Merge branch 'main' into integration-tests

zitadel · Apr 27, 2023 · 11ab645 · 11ab645
2 parents bd3820c + 86f4477
commit 11ab645
Show file tree

Hide file tree

Showing 104 changed files with 5,069 additions and 729 deletions.
diff --git a/.releaserc.js b/.releaserc.js
@@ -1,7 +1,6 @@
 module.exports = {
     branches: [
         {name: 'main', channel: 'next'},
-        {name: '1.87.x', range: '1.87.x', channel: '1.87.x'},
         {name: 'next', prerelease: true}
     ],
     plugins: [

diff --git a/build/grpc/Dockerfile b/build/grpc/Dockerfile
@@ -16,11 +16,11 @@ ENV PROTOC_ARCH x86_64
 ## protoc and protoc-gen-grpc-web for later use
 #######################
 FROM ${BUILDARCH}-base
-ARG PROTOC_VERSION=3.18.0
+ARG PROTOC_VERSION=22.3
 ARG PROTOC_ZIP=protoc-${PROTOC_VERSION}-linux-${PROTOC_ARCH}.zip
 ARG GRPC_WEB_VERSION=1.3.0
-ARG GATEWAY_VERSION=2.15.1
-ARG VALIDATOR_VERSION=0.6.2
+ARG GATEWAY_VERSION=2.15.2
+ARG VALIDATOR_VERSION=0.10.1
 # no arm specific version available and x86 works fine at the moment:
 ARG GRPC_WEB=protoc-gen-grpc-web-${GRPC_WEB_VERSION}-linux-x86_64
 

diff --git a/build/zitadel/Dockerfile b/build/zitadel/Dockerfile
@@ -73,7 +73,6 @@ COPY --from=go-stub /go/src/github.com/zitadel/zitadel/openapi/statik/statik.go
 COPY --from=go-stub /go/src/github.com/zitadel/zitadel/pkg/grpc pkg/grpc
 COPY --from=go-stub /go/src/github.com/zitadel/zitadel/openapi/v2/zitadel openapi/v2/zitadel
 COPY --from=go-stub /go/src/github.com/zitadel/zitadel/openapi/statik/statik.go openapi/statik/statik.go
-COPY --from=go-stub /go/src/github.com/zitadel/zitadel/internal/protoc/protoc-gen-authoption/templates.gen.go internal/protoc/protoc-gen-authoption/templates.gen.go
 COPY --from=go-stub /go/src/github.com/zitadel/zitadel/internal/protoc/protoc-gen-authoption/authoption/options.pb.go internal/protoc/protoc-gen-authoption/authoption/options.pb.go
 COPY --from=go-stub /go/src/github.com/zitadel/zitadel/docs/apis/proto docs/docs/apis/proto
 COPY --from=go-stub /go/src/github.com/zitadel/zitadel/docs/apis/assets docs/docs/apis/assets

diff --git a/build/zitadel/generate-grpc.sh b/build/zitadel/generate-grpc.sh
@@ -15,17 +15,11 @@ protoc \
   -I=/proto/include/ \
   --go_out $GOPATH/src \
   --go-grpc_out $GOPATH/src \
+  --validate_out=lang=go:${GOPATH}/src \
   $(find ${PROTO_PATH} -iname *.proto)
 
-# generate authoptions code from templates
-go-bindata \
-  -pkg main \
-  -prefix internal/protoc/protoc-gen-authoption \
-  -o ${ZITADEL_PATH}/internal/protoc/protoc-gen-authoption/templates.gen.go \
-  ${ZITADEL_PATH}/internal/protoc/protoc-gen-authoption/templates
-
 # install authoption proto compiler
-go install ${ZITADEL_PATH}/internal/protoc/protoc-gen-authoption
+go install ${ZITADEL_PATH}/internal/protoc/protoc-gen-auth
 
 # output folder for openapi v2
 mkdir -p ${OPENAPI_PATH}
@@ -39,28 +33,20 @@ protoc \
   --grpc-gateway_opt logtostderr=true \
   --openapiv2_out ${OPENAPI_PATH} \
   --openapiv2_opt logtostderr=true \
-  --authoption_out ${GRPC_PATH}/system \
+  --auth_out ${GOPATH}/src \
   --validate_out=lang=go:${GOPATH}/src \
   ${PROTO_PATH}/system.proto
 
