepo := model.GrantFromModel(grant)
projectAggregate := ProjectGrantRemovedAggregate(es.Eventstore.AggregateCreator(), repoProject, grantRepo)
return repoProject, projectAggregate, nil
}
func (es *ProjectEventstore) DeactivateProjectGrant(ctx context.Context, projectID, grantID string) (*proj_model.ProjectGrant, error) {
if grantID == "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-7due2", "Errors.Project.IDMissing")
}
existingProject, err := es.ProjectByID(ctx, projectID)
if err != nil {
return nil, err
}
grant := &proj_model.ProjectGrant{GrantID: grantID}
if _, g := existingProject.GetGrant(grant.GrantID); g == nil {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-slpe9", "Errors.Project.Grant.NotExisting")
}
repoProject := model.ProjectFromModel(existingProject)
repoGrant := model.GrantFromModel(grant)
projectAggregate := ProjectGrantDeactivatedAggregate(es.Eventstore.AggregateCreator(), repoProject, repoGrant)
err = es_sdk.Push(ctx, es.PushAggregates, repoProject.AppendEvents, projectAggregate)
if err != nil {
return nil, err
}
es.projectCache.cacheProject(repoProject)
if _, g := model.GetProjectGrant(repoProject.Grants, grant.GrantID); g != nil {
return model.GrantToModel(g), nil
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-sie83", "Errors.Internal")
}
func (es *ProjectEventstore) ReactivateProjectGrant(ctx context.Context, projectID, grantID string) (*proj_model.ProjectGrant, error) {
if grantID == "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-d7suw", "Errors.Project.IDMissing")
}
existingProject, err := es.ProjectByID(ctx, projectID)
if err != nil {
return nil, err
}
grant := &proj_model.ProjectGrant{GrantID: grantID}
if _, g := existingProject.GetGrant(grant.GrantID); g == nil {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-0spew", "Errors.Project.Grant.NotExisting")
}
repoProject := model.ProjectFromModel(existingProject)
repoGrant := model.GrantFromModel(grant)
projectAggregate := ProjectGrantReactivatedAggregate(es.Eventstore.AggregateCreator(), repoProject, repoGrant)
err = es_sdk.Push(ctx, es.PushAggregates, repoProject.AppendEvents, projectAggregate)
if err != nil {
return nil, err
}
es.projectCache.cacheProject(repoProject)
if _, g := model.GetProjectGrant(repoProject.Grants, grant.GrantID); g != nil {
return model.GrantToModel(g), nil
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-9osjw", "Errors.Internal")
}
func (es *ProjectEventstore) ProjectGrantMemberByIDs(ctx context.Context, member *proj_model.ProjectGrantMember) (*proj_model.ProjectGrantMember, error) {
if member.GrantID == "" || member.UserID == "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-8diw2", "Errors.Project.UserIDMissing")
}
project, err := es.ProjectByID(ctx, member.AggregateID)
if err != nil {
return nil, err
}
if _, g := project.GetGrant(member.GrantID); g != nil {
if _, m := g.GetMember(member.UserID); m != nil {
return m, nil
}
}
return nil, caos_errs.ThrowNotFound(nil, "EVENT-LxiBI", "Errors.Project.Member.NotFound")
}
func (es *ProjectEventstore) AddProjectGrantMember(ctx context.Context, member *proj_model.ProjectGrantMember) (*proj_model.ProjectGrantMember, error) {
if !member.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-0dor4", "Errors.Project.Member.Invalid")
}
existingProject, err := es.ProjectByID(ctx, member.AggregateID)
if err != nil {
return nil, err
}
if existingProject.ContainsGrantMember(member) {
return nil, caos_errs.ThrowAlreadyExists(nil, "EVENT-8die3", "Errors.Project.Member.AlreadyExists")
}
repoProject := model.ProjectFromModel(existingProject)
repoMember := model.GrantMemberFromModel(member)
addAggregate := ProjectGrantMemberAddedAggregate(es.Eventstore.AggregateCreator(), repoProject, repoMember)
err = es_sdk.Push(ctx, es.PushAggregates, repoProject.AppendEvents, addAggregate)
if err != nil {
return nil, err
}
es.projectCache.cacheProject(repoProject)
if _, g := model.GetProjectGrant(repoProject.Grants, member.GrantID); g != nil {
if _, m := model.GetProjectGrantMember(g.Members, member.UserID); m != nil {
return model.GrantMemberToModel(m), nil
}
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-BBcGD", "Errors.Internal")
}
func (es *ProjectEventstore) ChangeProjectGrantMember(ctx context.Context, member *proj_model.ProjectGrantMember) (*proj_model.ProjectGrantMember, error) {
if !member.IsValid() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-dkw35", "Errors.Project.Member.Invalid")
}
existingProject, err := es.ProjectByID(ctx, member.AggregateID)
if err != nil {
return nil, err
}
if !existingProject.ContainsGrantMember(member) {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-8dj4s", "Errors.Project.Member.NotExisting")
}
repoProject := model.ProjectFromModel(existingProject)
repoMember := model.GrantMemberFromModel(member)
projectAggregate := ProjectGrantMemberChangedAggregate(es.Eventstore.AggregateCreator(), repoProject, repoMember)
err = es_sdk.Push(ctx, es.PushAggregates, repoProject.AppendEvents, projectAggregate)
if err != nil {
return nil, err
}
es.projectCache.cacheProject(repoProject)
if _, g := model.GetProjectGrant(repoProject.Grants, member.GrantID); g != nil {
if _, m := model.GetProjectGrantMember(g.Members, member.UserID); m != nil {
return model.GrantMemberToModel(m), nil
}
}
return nil, caos_errs.ThrowInternal(nil, "EVENT-s8ur3", "Errors.Internal")
}
func (es *ProjectEventstore) RemoveProjectGrantMember(ctx context.Context, member *proj_model.ProjectGrantMember) error {
if member.UserID == "" {
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-8su4r", "Errors.Project.Member.Invalid")
}
existingProject, err := es.ProjectByID(ctx, member.AggregateID)
if err != nil {
return err
}
if !existingProject.ContainsGrantMember(member) {
return caos_errs.ThrowPreconditionFailed(nil, "EVENT-9ode4", "Errors.Project.Member.NotExisting")
}
repoProject := model.ProjectFromModel(existingProject)
repoMember := model.GrantMemberFromModel(member)
projectAggregate := ProjectGrantMemberRemovedAggregate(es.Eventstore.AggregateCreator(), repoProject, repoMember)
err = es_sdk.Push(ctx, es.PushAggregates, repoProject.AppendEvents, projectAggregate)
if err != nil {
return err
}
es.projectCache.cacheProject(repoProject)
return err
}

