zitadel/pkg/grpc/admin/proto/admin.proto

797 lines
20 KiB
Protocol Buffer
Raw Normal View History

2020-03-20 16:13:53 +00:00
syntax = "proto3";
import "google/api/annotations.proto";
import "google/protobuf/empty.proto";
2020-03-23 09:50:40 +00:00
import "google/protobuf/timestamp.proto";
2020-03-20 16:13:53 +00:00
import "google/protobuf/struct.proto";
2020-03-23 11:25:16 +00:00
import "validate/validate.proto";
2020-03-20 16:13:53 +00:00
import "protoc-gen-swagger/options/annotations.proto";
import "authoption/options.proto";
package caos.zitadel.admin.api.v1;
2020-03-20 16:13:53 +00:00
option go_package ="github.com/caos/zitadel/pkg/grpc/admin";
2020-03-20 16:13:53 +00:00
option (grpc.gateway.protoc_gen_swagger.options.openapiv2_swagger) = {
info: {
title: "admin service";
version: "0.1";
contact:{
2020-03-23 15:56:02 +00:00
url: "https://github.com/caos/zitadel/pkg/admin"
2020-03-20 16:13:53 +00:00
};
};
schemes: HTTPS;
consumes: "application/json";
consumes: "application/grpc";
produces: "application/json";
produces: "application/grpc";
};
service AdminService {
// ---------
// Probes
// ---------
// Healthz returns status OK as soon as the service started
rpc Healthz(google.protobuf.Empty) returns (google.protobuf.Empty) {
option (google.api.http) = {
get: "/healthz"
};
}
// Ready returns status OK as soon as all dependent services are available
rpc Ready(google.protobuf.Empty) returns (google.protobuf.Empty) {
option (google.api.http) = {
get: "/ready"
};
}
rpc Validate(google.protobuf.Empty) returns (google.protobuf.Struct) {
option (google.api.http) = {
get: "/validate"
};
}
//ORG
2020-03-23 09:50:40 +00:00
rpc IsOrgUnique(UniqueOrgRequest) returns (UniqueOrgResponse) {
2020-03-20 16:13:53 +00:00
option (google.api.http) = {
get: "/orgs/_isunique"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.read"
};
}
2020-03-23 09:50:40 +00:00
rpc GetOrgByID(OrgID) returns (Org) {
2020-03-20 16:13:53 +00:00
option (google.api.http) = {
get: "/orgs/{id}"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.read"
};
}
2020-03-23 09:50:40 +00:00
rpc SearchOrgs(OrgSearchRequest) returns (OrgSearchResponse) {
2020-03-20 16:13:53 +00:00
option (google.api.http) = {
post: "/orgs/_search"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.read"
};
}
2020-03-23 09:50:40 +00:00
rpc SetUpOrg(OrgSetUpRequest) returns (OrgSetUpResponse) {
2020-03-20 16:13:53 +00:00
option (google.api.http) = {
post: "/orgs/_setup"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.write"
};
}
//ORG_IAM_POLICY
rpc GetOrgIamPolicy(OrgIamPolicyID) returns (OrgIamPolicy) {
option (google.api.http) = {
get: "/orgs/{org_id}/iampolicy"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.read"
};
}
rpc CreateOrgIamPolicy(OrgIamPolicyRequest) returns (OrgIamPolicy) {
option (google.api.http) = {
post: "/orgs/{org_id}/iampolicy"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.write"
};
}
rpc UpdateOrgIamPolicy(OrgIamPolicyRequest) returns (OrgIamPolicy) {
option (google.api.http) = {
put: "/orgs/{org_id}/iampolicy"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.write"
};
}
rpc DeleteOrgIamPolicy(OrgIamPolicyID) returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/orgs/{org_id}/iampolicy"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.delete"
};
}
rpc GetIamMemberRoles(google.protobuf.Empty) returns (IamMemberRoles) {
option (google.api.http) = {
get: "/members/roles"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.member.read"
};
}
rpc AddIamMember(AddIamMemberRequest) returns (IamMember) {
option (google.api.http) = {
post: "/members"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.member.write"
};
}
rpc ChangeIamMember(ChangeIamMemberRequest) returns (IamMember) {
option (google.api.http) = {
put: "/members/{user_id}"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.member.write"
};
}
rpc RemoveIamMember(RemoveIamMemberRequest) returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/members/{user_id}"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.member.delete"
};
}
rpc SearchIamMembers(IamMemberSearchRequest) returns (IamMemberSearchResponse) {
option (google.api.http) = {