-# authoptions are generated into the wrong folder
-mv ${ZITADEL_PATH}/pkg/grpc/system/zitadel/* ${ZITADEL_PATH}/pkg/grpc/system
-rm -r ${ZITADEL_PATH}/pkg/grpc/system/zitadel
-
 protoc \
   -I=/proto/include \
   --grpc-gateway_out ${GOPATH}/src \
   --grpc-gateway_opt logtostderr=true \
   --openapiv2_out ${OPENAPI_PATH} \
   --openapiv2_opt logtostderr=true \
-  --authoption_out ${GRPC_PATH}/admin \
+  --auth_out ${GOPATH}/src \
   --validate_out=lang=go:${GOPATH}/src \
   ${PROTO_PATH}/admin.proto
 
-# authoptions are generated into the wrong folder
-mv ${ZITADEL_PATH}/pkg/grpc/admin/zitadel/* ${ZITADEL_PATH}/pkg/grpc/admin
-rm -r ${ZITADEL_PATH}/pkg/grpc/admin/zitadel
-
 protoc \
   -I=/proto/include \
   --grpc-gateway_out ${GOPATH}/src \
@@ -69,14 +55,10 @@ protoc \
   --openapiv2_out ${OPENAPI_PATH} \
   --openapiv2_opt logtostderr=true \
   --openapiv2_opt allow_delete_body=true \
-  --authoption_out ${GRPC_PATH}/management \
+  --auth_out ${GOPATH}/src \
   --validate_out=lang=go:${GOPATH}/src \
   ${PROTO_PATH}/management.proto
 
-# authoptions are generated into the wrong folder
-mv ${ZITADEL_PATH}/pkg/grpc/management/zitadel/* ${ZITADEL_PATH}/pkg/grpc/management
-rm -r ${ZITADEL_PATH}/pkg/grpc/management/zitadel
-
 protoc \
   -I=/proto/include \
   --grpc-gateway_out ${GOPATH}/src \
@@ -85,14 +67,10 @@ protoc \
   --openapiv2_out ${OPENAPI_PATH} \
   --openapiv2_opt logtostderr=true \
   --openapiv2_opt allow_delete_body=true \
-  --authoption_out=${GRPC_PATH}/auth \
+  --auth_out=${GOPATH}/src \
   --validate_out=lang=go:${GOPATH}/src \
   ${PROTO_PATH}/auth.proto
 
-# authoptions are generated into the wrong folder
-mv ${ZITADEL_PATH}/pkg/grpc/auth/zitadel/* ${ZITADEL_PATH}/pkg/grpc/auth
-rm -r ${ZITADEL_PATH}/pkg/grpc/auth/zitadel
-
 protoc \
   -I=/proto/include \
   --grpc-gateway_out ${GOPATH}/src \
@@ -101,14 +79,10 @@ protoc \
   --openapiv2_out ${OPENAPI_PATH} \
   --openapiv2_opt logtostderr=true \
   --openapiv2_opt allow_delete_body=true \
-  --authoption_out=${GRPC_PATH}/user \
+  --auth_out=${GOPATH}/src \
   --validate_out=lang=go:${GOPATH}/src \
   ${PROTO_PATH}/user/v2alpha/user_service.proto
 
-# authoptions are generated into the wrong folder
-cp -r ${ZITADEL_PATH}/pkg/grpc/user/zitadel/* ${ZITADEL_PATH}/pkg/grpc
-rm -r ${ZITADEL_PATH}/pkg/grpc/user/zitadel
-
 protoc \
   -I=/proto/include \
   --grpc-gateway_out ${GOPATH}/src \
@@ -117,12 +91,8 @@ protoc \
   --openapiv2_out ${OPENAPI_PATH} \
   --openapiv2_opt logtostderr=true \
   --openapiv2_opt allow_delete_body=true \
-  --authoption_out=${GRPC_PATH}/session \
+  --auth_out=${GOPATH}/src \
   --validate_out=lang=go:${GOPATH}/src \
   ${PROTO_PATH}/session/v2alpha/session_service.proto
 