335
internal/project/repository/eventsourcing/eventstore_mock_test.go
View File

@@ -1,335 +0,0 @@
package eventsourcing
import (
"encoding/json"
"github.com/golang/mock/gomock"
mock_cache "github.com/caos/zitadel/internal/cache/mock"
"github.com/caos/zitadel/internal/crypto"
"github.com/caos/zitadel/internal/eventstore/mock"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/id"
proj_model "github.com/caos/zitadel/internal/project/model"
"github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
repo_model "github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
)
func GetMockedEventstore(ctrl *gomock.Controller, mockEs *mock.MockEventstore) *ProjectEventstore {
return &ProjectEventstore{
Eventstore: mockEs,
projectCache: GetMockCache(ctrl),
idGenerator: GetSonyFlacke(),
}
}
func GetMockedEventstoreWithPw(ctrl *gomock.Controller, mockEs *mock.MockEventstore) *ProjectEventstore {
return &ProjectEventstore{
Eventstore: mockEs,
projectCache: GetMockCache(ctrl),
idGenerator: GetSonyFlacke(),
pwGenerator: GetMockPwGenerator(ctrl),
}
}
func GetMockCache(ctrl *gomock.Controller) *ProjectCache {
mockCache := mock_cache.NewMockCache(ctrl)
mockCache.EXPECT().Get(gomock.Any(), gomock.Any()).Return(nil).AnyTimes()
mockCache.EXPECT().Set(gomock.Any(), gomock.Any()).Return(nil).AnyTimes()
return &ProjectCache{projectCache: mockCache}
}
func GetSonyFlacke() id.Generator {
return id.SonyFlakeGenerator
}
func GetMockPwGenerator(ctrl *gomock.Controller) crypto.Generator {
generator := crypto.NewMockGenerator(ctrl)
generator.EXPECT().Length().Return(uint(10))
generator.EXPECT().Runes().Return([]rune("abcdefghijklmnopqrstuvwxyz"))
generator.EXPECT().Alg().Return(crypto.NewBCrypt(10))
return generator
}
func GetMockProjectByIDOK(ctrl *gomock.Controller) *ProjectEventstore {
data, _ := json.Marshal(model.Project{Name: "Name"})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.ProjectAdded, Data: data},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockProjectByIDNoEvents(ctrl *gomock.Controller) *ProjectEventstore {
events := []*es_models.Event{}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateProject(ctrl *gomock.Controller) *ProjectEventstore {
data, _ := json.Marshal(model.Project{Name: "Name"})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.ProjectAdded, Data: data},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateProjectWithPw(ctrl *gomock.Controller) *ProjectEventstore {
data, _ := json.Marshal(model.Project{Name: "Name"})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.ProjectAdded, Data: data},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstoreWithPw(ctrl, mockEs)
}
func GetMockManipulateInactiveProject(ctrl *gomock.Controller) *ProjectEventstore {
data, _ := json.Marshal(model.Project{Name: "Name"})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.ProjectAdded, Data: data},
&es_models.Event{AggregateID: "AggregateID", Sequence: 2, Type: model.ProjectDeactivated, Data: data},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateProjectWithMember(ctrl *gomock.Controller) *ProjectEventstore {
data, _ := json.Marshal(model.Project{Name: "Name"})
memberData, _ := json.Marshal(model.ProjectMember{UserID: "UserID", Roles: []string{"Role"}})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.ProjectAdded, Data: data},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.ProjectMemberAdded, Data: memberData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateProjectWithRole(ctrl *gomock.Controller) *ProjectEventstore {
data, _ := json.Marshal(model.Project{Name: "Name"})
roleData, _ := json.Marshal(model.ProjectRole{Key: "Key", DisplayName: "DisplayName", Group: "Group"})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.ProjectAdded, Data: data},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.ProjectRoleAdded, Data: roleData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateProjectWithOIDCApp(ctrl *gomock.Controller, authMethod proj_model.OIDCAuthMethodType) *ProjectEventstore {
data, _ := json.Marshal(model.Project{Name: "Name"})
appData, _ := json.Marshal(model.Application{AppID: "AppID", Name: "Name"})
oidcData, _ := json.Marshal(model.OIDCConfig{
AppID: "AppID",
ResponseTypes: []int32{int32(proj_model.OIDCResponseTypeCode)},
GrantTypes: []int32{int32(proj_model.OIDCGrantTypeAuthorizationCode)},
AuthMethodType: int32(authMethod),
})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.ProjectAdded, Data: data},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.ApplicationAdded, Data: appData},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.OIDCConfigAdded, Data: oidcData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstoreWithPw(ctrl, mockEs)
}
func GetMockManipulateProjectWithSAMLApp(ctrl *gomock.Controller) *ProjectEventstore {
data, _ := json.Marshal(model.Project{Name: "Name"})
appData, _ := json.Marshal(model.Application{AppID: "AppID", Name: "Name"})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.ProjectAdded, Data: data},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.ApplicationAdded, Data: appData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateProjectWithGrant(ctrl *gomock.Controller) *ProjectEventstore {
data, _ := json.Marshal(model.Project{Name: "Name"})
grantData, _ := json.Marshal(model.ProjectGrant{GrantID: "ProjectGrantID", GrantedOrgID: "GrantedOrgID", RoleKeys: []string{"Key"}})
events := []*es_models.Event{
&es_models.Event{AggregateID: "ID", Sequence: 1, Type: model.ProjectAdded, Data: data},
&es_models.Event{AggregateID: "ID", Sequence: 1, Type: model.ProjectGrantAdded, Data: grantData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateProjectWithGrantExistingRole(ctrl *gomock.Controller) *ProjectEventstore {
data, _ := json.Marshal(model.Project{Name: "Name"})
roleData, _ := json.Marshal(model.ProjectRole{Key: "Key", DisplayName: "DisplayName", Group: "Group"})
roleData2, _ := json.Marshal(model.ProjectRole{Key: "KeyChanged", DisplayName: "DisplayName", Group: "Group"})
grantData, _ := json.Marshal(model.ProjectGrant{GrantID: "ProjectGrantID", GrantedOrgID: "GrantedOrgID", RoleKeys: []string{"Key"}})
events := []*es_models.Event{
&es_models.Event{AggregateID: "ID", Sequence: 1, Type: model.ProjectAdded, Data: data},
&es_models.Event{AggregateID: "ID", Sequence: 1, Type: model.ProjectRoleAdded, Data: roleData},
&es_models.Event{AggregateID: "ID", Sequence: 1, Type: model.ProjectRoleAdded, Data: roleData2},
&es_models.Event{AggregateID: "ID", Sequence: 1, Type: model.ProjectGrantAdded, Data: grantData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateProjectWithGrantMember(ctrl *gomock.Controller) *ProjectEventstore {
data, _ := json.Marshal(model.Project{Name: "Name"})
grantData, _ := json.Marshal(model.ProjectGrant{GrantID: "ProjectGrantID", GrantedOrgID: "GrantedOrgID", RoleKeys: []string{"Key"}})
memberData, _ := json.Marshal(model.ProjectGrantMember{GrantID: "ProjectGrantID", UserID: "UserID", Roles: []string{"Role"}})
events := []*es_models.Event{
&es_models.Event{AggregateID: "ID", Sequence: 1, Type: model.ProjectAdded, Data: data},
&es_models.Event{AggregateID: "ID", Sequence: 1, Type: model.ProjectGrantAdded, Data: grantData},
&es_models.Event{AggregateID: "ID", Sequence: 1, Type: model.ProjectGrantMemberAdded, Data: memberData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateProjectNoEvents(ctrl *gomock.Controller) *ProjectEventstore {
events := []*es_models.Event{}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockProjectMemberByIDsOK(ctrl *gomock.Controller) *ProjectEventstore {
projectData, _ := json.Marshal(model.Project{Name: "Name"})
memberData, _ := json.Marshal(model.ProjectMember{UserID: "UserID", Roles: []string{"Role"}})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.ProjectAdded, Data: projectData},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.ProjectMemberAdded, Data: memberData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockProjectAppsByIDsOK(ctrl *gomock.Controller) *ProjectEventstore {
projectData, _ := json.Marshal(model.Project{Name: "Name"})
appData, _ := json.Marshal(model.Application{AppID: "AppID", Name: "Name"})
oidcData, _ := json.Marshal(model.OIDCConfig{ClientID: "ClientID"})
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.ProjectAdded, Data: projectData},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.ApplicationAdded, Data: appData},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.OIDCConfigAdded, Data: oidcData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockProjectGrantByIDsOK(ctrl *gomock.Controller) *ProjectEventstore {
projectData, _ := json.Marshal(model.Project{Name: "Name"})
grantData, _ := json.Marshal(model.ProjectGrant{GrantID: "ProjectGrantID", GrantedOrgID: "ProjectGrantID", RoleKeys: []string{"Key"}})
events := []*es_models.Event{
&es_models.Event{AggregateID: "ID", Sequence: 1, Type: model.ProjectAdded, Data: projectData},
&es_models.Event{AggregateID: "ID", Sequence: 1, Type: model.ProjectGrantAdded, Data: grantData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockProjectGrantMemberByIDsOK(ctrl *gomock.Controller) *ProjectEventstore {
projectData, _ := json.Marshal(model.Project{Name: "Name"})
grantData, _ := json.Marshal(model.ProjectGrant{GrantID: "ProjectGrantID", GrantedOrgID: "ProjectGrantID", RoleKeys: []string{"Key"}})
memberData, _ := json.Marshal(model.ProjectGrantMember{GrantID: "ProjectGrantID", UserID: "UserID", Roles: []string{"Role"}})
events := []*es_models.Event{
&es_models.Event{AggregateID: "ID", Sequence: 1, Type: model.ProjectAdded, Data: projectData},
&es_models.Event{AggregateID: "ID", Sequence: 1, Type: model.ProjectGrantAdded, Data: grantData},
&es_models.Event{AggregateID: "ID", Sequence: 1, Type: model.ProjectGrantMemberAdded, Data: memberData},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockChangesProjectOK(ctrl *gomock.Controller) *ProjectEventstore {
project := model.Project{
Name: "MusterProject",
}
data, err := json.Marshal(project)
if err != nil {
}
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateIDProject", Sequence: 1, AggregateType: repo_model.ProjectAggregate, Data: data},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
return GetMockedEventstoreComplexity(ctrl, mockEs)
}
func GetMockChangesProjectNoEvents(ctrl *gomock.Controller) *ProjectEventstore {
events := []*es_models.Event{}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
return GetMockedEventstoreComplexity(ctrl, mockEs)
}
func GetMockedEventstoreComplexity(ctrl *gomock.Controller, mockEs *mock.MockEventstore) *ProjectEventstore {
return &ProjectEventstore{
Eventstore: mockEs,
}
}
func GetMockChangesApplicationOK(ctrl *gomock.Controller) *ProjectEventstore {
app := model.Application{
Name: "MusterApp",
AppID: "AppId",
Type: 3,
}
data, err := json.Marshal(app)
if err != nil {
}
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateIDApp", Type: "project.application.added", Sequence: 1, AggregateType: repo_model.ProjectAggregate, Data: data},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
return GetMockedEventstoreComplexity(ctrl, mockEs)
}
func GetMockChangesApplicationNoEvents(ctrl *gomock.Controller) *ProjectEventstore {
events := []*es_models.Event{}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
return GetMockedEventstoreComplexity(ctrl, mockEs)
}

2888
internal/project/repository/eventsourcing/eventstore_test.go
View File

File diff suppressed because it is too large Load Diff

118
internal/project/repository/eventsourcing/model/project_role_test.go
View File

@@ -1,118 +0,0 @@
package model
import (
"encoding/json"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"testing"
)
func TestAppendAddRoleEvent(t *testing.T) {
type args struct {
project *Project
role *ProjectRole
event *es_models.Event
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append add role event",
args: args{
project: &Project{},
role: &ProjectRole{Key: "Key", DisplayName: "DisplayName", Group: "Group"},
event: &es_models.Event{},
},
result: &Project{Roles: []*ProjectRole{&ProjectRole{Key: "Key", DisplayName: "DisplayName", Group: "Group"}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.role != nil {
data, _ := json.Marshal(tt.args.role)
tt.args.event.Data = data
}
tt.args.project.appendAddRoleEvent(tt.args.event)
if len(tt.args.project.Roles) != 1 {
t.Errorf("got wrong result should have one role actual: %v ", len(tt.args.project.Roles))
}
if tt.args.project.Roles[0] == tt.result.Roles[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.Roles[0], tt.args.project.Roles[0])
}
})
}
}
func TestAppendChangeRoleEvent(t *testing.T) {
type args struct {
project *Project
role *ProjectRole
event *es_models.Event
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append change role event",
args: args{
project: &Project{Roles: []*ProjectRole{&ProjectRole{Key: "Key", DisplayName: "DisplayName", Group: "Group"}}},
role: &ProjectRole{Key: "Key", DisplayName: "DisplayNameChanged", Group: "Group"},
event: &es_models.Event{},
},
result: &Project{Roles: []*ProjectRole{&ProjectRole{Key: "Key", DisplayName: "DisplayNameChanged", Group: "Group"}}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.role != nil {
data, _ := json.Marshal(tt.args.role)
tt.args.event.Data = data
}
tt.args.project.appendChangeRoleEvent(tt.args.event)
if len(tt.args.project.Roles) != 1 {
t.Errorf("got wrong result should have one role actual: %v ", len(tt.args.project.Roles))
}
if tt.args.project.Roles[0] == tt.result.Roles[0] {
t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result.Roles[0], tt.args.project.Roles[0])
}
})
}
}
func TestAppendRemoveRoleEvent(t *testing.T) {
type args struct {
project *Project
role *ProjectRole
event *es_models.Event
}
tests := []struct {
name string
args args
result *Project
}{
{
name: "append remove role event",
args: args{
project: &Project{Roles: []*ProjectRole{&ProjectRole{Key: "Key", DisplayName: "DisplayName", Group: "Group"}}},
role: &ProjectRole{Key: "Key"},
event: &es_models.Event{},
},
result: &Project{Roles: []*ProjectRole{}},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.args.role != nil {
data, _ := json.Marshal(tt.args.role)
tt.args.event.Data = data
}
tt.args.project.appendRemoveRoleEvent(tt.args.event)
if len(tt.args.project.Roles) != 0 {
t.Errorf("got wrong result should have no role actual: %v ", len(tt.args.project.Roles))
}
})
}
}

