fix(Zitadel): filter out empty roles

2025-11-04 15:08:54 +01:00 · 2025-11-04 15:08:54 +01:00 · e7cedfb639
commit e7cedfb639
parent fab1df76c7
1 changed files with 43 additions and 35 deletions
--- a/modules/nixos/services/authentication/zitadel/default.nix
+++ b/modules/nixos/services/authentication/zitadel/default.nix
@ -1,6 +1,6 @@
 { config, lib, pkgs, namespace, system, inputs, ... }:
 let
-  inherit (lib) mkIf mkEnableOption mkOption types toUpper toSentenceCase nameValuePair mapAttrs' concatMapAttrs concatMap listToAttrs imap0 getAttrs getAttr hasAttr typeOf head drop length;
+  inherit (lib) mkIf mkEnableOption mkOption types toUpper toSentenceCase nameValuePair mapAttrs' concatMapAttrs filterAttrsRecursive listToAttrs imap0 head drop length;
  inherit (lib.${namespace}.strings) toSnakeCase;

  cfg = config.${namespace}.services.authentication.zitadel;
@ -395,14 +395,20 @@ in
              );

              # Global user roles
-              zitadel_instance_member = cfg.organization |> select [ "user" ] (org: name: value: 
-                { roles = value.instanceRoles; } 
+              zitadel_instance_member = 
+                cfg.organization 
+                |> filterAttrsRecursive (n: v: !(v ? "instanceRoles" && (length v.instanceRoles) == 0))
+                |> select [ "user" ] (org: name: { instanceRoles, ... }: 
+                  { roles = instanceRoles; } 
                  |> withRef "user" "${org}_${name}"
                  |> toResource "${org}_${name}"
                );

              # Organazation specific roles
-              zitadel_org_member = cfg.organization |> select [ "user" ] (org: name: { roles, ... }: 
+              zitadel_org_member = 
+                cfg.organization
+                |> filterAttrsRecursive (n: v: !(v ? "roles" && (length v.roles) == 0))
+                |> select [ "user" ] (org: name: { roles, ... }: 
                  { inherit roles; }
                  |> withRef "org" org
                  |> withRef "user" "${org}_${name}"
@ -421,14 +427,16 @@ in
              );

              # Organazation's action assignments
-              zitadel_trigger_actions = cfg.organization
+              zitadel_trigger_actions = 
+                cfg.organization
                |> concatMapAttrs (org: { triggers, ... }:
                  triggers
                  |> imap0 (i: { flowType, triggerType, actions, ... }: (let name = "trigger_${toString i}"; in
                    {
                      inherit flowType triggerType; 

-                        actionIds = actions 
+                      actionIds = 
+                        actions 
                        |> map (action: (lib.tfRef "zitadel_action.${org}_${toSnakeCase action}.id"));
                    } 
                    |> withRef "org" org