-# authoptions are generated into the wrong folder
-cp -r ${ZITADEL_PATH}/pkg/grpc/session/zitadel/* ${ZITADEL_PATH}/pkg/grpc
-rm -r ${ZITADEL_PATH}/pkg/grpc/session/zitadel
-
 echo "done generating grpc"
diff --git a/cmd/defaults.yaml b/cmd/defaults.yaml
@@ -321,6 +321,8 @@ SystemDefaults:
     ApplicationKeySize: 2048
   Multifactors:
     OTP:
+      # If this is empty, the issuer is the requested domain
+      # This is helpful in scenarios with multiple ZITADEL environments or virtual instances
       Issuer: "ZITADEL"
   DomainVerification:
     VerificationGenerator:

diff --git a/cmd/setup/03.go b/cmd/setup/03.go
@@ -76,6 +76,7 @@ func (mig *FirstInstance) Execute(ctx context.Context) error {
 		nil,
 		nil,
 		nil,
+		nil,
 	)
 
 	if err != nil {

diff --git a/cmd/setup/10.go b/cmd/setup/10.go
@@ -2,48 +2,62 @@ package setup
 
 import (
 	"context"
+	"database/sql"
 	_ "embed"
+	"time"
 
+	"github.com/cockroachdb/cockroach-go/v2/crdb"
 	"github.com/zitadel/logging"
 
 	"github.com/zitadel/zitadel/internal/database"
 )
 
 var (
-	//go:embed 10.sql
-	correctCreationDate10 string
+	//go:embed 10_create_temp_table.sql
+	correctCreationDate10CreateTable string
+	//go:embed 10_fill_table.sql
+	correctCreationDate10FillTable string
+	//go:embed 10_update.sql
+	correctCreationDate10Update string
 )
 
 type CorrectCreationDate struct {
-	dbClient *database.DB
+	dbClient  *database.DB
+	FailAfter time.Duration
 }
 
 func (mig *CorrectCreationDate) Execute(ctx context.Context) (err error) {
-	tx, err := mig.dbClient.Begin()
-	if err != nil {
-		return err
-	}
-	if mig.dbClient.Type() == "cockroach" {
-		if _, err := tx.Exec("SET experimental_enable_temp_tables=on"); err != nil {
-			return err
-		}
-	}
-	defer func() {
-		if err != nil {
-			logging.OnError(tx.Rollback()).Debug("rollback failed")
-			return
-		}
-		err = tx.Commit()
-	}()
+	ctx, cancel := context.WithTimeout(ctx, mig.FailAfter)
+	defer cancel()
+
 	for {
-		res, err := tx.ExecContext(ctx, correctCreationDate10)
-		if err != nil {
-			return err
-		}
-		affected, _ := res.RowsAffected()
-		logging.WithFields("count", affected).Info("creation dates changed")
-		if affected == 0 {
+		var affected int64
+		err = crdb.ExecuteTx(ctx, mig.dbClient.DB, nil, func(tx *sql.Tx) error {
+			if mig.dbClient.Type() == "cockroach" {
+				if _, err := tx.Exec("SET experimental_enable_temp_tables=on"); err != nil {
+					return err
+				}
+			}
+			_, err := tx.ExecContext(ctx, correctCreationDate10CreateTable)
+			if err != nil {
+				return err
+			}
+
+			_, err = tx.ExecContext(ctx, correctCreationDate10FillTable)
+			if err != nil {
+				return err
+			}
+
+			res, err := tx.ExecContext(ctx, correctCreationDate10Update)
+			if err != nil {
+				return err
+			}
+			affected, _ = res.RowsAffected()
+			logging.WithFields("count", affected).Info("creation dates changed")
 			return nil
+		})
+		if affected == 0 || err != nil {
+			return err
 		}
 	}
 }

diff --git a/cmd/setup/10_create_temp_table.sql b/cmd/setup/10_create_temp_table.sql
@@ -0,0 +1,6 @@
+CREATE temporary TABLE IF NOT EXISTS wrong_events (
+    instance_id TEXT
+    , event_sequence BIGINT
+    , current_cd TIMESTAMPTZ
+    , next_cd TIMESTAMPTZ
+);
diff --git a/cmd/setup/10.sql → cmd/setup/10_fill_table.sql b/cmd/setup/10.sql → cmd/setup/10_fill_table.sql
@@ -1,10 +1,3 @@
-CREATE temporary TABLE IF NOT EXISTS wrong_events (
-    instance_id TEXT
-    , event_sequence BIGINT
-    , current_cd TIMESTAMPTZ
-    , next_cd TIMESTAMPTZ
-);
-
 TRUNCATE wrong_events;
 
 INSERT INTO wrong_events (
@@ -24,5 +17,3 @@ INSERT INTO wrong_events (
     ORDER BY
         event_sequence DESC
 );
-
-UPDATE eventstore.events e SET creation_date = we.next_cd FROM wrong_events we WHERE e.event_sequence = we.event_sequence and e.instance_id = we.instance_id;
diff --git a/cmd/setup/10_update.sql b/cmd/setup/10_update.sql
@@ -0,0 +1 @@
+UPDATE eventstore.events e SET creation_date = we.next_cd FROM wrong_events we WHERE e.event_sequence = we.event_sequence and e.instance_id = we.instance_id;
diff --git a/cmd/setup/config.go b/cmd/setup/config.go
@@ -56,16 +56,16 @@ func MustNewConfig(v *viper.Viper) *Config {
 }
 
 type Steps struct {
-	s1ProjectionTable         *ProjectionTable
-	s2AssetsTable             *AssetTable
-	FirstInstance             *FirstInstance
-	s4EventstoreIndexes       *EventstoreIndexesNew
-	s5LastFailed              *LastFailed
-	s6OwnerRemoveColumns      *OwnerRemoveColumns
-	s7LogstoreTables          *LogstoreTables
-	s8AuthTokens              *AuthTokenIndexes
-	s9EventstoreIndexes2      *EventstoreIndexesNew
-	s10EventstoreCreationDate *CorrectCreationDate
+	s1ProjectionTable    *ProjectionTable
+	s2AssetsTable        *AssetTable
+	FirstInstance        *FirstInstance
+	s4EventstoreIndexes  *EventstoreIndexesNew
+	s5LastFailed         *LastFailed
+	s6OwnerRemoveColumns *OwnerRemoveColumns
+	s7LogstoreTables     *LogstoreTables
+	s8AuthTokens         *AuthTokenIndexes
+	s9EventstoreIndexes2 *EventstoreIndexesNew
+	CorrectCreationDate  *CorrectCreationDate
 }
 
 type encryptionKeyConfig struct {

diff --git a/cmd/setup/config_change.go b/cmd/setup/config_change.go
@@ -33,7 +33,8 @@ func (mig *externalConfigChange) Check() bool {
 }
 
 func (mig *externalConfigChange) Execute(ctx context.Context) error {
-	cmd, err := command.StartCommands(mig.es,
+	cmd, err := command.StartCommands(
+		mig.es,
 		systemdefaults.SystemDefaults{},
 		nil,
 		nil,
@@ -50,6 +51,7 @@ func (mig *externalConfigChange) Execute(ctx context.Context) error {
 		nil,
 		nil,
 		nil,
+		nil,
 	)
 
 	if err != nil {

diff --git a/cmd/setup/setup.go b/cmd/setup/setup.go
@@ -88,7 +88,7 @@ func Setup(config *Config, steps *Steps, masterKey string) {
 	steps.s7LogstoreTables = &LogstoreTables{dbClient: dbClient.DB, username: config.Database.Username(), dbType: config.Database.Type()}
 	steps.s8AuthTokens = &AuthTokenIndexes{dbClient: dbClient}
 	steps.s9EventstoreIndexes2 = New09(dbClient)
-	steps.s10EventstoreCreationDate = &CorrectCreationDate{dbClient: dbClient}
+	steps.CorrectCreationDate.dbClient = dbClient
 