498
internal/project/repository/eventsourcing/project.go
View File

@@ -3,16 +3,11 @@ package eventsourcing
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/crypto"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
es_sdk "github.com/caos/zitadel/internal/eventstore/sdk"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
usr_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
)
func ProjectByIDQuery(id string, latestSequence uint64) (*es_models.SearchQuery, error) {
@@ -36,194 +31,6 @@ func ProjectAggregate(ctx context.Context, aggCreator *es_models.AggregateCreato
return aggCreator.NewAggregate(ctx, project.AggregateID, model.ProjectAggregate, model.ProjectVersion, project.Sequence)
}
func ProjectAggregateOverwriteContext(ctx context.Context, aggCreator *es_models.AggregateCreator, project *model.Project, resourceOwnerID string, userID string) (*es_models.Aggregate, error) {
if project == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-ADv2r", "Errors.Internal")
}
return aggCreator.NewAggregate(ctx, project.AggregateID, model.ProjectAggregate, model.ProjectVersion, project.Sequence, es_models.OverwriteResourceOwner(resourceOwnerID), es_models.OverwriteEditorUser(userID))
}
func ProjectCreateAggregate(aggCreator *es_models.AggregateCreator, project *model.Project, member *model.ProjectMember) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if project == nil || member == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-kdie6", "Errors.Internal")
}
agg, err := ProjectAggregate(ctx, aggCreator, project)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.ProjectAggregate).
ResourceOwnerFilter(authz.GetCtxData(ctx).OrgID).
EventTypesFilter(model.ProjectAdded, model.ProjectChanged, model.ProjectRemoved)
validation := addProjectValidation(project.Name)
agg, err = agg.SetPrecondition(validationQuery, validation).AppendEvent(model.ProjectAdded, project)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.ProjectMemberAdded, member)
}
}
func ProjectUpdateAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, newProject *model.Project) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if newProject == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-dhr74", "Errors.Internal")
}
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
changes := existingProject.Changes(newProject)
if len(changes) == 0 {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-9soPE", "Errors.NoChangesFound")
}
if existingProject.Name != newProject.Name {
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(model.ProjectAggregate).
EventTypesFilter(model.ProjectAdded, model.ProjectChanged, model.ProjectRemoved)
validation := addProjectValidation(newProject.Name)
agg.SetPrecondition(validationQuery, validation)
}
return agg.AppendEvent(model.ProjectChanged, changes)
}
}
func ProjectDeactivateAggregate(aggCreator *es_models.AggregateCreator, project *model.Project) func(ctx context.Context) (*es_models.Aggregate, error) {
return projectStateAggregate(aggCreator, project, model.ProjectDeactivated)
}
func ProjectReactivateAggregate(aggCreator *es_models.AggregateCreator, project *model.Project) func(ctx context.Context) (*es_models.Aggregate, error) {
return projectStateAggregate(aggCreator, project, model.ProjectReactivated)
}
func projectStateAggregate(aggCreator *es_models.AggregateCreator, project *model.Project, state models.EventType) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
agg, err := ProjectAggregate(ctx, aggCreator, project)
if err != nil {
return nil, err
}
return agg.AppendEvent(state, nil)
}
}
func ProjectRemovedAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, existingProject *model.Project) (*es_models.Aggregate, error) {
if existingProject == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Cj7lb", "Errors.Internal")
}
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.ProjectRemoved, existingProject)
}
func ProjectMemberAddedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, member *model.ProjectMember) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if member == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-ie34f", "Errors.Internal")
}
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(usr_model.UserAggregate).
AggregateIDFilter(member.UserID)
validation := addProjectMemberValidation()
return agg.SetPrecondition(validationQuery, validation).AppendEvent(model.ProjectMemberAdded, member)
}
}
func ProjectMemberChangedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, member *model.ProjectMember) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if member == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-d34fs", "Errors.Internal")
}
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.ProjectMemberChanged, member)
}
}
func ProjectMemberRemovedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, member *model.ProjectMember) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if member == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-dieu7", "Errors.Internal")
}
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.ProjectMemberRemoved, member)
}
}
func ProjectRoleAddedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, roles ...*model.ProjectRole) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if roles == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-sleo9", "Errors.Internal")
}
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
for _, role := range roles {
agg, err = agg.AppendEvent(model.ProjectRoleAdded, role)
if err != nil {
return nil, err
}
}
return agg, nil
}
}
func ProjectRoleChangedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, role *model.ProjectRole) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if role == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-oe8sf", "Errors.Internal")
}
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.ProjectRoleChanged, role)
}
}
func ProjectRoleRemovedAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, existingProject *model.Project, role *model.ProjectRole, grants []*model.ProjectGrant) (*es_models.Aggregate, error) {
if role == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-d8eis", "Errors.Internal")
}
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
agg, err = agg.AppendEvent(model.ProjectRoleRemoved, role)
if err != nil {
return nil, err
}
for _, grant := range grants {
var changes map[string]interface{}
if _, g := model.GetProjectGrant(existingProject.Grants, grant.GrantID); grant != nil {
changes = g.Changes(grant)
agg, err = agg.AppendEvent(model.ProjectGrantCascadeChanged, changes)
if err != nil {
return nil, err
}
}
}
return agg, nil
}
func ApplicationAddedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, app *model.Application) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if app == nil {
@@ -244,95 +51,6 @@ func ApplicationAddedAggregate(aggCreator *es_models.AggregateCreator, existingP
}
}
func ApplicationChangedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, app *model.Application) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if app == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-sleo9", "Errors.Internal")
}
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
var changes map[string]interface{}
for _, a := range existingProject.Applications {
if a.AppID == app.AppID {
changes = a.Changes(app)
}
}
agg.AppendEvent(model.ApplicationChanged, changes)
return agg, nil
}
}
func ApplicationRemovedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, app *model.Application) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if app == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-se23g", "Errors.Internal")
}
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
agg.AppendEvent(model.ApplicationRemoved, &model.ApplicationID{AppID: app.AppID})
return agg, nil
}
}
func ApplicationDeactivatedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, app *model.Application) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if app == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-slfi3", "Errors.Internal")
}
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
agg.AppendEvent(model.ApplicationDeactivated, &model.ApplicationID{AppID: app.AppID})
return agg, nil
}
}
func ApplicationReactivatedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, app *model.Application) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if app == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-slf32", "Errors.Internal")
}
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
agg.AppendEvent(model.ApplicationReactivated, &model.ApplicationID{AppID: app.AppID})
return agg, nil
}
}
func OIDCConfigChangedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, config *model.OIDCConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if config == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-slf32", "Errors.Internal")
}
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
var changes map[string]interface{}
for _, a := range existingProject.Applications {
if a.AppID == config.AppID {
if a.OIDCConfig != nil {
changes = a.OIDCConfig.Changes(config)
}
}
}
agg.AppendEvent(model.OIDCConfigChanged, changes)
return agg, nil
}
}
func APIConfigChangedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, config *model.APIConfig) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if config == nil {
@@ -444,219 +162,3 @@ func OIDCApplicationKeyRemovedAggregate(aggCreator *es_models.AggregateCreator,
return agg, nil
}
}
func ProjectGrantAddedAggregate(aggCreator *es_models.AggregateCreator, project *model.Project, grant *model.ProjectGrant) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if grant == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-kd89w", "Errors.Internal")
}
agg, err := ProjectAggregate(ctx, aggCreator, project)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(org_es_model.OrgAggregate).
AggregateIDFilter(grant.GrantedOrgID)
validation := addProjectGrantValidation()
agg.SetPrecondition(validationQuery, validation).AppendEvent(model.ProjectGrantAdded, grant)
return agg, nil
}
}
func ProjectGrantChangedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, grant *model.ProjectGrant) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if grant == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-d9ie2", "Errors.Internal")
}
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
var changes map[string]interface{}
for _, g := range existingProject.Grants {
if g.GrantID == grant.GrantID {
changes = g.Changes(grant)
}
}
agg.AppendEvent(model.ProjectGrantChanged, changes)
return agg, nil
}
}
func ProjectGrantRemovedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, grant *model.ProjectGrant) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if grant == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-kci8d", "Errors.Internal")
}
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
agg.AppendEvent(model.ProjectGrantRemoved, &model.ProjectGrantID{GrantID: grant.GrantID})
return agg, nil
}
}
func ProjectGrantDeactivatedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, grant *model.ProjectGrant) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if grant == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-id832", "Errors.Internal")
}
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
agg.AppendEvent(model.ProjectGrantDeactivated, &model.ProjectGrantID{GrantID: grant.GrantID})
return agg, nil
}
}
func ProjectGrantReactivatedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, grant *model.ProjectGrant) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if grant == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-8diw2", "Errors.Internal")
}
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.ProjectGrantReactivated, &model.ProjectGrantID{GrantID: grant.GrantID})
}
}
func ProjectGrantMemberAddedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, member *model.ProjectGrantMember) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if member == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-4ufh6", "Errors.Internal")
}
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(usr_model.UserAggregate).
AggregateIDFilter(member.UserID)
validation := addProjectGrantMemberValidation()
return agg.SetPrecondition(validationQuery, validation).AppendEvent(model.ProjectGrantMemberAdded, member)
}
}
func ProjectGrantMemberChangedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, member *model.ProjectGrantMember) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if member == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-d8i4h", "Errors.Internal")
}
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
changes := make(map[string]interface{}, 1)
changes["grantId"] = member.GrantID
changes["userId"] = member.UserID
changes["roles"] = member.Roles
return agg.AppendEvent(model.ProjectGrantMemberChanged, changes)
}
}
func ProjectGrantMemberRemovedAggregate(aggCreator *es_models.AggregateCreator, existingProject *model.Project, member *model.ProjectGrantMember) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if member == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-slp0r", "Errors.Internal")
}
agg, err := ProjectAggregate(ctx, aggCreator, existingProject)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.ProjectGrantMemberRemoved, member)
}
}
func addProjectValidation(projectName string) func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
projects := make([]*model.Project, 0)
for _, event := range events {
switch event.Type {
case model.ProjectAdded:
project := &model.Project{ObjectRoot: es_models.ObjectRoot{AggregateID: event.AggregateID}}
project.AppendAddProjectEvent(event)
projects = append(projects, project)
case model.ProjectChanged:
_, project := model.GetProject(projects, event.AggregateID)
project.AppendAddProjectEvent(event)
case model.ProjectRemoved:
for i := len(projects) - 1; i >= 0; i-- {
if projects[i].AggregateID == event.AggregateID {
projects[i] = projects[len(projects)-1]
projects[len(projects)-1] = nil
projects = projects[:len(projects)-1]
}
}
}
}
for _, p := range projects {
if p.Name == projectName {
return errors.ThrowPreconditionFailed(nil, "EVENT-s9oPw", "Errors.Project.AlreadyExists")
}
}
return nil
}
}
func addProjectMemberValidation() func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
return checkExistsUser(events...)
}
}
func addProjectGrantValidation() func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
existsOrg := false
for _, event := range events {
switch event.AggregateType {
case org_es_model.OrgAggregate:
switch event.Type {
case org_es_model.OrgAdded:
existsOrg = true
case org_es_model.OrgRemoved:
existsOrg = false
}
}
}
if existsOrg {
return nil
}
return errors.ThrowPreconditionFailed(nil, "EVENT-3OfIm", "Errors.Project.OrgNotExisting")
}
}
func addProjectGrantMemberValidation() func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
return checkExistsUser(events...)
}
}
func checkExistsUser(events ...*es_models.Event) error {
existsUser := false
for _, event := range events {
switch event.AggregateType {
case usr_model.UserAggregate:
switch event.Type {
case usr_model.UserAdded, usr_model.UserRegistered, usr_model.HumanRegistered, usr_model.MachineAdded, usr_model.HumanAdded:
existsUser = true
case usr_model.UserRemoved:
existsUser = false
}
}
}
if existsUser {
return nil
}
return errors.ThrowPreconditionFailed(nil, "EVENT-3OfIm", "Errors.Project.UserNotExisting")
}

2277
internal/project/repository/eventsourcing/project_test.go
View File

File diff suppressed because it is too large Load Diff

18
internal/user/repository/eventsourcing/codes.go
View File

@@ -1,18 +0,0 @@
package eventsourcing
import (
"github.com/caos/zitadel/internal/crypto"
usr_model "github.com/caos/zitadel/internal/user/model"
"github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
)
func (es *UserEventstore) generatePasswordCode(passwordCode *model.PasswordCode, notifyType usr_model.NotificationType) error {
passwordCodeCrypto, _, err := crypto.NewCode(es.PasswordVerificationCode)
if err != nil {
return err
}
passwordCode.Code = passwordCodeCrypto
passwordCode.Expiry = es.PasswordVerificationCode.Expiry()
passwordCode.NotificationType = int32(notifyType)
return nil
}