post: "/members/_search"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.member.read"
};
}
rpc GetViews(google.protobuf.Empty) returns (Views) {
option (google.api.http) = {
get: "/views"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.read"
};
}
rpc ClearView(ViewID) returns (google.protobuf.Empty) {
option (google.api.http) = {
post: "/views/{database}/{view_name}"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.write"
};
}
rpc GetFailedEvents(google.protobuf.Empty) returns (FailedEvents) {
option (google.api.http) = {
get: "/failedevents"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.read"
};
}
rpc RemoveFailedEvent(FailedEventID) returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/failedevents/{database}/{view_name}/{failed_sequence}"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.write"
};
}
feat: idp and login policy configurations (#619) * feat: oidc config * fix: oidc configurations * feat: oidc idp config * feat: add oidc config test * fix: tests * fix: tests * feat: translate new events * feat: idp eventstore * feat: idp eventstore * fix: tests * feat: command side idp * feat: query side idp * feat: idp config on org * fix: tests * feat: authz idp on org * feat: org idps * feat: login policy * feat: login policy * feat: login policy * feat: add idp func on login policy * feat: add validation to loginpolicy and idp provider * feat: add default login policy * feat: login policy on org * feat: login policy on org * fix: id config handlers * fix: id config handlers * fix: create idp on org * fix: create idp on org * fix: not existing idp config * fix: default login policy * fix: add login policy on org * fix: idp provider search on org * fix: test * fix: remove idp on org * fix: test * fix: test * fix: remove admin idp * fix: logo src as byte * fix: migration * fix: tests * Update internal/iam/repository/eventsourcing/iam.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/iam_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/iam_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/org/repository/eventsourcing/org_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix: pr comments * fix: tests * Update types.go * fix: merge request changes * fix: reduce optimization Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2020-08-26 07:56:23 +00:00
rpc IdpByID(IdpID) returns (IdpView) {
option (google.api.http) = {
get: "/idps/{id}"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.idp.read"
};
}
rpc CreateOidcIdp(OidcIdpConfigCreate) returns (Idp) {
option (google.api.http) = {
post: "/idps/oidc"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.idp.write"
};
}
rpc UpdateIdpConfig(IdpUpdate) returns (Idp) {
option (google.api.http) = {
put: "/idps/{id}"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.idp.write"
};
}
rpc DeactivateIdpConfig(IdpID) returns (Idp) {
option (google.api.http) = {
put: "/idps/{id}/_deactivate"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.idp.write"
};
}
rpc ReactivateIdpConfig(IdpID) returns (Idp) {
option (google.api.http) = {
put: "/idps/{id}/_reactivate"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.idp.write"
};
}
rpc RemoveIdpConfig(IdpID) returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/idps/{id}"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.idp.write"
};
}
rpc UpdateOidcIdpConfig(OidcIdpConfigUpdate) returns (OidcIdpConfig) {
option (google.api.http) = {
put: "/idps/{idp_id}/oidcconfig"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.idp.write"
};
}
rpc SearchIdps(IdpSearchRequest) returns (IdpSearchResponse) {
option (google.api.http) = {
post: "/idps/_search"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.idp.read"
};
}
rpc GetDefaultLoginPolicy(google.protobuf.Empty) returns (DefaultLoginPolicyView) {
option (google.api.http) = {
get: "/policies/login"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.read"
};
}
rpc UpdateDefaultLoginPolicy(DefaultLoginPolicy) returns (DefaultLoginPolicy) {
option (google.api.http) = {
put: "/policies/login"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.write"
};
}
rpc GetDefaultLoginPolicyIdpProviders(IdpProviderSearchRequest) returns (IdpProviderSearchResponse) {
