TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 21:37:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: port reduction (#323)

Browse Source 
* move mgmt pkg

* begin package restructure

* rename auth package to authz

* begin start api

* move auth

* move admin

* fix merge

* configs and interceptors

* interceptor

* revert generate-grpc.sh

* some cleanups

* console

* move console

* fix tests and merging

* js linting

* merge

* merging and configs

* change k8s base to current ports

* fixes

* cleanup

* regenerate proto

* remove unnecessary whitespace

* missing param

* go mod tidy

* fix merging

* move login pkg

* cleanup

* move api pkgs again

* fix pkg naming

* fix generate-static.sh for login

* update workflow

* fixes

* logging

* remove duplicate

* comment for optional gateway interfaces

* regenerate protos

* fix proto imports for grpc web

* protos

* grpc web generate

* grpc web generate

* fix changes

* add translation interceptor

* fix merging

* regenerate mgmt proto
This commit is contained in:
Livio Amstutz
2020-07-08 13:56:37 +02:00
committed by GitHub
parent 708652a655
commit 3549a8b64e
330 changed files with 30495 additions and 30809 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
internal/api/api.go Normal file
View File

@@ -0,0 +1,53 @@
package api
import (
"context"
"net/http"
"google.golang.org/grpc"
"github.com/caos/zitadel/internal/api/authz"
grpc_util "github.com/caos/zitadel/internal/api/grpc"
"github.com/caos/zitadel/internal/api/grpc/server"
"github.com/caos/zitadel/internal/api/oidc"
authz_es "github.com/caos/zitadel/internal/authz/repository/eventsourcing"
"github.com/caos/zitadel/internal/config/systemdefaults"
)
type Config struct {
GRPC grpc_util.Config
OIDC oidc.OPHandlerConfig
}
type API struct {
grpcServer *grpc.Server
gatewayHandler *server.GatewayHandler
verifier *authz.TokenVerifier
serverPort string
}
func Create(config Config, authZ authz.Config, authZRepo *authz_es.EsRepository, sd systemdefaults.SystemDefaults) *API {
api := &API{
serverPort: config.GRPC.ServerPort,
}
api.verifier = authz.Start(authZRepo)
api.grpcServer = server.CreateServer(api.verifier, authZ, sd.DefaultLanguage)
api.gatewayHandler = server.CreateGatewayHandler(config.GRPC)
return api
}
func (a *API) RegisterServer(ctx context.Context, server server.Server) {
server.RegisterServer(a.grpcServer)
a.gatewayHandler.RegisterGateway(ctx, server)
a.verifier.RegisterServer(server.AppName(), server.MethodPrefix(), server.AuthMethods())
}
func (a *API) RegisterHandler(prefix string, handler http.Handler) {
a.gatewayHandler.RegisterHandler(prefix, handler)
}
func (a *API) Start(ctx context.Context) {
server.Serve(ctx, a.grpcServer, a.serverPort)
a.gatewayHandler.Serve(ctx)
}

91
internal/api/auth/context.go
View File

@@ -1,91 +0,0 @@
package auth
import (
"context"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/api"
grpc_util "github.com/caos/zitadel/internal/api/grpc"
"google.golang.org/grpc/metadata"
"strconv"
)
type key int
const (
permissionsKey key = 1
dataKey key = 2
)
type CtxData struct {
UserID string
OrgID string
ProjectID string
AgentID string
PreferredLanguage string
}
func (ctxData CtxData) IsZero() bool {
return ctxData.UserID == "" || ctxData.OrgID == ""
}
type Grants []*Grant
type Grant struct {
OrgID string
Roles []string
}
type TokenVerifier interface {
VerifyAccessToken(ctx context.Context, token string) (string, string, string, error)
ResolveGrant(ctx context.Context) (*Grant, error)
GetProjectIDByClientID(ctx context.Context, clientID string) (string, error)
}
func VerifyTokenAndWriteCtxData(ctx context.Context, token, orgID string, t TokenVerifier) (_ context.Context, err error) {
var userID, projectID, clientID, agentID string
//TODO: Remove as soon an authentification is implemented
if CheckInternal(ctx) {
userID = grpc_util.GetHeader(ctx, api.ZitadelUserID)
clientID = grpc_util.GetHeader(ctx, api.ZitadelClientID)
projectID, err = t.GetProjectIDByClientID(ctx, clientID)
agentID = grpc_util.GetHeader(ctx, api.ZitadelAgentID)
} else {
userID, clientID, agentID, err = verifyAccessToken(ctx, token, t)
if err != nil {
return nil, err
}
projectID, err = t.GetProjectIDByClientID(ctx, clientID)
logging.LogWithFields("AUTH-GfAoV", "clientID", clientID).OnError(err).Warn("could not read projectid by clientid")
}
return context.WithValue(ctx, dataKey, CtxData{UserID: userID, OrgID: orgID, ProjectID: projectID, AgentID: agentID}), nil
}
func SetCtxData(ctx context.Context, ctxData CtxData) context.Context {
return context.WithValue(ctx, dataKey, ctxData)
}
func GetCtxData(ctx context.Context) CtxData {
ctxData, _ := ctx.Value(dataKey).(CtxData)
return ctxData
}
func GetPermissionsFromCtx(ctx context.Context) []string {
ctxPermission, _ := ctx.Value(permissionsKey).([]string)
return ctxPermission
}
//TODO: Remove as soon an authentification is implemented
func CheckInternal(ctx context.Context) bool {
md, ok := metadata.FromIncomingContext(ctx)
if !ok {
return false
}
v, ok := md[api.LoginKey]
if !ok {
return false
}
ok, _ = strconv.ParseBool(v[0])
return ok
}

20
internal/api/auth/token.go
View File

@@ -1,20 +0,0 @@
package auth
import (
"context"
"strings"
"github.com/caos/zitadel/internal/errors"
)
const (
BearerPrefix = "Bearer "
)
func verifyAccessToken(ctx context.Context, token string, t TokenVerifier) (string, string, string, error) {
parts := strings.Split(token, BearerPrefix)
if len(parts) != 2 {
return "", "", "", errors.ThrowUnauthenticated(nil, "AUTH-7fs1e", "invalid auth header")
}
return t.VerifyAccessToken(ctx, parts[1])
}

6
internal/api/auth/authorization.go → internal/api/authz/authorization.go
View File

@@ -1,4 +1,4 @@
package auth
package authz
import (
"context"
@@ -13,8 +13,8 @@ const (
authenticated = "authenticated"
)
func CheckUserAuthorization(ctx context.Context, req interface{}, token, orgID string, verifier TokenVerifier, authConfig *Config, requiredAuthOption Option) (context.Context, error) {
ctx, err := VerifyTokenAndWriteCtxData(ctx, token, orgID, verifier)
func CheckUserAuthorization(ctx context.Context, req interface{}, token, orgID string, verifier *TokenVerifier, authConfig Config, requiredAuthOption Option, method string) (context.Context, error) {
ctx, err := VerifyTokenAndWriteCtxData(ctx, token, orgID, verifier, method)
if err != nil {
return nil, err
}

2
internal/api/auth/authorization_test.go → internal/api/authz/authorization_test.go
View File

@@ -1,4 +1,4 @@
package auth
package authz
import (
"testing"

2
internal/api/auth/config.go → internal/api/authz/config.go
View File

@@ -1,4 +1,4 @@
package auth
package authz
type Config struct {
RolePermissionMappings []RoleMapping

57
internal/api/authz/context.go Normal file
View File

@@ -0,0 +1,57 @@
package authz
import (
"context"
"github.com/caos/logging"
)
type key int
const (
permissionsKey key = 1
dataKey key = 2
)
type CtxData struct {
UserID string
OrgID string
ProjectID string
AgentID string
PreferredLanguage string
}
func (ctxData CtxData) IsZero() bool {
return ctxData.UserID == "" || ctxData.OrgID == ""
}
type Grants []*Grant
type Grant struct {
OrgID string
Roles []string
}
func VerifyTokenAndWriteCtxData(ctx context.Context, token, orgID string, t *TokenVerifier, method string) (_ context.Context, err error) {
userID, clientID, agentID, err := verifyAccessToken(ctx, token, t, method)
if err != nil {
return nil, err
}
projectID, err := t.GetProjectIDByClientID(ctx, clientID)
logging.LogWithFields("AUTH-GfAoV", "clientID", clientID).OnError(err).Warn("could not read projectid by clientid")
return context.WithValue(ctx, dataKey, CtxData{UserID: userID, OrgID: orgID, ProjectID: projectID, AgentID: agentID}), nil
}
func SetCtxData(ctx context.Context, ctxData CtxData) context.Context {
return context.WithValue(ctx, dataKey, ctxData)
}
func GetCtxData(ctx context.Context) CtxData {
ctxData, _ := ctx.Value(dataKey).(CtxData)
return ctxData
}
func GetPermissionsFromCtx(ctx context.Context) []string {
ctxPermission, _ := ctx.Value(permissionsKey).([]string)
return ctxPermission
}

2
internal/api/auth/context_mock.go → internal/api/authz/context_mock.go
View File

@@ -1,4 +1,4 @@
package auth
package authz
import "context"

8
internal/api/auth/permissions.go → internal/api/authz/permissions.go
View File

@@ -1,4 +1,4 @@
package auth
package authz
import (
"context"
@@ -6,7 +6,7 @@ import (
"github.com/caos/zitadel/internal/errors"
)
func getUserMethodPermissions(ctx context.Context, t TokenVerifier, requiredPerm string, authConfig *Config) (context.Context, []string, error) {
func getUserMethodPermissions(ctx context.Context, t *TokenVerifier, requiredPerm string, authConfig Config) (context.Context, []string, error) {
ctxData := GetCtxData(ctx)
if ctxData.IsZero() {
return nil, nil, errors.ThrowUnauthenticated(nil, "AUTH-rKLWEH", "context missing")
@@ -22,7 +22,7 @@ func getUserMethodPermissions(ctx context.Context, t TokenVerifier, requiredPerm
return context.WithValue(ctx, permissionsKey, permissions), permissions, nil
}
func mapGrantToPermissions(requiredPerm string, grant *Grant, authConfig *Config) []string {
func mapGrantToPermissions(requiredPerm string, grant *Grant, authConfig Config) []string {
resolvedPermissions := make([]string, 0)
for _, role := range grant.Roles {
resolvedPermissions = mapRoleToPerm(requiredPerm, role, authConfig, resolvedPermissions)
@@ -31,7 +31,7 @@ func mapGrantToPermissions(requiredPerm string, grant *Grant, authConfig *Config
return resolvedPermissions
}
func mapRoleToPerm(requiredPerm, actualRole string, authConfig *Config, resolvedPermissions []string) []string {
func mapRoleToPerm(requiredPerm, actualRole string, authConfig Config, resolvedPermissions []string) []string {
roleName, roleContextID := SplitPermission(actualRole)
perms := authConfig.getPermissionsFromRole(roleName)

100
internal/api/auth/permissions_test.go → internal/api/authz/permissions_test.go
View File

@@ -1,4 +1,4 @@
package auth
package authz
import (
"context"
@@ -15,18 +15,22 @@ type testVerifier struct {
grant *Grant
}
func (v *testVerifier) VerifyAccessToken(ctx context.Context, token string) (string, string, string, error) {
return "userID", "clientID", "agentID", nil
func (v *testVerifier) VerifyAccessToken(ctx context.Context, token, clientID string) (string, string, error) {
return "userID", "agentID", nil
}
func (v *testVerifier) ResolveGrant(ctx context.Context) (*Grant, error) {
func (v *testVerifier) ResolveGrants(ctx context.Context) (*Grant, error) {
return v.grant, nil
}
func (v *testVerifier) GetProjectIDByClientID(ctx context.Context, clientID string) (string, error) {
func (v *testVerifier) ProjectIDByClientID(ctx context.Context, clientID string) (string, error) {
return "", nil
}
func (v *testVerifier) VerifierClientID(ctx context.Context, appName string) (string, error) {
return "clientID", nil
}
func equalStringArray(a, b []string) bool {
if len(a) != len(b) {
return false
@@ -42,9 +46,9 @@ func equalStringArray(a, b []string) bool {
func Test_GetUserMethodPermissions(t *testing.T) {
type args struct {
ctx context.Context
verifier TokenVerifier
verifier *TokenVerifier
requiredPerm string
authConfig *Config
authConfig Config
}
tests := []struct {
name string
@@ -57,16 +61,17 @@ func Test_GetUserMethodPermissions(t *testing.T) {
name: "Empty Context",
args: args{
ctx: getTestCtx("", ""),
verifier: &testVerifier{grant: &Grant{
Roles: []string{"ORG_OWNER"}}},
verifier: Start(&testVerifier{grant: &Grant{
Roles: []string{"ORG_OWNER"},
}}),
requiredPerm: "project.read",
authConfig: &Config{
authConfig: Config{
RolePermissionMappings: []RoleMapping{
RoleMapping{
{
Role: "IAM_OWNER",
Permissions: []string{"project.read"},
},
RoleMapping{
{
Role: "ORG_OWNER",
Permissions: []string{"org.read", "project.read"},
},
@@ -81,15 +86,15 @@ func Test_GetUserMethodPermissions(t *testing.T) {
name: "No Grants",
args: args{
ctx: getTestCtx("", ""),
verifier: &testVerifier{grant: &Grant{}},
verifier: Start(&testVerifier{grant: &Grant{}}),
requiredPerm: "project.read",
authConfig: &Config{
authConfig: Config{
RolePermissionMappings: []RoleMapping{
RoleMapping{
{
Role: "IAM_OWNER",
Permissions: []string{"project.read"},
},
RoleMapping{
{
Role: "ORG_OWNER",
Permissions: []string{"org.read", "project.read"},
},
@@ -102,16 +107,17 @@ func Test_GetUserMethodPermissions(t *testing.T) {
name: "Get Permissions",
args: args{
ctx: getTestCtx("userID", "orgID"),
verifier: &testVerifier{grant: &Grant{
Roles: []string{"ORG_OWNER"}}},
verifier: Start(&testVerifier{grant: &Grant{
Roles: []string{"ORG_OWNER"},
}}),
requiredPerm: "project.read",
authConfig: &Config{
authConfig: Config{
RolePermissionMappings: []RoleMapping{
RoleMapping{
{
Role: "IAM_OWNER",
Permissions: []string{"project.read"},
},
RoleMapping{
{
Role: "ORG_OWNER",
Permissions: []string{"org.read", "project.read"},
},
@@ -144,7 +150,7 @@ func Test_MapGrantsToPermissions(t *testing.T) {
type args struct {
requiredPerm string
grant *Grant
authConfig *Config
authConfig Config
}
tests := []struct {
name string
@@ -156,13 +162,13 @@ func Test_MapGrantsToPermissions(t *testing.T) {
args: args{
requiredPerm: "project.read",
grant: &Grant{Roles: []string{"ORG_OWNER"}},
authConfig: &Config{
authConfig: Config{
RolePermissionMappings: []RoleMapping{
RoleMapping{
{
Role: "IAM_OWNER",
Permissions: []string{"project.read"},
},
RoleMapping{
{
Role: "ORG_OWNER",
Permissions: []string{"org.read", "project.read"},
},
@@ -176,13 +182,13 @@ func Test_MapGrantsToPermissions(t *testing.T) {
args: args{
requiredPerm: "project.write",
grant: &Grant{Roles: []string{"ORG_OWNER"}},
authConfig: &Config{
authConfig: Config{
RolePermissionMappings: []RoleMapping{
RoleMapping{
{
Role: "IAM_OWNER",
Permissions: []string{"project.read"},
},
RoleMapping{
{
Role: "ORG_OWNER",
Permissions: []string{"org.read", "project.read"},
},
@@ -196,13 +202,13 @@ func Test_MapGrantsToPermissions(t *testing.T) {
args: args{
requiredPerm: "project.read",
grant: &Grant{Roles: []string{"ORG_OWNER", "IAM_OWNER"}},
authConfig: &Config{
authConfig: Config{
RolePermissionMappings: []RoleMapping{
RoleMapping{
{
Role: "IAM_OWNER",
Permissions: []string{"project.read"},
},
RoleMapping{
{
Role: "ORG_OWNER",
Permissions: []string{"org.read", "project.read"},
},
@@ -216,13 +222,13 @@ func Test_MapGrantsToPermissions(t *testing.T) {
args: args{
requiredPerm: "project.read",
grant: &Grant{Roles: []string{"ORG_OWNER", "PROJECT_OWNER:1"}},
authConfig: &Config{
authConfig: Config{
RolePermissionMappings: []RoleMapping{
RoleMapping{
{
Role: "PROJECT_OWNER",
Permissions: []string{"project.read"},
},
RoleMapping{
{
Role: "ORG_OWNER",
Permissions: []string{"org.read", "project.read"},
},
@@ -246,7 +252,7 @@ func Test_MapRoleToPerm(t *testing.T) {
type args struct {
requiredPerm string
actualRole string
authConfig *Config
authConfig Config
resolvedPermissions []string
}
tests := []struct {
@@ -259,13 +265,13 @@ func Test_MapRoleToPerm(t *testing.T) {
args: args{
requiredPerm: "project.read",
actualRole: "ORG_OWNER",
authConfig: &Config{
authConfig: Config{
RolePermissionMappings: []RoleMapping{
RoleMapping{
{
Role: "IAM_OWNER",
Permissions: []string{"project.read"},
},
RoleMapping{
{
Role: "ORG_OWNER",
Permissions: []string{"org.read", "project.read"},
},
@@ -280,13 +286,13 @@ func Test_MapRoleToPerm(t *testing.T) {
args: args{
requiredPerm: "project.read",
actualRole: "ORG_OWNER",
authConfig: &Config{
authConfig: Config{
RolePermissionMappings: []RoleMapping{
RoleMapping{
{
Role: "IAM_OWNER",
Permissions: []string{"project.read"},
},
RoleMapping{
{
Role: "ORG_OWNER",
Permissions: []string{"org.read", "project.read"},
},
@@ -301,13 +307,13 @@ func Test_MapRoleToPerm(t *testing.T) {
args: args{
requiredPerm: "project.read",
actualRole: "PROJECT_OWNER:1",
authConfig: &Config{
authConfig: Config{
RolePermissionMappings: []RoleMapping{
RoleMapping{
{
Role: "PROJECT_OWNER",
Permissions: []string{"project.read"},
},
RoleMapping{
{
Role: "ORG_OWNER",
Permissions: []string{"org.read", "project.read"},
},
@@ -322,13 +328,13 @@ func Test_MapRoleToPerm(t *testing.T) {
args: args{
requiredPerm: "project.read",
actualRole: "PROJECT_OWNER:1",
authConfig: &Config{
authConfig: Config{
RolePermissionMappings: []RoleMapping{
RoleMapping{
{
Role: "PROJECT_OWNER",
Permissions: []string{"project.read"},
},
RoleMapping{
{
Role: "ORG_OWNER",
Permissions: []string{"org.read", "project.read"},
},

105
internal/api/authz/token.go Normal file
View File

@@ -0,0 +1,105 @@
package authz
import (
"context"
"strings"
"sync"
caos_errs "github.com/caos/zitadel/internal/errors"
)
const (
BearerPrefix = "Bearer "
)
type TokenVerifier struct {
authZRepo authZRepo
clients sync.Map
authMethods MethodMapping
}
type authZRepo interface {
VerifyAccessToken(ctx context.Context, token, clientID string) (userID, agentID string, err error)
VerifierClientID(ctx context.Context, name string) (clientID string, err error)
ResolveGrants(ctx context.Context) (grant *Grant, err error)
ProjectIDByClientID(ctx context.Context, clientID string) (projectID string, err error)
}
func Start(authZRepo authZRepo) (v *TokenVerifier) {
return &TokenVerifier{authZRepo: authZRepo}
}
func (v *TokenVerifier) VerifyAccessToken(ctx context.Context, token string, method string) (userID, clientID, agentID string, err error) {
clientID, err = v.clientIDFromMethod(ctx, method)
if err != nil {
return "", "", "", err
}
userID, agentID, err = v.authZRepo.VerifyAccessToken(ctx, token, clientID)
return userID, clientID, agentID, err
}
type client struct {
id string
name string
}
func (v *TokenVerifier) RegisterServer(appName, methodPrefix string, mappings MethodMapping) {
v.clients.Store(methodPrefix, &client{name: appName})
if v.authMethods == nil {
v.authMethods = make(map[string]Option)
}
for method, option := range mappings {
v.authMethods[method] = option
}
}
func prefixFromMethod(method string) (string, bool) {
parts := strings.Split(method, "/")
if len(parts) < 2 {
return "", false
}
return parts[1], true
}
func (v *TokenVerifier) clientIDFromMethod(ctx context.Context, method string) (string, error) {
prefix, ok := prefixFromMethod(method)
if !ok {
return "", caos_errs.ThrowPermissionDenied(nil, "AUTHZ-GRD2Q", "Errors.Internal")
}
app, ok := v.clients.Load(prefix)
if !ok {
return "", caos_errs.ThrowPermissionDenied(nil, "AUTHZ-G2qrh", "Errors.Internal")
}
var err error
c := app.(*client)
if c.id != "" {
return c.id, nil
}
c.id, err = v.authZRepo.VerifierClientID(ctx, c.name)
if err != nil {
return "", caos_errs.ThrowPermissionDenied(err, "AUTHZ-ptTIF2", "Errors.Internal")
}
v.clients.Store(prefix, c)
return c.id, nil
}
func (v *TokenVerifier) ResolveGrant(ctx context.Context) (*Grant, error) {
return v.authZRepo.ResolveGrants(ctx)
}
func (v *TokenVerifier) GetProjectIDByClientID(ctx context.Context, clientID string) (string, error) {
return v.authZRepo.ProjectIDByClientID(ctx, clientID)
}
func (v *TokenVerifier) CheckAuthMethod(method string) (Option, bool) {
authOpt, ok := v.authMethods[method]
return authOpt, ok
}
func verifyAccessToken(ctx context.Context, token string, t *TokenVerifier, method string) (userID, clientID, agentID string, err error) {
parts := strings.Split(token, BearerPrefix)
if len(parts) != 2 {
return "", "", "", caos_errs.ThrowUnauthenticated(nil, "AUTH-7fs1e", "invalid auth header")
}
return t.VerifyAccessToken(ctx, parts[1], method)
}