1559
internal/user/repository/eventsourcing/eventstore.go
View File

File diff suppressed because it is too large Load Diff

545
internal/user/repository/eventsourcing/eventstore_mock_test.go
View File

@@ -1,545 +0,0 @@
package eventsourcing
import (
"encoding/json"
"time"
"github.com/golang/mock/gomock"
mock_cache "github.com/caos/zitadel/internal/cache/mock"
"github.com/caos/zitadel/internal/crypto"
"github.com/caos/zitadel/internal/eventstore/mock"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/id"
global_model "github.com/caos/zitadel/internal/model"
"github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
)
func GetMockedEventstore(ctrl *gomock.Controller, mockEs *mock.MockEventstore) *UserEventstore {
return &UserEventstore{
Eventstore: mockEs,
userCache: GetMockCache(ctrl),
idGenerator: GetSonyFlacke(),
}
}
func GetMockedEventstoreWithPw(ctrl *gomock.Controller, mockEs *mock.MockEventstore, init, email, phone, password bool) *UserEventstore {
es := &UserEventstore{
Eventstore: mockEs,
userCache: GetMockCache(ctrl),
idGenerator: GetSonyFlacke(),
}
if init {
es.InitializeUserCode = GetMockPwGenerator(ctrl)
}
if email {
es.EmailVerificationCode = GetMockPwGenerator(ctrl)
}
if phone {
es.PhoneVerificationCode = GetMockPwGenerator(ctrl)
}
if password {
es.PasswordVerificationCode = GetMockPwGenerator(ctrl)
es.PasswordAlg = crypto.CreateMockHashAlg(ctrl)
}
return es
}
func GetMockCache(ctrl *gomock.Controller) *UserCache {
mockCache := mock_cache.NewMockCache(ctrl)
mockCache.EXPECT().Get(gomock.Any(), gomock.Any()).Return(nil).AnyTimes()
mockCache.EXPECT().Set(gomock.Any(), gomock.Any()).Return(nil).AnyTimes()
return &UserCache{userCache: mockCache}
}
func GetSonyFlacke() id.Generator {
return id.SonyFlakeGenerator
}
func GetMockPwGenerator(ctrl *gomock.Controller) crypto.Generator {
alg := crypto.CreateMockEncryptionAlg(ctrl)
generator := crypto.NewMockGenerator(ctrl)
generator.EXPECT().Length().Return(uint(10))
generator.EXPECT().Runes().Return([]rune("abcdefghijklmnopqrstuvwxyz"))
generator.EXPECT().Alg().AnyTimes().Return(alg)
generator.EXPECT().Expiry().Return(time.Hour * 1)
return generator
}
func GetMockUserByIDOK(ctrl *gomock.Controller, user model.User) *UserEventstore {
data, _ := json.Marshal(user)
events := []*es_models.Event{
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, Type: model.UserAdded, Data: data},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockUserByIDNoEvents(ctrl *gomock.Controller) *UserEventstore {
events := []*es_models.Event{}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateUser(ctrl *gomock.Controller) *UserEventstore {
user := model.User{
UserName: "UserName",
Human: &model.Human{
Profile: &model.Profile{
DisplayName: "DisplayName",
},
},
}
data, _ := json.Marshal(user)
events := []*es_models.Event{
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, Type: model.UserAdded, Data: data},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateUserWithPWGenerator(ctrl *gomock.Controller, init, email, phone, password bool) *UserEventstore {
user := model.Human{
Profile: &model.Profile{
DisplayName: "DisplayName",
},
Email: &model.Email{
EmailAddress: "EmailAddress",
},
Phone: &model.Phone{
PhoneNumber: "PhoneNumber",
},
}
data, _ := json.Marshal(user)
events := []*es_models.Event{
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, Type: model.UserAdded, Data: data},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstoreWithPw(ctrl, mockEs, init, email, phone, password)
}
func GetMockManipulateUserWithInitCodeGen(ctrl *gomock.Controller, user model.User) *UserEventstore {
data, _ := json.Marshal(user)
events := []*es_models.Event{
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, Type: model.UserAdded, Data: data},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstoreWithPw(ctrl, mockEs, true, false, false, false)
}
func GetMockManipulateUserWithPasswordInitCodeGen(ctrl *gomock.Controller, user model.User) *UserEventstore {
data, _ := json.Marshal(user)
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, Type: model.UserAdded, Data: data},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstoreWithPw(ctrl, mockEs, true, false, false, true)
}
func GetMockManipulateUserWithPasswordAndEmailCodeGen(ctrl *gomock.Controller, user model.User) *UserEventstore {
data, _ := json.Marshal(user)
events := []*es_models.Event{
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, Type: model.UserAdded, Data: data},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstoreWithPw(ctrl, mockEs, false, true, false, true)
}
func GetMockManipulateUserWithEmailCodeGen(ctrl *gomock.Controller, user model.User, verified bool) *UserEventstore {
data, _ := json.Marshal(user)
events := []*es_models.Event{
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, Type: model.UserAdded, Data: data},
}
if verified {
email, _ := json.Marshal(model.Email{EmailAddress: "address"})
events = append(events,
&es_models.Event{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 2, Type: model.HumanEmailVerified},
&es_models.Event{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 3, Type: model.HumanEmailChanged, Data: email},
)
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstoreWithPw(ctrl, mockEs, false, true, false, false)
}
func GetMockManipulateUserWithPhoneCodeGen(ctrl *gomock.Controller, user model.User) *UserEventstore {
data, _ := json.Marshal(user)
events := []*es_models.Event{
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, Type: model.UserAdded, Data: data},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstoreWithPw(ctrl, mockEs, false, false, true, false)
}
func GetMockManipulateUserWithPasswordCodeGen(ctrl *gomock.Controller, user model.User, verified bool) *UserEventstore {
data, _ := json.Marshal(user)
code, _ := json.Marshal(user.PasswordCode)
events := []*es_models.Event{
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, Type: model.UserAdded, Data: data},
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 2, Type: model.UserPasswordCodeAdded, Data: code},
}
if verified {
events = append(events, &es_models.Event{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 3, Type: model.HumanEmailVerified})
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstoreWithPw(ctrl, mockEs, false, false, false, true)
}
func GetMockManipulateUserWithOTPGen(ctrl *gomock.Controller) *UserEventstore {
user := model.User{
UserName: "UserName",
Human: &model.Human{
Profile: &model.Profile{
DisplayName: "DisplayName",
},
},
}
data, _ := json.Marshal(user)
events := []*es_models.Event{
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, Type: model.UserAdded, Data: data},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
es := GetMockedEventstore(ctrl, mockEs)
hash := crypto.NewMockEncryptionAlgorithm(ctrl)
hash.EXPECT().Algorithm().Return("aes")
hash.EXPECT().Encrypt(gomock.Any()).Return(nil, nil)
hash.EXPECT().EncryptionKeyID().Return("id")
es.Multifactors = global_model.Multifactors{OTP: global_model.OTP{
Issuer: "Issuer",
CryptoMFA: hash,
}}
return es
}
func GetMockManipulateInactiveUser(ctrl *gomock.Controller) *UserEventstore {
user := model.Human{
Profile: &model.Profile{
DisplayName: "DisplayName",
},
}
data, _ := json.Marshal(user)
events := []*es_models.Event{
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, Type: model.UserAdded, Data: data},
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 2, Type: model.UserDeactivated},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateLockedUser(ctrl *gomock.Controller) *UserEventstore {
user := model.Human{
Profile: &model.Profile{
DisplayName: "DisplayName",
},
}
data, _ := json.Marshal(user)
events := []*es_models.Event{
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, Type: model.UserAdded, Data: data},
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, Type: model.UserLocked},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateUserWithInitCode(ctrl *gomock.Controller, user model.User) *UserEventstore {
code := model.InitUserCode{Code: &crypto.CryptoValue{
CryptoType: crypto.TypeEncryption,
Algorithm: "enc",
KeyID: "id",
Crypted: []byte("code"),
}}
dataUser, _ := json.Marshal(user)
dataCode, _ := json.Marshal(code)
events := []*es_models.Event{
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, Type: model.UserAdded, Data: dataUser},
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, Type: model.InitializedUserCodeAdded, Data: dataCode},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstoreWithPw(ctrl, mockEs, true, false, false, true)
}
func GetMockManipulateUserWithEmailCode(ctrl *gomock.Controller) *UserEventstore {
user := model.Human{
Profile: &model.Profile{
DisplayName: "DisplayName",
},
Email: &model.Email{
EmailAddress: "EmailAddress",
},
}
code := model.EmailCode{Code: &crypto.CryptoValue{
CryptoType: crypto.TypeEncryption,
Algorithm: "enc",
KeyID: "id",
Crypted: []byte("code"),
}}
dataUser, _ := json.Marshal(user)
dataCode, _ := json.Marshal(code)
events := []*es_models.Event{
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, Type: model.UserAdded, Data: dataUser},
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, Type: model.UserEmailCodeAdded, Data: dataCode},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstoreWithPw(ctrl, mockEs, false, true, false, false)
}
func GetMockManipulateUserVerifiedEmail(ctrl *gomock.Controller) *UserEventstore {
user := model.Human{
Profile: &model.Profile{
DisplayName: "DisplayName",
},
Email: &model.Email{
EmailAddress: "EmailAddress",
},
}
dataUser, _ := json.Marshal(user)
events := []*es_models.Event{
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, Type: model.UserAdded, Data: dataUser},
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, Type: model.UserEmailVerified},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateUserWithPhoneCode(ctrl *gomock.Controller) *UserEventstore {
user := model.Human{
Profile: &model.Profile{
DisplayName: "DisplayName",
},
Phone: &model.Phone{
PhoneNumber: "PhoneNumber",
},
}
code := model.PhoneCode{Code: &crypto.CryptoValue{
CryptoType: crypto.TypeEncryption,
Algorithm: "enc",
KeyID: "id",
Crypted: []byte("code"),
}}
dataUser, _ := json.Marshal(user)
dataCode, _ := json.Marshal(code)
events := []*es_models.Event{
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, Type: model.UserAdded, Data: dataUser},
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, Type: model.UserPhoneCodeAdded, Data: dataCode},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstoreWithPw(ctrl, mockEs, false, false, true, false)
}
func GetMockManipulateUserVerifiedPhone(ctrl *gomock.Controller) *UserEventstore {
user := model.Human{
Profile: &model.Profile{
DisplayName: "DisplayName",
},
Phone: &model.Phone{
PhoneNumber: "PhoneNumber",
},
}
dataUser, _ := json.Marshal(user)
events := []*es_models.Event{
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, Type: model.UserAdded, Data: dataUser},
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, Type: model.UserPhoneVerified},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateUserFull(ctrl *gomock.Controller, verified bool) *UserEventstore {
user := model.Human{
Profile: &model.Profile{
DisplayName: "DisplayName",
FirstName: "FirstName",
LastName: "LastName",
},
Password: &model.Password{
Secret: &crypto.CryptoValue{Algorithm: "bcrypt", KeyID: "KeyID"},
ChangeRequired: true,
},
Email: &model.Email{
EmailAddress: "EmailAddress",
},
Phone: &model.Phone{
PhoneNumber: "PhoneNumber",
},
Address: &model.Address{
Country: "Country",
},
}
dataUser, _ := json.Marshal(user)
events := []*es_models.Event{
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, Type: model.UserAdded, Data: dataUser},
}
if verified {
events = append(events, &es_models.Event{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 2, Type: model.HumanEmailVerified})
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateUserWithOTP(ctrl *gomock.Controller, decrypt, verified bool) *UserEventstore {
user := model.Human{
Profile: &model.Profile{
DisplayName: "DisplayName",
},
}
otp := model.OTP{
Secret: &crypto.CryptoValue{
CryptoType: crypto.TypeEncryption,
Algorithm: "enc",
KeyID: "id",
Crypted: []byte("code"),
},
}
dataUser, _ := json.Marshal(user)
dataOTP, _ := json.Marshal(otp)
events := []*es_models.Event{
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, Type: model.UserAdded, Data: dataUser},
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, Type: model.MFAOTPAdded, Data: dataOTP},
}
if verified {
events = append(events, &es_models.Event{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, Type: model.MFAOTPVerified})
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
es := GetMockedEventstore(ctrl, mockEs)
if !decrypt {
return es
}
enc := crypto.NewMockEncryptionAlgorithm(ctrl)
enc.EXPECT().Algorithm().Return("enc")
enc.EXPECT().Encrypt(gomock.Any()).Return(nil, nil)
enc.EXPECT().EncryptionKeyID().Return("id")
enc.EXPECT().DecryptionKeyIDs().Return([]string{"id"})
enc.EXPECT().DecryptString(gomock.Any(), gomock.Any()).Return("code", nil)
es.Multifactors = global_model.Multifactors{OTP: global_model.OTP{
Issuer: "Issuer",
CryptoMFA: enc,
}}
return es
}
func GetMockManipulateUserWithExternalIDP(ctrl *gomock.Controller) *UserEventstore {
user := model.Human{
Profile: &model.Profile{
DisplayName: "DisplayName",
},
}
externalIDP := model.ExternalIDP{
IDPConfigID: "IDPConfigID",
UserID: "UserID",
DisplayName: "DisplayName",
}
dataUser, _ := json.Marshal(user)
dataIDP, _ := json.Marshal(externalIDP)
events := []*es_models.Event{
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, Type: model.UserAdded, Data: dataUser, ResourceOwner: "ResourceOwner"},
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, Type: model.HumanExternalIDPAdded, Data: dataIDP, ResourceOwner: "ResourceOwner"},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateUserNoEvents(ctrl *gomock.Controller) *UserEventstore {
events := []*es_models.Event{}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateUserNoEventsWithPw(ctrl *gomock.Controller) *UserEventstore {
events := []*es_models.Event{}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstoreWithPw(ctrl, mockEs, false, false, false, true)
}
func GetMockedEventstoreComplexity(ctrl *gomock.Controller, mockEs *mock.MockEventstore) *UserEventstore {
return &UserEventstore{
Eventstore: mockEs,
}
}
func GetMockChangesUserOK(ctrl *gomock.Controller) *UserEventstore {
user := model.Profile{
FirstName: "Hans",
LastName: "Muster",
DisplayName: "DisplayName",
}
data, err := json.Marshal(user)
if err != nil {
}
events := []*es_models.Event{
{AggregateID: "AggregateID", AggregateVersion: "v1", Sequence: 1, AggregateType: model.UserAggregate, Data: data},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
return GetMockedEventstoreComplexity(ctrl, mockEs)
}
func GetMockChangesUserNoEvents(ctrl *gomock.Controller) *UserEventstore {
events := []*es_models.Event{}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
return GetMockedEventstoreComplexity(ctrl, mockEs)
}

3860
internal/user/repository/eventsourcing/eventstore_test.go
View File

File diff suppressed because it is too large Load Diff

1221
internal/user/repository/eventsourcing/user.go
View File

File diff suppressed because it is too large Load Diff

2529
internal/user/repository/eventsourcing/user_test.go
View File

File diff suppressed because it is too large Load Diff

56
internal/usergrant/model/user_grant.go
View File

@@ -1,56 +0,0 @@
package model
import es_models "github.com/caos/zitadel/internal/eventstore/models"
type UserGrant struct {
es_models.ObjectRoot
State UserGrantState
UserID string
ProjectID string
GrantID string
RoleKeys []string
}
type UserGrantState int32
const (
UserGrantStateActive UserGrantState = iota
UserGrantStateInactive
UserGrantStateRemoved
)
func (u *UserGrant) IsValid() bool {
return u.ProjectID != "" && u.UserID != ""
}
func (u *UserGrant) IsActive() bool {
return u.State == UserGrantStateActive
}
func (u *UserGrant) IsInactive() bool {
return u.State == UserGrantStateInactive
}
func (u *UserGrant) RemoveRoleKeyIfExisting(key string) bool {
for i, role := range u.RoleKeys {
if role == key {
u.RoleKeys[i] = u.RoleKeys[len(u.RoleKeys)-1]
u.RoleKeys[len(u.RoleKeys)-1] = ""
u.RoleKeys = u.RoleKeys[:len(u.RoleKeys)-1]
return true
}
}
return false
}
func (u *UserGrant) RemoveRoleKeysIfExisting(keys []string) bool {
exists := false
for _, key := range keys {
keyExists := u.RemoveRoleKeyIfExisting(key)
if keyExists {
exists = true
}
}
return exists
}

8
internal/usergrant/model/user_grant_view.go
View File

@@ -29,6 +29,14 @@ type UserGrantView struct {
Sequence uint64
}
type UserGrantState int32
const (
UserGrantStateActive UserGrantState = iota
UserGrantStateInactive
UserGrantStateRemoved
)
type UserGrantSearchRequest struct {
Offset uint64
Limit uint64

34
internal/usergrant/repository/eventsourcing/cache.go
View File

@@ -1,34 +0,0 @@
package eventsourcing
import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/cache"
"github.com/caos/zitadel/internal/cache/config"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/usergrant/repository/eventsourcing/model"
)
type UserGrantCache struct {
userGrantCache cache.Cache
}
func StartCache(conf *config.CacheConfig) (*UserGrantCache, error) {
userGrantCache, err := conf.Config.NewCache()
logging.Log("EVENT-8EhUZ").OnError(err).Panic("unable to create user grant cache")
return &UserGrantCache{userGrantCache: userGrantCache}, nil
}
func (c *UserGrantCache) getUserGrant(ID string) *model.UserGrant {
user := &model.UserGrant{ObjectRoot: models.ObjectRoot{AggregateID: ID}}
err := c.userGrantCache.Get(ID, user)
logging.Log("EVENT-QAd7T").OnError(err).Debug("error in getting cache")
return user
}
func (c *UserGrantCache) cacheUserGrant(grant *model.UserGrant) {
err := c.userGrantCache.Set(grant.AggregateID, grant)
logging.Log("EVENT-w2KNQ").OnError(err).Debug("error in setting user grant cache")
}

233
internal/usergrant/repository/eventsourcing/eventstore.go
View File

@@ -1,233 +0,0 @@
package eventsourcing
import (
"context"
"github.com/caos/zitadel/internal/cache/config"
caos_errs "github.com/caos/zitadel/internal/errors"
es_int "github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/eventstore/models"
es_models "github.com/caos/zitadel/internal/eventstore/models"
es_sdk "github.com/caos/zitadel/internal/eventstore/sdk"
"github.com/caos/zitadel/internal/id"
grant_model "github.com/caos/zitadel/internal/usergrant/model"
"github.com/caos/zitadel/internal/usergrant/repository/eventsourcing/model"
)
type UserGrantEventStore struct {
es_int.Eventstore
userGrantCache *UserGrantCache
idGenerator id.Generator
}
type UserGrantConfig struct {
es_int.Eventstore
Cache *config.CacheConfig
}
func StartUserGrant(conf UserGrantConfig) (*UserGrantEventStore, error) {
userGrantCache, err := StartCache(conf.Cache)
if err != nil {
return nil, err
}
return &UserGrantEventStore{
Eventstore: conf.Eventstore,
userGrantCache: userGrantCache,
idGenerator: id.SonyFlakeGenerator,
}, nil
}
func (es *UserGrantEventStore) UserGrantByID(ctx context.Context, id string) (*grant_model.UserGrant, error) {
grant := es.userGrantCache.getUserGrant(id)
query, err := UserGrantByIDQuery(grant.AggregateID, grant.Sequence)
if err != nil {
return nil, err
}
err = es_sdk.Filter(ctx, es.FilterEvents, grant.AppendEvents, query)
if err != nil && caos_errs.IsNotFound(err) && grant.Sequence == 0 {
return nil, err
}
es.userGrantCache.cacheUserGrant(grant)
if grant.State == int32(grant_model.UserGrantStateRemoved) {
return nil, caos_errs.ThrowNotFound(nil, "EVENT-2ks8d", "Errors.UserGrant.NotFound")
}
return model.UserGrantToModel(grant), nil
}
func (es *UserGrantEventStore) AddUserGrant(ctx context.Context, grant *grant_model.UserGrant) (*grant_model.UserGrant, error) {
repoGrant, addAggregates, err := es.PrepareAddUserGrant(ctx, grant)
if err != nil {
return nil, err
}
err = es_sdk.PushAggregates(ctx, es.PushAggregates, repoGrant.AppendEvents, addAggregates...)
if err != nil {
return nil, err
}
return model.UserGrantToModel(repoGrant), nil
}
func (es *UserGrantEventStore) AddUserGrants(ctx context.Context, grants ...*grant_model.UserGrant) error {
aggregates := make([]*es_models.Aggregate, 0)
for _, grant := range grants {
_, addAggregates, err := es.PrepareAddUserGrant(ctx, grant)
if err != nil {
return err
}
for _, agg := range addAggregates {
aggregates = append(aggregates, agg)
}
}
return es_sdk.PushAggregates(ctx, es.PushAggregates, nil, aggregates...)
}
func (es *UserGrantEventStore) PrepareAddUserGrant(ctx context.Context, grant *grant_model.UserGrant) (*model.UserGrant, []*es_models.Aggregate, error) {
if grant == nil || !grant.IsValid() {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-sdiw3", "Errors.UserGrant.Invalid")
}
id, err := es.idGenerator.Next()
if err != nil {
return nil, nil, err
}
grant.AggregateID = id
repoGrant := model.UserGrantFromModel(grant)
addAggregates, err := UserGrantAddedAggregate(ctx, es.Eventstore.AggregateCreator(), repoGrant)
if err != nil {
return nil, nil, err
}
return repoGrant, addAggregates, nil
}
func (es *UserGrantEventStore) PrepareChangeUserGrant(ctx context.Context, grant *grant_model.UserGrant, cascade bool) (*model.UserGrant, *es_models.Aggregate, error) {
if grant == nil {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-lo0s9", "Errors.UserGrant.Invalid")
}
existingGrant, err := es.UserGrantByID(ctx, grant.AggregateID)
if err != nil {
return nil, nil, err
}
repoExistingGrant := model.UserGrantFromModel(existingGrant)
repoGrant := model.UserGrantFromModel(grant)
aggFunc := UserGrantChangedAggregate(es.Eventstore.AggregateCreator(), repoExistingGrant, repoGrant, cascade)
projectAggregate, err := aggFunc(ctx)
if err != nil {
return nil, nil, err
}
return repoExistingGrant, projectAggregate, err
}
func (es *UserGrantEventStore) ChangeUserGrant(ctx context.Context, grant *grant_model.UserGrant) (*grant_model.UserGrant, error) {
repoGrant, agg, err := es.PrepareChangeUserGrant(ctx, grant, false)
if err != nil {
return nil, err
}
err = es_sdk.PushAggregates(ctx, es.PushAggregates, repoGrant.AppendEvents, agg)
if err != nil {
return nil, err
}
es.userGrantCache.cacheUserGrant(repoGrant)
return model.UserGrantToModel(repoGrant), nil
}
func (es *UserGrantEventStore) ChangeUserGrants(ctx context.Context, grants ...*grant_model.UserGrant) error {
aggregates := make([]*es_models.Aggregate, len(grants))
for i, grant := range grants {
_, agg, err := es.PrepareChangeUserGrant(ctx, grant, false)
if err != nil {
return err
}
aggregates[i] = agg
}
return es_sdk.PushAggregates(ctx, es.PushAggregates, nil, aggregates...)
}
func (es *UserGrantEventStore) RemoveUserGrant(ctx context.Context, grantID string) error {
grant, projectAggregates, err := es.PrepareRemoveUserGrant(ctx, grantID, false)
if err != nil {
return err
}
err = es_sdk.PushAggregates(ctx, es.PushAggregates, grant.AppendEvents, projectAggregates...)
if err != nil {
return err
}
es.userGrantCache.cacheUserGrant(grant)
return nil
}
func (es *UserGrantEventStore) RemoveUserGrants(ctx context.Context, grantIDs ...string) error {
aggregates := make([]*es_models.Aggregate, 0)
for _, grantID := range grantIDs {
_, aggs, err := es.PrepareRemoveUserGrant(ctx, grantID, false)
if err != nil {
return err
}
for _, agg := range aggs {
aggregates = append(aggregates, agg)
}
}
return es_sdk.PushAggregates(ctx, es.PushAggregates, nil, aggregates...)
}
func (es *UserGrantEventStore) PrepareRemoveUserGrant(ctx context.Context, grantID string, cascade bool) (*model.UserGrant, []*es_models.Aggregate, error) {
grant, err := es.UserGrantByID(ctx, grantID)
if err != nil {
return nil, nil, err
}
repoExisting := model.UserGrantFromModel(grant)
repoGrant := &model.UserGrant{ObjectRoot: models.ObjectRoot{AggregateID: grantID}}
projectAggregates, err := UserGrantRemovedAggregate(ctx, es.Eventstore.AggregateCreator(), repoExisting, repoGrant, cascade)
if err != nil {
return nil, nil, err
}
return repoExisting, projectAggregates, nil
}
func (es *UserGrantEventStore) DeactivateUserGrant(ctx context.Context, grantID string) (*grant_model.UserGrant, error) {
if grantID == "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-8si34", "Errors.UserGrant.IDMissing")
}
grant, err := es.UserGrantByID(ctx, grantID)
if err != nil {
return nil, err
}
if !grant.IsActive() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-lo9sw", "Errors.UserGrant.NotActive")
}
repoExistingGrant := model.UserGrantFromModel(grant)
repoGrant := &model.UserGrant{ObjectRoot: models.ObjectRoot{AggregateID: grantID}}
projectAggregate := UserGrantDeactivatedAggregate(es.Eventstore.AggregateCreator(), repoExistingGrant, repoGrant)
err = es_sdk.Push(ctx, es.PushAggregates, repoExistingGrant.AppendEvents, projectAggregate)
if err != nil {
return nil, err
}
es.userGrantCache.cacheUserGrant(repoGrant)
return model.UserGrantToModel(repoExistingGrant), nil
}
func (es *UserGrantEventStore) ReactivateUserGrant(ctx context.Context, grantID string) (*grant_model.UserGrant, error) {
if grantID == "" {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-sksiw", "Errors.UserGrant.IDMissing")
}
grant, err := es.UserGrantByID(ctx, grantID)
if err != nil {
return nil, err
}
if !grant.IsInactive() {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-lo9sw", "Errors.UserGrant.NotInactive")
}
repoExistingGrant := model.UserGrantFromModel(grant)
repoGrant := &model.UserGrant{ObjectRoot: models.ObjectRoot{AggregateID: grantID}}
projectAggregate := UserGrantReactivatedAggregate(es.Eventstore.AggregateCreator(), repoExistingGrant, repoGrant)
err = es_sdk.Push(ctx, es.PushAggregates, repoExistingGrant.AppendEvents, projectAggregate)
if err != nil {
return nil, err
}
es.userGrantCache.cacheUserGrant(repoExistingGrant)
return model.UserGrantToModel(repoExistingGrant), nil
}

