From c2e6e782a802e9adb7a613c676f709d59486fa68 Mon Sep 17 00:00:00 2001 From: Livio Amstutz Date: Wed, 20 Jan 2021 11:06:52 +0100 Subject: [PATCH] feat: idps (#1188) * add setup steps * refactoring * omitempty * cleanup * begin org * create org * setup org * setup org * merge * fixes * fixes * fixes * add project * add oidc application * fix app creation * add resourceOwner to writemodels * resource owner * cleanup * global org, iam project and iam member in setup * logs * logs * logs * cleanup * Update internal/v2/command/project.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * check project state * add org domain commands * add org status changes and member commands * fixes * policies * login policy * fix iam project event * mapper * label policy * change to command * fix * fix * handle change event differently and lot of fixes * idps * fixes * fixes * fixes * changedEvent handling * fix change events * remove creation date Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> --- internal/admin/repository/iam.go | 2 - internal/admin/repository/org.go | 1 - .../api/grpc/admin/iam_member_converter.go | 16 +- internal/api/grpc/admin/idp_config.go | 18 +- .../api/grpc/admin/idp_config_converter.go | 22 +-- .../api/grpc/admin/label_policy_converter.go | 10 +- .../api/grpc/admin/login_policy_converter.go | 10 +- internal/api/grpc/admin/org_converter.go | 34 ++-- .../admin/password_age_policy_converter.go | 10 +- .../password_complexity_policy_converter.go | 10 +- .../password_lockout_policy_converter.go | 10 +- internal/api/grpc/management/idp_config.go | 34 ++-- .../grpc/management/idp_config_converter.go | 131 ++++++++++---- .../grpc/management/login_policy_converter.go | 1 - internal/api/grpc/management/org_converter.go | 20 +-- .../grpc/management/org_member_converter.go | 9 +- .../password_age_policy_converter.go | 1 - .../password_complexity_policy_converter.go | 1 - .../password_lockout_policy_converter.go | 1 - internal/management/repository/org.go | 16 -- internal/v2/command/iam_converter.go | 2 +- internal/v2/command/iam_idp_config.go | 29 ++- internal/v2/command/iam_idp_config_model.go | 20 ++- internal/v2/command/iam_idp_oidc_config.go | 1 + .../v2/command/iam_idp_oidc_config_model.go | 46 ++--- internal/v2/command/idp_config_model.go | 8 +- internal/v2/command/oidc_config_model.go | 16 +- internal/v2/command/org_idp_config.go | 146 +++++++++++++++ internal/v2/command/org_idp_config_model.go | 107 +++++++++++ internal/v2/command/org_idp_oidc_config.go | 46 +++++ .../v2/command/org_idp_oidc_config_model.go | 122 +++++++++++++ internal/v2/domain/oidc_mapping_field.go | 3 +- internal/v2/query/idp_config_model.go | 8 +- internal/v2/query/oidc_config_model.go | 16 +- internal/v2/repository/iam/idp_config.go | 17 +- internal/v2/repository/iam/idp_oidc_config.go | 17 +- .../v2/repository/idpconfig/idp_config.go | 41 ++++- .../v2/repository/idpconfig/oidc_config.go | 63 ++++++- internal/v2/repository/org/idp_config.go | 168 ++++++++++++++++++ internal/v2/repository/org/idp_oidc_config.go | 86 +++++++++ pkg/grpc/admin/proto/admin.proto | 47 ++--- pkg/grpc/management/proto/management.proto | 52 +++--- 42 files changed, 1070 insertions(+), 348 deletions(-) create mode 100644 internal/v2/command/org_idp_config.go create mode 100644 internal/v2/command/org_idp_config_model.go create mode 100644 internal/v2/command/org_idp_oidc_config.go create mode 100644 internal/v2/command/org_idp_oidc_config_model.go create mode 100644 internal/v2/repository/org/idp_config.go create mode 100644 internal/v2/repository/org/idp_oidc_config.go diff --git a/internal/admin/repository/iam.go b/internal/admin/repository/iam.go index fbef0ab270..4c045ab935 100644 --- a/internal/admin/repository/iam.go +++ b/internal/admin/repository/iam.go @@ -12,11 +12,9 @@ type IAMRepository interface { GetIAMMemberRoles() []string SearchIDPConfigs(ctx context.Context, request *iam_model.IDPConfigSearchRequest) (*iam_model.IDPConfigSearchResponse, error) - RemoveIDPConfig(ctx context.Context, idpConfigID string) error GetDefaultLoginPolicy(ctx context.Context) (*iam_model.LoginPolicyView, error) SearchDefaultIDPProviders(ctx context.Context, request *iam_model.IDPProviderSearchRequest) (*iam_model.IDPProviderSearchResponse, error) - RemoveIDPProviderFromLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) error SearchDefaultSecondFactors(ctx context.Context) (*iam_model.SecondFactorsSearchResponse, error) SearchDefaultMultiFactors(ctx context.Context) (*iam_model.MultiFactorsSearchResponse, error) diff --git a/internal/admin/repository/org.go b/internal/admin/repository/org.go index 315f94594b..3614a3c461 100644 --- a/internal/admin/repository/org.go +++ b/internal/admin/repository/org.go @@ -14,5 +14,4 @@ type OrgRepository interface { SearchOrgs(ctx context.Context, query *org_model.OrgSearchRequest) (*org_model.OrgSearchResult, error) GetOrgIAMPolicyByID(ctx context.Context, id string) (*iam_model.OrgIAMPolicyView, error) - RemoveOrgIAMPolicy(ctx context.Context, id string) error } diff --git a/internal/api/grpc/admin/iam_member_converter.go b/internal/api/grpc/admin/iam_member_converter.go index 5df58491fe..9dba233b84 100644 --- a/internal/api/grpc/admin/iam_member_converter.go +++ b/internal/api/grpc/admin/iam_member_converter.go @@ -4,6 +4,7 @@ import ( "github.com/caos/logging" "github.com/caos/zitadel/internal/v2/domain" "github.com/golang/protobuf/ptypes" + "google.golang.org/protobuf/types/known/timestamppb" iam_model "github.com/caos/zitadel/internal/iam/model" "github.com/caos/zitadel/internal/model" @@ -19,18 +20,11 @@ func changeIamMemberToDomain(member *admin.ChangeIamMemberRequest) *domain.Membe } func iamMemberFromDomain(member *domain.Member) *admin.IamMember { - creationDate, err := ptypes.TimestampProto(member.CreationDate) - logging.Log("GRPC-Lsp76").OnError(err).Debug("date parse failed") - - changeDate, err := ptypes.TimestampProto(member.ChangeDate) - logging.Log("GRPC-3fG5s").OnError(err).Debug("date parse failed") - return &admin.IamMember{ - UserId: member.UserID, - CreationDate: creationDate, - ChangeDate: changeDate, - Roles: member.Roles, - Sequence: member.Sequence, + UserId: member.UserID, + ChangeDate: timestamppb.New(member.ChangeDate), + Roles: member.Roles, + Sequence: member.Sequence, } } diff --git a/internal/api/grpc/admin/idp_config.go b/internal/api/grpc/admin/idp_config.go index e5c04bd390..f949385627 100644 --- a/internal/api/grpc/admin/idp_config.go +++ b/internal/api/grpc/admin/idp_config.go @@ -31,20 +31,14 @@ func (s *Server) UpdateIdpConfig(ctx context.Context, idpConfig *admin.IdpUpdate return idpFromDomain(config), nil } -func (s *Server) DeactivateIdpConfig(ctx context.Context, id *admin.IdpID) (*admin.Idp, error) { - config, err := s.command.DeactivateDefaultIDPConfig(ctx, id.Id) - if err != nil { - return nil, err - } - return idpFromDomain(config), nil +func (s *Server) DeactivateIdpConfig(ctx context.Context, id *admin.IdpID) (*empty.Empty, error) { + err := s.command.DeactivateDefaultIDPConfig(ctx, id.Id) + return &empty.Empty{}, err } -func (s *Server) ReactivateIdpConfig(ctx context.Context, id *admin.IdpID) (*admin.Idp, error) { - config, err := s.command.ReactivateDefaultIDPConfig(ctx, id.Id) - if err != nil { - return nil, err - } - return idpFromDomain(config), nil +func (s *Server) ReactivateIdpConfig(ctx context.Context, id *admin.IdpID) (*empty.Empty, error) { + err := s.command.ReactivateDefaultIDPConfig(ctx, id.Id) + return &empty.Empty{}, err } func (s *Server) RemoveIdpConfig(ctx context.Context, id *admin.IdpID) (*empty.Empty, error) { diff --git a/internal/api/grpc/admin/idp_config_converter.go b/internal/api/grpc/admin/idp_config_converter.go index 4a78c7b2a0..f14d20a42d 100644 --- a/internal/api/grpc/admin/idp_config_converter.go +++ b/internal/api/grpc/admin/idp_config_converter.go @@ -6,6 +6,7 @@ import ( "github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/pkg/grpc/admin" "github.com/golang/protobuf/ptypes" + "google.golang.org/protobuf/types/known/timestamppb" ) func createOIDCIDPToDomain(idp *admin.OidcIdpConfigCreate) *domain.IDPConfig { @@ -45,21 +46,14 @@ func updateOIDCIDPToDomain(idp *admin.OidcIdpConfigUpdate) *domain.OIDCIDPConfig } func idpFromDomain(idp *domain.IDPConfig) *admin.Idp { - creationDate, err := ptypes.TimestampProto(idp.CreationDate) - logging.Log("GRPC-8dju8").OnError(err).Debug("date parse failed") - - changeDate, err := ptypes.TimestampProto(idp.ChangeDate) - logging.Log("GRPC-Dsj8i").OnError(err).Debug("date parse failed") - return &admin.Idp{ - Id: idp.IDPConfigID, - CreationDate: creationDate, - ChangeDate: changeDate, - Sequence: idp.Sequence, - Name: idp.Name, - StylingType: idpConfigStylingTypeFromDomain(idp.StylingType), - State: idpConfigStateFromDomain(idp.State), - IdpConfig: idpConfigFromDomain(idp), + Id: idp.IDPConfigID, + ChangeDate: timestamppb.New(idp.ChangeDate), + Sequence: idp.Sequence, + Name: idp.Name, + StylingType: idpConfigStylingTypeFromDomain(idp.StylingType), + State: idpConfigStateFromDomain(idp.State), + IdpConfig: idpConfigFromDomain(idp), } } diff --git a/internal/api/grpc/admin/label_policy_converter.go b/internal/api/grpc/admin/label_policy_converter.go index e2cd9effcb..14e15ea3a1 100644 --- a/internal/api/grpc/admin/label_policy_converter.go +++ b/internal/api/grpc/admin/label_policy_converter.go @@ -6,6 +6,7 @@ import ( "github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/pkg/grpc/admin" "github.com/golang/protobuf/ptypes" + "google.golang.org/protobuf/types/known/timestamppb" ) func labelPolicyToDomain(policy *admin.DefaultLabelPolicyUpdate) *domain.LabelPolicy { @@ -16,17 +17,10 @@ func labelPolicyToDomain(policy *admin.DefaultLabelPolicyUpdate) *domain.LabelPo } func labelPolicyFromDomain(policy *domain.LabelPolicy) *admin.DefaultLabelPolicy { - creationDate, err := ptypes.TimestampProto(policy.CreationDate) - logging.Log("ADMIN-QwQG9").OnError(err).Debug("date parse failed") - - changeDate, err := ptypes.TimestampProto(policy.ChangeDate) - logging.Log("ADMIN-mAgcI").OnError(err).Debug("date parse failed") - return &admin.DefaultLabelPolicy{ PrimaryColor: policy.PrimaryColor, SecondaryColor: policy.SecondaryColor, - CreationDate: creationDate, - ChangeDate: changeDate, + ChangeDate: timestamppb.New(policy.ChangeDate), } } diff --git a/internal/api/grpc/admin/login_policy_converter.go b/internal/api/grpc/admin/login_policy_converter.go index a00eebfd92..1ae851b4b4 100644 --- a/internal/api/grpc/admin/login_policy_converter.go +++ b/internal/api/grpc/admin/login_policy_converter.go @@ -6,6 +6,7 @@ import ( "github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/pkg/grpc/admin" "github.com/golang/protobuf/ptypes" + "google.golang.org/protobuf/types/known/timestamppb" ) func