option (google.api.http) = {
post: "/policies/login/idpproviders/_search"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.read"
};
}
rpc AddIdpProviderToDefaultLoginPolicy(IdpProviderID) returns (IdpProviderID) {
option (google.api.http) = {
post: "/policies/login/idpproviders"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.write"
};
}
rpc RemoveIdpProviderFromDefaultLoginPolicy(IdpProviderID) returns (google.protobuf.Empty) {
option (google.api.http) = {
post: "/policies/login/idpproviders/{idp_config_id}"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "iam.policy.write"
};
}
2020-03-23 09:50:40 +00:00
}
message OrgID {
string id = 1;
}
message UniqueOrgRequest {
string name = 1 [(validate.rules).string.min_len = 1];
string domain = 2 [(validate.rules).string.min_len = 1];
}
message UniqueOrgResponse {
bool is_unique = 1;
}
message Org {
string id = 1;
OrgState state = 2;
google.protobuf.Timestamp creation_date = 3;
google.protobuf.Timestamp change_date = 4;
string name = 5;
string domain = 6;
}
enum OrgState {
ORGSTATE_UNSPECIFIED = 0;
ORGSTATE_ACTIVE = 1;
ORGSTATE_INACTIVE = 2;
}
message OrgSearchRequest {
uint64 offset = 1;
uint64 limit = 2;
OrgSearchKey sorting_column = 3 [(validate.rules).enum = {not_in: [0]}];;
bool asc = 4;
repeated OrgSearchQuery queries = 5;
}
message OrgSearchQuery {
OrgSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}];;
OrgSearchMethod method = 2;
string value = 3;
}
enum OrgSearchKey {
ORGSEARCHKEY_UNSPECIFIED = 0;
ORGSEARCHKEY_ORG_NAME = 1;
ORGSEARCHKEY_DOMAIN = 2;
ORGSEARCHKEY_STATE = 3;
}
message OrgSearchResponse {
uint64 offset = 1;
uint64 limit = 2;
uint64 total_result = 3;
repeated Org result = 4;
uint64 processed_sequence = 5;
google.protobuf.Timestamp view_timestamp = 6;
2020-03-23 09:50:40 +00:00
}
enum OrgSearchMethod {
ORGSEARCHMETHOD_EQUALS = 0;
ORGSEARCHMETHOD_STARTS_WITH = 1;
ORGSEARCHMETHOD_CONTAINS = 2;
}
message OrgSetUpRequest {
CreateOrgRequest org = 1;
feat: org command sides (#96) * start org * refactor(eventstore): filter in sql for querier * feat(eventstore): Aggregate precondition preconditions are checked right before insert. Insert is still transaction save * feat(eventstore): check preconditions in repository * test(eventstore): test precondition in models * test(eventstore): precondition-tests * start org * refactor(eventstore): filter in sql for querier * feat(eventstore): Aggregate precondition preconditions are checked right before insert. Insert is still transaction save * feat(admin): start implement org * feat(eventstore): check preconditions in repository * fix(eventstore): data as NULL if empty refactor(eventstore): naming in sequence methods * feat(admin): org command side * feat(management): start org-repo * feat(org): member * fix: replace ObjectRoot.ID with ObjectRoot.AggregateID * aggregateID * add remove,change member * refactor(org): namings * refactor(eventstore): querier as type * fix(precondition): rename validation from precondition to validation * test(eventstore): isErr func instead of wantErr bool * fix(tests): Data * fix(eventstore): correct check for existing events in push, simplify insert statement * fix(eventstore): aggregate id public * test(org): eventsourcing * test(org): eventstore * test(org): deactivate, reactivate, orgbyid * test(org): getMemberByIDs * tests * running tests * add user repo to admin * thorw not found if no org found * eventstore tests done * lauft * validate if user is already member of org * modules * delete unused file * add member validation test * return error if unable to validat member * generate org id once, set resourceowner of org * Update internal/admin/repository/eventsourcing/eventstore/org.go * Update internal/admin/repository/eventsourcing/eventstore/org.go * Update internal/org/repository/eventsourcing/member_model.go * Update internal/org/repository/eventsourcing/org.go * Update internal/org/repository/eventsourcing/org.go * Update internal/org/repository/eventsourcing/org_member.go * Update internal/org/repository/eventsourcing/org_member.go * Update internal/org/repository/eventsourcing/org_model.go * Update internal/org/repository/eventsourcing/org.go * Update internal/org/repository/eventsourcing/org_model.go * Update internal/org/repository/eventsourcing/org_model.go * typo * correct user events * usercreate for setuporg instead of userregister * set data * mod * mod * tests * cleanup code * code styling * return member on add and change * change username in startup * girignore * orgID as parameter in re-/deactive org * startup config * migration for admin_api-user * probes fro admin * move unique org Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com>
