Merge pull request #8 from telia-oss/update-from-main

Update from main

charts/zitadel/Chart.yaml

@@ -2,8 +2,8 @@ apiVersion: v2
 name: zitadel
 description: A Helm chart for ZITADEL
 type: application
-appVersion: "v2.61.0"
-version: 8.5.0
+appVersion: "v2.65.1"
+version: 8.5.1
 kubeVersion: ">= 1.21.0-0"
 icon: https://zitadel.com/zitadel-logo-dark.svg
 maintainers:

charts/zitadel/acceptance/accessibility.go

@@ -2,16 +2,14 @@ package acceptance
 
 import (
 	"context"
-	"crypto/x509"
-	"errors"
 	"fmt"
 	"net/http"
 	"strconv"
 	"strings"
 	"sync"
 	"time"
 
-	mgmt_api "github.com/zitadel/zitadel-go/v2/pkg/client/zitadel/management"
+	mgmt_api "github.com/zitadel/zitadel-go/v3/pkg/client/zitadel/management"
 
 	"github.com/gruntwork-io/terratest/modules/k8s"
 	corev1 "k8s.io/api/core/v1"
@@ -77,22 +75,11 @@ func (s *ConfigurationTest) checkAccessibility(pods []corev1.Pod) {
 			},
 		},
 		checkOptionsFunc(func(ctx context.Context) error {
-			randomInvalidKey := `{"type":"serviceaccount","keyId":"229185755715993707","key":"-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAm8bpVfzWJuZsEz1VfTrwSAdkbH+i/u2NS4dv60lwIjtXzrU7\n1xZkHw9jxqz+c+APTaTzp1KY49Dc/wcwXv032FuD1GK2ZSRnMaHm8QnNt8Xhi0e8\nBlu3QQmlqxWPCI67wDPUwXoSHM+r9gQXn2pOR0oonoLP+Gzef+RRj1zUFpZmHWPX\nxw4UWWHwl4xChw9iyO4HbZZGe6wBVYVWe2BnvviCVEeKapyjaCqokZES38S4+S2X\nit202xLlRDyXs3XFWmBzHGmEsxx3LZZor85Kbph/bGjDcV8rdQC1YKC++z8OhuLp\n79GltP7YWrfMN3Z8iRUJQY9APrKQYtljVkWrnQIDAQABAoIBAQCIRZrLyRHCF+LF\ndes6UPvv1t+n9oQtRLxNLV7f0m+Q0p7+yhZeE01kyn67R4yU65YXk0w+vIfZC1a4\nlp5fCl73Gx+ZBP2QPyczCPHRPIVE1Yt33zoByevmrjzKDGMC1nIyMmVVF6eOorFI\n1s2ffEycGqir+b1bEkoWUTJ0Gn3Cf1PE4vTgenHhCrYSvMsbmszQ5GDlfxNj27qf\nF2YrnLx11GplMYU0YEzGqSQHxw76rrmF7yiTvbB+olsjXWARAJxBriSlrF2BDYQk\n+HJ8MEwhWhncaZH1i0Xz/jarDBizpo2o1+K1ZqF6RBUknT72EPnMxI9JsvS4FH44\nZfbrujBhAoGBAMQnx6tO79GpnBIAr7iELyUu5F4mCdU6D0rOAiCjXPpCUAdCDuwX\nzROonIGXPPmhzXXtxebeTz4cf+P8p6tUnrqpl/f0Oi1DMOzv0jL/SAUDC9uUrg6k\nurXZT2dgeONwd1pADyNXSpbZfwRE5IoecFg6cgFi4kune0mdG3mr8QjpAoGBAMtN\nerrMc+4bc3GsmWG4FSXn3xlWMeVGIo2/owP2P5MuMu0ibjofZkl28y0xo8dJgWmv\nLiFSEOhUy+TXZK7K1a2+fD+AXHHaHkBjNbTmCaAbf7rZnuUL4iZVpQyIoTCVuAwo\nC6bsE4TcwGddk4yZj/WZ7v1be+uNgeYwQr2UshyVAoGAN8pYsBCzhR6IlVY8pG50\nOk8sBNss0MjCsLQHRuEwAL37pRTUybG7UmwSl4k8foPWvEP0lcWFJFVWyrGBvulC\nfDTgVFXSdi02LS3Iy1hwU3yaUsnm96NCt5YnT2/Q8l96kuDFbXfWbzFNPxmZJu+h\nZHa7FknZs0rfdgCJYAHXfIECgYEAw3kSqSrNyMICJOkkbO2W/+RLAUx8GwttS8dX\nkQaip/wCoTi6rQ3lxnslY23YIFRPpvL1srn6YbiudrCXMOz7uNtvEYt01082SQha\n6j1IQfZOwLRfb7EWV29/i2aPPWynEqEqWuuf9N5f7MLvjH9WCHpibJ4aryhXHqGG\nekvPWWUCgYA5qDsPk5ykRWEALbunzB/RkpxR6LTLSwriU/OzRswOiKo8UPqH4JZI\nOsFAgudG5H+UOEGMuaSvIq0PLbGex16PjKqUsRwgIoPdH8183f9fxZSJDmr7ELIy\nZJEvE3eJnYwMOpSEZS0VR5Sw0CmKV2Hhd+u6rRB8YjXMP0nAVg8eOA==\n-----END RSA PRIVATE KEY-----\n","userId":"229185755715600491"}`
-			conn, err := OpenGRPCConnection(s, []byte(randomInvalidKey))
-			if errors.As(err, &x509.UnknownAuthorityError{}) {
-				// The gRPC client doesn't support skipping the server cert validation
-				return nil
-			}
+			conn, err := OpenGRPCConnection(s, nil)
 			if err != nil {
 				return fmt.Errorf("couldn't create gRPC management client: %w", err)
 			}
 			_, err = conn.Healthz(ctx, &mgmt_api.HealthzRequest{})
-			// TODO: Why is the key checked on the healthz RPC?
-			if strings.Contains(err.Error(), "Errors.AuthNKey.NotFound") ||
-				strings.Contains(err.Error(), "Errors.User.NotFound") ||
-				strings.Contains(err.Error(), "assertion invalid") {
-				err = nil
-			}
 			return err
 		}))
 	for i := range pods {