113
internal/usergrant/repository/eventsourcing/eventstore_mock_test.go
View File

@@ -1,113 +0,0 @@
package eventsourcing
import (
"encoding/json"
mock_cache "github.com/caos/zitadel/internal/cache/mock"
"github.com/caos/zitadel/internal/eventstore/mock"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/id"
"github.com/caos/zitadel/internal/usergrant/repository/eventsourcing/model"
"github.com/golang/mock/gomock"
)
func GetMockedEventstore(ctrl *gomock.Controller, mockEs *mock.MockEventstore) *UserGrantEventStore {
return &UserGrantEventStore{
Eventstore: mockEs,
userGrantCache: GetMockCache(ctrl),
idGenerator: GetSonyFlacke(),
}
}
func GetMockCache(ctrl *gomock.Controller) *UserGrantCache {
mockCache := mock_cache.NewMockCache(ctrl)
mockCache.EXPECT().Get(gomock.Any(), gomock.Any()).Return(nil).AnyTimes()
mockCache.EXPECT().Set(gomock.Any(), gomock.Any()).Return(nil).AnyTimes()
return &UserGrantCache{userGrantCache: mockCache}
}
func GetSonyFlacke() id.Generator {
return id.SonyFlakeGenerator
}
func GetMockUserGrantByIDOK(ctrl *gomock.Controller) *UserGrantEventStore {
user := model.UserGrant{
UserID: "UserID",
ProjectID: "ProjectID",
RoleKeys: []string{"Key"},
}
data, _ := json.Marshal(user)
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.UserGrantAdded, Data: data},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockUserGrantByIDRemoved(ctrl *gomock.Controller) *UserGrantEventStore {
user := model.UserGrant{
UserID: "UserID",
ProjectID: "ProjectID",
RoleKeys: []string{"Key"},
}
data, _ := json.Marshal(user)
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.UserGrantAdded, Data: data},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.UserGrantRemoved},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockUserGrantByIDNoEvents(ctrl *gomock.Controller) *UserGrantEventStore {
events := []*es_models.Event{}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateUserGrant(ctrl *gomock.Controller) *UserGrantEventStore {
user := model.UserGrant{
UserID: "UserID",
ProjectID: "ProjectID",
RoleKeys: []string{"Key"},
}
data, _ := json.Marshal(user)
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.UserGrantAdded, Data: data},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateUserGrantInactive(ctrl *gomock.Controller) *UserGrantEventStore {
user := model.UserGrant{
UserID: "UserID",
ProjectID: "ProjectID",
RoleKeys: []string{"Key"},
}
data, _ := json.Marshal(user)
events := []*es_models.Event{
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.UserGrantAdded, Data: data},
&es_models.Event{AggregateID: "AggregateID", Sequence: 1, Type: model.UserGrantDeactivated},
}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}
func GetMockManipulateUserGrantNoEvents(ctrl *gomock.Controller) *UserGrantEventStore {
events := []*es_models.Event{}
mockEs := mock.NewMockEventstore(ctrl)
mockEs.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, nil)
mockEs.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("TEST"))
mockEs.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).Return(nil)
return GetMockedEventstore(ctrl, mockEs)
}

441
internal/usergrant/repository/eventsourcing/eventstore_test.go
View File

@@ -1,441 +0,0 @@
package eventsourcing
import (
"context"
"reflect"
"testing"
"github.com/golang/mock/gomock"
"github.com/caos/zitadel/internal/api/authz"
caos_errs "github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/usergrant/model"
)
func TestUserByID(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *UserGrantEventStore
grant *model.UserGrant
}
type res struct {
grant *model.UserGrant
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "user from events, ok",
args: args{
es: GetMockUserGrantByIDOK(ctrl),
grant: &model.UserGrant{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
},
res: res{
grant: &model.UserGrant{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", ProjectID: "ProjectID", RoleKeys: []string{"Key"}},
},
},
{
name: "no events found",
args: args{
es: GetMockUserGrantByIDNoEvents(ctrl),
grant: &model.UserGrant{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
{
name: "no id",
args: args{
es: GetMockUserGrantByIDOK(ctrl),
grant: &model.UserGrant{ObjectRoot: es_models.ObjectRoot{AggregateID: "", Sequence: 1}},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "removed state",
args: args{
es: GetMockUserGrantByIDRemoved(ctrl),
grant: &model.UserGrant{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.UserGrantByID(nil, tt.args.grant.AggregateID)
if !tt.res.wantErr && result.AggregateID != tt.res.grant.AggregateID {
t.Errorf("got wrong result name: expected: %v, actual: %v ", tt.res.grant.AggregateID, result.AggregateID)
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestAddUserGrant(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *UserGrantEventStore
ctx context.Context
grant *model.UserGrant
}
type res struct {
result *model.UserGrant
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "add grant, ok",
args: args{
es: GetMockManipulateUserGrant(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
grant: &model.UserGrant{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
ProjectID: "ProjectID",
UserID: "UserID",
RoleKeys: []string{"Key"},
},
},
res: res{
result: &model.UserGrant{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
ProjectID: "ProjectID",
UserID: "UserID",
RoleKeys: []string{"Key"},
},
},
},
{
name: "invalid grant",
args: args{
es: GetMockManipulateUserGrant(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
grant: &model.UserGrant{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.AddUserGrant(tt.args.ctx, tt.args.grant)
if !tt.res.wantErr && result.AggregateID == "" {
t.Errorf("result has no id")
}
if !tt.res.wantErr && result.UserID == "" {
t.Errorf("result has no id")
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestChangeUserGrant(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *UserGrantEventStore
ctx context.Context
grant *model.UserGrant
}
type res struct {
result *model.UserGrant
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "change grant, ok",
args: args{
es: GetMockManipulateUserGrant(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
grant: &model.UserGrant{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
RoleKeys: []string{"KeyChanged"},
},
},
res: res{
result: &model.UserGrant{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
RoleKeys: []string{"KeyChanged"},
},
},
},
{
name: "invalid grant",
args: args{
es: GetMockManipulateUserGrant(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
grant: nil,
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing user not found",
args: args{
es: GetMockManipulateUserGrantNoEvents(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
grant: &model.UserGrant{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
RoleKeys: []string{"KeyChanged"},
},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.ChangeUserGrant(tt.args.ctx, tt.args.grant)
if !tt.res.wantErr && result.AggregateID == "" {
t.Errorf("result has no id")
}
if !tt.res.wantErr && !reflect.DeepEqual(result.RoleKeys, tt.res.result.RoleKeys) {
t.Errorf("got wrong result name: expected: %v, actual: %v ", tt.res.result.RoleKeys, result.RoleKeys)
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestRemoveUserGrant(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *UserGrantEventStore
ctx context.Context
grant *model.UserGrant
}
type res struct {
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "remove grant, ok",
args: args{
es: GetMockManipulateUserGrant(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
grant: &model.UserGrant{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
},
},
{
name: "no grantID",
args: args{
es: GetMockManipulateUserGrant(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
grant: &model.UserGrant{ObjectRoot: es_models.ObjectRoot{AggregateID: "", Sequence: 1}},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "existing grant not found",
args: args{
es: GetMockManipulateUserGrantNoEvents(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
grant: &model.UserGrant{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
err := tt.args.es.RemoveUserGrant(tt.args.ctx, tt.args.grant.AggregateID)
if !tt.res.wantErr && err != nil {
t.Errorf("should not get err")
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestDeactivateUserGrant(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *UserGrantEventStore
ctx context.Context
grant *model.UserGrant
}
type res struct {
result *model.UserGrant
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "deactivate, ok",
args: args{
es: GetMockManipulateUserGrant(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
grant: &model.UserGrant{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
},
res: res{
result: &model.UserGrant{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
ProjectID: "ProjectID",
State: model.UserGrantStateInactive,
},
},
},
{
name: "no grant id",
args: args{
es: GetMockManipulateUserGrant(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
grant: &model.UserGrant{ObjectRoot: es_models.ObjectRoot{AggregateID: "", Sequence: 1}},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "grant not existing",
args: args{
es: GetMockManipulateUserGrantNoEvents(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
grant: &model.UserGrant{ObjectRoot: es_models.ObjectRoot{AggregateID: "ID", Sequence: 1}},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.DeactivateUserGrant(tt.args.ctx, tt.args.grant.AggregateID)
if !tt.res.wantErr && result.AggregateID == "" {
t.Errorf("result has no id")
}
if !tt.res.wantErr && result.ProjectID != tt.res.result.ProjectID {
t.Errorf("got wrong result AppID: expected: %v, actual: %v ", tt.res.result.ProjectID, result.ProjectID)
}
if !tt.res.wantErr && result.State != tt.res.result.State {
t.Errorf("got wrong result state: expected: %v, actual: %v ", tt.res.result.State, result.State)
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestReactivateUserGrant(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *UserGrantEventStore
ctx context.Context
grant *model.UserGrant
}
type res struct {
result *model.UserGrant
wantErr bool
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "reactivate, ok",
args: args{
es: GetMockManipulateUserGrantInactive(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
grant: &model.UserGrant{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
},
res: res{
result: &model.UserGrant{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
State: model.UserGrantStateActive,
},
},
},
{
name: "no grant id",
args: args{
es: GetMockManipulateUserGrant(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
grant: &model.UserGrant{ObjectRoot: es_models.ObjectRoot{AggregateID: "", Sequence: 1}},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "grant not existing",
args: args{
es: GetMockManipulateUserGrantNoEvents(ctrl),
ctx: authz.NewMockContext("orgID", "userID"),
grant: &model.UserGrant{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
},
res: res{
wantErr: true,
errFunc: caos_errs.IsNotFound,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.ReactivateUserGrant(tt.args.ctx, tt.args.grant.AggregateID)
if !tt.res.wantErr && result.AggregateID == "" {
t.Errorf("result has no id")
}
if !tt.res.wantErr && result.State != tt.res.result.State {
t.Errorf("got wrong result state: expected: %v, actual: %v ", tt.res.result.State, result.State)
}
if tt.res.wantErr && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}