loginPolicyToDomain(policy *admin.DefaultLoginPolicyRequest) *domain.LoginPolicy { @@ -19,20 +20,13 @@ func loginPolicyToDomain(policy *admin.DefaultLoginPolicyRequest) *domain.LoginP } func loginPolicyFromDomain(policy *domain.LoginPolicy) *admin.DefaultLoginPolicy { - creationDate, err := ptypes.TimestampProto(policy.CreationDate) - logging.Log("GRPC-3Fsm9").OnError(err).Debug("date parse failed") - - changeDate, err := ptypes.TimestampProto(policy.ChangeDate) - logging.Log("GRPC-5Gsko").OnError(err).Debug("date parse failed") - return &admin.DefaultLoginPolicy{ AllowUsernamePassword: policy.AllowUsernamePassword, AllowExternalIdp: policy.AllowExternalIdp, AllowRegister: policy.AllowRegister, ForceMfa: policy.ForceMFA, PasswordlessType: passwordlessTypeFromDomain(policy.PasswordlessType), - CreationDate: creationDate, - ChangeDate: changeDate, + ChangeDate: timestamppb.New(policy.ChangeDate), } } diff --git a/internal/api/grpc/admin/org_converter.go b/internal/api/grpc/admin/org_converter.go index 803431355b..f27161868d 100644 --- a/internal/api/grpc/admin/org_converter.go +++ b/internal/api/grpc/admin/org_converter.go @@ -3,6 +3,7 @@ package admin import ( "github.com/caos/logging" "github.com/golang/protobuf/ptypes" + "google.golang.org/protobuf/types/known/timestamppb" iam_model "github.com/caos/zitadel/internal/iam/model" "github.com/caos/zitadel/internal/v2/domain" @@ -57,34 +58,26 @@ func orgViewsFromModel(orgs []*org_model.OrgView) []*admin.Org { } func orgFromModel(org *org_model.Org) *admin.Org { - creationDate, err := ptypes.TimestampProto(org.CreationDate) - logging.Log("GRPC-GTHsZ").OnError(err).Debug("unable to get timestamp from time") - changeDate, err := ptypes.TimestampProto(org.ChangeDate) logging.Log("GRPC-dVnoj").OnError(err).Debug("unable to get timestamp from time") return &admin.Org{ - ChangeDate: changeDate, - CreationDate: creationDate, - Id: org.AggregateID, - Name: org.Name, - State: orgStateFromModel(org.State), + ChangeDate: changeDate, + Id: org.AggregateID, + Name: org.Name, + State: orgStateFromModel(org.State), } } func orgViewFromModel(org *org_model.OrgView) *admin.Org { - creationDate, err := ptypes.TimestampProto(org.CreationDate) - logging.Log("GRPC-GTHsZ").OnError(err).Debug("unable to get timestamp from time") - changeDate, err := ptypes.TimestampProto(org.ChangeDate) logging.Log("GRPC-dVnoj").OnError(err).Debug("unable to get timestamp from time") return &admin.Org{ - ChangeDate: changeDate, - CreationDate: creationDate, - Id: org.ID, - Name: org.Name, - State: orgStateFromModel(org.State), + ChangeDate: changeDate, + Id: org.ID, + Name: org.Name, + State: orgStateFromModel(org.State), } } @@ -193,17 +186,10 @@ func orgQueryMethodToModel(method admin.OrgSearchMethod) model.SearchMethod { } func orgIAMPolicyFromDomain(policy *domain.OrgIAMPolicy) *admin.OrgIamPolicy { - creationDate, err := ptypes.TimestampProto(policy.CreationDate) - logging.Log("GRPC-ush36").OnError(err).Debug("unable to get timestamp from time") - - changeDate, err := ptypes.TimestampProto(policy.ChangeDate) - logging.Log("GRPC-Ps9fW").OnError(err).Debug("unable to get timestamp from time") - return &admin.OrgIamPolicy{ OrgId: policy.AggregateID, UserLoginMustBeDomain: policy.UserLoginMustBeDomain, - CreationDate: creationDate, - ChangeDate: changeDate, + ChangeDate: timestamppb.New(policy.ChangeDate), } } diff --git a/internal/api/grpc/admin/password_age_policy_converter.go b/internal/api/grpc/admin/password_age_policy_converter.go index f1ba6e0467..8f3769b769 100644 --- a/internal/api/grpc/admin/password_age_policy_converter.go +++ b/internal/api/grpc/admin/password_age_policy_converter.go @@ -6,6 +6,7 @@ import ( "github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/pkg/grpc/admin" "github.com/golang/protobuf/ptypes" + "google.golang.org/protobuf/types/known/timestamppb" ) func passwordAgePolicyToDomain(policy *admin.DefaultPasswordAgePolicyRequest) *domain.PasswordAgePolicy { @@ -16,17 +17,10 @@ func passwordAgePolicyToDomain(policy *admin.DefaultPasswordAgePolicyRequest) *d } func passwordAgePolicyFromDomain(policy *domain.PasswordAgePolicy) *admin.DefaultPasswordAgePolicy { - creationDate, err := ptypes.TimestampProto(policy.CreationDate) - logging.Log("GRPC-mH9os").OnError(err).Debug("date parse failed") - - changeDate, err := ptypes.TimestampProto(policy.ChangeDate) - logging.Log("GRPC-3tGs9").OnError(err).Debug("date parse failed") - return &admin.DefaultPasswordAgePolicy{ MaxAgeDays: policy.MaxAgeDays, ExpireWarnDays: policy.ExpireWarnDays, - CreationDate: creationDate, - ChangeDate: changeDate, + ChangeDate: timestamppb.New(policy.ChangeDate), } } diff --git a/internal/api/grpc/admin/password_complexity_policy_converter.go b/internal/api/grpc/admin/password_complexity_policy_converter.go index d2a3609cbf..9527d52c34 100644 --- a/internal/api/grpc/admin/password_complexity_policy_converter.go +++ b/internal/api/grpc/admin/password_complexity_policy_converter.go @@ -6,6 +6,7 @@ import ( "github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/pkg/grpc/admin" "github.com/golang/protobuf/ptypes" + "google.golang.org/protobuf/types/known/timestamppb" ) func passwordComplexityPolicyToDomain(policy *admin.DefaultPasswordComplexityPolicyRequest) *domain.PasswordComplexityPolicy { @@ -19,20 +20,13 @@ func passwordComplexityPolicyToDomain(policy *admin.DefaultPasswordComplexityPol } func passwordComplexityPolicyFromDomain(policy *domain.PasswordComplexityPolicy) *admin.DefaultPasswordComplexityPolicy { - creationDate, err := ptypes.TimestampProto(policy.CreationDate) - logging.Log("GRPC-6Zhs9").OnError(err).Debug("date parse failed") - - changeDate, err := ptypes.TimestampProto(policy.ChangeDate) - logging.Log("GRPC-bMso0").OnError(err).Debug("date parse failed") - return &admin.DefaultPasswordComplexityPolicy{ MinLength: policy.MinLength, HasUppercase: policy.HasUppercase, HasLowercase: policy.HasLowercase, HasNumber: policy.HasNumber, HasSymbol: policy.HasSymbol, - CreationDate: creationDate, - ChangeDate: changeDate, + ChangeDate: timestamppb.New(policy.ChangeDate), } } diff --git a/internal/api/grpc/admin/password_lockout_policy_converter.go b/internal/api/grpc/admin/password_lockout_policy_converter.go index 3fd8ddde32..24794a6345 100644 --- a/internal/api/grpc/admin/password_lockout_policy_converter.go +++ b/internal/api/grpc/admin/password_lockout_policy_converter.go @@ -6,6 +6,7 @@ import ( "github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/pkg/grpc/admin" "github.com/golang/protobuf/ptypes" + "google.golang.org/protobuf/types/known/timestamppb" ) func passwordLockoutPolicyToDomain(policy *admin.DefaultPasswordLockoutPolicyRequest) *domain.PasswordLockoutPolicy { @@ -16,17 +17,10 @@ func passwordLockoutPolicyToDomain(policy *admin.DefaultPasswordLockoutPolicyReq } func passwordLockoutPolicyFromDomain(policy *domain.PasswordLockoutPolicy) *admin.DefaultPasswordLockoutPolicy { - creationDate, err := ptypes.TimestampProto(policy.CreationDate) - logging.Log("GRPC-4Gsm9f").OnError(err).Debug("date parse failed") - - changeDate, err := ptypes.TimestampProto(policy.ChangeDate) - logging.Log("GRPC-3Gms9").OnError(err).Debug("date parse failed") - return &admin.DefaultPasswordLockoutPolicy{ MaxAttempts: policy.MaxAttempts, ShowLockoutFailure: policy.ShowLockOutFailures, - CreationDate: creationDate, - ChangeDate: changeDate, + ChangeDate: timestamppb.New(policy.ChangeDate), } } diff --git a/internal/api/grpc/management/idp_config.go b/internal/api/grpc/management/idp_config.go index dacc7cc2ff..57b83d5596 100644 --- a/internal/api/grpc/management/idp_config.go +++ b/internal/api/grpc/management/idp_config.go @@ -2,8 +2,10 @@ package management import ( "context" + "github.com/golang/protobuf/ptypes/empty" + "github.com/caos/zitadel/internal/api/authz" "github.com/caos/zitadel/pkg/grpc/management" ) @@ -16,48 +18,42 @@ func (s *Server) IdpByID(ctx context.Context, id *management.IdpID) (*management } func (s *Server) CreateOidcIdp(ctx context.Context, oidcIdpConfig *management.OidcIdpConfigCreate) (*management.Idp, error) { - config, err := s.org.AddOIDCIDPConfig(ctx, createOidcIdpToModel(oidcIdpConfig)) + config, err := s.command.AddIDPConfig(ctx, createOidcIdpToDomain(oidcIdpConfig)) if err != nil { return nil, err } - return idpFromModel(config), nil + return idpFromDomain(config), nil } func (s *Server) UpdateIdpConfig(ctx context.Context, idpConfig *management.IdpUpdate) (*management.Idp, error) { - config, err := s.org.ChangeIDPConfig(ctx, updateIdpToModel(idpConfig)) + config, err := s.command.ChangeIDPConfig(ctx, updateIdpToDomain(ctx, idpConfig)) if err != nil { return nil, err } - return idpFromModel(config), nil + return idpFromDomain(config), nil } -func (s *Server) DeactivateIdpConfig(ctx context.Context, id *management.IdpID) (*management.Idp, error) { - config, err := s.org.DeactivateIDPConfig(ctx, id.Id) - if err != nil { - return nil, err - } - return idpFromModel(config), nil +func (s *Server) DeactivateIdpConfig(ctx context.Context, id *management.IdpID) (*empty.Empty, error) { + err := s.command.DeactivateIDPConfig(ctx, id.Id, authz.GetCtxData(ctx).OrgID) + return &empty.Empty{}, err } -func (s *Server) ReactivateIdpConfig(ctx context.Context, id *management.IdpID) (*management.Idp, error) { - config, err := s.org.ReactivateIDPConfig(ctx, id.Id) - if err != nil { - return nil, err - } - return idpFromModel(config), nil +func (s *Server) ReactivateIdpConfig(ctx context.Context, id *management.IdpID) (*empty.Empty, error) { + err := s.command.ReactivateIDPConfig(ctx, id.Id, authz.GetCtxData(ctx).OrgID) + return &empty.Empty{}, err } func (s *Server) RemoveIdpConfig(ctx context.Context, id *management.IdpID) (*empty.Empty, error) { - err := s.org.RemoveIDPConfig(ctx, id.Id) + err := s.command.RemoveIDPConfig(ctx, id.Id, authz.GetCtxData(ctx).OrgID) return &empty.Empty{}, err } func (s *Server) UpdateOidcIdpConfig(ctx context.Context, request *management.OidcIdpConfigUpdate) (*management.OidcIdpConfig, error) { - config, err := s.org.ChangeOIDCIDPConfig(ctx, updateOidcIdpToModel(request)) + config, err := s.command.ChangeIDPOIDCConfig(ctx, updateOidcIdpToDomain(ctx, request)) if err != nil { return nil, err } - return oidcIdpConfigFromModel(config), nil + return oidcIdpConfigFromDomain(config), nil } func (s *Server) SearchIdps(ctx context.Context, request *management.IdpSearchRequest) (*management.IdpSearchResponse, error) { diff --git a/internal/api/grpc/management/idp_config_converter.go b/internal/api/grpc/management/idp_config_converter.go index bb12a7da86..4741673424 100644 --- a/internal/api/grpc/management/idp_config_converter.go +++ b/internal/api/grpc/management/idp_config_converter.go @@ -1,66 +1,72 @@ package management import ( + "context" + "github.com/caos/logging" + "github.com/caos/zitadel/internal/api/authz" caos_errors "github.com/caos/zitadel/internal/errors" + "github.com/caos/zitadel/internal/eventstore/models" iam_model "github.com/caos/zitadel/internal/iam/model" + "github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/pkg/grpc/management" "github.com/golang/protobuf/ptypes" + "google.golang.org/protobuf/types/known/timestamppb" + "strconv" ) -func createOidcIdpToModel(idp *management.OidcIdpConfigCreate) *iam_model.IDPConfig { - return &iam_model.IDPConfig{ +func createOidcIdpToDomain(idp *management.OidcIdpConfigCreate) *domain.IDPConfig { + return &domain.IDPConfig{ Name: idp.Name, - StylingType: idpConfigStylingTypeToModel(idp.StylingType), - Type: iam_model.IDPConfigTypeOIDC, - OIDCConfig: &iam_model.OIDCIDPConfig{ + StylingType: idpConfigStylingTypeToDomain(idp.StylingType), + Type: domain.IDPConfigTypeOIDC, + OIDCConfig: &domain.OIDCIDPConfig{ ClientID: idp.ClientId, ClientSecretString: idp.ClientSecret, Issuer: idp.Issuer, Scopes: idp.Scopes, - IDPDisplayNameMapping: oidcMappingFieldToModel(idp.IdpDisplayNameMapping), - UsernameMapping: oidcMappingFieldToModel(idp.UsernameMapping), + IDPDisplayNameMapping: oidcMappingFieldToDomain(idp.IdpDisplayNameMapping), + UsernameMapping: oidcMappingFieldToDomain(idp.UsernameMapping), }, } } -func updateIdpToModel(idp *management.IdpUpdate) *iam_model.IDPConfig { - return &iam_model.IDPConfig{ +func updateIdpToDomain(ctx context.Context, idp *management.IdpUpdate) *domain.IDPConfig { + return &domain.IDPConfig{ + ObjectRoot: models.ObjectRoot{ + AggregateID: authz.GetCtxData(ctx).OrgID, + }, IDPConfigID: idp.Id, Name: idp.Name, - StylingType: idpConfigStylingTypeToModel(idp.StylingType), + StylingType: idpConfigStylingTypeToDomain(idp.StylingType), } } -func updateOidcIdpToModel(idp *management.OidcIdpConfigUpdate) *iam_model.OIDCIDPConfig { - return &iam_model.OIDCIDPConfig{ +func updateOidcIdpToDomain(ctx context.Context, idp *management.OidcIdpConfigUpdate) *domain.OIDCIDPConfig { + return &domain.OIDCIDPConfig{ + ObjectRoot: models.ObjectRoot{ + AggregateID: authz.GetCtxData(ctx).OrgID, + }, IDPConfigID: idp.IdpId, ClientID: idp.ClientId, ClientSecretString: idp.ClientSecret, Issuer: idp.Issuer, Scopes: idp.Scopes, - IDPDisplayNameMapping: oidcMappingFieldToModel(idp.IdpDisplayNameMapping), - UsernameMapping: oidcMappingFieldToModel(idp.UsernameMapping), + IDPDisplayNameMapping: oidcMappingFieldToDomain(idp.IdpDisplayNameMapping), + UsernameMapping: oidcMappingFieldToDomain(idp.UsernameMapping), } } -func idpFromModel(idp *iam_model.IDPConfig) *management.Idp { - creationDate, err := ptypes.TimestampProto(idp.CreationDate) - logging.Log("GRPC-8dju8").OnError(err).Debug("date parse failed") - - changeDate, err := ptypes.TimestampProto(idp.ChangeDate) - logging.Log("GRPC-Dsj8i").OnError(err).Debug("date parse failed") - +func idpFromDomain(idp *domain.IDPConfig) *management.Idp { return &management.Idp{ - Id: idp.IDPConfigID, - CreationDate: creationDate, - ChangeDate: changeDate, - Sequence: idp.Sequence, - Name: idp.Name, - StylingType: idpConfigStylingTypeFromModel(idp.StylingType), - State: idpConfigStateFromModel(idp.State), - IdpConfig: idpConfigFromModel(idp), + Id: idp.IDPConfigID, + ChangeDate: timestamppb.New(idp.ChangeDate), + Sequence: idp.Sequence, + Name: idp.Name, + StylingType: idpConfigStylingTypeFromDomain(idp.StylingType), + State: idpConfigStateFromDomain(idp.State), + IdpConfig: idpConfigFromDomain(idp), } } @@ -84,6 +90,15 @@ func idpViewFromModel(idp *iam_model.IDPConfigView) *management.IdpView { } } +func idpConfigFromDomain(idp *domain.IDPConfig) *management.Idp_OidcConfig { + if idp.Type == domain.IDPConfigTypeOIDC { + return &management.Idp_OidcConfig{ + OidcConfig: oidcIdpConfigFromDomain(idp.OIDCConfig), + } + } + return nil +} + func idpConfigFromModel(idp *iam_model.IDPConfig) *management.Idp_OidcConfig { if idp.Type == iam_model.IDPConfigTypeOIDC { return &management.Idp_OidcConfig{ @@ -93,6 +108,16 @@ func idpConfigFromModel(idp *iam_model.IDPConfig) *management.Idp_OidcConfig { return nil } +func oidcIdpConfigFromDomain(idp *domain.OIDCIDPConfig) *management.OidcIdpConfig { + return &management.OidcIdpConfig{ + ClientId: idp.ClientID, + Issuer: idp.Issuer, + Scopes: idp.Scopes, + IdpDisplayNameMapping: oidcMappingFieldFromDomain(idp.IDPDisplayNameMapping), + UsernameMapping: oidcMappingFieldFromDomain(idp.UsernameMapping), + } +} + func oidcIdpConfigFromModel(idp *iam_model.OIDCIDPConfig) *management.OidcIdpConfig { return &management.OidcIdpConfig{ ClientId: idp.ClientID, @@ -122,6 +147,17 @@ func oidcIdpConfigViewFromModel(idp *iam_model.IDPConfigView) *management.OidcId } } +func idpConfigStateFromDomain(state domain.IDPConfigState) management.IdpState { + switch state { + case domain.IDPConfigStateActive: + return management.IdpState_IDPCONFIGSTATE_ACTIVE + case domain.IDPConfigStateInactive: + return management.IdpState_IDPCONFIGSTATE_INACTIVE + default: + return management.IdpState_IDPCONFIGSTATE_UNSPECIFIED + } +} + func idpConfigStateFromModel(state iam_model.IDPConfigState) management.IdpState { switch state { case iam_model.IDPConfigStateActive: @@ -210,6 +246,17 @@ func idpConfigsFromView(viewIdps []*iam_model.IDPConfigView) []*management.IdpVi return idps } +func oidcMappingFieldFromDomain(field domain.OIDCMappingField) management.OIDCMappingField { + switch field { + case domain.OIDCMappingFieldPreferredLoginName: + return management.OIDCMappingField_OIDCMAPPINGFIELD_PREFERRED_USERNAME + case domain.OIDCMappingFieldEmail: + return management.OIDCMappingField_OIDCMAPPINGFIELD_EMAIL + default: + return management.OIDCMappingField_OIDCMAPPINGFIELD_UNSPECIFIED + } +} + func oidcMappingFieldFromModel(field iam_model.OIDCMappingField) management.OIDCMappingField { switch field { case iam_model.OIDCMappingFieldPreferredLoginName: @@ -221,6 +268,17 @@ func oidcMappingFieldFromModel(field iam_model.OIDCMappingField) management.OIDC } } +func oidcMappingFieldToDomain(field management.OIDCMappingField) domain.OIDCMappingField { + switch field { + case management.OIDCMappingField_OIDCMAPPINGFIELD_PREFERRED_USERNAME: + return domain.OIDCMappingFieldPreferredLoginName + case management.OIDCMappingField_OIDCMAPPINGFIELD_EMAIL: + return domain.OIDCMappingFieldEmail + default: + return domain.OIDCMappingFieldUnspecified + } +} + func oidcMappingFieldToModel(field management.OIDCMappingField) iam_model.OIDCMappingField { switch field { case management.OIDCMappingField_OIDCMAPPINGFIELD_PREFERRED_USERNAME: @@ -232,6 +290,15 @@ func oidcMappingFieldToModel(field management.OIDCMappingField) iam_model.OIDCMa } } +func idpConfigStylingTypeFromDomain(stylingType domain.IDPConfigStylingType) management.IdpStylingType { + switch stylingType { + case domain.IDPConfigStylingTypeGoogle: + return management.IdpStylingType_IDPSTYLINGTYPE_GOOGLE + default: + return management.IdpStylingType_IDPSTYLINGTYPE_UNSPECIFIED + } +} + func idpConfigStylingTypeFromModel(stylingType iam_model.IDPStylingType) management.IdpStylingType { switch stylingType { case iam_model.IDPStylingTypeGoogle: @@ -241,12 +308,12 @@ func idpConfigStylingTypeFromModel(stylingType iam_model.IDPStylingType) managem } } -func idpConfigStylingTypeToModel(stylingType management.IdpStylingType) iam_model.IDPStylingType { +func idpConfigStylingTypeToDomain(stylingType management.IdpStylingType) domain.IDPConfigStylingType { switch stylingType { case management.IdpStylingType_IDPSTYLINGTYPE_GOOGLE: - return iam_model.IDPStylingTypeGoogle + return domain.IDPConfigStylingTypeGoogle default: - return iam_model.IDPStylingTypeUnspecified + return domain.IDPConfigStylingTypeUnspecified } } diff --git a/internal/api/grpc/management/login_policy_converter.go b/internal/api/grpc/management/login_policy_converter.go index b1e6b68b8a..b1aa9816f5 100644 --- a/internal/api/grpc/management/login_policy_converter.go +++ b/internal/api/grpc/management/login_policy_converter.go @@ -32,7 +32,6 @@ func loginPolicyFromDomain(policy *domain.LoginPolicy) *management.LoginPolicy { AllowUsernamePassword: policy.AllowUsernamePassword, AllowExternalIdp: policy.AllowExternalIdp, AllowRegister: policy.AllowRegister, - CreationDate: timestamppb.New(policy.CreationDate), ChangeDate: timestamppb.New(policy.ChangeDate), ForceMfa: policy.ForceMFA, PasswordlessType: passwordlessTypeFromDomain(policy.PasswordlessType), diff --git a/internal/api/grpc/management/org_converter.go b/internal/api/grpc/management/org_converter.go index 48e1779719..e0b7305fdd 100644 --- a/internal/api/grpc/management/org_converter.go +++ b/internal/api/grpc/management/org_converter.go @@ -23,11 +23,10 @@ import ( func orgFromDomain(org *domain.Org) *management.Org { return &management.Org{ - ChangeDate: timestamppb.New(org.ChangeDate), - CreationDate: timestamppb.New(org.CreationDate), - Id: org.AggregateID, - Name: org.Name, - State: orgStateFromDomain(org.State), + ChangeDate: timestamppb.New(org.ChangeDate), + Id: org.AggregateID, + Name: org.Name, + State: orgStateFromDomain(org.State), } } @@ -139,12 +138,11 @@ func removeOrgDomainToDomain(ctx context.Context, ordDomain *management.RemoveOr func orgDomainFromDomain(orgDomain *domain.OrgDomain) *management.OrgDomain { return &management.OrgDomain{ - ChangeDate: timestamppb.New(orgDomain.ChangeDate), - CreationDate: timestamppb.New(orgDomain.CreationDate), - OrgId: orgDomain.AggregateID, - Domain: orgDomain.Domain, - Verified: orgDomain.Verified, - Primary: orgDomain.Primary, + ChangeDate: timestamppb.New(orgDomain.ChangeDate), + OrgId: orgDomain.AggregateID, + Domain: orgDomain.Domain, + Verified: orgDomain.Verified, + Primary: orgDomain.Primary, } } diff --git a/internal/api/grpc/management/org_member_converter.go b/internal/api/grpc/management/org_member_converter.go index 0cba99789b..c7445b9fc3 100644 --- a/internal/api/grpc/management/org_member_converter.go +++ b/internal/api/grpc/management/org_member_converter.go @@ -24,11 +24,10 @@ func changeOrgMemberToModel(ctx context.Context, member *management.ChangeOrgMem func orgMemberFromDomain(member *domain.Member) *management.OrgMember { return &management.OrgMember{ - UserId: member.UserID, - CreationDate: timestamppb.New(member.CreationDate), - ChangeDate: timestamppb.New(member.ChangeDate), - Roles: member.Roles, - Sequence: member.Sequence, + UserId: member.UserID, + ChangeDate: timestamppb.New(member.ChangeDate), + Roles: member.Roles, + Sequence: member.Sequence, } } diff --git a/internal/api/grpc/management/password_age_policy_converter.go b/internal/api/grpc/management/password_age_policy_converter.go index bae10bca53..a0f531ee4b 100644 --- a/internal/api/grpc/management/password_age_policy_converter.go +++ b/internal/api/grpc/management/password_age_policy_converter.go @@ -27,7 +27,6 @@ func passwordAgePolicyFromDomain(policy *domain.PasswordAgePolicy) *management.P return &management.PasswordAgePolicy{ MaxAgeDays: policy.MaxAgeDays, ExpireWarnDays: policy.ExpireWarnDays, - CreationDate: timestamppb.New(policy.CreationDate), ChangeDate: timestamppb.New(policy.ChangeDate), } } diff --git a/internal/api/grpc/management/password_complexity_policy_converter.go b/internal/api/grpc/management/password_complexity_policy_converter.go index 971c887995..eacdff599d 100644 --- a/internal/api/grpc/management/password_complexity_policy_converter.go +++ b/internal/api/grpc/management/password_complexity_policy_converter.go @@ -33,7 +33,6 @@ func passwordComplexityPolicyFromDomain(policy *domain.PasswordComplexityPolicy) HasUppercase: policy.HasUppercase, HasSymbol: policy.HasSymbol, HasNumber: policy.HasNumber, - CreationDate: timestamppb.New(policy.CreationDate), ChangeDate: timestamppb.New(policy.ChangeDate), } } diff --git a/internal/api/grpc/management/password_lockout_policy_converter.go b/internal/api/grpc/management/password_lockout_policy_converter.go index 8aaf4d83e1..7fb8950bab 100644 --- a/internal/api/grpc/management/password_lockout_policy_converter.go +++ b/internal/api/grpc/management/password_lockout_policy_converter.go @@ -27,7 +27,6 @@ func passwordLockoutPolicyFromDomain(policy *domain.PasswordLockoutPolicy) *mana return &management.PasswordLockoutPolicy{ MaxAttempts: policy.MaxAttempts, ShowLockoutFailure: policy.ShowLockOutFailures, - CreationDate: timestamppb.New(policy.CreationDate), ChangeDate: timestamppb.New(policy.ChangeDate), } } diff --git a/internal/management/repository/org.go b/internal/management/repository/org.go index 8355d017a5..1538bc7737 100644 --- a/internal/management/repository/org.go +++ b/internal/management/repository/org.go @@ -11,7 +11,6 @@ import ( type OrgRepository interface { OrgByID(ctx context.Context, id string) (*org_model.OrgView, error) OrgByDomainGlobal(ctx context.Context, domain string) (*org_model.OrgView, error) - UpdateOrg(ctx context.Context, org *org_model.Org) (*org_model.Org, error) OrgChanges(ctx context.Context, id string, lastSequence uint64, limit uint64, sortAscending bool) (*org_model.OrgChanges, error) SearchMyOrgDomains(ctx context.Context, request *org_model.OrgDomainSearchRequest) (*org_model.OrgDomainSearchResponse, error) @@ -22,29 +21,14 @@ type OrgRepository interface { SearchIDPConfigs(ctx context.Context, request *iam_model.IDPConfigSearchRequest) (*iam_model.IDPConfigSearchResponse, error) IDPConfigByID(ctx context.Context, id string) (*iam_model.IDPConfigView, error) - AddOIDCIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error) - ChangeIDPConfig(ctx context.Context, idp *iam_model.IDPConfig) (*iam_model.IDPConfig, error) - DeactivateIDPConfig(ctx context.Context, idpConfigID string) (*iam_model.IDPConfig, error) - ReactivateIDPConfig(ctx context.Context, idpConfigID string) (*iam_model.IDPConfig, error) - RemoveIDPConfig(ctx context.Context, idpConfigID string) error - ChangeOIDCIDPConfig(ctx context.Context, oidcConfig *iam_model.OIDCIDPConfig) (*iam_model.OIDCIDPConfig, error) GetMyOrgIamPolicy(ctx context.Context) (*iam_model.OrgIAMPolicyView, error) GetLoginPolicy(ctx context.Context) (*iam_model.LoginPolicyView, error) GetDefaultLoginPolicy(ctx context.Context) (*iam_model.LoginPolicyView, error) - AddLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) - ChangeLoginPolicy(ctx context.Context, policy *iam_model.LoginPolicy) (*iam_model.LoginPolicy, error) - RemoveLoginPolicy(ctx context.Context) error SearchIDPProviders(ctx context.Context, request *iam_model.IDPProviderSearchRequest) (*iam_model.IDPProviderSearchResponse, error) - AddIDPProviderToLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) (*iam_model.IDPProvider, error) - RemoveIDPProviderFromLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) error SearchSecondFactors(ctx context.Context) (*iam_model.SecondFactorsSearchResponse, error) - AddSecondFactorToLoginPolicy(ctx context.Context, mfa iam_model.SecondFactorType) (iam_model.SecondFactorType, error) - RemoveSecondFactorFromLoginPolicy(ctx context.Context, mfa iam_model.SecondFactorType) error SearchMultiFactors(ctx context.Context) (*iam_model.MultiFactorsSearchResponse, error) - AddMultiFactorToLoginPolicy(ctx context.Context, mfa iam_model.MultiFactorType) (iam_model.MultiFactorType, error) - RemoveMultiFactorFromLoginPolicy(ctx context.Context, mfa iam_model.MultiFactorType) error GetPasswordComplexityPolicy(ctx context.Context) (*iam_model.PasswordComplexityPolicyView, error) GetDefaultPasswordComplexityPolicy(ctx context.Context) (*iam_model.PasswordComplexityPolicyView, error) diff --git a/internal/v2/command/iam_converter.go b/internal/v2/command/iam_converter.go index 3782f61a8f..8b8686de0e 100644 --- a/internal/v2/command/iam_converter.go +++ b/internal/v2/command/iam_converter.go @@ -86,7 +86,7 @@ func writeModelToPasswordLockoutPolicy(wm *PasswordLockoutPolicyWriteModel) *dom } } -func writeModelToIDPConfig(wm *IAMIDPConfigWriteModel) *domain.IDPConfig { +func writeModelToIDPConfig(wm *IDPConfigWriteModel) *domain.IDPConfig { return &domain.IDPConfig{ ObjectRoot: writeModelToObjectRoot(wm.WriteModel), OIDCConfig: writeModelToIDPOIDCConfig(wm.OIDCConfig), diff --git a/internal/v2/command/iam_idp_config.go b/internal/v2/command/iam_idp_config.go index 81f8b7b478..62cca6cada 100644 --- a/internal/v2/command/iam_idp_config.go +++ b/internal/v2/command/iam_idp_config.go @@ -55,7 +55,7 @@ func (r *CommandSide) AddDefaultIDPConfig(ctx context.Context, config *domain.ID if err != nil { return nil, err } - return writeModelToIDPConfig(addedConfig), nil + return writeModelToIDPConfig(&addedConfig.IDPConfigWriteModel), nil } func (r *CommandSide) ChangeDefaultIDPConfig(ctx context.Context, config *domain.IDPConfig) (*domain.IDPConfig, error) { @@ -78,44 +78,35 @@ func (r *CommandSide) ChangeDefaultIDPConfig(ctx context.Context, config *domain if err != nil { return nil, err } - return writeModelToIDPConfig(existingIDP), nil + return writeModelToIDPConfig(&existingIDP.IDPConfigWriteModel), nil } -func (r *CommandSide) DeactivateDefaultIDPConfig(ctx context.Context, idpID string) (*domain.IDPConfig, error) { +func (r *CommandSide) DeactivateDefaultIDPConfig(ctx context.Context, idpID string) error { existingIDP, err := r.iamIDPConfigWriteModelByID(ctx, idpID) if err != nil { - return nil, err + return err } if existingIDP.State != domain.IDPConfigStateActive { - return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9so", "Errors.IAM.IDPConfig.NotActive") + return caos_errs.ThrowPreconditionFailed(nil, "IAM-4M9so", "Errors.IAM.IDPConfig.NotActive") } iamAgg := IAMAggregateFromWriteModel(&existingIDP.WriteModel) iamAgg.PushEvents(iam_repo.NewIDPConfigDeactivatedEvent(ctx, idpID)) - err = r.eventstore.PushAggregate(ctx, existingIDP, iamAgg) - if err != nil { - return nil, err - } - return writeModelToIDPConfig(existingIDP), nil + return r.eventstore.PushAggregate(ctx, existingIDP, iamAgg) } -func (r *CommandSide) ReactivateDefaultIDPConfig(ctx context.Context, idpID string) (*domain.IDPConfig, error) { +func (r *CommandSide) ReactivateDefaultIDPConfig(ctx context.Context, idpID string) error { existingIDP, err := r.iamIDPConfigWriteModelByID(ctx, idpID) if err != nil { - return nil, err + return err } if existingIDP.State != domain.IDPConfigStateInactive { - return nil, caos_errs.ThrowPreconditionFailed(nil, "IAM-5Mo0d", "Errors.IAM.IDPConfig.NotInactive") + return caos_errs.ThrowPreconditionFailed(nil, "IAM-5Mo0d", "Errors.IAM.IDPConfig.NotInactive") } iamAgg := IAMAggregateFromWriteModel(&existingIDP.WriteModel) iamAgg.PushEvents(iam_repo.NewIDPConfigReactivatedEvent(ctx, idpID)) - err = r.eventstore.PushAggregate(ctx, existingIDP, iamAgg) - if err != nil { - return nil, err - } - - return writeModelToIDPConfig(existingIDP), nil + return r.eventstore.PushAggregate(ctx, existingIDP, iamAgg) } func (r *CommandSide) RemoveDefaultIDPConfig(ctx context.Context, idpID string) error { diff --git a/internal/v2/command/iam_idp_config_model.go b/internal/v2/command/iam_idp_config_model.go index c7523b5bee..34b3d9ab3e 100644 --- a/internal/v2/command/iam_idp_config_model.go +++ b/internal/v2/command/iam_idp_config_model.go @@ -6,6 +6,7 @@ import ( "github.com/caos/zitadel/internal/eventstore/v2" "github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/repository/iam" + "github.com/caos/zitadel/internal/v2/repository/idpconfig" ) type IAMIDPConfigWriteModel struct { @@ -88,16 +89,19 @@ func (wm *IAMIDPConfigWriteModel) NewChangedEvent( stylingType domain.IDPConfigStylingType, ) (*iam.IDPConfigChangedEvent, bool) { - hasChanged := false - changedEvent := iam.NewIDPConfigChangedEvent(ctx) - changedEvent.ConfigID = configID + changes := make([]idpconfig.IDPConfigChanges, 0) if wm.Name != name { - hasChanged = true - changedEvent.Name = name + changes = append(changes, idpconfig.ChangeName(name)) } if stylingType.Valid() && wm.StylingType != stylingType { - hasChanged = true - changedEvent.StylingType = stylingType + changes = append(changes, idpconfig.ChangeStyleType(stylingType)) } - return changedEvent, hasChanged + if len(changes) == 0 { + return nil, false + } + changeEvent, err := iam.NewIDPConfigChangedEvent(ctx, configID, changes) + if err != nil { + return nil, false + } + return changeEvent, true } diff --git a/internal/v2/command/iam_idp_oidc_config.go b/internal/v2/command/iam_idp_oidc_config.go index fe6b0eb5db..364d0bed37 100644 --- a/internal/v2/command/iam_idp_oidc_config.go +++ b/internal/v2/command/iam_idp_oidc_config.go @@ -19,6 +19,7 @@ func (r *CommandSide) ChangeDefaultIDPOIDCConfig(ctx context.Context, config *do changedEvent, hasChanged, err := existingConfig.NewChangedEvent( ctx, + config.IDPConfigID, config.ClientID, config.Issuer, config.ClientSecretString, diff --git a/internal/v2/command/iam_idp_oidc_config_model.go b/internal/v2/command/iam_idp_oidc_config_model.go index 0c4be89b8f..7bff022c53 100644 --- a/internal/v2/command/iam_idp_oidc_config_model.go +++ b/internal/v2/command/iam_idp_oidc_config_model.go @@ -8,14 +8,15 @@ import ( "github.com/caos/zitadel/internal/eventstore/v2" "github.com/caos/zitadel/internal/v2/domain" "github.com/caos/zitadel/internal/v2/repository/iam" + "github.com/caos/zitadel/internal/v2/repository/idpconfig" ) -type IDPOIDCConfigWriteModel struct { +type IAMIDPOIDCConfigWriteModel struct { OIDCConfigWriteModel } -func NewIAMIDPOIDCConfigWriteModel(idpConfigID string) *IDPOIDCConfigWriteModel { - return &IDPOIDCConfigWriteModel{ +func NewIAMIDPOIDCConfigWriteModel(idpConfigID string) *IAMIDPOIDCConfigWriteModel { + return &IAMIDPOIDCConfigWriteModel{ OIDCConfigWriteModel{ WriteModel: eventstore.WriteModel{ AggregateID: domain.IAMID, @@ -26,7 +27,7 @@ func NewIAMIDPOIDCConfigWriteModel(idpConfigID string) *IDPOIDCConfigWriteModel } } -func (wm *IDPOIDCConfigWriteModel) AppendEvents(events ...eventstore.EventReader) { +func (wm *IAMIDPOIDCConfigWriteModel) AppendEvents(events ...eventstore.EventReader) { for _, event := range events { switch e := event.