2020-05-13 12:22:29 +00:00
CreateUserRequest user = 2;
2020-03-23 09:50:40 +00:00
}
message OrgSetUpResponse {
Org org = 1;
User user = 2;
}
feat: org command sides (#96) * start org * refactor(eventstore): filter in sql for querier * feat(eventstore): Aggregate precondition preconditions are checked right before insert. Insert is still transaction save * feat(eventstore): check preconditions in repository * test(eventstore): test precondition in models * test(eventstore): precondition-tests * start org * refactor(eventstore): filter in sql for querier * feat(eventstore): Aggregate precondition preconditions are checked right before insert. Insert is still transaction save * feat(admin): start implement org * feat(eventstore): check preconditions in repository * fix(eventstore): data as NULL if empty refactor(eventstore): naming in sequence methods * feat(admin): org command side * feat(management): start org-repo * feat(org): member * fix: replace ObjectRoot.ID with ObjectRoot.AggregateID * aggregateID * add remove,change member * refactor(org): namings * refactor(eventstore): querier as type * fix(precondition): rename validation from precondition to validation * test(eventstore): isErr func instead of wantErr bool * fix(tests): Data * fix(eventstore): correct check for existing events in push, simplify insert statement * fix(eventstore): aggregate id public * test(org): eventsourcing * test(org): eventstore * test(org): deactivate, reactivate, orgbyid * test(org): getMemberByIDs * tests * running tests * add user repo to admin * thorw not found if no org found * eventstore tests done * lauft * validate if user is already member of org * modules * delete unused file * add member validation test * return error if unable to validat member * generate org id once, set resourceowner of org * Update internal/admin/repository/eventsourcing/eventstore/org.go * Update internal/admin/repository/eventsourcing/eventstore/org.go * Update internal/org/repository/eventsourcing/member_model.go * Update internal/org/repository/eventsourcing/org.go * Update internal/org/repository/eventsourcing/org.go * Update internal/org/repository/eventsourcing/org_member.go * Update internal/org/repository/eventsourcing/org_member.go * Update internal/org/repository/eventsourcing/org_model.go * Update internal/org/repository/eventsourcing/org.go * Update internal/org/repository/eventsourcing/org_model.go * Update internal/org/repository/eventsourcing/org_model.go * typo * correct user events * usercreate for setuporg instead of userregister * set data * mod * mod * tests * cleanup code * code styling * return member on add and change * change username in startup * girignore * orgID as parameter in re-/deactive org * startup config * migration for admin_api-user * probes fro admin * move unique org Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com>
2020-05-13 12:22:29 +00:00
message CreateUserRequest {
string user_name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string first_name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
string last_name = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
string nick_name = 4 [(validate.rules).string = {max_len: 200}];
string preferred_language = 5 [(validate.rules).string = {max_len: 200}];
Gender gender = 6;
string email = 7 [(validate.rules).string = {min_len: 1, max_len: 200, email: true}];
bool is_email_verified = 8;
string phone = 9 [(validate.rules).string = {max_len: 20}];
bool is_phone_verified = 10;
string country = 11 [(validate.rules).string = {max_len: 200}];
string locality = 12 [(validate.rules).string = {max_len: 200}];
string postal_code = 13 [(validate.rules).string = {max_len: 200}];
string region = 14 [(validate.rules).string = {max_len: 200}];
string street_address = 15 [(validate.rules).string = {max_len: 200}];
string password = 16 [(validate.rules).string = {max_len: 72}];
2020-03-23 09:50:40 +00:00
}
message User {
string id = 1;
UserState state = 2;
google.protobuf.Timestamp creation_date = 3;
google.protobuf.Timestamp change_date = 4;
string user_name = 5;
string first_name = 6;
string last_name = 7;
string nick_name = 8;
string display_name = 9;
string preferred_language = 10;
Gender gender = 11;
string email = 12;
bool isEmailVerified = 13;
string phone = 14;
bool isPhoneVerified = 15;
string country = 16;
string locality = 17;
string postal_code = 18;
string region = 19;
string street_address = 20;
feat: org command sides (#96) * start org * refactor(eventstore): filter in sql for querier * feat(eventstore): Aggregate precondition preconditions are checked right before insert. Insert is still transaction save * feat(eventstore): check preconditions in repository * test(eventstore): test precondition in models * test(eventstore): precondition-tests * start org * refactor(eventstore): filter in sql for querier * feat(eventstore): Aggregate precondition preconditions are checked right before insert. Insert is still transaction save * feat(admin): start implement org * feat(eventstore): check preconditions in repository * fix(eventstore): data as NULL if empty refactor(eventstore): naming in sequence methods * feat(admin): org command side * feat(management): start org-repo * feat(org): member * fix: replace ObjectRoot.ID with ObjectRoot.AggregateID * aggregateID * add remove,change member * refactor(org): namings * refactor(eventstore): querier as type * fix(precondition): rename validation from precondition to validation * test(eventstore): isErr func instead of wantErr bool * fix(tests): Data * fix(eventstore): correct check for existing events in push, simplify insert statement * fix(eventstore): aggregate id public * test(org): eventsourcing * test(org): eventstore * test(org): deactivate, reactivate, orgbyid * test(org): getMemberByIDs * tests * running tests * add user repo to admin * thorw not found if no org found * eventstore tests done * lauft * validate if user is already member of org * modules * delete unused file * add member validation test * return error if unable to validat member * generate org id once, set resourceowner of org * Update internal/admin/repository/eventsourcing/eventstore/org.go * Update internal/admin/repository/eventsourcing/eventstore/org.go * Update internal/org/repository/eventsourcing/member_model.go * Update internal/org/repository/eventsourcing/org.go * Update internal/org/repository/eventsourcing/org.go * Update internal/org/repository/eventsourcing/org_member.go * Update internal/org/repository/eventsourcing/org_member.go * Update internal/org/repository/eventsourcing/org_model.go * Update internal/org/repository/eventsourcing/org.go * Update internal/org/repository/eventsourcing/org_model.go * Update internal/org/repository/eventsourcing/org_model.go * typo * correct user events * usercreate for setuporg instead of userregister * set data * mod * mod * tests * cleanup code * code styling * return member on add and change * change username in startup * girignore * orgID as parameter in re-/deactive org * startup config * migration for admin_api-user * probes fro admin * move unique org Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com>
2020-05-13 12:22:29 +00:00
uint64 sequence = 21;
2020-03-23 09:50:40 +00:00
}
enum UserState {
USERSTATE_UNSPECIFIED = 0;
USERSTATE_ACTIVE = 1;
USERSTATE_INACTIVE = 2;
USERSTATE_DELETED = 3;
USERSTATE_LOCKED = 4;
USERSTATE_SUSPEND = 5;
USERSTATE_INITIAL= 6;
}
enum Gender {
GENDER_UNSPECIFIED = 0;
GENDER_FEMALE = 1;
GENDER_MALE = 2;
GENDER_DIVERSE = 3;
}
message CreateOrgRequest {
string name = 1 [(validate.rules).string.min_len = 1];
string domain = 2;
2020-03-23 09:50:40 +00:00
}
message OrgIamPolicy {
string org_id = 1;
string description = 2;
bool user_login_must_be_domain = 3;
bool default = 4;
uint64 sequence = 5;
google.protobuf.Timestamp creation_date = 6;
google.protobuf.Timestamp change_date = 7;