5
internal/usergrant/repository/eventsourcing/model/types.go
View File

@@ -3,16 +3,13 @@ package model
import "github.com/caos/zitadel/internal/eventstore/models"
const (
UserGrantAggregate models.AggregateType = "usergrant"
UserGrantUniqueAggregate models.AggregateType = "usergrant.unique"
UserGrantAggregate models.AggregateType = "usergrant"
UserGrantAdded models.EventType = "user.grant.added"
UserGrantChanged models.EventType = "user.grant.changed"
UserGrantRemoved models.EventType = "user.grant.removed"
UserGrantDeactivated models.EventType = "user.grant.deactivated"
UserGrantReactivated models.EventType = "user.grant.reactivated"
UserGrantReserved models.EventType = "user.grant.reserved"
UserGrantReleased models.EventType = "user.grant.released"
UserGrantCascadeRemoved models.EventType = "user.grant.cascade.removed"
UserGrantCascadeChanged models.EventType = "user.grant.cascade.changed"

83
internal/usergrant/repository/eventsourcing/model/user_grant.go
View File

@@ -1,16 +1,7 @@
package model
import (
"encoding/json"
"github.com/caos/logging"
caos_errs "github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/usergrant/model"
"reflect"
)
const (
UserGrantVersion = "v1"
)
type UserGrant struct {
@@ -22,77 +13,3 @@ type UserGrant struct {
GrantID string `json:"grantId,omitempty"`
RoleKeys []string `json:"roleKeys,omitempty"`
}
type UserGrantID struct {
es_models.ObjectRoot
GrantID string `json:"grantId"`
}
func (g *UserGrant) Changes(changed *UserGrant) map[string]interface{} {
changes := make(map[string]interface{}, 1)
if !reflect.DeepEqual(g.RoleKeys, changed.RoleKeys) {
changes["roleKeys"] = changed.RoleKeys
}
return changes
}
func UserGrantFromModel(grant *model.UserGrant) *UserGrant {
return &UserGrant{
ObjectRoot: grant.ObjectRoot,
UserID: grant.UserID,
ProjectID: grant.ProjectID,
GrantID: grant.GrantID,
State: int32(grant.State),
RoleKeys: grant.RoleKeys,
}
}
func UserGrantToModel(grant *UserGrant) *model.UserGrant {
return &model.UserGrant{
ObjectRoot: grant.ObjectRoot,
UserID: grant.UserID,
ProjectID: grant.ProjectID,
GrantID: grant.GrantID,
State: model.UserGrantState(grant.State),
RoleKeys: grant.RoleKeys,
}
}
func (g *UserGrant) AppendEvents(events ...*es_models.Event) error {
for _, event := range events {
if err := g.AppendEvent(event); err != nil {
return err
}
}
return nil
}
func (g *UserGrant) AppendEvent(event *es_models.Event) error {
g.ObjectRoot.AppendEvent(event)
switch event.Type {
case UserGrantAdded,
UserGrantChanged,
UserGrantCascadeChanged:
return g.setData(event)
case UserGrantDeactivated:
g.appendGrantStateEvent(model.UserGrantStateInactive)
case UserGrantReactivated:
g.appendGrantStateEvent(model.UserGrantStateActive)
case UserGrantRemoved,
UserGrantCascadeRemoved:
g.appendGrantStateEvent(model.UserGrantStateRemoved)
}
return nil
}
func (g *UserGrant) appendGrantStateEvent(state model.UserGrantState) {
g.State = int32(state)
}
func (g *UserGrant) setData(event *es_models.Event) error {
if err := json.Unmarshal(event.Data, g); err != nil {
logging.Log("EVEN-lso9x").WithError(err).Error("could not unmarshal event data")
return caos_errs.ThrowInternal(err, "MODEL-o0se3", "could not unmarshal event")
}
return nil
}

61
internal/usergrant/repository/eventsourcing/model/user_grant_test.go
View File

@@ -1,61 +0,0 @@
package model
import (
"testing"
es_models "github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/usergrant/model"
)
func TestAppendGrantStateEvent(t *testing.T) {
type args struct {
grant *UserGrant
grantID *UserGrantID
event *es_models.Event
state model.UserGrantState
}
tests := []struct {
name string
args args
result *UserGrant
}{
{
name: "append deactivate grant event",
args: args{
grant: &UserGrant{ObjectRoot: es_models.ObjectRoot{AggregateID: "ID"}, UserID: "UserID", ProjectID: "ProjectID", RoleKeys: []string{"Key"}},
grantID: &UserGrantID{GrantID: "ProjectGrantID"},
event: &es_models.Event{},
state: model.UserGrantStateInactive,
},
result: &UserGrant{ObjectRoot: es_models.ObjectRoot{AggregateID: "ID"}, UserID: "UserID", ProjectID: "ProjectID", RoleKeys: []string{"Key"}, State: int32(model.UserGrantStateInactive)},
},
{
name: "append reactivate grant event",
args: args{
grant: &UserGrant{ObjectRoot: es_models.ObjectRoot{AggregateID: "ID"}, UserID: "UserID", ProjectID: "ProjectID", RoleKeys: []string{"Key"}},
grantID: &UserGrantID{GrantID: "ProjectGrantID"},
event: &es_models.Event{},
state: model.UserGrantStateActive,
},
result: &UserGrant{ObjectRoot: es_models.ObjectRoot{AggregateID: "ID"}, UserID: "UserID", ProjectID: "ProjectID", RoleKeys: []string{"Key"}, State: int32(model.UserGrantStateActive)},
},
{
name: "append remove grant event",
args: args{
grant: &UserGrant{ObjectRoot: es_models.ObjectRoot{AggregateID: "ID"}, UserID: "UserID", ProjectID: "ProjectID", RoleKeys: []string{"Key"}},
grantID: &UserGrantID{GrantID: "ProjectGrantID"},
event: &es_models.Event{},
state: model.UserGrantStateRemoved,
},
result: &UserGrant{ObjectRoot: es_models.ObjectRoot{AggregateID: "ID"}, UserID: "UserID", ProjectID: "ProjectID", RoleKeys: []string{"Key"}, State: int32(model.UserGrantStateRemoved)},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
tt.args.grant.appendGrantStateEvent(tt.args.state)
if tt.args.grant.State != tt.result.State {
t.Errorf("got wrong result: actual: %v, expected: %v ", tt.result.State, tt.args.grant.State)
}
})
}
}

258
internal/usergrant/repository/eventsourcing/user_grant.go
View File

@@ -1,258 +0,0 @@
package eventsourcing
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/errors"
es_models "github.com/caos/zitadel/internal/eventstore/models"
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
proj_model "github.com/caos/zitadel/internal/project/model"
proj_es_model "github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
usr_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
"github.com/caos/zitadel/internal/usergrant/repository/eventsourcing/model"
)
func UserGrantByIDQuery(id string, latestSequence uint64) (*es_models.SearchQuery, error) {
if id == "" {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-ols34", "id should be filled")
}
return UserGrantQuery(latestSequence).
AggregateIDFilter(id), nil
}
func UserGrantQuery(latestSequence uint64) *es_models.SearchQuery {
return es_models.NewSearchQuery().
AggregateTypeFilter(model.UserGrantAggregate).
LatestSequenceFilter(latestSequence)
}
func UserGrantUniqueQuery(resourceOwner, projectID, userID string) *es_models.SearchQuery {
grantID := resourceOwner + projectID + userID
return es_models.NewSearchQuery().
AggregateTypeFilter(model.UserGrantUniqueAggregate).
AggregateIDFilter(grantID).
OrderDesc().
SetLimit(1)
}
func UserGrantAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, grant *model.UserGrant) (*es_models.Aggregate, error) {
if grant == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-dis83", "existing grant should not be nil")
}
return aggCreator.NewAggregate(ctx, grant.AggregateID, model.UserGrantAggregate, model.UserGrantVersion, grant.Sequence)
}
func UserGrantAddedAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, grant *model.UserGrant) ([]*es_models.Aggregate, error) {
agg, err := UserGrantAggregate(ctx, aggCreator, grant)
if err != nil {
return nil, err
}
validationQuery := es_models.NewSearchQuery().
AggregateTypeFilter(usr_model.UserAggregate, org_es_model.OrgAggregate, proj_es_model.ProjectAggregate).
AggregateIDsFilter(grant.UserID, authz.GetCtxData(ctx).OrgID, grant.ProjectID)
validation := addUserGrantValidation(authz.GetCtxData(ctx).OrgID, grant)
agg, err = agg.SetPrecondition(validationQuery, validation).AppendEvent(model.UserGrantAdded, grant)
if err != nil {
return nil, err
}
uniqueAggregate, err := reservedUniqueUserGrantAggregate(ctx, aggCreator, grant)
if err != nil {
return nil, err
}
return []*es_models.Aggregate{
agg,
uniqueAggregate,
}, nil
}
func reservedUniqueUserGrantAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, grant *model.UserGrant) (*es_models.Aggregate, error) {
grantID := authz.GetCtxData(ctx).OrgID + grant.ProjectID + grant.UserID
aggregate, err := aggCreator.NewAggregate(ctx, grantID, model.UserGrantUniqueAggregate, model.UserGrantVersion, 0)
if err != nil {
return nil, err
}
aggregate, err = aggregate.AppendEvent(model.UserGrantReserved, nil)
if err != nil {
return nil, err
}
return aggregate.SetPrecondition(UserGrantUniqueQuery(authz.GetCtxData(ctx).OrgID, grant.ProjectID, grant.UserID), isEventValidation(aggregate, model.UserGrantReserved)), nil
}
func releasedUniqueUserGrantAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, grant *model.UserGrant) (aggregate *es_models.Aggregate, err error) {
grantID := grant.ResourceOwner + grant.ProjectID + grant.UserID
aggregate, err = aggCreator.NewAggregate(ctx, grantID, model.UserGrantUniqueAggregate, model.UserGrantVersion, 0)
if err != nil {
return nil, err
}
aggregate, err = aggregate.AppendEvent(model.UserGrantReleased, nil)
if err != nil {
return nil, err
}
return aggregate.SetPrecondition(UserGrantUniqueQuery(grant.ResourceOwner, grant.ProjectID, grant.UserID), isEventValidation(aggregate, model.UserGrantReleased)), nil
}
func UserGrantChangedAggregate(aggCreator *es_models.AggregateCreator, existingGrant *model.UserGrant, grant *model.UserGrant, cascade bool) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if grant == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-osl8x", "grant should not be nil")
}
agg, err := UserGrantAggregate(ctx, aggCreator, existingGrant)
if err != nil {
return nil, err
}
changes := existingGrant.Changes(grant)
if !cascade {
return agg.AppendEvent(model.UserGrantChanged, changes)
}
return agg.AppendEvent(model.UserGrantCascadeChanged, changes)
}
}
func UserGrantDeactivatedAggregate(aggCreator *es_models.AggregateCreator, existingGrant *model.UserGrant, grant *model.UserGrant) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if grant == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-lo21s", "grant should not be nil")
}
agg, err := UserGrantAggregate(ctx, aggCreator, existingGrant)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.UserGrantDeactivated, nil)
}
}
func UserGrantReactivatedAggregate(aggCreator *es_models.AggregateCreator, existingGrant *model.UserGrant, grant *model.UserGrant) func(ctx context.Context) (*es_models.Aggregate, error) {
return func(ctx context.Context) (*es_models.Aggregate, error) {
if grant == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-mks34", "grant should not be nil")
}
agg, err := UserGrantAggregate(ctx, aggCreator, existingGrant)
if err != nil {
return nil, err
}
return agg.AppendEvent(model.UserGrantReactivated, nil)
}
}
func UserGrantRemovedAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, existingGrant *model.UserGrant, grant *model.UserGrant, cascade bool) ([]*es_models.Aggregate, error) {
if grant == nil {
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-lo21s", "grant should not be nil")
}
agg, err := UserGrantAggregate(ctx, aggCreator, existingGrant)
if err != nil {
return nil, err
}
eventType := model.UserGrantRemoved
if cascade {
eventType = model.UserGrantCascadeRemoved
}
agg, err = agg.AppendEvent(eventType, nil)
if err != nil {
return nil, err
}
uniqueAggregate, err := releasedUniqueUserGrantAggregate(ctx, aggCreator, existingGrant)
if err != nil {
return nil, err
}
return []*es_models.Aggregate{
agg,
uniqueAggregate,
}, nil
}
func isEventValidation(aggregate *es_models.Aggregate, eventType es_models.EventType) func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
if len(events) == 0 {
aggregate.PreviousSequence = 0
return nil
}
if events[0].Type == eventType {
return errors.ThrowPreconditionFailedf(nil, "EVENT-eJQqe", "user_grant is already %v", eventType)
}
aggregate.PreviousSequence = events[0].Sequence
return nil
}
}
func addUserGrantValidation(resourceOwner string, grant *model.UserGrant) func(...*es_models.Event) error {
return func(events ...*es_models.Event) error {
existsOrg := false
existsUser := false
project := new(proj_es_model.Project)
for _, event := range events {
switch event.AggregateType {
case usr_model.UserAggregate:
switch event.Type {
case usr_model.UserAdded, usr_model.UserRegistered, usr_model.HumanRegistered, usr_model.HumanAdded, usr_model.MachineAdded:
existsUser = true
case usr_model.UserRemoved:
existsUser = false
}
case org_es_model.OrgAggregate:
switch event.Type {
case org_es_model.OrgAdded:
existsOrg = true
case org_es_model.OrgRemoved:
existsOrg = false
}
case proj_es_model.ProjectAggregate:
project.AppendEvent(event)
}
}
if !existsOrg {
return errors.ThrowPreconditionFailed(nil, "EVENT-3OfIm", "org doesn't exist")
}
if !existsUser {
return errors.ThrowPreconditionFailed(nil, "EVENT-Sl8uS", "user doesn't exist")
}
return checkProjectConditions(resourceOwner, grant, project)
}
}
//TODO: rethink this function i know it's ugly.
func checkProjectConditions(resourceOwner string, grant *model.UserGrant, project *proj_es_model.Project) error {
if grant.ProjectID != project.AggregateID {
return errors.ThrowInvalidArgument(nil, "EVENT-ixlMx", "project doesn't exist")
}
if project.State == int32(proj_model.ProjectStateRemoved) {
return errors.ThrowPreconditionFailed(nil, "EVENT-Lxp0s", "project doesn't exist")
}
if resourceOwner == project.ResourceOwner {
return checkIfProjectHasRoles(grant.RoleKeys, project.Roles)
}
if _, projectGrant := proj_es_model.GetProjectGrantByOrgID(project.Grants, resourceOwner); projectGrant != nil {
return checkIfProjectGrantHasRoles(grant.RoleKeys, projectGrant.RoleKeys)
}
return nil
}
func checkIfProjectHasRoles(roles []string, existingRoles []*proj_es_model.ProjectRole) error {
for _, roleKey := range roles {
if _, role := proj_es_model.GetProjectRole(existingRoles, roleKey); role == nil {
return errors.ThrowPreconditionFailedf(nil, "EVENT-Lxp0s", "project doesn't have role %v", roleKey)
}
}
return nil
}
func checkIfProjectGrantHasRoles(roles []string, existingRoles []string) error {
roleExists := false
for _, roleKey := range roles {
for _, existingRoleKey := range existingRoles {
if roleKey == existingRoleKey {
roleExists = true
continue
}
}
if !roleExists {
return errors.ThrowPreconditionFailed(nil, "EVENT-LSpwi", "project grant doesn't have role")
}
}
return nil
}