charts/zitadel/acceptance/authenticate_test.go

@@ -7,7 +7,7 @@ import (
 	"github.com/gruntwork-io/terratest/modules/k8s"
 	"github.com/zitadel/oidc/pkg/oidc"
 	"github.com/zitadel/zitadel-charts/charts/zitadel/acceptance"
-	mgmt_api "github.com/zitadel/zitadel-go/v2/pkg/client/zitadel/management"
+	mgmt_api "github.com/zitadel/zitadel-go/v3/pkg/client/zitadel/management"
 	"net/http"
 	"net/url"
 	"strings"

charts/zitadel/acceptance/grpc.go

@@ -1,19 +1,32 @@
 package acceptance
 
 import (
-	"fmt"
-	"github.com/zitadel/zitadel-go/v2/pkg/client/management"
-	"github.com/zitadel/zitadel-go/v2/pkg/client/middleware"
-	"github.com/zitadel/zitadel-go/v2/pkg/client/zitadel"
+	oidc_client "github.com/zitadel/oidc/v3/pkg/client"
+	"github.com/zitadel/zitadel-go/v3/pkg/client"
+	"github.com/zitadel/zitadel-go/v3/pkg/client/zitadel/management"
+	"github.com/zitadel/zitadel-go/v3/pkg/zitadel"
+	"strconv"
 )
 
-func OpenGRPCConnection(cfg *ConfigurationTest, key []byte) (*management.Client, error) {
-	conn, err := management.NewClient(
-		cfg.APIBaseURL(),
-		fmt.Sprintf("%s:%d", cfg.Domain, cfg.Port),
-		[]string{zitadel.ScopeZitadelAPI()},
-		zitadel.WithJWTProfileTokenSource(middleware.JWTProfileFromFileData(key)),
-		zitadel.WithInsecure(),
-	)
-	return conn, err
+func OpenGRPCConnection(cfg *ConfigurationTest, key []byte) (management.ManagementServiceClient, error) {
+	var clientOptions []client.Option
+	if key != nil {
+		keyFile, err := oidc_client.ConfigFromKeyFileData(key)
+		if err != nil {
+			return nil, err
+		}
+		clientOptions = append(clientOptions, client.WithAuth(client.JWTAuthentication(keyFile, client.ScopeZitadelAPI())))
+	}
+	zitadelOptions := []zitadel.Option{
+		zitadel.WithPort(cfg.Port),
+		zitadel.WithInsecureSkipVerifyTLS(),
+	}
+	if cfg.Scheme != "https" {
+		zitadelOptions = append(zitadelOptions, zitadel.WithInsecure(strconv.Itoa(int(cfg.Port))))
+	}
+	c, err := client.New(cfg.Ctx, zitadel.New(cfg.Domain, zitadelOptions...), clientOptions...)
+	if err != nil {
+		return nil, err
+	}
+	return c.ManagementService(), nil
 }

examples/7-self-signed/README.md

@@ -24,10 +24,10 @@ helm install my-zitadel zitadel/zitadel --values https://raw.githubusercontent.c
 When ZITADEL is ready, you can access the GUI via port-forwarding:
 
 ```bash
-kubectl port-forward svc/my-zitadel 8080
+kubectl port-forward svc/my-zitadel 8443:8080
 ```
 