}
message OrgIamPolicyRequest {
string org_id = 1;
string description = 2;
bool user_login_must_be_domain = 3;
}
message OrgIamPolicyID {
string org_id = 1;
}
message IamMemberRoles {
repeated string roles = 1;
}
message IamMember {
string user_id = 1;
repeated string roles = 2;
google.protobuf.Timestamp change_date = 3;
google.protobuf.Timestamp creation_date = 4;
uint64 sequence = 5;
}
message AddIamMemberRequest {
string user_id = 1;
repeated string roles = 2;
}
message ChangeIamMemberRequest {
string user_id = 1;
repeated string roles = 2;
}
message RemoveIamMemberRequest {
string user_id = 1;
}
message IamMemberSearchResponse {
uint64 offset = 1;
uint64 limit = 2;
uint64 total_result = 3;
repeated IamMemberView result = 4;
uint64 processed_sequence = 5;
google.protobuf.Timestamp view_timestamp = 6;
}
message IamMemberView {
string user_id = 1;
repeated string roles = 2;
google.protobuf.Timestamp change_date = 3;
google.protobuf.Timestamp creation_date = 4;
uint64 sequence = 5;
string user_name = 6;
string email = 7;
string first_name = 8;
string last_name = 9;
string display_name = 10;
}
message IamMemberSearchRequest {
uint64 offset = 1;
uint64 limit = 2;
repeated IamMemberSearchQuery queries = 3;
}
message IamMemberSearchQuery {
IamMemberSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}];
SearchMethod method = 2;
string value = 3;
}
enum IamMemberSearchKey {
IAMMEMBERSEARCHKEY_UNSPECIFIED = 0;
IAMMEMBERSEARCHKEY_FIRST_NAME = 1;
IAMMEMBERSEARCHKEY_LAST_NAME = 2;
IAMMEMBERSEARCHKEY_EMAIL = 3;
IAMMEMBERSEARCHKEY_USER_ID = 4;
}
enum SearchMethod {
SEARCHMETHOD_EQUALS = 0;
SEARCHMETHOD_STARTS_WITH = 1;
SEARCHMETHOD_CONTAINS = 2;
SEARCHMETHOD_EQUALS_IGNORE_CASE = 3;
SEARCHMETHOD_STARTS_WITH_IGNORE_CASE = 4;
SEARCHMETHOD_CONTAINS_IGNORE_CASE = 5;
SEARCHMETHOD_NOT_EQUALS = 6;
SEARCHMETHOD_GREATER_THAN = 7;
SEARCHMETHOD_LESS_THAN = 8;
SEARCHMETHOD_IS_ONE_OF = 9;
SEARCHMETHOD_LIST_CONTAINS = 10;
}
message FailedEventID {
string database = 1;
string view_name = 2;
uint64 failed_sequence = 3;
}
message FailedEvents {
repeated FailedEvent failed_events = 1;
}
message FailedEvent {
string database = 1;
string view_name = 2;
uint64 failed_sequence = 3;
uint64 failure_count = 4;
string error_message = 5;
}
message ViewID {
string database = 1;
string view_name = 2;
}
message Views {
repeated View views = 1;
}
message View {
string database = 1;
string view_name = 2;
uint64 processed_sequence = 3;
google.protobuf.Timestamp view_timestamp = 4;
}
feat: idp and login policy configurations (#619) * feat: oidc config * fix: oidc configurations * feat: oidc idp config * feat: add oidc config test * fix: tests * fix: tests * feat: translate new events * feat: idp eventstore * feat: idp eventstore * fix: tests * feat: command side idp * feat: query side idp * feat: idp config on org * fix: tests * feat: authz idp on org * feat: org idps * feat: login policy * feat: login policy * feat: login policy * feat: add idp func on login policy * feat: add validation to loginpolicy and idp provider * feat: add default login policy * feat: login policy on org * feat: login policy on org * fix: id config handlers * fix: id config handlers * fix: create idp on org * fix: create idp on org * fix: not existing idp config * fix: default login policy * fix: add login policy on org * fix: idp provider search on org * fix: test * fix: remove idp on org * fix: test * fix: test * fix: remove admin idp * fix: logo src as byte * fix: migration * fix: tests * Update internal/iam/repository/eventsourcing/iam.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/iam_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/iam_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/org/repository/eventsourcing/org_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix: pr comments * fix: tests * Update types.go * fix: merge request changes * fix: reduce optimization Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2020-08-26 07:56:23 +00:00
message IdpID {
string id = 1;
}
message Idp {
string id = 1;
IdpState state = 2;
google.protobuf.Timestamp creation_date = 3;
google.protobuf.Timestamp change_date = 4;
string name = 5;
bytes logo_src = 6;