451
internal/usergrant/repository/eventsourcing/user_grant_test.go
View File

@@ -1,451 +0,0 @@
package eventsourcing
import (
"context"
"testing"
"github.com/caos/zitadel/internal/api/authz"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/usergrant/repository/eventsourcing/model"
)
func TestUserGrantAddedAggregate(t *testing.T) {
type args struct {
ctx context.Context
grant *model.UserGrant
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventType models.EventType
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "usergrant added ok",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
grant: &model.UserGrant{ObjectRoot: models.ObjectRoot{AggregateID: "ID"}, UserID: "UserID", ProjectID: "ProjectID"},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventType: model.UserGrantAdded,
},
},
{
name: "grant nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
grant: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
aggregates, err := UserGrantAddedAggregate(tt.args.ctx, tt.args.aggCreator, tt.args.grant)
if tt.res.errFunc == nil && len(aggregates[0].Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(aggregates[0].Events))
}
if tt.res.errFunc == nil && aggregates[0].Events[0].Type != tt.res.eventType {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventType, aggregates[0].Events[0].Type.String())
}
if tt.res.errFunc == nil && aggregates[0].Events[0].Data == nil {
t.Errorf("should have data in event")
}
if tt.res.errFunc != nil && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestUserGrantChangedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existingGrant *model.UserGrant
newGrant *model.UserGrant
cascade bool
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "change project grant",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingGrant: &model.UserGrant{
ObjectRoot: models.ObjectRoot{AggregateID: "ID"},
UserID: "UserID",
ProjectID: "ProjectID",
RoleKeys: []string{"Key"}},
newGrant: &model.UserGrant{
ObjectRoot: models.ObjectRoot{AggregateID: "ID"},
UserID: "UserID",
ProjectID: "ProjectID",
RoleKeys: []string{"KeyChanged"},
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.UserGrantChanged},
},
},
{
name: "change project grant cascade",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingGrant: &model.UserGrant{
ObjectRoot: models.ObjectRoot{AggregateID: "ID"},
UserID: "UserID",
ProjectID: "ProjectID",
RoleKeys: []string{"Key"}},
newGrant: &model.UserGrant{
ObjectRoot: models.ObjectRoot{AggregateID: "ID"},
UserID: "UserID",
ProjectID: "ProjectID",
RoleKeys: []string{"KeyChanged"},
},
cascade: true,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.UserGrantCascadeChanged},
},
},
{
name: "existing grant nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingGrant: nil,
newGrant: &model.UserGrant{
ObjectRoot: models.ObjectRoot{AggregateID: "ID"},
UserID: "UserID",
ProjectID: "ProjectID",
RoleKeys: []string{"Key"}},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "grant nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingGrant: &model.UserGrant{
ObjectRoot: models.ObjectRoot{AggregateID: "ID"},
UserID: "UserID",
ProjectID: "ProjectID",
RoleKeys: []string{"Key"}},
newGrant: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := UserGrantChangedAggregate(tt.args.aggCreator, tt.args.existingGrant, tt.args.newGrant, tt.args.cascade)(tt.args.ctx)
if tt.res.errFunc == nil && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if tt.res.errFunc == nil && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
if tt.res.errFunc == nil && agg.Events[i].Data == nil {
t.Errorf("should have data in event")
}
}
if tt.res.errFunc != nil && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestUserGrantRemovedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existingGrant *model.UserGrant
newGrant *model.UserGrant
cascade bool
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "remove app",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingGrant: &model.UserGrant{
ObjectRoot: models.ObjectRoot{AggregateID: "ID"},
UserID: "UserID",
ProjectID: "ProjectID",
RoleKeys: []string{"Key"}},
newGrant: &model.UserGrant{
ObjectRoot: models.ObjectRoot{AggregateID: "ID"},
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.UserGrantRemoved},
},
},
{
name: "remove app cascade",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingGrant: &model.UserGrant{
ObjectRoot: models.ObjectRoot{AggregateID: "ID"},
UserID: "UserID",
ProjectID: "ProjectID",
RoleKeys: []string{"Key"}},
newGrant: &model.UserGrant{
ObjectRoot: models.ObjectRoot{AggregateID: "ID"},
},
cascade: true,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.UserGrantCascadeRemoved},
},
},
{
name: "existing project nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingGrant: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "grant nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingGrant: &model.UserGrant{
ObjectRoot: models.ObjectRoot{AggregateID: "ID"},
UserID: "UserID",
ProjectID: "ProjectID",
RoleKeys: []string{"Key"}},
newGrant: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
aggregates, err := UserGrantRemovedAggregate(tt.args.ctx, tt.args.aggCreator, tt.args.existingGrant, tt.args.newGrant, tt.args.cascade)
if tt.res.errFunc == nil && len(aggregates[0].Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(aggregates[0].Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if tt.res.errFunc == nil && aggregates[0].Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], aggregates[0].Events[i].Type.String())
}
}
if tt.res.errFunc != nil && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestUserGrantDeactivatedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existingGrant *model.UserGrant
newGrant *model.UserGrant
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "deactivate project grant",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingGrant: &model.UserGrant{
ObjectRoot: models.ObjectRoot{AggregateID: "ID"},
},
newGrant: &model.UserGrant{
ObjectRoot: models.ObjectRoot{AggregateID: "ID"},
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.UserGrantDeactivated},
},
},
{
name: "existing grant nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingGrant: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "grant nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingGrant: &model.UserGrant{ObjectRoot: models.ObjectRoot{AggregateID: "ID"}},
newGrant: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := UserGrantDeactivatedAggregate(tt.args.aggCreator, tt.args.existingGrant, tt.args.newGrant)(tt.args.ctx)
if tt.res.errFunc == nil && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if tt.res.errFunc == nil && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
}
if tt.res.errFunc != nil && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}
func TestUserGrantReactivatedAggregate(t *testing.T) {
type args struct {
ctx context.Context
existingGrant *model.UserGrant
newGrant *model.UserGrant
aggCreator *models.AggregateCreator
}
type res struct {
eventLen int
eventTypes []models.EventType
errFunc func(err error) bool
}
tests := []struct {
name string
args args
res res
}{
{
name: "reactivate project grant",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingGrant: &model.UserGrant{
ObjectRoot: models.ObjectRoot{AggregateID: "ID"},
},
newGrant: &model.UserGrant{
ObjectRoot: models.ObjectRoot{AggregateID: "ID"},
},
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
eventLen: 1,
eventTypes: []models.EventType{model.UserGrantReactivated},
},
},
{
name: "existing grant nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingGrant: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "grant nil",
args: args{
ctx: authz.NewMockContext("orgID", "userID"),
existingGrant: &model.UserGrant{ObjectRoot: models.ObjectRoot{AggregateID: "ID"}},
newGrant: nil,
aggCreator: models.NewAggregateCreator("Test"),
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
agg, err := UserGrantReactivatedAggregate(tt.args.aggCreator, tt.args.existingGrant, tt.args.newGrant)(tt.args.ctx)
if tt.res.errFunc == nil && len(agg.Events) != tt.res.eventLen {
t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
}
for i := 0; i < tt.res.eventLen; i++ {
if tt.res.errFunc == nil && agg.Events[i].Type != tt.res.eventTypes[i] {
t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String())
}
}
if tt.res.errFunc != nil && !tt.res.errFunc(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}