 	err = projection.Create(ctx, dbClient, eventstoreClient, config.Projections, nil, nil)
 	logging.OnError(err).Fatal("unable to start projections")
@@ -124,7 +124,7 @@ func Setup(config *Config, steps *Steps, masterKey string) {
 	logging.OnError(err).Fatal("unable to migrate step 8")
 	err = migration.Migrate(ctx, eventstoreClient, steps.s9EventstoreIndexes2)
 	logging.OnError(err).Fatal("unable to migrate step 9")
-	err = migration.Migrate(ctx, eventstoreClient, steps.s10EventstoreCreationDate)
+	err = migration.Migrate(ctx, eventstoreClient, steps.CorrectCreationDate)
 	logging.OnError(err).Fatal("unable to migrate step 10")
 
 	for _, repeatableStep := range repeatableSteps {

diff --git a/cmd/setup/steps.yaml b/cmd/setup/steps.yaml
@@ -30,3 +30,5 @@ FirstInstance:
       MachineKey:
         ExpirationDate:
         Type:
+CorrectCreationDate:
+  FailAfter: 5m
diff --git a/cmd/start/start.go b/cmd/start/start.go
@@ -163,6 +163,7 @@ func startZitadel(config *Config, masterKey string, server chan<- *Server) error
 		keys.OIDC,
 		keys.SAML,
 		&http.Client{},
+		authZRepo,
 	)
 	if err != nil {
 		return fmt.Errorf("cannot start commands: %w", err)
@@ -288,7 +289,7 @@ func startAPIs(
 	if err := apis.RegisterServer(ctx, auth.CreateServer(commands, queries, authRepo, config.SystemDefaults, keys.User, config.ExternalSecure, config.AuditLogRetention)); err != nil {
 		return err
 	}
-	if err := apis.RegisterService(ctx, user.CreateServer(commands, queries)); err != nil {
+	if err := apis.RegisterService(ctx, user.CreateServer(commands, queries, keys.User)); err != nil {
 		return err
 	}
 	if err := apis.RegisterService(ctx, session.CreateServer(commands, queries)); err != nil {

diff --git a/console/src/app/pages/projects/apps/app-create/app-create.component.html b/console/src/app/pages/projects/apps/app-create/app-create.component.html
@@ -437,6 +437,7 @@ <h1>{{ 'APP.PAGES.CREATE_DESC_TITLE' | translate }}</h1>
             class="redirect-section"
             [disabled]="false"
             [(ngModel)]="redirectUris"
+            [ngModelOptions]="{ standalone: true }"
             [getValues]="requestRedirectValuesSubject$"
             title="{{ 'APP.OIDC.REDIRECT' | translate }}"
             [isNative]="appType?.value.oidcAppType === OIDCAppType.OIDC_APP_TYPE_NATIVE"
@@ -447,6 +448,7 @@ <h1>{{ 'APP.PAGES.CREATE_DESC_TITLE' | translate }}</h1>
             class="redirect-section"
             [disabled]="false"
             [(ngModel)]="postLogoutUrisList"
+            [ngModelOptions]="{ standalone: true }"
             title="{{ 'APP.OIDC.POSTLOGOUTREDIRECT' | translate }}"
             [getValues]="requestRedirectValuesSubject$"
             [isNative]="appType?.value.oidcAppType === OIDCAppType.OIDC_APP_TYPE_NATIVE"

diff --git a/docs/docs/guides/integrate/services/atlassian-saml.md b/docs/docs/guides/integrate/services/atlassian-saml.md
@@ -1,5 +1,6 @@
 ---
 title: Connect with Atlassian through SAML 2.0
+sidebar_label: Atlassian
 ---
 
 This guide shows how to enable login with ZITADEL on Atlassian.

diff --git a/docs/docs/guides/integrate/services/auth0-oidc.mdx b/docs/docs/guides/integrate/services/auth0-oidc.mdx
@@ -1,5 +1,6 @@
 ---
 title: Connect with Auth0 through OIDC
+sidebar_label: Auth0 (OIDC)
 ---
 
 import CreateApp from "../application/_application.mdx";

diff --git a/docs/docs/guides/integrate/services/auth0-saml.md b/docs/docs/guides/integrate/services/auth0-saml.md
@@ -1,5 +1,6 @@
 ---
 title: Connect with Auth0 through SAML 2.0
+sidebar_label: Auth0 (SAML)
 ---
 
 This guide shows how to enable login with ZITADEL on Auth0.