chore!: Introduce ZITADEL v3 (#9645)

This PR summarizes multiple changes specifically only available with ZITADEL v3: - feat: Web Keys management (https://github.com/zitadel/zitadel/pull/9526) - fix(cmd): ensure proper working of mirror (https://github.com/zitadel/zitadel/pull/9509) - feat(Authz): system user support for permission check v2 (https://github.com/zitadel/zitadel/pull/9640) - chore(license): change from Apache to AGPL (https://github.com/zitadel/zitadel/pull/9597) - feat(console): list v2 sessions (https://github.com/zitadel/zitadel/pull/9539) - fix(console): add loginV2 feature flag (https://github.com/zitadel/zitadel/pull/9682) - fix(feature flags): allow reading "own" flags (https://github.com/zitadel/zitadel/pull/9649) - feat(console): add Actions V2 UI (https://github.com/zitadel/zitadel/pull/9591) BREAKING CHANGE - feat(webkey): migrate to v2beta API (https://github.com/zitadel/zitadel/pull/9445) - chore!: remove CockroachDB Support (https://github.com/zitadel/zitadel/pull/9444) - feat(actions): migrate to v2beta API (https://github.com/zitadel/zitadel/pull/9489) --------- Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com> Co-authored-by: Ramon <mail@conblem.me> Co-authored-by: Elio Bischof <elio@zitadel.com> Co-authored-by: Kenta Yamaguchi <56732734+KEY60228@users.noreply.github.com> Co-authored-by: Harsha Reddy <harsha.reddy@klaviyo.com> Co-authored-by: Livio Spring <livio@zitadel.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Iraq <66622793+kkrime@users.noreply.github.com> Co-authored-by: Florian Forster <florian@zitadel.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Max Peintner <peintnerm@gmail.com>
2025-08-12 04:57:33 +00:00 · 2025-04-02 16:53:06 +02:00
parent d14a23ae7e
commit 07ce3b6905
559 changed files with 14578 additions and 7622 deletions
--- a/internal/api/grpc/webkey/v2beta/webkey_converter.go
+++ b/internal/api/grpc/webkey/v2beta/webkey_converter.go
@@ -0,0 +1,170 @@
+package webkey
+
+import (
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/internal/crypto"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/query"
+	webkey "github.com/zitadel/zitadel/pkg/grpc/webkey/v2beta"
+)
+
+func createWebKeyRequestToConfig(req *webkey.CreateWebKeyRequest) crypto.WebKeyConfig {
+	switch config := req.GetKey().(type) {
+	case *webkey.CreateWebKeyRequest_Rsa:
+		return rsaToCrypto(config.Rsa)
+	case *webkey.CreateWebKeyRequest_Ecdsa:
+		return ecdsaToCrypto(config.Ecdsa)
+	case *webkey.CreateWebKeyRequest_Ed25519:
+		return new(crypto.WebKeyED25519Config)
+	default:
+		return rsaToCrypto(nil)
+	}
+}
+
+func rsaToCrypto(config *webkey.RSA) *crypto.WebKeyRSAConfig {
+	out := new(crypto.WebKeyRSAConfig)
+
+	switch config.GetBits() {
+	case webkey.RSABits_RSA_BITS_UNSPECIFIED:
+		out.Bits = crypto.RSABits2048
+	case webkey.RSABits_RSA_BITS_2048:
+		out.Bits = crypto.RSABits2048
+	case webkey.RSABits_RSA_BITS_3072:
+		out.Bits = crypto.RSABits3072
+	case webkey.RSABits_RSA_BITS_4096:
+		out.Bits = crypto.RSABits4096
+	default:
+		out.Bits = crypto.RSABits2048
+	}
+
+	switch config.GetHasher() {
+	case webkey.RSAHasher_RSA_HASHER_UNSPECIFIED:
+		out.Hasher = crypto.RSAHasherSHA256
+	case webkey.RSAHasher_RSA_HASHER_SHA256:
+		out.Hasher = crypto.RSAHasherSHA256
+	case webkey.RSAHasher_RSA_HASHER_SHA384:
+		out.Hasher = crypto.RSAHasherSHA384
+	case webkey.RSAHasher_RSA_HASHER_SHA512:
+		out.Hasher = crypto.RSAHasherSHA512
+	default:
+		out.Hasher = crypto.RSAHasherSHA256
+	}
+
+	return out
+}
+
+func ecdsaToCrypto(config *webkey.ECDSA) *crypto.WebKeyECDSAConfig {
+	out := new(crypto.WebKeyECDSAConfig)
+
+	switch config.GetCurve() {
+	case webkey.ECDSACurve_ECDSA_CURVE_UNSPECIFIED:
+		out.Curve = crypto.EllipticCurveP256
+	case webkey.ECDSACurve_ECDSA_CURVE_P256:
+		out.Curve = crypto.EllipticCurveP256
+	case webkey.ECDSACurve_ECDSA_CURVE_P384:
+		out.Curve = crypto.EllipticCurveP384
+	case webkey.ECDSACurve_ECDSA_CURVE_P512:
+		out.Curve = crypto.EllipticCurveP512
+	default:
+		out.Curve = crypto.EllipticCurveP256
+	}
+
+	return out
+}
+
+func webKeyDetailsListToPb(list []query.WebKeyDetails) []*webkey.WebKey {
+	out := make([]*webkey.WebKey, len(list))
+	for i := range list {
+		out[i] = webKeyDetailsToPb(&list[i])
+	}
+	return out
+}
+
+func webKeyDetailsToPb(details *query.WebKeyDetails) *webkey.WebKey {
+	out := &webkey.WebKey{
+		Id:           details.KeyID,
+		CreationDate: timestamppb.New(details.CreationDate),
+		ChangeDate:   timestamppb.New(details.ChangeDate),
+		State:        webKeyStateToPb(details.State),
+	}
+
+	switch config := details.Config.(type) {
+	case *crypto.WebKeyRSAConfig:
+		out.Key = &webkey.WebKey_Rsa{
+			Rsa: webKeyRSAConfigToPb(config),
+		}
+	case *crypto.WebKeyECDSAConfig:
+		out.Key = &webkey.WebKey_Ecdsa{
+			Ecdsa: webKeyECDSAConfigToPb(config),
+		}
+	case *crypto.WebKeyED25519Config:
+		out.Key = &webkey.WebKey_Ed25519{
+			Ed25519: new(webkey.ED25519),
+		}
+	}
+
+	return out
+}
+
+func webKeyStateToPb(state domain.WebKeyState) webkey.State {
+	switch state {
+	case domain.WebKeyStateUnspecified:
+		return webkey.State_STATE_UNSPECIFIED
+	case domain.WebKeyStateInitial:
+		return webkey.State_STATE_INITIAL
+	case domain.WebKeyStateActive:
+		return webkey.State_STATE_ACTIVE
+	case domain.WebKeyStateInactive:
+		return webkey.State_STATE_INACTIVE
+	case domain.WebKeyStateRemoved:
+		return webkey.State_STATE_REMOVED
+	default:
+		return webkey.State_STATE_UNSPECIFIED
+	}
+}
+
+func webKeyRSAConfigToPb(config *crypto.WebKeyRSAConfig) *webkey.RSA {
+	out := new(webkey.RSA)
+
+	switch config.Bits {
+	case crypto.RSABitsUnspecified:
+		out.Bits = webkey.RSABits_RSA_BITS_UNSPECIFIED
+	case crypto.RSABits2048:
+		out.Bits = webkey.RSABits_RSA_BITS_2048
+	case crypto.RSABits3072:
+		out.Bits = webkey.RSABits_RSA_BITS_3072
+	case crypto.RSABits4096:
+		out.Bits = webkey.RSABits_RSA_BITS_4096
+	}
+
+	switch config.Hasher {
+	case crypto.RSAHasherUnspecified:
+		out.Hasher = webkey.RSAHasher_RSA_HASHER_UNSPECIFIED
+	case crypto.RSAHasherSHA256:
+		out.Hasher = webkey.RSAHasher_RSA_HASHER_SHA256
+	case crypto.RSAHasherSHA384:
+		out.Hasher = webkey.RSAHasher_RSA_HASHER_SHA384
+	case crypto.RSAHasherSHA512:
+		out.Hasher = webkey.RSAHasher_RSA_HASHER_SHA512
+	}
+
+	return out
+}
+
+func webKeyECDSAConfigToPb(config *crypto.WebKeyECDSAConfig) *webkey.ECDSA {
+	out := new(webkey.ECDSA)
+
+	switch config.Curve {
+	case crypto.EllipticCurveUnspecified:
+		out.Curve = webkey.ECDSACurve_ECDSA_CURVE_UNSPECIFIED
+	case crypto.EllipticCurveP256:
+		out.Curve = webkey.ECDSACurve_ECDSA_CURVE_P256
+	case crypto.EllipticCurveP384:
+		out.Curve = webkey.ECDSACurve_ECDSA_CURVE_P384
+	case crypto.EllipticCurveP512:
+		out.Curve = webkey.ECDSACurve_ECDSA_CURVE_P512
+	}
+
+	return out
+}