oneof idp_config {
OidcIdpConfig oidc_config = 7;
}
uint64 sequence = 8;
}
message IdpUpdate {
string id = 1;
string name = 2;
bytes logo_src = 3;
}
message OidcIdpConfig {
string client_id = 1;
string client_secret = 2;
string issuer = 3;
repeated string scopes = 4;
}
enum IdpState {
IDPCONFIGSTATE_UNSPECIFIED = 0;
IDPCONFIGSTATE_ACTIVE = 1;
IDPCONFIGSTATE_INACTIVE = 2;
}
message OidcIdpConfigCreate {
string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
bytes logo_src = 2;
string client_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
string client_secret = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
string issuer = 5 [(validate.rules).string = {min_len: 1, max_len: 200}];
repeated string scopes = 6;
}
message OidcIdpConfigUpdate {
string idp_id = 1;
string client_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
string client_secret = 3;
string issuer = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
repeated string scopes = 5;
}
message IdpSearchResponse {
uint64 offset = 1;
uint64 limit = 2;
uint64 total_result = 3;
repeated IdpView result = 4;
uint64 processed_sequence = 5;
google.protobuf.Timestamp view_timestamp = 6;
}
message IdpView {
string id = 1;
IdpState state = 2;
google.protobuf.Timestamp creation_date = 3;
google.protobuf.Timestamp change_date = 4;
string name = 5;
bytes logo_src = 6;
oneof idp_config_view {
OidcIdpConfigView oidc_config = 7;
}
uint64 sequence = 8;
}
message OidcIdpConfigView {
string client_id = 1;
string issuer = 2;
repeated string scopes = 3;
}
message IdpSearchRequest {
uint64 offset = 1;
uint64 limit = 2;
repeated IdpSearchQuery queries = 3;
}
feat: idp and login policy configurations (#619) * feat: oidc config * fix: oidc configurations * feat: oidc idp config * feat: add oidc config test * fix: tests * fix: tests * feat: translate new events * feat: idp eventstore * feat: idp eventstore * fix: tests * feat: command side idp * feat: query side idp * feat: idp config on org * fix: tests * feat: authz idp on org * feat: org idps * feat: login policy * feat: login policy * feat: login policy * feat: add idp func on login policy * feat: add validation to loginpolicy and idp provider * feat: add default login policy * feat: login policy on org * feat: login policy on org * fix: id config handlers * fix: id config handlers * fix: create idp on org * fix: create idp on org * fix: not existing idp config * fix: default login policy * fix: add login policy on org * fix: idp provider search on org * fix: test * fix: remove idp on org * fix: test * fix: test * fix: remove admin idp * fix: logo src as byte * fix: migration * fix: tests * Update internal/iam/repository/eventsourcing/iam.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/iam_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/iam_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/org/repository/eventsourcing/org_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix: pr comments * fix: tests * Update types.go * fix: merge request changes * fix: reduce optimization Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2020-08-26 07:56:23 +00:00
message IdpSearchQuery {
IdpSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}];
SearchMethod method = 2;
string value = 3;
}
enum IdpSearchKey {
IDPSEARCHKEY_UNSPECIFIED = 0;
IDPSEARCHKEY_IDP_CONFIG_ID = 1;
IDPSEARCHKEY_NAME = 2;
}
message DefaultLoginPolicy {
bool allow_username_password = 1;
bool allow_register = 2;
bool allow_external_idp = 3;
}
message IdpProviderID {
string idp_config_id = 1;
}
message DefaultLoginPolicyView {
bool allow_username_password = 1;
bool allow_register = 2;
bool allow_external_idp = 3;
}
message IdpProviderViews {
repeated IdpProviderView providers = 1;
}
message IdpProviderView {
string idp_config_id = 1;
string name = 2;
IdpType type = 3;
}
enum IdpType {
IDPTYPE_UNSPECIFIED = 0;
IDPTYPE_OIDC = 1;
IDPTYPE_SAML = 2;
}
message IdpProviderSearchResponse {
uint64 offset = 1;
uint64 limit = 2;
uint64 total_result = 3;
repeated IdpProviderView result = 4;
uint64 processed_sequence = 5;
google.protobuf.Timestamp view_timestamp = 6;
}
message IdpProviderSearchRequest {
uint64 offset = 1;
uint64 limit = 2;
}