(type) { case *iam.IDPOIDCConfigAddedEvent: @@ -60,21 +61,22 @@ func (wm *IDPOIDCConfigWriteModel) AppendEvents(events ...eventstore.EventReader } } -func (wm *IDPOIDCConfigWriteModel) Reduce() error { +func (wm *IAMIDPOIDCConfigWriteModel) Reduce() error { if err := wm.OIDCConfigWriteModel.Reduce(); err != nil { return err } return wm.WriteModel.Reduce() } -func (wm *IDPOIDCConfigWriteModel) Query() *eventstore.SearchQueryBuilder { +func (wm *IAMIDPOIDCConfigWriteModel) Query() *eventstore.SearchQueryBuilder { return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType). AggregateIDs(wm.AggregateID). ResourceOwner(wm.ResourceOwner) } -func (wm *IDPOIDCConfigWriteModel) NewChangedEvent( +func (wm *IAMIDPOIDCConfigWriteModel) NewChangedEvent( ctx context.Context, + idpConfigID, clientID, issuer, clientSecretString string, @@ -83,8 +85,8 @@ func (wm *IDPOIDCConfigWriteModel) NewChangedEvent( userNameMapping domain.OIDCMappingField, scopes ...string, ) (*iam.IDPOIDCConfigChangedEvent, bool, error) { - hasChanged := false - changedEvent := iam.NewIDPOIDCConfigChangedEvent(ctx) + + changes := make([]idpconfig.OIDCConfigChanges, 0) var clientSecret *crypto.CryptoValue var err error if clientSecretString != "" { @@ -92,27 +94,29 @@ func (wm *IDPOIDCConfigWriteModel) NewChangedEvent( if err != nil { return nil, false, err } - changedEvent.ClientSecret = clientSecret + changes = append(changes, idpconfig.ChangeClientSecret(clientSecret)) } if wm.ClientID != clientID { - hasChanged = true - changedEvent.ClientID = clientID + changes = append(changes, idpconfig.ChangeClientID(clientID)) } if wm.Issuer != issuer { - hasChanged = true - changedEvent.Issuer = issuer + changes = append(changes, idpconfig.ChangeIssuer(issuer)) } if idpDisplayNameMapping.Valid() && wm.IDPDisplayNameMapping != idpDisplayNameMapping { - hasChanged = true - changedEvent.IDPDisplayNameMapping = idpDisplayNameMapping + changes = append(changes, idpconfig.ChangeIDPDisplayNameMapping(idpDisplayNameMapping)) } if userNameMapping.Valid() && wm.UserNameMapping != userNameMapping { - hasChanged = true - changedEvent.UserNameMapping = userNameMapping + changes = append(changes, idpconfig.ChangeUserNameMapping(userNameMapping)) } if reflect.DeepEqual(wm.Scopes, scopes) { - hasChanged = true - changedEvent.Scopes = scopes + changes = append(changes, idpconfig.ChangeScopes(scopes)) } - return changedEvent, hasChanged, nil + if len(changes) == 0 { + return nil, false, nil + } + changeEvent, err := iam.NewIDPOIDCConfigChangedEvent(ctx, idpConfigID, changes) + if err != nil { + return nil, false, err + } + return changeEvent, true, nil } diff --git a/internal/v2/command/idp_config_model.go b/internal/v2/command/idp_config_model.go index 759e6013fc..80a862e5e8 100644 --- a/internal/v2/command/idp_config_model.go +++ b/internal/v2/command/idp_config_model.go @@ -62,11 +62,11 @@ func (rm *IDPConfigWriteModel) reduceConfigAddedEvent(e *idpconfig.IDPConfigAdde } func (rm *IDPConfigWriteModel) reduceConfigChangedEvent(e *idpconfig.IDPConfigChangedEvent) { - if e.Name != "" { - rm.Name = e.Name + if e.Name != nil { + rm.Name = *e.Name } - if e.StylingType.Valid() { - rm.StylingType = e.StylingType + if e.StylingType != nil && e.StylingType.Valid() { + rm.StylingType = *e.StylingType } } diff --git a/internal/v2/command/oidc_config_model.go b/internal/v2/command/oidc_config_model.go index 33f7cb7a23..c1699e96b0 100644 --- a/internal/v2/command/oidc_config_model.go +++ b/internal/v2/command/oidc_config_model.go @@ -52,19 +52,19 @@ func (wm *OIDCConfigWriteModel) reduceConfigAddedEvent(e *idpconfig.OIDCConfigAd } func (wm *OIDCConfigWriteModel) reduceConfigChangedEvent(e *idpconfig.OIDCConfigChangedEvent) { - if e.ClientID != "" { - wm.ClientID = e.ClientID + if e.ClientID != nil { + wm.ClientID = *e.ClientID } - if e.Issuer != "" { - wm.Issuer = e.Issuer + if e.Issuer != nil { + wm.Issuer = *e.Issuer } if len(e.Scopes) > 0 { wm.Scopes = e.Scopes } - if e.IDPDisplayNameMapping.Valid() { - wm.IDPDisplayNameMapping = e.IDPDisplayNameMapping + if e.IDPDisplayNameMapping != nil && e.IDPDisplayNameMapping.Valid() { + wm.IDPDisplayNameMapping = *e.IDPDisplayNameMapping } - if e.UserNameMapping.Valid() { - wm.UserNameMapping = e.UserNameMapping + if e.UserNameMapping != nil && e.UserNameMapping.Valid() { + wm.UserNameMapping = *e.UserNameMapping } } diff --git a/internal/v2/command/org_idp_config.go b/internal/v2/command/org_idp_config.go new file mode 100644 index 0000000000..ce82948a15 --- /dev/null +++ b/internal/v2/command/org_idp_config.go @@ -0,0 +1,146 @@ +package command + +import ( + "context" + + caos_errs "github.com/caos/zitadel/internal/errors" + "github.com/caos/zitadel/internal/telemetry/tracing" + "github.com/caos/zitadel/internal/v2/domain" + + "github.com/caos/zitadel/internal/crypto" + "github.com/caos/zitadel/internal/errors" + "github.com/caos/zitadel/internal/v2/repository/org" + org_repo "github.com/caos/zitadel/internal/v2/repository/org" +) + +func (r *CommandSide) AddIDPConfig(ctx context.Context, config *domain.IDPConfig) (*domain.IDPConfig, error) { + if config.OIDCConfig == nil { + return nil, errors.ThrowInvalidArgument(nil, "Org-eUpQU", "Errors.idp.config.notset") + } + + idpConfigID, err := r.idGenerator.Next() + if err != nil { + return nil, err + } + //TODO: check name unique on aggregate + addedConfig := NewOrgIDPConfigWriteModel(idpConfigID, config.AggregateID) + + clientSecret, err := crypto.Crypt([]byte(config.OIDCConfig.ClientSecretString), r.idpConfigSecretCrypto) + if err != nil { + return nil, err + } + + orgAgg := OrgAggregateFromWriteModel(&addedConfig.WriteModel) + orgAgg.PushEvents( + org_repo.NewIDPConfigAddedEvent( + ctx, + idpConfigID, + config.Name, + config.Type, + config.StylingType, + ), + ) + orgAgg.PushEvents( + org_repo.NewIDPOIDCConfigAddedEvent( + ctx, config.OIDCConfig.ClientID, + idpConfigID, + config.OIDCConfig.Issuer, + clientSecret, + config.OIDCConfig.IDPDisplayNameMapping, + config.OIDCConfig.UsernameMapping, + config.OIDCConfig.Scopes..., + ), + ) + err = r.eventstore.PushAggregate(ctx, addedConfig, orgAgg) + if err != nil { + return nil, err + } + return writeModelToIDPConfig(&addedConfig.IDPConfigWriteModel), nil +} + +func (r *CommandSide) ChangeIDPConfig(ctx context.Context, config *domain.IDPConfig) (*domain.IDPConfig, error) { + existingIDP, err := r.orgIDPConfigWriteModelByID(ctx, config.IDPConfigID, config.AggregateID) + if err != nil { + return nil, err + } + if existingIDP.State == domain.IDPConfigStateRemoved || existingIDP.State == domain.IDPConfigStateUnspecified { + return nil, caos_errs.ThrowNotFound(nil, "Org-4M9so", "Errors.Org.IDPConfig.NotExisting") + } + + changedEvent, hasChanged := existingIDP.NewChangedEvent(ctx, config.IDPConfigID, config.Name, config.StylingType) + if !hasChanged { + return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-4M9vs", "Errors.Org.LabelPolicy.NotChanged") + } + orgAgg := OrgAggregateFromWriteModel(&existingIDP.WriteModel) + orgAgg.PushEvents(changedEvent) + + err = r.eventstore.PushAggregate(ctx, existingIDP, orgAgg) + if err != nil { + return nil, err + } + return writeModelToIDPConfig(&existingIDP.IDPConfigWriteModel), nil +} + +func (r *CommandSide) DeactivateIDPConfig(ctx context.Context, idpID, orgID string) error { + existingIDP, err := r.orgIDPConfigWriteModelByID(ctx, idpID, orgID) + if err != nil { + return err + } + if existingIDP.State != domain.IDPConfigStateActive { + return caos_errs.ThrowPreconditionFailed(nil, "Org-4M9so", "Errors.Org.IDPConfig.NotActive") + } + orgAgg := OrgAggregateFromWriteModel(&existingIDP.WriteModel) + orgAgg.PushEvents(org_repo.NewIDPConfigDeactivatedEvent(ctx, idpID)) + + return r.eventstore.PushAggregate(ctx, existingIDP, orgAgg) +} + +func (r *CommandSide) ReactivateIDPConfig(ctx context.Context, idpID, orgID string) error { + existingIDP, err := r.orgIDPConfigWriteModelByID(ctx, idpID, orgID) + if err != nil { + return err + } + if existingIDP.State != domain.IDPConfigStateInactive { + return caos_errs.ThrowPreconditionFailed(nil, "Org-5Mo0d", "Errors.Org.IDPConfig.NotInactive") + } + orgAgg := OrgAggregateFromWriteModel(&existingIDP.WriteModel) + orgAgg.PushEvents(org_repo.NewIDPConfigReactivatedEvent(ctx, idpID)) + + return r.eventstore.PushAggregate(ctx, existingIDP, orgAgg) +} + +func (r *CommandSide) RemoveIDPConfig(ctx context.Context, idpID, orgID string) error { + _, err := r.pushIDPWriteModel(ctx, idpID, orgID, func(a *org.Aggregate, _ *OrgIDPConfigWriteModel) *org.Aggregate { + a.Aggregate = *a.PushEvents(org_repo.NewIDPConfigRemovedEvent(ctx, idpID)) + return a + }) + return err +} + +func (r *CommandSide) pushIDPWriteModel(ctx context.Context, idpID, orgID string, eventSetter func(*org.Aggregate, *OrgIDPConfigWriteModel) *org.Aggregate) (*OrgIDPConfigWriteModel, error) { + writeModel := NewOrgIDPConfigWriteModel(idpID, orgID) + err := r.eventstore.FilterToQueryReducer(ctx, writeModel) + if err != nil { + return nil, err + } + + aggregate := eventSetter(OrgAggregateFromWriteModel(&writeModel.WriteModel), writeModel) + err = r.eventstore.PushAggregate(ctx, writeModel, aggregate) + if err != nil { + return nil, err + } + + return writeModel, nil +} + +func (r *CommandSide) orgIDPConfigWriteModelByID(ctx context.Context, idpID, orgID string) (policy *OrgIDPConfigWriteModel, err error) { + ctx, span := tracing.NewSpan(ctx) + defer func() { span.EndWithError(err) }() + + writeModel := NewOrgIDPConfigWriteModel(idpID, orgID) + err = r.eventstore.FilterToQueryReducer(ctx, writeModel) + if err != nil { + return nil, err + } + return writeModel, nil +} diff --git a/internal/v2/command/org_idp_config_model.go b/internal/v2/command/org_idp_config_model.go new file mode 100644 index 0000000000..19770d262d --- /dev/null +++ b/internal/v2/command/org_idp_config_model.go @@ -0,0 +1,107 @@ +package command + +import ( + "context" + + "github.com/caos/zitadel/internal/eventstore/v2" + "github.com/caos/zitadel/internal/v2/domain" + "github.com/caos/zitadel/internal/v2/repository/idpconfig" + "github.com/caos/zitadel/internal/v2/repository/org" +) + +type OrgIDPConfigWriteModel struct { + IDPConfigWriteModel +} + +func NewOrgIDPConfigWriteModel(configID, orgID string) *OrgIDPConfigWriteModel { + return &OrgIDPConfigWriteModel{ + IDPConfigWriteModel{ + WriteModel: eventstore.WriteModel{ + AggregateID: orgID, + ResourceOwner: orgID, + }, + ConfigID: configID, + }, + } +} + +func (wm *OrgIDPConfigWriteModel) Query() *eventstore.SearchQueryBuilder { + return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType). + AggregateIDs(wm.AggregateID). + ResourceOwner(wm.ResourceOwner) +} + +func (wm *OrgIDPConfigWriteModel) AppendEvents(events ...eventstore.EventReader) { + for _, event := range events { + switch e := event.