-Now, open https://my-iam.127.0.0.1.sslip.io:8080 in your browser and log in with the following credentials:
+Now, open https://my-iam.127.0.0.1.sslip.io:8443 in your browser and log in with the following credentials:
 
 **Username**: [email protected]
 **Password**: Password1!

examples/7-self-signed/zitadel-values.yaml

@@ -5,6 +5,7 @@ zitadel:
     additionalDnsName: my-iam.127.0.0.1.sslip.io
   configmapConfig:
     ExternalSecure: true
+    ExternalPort: 8443
     ExternalDomain: my-iam.127.0.0.1.sslip.io
     TLS:
       Enabled: true

go.mod

@@ -1,17 +1,18 @@
 module github.com/zitadel/zitadel-charts
 
-go 1.22.3
+go 1.23.3
 
 require (
-	github.com/gruntwork-io/terratest v0.47.1
+	github.com/gruntwork-io/terratest v0.47.2
 	github.com/jinzhu/copier v0.4.0
-	github.com/stretchr/testify v1.9.0
+	github.com/stretchr/testify v1.10.0
 	github.com/zitadel/oidc v1.13.5
-	github.com/zitadel/zitadel-go/v2 v2.2.8
+	github.com/zitadel/oidc/v3 v3.33.1
+	github.com/zitadel/zitadel-go/v3 v3.3.1
 	gopkg.in/yaml.v3 v3.0.1
-	k8s.io/api v0.31.0
-	k8s.io/apimachinery v0.31.0
-	k8s.io/client-go v0.31.0
+	k8s.io/api v0.31.3
+	k8s.io/apimachinery v0.31.3
+	k8s.io/client-go v0.31.3
 )
 
 require (
@@ -22,11 +23,13 @@ require (
 	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/emicklei/go-restful/v3 v3.12.0 // indirect
-	github.com/envoyproxy/protoc-gen-validate v1.0.4 // indirect
+	github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/ghodss/yaml v1.0.0 // indirect
 	github.com/go-errors/errors v1.5.1 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.4 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
 	github.com/go-openapi/jsonreference v0.21.0 // indirect
 	github.com/go-openapi/swag v0.23.0 // indirect
@@ -43,10 +46,9 @@ require (
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/gorilla/schema v1.4.1 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
 	github.com/gorilla/websocket v1.5.1 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 // indirect
 	github.com/gruntwork-io/go-commons v0.17.1 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
@@ -66,30 +68,37 @@ require (
 	github.com/moby/spdystream v0.4.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/muhlemmer/gu v0.3.1 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/pquerna/otp v1.4.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
+	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/texttheater/golang-levenshtein v1.0.1 // indirect
 	github.com/urfave/cli/v2 v2.27.2 // indirect
 	github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
-	golang.org/x/crypto v0.24.0 // indirect
-	golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect
-	golang.org/x/net v0.26.0 // indirect
-	golang.org/x/oauth2 v0.21.0 // indirect
-	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/sys v0.21.0 // indirect
-	golang.org/x/term v0.21.0 // indirect
-	golang.org/x/text v0.16.0 // indirect
+	github.com/zitadel/logging v0.6.1 // indirect
+	github.com/zitadel/schema v1.3.0 // indirect
+	go.opentelemetry.io/otel v1.29.0 // indirect
+	go.opentelemetry.io/otel/metric v1.29.0 // indirect
+	go.opentelemetry.io/otel/trace v1.29.0 // indirect
+	golang.org/x/crypto v0.26.0 // indirect
+	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
+	golang.org/x/net v0.28.0 // indirect
+	golang.org/x/oauth2 v0.24.0 // indirect
+	golang.org/x/sync v0.9.0 // indirect
+	golang.org/x/sys v0.24.0 // indirect
+	golang.org/x/term v0.23.0 // indirect
+	golang.org/x/text v0.20.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240521202816-d264139d666e // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e // indirect
-	google.golang.org/grpc v1.64.1 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect
+	google.golang.org/grpc v1.67.0 // indirect
 	google.golang.org/protobuf v1.34.2 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect