feat: implement user schema management (#7416)

This PR adds the functionality to manage user schemas through the new user schema service. It includes the possibility to create a basic JSON schema and also provides a way on defining permissions (read, write) for owner and self context with an annotation. Further annotations for OIDC claims and SAML attribute mappings will follow. A guide on how to create a schema and assign permissions has been started. It will be extended though out the process of implementing the schema and users based on those. Note: This feature is in an early stage and therefore not enabled by default. To test it out, please enable the UserSchema feature flag on your instance / system though the feature service.
2025-08-11 21:27:42 +00:00 · 2024-03-12 14:50:13 +01:00
parent 2a39cc16f5
commit 0e181b218c
61 changed files with 3614 additions and 35 deletions
--- a/internal/integration/client.go
+++ b/internal/integration/client.go
@@ -16,6 +16,7 @@ import (
 	"golang.org/x/text/language"
 	"google.golang.org/grpc"
 	"google.golang.org/protobuf/types/known/durationpb"
+	"google.golang.org/protobuf/types/known/structpb"

 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/command"
@@ -37,38 +38,41 @@ import (
 	settings "github.com/zitadel/zitadel/pkg/grpc/settings/v2beta"
 	"github.com/zitadel/zitadel/pkg/grpc/system"
 	user_pb "github.com/zitadel/zitadel/pkg/grpc/user"
+	schema "github.com/zitadel/zitadel/pkg/grpc/user/schema/v3alpha"
 	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
 )

 type Client struct {
-	CC          *grpc.ClientConn
-	Admin       admin.AdminServiceClient
-	Mgmt        mgmt.ManagementServiceClient
-	Auth        auth.AuthServiceClient
-	UserV2      user.UserServiceClient
-	SessionV2   session.SessionServiceClient
-	SettingsV2  settings.SettingsServiceClient
-	OIDCv2      oidc_pb.OIDCServiceClient
-	OrgV2       organisation.OrganizationServiceClient
-	System      system.SystemServiceClient
-	ExecutionV3 execution.ExecutionServiceClient
-	FeatureV2   feature.FeatureServiceClient
+	CC           *grpc.ClientConn
+	Admin        admin.AdminServiceClient
+	Mgmt         mgmt.ManagementServiceClient
+	Auth         auth.AuthServiceClient
+	UserV2       user.UserServiceClient
+	SessionV2    session.SessionServiceClient
+	SettingsV2   settings.SettingsServiceClient
+	OIDCv2       oidc_pb.OIDCServiceClient
+	OrgV2        organisation.OrganizationServiceClient
+	System       system.SystemServiceClient
+	ExecutionV3  execution.ExecutionServiceClient
+	FeatureV2    feature.FeatureServiceClient
+	UserSchemaV3 schema.UserSchemaServiceClient
 }

 func newClient(cc *grpc.ClientConn) Client {
 	return Client{
-		CC:          cc,
-		Admin:       admin.NewAdminServiceClient(cc),
-		Mgmt:        mgmt.NewManagementServiceClient(cc),
-		Auth:        auth.NewAuthServiceClient(cc),
-		UserV2:      user.NewUserServiceClient(cc),
-		SessionV2:   session.NewSessionServiceClient(cc),
-		SettingsV2:  settings.NewSettingsServiceClient(cc),
-		OIDCv2:      oidc_pb.NewOIDCServiceClient(cc),
-		OrgV2:       organisation.NewOrganizationServiceClient(cc),
-		System:      system.NewSystemServiceClient(cc),
-		ExecutionV3: execution.NewExecutionServiceClient(cc),
-		FeatureV2:   feature.NewFeatureServiceClient(cc),
+		CC:           cc,
+		Admin:        admin.NewAdminServiceClient(cc),
+		Mgmt:         mgmt.NewManagementServiceClient(cc),
+		Auth:         auth.NewAuthServiceClient(cc),
+		UserV2:       user.NewUserServiceClient(cc),
+		SessionV2:    session.NewSessionServiceClient(cc),
+		SettingsV2:   settings.NewSettingsServiceClient(cc),
+		OIDCv2:       oidc_pb.NewOIDCServiceClient(cc),
+		OrgV2:        organisation.NewOrganizationServiceClient(cc),
+		System:       system.NewSystemServiceClient(cc),
+		ExecutionV3:  execution.NewExecutionServiceClient(cc),
+		FeatureV2:    feature.NewFeatureServiceClient(cc),
+		UserSchemaV3: schema.NewUserSchemaServiceClient(cc),
 	}
 }

@@ -540,3 +544,21 @@ func (s *Tester) SetExecution(ctx context.Context, t *testing.T, cond *execution
 	require.NoError(t, err)
 	return target
 }
+
+func (s *Tester) CreateUserSchema(ctx context.Context, t *testing.T) *schema.CreateUserSchemaResponse {
+	userSchema := new(structpb.Struct)
+	err := userSchema.UnmarshalJSON([]byte(`{
+		"$schema": "urn:zitadel:schema:v1",
+		"type": "object",
+		"properties": {}
+	}`))
+	require.NoError(t, err)
+	target, err := s.Client.UserSchemaV3.CreateUserSchema(ctx, &schema.CreateUserSchemaRequest{
+		Type: fmt.Sprint(time.Now().UnixNano() + 1),
+		DataType: &schema.CreateUserSchemaRequest_Schema{
+			Schema: userSchema,
+		},
+	})
+	require.NoError(t, err)
+	return target
+}