(type) { + case *org.IDPConfigAddedEvent: + if wm.ConfigID != e.ConfigID { + continue + } + wm.IDPConfigWriteModel.AppendEvents(&e.IDPConfigAddedEvent) + case *org.IDPConfigChangedEvent: + if wm.ConfigID != e.ConfigID { + continue + } + wm.IDPConfigWriteModel.AppendEvents(&e.IDPConfigChangedEvent) + case *org.IDPConfigDeactivatedEvent: + if wm.ConfigID != e.ConfigID { + continue + } + wm.IDPConfigWriteModel.AppendEvents(&e.IDPConfigDeactivatedEvent) + case *org.IDPConfigReactivatedEvent: + if wm.ConfigID != e.ConfigID { + continue + } + wm.IDPConfigWriteModel.AppendEvents(&e.IDPConfigReactivatedEvent) + case *org.IDPConfigRemovedEvent: + if wm.ConfigID != e.ConfigID { + continue + } + wm.IDPConfigWriteModel.AppendEvents(&e.IDPConfigRemovedEvent) + case *org.IDPOIDCConfigAddedEvent: + if wm.ConfigID != e.IDPConfigID { + continue + } + wm.IDPConfigWriteModel.AppendEvents(&e.OIDCConfigAddedEvent) + case *org.IDPOIDCConfigChangedEvent: + if wm.ConfigID != e.IDPConfigID { + continue + } + wm.IDPConfigWriteModel.AppendEvents(&e.OIDCConfigChangedEvent) + } + } +} + +func (wm *OrgIDPConfigWriteModel) Reduce() error { + return wm.IDPConfigWriteModel.Reduce() +} + +func (wm *OrgIDPConfigWriteModel) AppendAndReduce(events ...eventstore.EventReader) error { + wm.AppendEvents(events...) + return wm.Reduce() +} + +func (wm *OrgIDPConfigWriteModel) NewChangedEvent( + ctx context.Context, + configID, + name string, + stylingType domain.IDPConfigStylingType, +) (*org.IDPConfigChangedEvent, bool) { + + changes := make([]idpconfig.IDPConfigChanges, 0) + if wm.Name != name { + changes = append(changes, idpconfig.ChangeName(name)) + } + if stylingType.Valid() && wm.StylingType != stylingType { + changes = append(changes, idpconfig.ChangeStyleType(stylingType)) + } + if len(changes) == 0 { + return nil, false + } + changeEvent, err := org.NewIDPConfigChangedEvent(ctx, configID, changes) + if err != nil { + return nil, false + } + return changeEvent, true +} diff --git a/internal/v2/command/org_idp_oidc_config.go b/internal/v2/command/org_idp_oidc_config.go new file mode 100644 index 0000000000..851fb5e5fc --- /dev/null +++ b/internal/v2/command/org_idp_oidc_config.go @@ -0,0 +1,46 @@ +package command + +import ( + "context" + caos_errs "github.com/caos/zitadel/internal/errors" + "github.com/caos/zitadel/internal/v2/domain" +) + +func (r *CommandSide) ChangeIDPOIDCConfig(ctx context.Context, config *domain.OIDCIDPConfig) (*domain.OIDCIDPConfig, error) { + existingConfig := NewOrgIDPOIDCConfigWriteModel(config.IDPConfigID, config.AggregateID) + err := r.eventstore.FilterToQueryReducer(ctx, existingConfig) + if err != nil { + return nil, err + } + + if existingConfig.State == domain.IDPConfigStateRemoved || existingConfig.State == domain.IDPConfigStateUnspecified { + return nil, caos_errs.ThrowAlreadyExists(nil, "Org-67J9d", "Errors.Org.IDPConfig.AlreadyExists") + } + + changedEvent, hasChanged, err := existingConfig.NewChangedEvent( + ctx, + config.IDPConfigID, + config.ClientID, + config.Issuer, + config.ClientSecretString, + r.idpConfigSecretCrypto, + config.IDPDisplayNameMapping, + config.UsernameMapping, + config.Scopes...) + if err != nil { + return nil, err + } + if !hasChanged { + return nil, caos_errs.ThrowPreconditionFailed(nil, "Org-4M9vs", "Errors.Org.LabelPolicy.NotChanged") + } + + orgAgg := OrgAggregateFromWriteModel(&existingConfig.WriteModel) + orgAgg.PushEvents(changedEvent) + + err = r.eventstore.PushAggregate(ctx, existingConfig, orgAgg) + if err != nil { + return nil, err + } + + return writeModelToIDPOIDCConfig(&existingConfig.OIDCConfigWriteModel), nil +} diff --git a/internal/v2/command/org_idp_oidc_config_model.go b/internal/v2/command/org_idp_oidc_config_model.go new file mode 100644 index 0000000000..e2cbc455b9 --- /dev/null +++ b/internal/v2/command/org_idp_oidc_config_model.go @@ -0,0 +1,122 @@ +package command + +import ( + "context" + "reflect" + + "github.com/caos/zitadel/internal/crypto" + "github.com/caos/zitadel/internal/eventstore/v2" + "github.com/caos/zitadel/internal/v2/domain" + "github.com/caos/zitadel/internal/v2/repository/idpconfig" + "github.com/caos/zitadel/internal/v2/repository/org" +) + +type IDPOIDCConfigWriteModel struct { + OIDCConfigWriteModel +} + +func NewOrgIDPOIDCConfigWriteModel(idpConfigID, orgID string) *IDPOIDCConfigWriteModel { + return &IDPOIDCConfigWriteModel{ + OIDCConfigWriteModel{ + WriteModel: eventstore.WriteModel{ + AggregateID: orgID, + ResourceOwner: orgID, + }, + IDPConfigID: idpConfigID, + }, + } +} + +func (wm *IDPOIDCConfigWriteModel) AppendEvents(events ...eventstore.EventReader) { + for _, event := range events { + switch e := event.(type) { + case *org.IDPOIDCConfigAddedEvent: + if wm.IDPConfigID != e.IDPConfigID { + continue + } + wm.OIDCConfigWriteModel.AppendEvents(&e.OIDCConfigAddedEvent) + case *org.IDPOIDCConfigChangedEvent: + if wm.IDPConfigID != e.IDPConfigID { + continue + } + wm.OIDCConfigWriteModel.AppendEvents(&e.OIDCConfigChangedEvent) + case *org.IDPConfigReactivatedEvent: + if wm.IDPConfigID != e.ConfigID { + continue + } + wm.OIDCConfigWriteModel.AppendEvents(&e.IDPConfigReactivatedEvent) + case *org.IDPConfigDeactivatedEvent: + if wm.IDPConfigID != e.ConfigID { + continue + } + wm.OIDCConfigWriteModel.AppendEvents(&e.IDPConfigDeactivatedEvent) + case *org.IDPConfigRemovedEvent: + if wm.IDPConfigID != e.ConfigID { + continue + } + wm.OIDCConfigWriteModel.AppendEvents(&e.IDPConfigRemovedEvent) + default: + wm.OIDCConfigWriteModel.AppendEvents(e) + } + } +} + +func (wm *IDPOIDCConfigWriteModel) Reduce() error { + if err := wm.OIDCConfigWriteModel.Reduce(); err != nil { + return err + } + return wm.WriteModel.Reduce() +} + +func (wm *IDPOIDCConfigWriteModel) Query() *eventstore.SearchQueryBuilder { + return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, org.AggregateType). + AggregateIDs(wm.AggregateID). + ResourceOwner(wm.ResourceOwner) +} + +func (wm *IDPOIDCConfigWriteModel) NewChangedEvent( + ctx context.Context, + idpConfigID, + clientID, + issuer, + clientSecretString string, + secretCrypto crypto.Crypto, + idpDisplayNameMapping, + userNameMapping domain.OIDCMappingField, + scopes ...string, +) (*org.IDPOIDCConfigChangedEvent, bool, error) { + + changes := make([]idpconfig.OIDCConfigChanges, 0) + var clientSecret *crypto.CryptoValue + var err error + if clientSecretString != "" { + clientSecret, err = crypto.Crypt([]byte(clientSecretString), secretCrypto) + if err != nil { + return nil, false, err + } + changes = append(changes, idpconfig.ChangeClientSecret(clientSecret)) + } + if wm.ClientID != clientID { + changes = append(changes, idpconfig.ChangeClientID(clientID)) + } + if wm.Issuer != issuer { + changes = append(changes, idpconfig.ChangeIssuer(issuer)) + } + if idpDisplayNameMapping.Valid() && wm.IDPDisplayNameMapping != idpDisplayNameMapping { + changes = append(changes, idpconfig.ChangeIDPDisplayNameMapping(idpDisplayNameMapping)) + } + if userNameMapping.Valid() && wm.UserNameMapping != userNameMapping { + changes = append(changes, idpconfig.ChangeUserNameMapping(userNameMapping)) + } + if reflect.DeepEqual(wm.Scopes, scopes) { + changes = append(changes, idpconfig.ChangeScopes(scopes)) + } + if len(changes) == 0 { + return nil, false, nil + } + changeEvent, err := org.NewIDPOIDCConfigChangedEvent(ctx, idpConfigID, changes) + if err != nil { + return nil, false, err + } + return changeEvent, true, nil +} diff --git a/internal/v2/domain/oidc_mapping_field.go b/internal/v2/domain/oidc_mapping_field.go index 61b2fb1968..1eb17dccfd 100644 --- a/internal/v2/domain/oidc_mapping_field.go +++ b/internal/v2/domain/oidc_mapping_field.go @@ -3,7 +3,8 @@ package domain type OIDCMappingField int32 const ( - OIDCMappingFieldPreferredLoginName OIDCMappingField = iota + 1 + OIDCMappingFieldUnspecified OIDCMappingField = iota + OIDCMappingFieldPreferredLoginName OIDCMappingFieldEmail // count is for validation purposes oidcMappingFieldCount diff --git a/internal/v2/query/idp_config_model.go b/internal/v2/query/idp_config_model.go index f3b6cb25d4..a0e51e2331 100644 --- a/internal/v2/query/idp_config_model.go +++ b/internal/v2/query/idp_config_model.go @@ -80,11 +80,11 @@ func (rm *IDPConfigReadModel) reduceConfigAddedEvent(e *idpconfig.IDPConfigAdded } func (rm *IDPConfigReadModel) reduceConfigChangedEvent(e *idpconfig.IDPConfigChangedEvent) { - if e.Name != "" { - rm.Name = e.Name + if e.Name != nil { + rm.Name = *e.Name } - if e.StylingType.Valid() { - rm.StylingType = e.StylingType + if e.StylingType != nil && e.StylingType.Valid() { + rm.StylingType = *e.StylingType } } diff --git a/internal/v2/query/oidc_config_model.go b/internal/v2/query/oidc_config_model.go index 2038e1a93a..763119cd1e 100644 --- a/internal/v2/query/oidc_config_model.go +++ b/internal/v2/query/oidc_config_model.go @@ -43,19 +43,19 @@ func (rm *OIDCConfigReadModel) reduceConfigAddedEvent(e *idpconfig.OIDCConfigAdd } func (rm *OIDCConfigReadModel) reduceConfigChangedEvent(e *idpconfig.OIDCConfigChangedEvent) { - if e.ClientID != "" { - rm.ClientID = e.ClientID + if e.ClientID != nil { + rm.ClientID = *e.ClientID } - if e.Issuer != "" { - rm.Issuer = e.Issuer + if e.Issuer != nil { + rm.Issuer = *e.Issuer } if len(e.Scopes) > 0 { rm.Scopes = e.Scopes } - if e.IDPDisplayNameMapping.Valid() { - rm.IDPDisplayNameMapping = e.IDPDisplayNameMapping + if e.IDPDisplayNameMapping != nil && e.IDPDisplayNameMapping.Valid() { + rm.IDPDisplayNameMapping = *e.IDPDisplayNameMapping } - if e.UserNameMapping.Valid() { - rm.UserNameMapping = e.UserNameMapping + if e.UserNameMapping != nil && e.UserNameMapping.Valid() { + rm.UserNameMapping = *e.UserNameMapping } } diff --git a/internal/v2/repository/iam/idp_config.go b/internal/v2/repository/iam/idp_config.go index 05207b27b5..fe14732dc0 100644 --- a/internal/v2/repository/iam/idp_config.go +++ b/internal/v2/repository/iam/idp_config.go @@ -2,6 +2,7 @@ package iam import ( "context" + "github.com/caos/zitadel/internal/eventstore/v2" "github.com/caos/zitadel/internal/eventstore/v2/repository" "github.com/caos/zitadel/internal/v2/domain" @@ -57,12 +58,18 @@ type IDPConfigChangedEvent struct { func NewIDPConfigChangedEvent( ctx context.Context, -) *IDPConfigChangedEvent { - return &IDPConfigChangedEvent{ - IDPConfigChangedEvent: *idpconfig.NewIDPConfigChangedEvent( - eventstore.NewBaseEventForPush(ctx, IDPConfigChangedEventType), - ), + configID string, + changes []idpconfig.IDPConfigChanges, +) (*IDPConfigChangedEvent, error) { + changeEvent, err := idpconfig.NewIDPConfigChangedEvent( + eventstore.NewBaseEventForPush(ctx, IDPConfigChangedEventType), + configID, + changes, + ) + if err != nil { + return nil, err } + return &IDPConfigChangedEvent{IDPConfigChangedEvent: *changeEvent}, nil } func IDPConfigChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) { diff --git a/internal/v2/repository/iam/idp_oidc_config.go b/internal/v2/repository/iam/idp_oidc_config.go index 737f7d9351..d1e9bbc89f 100644 --- a/internal/v2/repository/iam/idp_oidc_config.go +++ b/internal/v2/repository/iam/idp_oidc_config.go @@ -2,6 +2,7 @@ package iam import ( "context" + "github.com/caos/zitadel/internal/crypto" "github.com/caos/zitadel/internal/eventstore/v2" "github.com/caos/zitadel/internal/eventstore/v2/repository" @@ -61,12 +62,18 @@ type IDPOIDCConfigChangedEvent struct { func NewIDPOIDCConfigChangedEvent( ctx context.Context, -) *IDPOIDCConfigChangedEvent { - return &IDPOIDCConfigChangedEvent{ - OIDCConfigChangedEvent: *idpconfig.NewOIDCConfigChangedEvent( - eventstore.NewBaseEventForPush(ctx, IDPOIDCConfigChangedEventType), - ), + idpConfigID string, + changes []idpconfig.OIDCConfigChanges, +) (*IDPOIDCConfigChangedEvent, error) { + changeEvent, err := idpconfig.NewOIDCConfigChangedEvent( + eventstore.NewBaseEventForPush(ctx, IDPOIDCConfigChangedEventType), + idpConfigID, + changes, + ) + if err != nil { + return nil, err } + return &IDPOIDCConfigChangedEvent{OIDCConfigChangedEvent: *changeEvent}, nil } func IDPOIDCConfigChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) { diff --git a/internal/v2/repository/idpconfig/idp_config.go b/internal/v2/repository/idpconfig/idp_config.go index 6541e5a666..717bfa08cd 100644 --- a/internal/v2/repository/idpconfig/idp_config.go +++ b/internal/v2/repository/idpconfig/idp_config.go @@ -2,6 +2,7 @@ package idpconfig import ( "encoding/json" + "github.com/caos/zitadel/internal/errors" "github.com/caos/zitadel/internal/eventstore/v2" "github.com/caos/zitadel/internal/eventstore/v2/repository" @@ -54,9 +55,9 @@ func IDPConfigAddedEventMapper(event *repository.Event) (eventstore.EventReader, type IDPConfigChangedEvent struct { eventstore.BaseEvent `json:"-"` - ConfigID string `json:"idpConfigId"` - Name string `json:"name,omitempty"` - StylingType domain.IDPConfigStylingType `json:"stylingType,omitempty"` + ConfigID string `json:"idpConfigId"` + Name *string `json:"name,omitempty"` + StylingType *domain.IDPConfigStylingType `json:"stylingType,omitempty"` } func (e *IDPConfigChangedEvent) Data() interface{} { @@ -65,9 +66,33 @@ func (e *IDPConfigChangedEvent) Data() interface{} { func NewIDPConfigChangedEvent( base *eventstore.BaseEvent, -) *IDPConfigChangedEvent { - return &IDPConfigChangedEvent{ + configID string, + changes []IDPConfigChanges, +) (*IDPConfigChangedEvent, error) { + if len(changes) == 0 { + return nil, errors.ThrowPreconditionFailed(nil, "IDPCONFIG-Dsg21", "Errors.NoChangesFound") + } + changeEvent := &IDPConfigChangedEvent{ BaseEvent: *base, + ConfigID: configID, + } + for _, change := range changes { + change(changeEvent) + } + return changeEvent, nil +} + +type IDPConfigChanges func(*IDPConfigChangedEvent) + +func ChangeName(name string) func(*IDPConfigChangedEvent) { + return func(e *IDPConfigChangedEvent) { + e.Name = &name + } +} + +func ChangeStyleType(styleType domain.IDPConfigStylingType) func(*IDPConfigChangedEvent) { + return func(e *IDPConfigChangedEvent) { + e.StylingType = &styleType } } @@ -87,7 +112,7 @@ func IDPConfigChangedEventMapper(event *repository.Event) (eventstore.EventReade type IDPConfigDeactivatedEvent struct { eventstore.BaseEvent `json:"-"` - ConfigID string `idpConfigId` + ConfigID string `json:"idpConfigId"` } func NewIDPConfigDeactivatedEvent( @@ -121,7 +146,7 @@ func IDPConfigDeactivatedEventMapper(event *repository.Event) (eventstore.EventR type IDPConfigReactivatedEvent struct { eventstore.BaseEvent `json:"-"` - ConfigID string `idpConfigId` + ConfigID string `json:"idpConfigId"` } func NewIDPConfigReactivatedEvent( @@ -155,7 +180,7 @@ func IDPConfigReactivatedEventMapper(event *repository.Event) (eventstore.EventR type IDPConfigRemovedEvent struct { eventstore.BaseEvent `json:"-"` - ConfigID string `idpConfigId` + ConfigID string `json:"idpConfigId"` } func NewIDPConfigRemovedEvent( diff --git a/internal/v2/repository/idpconfig/oidc_config.go b/internal/v2/repository/idpconfig/oidc_config.go index 54b6a09065..24b2997e9d 100644 --- a/internal/v2/repository/idpconfig/oidc_config.go +++ b/internal/v2/repository/idpconfig/oidc_config.go @@ -2,6 +2,7 @@ package idpconfig import ( "encoding/json" + "github.com/caos/zitadel/internal/crypto" "github.com/caos/zitadel/internal/errors" "github.com/caos/zitadel/internal/eventstore/v2" @@ -72,13 +73,13 @@ type OIDCConfigChangedEvent struct { IDPConfigID string `json:"idpConfigId"` - ClientID string `json:"clientId,omitempty"` + ClientID *string `json:"clientId,omitempty"` ClientSecret *crypto.CryptoValue `json:"clientSecret,omitempty"` - Issuer string `json:"issuer,omitempty"` + Issuer *string `json:"issuer,omitempty"` Scopes []string `json:"scpoes,omitempty"` - IDPDisplayNameMapping domain.OIDCMappingField `json:"idpDisplayNameMapping,omitempty"` - UserNameMapping domain.OIDCMappingField `json:"usernameMapping,omitempty"` + IDPDisplayNameMapping *domain.OIDCMappingField `json:"idpDisplayNameMapping,omitempty"` + UserNameMapping *domain.OIDCMappingField `json:"usernameMapping,omitempty"` } func (e *OIDCConfigChangedEvent) Data() interface{} { @@ -87,9 +88,57 @@ func (e *OIDCConfigChangedEvent) Data() interface{} { func NewOIDCConfigChangedEvent( base *eventstore.BaseEvent, -) *OIDCConfigChangedEvent { - return &OIDCConfigChangedEvent{ - BaseEvent: *base, + idpConfigID string, + changes []OIDCConfigChanges, +) (*OIDCConfigChangedEvent, error) { + if len(changes) == 0 { + return nil, errors.ThrowPreconditionFailed(nil, "IDPCONFIG-ADzr5", "Errors.NoChangesFound") + } + changeEvent := &OIDCConfigChangedEvent{ + BaseEvent: *base, + IDPConfigID: idpConfigID, + } + for _, change := range changes { + change(changeEvent) + } + return changeEvent, nil +} + +type OIDCConfigChanges func(*OIDCConfigChangedEvent) + +func ChangeClientID(clientID string) func(*OIDCConfigChangedEvent) { + return func(e *OIDCConfigChangedEvent) { + e.ClientID = &clientID + } +} + +func ChangeClientSecret(secret *crypto.CryptoValue) func(*OIDCConfigChangedEvent) { + return func(e *OIDCConfigChangedEvent) { + e.ClientSecret = secret + } +} + +func ChangeIssuer(issuer string) func(*OIDCConfigChangedEvent) { + return func(e *OIDCConfigChangedEvent) { + e.Issuer = &issuer + } +} + +func ChangeIDPDisplayNameMapping(idpDisplayNameMapping domain.OIDCMappingField) func(*OIDCConfigChangedEvent) { + return func(e *OIDCConfigChangedEvent) { + e.IDPDisplayNameMapping = &idpDisplayNameMapping + } +} + +func ChangeUserNameMapping(userNameMapping domain.OIDCMappingField) func(*OIDCConfigChangedEvent) { + return func(e *OIDCConfigChangedEvent) { + e.UserNameMapping = &userNameMapping + } +} + +func ChangeScopes(scopes []string) func(*OIDCConfigChangedEvent) { + return func(e *OIDCConfigChangedEvent) { + e.Scopes = scopes } } diff --git a/internal/v2/repository/org/idp_config.go b/internal/v2/repository/org/idp_config.go new file mode 100644 index 0000000000..61f2029ab1 --- /dev/null +++ b/internal/v2/repository/org/idp_config.go @@ -0,0 +1,168 @@ +package org + +import ( + "context" + "github.com/caos/zitadel/internal/eventstore/v2" + "github.com/caos/zitadel/internal/eventstore/v2/repository" + "github.com/caos/zitadel/internal/v2/domain" + "github.com/caos/zitadel/internal/v2/repository/idpconfig" +) + +const ( + IDPConfigAddedEventType eventstore.EventType = "org.idp.config.added" + IDPConfigChangedEventType eventstore.EventType = "org.idp.config.changed" + IDPConfigRemovedEventType eventstore.EventType = "org.idp.config.removed" + IDPConfigDeactivatedEventType eventstore.EventType = "org.idp.config.deactivated" + IDPConfigReactivatedEventType eventstore.EventType = "org.idp.config.reactivated" +) + +type IDPConfigAddedEvent struct { + idpconfig.IDPConfigAddedEvent +} + +func NewIDPConfigAddedEvent( + ctx context.Context, + configID string, + name string, + configType domain.IDPConfigType, + stylingType domain.IDPConfigStylingType, +) *IDPConfigAddedEvent { + + return &IDPConfigAddedEvent{ + IDPConfigAddedEvent: *idpconfig.NewIDPConfigAddedEvent( + eventstore.NewBaseEventForPush( + ctx, + IDPConfigAddedEventType, + ), + configID, + name, + configType, + stylingType, + ), + } +} + +func IDPConfigAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) { + e, err := idpconfig.IDPConfigAddedEventMapper(event) + if err != nil { + return nil, err + } + + return &IDPConfigAddedEvent{IDPConfigAddedEvent: *e.(*idpconfig.IDPConfigAddedEvent)}, nil +} + +type IDPConfigChangedEvent struct { + idpconfig.IDPConfigChangedEvent +} + +func NewIDPConfigChangedEvent( + ctx context.Context, + configID string, + changes []idpconfig.IDPConfigChanges, +) (*IDPConfigChangedEvent, error) { + changeEvent, err := idpconfig.NewIDPConfigChangedEvent( + eventstore.NewBaseEventForPush(ctx, IDPConfigChangedEventType), + configID, + changes, + ) + if err != nil { + return nil, err + } + return &IDPConfigChangedEvent{IDPConfigChangedEvent: *changeEvent}, nil +} + +func IDPConfigChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) { + e, err := idpconfig.IDPConfigChangedEventMapper(event) + if err != nil { + return nil, err + } + + return &IDPConfigChangedEvent{IDPConfigChangedEvent: *e.(*idpconfig.IDPConfigChangedEvent)}, nil +} + +type IDPConfigRemovedEvent struct { + idpconfig.IDPConfigRemovedEvent +} + +func NewIDPConfigRemovedEvent( + ctx context.Context, + configID string, +) *IDPConfigRemovedEvent { + + return &IDPConfigRemovedEvent{ + IDPConfigRemovedEvent: *idpconfig.NewIDPConfigRemovedEvent( + eventstore.NewBaseEventForPush( + ctx, + IDPConfigRemovedEventType, + ), + configID, + ), + } +} + +func IDPConfigRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) { + e, err := idpconfig.IDPConfigRemovedEventMapper(event) + if err != nil { + return nil, err + } + + return &IDPConfigRemovedEvent{IDPConfigRemovedEvent: *e.(*idpconfig.IDPConfigRemovedEvent)}, nil +} + +type IDPConfigDeactivatedEvent struct { + idpconfig.IDPConfigDeactivatedEvent +} + +func NewIDPConfigDeactivatedEvent( + ctx context.Context, + configID string, +) *IDPConfigDeactivatedEvent { + + return &IDPConfigDeactivatedEvent{ + IDPConfigDeactivatedEvent: *idpconfig.NewIDPConfigDeactivatedEvent( + eventstore.NewBaseEventForPush( + ctx, + IDPConfigDeactivatedEventType, + ), + configID, + ), + } +} + +func IDPConfigDeactivatedEventMapper(event *repository.Event) (eventstore.EventReader, error) { + e, err := idpconfig.IDPConfigDeactivatedEventMapper(event) + if err != nil { + return nil, err + } + + return &IDPConfigDeactivatedEvent{IDPConfigDeactivatedEvent: *e.(*idpconfig.IDPConfigDeactivatedEvent)}, nil +} + +type IDPConfigReactivatedEvent struct { + idpconfig.IDPConfigReactivatedEvent +} + +func NewIDPConfigReactivatedEvent( + ctx context.Context, + configID string, +) *IDPConfigReactivatedEvent { + + return &IDPConfigReactivatedEvent{ + IDPConfigReactivatedEvent: *idpconfig.NewIDPConfigReactivatedEvent( + eventstore.NewBaseEventForPush( + ctx, + IDPConfigReactivatedEventType, + ), + configID, + ), + } +} + +func IDPConfigReactivatedEventMapper(event *repository.Event) (eventstore.EventReader, error) { + e, err := idpconfig.IDPConfigReactivatedEventMapper(event) + if err != nil { + return nil, err + } + + return &IDPConfigReactivatedEvent{IDPConfigReactivatedEvent: *e.(*idpconfig.IDPConfigReactivatedEvent)}, nil +} diff --git a/internal/v2/repository/org/idp_oidc_config.go b/internal/v2/repository/org/idp_oidc_config.go new file mode 100644 index 0000000000..103eade446 --- /dev/null +++ b/internal/v2/repository/org/idp_oidc_config.go @@ -0,0 +1,86 @@ +package org + +import ( + "context" + + "github.com/caos/zitadel/internal/crypto" + "github.com/caos/zitadel/internal/eventstore/v2" + "github.com/caos/zitadel/internal/eventstore/v2/repository" + "github.com/caos/zitadel/internal/v2/domain" + "github.com/caos/zitadel/internal/v2/repository/idpconfig" +) + +const ( + IDPOIDCConfigAddedEventType eventstore.EventType = "org.idp." + idpconfig.OIDCConfigAddedEventType + IDPOIDCConfigChangedEventType eventstore.EventType = "org.idp." + idpconfig.ConfigChangedEventType +) + +type IDPOIDCConfigAddedEvent struct { + idpconfig.OIDCConfigAddedEvent +} + +func NewIDPOIDCConfigAddedEvent( + ctx context.Context, + clientID, + idpConfigID, + issuer string, + clientSecret *crypto.CryptoValue, + idpDisplayNameMapping, + userNameMapping domain.OIDCMappingField, + scopes ...string, +) *IDPOIDCConfigAddedEvent { + + return &IDPOIDCConfigAddedEvent{ + OIDCConfigAddedEvent: *idpconfig.NewOIDCConfigAddedEvent( + eventstore.NewBaseEventForPush( + ctx, + IDPOIDCConfigAddedEventType, + ), + clientID, + idpConfigID, + issuer, + clientSecret, + idpDisplayNameMapping, + userNameMapping, + scopes..., + ), + } +} + +func IDPOIDCConfigAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) { + e, err := idpconfig.OIDCConfigAddedEventMapper(event) + if err != nil { + return nil, err + } + + return &IDPOIDCConfigAddedEvent{OIDCConfigAddedEvent: *e.(*idpconfig.OIDCConfigAddedEvent)}, nil +} + +type IDPOIDCConfigChangedEvent struct { + idpconfig.OIDCConfigChangedEvent +} + +func NewIDPOIDCConfigChangedEvent( + ctx context.Context, + idpConfigID string, + changes []idpconfig.OIDCConfigChanges, +) (*IDPOIDCConfigChangedEvent, error) { + changeEvent, err := idpconfig.NewOIDCConfigChangedEvent( + eventstore.NewBaseEventForPush(ctx, IDPOIDCConfigChangedEventType), + idpConfigID, + changes, + ) + if err != nil { + return nil, err + } + return &IDPOIDCConfigChangedEvent{OIDCConfigChangedEvent: *changeEvent}, nil +} + +func IDPOIDCConfigChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) { + e, err := idpconfig.OIDCConfigChangedEventMapper(event) + if err != nil { + return nil, err + } + + return &IDPOIDCConfigChangedEvent{OIDCConfigChangedEvent: *e.(*idpconfig.OIDCConfigChangedEvent)}, nil +} diff --git a/pkg/grpc/admin/proto/admin.proto b/pkg/grpc/admin/proto/admin.proto index 365cb77e6c..115c99c742 100644 --- a/pkg/grpc/admin/proto/admin.proto +++ b/pkg/grpc/admin/proto/admin.proto @@ -274,7 +274,7 @@ service AdminService { }; } - rpc DeactivateIdpConfig(IdpID) returns (Idp) { + rpc DeactivateIdpConfig(IdpID) returns (google.protobuf.Empty) { option (google.api.http) = { put: "/idps/{id}/_deactivate" body: "*" @@ -285,7 +285,7 @@ service AdminService { }; } - rpc ReactivateIdpConfig(IdpID) returns (Idp) { + rpc ReactivateIdpConfig(IdpID) returns (google.protobuf.Empty) { option (google.api.http) = { put: "/idps/{id}/_reactivate" body: "*" @@ -544,10 +544,9 @@ message UniqueOrgResponse { message Org { string id = 1; OrgState state = 2; - google.protobuf.Timestamp creation_date = 3; - google.protobuf.Timestamp change_date = 4; - string name = 5; - string domain = 6; + google.protobuf.Timestamp change_date = 3; + string name = 4; + string domain = 5; } enum OrgState { @@ -717,8 +716,7 @@ message OrgIamPolicy { bool user_login_must_be_domain = 2; bool default = 3; uint64 sequence = 4; - google.protobuf.Timestamp creation_date = 5; - google.protobuf.Timestamp change_date = 6; + google.protobuf.Timestamp change_date = 5; } message OrgIamPolicyView { @@ -748,8 +746,7 @@ message IamMember { string user_id = 1; repeated string roles = 2; google.protobuf.Timestamp change_date = 3; - google.protobuf.Timestamp creation_date = 4; - uint64 sequence = 5; + uint64 sequence = 4; } message AddIamMemberRequest { @@ -864,14 +861,13 @@ message IdpID { message Idp { string id = 1; IdpState state = 2; - google.protobuf.Timestamp creation_date = 3; - google.protobuf.Timestamp change_date = 4; - string name = 5; - IdpStylingType styling_type = 6; + google.protobuf.Timestamp change_date = 3; + string name = 4; + IdpStylingType styling_type = 5; oneof idp_config { - OidcIdpConfig oidc_config = 7; + OidcIdpConfig oidc_config = 6; } - uint64 sequence = 8; + uint64 sequence = 7; } message IdpUpdate { @@ -976,8 +972,7 @@ enum IdpSearchKey { message DefaultLabelPolicy { string primary_color = 1; string secondary_color = 2; - google.protobuf.Timestamp creation_date = 3; - google.protobuf.Timestamp change_date = 4; + google.protobuf.Timestamp change_date = 3; } message DefaultLabelPolicyUpdate { @@ -996,10 +991,9 @@ message DefaultLoginPolicy { bool allow_username_password = 1; bool allow_register = 2; bool allow_external_idp = 3; - google.protobuf.Timestamp creation_date = 4; - google.protobuf.Timestamp change_date = 5; - bool force_mfa = 6; - PasswordlessType passwordless_type = 7; + google.protobuf.Timestamp change_date = 4; + bool force_mfa = 5; + PasswordlessType passwordless_type = 6; } message DefaultLoginPolicyRequest { @@ -1088,8 +1082,7 @@ message DefaultPasswordComplexityPolicy { bool has_lowercase = 3; bool has_number = 4; bool has_symbol = 5; - google.protobuf.Timestamp creation_date = 6; - google.protobuf.Timestamp change_date = 7; + google.protobuf.Timestamp change_date = 6; } message DefaultPasswordComplexityPolicyRequest { @@ -1113,8 +1106,7 @@ message DefaultPasswordComplexityPolicyView { message DefaultPasswordAgePolicy { uint64 max_age_days = 1; uint64 expire_warn_days = 2; - google.protobuf.Timestamp creation_date = 3; - google.protobuf.Timestamp change_date = 4; + google.protobuf.Timestamp change_date = 3; } message DefaultPasswordAgePolicyRequest { @@ -1132,8 +1124,7 @@ message DefaultPasswordAgePolicyView { message DefaultPasswordLockoutPolicy { uint64 max_attempts = 1; bool show_lockout_failure = 2; - google.protobuf.Timestamp creation_date = 3; - google.protobuf.Timestamp change_date = 4; + google.protobuf.Timestamp change_date = 3; } message DefaultPasswordLockoutPolicyRequest { diff --git a/pkg/grpc/management/proto/management.proto b/pkg/grpc/management/proto/management.proto index 120921c668..1b211ab8c5 100644 --- a/pkg/grpc/management/proto/management.proto +++ b/pkg/grpc/management/proto/management.proto @@ -1265,7 +1265,7 @@ service ManagementService { }; } - rpc DeactivateIdpConfig(IdpID) returns (Idp) { + rpc DeactivateIdpConfig(IdpID) returns (google.protobuf.Empty) { option (google.api.http) = { put: "/orgs/me/idps/{id}/_deactivate" body: "*" @@ -1276,7 +1276,7 @@ service ManagementService { }; } - rpc ReactivateIdpConfig(IdpID) returns (Idp) { + rpc ReactivateIdpConfig(IdpID) returns (google.protobuf.Empty) { option (google.api.http) = { put: "/orgs/me/idps/{id}/_reactivate" body: "*" @@ -2126,10 +2126,9 @@ message OrgCreateRequest { message Org { string id = 1; OrgState state = 2; - google.protobuf.Timestamp creation_date = 3; - google.protobuf.Timestamp change_date = 4; - string name = 5; - uint64 sequence = 6; + google.protobuf.Timestamp change_date = 3; + string name = 4; + uint64 sequence = 5; } message OrgView { @@ -2153,12 +2152,11 @@ message Domain { message OrgDomain { string org_id = 1; - google.protobuf.Timestamp creation_date = 2; - google.protobuf.Timestamp change_date = 3; - string domain = 4; - bool verified = 5; - bool primary = 6; - uint64 sequence = 7; + google.protobuf.Timestamp change_date = 2; + string domain = 3; + bool verified = 4; + bool primary = 5; + uint64 sequence = 6; } message OrgDomainView { @@ -2238,8 +2236,7 @@ message OrgMember { string user_id = 1; repeated string roles = 2; google.protobuf.Timestamp change_date = 3; - google.protobuf.Timestamp creation_date = 4; - uint64 sequence = 5; + uint64 sequence = 4; } message AddOrgMemberRequest { @@ -2986,14 +2983,13 @@ message IdpID { message Idp { string id = 1; IdpState state = 2; - google.protobuf.Timestamp creation_date = 3; - google.protobuf.Timestamp change_date = 4; - string name = 5; - IdpStylingType styling_type = 6; + google.protobuf.Timestamp change_date = 3; + string name = 4; + IdpStylingType styling_type = 5; oneof idp_config { - OidcIdpConfig oidc_config = 7; + OidcIdpConfig oidc_config = 6; } - uint64 sequence = 8; + uint64 sequence = 7; } message IdpUpdate { @@ -3103,10 +3099,9 @@ message LoginPolicy { bool allow_username_password = 1; bool allow_register = 2; bool allow_external_idp = 3; - google.protobuf.Timestamp creation_date = 4; - google.protobuf.Timestamp change_date = 5; - bool force_mfa = 6; - PasswordlessType passwordless_type = 7; + google.protobuf.Timestamp change_date = 4; + bool force_mfa = 5; + PasswordlessType passwordless_type = 6; } message LoginPolicyRequest { @@ -3252,8 +3247,7 @@ message PasswordComplexityPolicy { bool has_number = 4; bool has_symbol = 5; uint64 sequence = 6; - google.protobuf.Timestamp creation_date = 7; - google.protobuf.Timestamp change_date = 8; + google.protobuf.Timestamp change_date = 7; } message PasswordComplexityPolicyRequest { @@ -3280,8 +3274,7 @@ message PasswordAgePolicy { uint64 max_age_days = 1; uint64 expire_warn_days = 2; uint64 sequence = 3; - google.protobuf.Timestamp creation_date = 4; - google.protobuf.Timestamp change_date = 5; + google.protobuf.Timestamp change_date = 4; } message PasswordAgePolicyRequest { @@ -3302,8 +3295,7 @@ message PasswordLockoutPolicy { uint64 max_attempts = 1; bool show_lockout_failure = 2; uint64 sequence = 3; - google.protobuf.Timestamp creation_date = 4; - google.protobuf.Timestamp change_date = 5; + google.protobuf.Timestamp change_date = 4; } message PasswordLockoutPolicyRequest {