18
internal/api/auth/token_test.go → internal/api/authz/token_test.go
View File

@@ -1,7 +1,8 @@
package auth
package authz
import (
"context"
"sync"
"testing"
"github.com/caos/zitadel/internal/errors"
@@ -12,7 +13,8 @@ func Test_VerifyAccessToken(t *testing.T) {
type args struct {
ctx context.Context
token string
verifier *testVerifier
verifier *TokenVerifier
method string
}
tests := []struct {
name string
@@ -40,13 +42,23 @@ func Test_VerifyAccessToken(t *testing.T) {
args: args{
ctx: context.Background(),
token: "Bearer AUTH",
verifier: &TokenVerifier{
authZRepo: &testVerifier{grant: &Grant{}},
clients: func() sync.Map {
m := sync.Map{}
m.Store("service", &client{name: "name"})
return m
}(),
authMethods: MethodMapping{"/service/method": Option{Permission: "authenticated"}},
},
method: "/service/method",
},
wantErr: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
_, _, _, err := verifyAccessToken(tt.args.ctx, tt.args.token, tt.args.verifier)
_, _, _, err := verifyAccessToken(tt.args.ctx, tt.args.token, tt.args.verifier, tt.args.method)
if tt.wantErr && err == nil {
t.Errorf("got wrong result, should get err: actual: %v ", err)
}

36
internal/api/grpc/admin/administrator.go Normal file
View File

@@ -0,0 +1,36 @@
package admin
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
view_model "github.com/caos/zitadel/internal/view/model"
"github.com/caos/zitadel/pkg/grpc/admin"
)
func (s *Server) GetViews(ctx context.Context, _ *empty.Empty) (_ *admin.Views, err error) {
views, err := s.administrator.GetViews(ctx)
if err != nil {
return nil, err
}
return &admin.Views{Views: viewsFromModel(views)}, nil
}
func (s *Server) ClearView(ctx context.Context, viewID *admin.ViewID) (_ *empty.Empty, err error) {
err = s.administrator.ClearView(ctx, viewID.Database, viewID.ViewName)
return &empty.Empty{}, err
}
func (s *Server) GetFailedEvents(ctx context.Context, _ *empty.Empty) (_ *admin.FailedEvents, err error) {
failedEvents, err := s.administrator.GetFailedEvents(ctx)
if err != nil {
return nil, err
}
return &admin.FailedEvents{FailedEvents: failedEventsFromModel(failedEvents)}, nil
}
func (s *Server) RemoveFailedEvent(ctx context.Context, failedEventID *admin.FailedEventID) (_ *empty.Empty, err error) {
err = s.administrator.RemoveFailedEvent(ctx, &view_model.FailedEvent{Database: failedEventID.Database, ViewName: failedEventID.ViewName, FailedSequence: failedEventID.FailedSequence})
return &empty.Empty{}, err
}

42
internal/api/grpc/admin/administrator_converter.go Normal file
View File

@@ -0,0 +1,42 @@
package admin
import (
view_model "github.com/caos/zitadel/internal/view/model"
"github.com/caos/zitadel/pkg/grpc/admin"
)
func viewsFromModel(views []*view_model.View) []*admin.View {
result := make([]*admin.View, len(views))
for i, view := range views {
result[i] = viewFromModel(view)
}
return result
}
func failedEventsFromModel(failedEvents []*view_model.FailedEvent) []*admin.FailedEvent {
result := make([]*admin.FailedEvent, len(failedEvents))
for i, view := range failedEvents {
result[i] = failedEventFromModel(view)
}
return result
}
func viewFromModel(view *view_model.View) *admin.View {
return &admin.View{
Database: view.Database,
ViewName: view.ViewName,
Sequence: view.CurrentSequence,
}
}
func failedEventFromModel(failedEvent *view_model.FailedEvent) *admin.FailedEvent {
return &admin.FailedEvent{
Database: failedEvent.Database,
ViewName: failedEvent.ViewName,
FailedSequence: failedEvent.FailedSequence,
FailureCount: failedEvent.FailureCount,
ErrorMessage: failedEvent.ErrMsg,
}
}

43
internal/api/grpc/admin/iam_member.go Normal file
View File

@@ -0,0 +1,43 @@
package admin
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/pkg/grpc/admin"
)
func (s *Server) GetIamMemberRoles(ctx context.Context, _ *empty.Empty) (*admin.IamMemberRoles, error) {
return &admin.IamMemberRoles{Roles: s.iam.GetIamMemberRoles()}, nil
}
func (s *Server) SearchIamMembers(ctx context.Context, in *admin.IamMemberSearchRequest) (*admin.IamMemberSearchResponse, error) {
members, err := s.iam.SearchIamMembers(ctx, iamMemberSearchRequestToModel(in))
if err != nil {
return nil, err
}
return iamMemberSearchResponseFromModel(members), nil
}
func (s *Server) AddIamMember(ctx context.Context, member *admin.AddIamMemberRequest) (*admin.IamMember, error) {
addedMember, err := s.iam.AddIamMember(ctx, addIamMemberToModel(member))
if err != nil {
return nil, err
}
return iamMemberFromModel(addedMember), nil
}
func (s *Server) ChangeIamMember(ctx context.Context, member *admin.ChangeIamMemberRequest) (*admin.IamMember, error) {
changedMember, err := s.iam.ChangeIamMember(ctx, changeIamMemberToModel(member))
if err != nil {
return nil, err
}
return iamMemberFromModel(changedMember), nil
}
func (s *Server) RemoveIamMember(ctx context.Context, member *admin.RemoveIamMemberRequest) (*empty.Empty, error) {
err := s.iam.RemoveIamMember(ctx, member.UserId)
return &empty.Empty{}, err
}

140
internal/api/grpc/admin/iam_member_converter.go Normal file
View File

@@ -0,0 +1,140 @@
package admin
import (
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/internal/model"
"github.com/caos/zitadel/pkg/grpc/admin"
)
func addIamMemberToModel(member *admin.AddIamMemberRequest) *iam_model.IamMember {
memberModel := &iam_model.IamMember{
UserID: member.UserId,
}
memberModel.Roles = member.Roles
return memberModel
}
func changeIamMemberToModel(member *admin.ChangeIamMemberRequest) *iam_model.IamMember {
memberModel := &iam_model.IamMember{
UserID: member.UserId,
}
memberModel.Roles = member.Roles
return memberModel
}
func iamMemberFromModel(member *iam_model.IamMember) *admin.IamMember {
creationDate, err := ptypes.TimestampProto(member.CreationDate)
logging.Log("GRPC-Lsp76").OnError(err).Debug("date parse failed")
changeDate, err := ptypes.TimestampProto(member.ChangeDate)
logging.Log("GRPC-3fG5s").OnError(err).Debug("date parse failed")
return &admin.IamMember{
UserId: member.UserID,
CreationDate: creationDate,
ChangeDate: changeDate,
Roles: member.Roles,
Sequence: member.Sequence,
}
}
func iamMemberSearchRequestToModel(request *admin.IamMemberSearchRequest) *iam_model.IamMemberSearchRequest {
return &iam_model.IamMemberSearchRequest{
Limit: request.Limit,
Offset: request.Offset,
Queries: iamMemberSearchQueriesToModel(request.Queries),
}
}
func iamMemberSearchQueriesToModel(queries []*admin.IamMemberSearchQuery) []*iam_model.IamMemberSearchQuery {
modelQueries := make([]*iam_model.IamMemberSearchQuery, len(queries))
for i, query := range queries {
modelQueries[i] = iamMemberSearchQueryToModel(query)
}
return modelQueries
}
func iamMemberSearchQueryToModel(query *admin.IamMemberSearchQuery) *iam_model.IamMemberSearchQuery {
return &iam_model.IamMemberSearchQuery{
Key: iamMemberSearchKeyToModel(query.Key),
Method: iamMemberSearchMethodToModel(query.Method),
Value: query.Value,
}
}
func iamMemberSearchKeyToModel(key admin.IamMemberSearchKey) iam_model.IamMemberSearchKey {
switch key {
case admin.IamMemberSearchKey_IAMMEMBERSEARCHKEY_EMAIL:
return iam_model.IamMemberSearchKeyEmail
case admin.IamMemberSearchKey_IAMMEMBERSEARCHKEY_FIRST_NAME:
return iam_model.IamMemberSearchKeyFirstName
case admin.IamMemberSearchKey_IAMMEMBERSEARCHKEY_LAST_NAME:
return iam_model.IamMemberSearchKeyLastName
case admin.IamMemberSearchKey_IAMMEMBERSEARCHKEY_USER_ID:
return iam_model.IamMemberSearchKeyUserID
default:
return iam_model.IamMemberSearchKeyUnspecified
}
}
func iamMemberSearchMethodToModel(key admin.SearchMethod) model.SearchMethod {
switch key {
case admin.SearchMethod_SEARCHMETHOD_CONTAINS:
return model.SearchMethodContains
case admin.SearchMethod_SEARCHMETHOD_CONTAINS_IGNORE_CASE:
return model.SearchMethodContainsIgnoreCase
case admin.SearchMethod_SEARCHMETHOD_EQUALS:
return model.SearchMethodEquals
case admin.SearchMethod_SEARCHMETHOD_EQUALS_IGNORE_CASE:
return model.SearchMethodEqualsIgnoreCase
case admin.SearchMethod_SEARCHMETHOD_STARTS_WITH:
return model.SearchMethodStartsWith
case admin.SearchMethod_SEARCHMETHOD_STARTS_WITH_IGNORE_CASE:
return model.SearchMethodStartsWithIgnoreCase
default:
return -1
}
}
func iamMemberSearchResponseFromModel(resp *iam_model.IamMemberSearchResponse) *admin.IamMemberSearchResponse {
return &admin.IamMemberSearchResponse{
Limit: resp.Limit,
Offset: resp.Offset,
TotalResult: resp.TotalResult,
Result: iamMembersFromView(resp.Result),
}
}
func iamMembersFromView(viewMembers []*iam_model.IamMemberView) []*admin.IamMemberView {
members := make([]*admin.IamMemberView, len(viewMembers))
for i, member := range viewMembers {
members[i] = iamMemberFromView(member)
}
return members
}
func iamMemberFromView(member *iam_model.IamMemberView) *admin.IamMemberView {
changeDate, err := ptypes.TimestampProto(member.ChangeDate)
logging.Log("GRPC-Lso9c").OnError(err).Debug("unable to parse changedate")
creationDate, err := ptypes.TimestampProto(member.CreationDate)
logging.Log("GRPC-6szE").OnError(err).Debug("unable to parse creation date")
return &admin.IamMemberView{
ChangeDate: changeDate,
CreationDate: creationDate,
Roles: member.Roles,
Sequence: member.Sequence,
UserId: member.UserID,
UserName: member.UserName,
Email: member.Email,
FirstName: member.FirstName,
LastName: member.LastName,
}
}

73
internal/api/grpc/admin/org.go Normal file
View File

@@ -0,0 +1,73 @@
package admin
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/pkg/grpc/admin"
)
func (s *Server) GetOrgByID(ctx context.Context, orgID *admin.OrgID) (_ *admin.Org, err error) {
org, err := s.org.OrgByID(ctx, orgID.Id)
if err != nil {
return nil, err
}
return orgFromModel(org), nil
}
func (s *Server) SearchOrgs(ctx context.Context, request *admin.OrgSearchRequest) (_ *admin.OrgSearchResponse, err error) {
result, err := s.org.SearchOrgs(ctx, orgSearchRequestToModel(request))
if err != nil {
return nil, err
}
return &admin.OrgSearchResponse{
Result: orgViewsFromModel(result.Result),
Limit: request.Limit,
Offset: request.Offset,
TotalResult: result.TotalResult,
}, nil
}
func (s *Server) IsOrgUnique(ctx context.Context, request *admin.UniqueOrgRequest) (org *admin.UniqueOrgResponse, err error) {
isUnique, err := s.org.IsOrgUnique(ctx, request.Name, request.Domain)
return &admin.UniqueOrgResponse{IsUnique: isUnique}, err
}
func (s *Server) SetUpOrg(ctx context.Context, orgSetUp *admin.OrgSetUpRequest) (_ *admin.OrgSetUpResponse, err error) {
setUp, err := s.org.SetUpOrg(ctx, setUpRequestToModel(orgSetUp))
if err != nil {
return nil, err
}
return setUpOrgResponseFromModel(setUp), err
}
func (s *Server) GetOrgIamPolicy(ctx context.Context, in *admin.OrgIamPolicyID) (_ *admin.OrgIamPolicy, err error) {
policy, err := s.org.GetOrgIamPolicyByID(ctx, in.OrgId)
if err != nil {
return nil, err
}
return orgIamPolicyFromModel(policy), err
}
func (s *Server) CreateOrgIamPolicy(ctx context.Context, in *admin.OrgIamPolicyRequest) (_ *admin.OrgIamPolicy, err error) {
policy, err := s.org.CreateOrgIamPolicy(ctx, orgIamPolicyRequestToModel(in))
if err != nil {
return nil, err
}
return orgIamPolicyFromModel(policy), err
}
func (s *Server) UpdateOrgIamPolicy(ctx context.Context, in *admin.OrgIamPolicyRequest) (_ *admin.OrgIamPolicy, err error) {
policy, err := s.org.ChangeOrgIamPolicy(ctx, orgIamPolicyRequestToModel(in))
if err != nil {
return nil, err
}
return orgIamPolicyFromModel(policy), err
}
func (s *Server) DeleteOrgIamPolicy(ctx context.Context, in *admin.OrgIamPolicyID) (_ *empty.Empty, err error) {
err = s.org.RemoveOrgIamPolicy(ctx, in.OrgId)
return &empty.Empty{}, err
}

284
internal/api/grpc/admin/org_converter.go Normal file
View File

@@ -0,0 +1,284 @@
package admin
import (
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
"golang.org/x/text/language"
admin_model "github.com/caos/zitadel/internal/admin/model"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/model"
org_model "github.com/caos/zitadel/internal/org/model"
usr_model "github.com/caos/zitadel/internal/user/model"
"github.com/caos/zitadel/pkg/grpc/admin"
)
func setUpRequestToModel(setUp *admin.OrgSetUpRequest) *admin_model.SetupOrg {
return &admin_model.SetupOrg{
Org: orgCreateRequestToModel(setUp.Org),
User: userCreateRequestToModel(setUp.User),
}
}
func orgCreateRequestToModel(org *admin.CreateOrgRequest) *org_model.Org {
o := &org_model.Org{
Domains: []*org_model.OrgDomain{},
Name: org.Name,
}
if org.Domain != "" {
o.Domains = append(o.Domains, &org_model.OrgDomain{Domain: org.Domain})
}
return o
}
func userCreateRequestToModel(user *admin.CreateUserRequest) *usr_model.User {
preferredLanguage, err := language.Parse(user.PreferredLanguage)
logging.Log("GRPC-30hwz").OnError(err).Debug("unable to parse language")
result := &usr_model.User{
Profile: &usr_model.Profile{
UserName: user.UserName,
FirstName: user.FirstName,
LastName: user.LastName,
NickName: user.NickName,
PreferredLanguage: preferredLanguage,
Gender: genderToModel(user.Gender),
},
Password: &usr_model.Password{
SecretString: user.Password,
},
Email: &usr_model.Email{
EmailAddress: user.Email,
IsEmailVerified: user.IsEmailVerified,
},
Address: &usr_model.Address{
Country: user.Country,
Locality: user.Locality,
PostalCode: user.PostalCode,
Region: user.Region,
StreetAddress: user.StreetAddress,
},
}
if user.Phone != "" {
result.Phone = &usr_model.Phone{PhoneNumber: user.Phone, IsPhoneVerified: user.IsPhoneVerified}
}
return result
}
func setUpOrgResponseFromModel(setUp *admin_model.SetupOrg) *admin.OrgSetUpResponse {
return &admin.OrgSetUpResponse{
Org: orgFromModel(setUp.Org),
User: userFromModel(setUp.User),
}
}
func orgViewsFromModel(orgs []*org_model.OrgView) []*admin.Org {
result := make([]*admin.Org, len(orgs))
for i, org := range orgs {
result[i] = orgViewFromModel(org)
}
return result
}
func orgFromModel(org *org_model.Org) *admin.Org {
creationDate, err := ptypes.TimestampProto(org.CreationDate)
logging.Log("GRPC-GTHsZ").OnError(err).Debug("unable to get timestamp from time")
changeDate, err := ptypes.TimestampProto(org.ChangeDate)
logging.Log("GRPC-dVnoj").OnError(err).Debug("unable to get timestamp from time")
return &admin.Org{
ChangeDate: changeDate,
CreationDate: creationDate,
Id: org.AggregateID,
Name: org.Name,
State: orgStateFromModel(org.State),
}
}
func orgViewFromModel(org *org_model.OrgView) *admin.Org {
creationDate, err := ptypes.TimestampProto(org.CreationDate)
logging.Log("GRPC-GTHsZ").OnError(err).Debug("unable to get timestamp from time")
changeDate, err := ptypes.TimestampProto(org.ChangeDate)
logging.Log("GRPC-dVnoj").OnError(err).Debug("unable to get timestamp from time")
return &admin.Org{
ChangeDate: changeDate,
CreationDate: creationDate,
Id: org.ID,
Name: org.Name,
State: orgStateFromModel(org.State),
}
}
func userFromModel(user *usr_model.User) *admin.User {
creationDate, err := ptypes.TimestampProto(user.CreationDate)
logging.Log("GRPC-8duwe").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(user.ChangeDate)
logging.Log("GRPC-ckoe3d").OnError(err).Debug("unable to parse timestamp")
converted := &admin.User{
Id: user.AggregateID,
State: userStateFromModel(user.State),
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: user.Sequence,
UserName: user.UserName,
FirstName: user.FirstName,
LastName: user.LastName,
DisplayName: user.DisplayName,
NickName: user.NickName,
PreferredLanguage: user.PreferredLanguage.String(),
Gender: genderFromModel(user.Gender),
}
if user.Email != nil {
converted.Email = user.EmailAddress
converted.IsEmailVerified = user.IsEmailVerified
}
if user.Phone != nil {
converted.Phone = user.PhoneNumber
converted.IsPhoneVerified = user.IsPhoneVerified
}
if user.Address != nil {
converted.Country = user.Country
converted.Locality = user.Locality
converted.PostalCode = user.PostalCode
converted.Region = user.Region
converted.StreetAddress = user.StreetAddress
}
return converted
}
func orgStateFromModel(state org_model.OrgState) admin.OrgState {
switch state {
case org_model.OrgStateActive:
return admin.OrgState_ORGSTATE_ACTIVE
case org_model.OrgStateInactive:
return admin.OrgState_ORGSTATE_INACTIVE
default:
return admin.OrgState_ORGSTATE_UNSPECIFIED
}
}
func genderFromModel(gender usr_model.Gender) admin.Gender {
switch gender {
case usr_model.GenderFemale:
return admin.Gender_GENDER_FEMALE
case usr_model.GenderMale:
return admin.Gender_GENDER_MALE
case usr_model.GenderDiverse:
return admin.Gender_GENDER_DIVERSE
default:
return admin.Gender_GENDER_UNSPECIFIED
}
}
func genderToModel(gender admin.Gender) usr_model.Gender {
switch gender {
case admin.Gender_GENDER_FEMALE:
return usr_model.GenderFemale
case admin.Gender_GENDER_MALE:
return usr_model.GenderMale
case admin.Gender_GENDER_DIVERSE:
return usr_model.GenderDiverse
default:
return usr_model.GenderUnspecified
}
}
func userStateFromModel(state usr_model.UserState) admin.UserState {
switch state {
case usr_model.UserStateActive:
return admin.UserState_USERSTATE_ACTIVE
case usr_model.UserStateInactive:
return admin.UserState_USERSTATE_INACTIVE
case usr_model.UserStateLocked:
return admin.UserState_USERSTATE_LOCKED
default:
return admin.UserState_USERSTATE_UNSPECIFIED
}
}
func orgSearchRequestToModel(req *admin.OrgSearchRequest) *org_model.OrgSearchRequest {
return &org_model.OrgSearchRequest{
Limit: req.Limit,
Asc: req.Asc,
Offset: req.Offset,
Queries: orgQueriesToModel(req.Queries),
SortingColumn: orgQueryKeyToModel(req.SortingColumn),
}
}
func orgQueriesToModel(queries []*admin.OrgSearchQuery) []*org_model.OrgSearchQuery {
modelQueries := make([]*org_model.OrgSearchQuery, len(queries))
for i, query := range queries {
modelQueries[i] = orgQueryToModel(query)
}
return modelQueries
}
func orgQueryToModel(query *admin.OrgSearchQuery) *org_model.OrgSearchQuery {
return &org_model.OrgSearchQuery{
Key: orgQueryKeyToModel(query.Key),
Value: query.Value,
Method: orgQueryMethodToModel(query.Method),
}
}
func orgQueryKeyToModel(key admin.OrgSearchKey) org_model.OrgSearchKey {
switch key {
case admin.OrgSearchKey_ORGSEARCHKEY_DOMAIN:
return org_model.OrgSearchKeyOrgDomain
case admin.OrgSearchKey_ORGSEARCHKEY_ORG_NAME:
return org_model.OrgSearchKeyOrgName
case admin.OrgSearchKey_ORGSEARCHKEY_STATE:
return org_model.OrgSearchKeyState
default:
return org_model.OrgSearchKeyUnspecified
}
}
func orgQueryMethodToModel(method admin.OrgSearchMethod) model.SearchMethod {
switch method {
case admin.OrgSearchMethod_ORGSEARCHMETHOD_CONTAINS:
return model.SearchMethodContains
case admin.OrgSearchMethod_ORGSEARCHMETHOD_EQUALS:
return model.SearchMethodEquals
case admin.OrgSearchMethod_ORGSEARCHMETHOD_STARTS_WITH:
return model.SearchMethodStartsWith
default:
return 0
}
}
func orgIamPolicyFromModel(policy *org_model.OrgIamPolicy) *admin.OrgIamPolicy {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-ush36").OnError(err).Debug("unable to get timestamp from time")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-Ps9fW").OnError(err).Debug("unable to get timestamp from time")
return &admin.OrgIamPolicy{
OrgId: policy.AggregateID,
Description: policy.Description,
UserLoginMustBeDomain: policy.UserLoginMustBeDomain,
Default: policy.Default,
CreationDate: creationDate,
ChangeDate: changeDate,
}
}
func orgIamPolicyRequestToModel(policy *admin.OrgIamPolicyRequest) *org_model.OrgIamPolicy {
return &org_model.OrgIamPolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: policy.OrgId,
},
Description: policy.Description,
UserLoginMustBeDomain: policy.UserLoginMustBeDomain,
}
}

22
internal/api/grpc/admin/probes.go Normal file
View File

@@ -0,0 +1,22 @@
package admin
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
pb_struct "github.com/golang/protobuf/ptypes/struct"
"github.com/caos/zitadel/internal/errors"
)
func (s *Server) Healthz(_ context.Context, e *empty.Empty) (*empty.Empty, error) {
return &empty.Empty{}, nil
}
func (s *Server) Ready(ctx context.Context, e *empty.Empty) (*empty.Empty, error) {
return &empty.Empty{}, s.repo.Health(ctx)
}
func (s *Server) Validate(ctx context.Context, _ *empty.Empty) (*pb_struct.Struct, error) {
return nil, errors.ThrowUnimplemented(nil, "GRPC-98Gse", "Not implemented")
}

61
internal/api/grpc/admin/server.go Normal file
View File

@@ -0,0 +1,61 @@
package admin
import (
"google.golang.org/grpc"
"github.com/caos/zitadel/internal/admin/repository"
"github.com/caos/zitadel/internal/admin/repository/eventsourcing"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/api/grpc/server"
"github.com/caos/zitadel/pkg/grpc/admin"
)
const (
adminName = "Admin-API"
)
var _ admin.AdminServiceServer = (*Server)(nil)
type Server struct {
org repository.OrgRepository
iam repository.IamRepository
administrator repository.AdministratorRepository
repo repository.Repository
}
type Config struct {
Repository eventsourcing.Config
}
func CreateServer(repo repository.Repository) *Server {
return &Server{
org: repo,
iam: repo,
administrator: repo,
repo: repo,
}
}
func (s *Server) RegisterServer(grpcServer *grpc.Server) {
admin.RegisterAdminServiceServer(grpcServer, s)
}
func (s *Server) AppName() string {
return adminName
}
func (s *Server) MethodPrefix() string {
return admin.AdminService_MethodPrefix
}
func (s *Server) AuthMethods() authz.MethodMapping {
return admin.AdminService_AuthMethods
}
func (s *Server) RegisterGateway() server.GatewayFunc {
return admin.RegisterAdminServiceHandlerFromEndpoint
}
func (s *Server) GatewayPathPrefix() string {
return "/admin/v1"
}

50
internal/api/grpc/auth/gateway.go Normal file
View File

@@ -0,0 +1,50 @@
package auth
import (
"strings"
"github.com/grpc-ecosystem/grpc-gateway/runtime"
grpc_util "github.com/caos/zitadel/internal/api/grpc"
"github.com/caos/zitadel/internal/api/grpc/server"
"github.com/caos/zitadel/pkg/grpc/auth"
)
type Gateway struct {
grpcEndpoint string
port string
cutomHeaders []string
}
func StartGateway(conf grpc_util.GatewayConfig) *Gateway {
return &Gateway{
grpcEndpoint: conf.GRPCEndpoint,
port: conf.Port,
cutomHeaders: conf.CustomHeaders,
}
}
func (gw *Gateway) Gateway() server.GatewayFunc {
return auth.RegisterAuthServiceHandlerFromEndpoint
}
func (gw *Gateway) GRPCEndpoint() string {
return ":" + gw.grpcEndpoint
}
func (gw *Gateway) GatewayPort() string {
return gw.port
}
func (gw *Gateway) GatewayServeMuxOptions() []runtime.ServeMuxOption {
return []runtime.ServeMuxOption{
runtime.WithIncomingHeaderMatcher(func(header string) (string, bool) {
for _, customHeader := range gw.cutomHeaders {
if strings.HasPrefix(strings.ToLower(header), customHeader) {
return header, true
}
}
return runtime.DefaultHeaderMatcher(header)
}),
}
}

31
internal/api/grpc/auth/policy_complexity_converter.go Normal file
View File

@@ -0,0 +1,31 @@
package auth
import (
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
"github.com/caos/zitadel/internal/policy/model"
"github.com/caos/zitadel/pkg/grpc/auth"
)
func passwordComplexityPolicyFromModel(policy *model.PasswordComplexityPolicy) *auth.PasswordComplexityPolicy {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-Lsi3d").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-P0wr4").OnError(err).Debug("unable to parse timestamp")
return &auth.PasswordComplexityPolicy{
Id: policy.AggregateID,
CreationDate: creationDate,
ChangeDate: changeDate,
Description: policy.Description,
Sequence: policy.Sequence,
MinLength: policy.MinLength,
HasLowercase: policy.HasLowercase,
HasUppercase: policy.HasUppercase,
HasNumber: policy.HasNumber,
HasSymbol: policy.HasSymbol,
IsDefault: policy.AggregateID == "",
}
}

22
internal/api/grpc/auth/probes.go Normal file
View File

@@ -0,0 +1,22 @@
package auth
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
pb_struct "github.com/golang/protobuf/ptypes/struct"
"github.com/caos/zitadel/internal/errors"
)
func (s *Server) Healthz(_ context.Context, e *empty.Empty) (*empty.Empty, error) {
return nil, errors.ThrowUnimplemented(nil, "GRPC-bst5W", "Not implemented")
}
func (s *Server) Ready(ctx context.Context, e *empty.Empty) (*empty.Empty, error) {
return nil, errors.ThrowUnimplemented(nil, "GRPC-or0vW", "Not implemented")
}
func (s *Server) Validate(ctx context.Context, _ *empty.Empty) (*pb_struct.Struct, error) {
return nil, errors.ThrowUnimplemented(nil, "GRPC-lo6Eg", "Not implemented")
}

25
internal/api/grpc/auth/search_converter.go Normal file
View File

@@ -0,0 +1,25 @@
package auth
import (
"github.com/caos/zitadel/internal/model"
"github.com/caos/zitadel/pkg/grpc/auth"
)
func searchMethodToModel(method auth.SearchMethod) model.SearchMethod {
switch method {
case auth.SearchMethod_SEARCHMETHOD_EQUALS:
return model.SearchMethodEquals
case auth.SearchMethod_SEARCHMETHOD_CONTAINS:
return model.SearchMethodContains
case auth.SearchMethod_SEARCHMETHOD_STARTS_WITH:
return model.SearchMethodStartsWith
case auth.SearchMethod_SEARCHMETHOD_EQUALS_IGNORE_CASE:
return model.SearchMethodEqualsIgnoreCase
case auth.SearchMethod_SEARCHMETHOD_CONTAINS_IGNORE_CASE:
return model.SearchMethodContainsIgnoreCase
case auth.SearchMethod_SEARCHMETHOD_STARTS_WITH_IGNORE_CASE:
return model.SearchMethodStartsWithIgnoreCase
default:
return model.SearchMethodEquals
}
}

55
internal/api/grpc/auth/server.go Normal file
View File

@@ -0,0 +1,55 @@
package auth
import (
"google.golang.org/grpc"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/api/grpc/server"
"github.com/caos/zitadel/internal/auth/repository"
"github.com/caos/zitadel/internal/auth/repository/eventsourcing"
"github.com/caos/zitadel/pkg/grpc/auth"
)
var _ auth.AuthServiceServer = (*Server)(nil)
const (
authName = "Auth-API"
)
type Server struct {
repo repository.Repository
}
type Config struct {
Repository eventsourcing.Config
}
func CreateServer(authRepo repository.Repository) *Server {
return &Server{
repo: authRepo,
}
}
func (s *Server) RegisterServer(grpcServer *grpc.Server) {
auth.RegisterAuthServiceServer(grpcServer, s)
}
func (s *Server) AppName() string {
return authName
}
func (s *Server) MethodPrefix() string {
return auth.AuthService_MethodPrefix
}
func (s *Server) AuthMethods() authz.MethodMapping {
return auth.AuthService_AuthMethods
}
func (s *Server) RegisterGateway() server.GatewayFunc {
return auth.RegisterAuthServiceHandlerFromEndpoint
}
func (s *Server) GatewayPathPrefix() string {
return "/auth/v1"
}

153
internal/api/grpc/auth/user.go Normal file
View File

@@ -0,0 +1,153 @@
package auth
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/pkg/grpc/auth"
)
func (s *Server) GetMyUser(ctx context.Context, _ *empty.Empty) (*auth.UserView, error) {
user, err := s.repo.MyUser(ctx)
if err != nil {
return nil, err
}
return userViewFromModel(user), nil
}
func (s *Server) GetMyUserProfile(ctx context.Context, _ *empty.Empty) (*auth.UserProfileView, error) {
profile, err := s.repo.MyProfile(ctx)
if err != nil {
return nil, err
}
return profileViewFromModel(profile), nil
}
func (s *Server) GetMyUserEmail(ctx context.Context, _ *empty.Empty) (*auth.UserEmailView, error) {
email, err := s.repo.MyEmail(ctx)
if err != nil {
return nil, err
}
return emailViewFromModel(email), nil
}
func (s *Server) GetMyUserPhone(ctx context.Context, _ *empty.Empty) (*auth.UserPhoneView, error) {
phone, err := s.repo.MyPhone(ctx)
if err != nil {
return nil, err
}
return phoneViewFromModel(phone), nil
}
func (s *Server) RemoveMyUserPhone(ctx context.Context, _ *empty.Empty) (*empty.Empty, error) {
err := s.repo.RemoveMyPhone(ctx)
return &empty.Empty{}, err
}
func (s *Server) GetMyUserAddress(ctx context.Context, _ *empty.Empty) (*auth.UserAddressView, error) {
address, err := s.repo.MyAddress(ctx)
if err != nil {
return nil, err
}
return addressViewFromModel(address), nil
}
func (s *Server) GetMyMfas(ctx context.Context, _ *empty.Empty) (*auth.MultiFactors, error) {
mfas, err := s.repo.MyUserMfas(ctx)
if err != nil {
return nil, err
}
return &auth.MultiFactors{Mfas: mfasFromModel(mfas)}, nil
}
func (s *Server) UpdateMyUserProfile(ctx context.Context, request *auth.UpdateUserProfileRequest) (*auth.UserProfile, error) {
profile, err := s.repo.ChangeMyProfile(ctx, updateProfileToModel(ctx, request))
if err != nil {
return nil, err
}
return profileFromModel(profile), nil
}
func (s *Server) ChangeMyUserEmail(ctx context.Context, request *auth.UpdateUserEmailRequest) (*auth.UserEmail, error) {
email, err := s.repo.ChangeMyEmail(ctx, updateEmailToModel(ctx, request))
if err != nil {
return nil, err
}
return emailFromModel(email), nil
}
func (s *Server) VerifyMyUserEmail(ctx context.Context, request *auth.VerifyMyUserEmailRequest) (*empty.Empty, error) {
err := s.repo.VerifyMyEmail(ctx, request.Code)
return &empty.Empty{}, err
}
func (s *Server) ResendMyEmailVerificationMail(ctx context.Context, _ *empty.Empty) (*empty.Empty, error) {
err := s.repo.ResendMyEmailVerificationMail(ctx)
return &empty.Empty{}, err
}
func (s *Server) ChangeMyUserPhone(ctx context.Context, request *auth.UpdateUserPhoneRequest) (*auth.UserPhone, error) {
phone, err := s.repo.ChangeMyPhone(ctx, updatePhoneToModel(ctx, request))
if err != nil {
return nil, err
}
return phoneFromModel(phone), nil
}
func (s *Server) VerifyMyUserPhone(ctx context.Context, request *auth.VerifyUserPhoneRequest) (*empty.Empty, error) {
err := s.repo.VerifyMyPhone(ctx, request.Code)
return &empty.Empty{}, err
}
func (s *Server) ResendMyPhoneVerificationCode(ctx context.Context, _ *empty.Empty) (*empty.Empty, error) {
err := s.repo.ResendMyPhoneVerificationCode(ctx)
return &empty.Empty{}, err
}
func (s *Server) UpdateMyUserAddress(ctx context.Context, request *auth.UpdateUserAddressRequest) (*auth.UserAddress, error) {
address, err := s.repo.ChangeMyAddress(ctx, updateAddressToModel(ctx, request))
if err != nil {
return nil, err
}
return addressFromModel(address), nil
}
func (s *Server) ChangeMyPassword(ctx context.Context, request *auth.PasswordChange) (*empty.Empty, error) {
err := s.repo.ChangeMyPassword(ctx, request.OldPassword, request.NewPassword)
return &empty.Empty{}, err
}
func (s *Server) GetMyPasswordComplexityPolicy(ctx context.Context, _ *empty.Empty) (*auth.PasswordComplexityPolicy, error) {
policy, err := s.repo.GetMyPasswordComplexityPolicy(ctx)
if err != nil {
return nil, err
}
return passwordComplexityPolicyFromModel(policy), nil
}
func (s *Server) AddMfaOTP(ctx context.Context, _ *empty.Empty) (_ *auth.MfaOtpResponse, err error) {
otp, err := s.repo.AddMyMfaOTP(ctx)
if err != nil {
return nil, err
}
return otpFromModel(otp), nil
}
func (s *Server) VerifyMfaOTP(ctx context.Context, request *auth.VerifyMfaOtp) (*empty.Empty, error) {
err := s.repo.VerifyMyMfaOTPSetup(ctx, request.Code)
return &empty.Empty{}, err
}
func (s *Server) RemoveMfaOTP(ctx context.Context, _ *empty.Empty) (_ *empty.Empty, err error) {
s.repo.RemoveMyMfaOTP(ctx)
return &empty.Empty{}, err
}
func (s *Server) GetMyUserChanges(ctx context.Context, request *auth.ChangesRequest) (*auth.Changes, error) {
changes, err := s.repo.MyUserChanges(ctx, request.SequenceOffset, request.Limit, request.Asc)
if err != nil {
return nil, err
}
return userChangesToResponse(changes, request.GetSequenceOffset(), request.GetLimit()), nil
}

375
internal/api/grpc/auth/user_converter.go Normal file
View File

@@ -0,0 +1,375 @@
package auth
import (
"context"
"encoding/json"
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
"golang.org/x/text/language"
"google.golang.org/protobuf/encoding/protojson"
"google.golang.org/protobuf/types/known/structpb"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/eventstore/models"
usr_model "github.com/caos/zitadel/internal/user/model"
"github.com/caos/zitadel/pkg/grpc/auth"
"github.com/caos/zitadel/pkg/grpc/message"
)
func userViewFromModel(user *usr_model.UserView) *auth.UserView {
creationDate, err := ptypes.TimestampProto(user.CreationDate)
logging.Log("GRPC-sd32g").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(user.ChangeDate)
logging.Log("GRPC-FJKq1").OnError(err).Debug("unable to parse timestamp")
lastLogin, err := ptypes.TimestampProto(user.LastLogin)
logging.Log("GRPC-Gteh2").OnError(err).Debug("unable to parse timestamp")
passwordChanged, err := ptypes.TimestampProto(user.PasswordChanged)
logging.Log("GRPC-fgQFT").OnError(err).Debug("unable to parse timestamp")
return &auth.UserView{
Id: user.ID,
State: userStateFromModel(user.State),
CreationDate: creationDate,
ChangeDate: changeDate,
LastLogin: lastLogin,
PasswordChanged: passwordChanged,
UserName: user.UserName,
FirstName: user.FirstName,
LastName: user.LastName,
DisplayName: user.DisplayName,
NickName: user.NickName,
PreferredLanguage: user.PreferredLanguage,
Gender: genderFromModel(user.Gender),
Email: user.Email,
IsEmailVerified: user.IsEmailVerified,
Phone: user.Phone,
IsPhoneVerified: user.IsPhoneVerified,
Country: user.Country,
Locality: user.Locality,
PostalCode: user.PostalCode,
Region: user.Region,
StreetAddress: user.StreetAddress,
Sequence: user.Sequence,
ResourceOwner: user.ResourceOwner,
LoginNames: user.LoginNames,
PreferredLoginName: user.PreferredLoginName,
}
}
func profileFromModel(profile *usr_model.Profile) *auth.UserProfile {
creationDate, err := ptypes.TimestampProto(profile.CreationDate)
logging.Log("GRPC-56t5s").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(profile.ChangeDate)
logging.Log("GRPC-K58ds").OnError(err).Debug("unable to parse timestamp")
return &auth.UserProfile{
Id: profile.AggregateID,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: profile.Sequence,
UserName: profile.UserName,
FirstName: profile.FirstName,
LastName: profile.LastName,
DisplayName: profile.DisplayName,
NickName: profile.NickName,
PreferredLanguage: profile.PreferredLanguage.String(),
Gender: genderFromModel(profile.Gender),
}
}
func profileViewFromModel(profile *usr_model.Profile) *auth.UserProfileView {
creationDate, err := ptypes.TimestampProto(profile.CreationDate)
logging.Log("GRPC-s9iKs").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(profile.ChangeDate)
logging.Log("GRPC-9sujE").OnError(err).Debug("unable to parse timestamp")
return &auth.UserProfileView{
Id: profile.AggregateID,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: profile.Sequence,
UserName: profile.UserName,
FirstName: profile.FirstName,
LastName: profile.LastName,
DisplayName: profile.DisplayName,
NickName: profile.NickName,
PreferredLanguage: profile.PreferredLanguage.String(),
Gender: genderFromModel(profile.Gender),
LoginNames: profile.LoginNames,
PreferredLoginName: profile.PreferredLoginName,
}
}
func updateProfileToModel(ctx context.Context, u *auth.UpdateUserProfileRequest) *usr_model.Profile {
preferredLanguage, err := language.Parse(u.PreferredLanguage)
logging.Log("GRPC-lk73L").OnError(err).Debug("language malformed")
return &usr_model.Profile{
ObjectRoot: models.ObjectRoot{AggregateID: authz.GetCtxData(ctx).UserID},
FirstName: u.FirstName,
LastName: u.LastName,
NickName: u.NickName,
PreferredLanguage: preferredLanguage,
Gender: genderToModel(u.Gender),
}
}
func emailFromModel(email *usr_model.Email) *auth.UserEmail {
creationDate, err := ptypes.TimestampProto(email.CreationDate)
logging.Log("GRPC-sdoi3").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(email.ChangeDate)
logging.Log("GRPC-klJK3").OnError(err).Debug("unable to parse timestamp")
return &auth.UserEmail{
Id: email.AggregateID,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: email.Sequence,
Email: email.EmailAddress,
IsEmailVerified: email.IsEmailVerified,
}
}
func emailViewFromModel(email *usr_model.Email) *auth.UserEmailView {
creationDate, err := ptypes.TimestampProto(email.CreationDate)
logging.Log("GRPC-LSp8s").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(email.ChangeDate)
logging.Log("GRPC-6szJe").OnError(err).Debug("unable to parse timestamp")
return &auth.UserEmailView{
Id: email.AggregateID,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: email.Sequence,
Email: email.EmailAddress,
IsEmailVerified: email.IsEmailVerified,
}
}
func updateEmailToModel(ctx context.Context, e *auth.UpdateUserEmailRequest) *usr_model.Email {
return &usr_model.Email{
ObjectRoot: models.ObjectRoot{AggregateID: authz.GetCtxData(ctx).UserID},
EmailAddress: e.Email,
}
}
func phoneFromModel(phone *usr_model.Phone) *auth.UserPhone {
creationDate, err := ptypes.TimestampProto(phone.CreationDate)
logging.Log("GRPC-kjn5J").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(phone.ChangeDate)
logging.Log("GRPC-LKA9S").OnError(err).Debug("unable to parse timestamp")
return &auth.UserPhone{
Id: phone.AggregateID,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: phone.Sequence,
Phone: phone.PhoneNumber,
IsPhoneVerified: phone.IsPhoneVerified,
}
}
func phoneViewFromModel(phone *usr_model.Phone) *auth.UserPhoneView {
creationDate, err := ptypes.TimestampProto(phone.CreationDate)
logging.Log("GRPC-s5zJS").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(phone.ChangeDate)
logging.Log("GRPC-s9kLe").OnError(err).Debug("unable to parse timestamp")
return &auth.UserPhoneView{
Id: phone.AggregateID,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: phone.Sequence,
Phone: phone.PhoneNumber,
IsPhoneVerified: phone.IsPhoneVerified,
}
}
func updatePhoneToModel(ctx context.Context, e *auth.UpdateUserPhoneRequest) *usr_model.Phone {
return &usr_model.Phone{
ObjectRoot: models.ObjectRoot{AggregateID: authz.GetCtxData(ctx).UserID},
PhoneNumber: e.Phone,
}
}
func addressFromModel(address *usr_model.Address) *auth.UserAddress {
creationDate, err := ptypes.TimestampProto(address.CreationDate)
logging.Log("GRPC-65FRs").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(address.ChangeDate)
logging.Log("GRPC-aslk4").OnError(err).Debug("unable to parse timestamp")
return &auth.UserAddress{
Id: address.AggregateID,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: address.Sequence,
Country: address.Country,
StreetAddress: address.StreetAddress,
Region: address.Region,
PostalCode: address.PostalCode,
Locality: address.Locality,
}
}
func addressViewFromModel(address *usr_model.Address) *auth.UserAddressView {
creationDate, err := ptypes.TimestampProto(address.CreationDate)
logging.Log("GRPC-sk4fS").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(address.ChangeDate)
logging.Log("GRPC-9siEs").OnError(err).Debug("unable to parse timestamp")
return &auth.UserAddressView{
Id: address.AggregateID,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: address.Sequence,
Country: address.Country,
StreetAddress: address.StreetAddress,
Region: address.Region,
PostalCode: address.PostalCode,
Locality: address.Locality,
}
}
func updateAddressToModel(ctx context.Context, address *auth.UpdateUserAddressRequest) *usr_model.Address {
return &usr_model.Address{
ObjectRoot: models.ObjectRoot{AggregateID: authz.GetCtxData(ctx).UserID},
Country: address.Country,
StreetAddress: address.StreetAddress,
Region: address.Region,
PostalCode: address.PostalCode,
Locality: address.Locality,
}
}
func otpFromModel(otp *usr_model.OTP) *auth.MfaOtpResponse {
return &auth.MfaOtpResponse{
UserId: otp.AggregateID,
Url: otp.Url,
Secret: otp.SecretString,
State: mfaStateFromModel(otp.State),
}
}
func userStateFromModel(state usr_model.UserState) auth.UserState {
switch state {
case usr_model.UserStateActive:
return auth.UserState_USERSTATE_ACTIVE
case usr_model.UserStateInactive:
return auth.UserState_USERSTATE_INACTIVE
case usr_model.UserStateLocked:
return auth.UserState_USERSTATE_LOCKED
case usr_model.UserStateInitial:
return auth.UserState_USERSTATE_INITIAL
case usr_model.UserStateSuspend:
return auth.UserState_USERSTATE_SUSPEND
default:
return auth.UserState_USERSTATE_UNSPECIFIED
}
}
func genderFromModel(gender usr_model.Gender) auth.Gender {
switch gender {
case usr_model.GenderFemale:
return auth.Gender_GENDER_FEMALE
case usr_model.GenderMale:
return auth.Gender_GENDER_MALE
case usr_model.GenderDiverse:
return auth.Gender_GENDER_DIVERSE
default:
return auth.Gender_GENDER_UNSPECIFIED
}
}
func genderToModel(gender auth.Gender) usr_model.Gender {
switch gender {
case auth.Gender_GENDER_FEMALE:
return usr_model.GenderFemale
case auth.Gender_GENDER_MALE:
return usr_model.GenderMale
case auth.Gender_GENDER_DIVERSE:
return usr_model.GenderDiverse
default:
return usr_model.GenderUnspecified
}
}
func mfaStateFromModel(state usr_model.MfaState) auth.MFAState {
switch state {
case usr_model.MfaStateReady:
return auth.MFAState_MFASTATE_READY
case usr_model.MfaStateNotReady:
return auth.MFAState_MFASTATE_NOT_READY
default:
return auth.MFAState_MFASTATE_UNSPECIFIED
}
}
func mfasFromModel(mfas []*usr_model.MultiFactor) []*auth.MultiFactor {
converted := make([]*auth.MultiFactor, len(mfas))
for i, mfa := range mfas {
converted[i] = mfaFromModel(mfa)
}
return converted
}
func mfaFromModel(mfa *usr_model.MultiFactor) *auth.MultiFactor {
return &auth.MultiFactor{
State: mfaStateFromModel(mfa.State),
Type: mfaTypeFromModel(mfa.Type),
}
}
func mfaTypeFromModel(mfatype usr_model.MfaType) auth.MfaType {
switch mfatype {
case usr_model.MfaTypeOTP:
return auth.MfaType_MFATYPE_OTP
case usr_model.MfaTypeSMS:
return auth.MfaType_MFATYPE_SMS
default:
return auth.MfaType_MFATYPE_UNSPECIFIED
}
}
func userChangesToResponse(response *usr_model.UserChanges, offset uint64, limit uint64) (_ *auth.Changes) {
return &auth.Changes{
Limit: limit,
Offset: offset,
Changes: userChangesToAPI(response),
}
}
func userChangesToAPI(changes *usr_model.UserChanges) (_ []*auth.Change) {
result := make([]*auth.Change, len(changes.Changes))
for i, change := range changes.Changes {
var data *structpb.Struct
changedData, err := json.Marshal(change.Data)
if err == nil {
data = new(structpb.Struct)
err = protojson.Unmarshal(changedData, data)
logging.Log("GRPC-0kRsY").OnError(err).Debug("unable to marshal changed data to struct")
}
result[i] = &auth.Change{
ChangeDate: change.ChangeDate,
EventType: message.NewLocalizedEventType(change.EventType),
Sequence: change.Sequence,
Data: data,
EditorId: change.ModifierId,
Editor: change.ModifierName,
}
}
return result
}

41
internal/api/grpc/auth/user_grant.go Normal file
View File

@@ -0,0 +1,41 @@
package auth
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/pkg/grpc/auth"
)
func (s *Server) SearchMyUserGrant(ctx context.Context, in *auth.UserGrantSearchRequest) (*auth.UserGrantSearchResponse, error) {
response, err := s.repo.SearchMyUserGrants(ctx, userGrantSearchRequestsToModel(in))
if err != nil {
return nil, err
}
return userGrantSearchResponseFromModel(response), nil
}
func (s *Server) SearchMyProjectOrgs(ctx context.Context, in *auth.MyProjectOrgSearchRequest) (*auth.MyProjectOrgSearchResponse, error) {
response, err := s.repo.SearchMyProjectOrgs(ctx, myProjectOrgSearchRequestRequestsToModel(in))
if err != nil {
return nil, err
}
return projectOrgSearchResponseFromModel(response), nil
}
func (s *Server) GetMyZitadelPermissions(ctx context.Context, _ *empty.Empty) (*auth.MyPermissions, error) {
perms, err := s.repo.SearchMyZitadelPermissions(ctx)
if err != nil {
return nil, err
}
return &auth.MyPermissions{Permissions: perms}, nil
}
func (s *Server) GetMyProjectPermissions(ctx context.Context, _ *empty.Empty) (*auth.MyPermissions, error) {
perms, err := s.repo.SearchMyProjectPermissions(ctx)
if err != nil {
return nil, err
}
return &auth.MyPermissions{Permissions: perms}, nil
}

127
internal/api/grpc/auth/user_grant_converter.go Normal file
View File

@@ -0,0 +1,127 @@
package auth
import (
grant_model "github.com/caos/zitadel/internal/usergrant/model"
"github.com/caos/zitadel/pkg/grpc/auth"
)
func userGrantSearchRequestsToModel(request *auth.UserGrantSearchRequest) *grant_model.UserGrantSearchRequest {
return &grant_model.UserGrantSearchRequest{
Offset: request.Offset,
Limit: request.Limit,
Queries: userGrantSearchQueriesToModel(request.Queries),
}
}
func userGrantSearchQueriesToModel(queries []*auth.UserGrantSearchQuery) []*grant_model.UserGrantSearchQuery {
converted := make([]*grant_model.UserGrantSearchQuery, len(queries))
for i, q := range queries {
converted[i] = userGrantSearchQueryToModel(q)
}
return converted
}
func userGrantSearchQueryToModel(query *auth.UserGrantSearchQuery) *grant_model.UserGrantSearchQuery {
return &grant_model.UserGrantSearchQuery{
Key: userGrantSearchKeyToModel(query.Key),
Method: searchMethodToModel(query.Method),
Value: query.Value,
}
}
func userGrantSearchKeyToModel(key auth.UserGrantSearchKey) grant_model.UserGrantSearchKey {
switch key {
case auth.UserGrantSearchKey_UserGrantSearchKey_ORG_ID:
return grant_model.UserGrantSearchKeyResourceOwner
case auth.UserGrantSearchKey_UserGrantSearchKey_PROJECT_ID:
return grant_model.UserGrantSearchKeyProjectID
default:
return grant_model.UserGrantSearchKeyUnspecified
}
}
func myProjectOrgSearchRequestRequestsToModel(request *auth.MyProjectOrgSearchRequest) *grant_model.UserGrantSearchRequest {
return &grant_model.UserGrantSearchRequest{
Offset: request.Offset,
Limit: request.Limit,
Asc: request.Asc,
SortingColumn: grant_model.UserGrantSearchKeyResourceOwner,
Queries: myProjectOrgSearchQueriesToModel(request.Queries),
}
}
func myProjectOrgSearchQueriesToModel(queries []*auth.MyProjectOrgSearchQuery) []*grant_model.UserGrantSearchQuery {
converted := make([]*grant_model.UserGrantSearchQuery, len(queries))
for i, q := range queries {
converted[i] = myProjectOrgSearchQueryToModel(q)
}
return converted
}
func myProjectOrgSearchQueryToModel(query *auth.MyProjectOrgSearchQuery) *grant_model.UserGrantSearchQuery {
return &grant_model.UserGrantSearchQuery{
Key: myProjectOrgSearchKeyToModel(query.Key),
Method: searchMethodToModel(query.Method),
Value: query.Value,
}
}
func myProjectOrgSearchKeyToModel(key auth.MyProjectOrgSearchKey) grant_model.UserGrantSearchKey {
switch key {
case auth.MyProjectOrgSearchKey_MYPROJECTORGSEARCHKEY_ORG_NAME:
return grant_model.UserGrantSearchKeyOrgName
default:
return grant_model.UserGrantSearchKeyUnspecified
}
}
func userGrantSearchResponseFromModel(response *grant_model.UserGrantSearchResponse) *auth.UserGrantSearchResponse {
return &auth.UserGrantSearchResponse{
Offset: response.Offset,
Limit: response.Limit,
TotalResult: response.TotalResult,
Result: userGrantViewsFromModel(response.Result),
}
}
func userGrantViewsFromModel(users []*grant_model.UserGrantView) []*auth.UserGrantView {
converted := make([]*auth.UserGrantView, len(users))
for i, user := range users {
converted[i] = userGrantViewFromModel(user)
}
return converted
}
func userGrantViewFromModel(grant *grant_model.UserGrantView) *auth.UserGrantView {
return &auth.UserGrantView{
UserId: grant.UserID,
OrgId: grant.ResourceOwner,
OrgName: grant.OrgName,
ProjectId: grant.ProjectID,
Roles: grant.RoleKeys,
}
}
func projectOrgSearchResponseFromModel(response *grant_model.ProjectOrgSearchResponse) *auth.MyProjectOrgSearchResponse {
return &auth.MyProjectOrgSearchResponse{
Offset: response.Offset,
Limit: response.Limit,
TotalResult: response.TotalResult,
Result: projectOrgsFromModel(response.Result),
}
}
func projectOrgsFromModel(projectOrgs []*grant_model.Org) []*auth.Org {
converted := make([]*auth.Org, len(projectOrgs))
for i, org := range projectOrgs {
converted[i] = projectOrgFromModel(org)
}
return converted
}
func projectOrgFromModel(org *grant_model.Org) *auth.Org {
return &auth.Org{
Id: org.OrgID,
Name: org.OrgName,
}
}

17
internal/api/grpc/auth/user_session.go Normal file
View File

@@ -0,0 +1,17 @@
package auth
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/pkg/grpc/auth"
)
func (s *Server) GetMyUserSessions(ctx context.Context, _ *empty.Empty) (_ *auth.UserSessionViews, err error) {
userSessions, err := s.repo.GetMyUserSessions(ctx)
if err != nil {
return nil, err
}
return &auth.UserSessionViews{UserSessions: userSessionViewsFromModel(userSessions)}, nil
}

38
internal/api/grpc/auth/user_session_converter.go Normal file
View File

@@ -0,0 +1,38 @@
package auth
import (
auth_req_model "github.com/caos/zitadel/internal/auth_request/model"
usr_model "github.com/caos/zitadel/internal/user/model"
"github.com/caos/zitadel/pkg/grpc/auth"
)
func userSessionViewsFromModel(userSessions []*usr_model.UserSessionView) []*auth.UserSessionView {
converted := make([]*auth.UserSessionView, len(userSessions))
for i, s := range userSessions {
converted[i] = userSessionViewFromModel(s)
}
return converted
}
func userSessionViewFromModel(userSession *usr_model.UserSessionView) *auth.UserSessionView {
return &auth.UserSessionView{
Sequence: userSession.Sequence,
AgentId: userSession.UserAgentID,
UserId: userSession.UserID,
UserName: userSession.UserName,
LoginName: userSession.LoginName,
DisplayName: userSession.DisplayName,
AuthState: userSessionStateFromModel(userSession.State),
}
}
func userSessionStateFromModel(state auth_req_model.UserSessionState) auth.UserSessionState {
switch state {
case auth_req_model.UserSessionStateActive:
return auth.UserSessionState_USERSESSIONSTATE_ACTIVE
case auth_req_model.UserSessionStateTerminated:
return auth.UserSessionState_USERSESSIONSTATE_TERMINATED
default:
return auth.UserSessionState_USERSESSIONSTATE_UNSPECIFIED
}
}

12
internal/api/grpc/caos_errors.go
View File

@@ -4,15 +4,17 @@ import (
"context"
"github.com/caos/logging"
"github.com/caos/zitadel/pkg/message"
"github.com/caos/zitadel/pkg/grpc/message"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/i18n"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
)
func CaosToGRPCError(err error, ctx context.Context, translator *i18n.Translator) error {
func CaosToGRPCError(ctx context.Context, err error, translator *i18n.Translator) error {
if err == nil {
return nil
}
@@ -39,7 +41,7 @@ func ExtractCaosError(err error) (c codes.Code, msg, id string, ok bool) {
return codes.AlreadyExists, caosErr.GetMessage(), caosErr.GetID(), true
case *caos_errs.DeadlineExceededError:
return codes.DeadlineExceeded, caosErr.GetMessage(), caosErr.GetID(), true
case caos_errs.InternalError:
case *caos_errs.InternalError:
return codes.Internal, caosErr.GetMessage(), caosErr.GetID(), true
case *caos_errs.InvalidArgumentError:
return codes.InvalidArgument, caosErr.GetMessage(), caosErr.GetID(), true

167
internal/api/grpc/caos_errors_test.go Normal file
View File

@@ -0,0 +1,167 @@
package grpc
import (
"context"
"errors"
"testing"
"google.golang.org/grpc/codes"
caos_errs "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/i18n"
)
func TestCaosToGRPCError(t *testing.T) {
type args struct {
err error
translator *i18n.Translator
}
tests := []struct {
name string
args args
wantErr bool
}{
{
"no error",
args{},
false,
},
{
"unknown error",
args{errors.New("unknown"), nil},
true,
},
{
"caos error",
args{caos_errs.ThrowInternal(nil, "", "message"), nil},
true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if err := CaosToGRPCError(context.Background(), tt.args.err, tt.args.translator); (err != nil) != tt.wantErr {
t.Errorf("CaosToGRPCError() error = %v, wantErr %v", err, tt.wantErr)
}
})
}
}
func Test_Extract(t *testing.T) {
type args struct {
err error
}
tests := []struct {
name string
args args
wantC codes.Code
wantMsg string
wantID string
wantOk bool
}{
{
"already exists",
args{caos_errs.ThrowAlreadyExists(nil, "id", "already exists")},
codes.AlreadyExists,
"already exists",
"id",
true,
},
{
"deadline exceeded",
args{caos_errs.ThrowDeadlineExceeded(nil, "id", "deadline exceeded")},
codes.DeadlineExceeded,
"deadline exceeded",
"id",
true,
},
{
"internal error",
args{caos_errs.ThrowInternal(nil, "id", "internal error")},
codes.Internal,
"internal error",
"id",
true,
},
{
"invalid argument",
args{caos_errs.ThrowInvalidArgument(nil, "id", "invalid argument")},
codes.InvalidArgument,
"invalid argument",
"id",
true,
},
{
"not found",
args{caos_errs.ThrowNotFound(nil, "id", "not found")},
codes.NotFound,
"not found",
"id",
true,
},
{
"permission denied",
args{caos_errs.ThrowPermissionDenied(nil, "id", "permission denied")},
codes.PermissionDenied,
"permission denied",
"id",
true,
},
{
"precondition failed",
args{caos_errs.ThrowPreconditionFailed(nil, "id", "precondition failed")},
codes.FailedPrecondition,
"precondition failed",
"id",
true,
},
{
"unauthenticated",
args{caos_errs.ThrowUnauthenticated(nil, "id", "unauthenticated")},
codes.Unauthenticated,
"unauthenticated",
"id",
true,
},
{
"unavailable",
args{caos_errs.ThrowUnavailable(nil, "id", "unavailable")},
codes.Unavailable,
"unavailable",
"id",
true,
},
{
"unimplemented",
args{caos_errs.ThrowUnimplemented(nil, "id", "unimplemented")},
codes.Unimplemented,
"unimplemented",
"id",
true,
},
{
"unknown",
args{errors.New("unknown")},
codes.Unknown,
"unknown",
"",
false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
gotC, gotMsg, gotID, gotOk := ExtractCaosError(tt.args.err)
if gotC != tt.wantC {
t.Errorf("extract() gotC = %v, want %v", gotC, tt.wantC)
}
if gotMsg != tt.wantMsg {
t.Errorf("extract() gotMsg = %v, want %v", gotMsg, tt.wantMsg)
}
if gotID != tt.wantID {
t.Errorf("extract() gotID = %v, want %v", gotID, tt.wantID)
}
if gotOk != tt.wantOk {
t.Errorf("extract() gotOk = %v, want %v", gotOk, tt.wantOk)
}
})
}
}

68
internal/api/grpc/client/middleware/tacing_test.go Normal file
View File

@@ -0,0 +1,68 @@
package middleware
import (
"context"
"testing"
"go.opencensus.io/plugin/ocgrpc"
"go.opencensus.io/trace"
"google.golang.org/grpc/stats"
)
func Test_tracingClientHandler_TagRPC(t *testing.T) {
type fields struct {
IgnoredMethods []GRPCMethod
ClientHandler ocgrpc.ClientHandler
}
type args struct {
ctx context.Context
tagInfo *stats.RPCTagInfo
}
tests := []struct {
name string
fields fields
args args
wantSpan bool
}{
{
"ignored method",
fields{
IgnoredMethods: []GRPCMethod{"ignore"},
ClientHandler: ocgrpc.ClientHandler{},
},
args{
ctx: context.Background(),
tagInfo: &stats.RPCTagInfo{
FullMethodName: "ignore",
},
},
false,
},
{
"tag",
fields{
IgnoredMethods: []GRPCMethod{"ignore"},
ClientHandler: ocgrpc.ClientHandler{},
},
args{
ctx: context.Background(),
tagInfo: &stats.RPCTagInfo{
FullMethodName: "tag",
},
},
true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
s := &tracingClientHandler{
IgnoredMethods: tt.fields.IgnoredMethods,
ClientHandler: tt.fields.ClientHandler,
}
got := s.TagRPC(tt.args.ctx, tt.args.tagInfo)
if (trace.FromContext(got) != nil) != tt.wantSpan {
t.Errorf("TagRPC() = %v, want %v", got, tt.wantSpan)
}
})
}
}

15
internal/api/grpc/client/middleware/tracing.go
View File

@@ -9,18 +9,27 @@ import (
"google.golang.org/grpc"
"google.golang.org/grpc/stats"
"github.com/caos/zitadel/internal/api"
"github.com/caos/zitadel/internal/api/http"
"github.com/caos/zitadel/internal/tracing"
)
type GRPCMethod string
func TracingStatsClient(ignoredMethods ...GRPCMethod) grpc.DialOption {
return grpc.WithStatsHandler(&tracingClientHandler{ignoredMethods, ocgrpc.ClientHandler{StartOptions: trace.StartOptions{Sampler: tracing.Sampler(), SpanKind: trace.SpanKindClient}}})
return grpc.WithStatsHandler(
&tracingClientHandler{
ignoredMethods,
ocgrpc.ClientHandler{
StartOptions: trace.StartOptions{
Sampler: tracing.Sampler(),
SpanKind: trace.SpanKindClient},
},
},
)
}
func DefaultTracingStatsClient() grpc.DialOption {
return TracingStatsClient(api.Healthz, api.Readiness, api.Validation)
return TracingStatsClient(http.Healthz, http.Readiness, http.Validation)
}
type tracingClientHandler struct {

4
internal/api/grpc/header.go
View File

@@ -5,7 +5,7 @@ import (
"github.com/grpc-ecosystem/go-grpc-middleware/util/metautils"
"github.com/caos/zitadel/internal/api"
"github.com/caos/zitadel/internal/api/http"
)
func GetHeader(ctx context.Context, headername string) string {
@@ -13,5 +13,5 @@ func GetHeader(ctx context.Context, headername string) string {
}
func GetAuthorizationHeader(ctx context.Context) string {
return GetHeader(ctx, api.Authorization)
return GetHeader(ctx, http.Authorization)
}

92
internal/api/grpc/header_test.go Normal file
View File

@@ -0,0 +1,92 @@
package grpc
import (
"context"
"testing"
"google.golang.org/grpc/metadata"
)
func TestGetHeader(t *testing.T) {
type args struct {
ctx context.Context
headername string
}
tests := []struct {
name string
args args
want string
}{
{
"empty context",
args{
ctx: context.Background(),
headername: "header",
},
"",
},
{
"context without header",
args{
ctx: metadata.NewIncomingContext(context.Background(), metadata.Pairs("header2", "value")),
headername: "header",
},
"",
},
{
"context with header",
args{
ctx: metadata.NewIncomingContext(context.Background(), metadata.Pairs("header", "value")),
headername: "header",
},
"value",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := GetHeader(tt.args.ctx, tt.args.headername); got != tt.want {
t.Errorf("GetHeader() = %v, want %v", got, tt.want)
}
})
}
}
func TestGetAuthorizationHeader(t *testing.T) {
type args struct {
ctx context.Context
}
tests := []struct {
name string
args args
want string
}{
{
"empty context",
args{
ctx: context.Background(),
},
"",
},
{
"context without header",
args{
ctx: metadata.NewIncomingContext(context.Background(), metadata.Pairs("header", "value")),
},
"",
},
{
"context with header",
args{
ctx: metadata.NewIncomingContext(context.Background(), metadata.Pairs("authorization", "value")),
},
"value",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := GetAuthorizationHeader(tt.args.ctx); got != tt.want {
t.Errorf("GetAuthorizationHeader() = %v, want %v", got, tt.want)
}
})
}
}

83
internal/api/grpc/management/application.go Normal file
View File

@@ -0,0 +1,83 @@
package management
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) SearchApplications(ctx context.Context, in *management.ApplicationSearchRequest) (*management.ApplicationSearchResponse, error) {
response, err := s.project.SearchApplications(ctx, applicationSearchRequestsToModel(in))
if err != nil {
return nil, err
}
return applicationSearchResponseFromModel(response), nil
}
func (s *Server) ApplicationByID(ctx context.Context, in *management.ApplicationID) (*management.ApplicationView, error) {
app, err := s.project.ApplicationByID(ctx, in.Id)
if err != nil {
return nil, err
}
return applicationViewFromModel(app), nil
}
func (s *Server) CreateOIDCApplication(ctx context.Context, in *management.OIDCApplicationCreate) (*management.Application, error) {
app, err := s.project.AddApplication(ctx, oidcAppCreateToModel(in))
if err != nil {
return nil, err
}
return appFromModel(app), nil
}
func (s *Server) UpdateApplication(ctx context.Context, in *management.ApplicationUpdate) (*management.Application, error) {
app, err := s.project.ChangeApplication(ctx, appUpdateToModel(in))
if err != nil {
return nil, err
}
return appFromModel(app), nil
}
func (s *Server) DeactivateApplication(ctx context.Context, in *management.ApplicationID) (*management.Application, error) {
app, err := s.project.DeactivateApplication(ctx, in.ProjectId, in.Id)
if err != nil {
return nil, err
}
return appFromModel(app), nil
}
func (s *Server) ReactivateApplication(ctx context.Context, in *management.ApplicationID) (*management.Application, error) {
app, err := s.project.ReactivateApplication(ctx, in.ProjectId, in.Id)
if err != nil {
return nil, err
}
return appFromModel(app), nil
}
func (s *Server) RemoveApplication(ctx context.Context, in *management.ApplicationID) (*empty.Empty, error) {
err := s.project.RemoveApplication(ctx, in.ProjectId, in.Id)
return &empty.Empty{}, err
}
func (s *Server) UpdateApplicationOIDCConfig(ctx context.Context, in *management.OIDCConfigUpdate) (*management.OIDCConfig, error) {
config, err := s.project.ChangeOIDCConfig(ctx, oidcConfigUpdateToModel(in))
if err != nil {
return nil, err
}
return oidcConfigFromModel(config), nil
}
func (s *Server) RegenerateOIDCClientSecret(ctx context.Context, in *management.ApplicationID) (*management.ClientSecret, error) {
config, err := s.project.ChangeOIDConfigSecret(ctx, in.ProjectId, in.Id)
if err != nil {
return nil, err
}
return &management.ClientSecret{ClientSecret: config.ClientSecretString}, nil
}
func (s *Server) ApplicationChanges(ctx context.Context, changesRequest *management.ChangeRequest) (*management.Changes, error) {
response, err := s.project.ApplicationChanges(ctx, changesRequest.Id, changesRequest.SecId, changesRequest.SequenceOffset, changesRequest.Limit, changesRequest.Asc)
if err != nil {
return nil, err
}
return appChangesToResponse(response, changesRequest.GetSequenceOffset(), changesRequest.GetLimit()), nil
}

350
internal/api/grpc/management/application_converter.go Normal file
View File

@@ -0,0 +1,350 @@
package management
import (
"encoding/json"
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
"google.golang.org/protobuf/encoding/protojson"
"google.golang.org/protobuf/types/known/structpb"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/model"
proj_model "github.com/caos/zitadel/internal/project/model"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/caos/zitadel/pkg/grpc/message"
)
func appFromModel(app *proj_model.Application) *management.Application {
creationDate, err := ptypes.TimestampProto(app.CreationDate)
logging.Log("GRPC-iejs3").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(app.ChangeDate)
logging.Log("GRPC-di7rw").OnError(err).Debug("unable to parse timestamp")
return &management.Application{
Id: app.AppID,
State: appStateFromModel(app.State),
CreationDate: creationDate,
ChangeDate: changeDate,
Name: app.Name,
Sequence: app.Sequence,
AppConfig: appConfigFromModel(app),
}
}
func appConfigFromModel(app *proj_model.Application) management.AppConfig {
if app.Type == proj_model.AppTypeOIDC {
return &management.Application_OidcConfig{
OidcConfig: oidcConfigFromModel(app.OIDCConfig),
}
}
return nil
}
func oidcConfigFromModel(config *proj_model.OIDCConfig) *management.OIDCConfig {
return &management.OIDCConfig{
RedirectUris: config.RedirectUris,
ResponseTypes: oidcResponseTypesFromModel(config.ResponseTypes),
GrantTypes: oidcGrantTypesFromModel(config.GrantTypes),
ApplicationType: oidcApplicationTypeFromModel(config.ApplicationType),
ClientId: config.ClientID,
ClientSecret: config.ClientSecretString,
AuthMethodType: oidcAuthMethodTypeFromModel(config.AuthMethodType),
PostLogoutRedirectUris: config.PostLogoutRedirectUris,
}
}
func oidcConfigFromApplicationViewModel(app *proj_model.ApplicationView) *management.OIDCConfig {
return &management.OIDCConfig{
RedirectUris: app.OIDCRedirectUris,
ResponseTypes: oidcResponseTypesFromModel(app.OIDCResponseTypes),
GrantTypes: oidcGrantTypesFromModel(app.OIDCGrantTypes),
ApplicationType: oidcApplicationTypeFromModel(app.OIDCApplicationType),
ClientId: app.OIDCClientID,
AuthMethodType: oidcAuthMethodTypeFromModel(app.OIDCAuthMethodType),
PostLogoutRedirectUris: app.OIDCPostLogoutRedirectUris,
}
}
func oidcAppCreateToModel(app *management.OIDCApplicationCreate) *proj_model.Application {
return &proj_model.Application{
ObjectRoot: models.ObjectRoot{
AggregateID: app.ProjectId,
},
Name: app.Name,
Type: proj_model.AppTypeOIDC,
OIDCConfig: &proj_model.OIDCConfig{
RedirectUris: app.RedirectUris,
ResponseTypes: oidcResponseTypesToModel(app.ResponseTypes),
GrantTypes: oidcGrantTypesToModel(app.GrantTypes),
ApplicationType: oidcApplicationTypeToModel(app.ApplicationType),
AuthMethodType: oidcAuthMethodTypeToModel(app.AuthMethodType),
PostLogoutRedirectUris: app.PostLogoutRedirectUris,
},
}
}
func appUpdateToModel(app *management.ApplicationUpdate) *proj_model.Application {
return &proj_model.Application{
ObjectRoot: models.ObjectRoot{
AggregateID: app.ProjectId,
},
AppID: app.Id,
Name: app.Name,
}
}
func oidcConfigUpdateToModel(app *management.OIDCConfigUpdate) *proj_model.OIDCConfig {
return &proj_model.OIDCConfig{
ObjectRoot: models.ObjectRoot{
AggregateID: app.ProjectId,
},
AppID: app.ApplicationId,
RedirectUris: app.RedirectUris,
ResponseTypes: oidcResponseTypesToModel(app.ResponseTypes),
GrantTypes: oidcGrantTypesToModel(app.GrantTypes),
ApplicationType: oidcApplicationTypeToModel(app.ApplicationType),
AuthMethodType: oidcAuthMethodTypeToModel(app.AuthMethodType),
PostLogoutRedirectUris: app.PostLogoutRedirectUris,
}
}
func applicationSearchRequestsToModel(request *management.ApplicationSearchRequest) *proj_model.ApplicationSearchRequest {
return &proj_model.ApplicationSearchRequest{
Offset: request.Offset,
Limit: request.Limit,
Queries: applicationSearchQueriesToModel(request.ProjectId, request.Queries),
}
}
func applicationSearchQueriesToModel(projectID string, queries []*management.ApplicationSearchQuery) []*proj_model.ApplicationSearchQuery {
converted := make([]*proj_model.ApplicationSearchQuery, len(queries)+1)
for i, q := range queries {
converted[i] = applicationSearchQueryToModel(q)
}
converted[len(queries)] = &proj_model.ApplicationSearchQuery{Key: proj_model.AppSearchKeyProjectID, Method: model.SearchMethodEquals, Value: projectID}
return converted
}
func applicationSearchQueryToModel(query *management.ApplicationSearchQuery) *proj_model.ApplicationSearchQuery {
return &proj_model.ApplicationSearchQuery{
Key: applicationSearchKeyToModel(query.Key),
Method: searchMethodToModel(query.Method),
Value: query.Value,
}
}
func applicationSearchKeyToModel(key management.ApplicationSearchKey) proj_model.AppSearchKey {
switch key {
case management.ApplicationSearchKey_APPLICATIONSEARCHKEY_APP_NAME:
return proj_model.AppSearchKeyName
default:
return proj_model.AppSearchKeyUnspecified
}
}
func applicationSearchResponseFromModel(response *proj_model.ApplicationSearchResponse) *management.ApplicationSearchResponse {
return &management.ApplicationSearchResponse{
Offset: response.Offset,
Limit: response.Limit,
TotalResult: response.TotalResult,
Result: applicationViewsFromModel(response.Result),
}
}
func applicationViewsFromModel(apps []*proj_model.ApplicationView) []*management.ApplicationView {
converted := make([]*management.ApplicationView, len(apps))
for i, app := range apps {
converted[i] = applicationViewFromModel(app)
}
return converted
}
func applicationViewFromModel(application *proj_model.ApplicationView) *management.ApplicationView {
creationDate, err := ptypes.TimestampProto(application.CreationDate)
logging.Log("GRPC-lo9sw").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(application.ChangeDate)
logging.Log("GRPC-8uwsd").OnError(err).Debug("unable to parse timestamp")
converted := &management.ApplicationView{
Id: application.ID,
State: appStateFromModel(application.State),
CreationDate: creationDate,
ChangeDate: changeDate,
Name: application.Name,
Sequence: application.Sequence,
}
if application.IsOIDC {
converted.AppConfig = &management.ApplicationView_OidcConfig{
OidcConfig: oidcConfigFromApplicationViewModel(application),
}
}
return converted
}
func appStateFromModel(state proj_model.AppState) management.AppState {
switch state {
case proj_model.AppStateActive:
return management.AppState_APPSTATE_ACTIVE
case proj_model.AppStateInactive:
return management.AppState_APPSTATE_INACTIVE
default:
return management.AppState_APPSTATE_UNSPECIFIED
}
}
func oidcResponseTypesToModel(responseTypes []management.OIDCResponseType) []proj_model.OIDCResponseType {
if responseTypes == nil || len(responseTypes) == 0 {
return []proj_model.OIDCResponseType{proj_model.OIDCResponseTypeCode}
}
oidcResponseTypes := make([]proj_model.OIDCResponseType, len(responseTypes))
for i, responseType := range responseTypes {
switch responseType {
case management.OIDCResponseType_OIDCRESPONSETYPE_CODE:
oidcResponseTypes[i] = proj_model.OIDCResponseTypeCode
case management.OIDCResponseType_OIDCRESPONSETYPE_ID_TOKEN:
oidcResponseTypes[i] = proj_model.OIDCResponseTypeIDToken
case management.OIDCResponseType_OIDCRESPONSETYPE_TOKEN:
oidcResponseTypes[i] = proj_model.OIDCResponseTypeToken
}
}
return oidcResponseTypes
}
func oidcResponseTypesFromModel(responseTypes []proj_model.OIDCResponseType) []management.OIDCResponseType {
oidcResponseTypes := make([]management.OIDCResponseType, len(responseTypes))
for i, responseType := range responseTypes {
switch responseType {
case proj_model.OIDCResponseTypeCode:
oidcResponseTypes[i] = management.OIDCResponseType_OIDCRESPONSETYPE_CODE
case proj_model.OIDCResponseTypeIDToken:
oidcResponseTypes[i] = management.OIDCResponseType_OIDCRESPONSETYPE_ID_TOKEN
case proj_model.OIDCResponseTypeToken:
oidcResponseTypes[i] = management.OIDCResponseType_OIDCRESPONSETYPE_TOKEN
}
}
return oidcResponseTypes
}
func oidcGrantTypesToModel(grantTypes []management.OIDCGrantType) []proj_model.OIDCGrantType {
if grantTypes == nil || len(grantTypes) == 0 {
return []proj_model.OIDCGrantType{proj_model.OIDCGrantTypeAuthorizationCode}
}
oidcGrantTypes := make([]proj_model.OIDCGrantType, len(grantTypes))
for i, grantType := range grantTypes {
switch grantType {
case management.OIDCGrantType_OIDCGRANTTYPE_AUTHORIZATION_CODE:
oidcGrantTypes[i] = proj_model.OIDCGrantTypeAuthorizationCode
case management.OIDCGrantType_OIDCGRANTTYPE_IMPLICIT:
oidcGrantTypes[i] = proj_model.OIDCGrantTypeImplicit
case management.OIDCGrantType_OIDCGRANTTYPE_REFRESH_TOKEN:
oidcGrantTypes[i] = proj_model.OIDCGrantTypeRefreshToken
}
}
return oidcGrantTypes
}
func oidcGrantTypesFromModel(grantTypes []proj_model.OIDCGrantType) []management.OIDCGrantType {
oidcGrantTypes := make([]management.OIDCGrantType, len(grantTypes))
for i, grantType := range grantTypes {
switch grantType {
case proj_model.OIDCGrantTypeAuthorizationCode:
oidcGrantTypes[i] = management.OIDCGrantType_OIDCGRANTTYPE_AUTHORIZATION_CODE
case proj_model.OIDCGrantTypeImplicit:
oidcGrantTypes[i] = management.OIDCGrantType_OIDCGRANTTYPE_IMPLICIT
case proj_model.OIDCGrantTypeRefreshToken:
oidcGrantTypes[i] = management.OIDCGrantType_OIDCGRANTTYPE_REFRESH_TOKEN
}
}
return oidcGrantTypes
}
func oidcApplicationTypeToModel(appType management.OIDCApplicationType) proj_model.OIDCApplicationType {
switch appType {
case management.OIDCApplicationType_OIDCAPPLICATIONTYPE_WEB:
return proj_model.OIDCApplicationTypeWeb
case management.OIDCApplicationType_OIDCAPPLICATIONTYPE_USER_AGENT:
return proj_model.OIDCApplicationTypeUserAgent
case management.OIDCApplicationType_OIDCAPPLICATIONTYPE_NATIVE:
return proj_model.OIDCApplicationTypeNative
}
return proj_model.OIDCApplicationTypeWeb
}
func oidcApplicationTypeFromModel(appType proj_model.OIDCApplicationType) management.OIDCApplicationType {
switch appType {
case proj_model.OIDCApplicationTypeWeb:
return management.OIDCApplicationType_OIDCAPPLICATIONTYPE_WEB
case proj_model.OIDCApplicationTypeUserAgent:
return management.OIDCApplicationType_OIDCAPPLICATIONTYPE_USER_AGENT
case proj_model.OIDCApplicationTypeNative:
return management.OIDCApplicationType_OIDCAPPLICATIONTYPE_NATIVE
default:
return management.OIDCApplicationType_OIDCAPPLICATIONTYPE_WEB
}
}
func oidcAuthMethodTypeToModel(authType management.OIDCAuthMethodType) proj_model.OIDCAuthMethodType {
switch authType {
case management.OIDCAuthMethodType_OIDCAUTHMETHODTYPE_BASIC:
return proj_model.OIDCAuthMethodTypeBasic
case management.OIDCAuthMethodType_OIDCAUTHMETHODTYPE_POST:
return proj_model.OIDCAuthMethodTypePost
case management.OIDCAuthMethodType_OIDCAUTHMETHODTYPE_NONE:
return proj_model.OIDCAuthMethodTypeNone
default:
return proj_model.OIDCAuthMethodTypeBasic
}
}
func oidcAuthMethodTypeFromModel(authType proj_model.OIDCAuthMethodType) management.OIDCAuthMethodType {
switch authType {
case proj_model.OIDCAuthMethodTypeBasic:
return management.OIDCAuthMethodType_OIDCAUTHMETHODTYPE_BASIC
case proj_model.OIDCAuthMethodTypePost:
return management.OIDCAuthMethodType_OIDCAUTHMETHODTYPE_POST
case proj_model.OIDCAuthMethodTypeNone:
return management.OIDCAuthMethodType_OIDCAUTHMETHODTYPE_NONE
default:
return management.OIDCAuthMethodType_OIDCAUTHMETHODTYPE_BASIC
}
}
func appChangesToResponse(response *proj_model.ApplicationChanges, offset uint64, limit uint64) (_ *management.Changes) {
return &management.Changes{
Limit: limit,
Offset: offset,
Changes: appChangesToMgtAPI(response),
}
}
func appChangesToMgtAPI(changes *proj_model.ApplicationChanges) (_ []*management.Change) {
result := make([]*management.Change, len(changes.Changes))
for i, change := range changes.Changes {
b, err := json.Marshal(change.Data)
data := &structpb.Struct{}
err = protojson.Unmarshal(b, data)
if err != nil {
}
result[i] = &management.Change{
ChangeDate: change.ChangeDate,
EventType: message.NewLocalizedEventType(change.EventType),
Sequence: change.Sequence,
Editor: change.ModifierName,
EditorId: change.ModifierId,
Data: data,
}
}
return result
}

50
internal/api/grpc/management/gateway.go Normal file
View File

@@ -0,0 +1,50 @@
package management
import (
"strings"
"github.com/grpc-ecosystem/grpc-gateway/runtime"
grpc_util "github.com/caos/zitadel/internal/api/grpc"
"github.com/caos/zitadel/internal/api/grpc/server"
"github.com/caos/zitadel/pkg/grpc/management"
)
type Gateway struct {
grpcEndpoint string
port string
cutomHeaders []string
}
func StartGateway(conf grpc_util.GatewayConfig) *Gateway {
return &Gateway{
grpcEndpoint: conf.GRPCEndpoint,
port: conf.Port,
cutomHeaders: conf.CustomHeaders,
}
}
func (gw *Gateway) Gateway() server.GatewayFunc {
return management.RegisterManagementServiceHandlerFromEndpoint
}
func (gw *Gateway) GRPCEndpoint() string {
return ":" + gw.grpcEndpoint
}
func (gw *Gateway) GatewayPort() string {
return gw.port
}
func (gw *Gateway) GatewayServeMuxOptions() []runtime.ServeMuxOption {
return []runtime.ServeMuxOption{
runtime.WithIncomingHeaderMatcher(func(header string) (string, bool) {
for _, customHeader := range gw.cutomHeaders {
if strings.HasPrefix(strings.ToLower(header), customHeader) {
return header, true
}
}
return runtime.DefaultHeaderMatcher(header)
}),
}
}

17
internal/api/grpc/management/iam.go Normal file
View File

@@ -0,0 +1,17 @@
package management
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) GetIam(ctx context.Context, _ *empty.Empty) (*management.Iam, error) {
iam, err := s.iam.IamByID(ctx, s.systemDefaults.IamID)
if err != nil {
return nil, err
}
return iamFromModel(iam), nil
}

15
internal/api/grpc/management/iam_converter.go Normal file
View File

@@ -0,0 +1,15 @@
package management
import (
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/pkg/grpc/management"
)
func iamFromModel(iam *iam_model.Iam) *management.Iam {
return &management.Iam{
IamProjectId: iam.IamProjectID,
GlobalOrgId: iam.GlobalOrgID,
SetUpDone: iam.SetUpDone,
SetUpStarted: iam.SetUpStarted,
}
}

79
internal/api/grpc/management/org.go Normal file
View File

@@ -0,0 +1,79 @@
package management
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) GetMyOrg(ctx context.Context, _ *empty.Empty) (*management.OrgView, error) {
org, err := s.org.OrgByID(ctx, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return orgViewFromModel(org), nil
}
func (s *Server) GetOrgByDomainGlobal(ctx context.Context, in *management.Domain) (*management.OrgView, error) {
org, err := s.org.OrgByDomainGlobal(ctx, in.Domain)
if err != nil {
return nil, err
}
return orgViewFromModel(org), nil
}
func (s *Server) DeactivateMyOrg(ctx context.Context, _ *empty.Empty) (*management.Org, error) {
org, err := s.org.DeactivateOrg(ctx, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return orgFromModel(org), nil
}
func (s *Server) ReactivateMyOrg(ctx context.Context, _ *empty.Empty) (*management.Org, error) {
org, err := s.org.ReactivateOrg(ctx, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return orgFromModel(org), nil
}
func (s *Server) SearchMyOrgDomains(ctx context.Context, in *management.OrgDomainSearchRequest) (*management.OrgDomainSearchResponse, error) {
domains, err := s.org.SearchMyOrgDomains(ctx, orgDomainSearchRequestToModel(in))
if err != nil {
return nil, err
}
return orgDomainSearchResponseFromModel(domains), nil
}
func (s *Server) AddMyOrgDomain(ctx context.Context, in *management.AddOrgDomainRequest) (*management.OrgDomain, error) {
domain, err := s.org.AddMyOrgDomain(ctx, addOrgDomainToModel(in))
if err != nil {
return nil, err
}
return orgDomainFromModel(domain), nil
}
func (s *Server) RemoveMyOrgDomain(ctx context.Context, in *management.RemoveOrgDomainRequest) (*empty.Empty, error) {
err := s.org.RemoveMyOrgDomain(ctx, in.Domain)
return &empty.Empty{}, err
}
func (s *Server) OrgChanges(ctx context.Context, changesRequest *management.ChangeRequest) (*management.Changes, error) {
response, err := s.org.OrgChanges(ctx, changesRequest.Id, changesRequest.SequenceOffset, changesRequest.Limit, changesRequest.Asc)
if err != nil {
return nil, err
}
return orgChangesToResponse(response, changesRequest.GetSequenceOffset(), changesRequest.GetLimit()), nil
}
func (s *Server) GetMyOrgIamPolicy(ctx context.Context, _ *empty.Empty) (_ *management.OrgIamPolicy, err error) {
policy, err := s.org.GetMyOrgIamPolicy(ctx)
if err != nil {
return nil, err
}
return orgIamPolicyFromModel(policy), err
}

195
internal/api/grpc/management/org_converter.go Normal file
View File

@@ -0,0 +1,195 @@
package management
import (
"encoding/json"
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
"google.golang.org/protobuf/encoding/protojson"
"google.golang.org/protobuf/types/known/structpb"
org_model "github.com/caos/zitadel/internal/org/model"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/caos/zitadel/pkg/grpc/message"
)
func orgsFromModel(orgs []*org_model.Org) []*management.Org {
orgList := make([]*management.Org, len(orgs))
for i, org := range orgs {
orgList[i] = orgFromModel(org)
}
return orgList
}
func orgFromModel(org *org_model.Org) *management.Org {
creationDate, err := ptypes.TimestampProto(org.CreationDate)
logging.Log("GRPC-GTHsZ").OnError(err).Debug("unable to get timestamp from time")
changeDate, err := ptypes.TimestampProto(org.ChangeDate)
logging.Log("GRPC-dVnoj").OnError(err).Debug("unable to get timestamp from time")
return &management.Org{
ChangeDate: changeDate,
CreationDate: creationDate,
Id: org.AggregateID,
Name: org.Name,
State: orgStateFromModel(org.State),
}
}
func orgViewFromModel(org *org_model.OrgView) *management.OrgView {
creationDate, err := ptypes.TimestampProto(org.CreationDate)
logging.Log("GRPC-GTHsZ").OnError(err).Debug("unable to get timestamp from time")
changeDate, err := ptypes.TimestampProto(org.ChangeDate)
logging.Log("GRPC-dVnoj").OnError(err).Debug("unable to get timestamp from time")
return &management.OrgView{
ChangeDate: changeDate,
CreationDate: creationDate,
Id: org.ID,
Name: org.Name,
State: orgStateFromModel(org.State),
}
}
func orgStateFromModel(state org_model.OrgState) management.OrgState {
switch state {
case org_model.OrgStateActive:
return management.OrgState_ORGSTATE_ACTIVE
case org_model.OrgStateInactive:
return management.OrgState_ORGSTATE_INACTIVE
default:
return management.OrgState_ORGSTATE_UNSPECIFIED
}
}
func addOrgDomainToModel(domain *management.AddOrgDomainRequest) *org_model.OrgDomain {
return &org_model.OrgDomain{Domain: domain.Domain}
}
func orgDomainFromModel(domain *org_model.OrgDomain) *management.OrgDomain {
creationDate, err := ptypes.TimestampProto(domain.CreationDate)
logging.Log("GRPC-u8Ksj").OnError(err).Debug("unable to get timestamp from time")
changeDate, err := ptypes.TimestampProto(domain.ChangeDate)
logging.Log("GRPC-9osFS").OnError(err).Debug("unable to get timestamp from time")
return &management.OrgDomain{
ChangeDate: changeDate,
CreationDate: creationDate,
OrgId: domain.AggregateID,
Domain: domain.Domain,
Verified: domain.Verified,
Primary: domain.Primary,
}
}
func orgDomainViewFromModel(domain *org_model.OrgDomainView) *management.OrgDomainView {
creationDate, err := ptypes.TimestampProto(domain.CreationDate)
logging.Log("GRPC-7sjDs").OnError(err).Debug("unable to get timestamp from time")
changeDate, err := ptypes.TimestampProto(domain.ChangeDate)
logging.Log("GRPC-8iSji").OnError(err).Debug("unable to get timestamp from time")
return &management.OrgDomainView{
ChangeDate: changeDate,
CreationDate: creationDate,
OrgId: domain.OrgID,
Domain: domain.Domain,
Verified: domain.Verified,
Primary: domain.Primary,
}
}
func orgDomainSearchRequestToModel(request *management.OrgDomainSearchRequest) *org_model.OrgDomainSearchRequest {
return &org_model.OrgDomainSearchRequest{
Limit: request.Limit,
Offset: request.Offset,
Queries: orgDomainSearchQueriesToModel(request.Queries),
}
}
func orgDomainSearchQueriesToModel(queries []*management.OrgDomainSearchQuery) []*org_model.OrgDomainSearchQuery {
modelQueries := make([]*org_model.OrgDomainSearchQuery, len(queries))
for i, query := range queries {
modelQueries[i] = orgDomainSearchQueryToModel(query)
}
return modelQueries
}
func orgDomainSearchQueryToModel(query *management.OrgDomainSearchQuery) *org_model.OrgDomainSearchQuery {
return &org_model.OrgDomainSearchQuery{
Key: orgDomainSearchKeyToModel(query.Key),
Method: searchMethodToModel(query.Method),
Value: query.Value,
}
}
func orgDomainSearchKeyToModel(key management.OrgDomainSearchKey) org_model.OrgDomainSearchKey {
switch key {
case management.OrgDomainSearchKey_ORGDOMAINSEARCHKEY_DOMAIN:
return org_model.OrgDomainSearchKeyDomain
default:
return org_model.OrgDomainSearchKeyUnspecified
}
}
func orgDomainSearchResponseFromModel(resp *org_model.OrgDomainSearchResponse) *management.OrgDomainSearchResponse {
return &management.OrgDomainSearchResponse{
Limit: resp.Limit,
Offset: resp.Offset,
TotalResult: resp.TotalResult,
Result: orgDomainsFromModel(resp.Result),
}
}
func orgDomainsFromModel(viewDomains []*org_model.OrgDomainView) []*management.OrgDomainView {
domains := make([]*management.OrgDomainView, len(viewDomains))
for i, domain := range viewDomains {
domains[i] = orgDomainViewFromModel(domain)
}
return domains
}
func orgChangesToResponse(response *org_model.OrgChanges, offset uint64, limit uint64) (_ *management.Changes) {
return &management.Changes{
Limit: limit,
Offset: offset,
Changes: orgChangesToMgtAPI(response),
}
}
func orgChangesToMgtAPI(changes *org_model.OrgChanges) (_ []*management.Change) {
result := make([]*management.Change, len(changes.Changes))
for i, change := range changes.Changes {
b, err := json.Marshal(change.Data)
data := &structpb.Struct{}
err = protojson.Unmarshal(b, data)
if err != nil {
}
result[i] = &management.Change{
ChangeDate: change.ChangeDate,
EventType: message.NewLocalizedEventType(change.EventType),
Sequence: change.Sequence,
Data: data,
Editor: change.ModifierName,
EditorId: change.ModifierId,
}
}
return result
}
func orgIamPolicyFromModel(policy *org_model.OrgIamPolicy) *management.OrgIamPolicy {
return &management.OrgIamPolicy{
OrgId: policy.AggregateID,
Description: policy.Description,
UserLoginMustBeDomain: policy.UserLoginMustBeDomain,
Default: policy.Default,
}
}

43
internal/api/grpc/management/org_member.go Normal file
View File

@@ -0,0 +1,43 @@
package management
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) GetOrgMemberRoles(ctx context.Context, _ *empty.Empty) (*management.OrgMemberRoles, error) {
return &management.OrgMemberRoles{Roles: s.org.GetOrgMemberRoles()}, nil
}
func (s *Server) SearchMyOrgMembers(ctx context.Context, in *management.OrgMemberSearchRequest) (*management.OrgMemberSearchResponse, error) {
members, err := s.org.SearchMyOrgMembers(ctx, orgMemberSearchRequestToModel(in))
if err != nil {
return nil, err
}
return orgMemberSearchResponseFromModel(members), nil
}
func (s *Server) AddMyOrgMember(ctx context.Context, member *management.AddOrgMemberRequest) (*management.OrgMember, error) {
addedMember, err := s.org.AddMyOrgMember(ctx, addOrgMemberToModel(member))
if err != nil {
return nil, err
}
return orgMemberFromModel(addedMember), nil
}
func (s *Server) ChangeMyOrgMember(ctx context.Context, member *management.ChangeOrgMemberRequest) (*management.OrgMember, error) {
changedMember, err := s.org.ChangeMyOrgMember(ctx, changeOrgMemberToModel(member))
if err != nil {
return nil, err
}
return orgMemberFromModel(changedMember), nil
}
func (s *Server) RemoveMyOrgMember(ctx context.Context, member *management.RemoveOrgMemberRequest) (*empty.Empty, error) {
err := s.org.RemoveMyOrgMember(ctx, member.UserId)
return &empty.Empty{}, err
}

141
internal/api/grpc/management/org_member_converter.go Normal file
View File

@@ -0,0 +1,141 @@
package management
import (
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
"github.com/caos/zitadel/internal/model"
org_model "github.com/caos/zitadel/internal/org/model"
"github.com/caos/zitadel/pkg/grpc/management"
)
func addOrgMemberToModel(member *management.AddOrgMemberRequest) *org_model.OrgMember {
memberModel := &org_model.OrgMember{
UserID: member.UserId,
}
memberModel.Roles = member.Roles
return memberModel
}
func changeOrgMemberToModel(member *management.ChangeOrgMemberRequest) *org_model.OrgMember {
memberModel := &org_model.OrgMember{
UserID: member.UserId,
}
memberModel.Roles = member.Roles
return memberModel
}
func orgMemberFromModel(member *org_model.OrgMember) *management.OrgMember {
creationDate, err := ptypes.TimestampProto(member.CreationDate)
logging.Log("GRPC-jC5wY").OnError(err).Debug("date parse failed")
changeDate, err := ptypes.TimestampProto(member.ChangeDate)
logging.Log("GRPC-Nc2jJ").OnError(err).Debug("date parse failed")
return &management.OrgMember{
UserId: member.UserID,
CreationDate: creationDate,
ChangeDate: changeDate,
Roles: member.Roles,
Sequence: member.Sequence,
}
}
func orgMemberSearchRequestToModel(request *management.OrgMemberSearchRequest) *org_model.OrgMemberSearchRequest {
return &org_model.OrgMemberSearchRequest{
Limit: request.Limit,
Offset: request.Offset,
Queries: orgMemberSearchQueriesToModel(request.Queries),
}
}
func orgMemberSearchQueriesToModel(queries []*management.OrgMemberSearchQuery) []*org_model.OrgMemberSearchQuery {
modelQueries := make([]*org_model.OrgMemberSearchQuery, len(queries)+1)
for i, query := range queries {
modelQueries[i] = orgMemberSearchQueryToModel(query)
}
return modelQueries
}
func orgMemberSearchQueryToModel(query *management.OrgMemberSearchQuery) *org_model.OrgMemberSearchQuery {
return &org_model.OrgMemberSearchQuery{
Key: orgMemberSearchKeyToModel(query.Key),
Method: orgMemberSearchMethodToModel(query.Method),
Value: query.Value,
}
}
func orgMemberSearchKeyToModel(key management.OrgMemberSearchKey) org_model.OrgMemberSearchKey {
switch key {
case management.OrgMemberSearchKey_ORGMEMBERSEARCHKEY_EMAIL:
return org_model.OrgMemberSearchKeyEmail
case management.OrgMemberSearchKey_ORGMEMBERSEARCHKEY_FIRST_NAME:
return org_model.OrgMemberSearchKeyFirstName
case management.OrgMemberSearchKey_ORGMEMBERSEARCHKEY_LAST_NAME:
return org_model.OrgMemberSearchKeyLastName
case management.OrgMemberSearchKey_ORGMEMBERSEARCHKEY_USER_ID:
return org_model.OrgMemberSearchKeyUserID
default:
return org_model.OrgMemberSearchKeyUnspecified
}
}
func orgMemberSearchMethodToModel(key management.SearchMethod) model.SearchMethod {
switch key {
case management.SearchMethod_SEARCHMETHOD_CONTAINS:
return model.SearchMethodContains
case management.SearchMethod_SEARCHMETHOD_CONTAINS_IGNORE_CASE:
return model.SearchMethodContainsIgnoreCase
case management.SearchMethod_SEARCHMETHOD_EQUALS:
return model.SearchMethodEquals
case management.SearchMethod_SEARCHMETHOD_EQUALS_IGNORE_CASE:
return model.SearchMethodEqualsIgnoreCase
case management.SearchMethod_SEARCHMETHOD_STARTS_WITH:
return model.SearchMethodStartsWith
case management.SearchMethod_SEARCHMETHOD_STARTS_WITH_IGNORE_CASE:
return model.SearchMethodStartsWithIgnoreCase
default:
return -1
}
}
func orgMemberSearchResponseFromModel(resp *org_model.OrgMemberSearchResponse) *management.OrgMemberSearchResponse {
return &management.OrgMemberSearchResponse{
Limit: resp.Limit,
Offset: resp.Offset,
TotalResult: resp.TotalResult,
Result: orgMembersFromView(resp.Result),
}
}
func orgMembersFromView(viewMembers []*org_model.OrgMemberView) []*management.OrgMemberView {
members := make([]*management.OrgMemberView, len(viewMembers))
for i, member := range viewMembers {
members[i] = orgMemberFromView(member)
}
return members
}
func orgMemberFromView(member *org_model.OrgMemberView) *management.OrgMemberView {
changeDate, err := ptypes.TimestampProto(member.ChangeDate)
logging.Log("GRPC-S9LAZ").OnError(err).Debug("unable to parse changedate")
creationDate, err := ptypes.TimestampProto(member.CreationDate)
logging.Log("GRPC-oJN56").OnError(err).Debug("unable to parse creation date")
return &management.OrgMemberView{
ChangeDate: changeDate,
CreationDate: creationDate,
Roles: member.Roles,
Sequence: member.Sequence,
UserId: member.UserID,
UserName: member.UserName,
Email: member.Email,
FirstName: member.FirstName,
LastName: member.LastName,
}
}

103
internal/api/grpc/management/policy.go Normal file
View File

@@ -0,0 +1,103 @@
package management
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) CreatePasswordComplexityPolicy(ctx context.Context, policy *management.PasswordComplexityPolicyCreate) (*management.PasswordComplexityPolicy, error) {
policyresp, err := s.policy.CreatePasswordComplexityPolicy(ctx, passwordComplexityPolicyCreateToModel(policy))
if err != nil {
return nil, err
}
return passwordComplexityPolicyFromModel(policyresp), nil
}
func (s *Server) GetPasswordComplexityPolicy(ctx context.Context, _ *empty.Empty) (*management.PasswordComplexityPolicy, error) {
policy, err := s.policy.GetPasswordComplexityPolicy(ctx)
if err != nil {
return nil, err
}
return passwordComplexityPolicyFromModel(policy), nil
}
func (s *Server) UpdatePasswordComplexityPolicy(ctx context.Context, policy *management.PasswordComplexityPolicyUpdate) (*management.PasswordComplexityPolicy, error) {
policyresp, err := s.policy.UpdatePasswordComplexityPolicy(ctx, passwordComplexityPolicyUpdateToModel(policy))
if err != nil {
return nil, err
}
return passwordComplexityPolicyFromModel(policyresp), nil
}
func (s *Server) DeletePasswordComplexityPolicy(ctx context.Context, ID *management.PasswordComplexityPolicyID) (*empty.Empty, error) {
return nil, errors.ThrowUnimplemented(nil, "GRPC-skw3f", "Not implemented")
}
func (s *Server) CreatePasswordAgePolicy(ctx context.Context, policy *management.PasswordAgePolicyCreate) (*management.PasswordAgePolicy, error) {
policyresp, err := s.policy.CreatePasswordAgePolicy(ctx, passwordAgePolicyCreateToModel(policy))
if err != nil {
return nil, err
}
return passwordAgePolicyFromModel(policyresp), nil
}
func (s *Server) GetPasswordAgePolicy(ctx context.Context, _ *empty.Empty) (*management.PasswordAgePolicy, error) {
policy, err := s.policy.GetPasswordAgePolicy(ctx)
if err != nil {
return nil, err
}
return passwordAgePolicyFromModel(policy), nil
}
func (s *Server) UpdatePasswordAgePolicy(ctx context.Context, policy *management.PasswordAgePolicyUpdate) (*management.PasswordAgePolicy, error) {
policyresp, err := s.policy.UpdatePasswordAgePolicy(ctx, passwordAgePolicyUpdateToModel(policy))
if err != nil {
return nil, err
}
return passwordAgePolicyFromModel(policyresp), nil
}
func (s *Server) DeletePasswordAgePolicy(ctx context.Context, ID *management.PasswordAgePolicyID) (*empty.Empty, error) {
return nil, errors.ThrowUnimplemented(nil, "GRPC-plo67", "Not implemented")
}
func (s *Server) CreatePasswordLockoutPolicy(ctx context.Context, policy *management.PasswordLockoutPolicyCreate) (*management.PasswordLockoutPolicy, error) {
policyresp, err := s.policy.CreatePasswordLockoutPolicy(ctx, passwordLockoutPolicyCreateToModel(policy))
if err != nil {
return nil, err
}
return passwordLockoutPolicyFromModel(policyresp), nil
}
func (s *Server) GetPasswordLockoutPolicy(ctx context.Context, _ *empty.Empty) (*management.PasswordLockoutPolicy, error) {
policy, err := s.policy.GetPasswordLockoutPolicy(ctx)
if err != nil {
return nil, err
}
return passwordLockoutPolicyFromModel(policy), nil
}
func (s *Server) UpdatePasswordLockoutPolicy(ctx context.Context, policy *management.PasswordLockoutPolicyUpdate) (*management.PasswordLockoutPolicy, error) {
policyresp, err := s.policy.UpdatePasswordLockoutPolicy(ctx, passwordLockoutPolicyUpdateToModel(policy))
if err != nil {
return nil, err
}
return passwordLockoutPolicyFromModel(policyresp), nil
}
func (s *Server) DeletePasswordLockoutPolicy(ctx context.Context, ID *management.PasswordLockoutPolicyID) (*empty.Empty, error) {
return nil, errors.ThrowUnimplemented(nil, "GRPC-GHkd9", "Not implemented")
}

68
internal/api/grpc/management/policy_age_converter.go Normal file
View File

@@ -0,0 +1,68 @@
package management
import (
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/policy/model"
"github.com/caos/zitadel/pkg/grpc/management"
)
func passwordAgePolicyFromModel(policy *model.PasswordAgePolicy) *management.PasswordAgePolicy {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-6ILdB").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-ngUzJ").OnError(err).Debug("unable to parse timestamp")
return &management.PasswordAgePolicy{
Id: policy.AggregateID,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: policy.Sequence,
Description: policy.Description,
ExpireWarnDays: policy.ExpireWarnDays,
MaxAgeDays: policy.MaxAgeDays,
IsDefault: policy.AggregateID == "",
}
}
func passwordAgePolicyToModel(policy *management.PasswordAgePolicy) *model.PasswordAgePolicy {
creationDate, err := ptypes.Timestamp(policy.CreationDate)
logging.Log("GRPC-2QSfU").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.Timestamp(policy.ChangeDate)
logging.Log("GRPC-LdU91").OnError(err).Debug("unable to parse timestamp")
return &model.PasswordAgePolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: policy.Id,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: policy.Sequence,
},
Description: policy.Description,
ExpireWarnDays: policy.ExpireWarnDays,
MaxAgeDays: policy.MaxAgeDays,
}
}
func passwordAgePolicyCreateToModel(policy *management.PasswordAgePolicyCreate) *model.PasswordAgePolicy {
return &model.PasswordAgePolicy{
Description: policy.Description,
ExpireWarnDays: policy.ExpireWarnDays,
MaxAgeDays: policy.MaxAgeDays,
}
}
func passwordAgePolicyUpdateToModel(policy *management.PasswordAgePolicyUpdate) *model.PasswordAgePolicy {
return &model.PasswordAgePolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: policy.Id,
},
Description: policy.Description,
ExpireWarnDays: policy.ExpireWarnDays,
MaxAgeDays: policy.MaxAgeDays,
}
}

81
internal/api/grpc/management/policy_complexity_converter.go Normal file
View File

@@ -0,0 +1,81 @@
package management
import (
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/policy/model"
"github.com/caos/zitadel/pkg/grpc/management"
)
func passwordComplexityPolicyFromModel(policy *model.PasswordComplexityPolicy) *management.PasswordComplexityPolicy {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-cQRHE").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-PVA1c").OnError(err).Debug("unable to parse timestamp")
return &management.PasswordComplexityPolicy{
Id: policy.AggregateID,
CreationDate: creationDate,
ChangeDate: changeDate,
Description: policy.Description,
Sequence: policy.Sequence,
MinLength: policy.MinLength,
HasLowercase: policy.HasLowercase,
HasUppercase: policy.HasUppercase,
HasNumber: policy.HasNumber,
HasSymbol: policy.HasSymbol,
IsDefault: policy.AggregateID == "",
}
}
func passwordComplexityPolicyToModel(policy *management.PasswordComplexityPolicy) *model.PasswordComplexityPolicy {
creationDate, err := ptypes.Timestamp(policy.CreationDate)
logging.Log("GRPC-asmEZ").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.Timestamp(policy.ChangeDate)
logging.Log("GRPC-MCE4o").OnError(err).Debug("unable to parse timestamp")
return &model.PasswordComplexityPolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: policy.Id,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: policy.Sequence,
},
Description: policy.Description,
MinLength: policy.MinLength,
HasLowercase: policy.HasLowercase,
HasUppercase: policy.HasUppercase,
HasNumber: policy.HasNumber,
HasSymbol: policy.HasSymbol,
}
}
func passwordComplexityPolicyCreateToModel(policy *management.PasswordComplexityPolicyCreate) *model.PasswordComplexityPolicy {
return &model.PasswordComplexityPolicy{
Description: policy.Description,
MinLength: policy.MinLength,
HasLowercase: policy.HasLowercase,
HasUppercase: policy.HasUppercase,
HasNumber: policy.HasNumber,
HasSymbol: policy.HasSymbol,
}
}
func passwordComplexityPolicyUpdateToModel(policy *management.PasswordComplexityPolicyUpdate) *model.PasswordComplexityPolicy {
return &model.PasswordComplexityPolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: policy.Id,
},
Description: policy.Description,
MinLength: policy.MinLength,
HasLowercase: policy.HasLowercase,
HasUppercase: policy.HasUppercase,
HasNumber: policy.HasNumber,
HasSymbol: policy.HasSymbol,
}
}

70
internal/api/grpc/management/policy_lockout_converter.go Normal file
View File

@@ -0,0 +1,70 @@
package management
import (
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/policy/model"
"github.com/caos/zitadel/pkg/grpc/management"
)
func passwordLockoutPolicyFromModel(policy *model.PasswordLockoutPolicy) *management.PasswordLockoutPolicy {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-JRSbT").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-1sizr").OnError(err).Debug("unable to parse timestamp")
return &management.PasswordLockoutPolicy{
Id: policy.AggregateID,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: policy.Sequence,
Description: policy.Description,
MaxAttempts: policy.MaxAttempts,
ShowLockOutFailures: policy.ShowLockOutFailures,
IsDefault: policy.AggregateID == "",
}
}
func passwordLockoutPolicyToModel(policy *management.PasswordLockoutPolicy) *model.PasswordLockoutPolicy {
creationDate, err := ptypes.Timestamp(policy.CreationDate)
logging.Log("GRPC-8a511").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.Timestamp(policy.ChangeDate)
logging.Log("GRPC-2rdGv").OnError(err).Debug("unable to parse timestamp")
return &model.PasswordLockoutPolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: policy.Id,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: policy.Sequence,
},
Description: policy.Description,
MaxAttempts: policy.MaxAttempts,
ShowLockOutFailures: policy.ShowLockOutFailures,
}
}
func passwordLockoutPolicyCreateToModel(policy *management.PasswordLockoutPolicyCreate) *model.PasswordLockoutPolicy {
return &model.PasswordLockoutPolicy{
Description: policy.Description,
MaxAttempts: policy.MaxAttempts,
ShowLockOutFailures: policy.ShowLockOutFailures,
}
}
func passwordLockoutPolicyUpdateToModel(policy *management.PasswordLockoutPolicyUpdate) *model.PasswordLockoutPolicy {
return &model.PasswordLockoutPolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: policy.Id,
},
Description: policy.Description,
MaxAttempts: policy.MaxAttempts,
ShowLockOutFailures: policy.ShowLockOutFailures,
}
}

20
internal/api/grpc/management/probes.go Normal file
View File

@@ -0,0 +1,20 @@
package management
import (
"context"
"github.com/caos/zitadel/internal/errors"
"github.com/golang/protobuf/ptypes/empty"
pb_struct "github.com/golang/protobuf/ptypes/struct"
)
func (s *Server) Healthz(_ context.Context, e *empty.Empty) (*empty.Empty, error) {
return nil, errors.ThrowUnimplemented(nil, "GRPC-mkd3y", "Not implemented")
}
func (s *Server) Ready(ctx context.Context, e *empty.Empty) (*empty.Empty, error) {
return nil, errors.ThrowUnimplemented(nil, "GRPC-pl6BM", "Not implemented")
}
func (s *Server) Validate(ctx context.Context, _ *empty.Empty) (*pb_struct.Struct, error) {
return nil, errors.ThrowUnimplemented(nil, "GRPC-2wxF", "Not implemented")
}

122
internal/api/grpc/management/project.go Normal file
View File

@@ -0,0 +1,122 @@
package management
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/internal/api/authz"
grpc_util "github.com/caos/zitadel/internal/api/grpc"
"github.com/caos/zitadel/internal/api/http"
"github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) CreateProject(ctx context.Context, in *management.ProjectCreateRequest) (*management.Project, error) {
project, err := s.project.CreateProject(ctx, in.Name)
if err != nil {
return nil, err
}
return projectFromModel(project), nil
}
func (s *Server) UpdateProject(ctx context.Context, in *management.ProjectUpdateRequest) (*management.Project, error) {
project, err := s.project.UpdateProject(ctx, projectUpdateToModel(in))
if err != nil {
return nil, err
}
return projectFromModel(project), nil
}
func (s *Server) DeactivateProject(ctx context.Context, in *management.ProjectID) (*management.Project, error) {
project, err := s.project.DeactivateProject(ctx, in.Id)
if err != nil {
return nil, err
}
return projectFromModel(project), nil
}
func (s *Server) ReactivateProject(ctx context.Context, in *management.ProjectID) (*management.Project, error) {
project, err := s.project.ReactivateProject(ctx, in.Id)
if err != nil {
return nil, err
}
return projectFromModel(project), nil
}
func (s *Server) SearchProjects(ctx context.Context, in *management.ProjectSearchRequest) (*management.ProjectSearchResponse, error) {
request := projectSearchRequestsToModel(in)
request.AppendMyResourceOwnerQuery(grpc_util.GetHeader(ctx, http.ZitadelOrgID))
response, err := s.project.SearchProjects(ctx, request)
if err != nil {
return nil, err
}
return projectSearchResponseFromModel(response), nil
}
func (s *Server) ProjectByID(ctx context.Context, id *management.ProjectID) (*management.ProjectView, error) {
project, err := s.project.ProjectByID(ctx, id.Id)
if err != nil {
return nil, err
}
return projectViewFromModel(project), nil
}
func (s *Server) SearchGrantedProjects(ctx context.Context, in *management.GrantedProjectSearchRequest) (*management.ProjectGrantSearchResponse, error) {
request := grantedProjectSearchRequestsToModel(in)
request.AppendMyOrgQuery(grpc_util.GetHeader(ctx, http.ZitadelOrgID))
response, err := s.project.SearchProjectGrants(ctx, request)
if err != nil {
return nil, err
}
return projectGrantSearchResponseFromModel(response), nil
}
func (s *Server) GetGrantedProjectByID(ctx context.Context, in *management.ProjectGrantID) (*management.ProjectGrantView, error) {
project, err := s.project.ProjectGrantViewByID(ctx, in.Id)
if err != nil {
return nil, err
}
return projectGrantFromGrantedProjectModel(project), nil
}
func (s *Server) AddProjectRole(ctx context.Context, in *management.ProjectRoleAdd) (*management.ProjectRole, error) {
role, err := s.project.AddProjectRole(ctx, projectRoleAddToModel(in))
if err != nil {
return nil, err
}
return projectRoleFromModel(role), nil
}
func (s *Server) BulkAddProjectRole(ctx context.Context, in *management.ProjectRoleAddBulk) (*empty.Empty, error) {
err := s.project.BulkAddProjectRole(ctx, projectRoleAddBulkToModel(in))
return &empty.Empty{}, err
}
func (s *Server) ChangeProjectRole(ctx context.Context, in *management.ProjectRoleChange) (*management.ProjectRole, error) {
role, err := s.project.ChangeProjectRole(ctx, projectRoleChangeToModel(in))
if err != nil {
return nil, err
}
return projectRoleFromModel(role), nil
}
func (s *Server) RemoveProjectRole(ctx context.Context, in *management.ProjectRoleRemove) (*empty.Empty, error) {
err := s.project.RemoveProjectRole(ctx, in.Id, in.Key)
return &empty.Empty{}, err
}
func (s *Server) SearchProjectRoles(ctx context.Context, in *management.ProjectRoleSearchRequest) (*management.ProjectRoleSearchResponse, error) {
request := projectRoleSearchRequestsToModel(in)
request.AppendMyOrgQuery(authz.GetCtxData(ctx).OrgID)
request.AppendProjectQuery(in.ProjectId)
response, err := s.project.SearchProjectRoles(ctx, request)
if err != nil {
return nil, err
}
return projectRoleSearchResponseFromModel(response), nil
}
func (s *Server) ProjectChanges(ctx context.Context, changesRequest *management.ChangeRequest) (*management.Changes, error) {
response, err := s.project.ProjectChanges(ctx, changesRequest.Id, changesRequest.SequenceOffset, changesRequest.Limit, changesRequest.Asc)
if err != nil {
return nil, err
}
return projectChangesToResponse(response, changesRequest.GetSequenceOffset(), changesRequest.GetLimit()), nil
}

302
internal/api/grpc/management/project_converter.go Normal file
View File

@@ -0,0 +1,302 @@
package management
import (
"encoding/json"
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
"google.golang.org/protobuf/encoding/protojson"
"google.golang.org/protobuf/types/known/structpb"
"github.com/caos/zitadel/internal/eventstore/models"
proj_model "github.com/caos/zitadel/internal/project/model"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/caos/zitadel/pkg/grpc/message"
)
func projectFromModel(project *proj_model.Project) *management.Project {
creationDate, err := ptypes.TimestampProto(project.CreationDate)
logging.Log("GRPC-iejs3").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(project.ChangeDate)
logging.Log("GRPC-di7rw").OnError(err).Debug("unable to parse timestamp")
return &management.Project{
Id: project.AggregateID,
State: projectStateFromModel(project.State),
CreationDate: creationDate,
ChangeDate: changeDate,
Name: project.Name,
Sequence: project.Sequence,
}
}
func projectSearchResponseFromModel(response *proj_model.ProjectViewSearchResponse) *management.ProjectSearchResponse {
return &management.ProjectSearchResponse{
Offset: response.Offset,
Limit: response.Limit,
TotalResult: response.TotalResult,
Result: projectViewsFromModel(response.Result),
}
}
func projectViewsFromModel(projects []*proj_model.ProjectView) []*management.ProjectView {
converted := make([]*management.ProjectView, len(projects))
for i, project := range projects {
converted[i] = projectViewFromModel(project)
}
return converted
}
func projectViewFromModel(project *proj_model.ProjectView) *management.ProjectView {
creationDate, err := ptypes.TimestampProto(project.CreationDate)
logging.Log("GRPC-dlso3").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(project.ChangeDate)
logging.Log("GRPC-sope3").OnError(err).Debug("unable to parse timestamp")
return &management.ProjectView{
ProjectId: project.ProjectID,
State: projectStateFromModel(project.State),
CreationDate: creationDate,
ChangeDate: changeDate,
Name: project.Name,
Sequence: project.Sequence,
ResourceOwner: project.ResourceOwner,
}
}
func projectRoleSearchResponseFromModel(response *proj_model.ProjectRoleSearchResponse) *management.ProjectRoleSearchResponse {
return &management.ProjectRoleSearchResponse{
Offset: response.Offset,
Limit: response.Limit,
TotalResult: response.TotalResult,
Result: projectRoleViewsFromModel(response.Result),
}
}
func projectRoleViewsFromModel(roles []*proj_model.ProjectRoleView) []*management.ProjectRoleView {
converted := make([]*management.ProjectRoleView, len(roles))
for i, role := range roles {
converted[i] = projectRoleViewFromModel(role)
}
return converted
}
func projectRoleViewFromModel(role *proj_model.ProjectRoleView) *management.ProjectRoleView {
creationDate, err := ptypes.TimestampProto(role.CreationDate)
logging.Log("GRPC-dlso3").OnError(err).Debug("unable to parse timestamp")
return &management.ProjectRoleView{
ProjectId: role.ProjectID,
CreationDate: creationDate,
Key: role.Key,
Group: role.Group,
DisplayName: role.DisplayName,
Sequence: role.Sequence,
}
}
func projectStateFromModel(state proj_model.ProjectState) management.ProjectState {
switch state {
case proj_model.ProjectStateActive:
return management.ProjectState_PROJECTSTATE_ACTIVE
case proj_model.ProjectStateInactive:
return management.ProjectState_PROJECTSTATE_INACTIVE
default:
return management.ProjectState_PROJECTSTATE_UNSPECIFIED
}
}
func projectUpdateToModel(project *management.ProjectUpdateRequest) *proj_model.Project {
return &proj_model.Project{
ObjectRoot: models.ObjectRoot{
AggregateID: project.Id,
},
Name: project.Name,
}
}
func projectRoleFromModel(role *proj_model.ProjectRole) *management.ProjectRole {
creationDate, err := ptypes.TimestampProto(role.CreationDate)
logging.Log("GRPC-due83").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(role.ChangeDate)
logging.Log("GRPC-id93s").OnError(err).Debug("unable to parse timestamp")
return &management.ProjectRole{
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: role.Sequence,
Key: role.Key,
DisplayName: role.DisplayName,
Group: role.Group,
}
}
func projectRoleAddBulkToModel(bulk *management.ProjectRoleAddBulk) []*proj_model.ProjectRole {
roles := make([]*proj_model.ProjectRole, len(bulk.ProjectRoles))
for i, role := range bulk.ProjectRoles {
roles[i] = &proj_model.ProjectRole{
ObjectRoot: models.ObjectRoot{
AggregateID: bulk.Id,
},
Key: role.Key,
DisplayName: role.DisplayName,
Group: role.Group,
}
}
return roles
}
func projectRoleAddToModel(role *management.ProjectRoleAdd) *proj_model.ProjectRole {
return &proj_model.ProjectRole{
ObjectRoot: models.ObjectRoot{
AggregateID: role.Id,
},
Key: role.Key,
DisplayName: role.DisplayName,
Group: role.Group,
}
}
func projectRoleChangeToModel(role *management.ProjectRoleChange) *proj_model.ProjectRole {
return &proj_model.ProjectRole{
ObjectRoot: models.ObjectRoot{
AggregateID: role.Id,
},
Key: role.Key,
DisplayName: role.DisplayName,
Group: role.Group,
}
}
func projectSearchRequestsToModel(project *management.ProjectSearchRequest) *proj_model.ProjectViewSearchRequest {
return &proj_model.ProjectViewSearchRequest{
Offset: project.Offset,
Limit: project.Limit,
Queries: projectSearchQueriesToModel(project.Queries),
}
}
func grantedProjectSearchRequestsToModel(request *management.GrantedProjectSearchRequest) *proj_model.ProjectGrantViewSearchRequest {
return &proj_model.ProjectGrantViewSearchRequest{
Offset: request.Offset,
Limit: request.Limit,
Queries: grantedPRojectSearchQueriesToModel(request.Queries),
}
}
func projectSearchQueriesToModel(queries []*management.ProjectSearchQuery) []*proj_model.ProjectViewSearchQuery {
converted := make([]*proj_model.ProjectViewSearchQuery, len(queries))
for i, q := range queries {
converted[i] = projectSearchQueryToModel(q)
}
return converted
}
func projectSearchQueryToModel(query *management.ProjectSearchQuery) *proj_model.ProjectViewSearchQuery {
return &proj_model.ProjectViewSearchQuery{
Key: projectSearchKeyToModel(query.Key),
Method: searchMethodToModel(query.Method),
Value: query.Value,
}
}
func projectSearchKeyToModel(key management.ProjectSearchKey) proj_model.ProjectViewSearchKey {
switch key {
case management.ProjectSearchKey_PROJECTSEARCHKEY_PROJECT_NAME:
return proj_model.ProjectViewSearchKeyName
default:
return proj_model.ProjectViewSearchKeyUnspecified
}
}
func grantedPRojectSearchQueriesToModel(queries []*management.ProjectSearchQuery) []*proj_model.ProjectGrantViewSearchQuery {
converted := make([]*proj_model.ProjectGrantViewSearchQuery, len(queries))
for i, q := range queries {
converted[i] = grantedProjectSearchQueryToModel(q)
}
return converted
}
func grantedProjectSearchQueryToModel(query *management.ProjectSearchQuery) *proj_model.ProjectGrantViewSearchQuery {
return &proj_model.ProjectGrantViewSearchQuery{
Key: projectGrantSearchKeyToModel(query.Key),
Method: searchMethodToModel(query.Method),
Value: query.Value,
}
}
func projectGrantSearchKeyToModel(key management.ProjectSearchKey) proj_model.ProjectGrantViewSearchKey {
switch key {
case management.ProjectSearchKey_PROJECTSEARCHKEY_PROJECT_NAME:
return proj_model.GrantedProjectSearchKeyName
default:
return proj_model.GrantedProjectSearchKeyUnspecified
}
}
func projectRoleSearchRequestsToModel(role *management.ProjectRoleSearchRequest) *proj_model.ProjectRoleSearchRequest {
return &proj_model.ProjectRoleSearchRequest{
Offset: role.Offset,
Limit: role.Limit,
Queries: projectRoleSearchQueriesToModel(role.Queries),
}
}
func projectRoleSearchQueriesToModel(queries []*management.ProjectRoleSearchQuery) []*proj_model.ProjectRoleSearchQuery {
converted := make([]*proj_model.ProjectRoleSearchQuery, len(queries))
for i, q := range queries {
converted[i] = projectRoleSearchQueryToModel(q)
}
return converted
}
func projectRoleSearchQueryToModel(query *management.ProjectRoleSearchQuery) *proj_model.ProjectRoleSearchQuery {
return &proj_model.ProjectRoleSearchQuery{
Key: projectRoleSearchKeyToModel(query.Key),
Method: searchMethodToModel(query.Method),
Value: query.Value,
}
}
func projectRoleSearchKeyToModel(key management.ProjectRoleSearchKey) proj_model.ProjectRoleSearchKey {
switch key {
case management.ProjectRoleSearchKey_PROJECTROLESEARCHKEY_KEY:
return proj_model.ProjectRoleSearchKeyKey
case management.ProjectRoleSearchKey_PROJECTROLESEARCHKEY_DISPLAY_NAME:
return proj_model.ProjectRoleSearchKeyDisplayName
default:
return proj_model.ProjectRoleSearchKeyUnspecified
}
}
func projectChangesToResponse(response *proj_model.ProjectChanges, offset uint64, limit uint64) (_ *management.Changes) {
return &management.Changes{
Limit: limit,
Offset: offset,
Changes: projectChangesToMgtAPI(response),
}
}
func projectChangesToMgtAPI(changes *proj_model.ProjectChanges) (_ []*management.Change) {
result := make([]*management.Change, len(changes.Changes))
for i, change := range changes.Changes {
b, err := json.Marshal(change.Data)
data := &structpb.Struct{}
err = protojson.Unmarshal(b, data)
if err != nil {
}
result[i] = &management.Change{
ChangeDate: change.ChangeDate,
EventType: message.NewLocalizedEventType(change.EventType),
Sequence: change.Sequence,
Editor: change.ModifierName,
EditorId: change.ModifierId,
Data: data,
}
}
return result
}

66
internal/api/grpc/management/project_grant.go Normal file
View File

@@ -0,0 +1,66 @@
package management
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
grpc_util "github.com/caos/zitadel/internal/api/grpc"
"github.com/caos/zitadel/internal/api/http"
"github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) SearchProjectGrants(ctx context.Context, in *management.ProjectGrantSearchRequest) (*management.ProjectGrantSearchResponse, error) {
request := projectGrantSearchRequestsToModel(in)
orgID := grpc_util.GetHeader(ctx, http.ZitadelOrgID)
request.AppendMyResourceOwnerQuery(orgID)
request.AppendNotMyOrgQuery(orgID)
response, err := s.project.SearchProjectGrants(ctx, request)
if err != nil {
return nil, err
}
return projectGrantSearchResponseFromModel(response), nil
}
func (s *Server) ProjectGrantByID(ctx context.Context, in *management.ProjectGrantID) (*management.ProjectGrantView, error) {
grant, err := s.project.ProjectGrantByID(ctx, in.Id)
if err != nil {
return nil, err
}
return projectGrantFromGrantedProjectModel(grant), nil
}
func (s *Server) CreateProjectGrant(ctx context.Context, in *management.ProjectGrantCreate) (*management.ProjectGrant, error) {
grant, err := s.project.AddProjectGrant(ctx, projectGrantCreateToModel(in))
if err != nil {
return nil, err
}
return projectGrantFromModel(grant), nil
}
func (s *Server) UpdateProjectGrant(ctx context.Context, in *management.ProjectGrantUpdate) (*management.ProjectGrant, error) {
grant, err := s.project.ChangeProjectGrant(ctx, projectGrantUpdateToModel(in))
if err != nil {
return nil, err
}
return projectGrantFromModel(grant), nil
}
func (s *Server) DeactivateProjectGrant(ctx context.Context, in *management.ProjectGrantID) (*management.ProjectGrant, error) {
grant, err := s.project.DeactivateProjectGrant(ctx, in.ProjectId, in.Id)
if err != nil {
return nil, err
}
return projectGrantFromModel(grant), nil
}
func (s *Server) ReactivateProjectGrant(ctx context.Context, in *management.ProjectGrantID) (*management.ProjectGrant, error) {
grant, err := s.project.ReactivateProjectGrant(ctx, in.ProjectId, in.Id)
if err != nil {
return nil, err
}
return projectGrantFromModel(grant), nil
}
func (s *Server) RemoveProjectGrant(ctx context.Context, in *management.ProjectGrantID) (*empty.Empty, error) {
err := s.project.RemoveProjectGrant(ctx, in.ProjectId, in.Id)
return &empty.Empty{}, err
}

153
internal/api/grpc/management/project_grant_converter.go Normal file
View File

@@ -0,0 +1,153 @@
package management
import (
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/model"
proj_model "github.com/caos/zitadel/internal/project/model"
"github.com/caos/zitadel/pkg/grpc/management"
)
func projectGrantFromModel(grant *proj_model.ProjectGrant) *management.ProjectGrant {
creationDate, err := ptypes.TimestampProto(grant.CreationDate)
logging.Log("GRPC-8d73s").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(grant.ChangeDate)
logging.Log("GRPC-dlso3").OnError(err).Debug("unable to parse timestamp")
return &management.ProjectGrant{
Id: grant.GrantID,
State: projectGrantStateFromModel(grant.State),
CreationDate: creationDate,
ChangeDate: changeDate,
GrantedOrgId: grant.GrantedOrgID,
RoleKeys: grant.RoleKeys,
Sequence: grant.Sequence,
ProjectId: grant.AggregateID,
}
}
func projectGrantCreateToModel(grant *management.ProjectGrantCreate) *proj_model.ProjectGrant {
return &proj_model.ProjectGrant{
ObjectRoot: models.ObjectRoot{
AggregateID: grant.ProjectId,
},
GrantedOrgID: grant.GrantedOrgId,
RoleKeys: grant.RoleKeys,
}
}
func projectGrantUpdateToModel(grant *management.ProjectGrantUpdate) *proj_model.ProjectGrant {
return &proj_model.ProjectGrant{
ObjectRoot: models.ObjectRoot{
AggregateID: grant.ProjectId,
},
GrantID: grant.Id,
RoleKeys: grant.RoleKeys,
}
}
func projectGrantSearchRequestsToModel(request *management.ProjectGrantSearchRequest) *proj_model.ProjectGrantViewSearchRequest {
return &proj_model.ProjectGrantViewSearchRequest{
Offset: request.Offset,
Limit: request.Limit,
Queries: projectGrantSearchQueriesToModel(request.ProjectId, request.Queries),
}
}
func projectGrantSearchQueriesToModel(projectId string, queries []*management.ProjectGrantSearchQuery) []*proj_model.ProjectGrantViewSearchQuery {
converted := make([]*proj_model.ProjectGrantViewSearchQuery, 0)
converted = append(converted, &proj_model.ProjectGrantViewSearchQuery{
Key: proj_model.GrantedProjectSearchKeyProjectID,
Method: model.SearchMethodEquals,
Value: projectId,
})
for i, query := range queries {
converted[i] = projectGrantSearchQueryToModel(query)
}
return converted
}
func projectGrantSearchQueryToModel(query *management.ProjectGrantSearchQuery) *proj_model.ProjectGrantViewSearchQuery {
return &proj_model.ProjectGrantViewSearchQuery{
Key: projectGrantViewSearchKeyToModel(query.Key),
Method: searchMethodToModel(query.Method),
Value: query.Value,
}
}
func projectGrantViewSearchKeyToModel(key management.ProjectGrantSearchKey) proj_model.ProjectGrantViewSearchKey {
switch key {
case management.ProjectGrantSearchKey_PROJECTGRANTSEARCHKEY_PROJECT_NAME:
return proj_model.GrantedProjectSearchKeyProjectID
case management.ProjectGrantSearchKey_PROJECTGRANTSEARCHKEY_ROLE_KEY:
return proj_model.GrantedProjectSearchKeyRoleKeys
default:
return proj_model.GrantedProjectSearchKeyUnspecified
}
}
func projectGrantSearchResponseFromModel(response *proj_model.ProjectGrantViewSearchResponse) *management.ProjectGrantSearchResponse {
return &management.ProjectGrantSearchResponse{
Offset: response.Offset,
Limit: response.Limit,
TotalResult: response.TotalResult,
Result: projectGrantsFromGrantedProjectModel(response.Result),
}
}
func projectGrantsFromGrantedProjectModel(projects []*proj_model.ProjectGrantView) []*management.ProjectGrantView {
converted := make([]*management.ProjectGrantView, len(projects))
for i, project := range projects {
converted[i] = projectGrantFromGrantedProjectModel(project)
}
return converted
}
func projectGrantFromGrantedProjectModel(project *proj_model.ProjectGrantView) *management.ProjectGrantView {
creationDate, err := ptypes.TimestampProto(project.CreationDate)
logging.Log("GRPC-dlso3").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(project.ChangeDate)
logging.Log("GRPC-sope3").OnError(err).Debug("unable to parse timestamp")
return &management.ProjectGrantView{
ProjectId: project.ProjectID,
State: projectGrantStateFromProjectStateModel(project.State),
CreationDate: creationDate,
ChangeDate: changeDate,
ProjectName: project.Name,
Sequence: project.Sequence,
GrantedOrgId: project.OrgID,
GrantedOrgName: project.OrgName,
Id: project.GrantID,
RoleKeys: project.GrantedRoleKeys,
ResourceOwner: project.ResourceOwner,
ResourceOwnerName: project.ResourceOwnerName,
}
}
func projectGrantStateFromModel(state proj_model.ProjectGrantState) management.ProjectGrantState {
switch state {
case proj_model.ProjectGrantStateActive:
return management.ProjectGrantState_PROJECTGRANTSTATE_ACTIVE
case proj_model.ProjectGrantStateInactive:
return management.ProjectGrantState_PROJECTGRANTSTATE_INACTIVE
default:
return management.ProjectGrantState_PROJECTGRANTSTATE_UNSPECIFIED
}
}
func projectGrantStateFromProjectStateModel(state proj_model.ProjectState) management.ProjectGrantState {
switch state {
case proj_model.ProjectStateActive:
return management.ProjectGrantState_PROJECTGRANTSTATE_ACTIVE
case proj_model.ProjectStateInactive:
return management.ProjectGrantState_PROJECTGRANTSTATE_INACTIVE
default:
return management.ProjectGrantState_PROJECTGRANTSTATE_UNSPECIFIED
}
}

42
internal/api/grpc/management/project_grant_member.go Normal file
View File

@@ -0,0 +1,42 @@
package management
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) GetProjectGrantMemberRoles(ctx context.Context, _ *empty.Empty) (*management.ProjectGrantMemberRoles, error) {
return &management.ProjectGrantMemberRoles{Roles: s.project.GetProjectGrantMemberRoles()}, nil
}
func (s *Server) SearchProjectGrantMembers(ctx context.Context, in *management.ProjectGrantMemberSearchRequest) (*management.ProjectGrantMemberSearchResponse, error) {
response, err := s.project.SearchProjectGrantMembers(ctx, projectGrantMemberSearchRequestsToModel(in))
if err != nil {
return nil, err
}
return projectGrantMemberSearchResponseFromModel(response), nil
}
func (s *Server) AddProjectGrantMember(ctx context.Context, in *management.ProjectGrantMemberAdd) (*management.ProjectGrantMember, error) {
member, err := s.project.AddProjectGrantMember(ctx, projectGrantMemberAddToModel(in))
if err != nil {
return nil, err
}
return projectGrantMemberFromModel(member), nil
}
func (s *Server) ChangeProjectGrantMember(ctx context.Context, in *management.ProjectGrantMemberChange) (*management.ProjectGrantMember, error) {
member, err := s.project.ChangeProjectGrantMember(ctx, projectGrantMemberChangeToModel(in))
if err != nil {
return nil, err
}
return projectGrantMemberFromModel(member), nil
}
func (s *Server) RemoveProjectGrantMember(ctx context.Context, in *management.ProjectGrantMemberRemove) (*empty.Empty, error) {
err := s.project.RemoveProjectGrantMember(ctx, in.ProjectId, in.GrantId, in.UserId)
return &empty.Empty{}, err
}

124
internal/api/grpc/management/project_grant_member_converter.go Normal file
View File

@@ -0,0 +1,124 @@
package management
import (
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
"github.com/caos/zitadel/internal/eventstore/models"
proj_model "github.com/caos/zitadel/internal/project/model"
"github.com/caos/zitadel/pkg/grpc/management"
)
func projectGrantMemberFromModel(member *proj_model.ProjectGrantMember) *management.ProjectGrantMember {
creationDate, err := ptypes.TimestampProto(member.CreationDate)
logging.Log("GRPC-7du3s").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(member.ChangeDate)
logging.Log("GRPC-8duew").OnError(err).Debug("unable to parse timestamp")
return &management.ProjectGrantMember{
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: member.Sequence,
UserId: member.UserID,
Roles: member.Roles,
}
}
func projectGrantMemberAddToModel(member *management.ProjectGrantMemberAdd) *proj_model.ProjectGrantMember {
return &proj_model.ProjectGrantMember{
ObjectRoot: models.ObjectRoot{
AggregateID: member.ProjectId,
},
GrantID: member.GrantId,
UserID: member.UserId,
Roles: member.Roles,
}
}
func projectGrantMemberChangeToModel(member *management.ProjectGrantMemberChange) *proj_model.ProjectGrantMember {
return &proj_model.ProjectGrantMember{
ObjectRoot: models.ObjectRoot{
AggregateID: member.ProjectId,
},
GrantID: member.GrantId,
UserID: member.UserId,
Roles: member.Roles,
}
}
func projectGrantMemberSearchRequestsToModel(role *management.ProjectGrantMemberSearchRequest) *proj_model.ProjectGrantMemberSearchRequest {
return &proj_model.ProjectGrantMemberSearchRequest{
Offset: role.Offset,
Limit: role.Limit,
Queries: projectGrantMemberSearchQueriesToModel(role.Queries),
}
}
func projectGrantMemberSearchQueriesToModel(queries []*management.ProjectGrantMemberSearchQuery) []*proj_model.ProjectGrantMemberSearchQuery {
converted := make([]*proj_model.ProjectGrantMemberSearchQuery, len(queries))
for i, q := range queries {
converted[i] = projectGrantMemberSearchQueryToModel(q)
}
return converted
}
func projectGrantMemberSearchQueryToModel(query *management.ProjectGrantMemberSearchQuery) *proj_model.ProjectGrantMemberSearchQuery {
return &proj_model.ProjectGrantMemberSearchQuery{
Key: projectGrantMemberSearchKeyToModel(query.Key),
Method: searchMethodToModel(query.Method),
Value: query.Value,
}
}
func projectGrantMemberSearchKeyToModel(key management.ProjectGrantMemberSearchKey) proj_model.ProjectGrantMemberSearchKey {
switch key {
case management.ProjectGrantMemberSearchKey_PROJECTGRANTMEMBERSEARCHKEY_EMAIL:
return proj_model.ProjectGrantMemberSearchKeyEmail
case management.ProjectGrantMemberSearchKey_PROJECTGRANTMEMBERSEARCHKEY_FIRST_NAME:
return proj_model.ProjectGrantMemberSearchKeyFirstName
case management.ProjectGrantMemberSearchKey_PROJECTGRANTMEMBERSEARCHKEY_LAST_NAME:
return proj_model.ProjectGrantMemberSearchKeyLastName
case management.ProjectGrantMemberSearchKey_PROJECTGRANTMEMBERSEARCHKEY_USER_NAME:
return proj_model.ProjectGrantMemberSearchKeyUserName
default:
return proj_model.ProjectGrantMemberSearchKeyUnspecified
}
}
func projectGrantMemberSearchResponseFromModel(response *proj_model.ProjectGrantMemberSearchResponse) *management.ProjectGrantMemberSearchResponse {
return &management.ProjectGrantMemberSearchResponse{
Offset: response.Offset,
Limit: response.Limit,
TotalResult: response.TotalResult,
Result: projectGrantMemberViewsFromModel(response.Result),
}
}
func projectGrantMemberViewsFromModel(roles []*proj_model.ProjectGrantMemberView) []*management.ProjectGrantMemberView {
converted := make([]*management.ProjectGrantMemberView, len(roles))
for i, role := range roles {
converted[i] = projectGrantMemberViewFromModel(role)
}
return converted
}
func projectGrantMemberViewFromModel(member *proj_model.ProjectGrantMemberView) *management.ProjectGrantMemberView {
creationDate, err := ptypes.TimestampProto(member.CreationDate)
logging.Log("GRPC-los93").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(member.ChangeDate)
logging.Log("GRPC-ski4e").OnError(err).Debug("unable to parse timestamp")
return &management.ProjectGrantMemberView{
UserId: member.UserID,
UserName: member.UserName,
Email: member.Email,
FirstName: member.FirstName,
LastName: member.LastName,
Roles: member.Roles,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: member.Sequence,
}
}

44
internal/api/grpc/management/project_member.go Normal file
View File

@@ -0,0 +1,44 @@
package management
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) GetProjectMemberRoles(ctx context.Context, _ *empty.Empty) (*management.ProjectMemberRoles, error) {
return &management.ProjectMemberRoles{Roles: s.project.GetProjectMemberRoles()}, nil
}
func (s *Server) SearchProjectMembers(ctx context.Context, in *management.ProjectMemberSearchRequest) (*management.ProjectMemberSearchResponse, error) {
request := projectMemberSearchRequestsToModel(in)
request.AppendProjectQuery(in.ProjectId)
response, err := s.project.SearchProjectMembers(ctx, request)
if err != nil {
return nil, err
}
return projectMemberSearchResponseFromModel(response), nil
}
func (s *Server) AddProjectMember(ctx context.Context, in *management.ProjectMemberAdd) (*management.ProjectMember, error) {
member, err := s.project.AddProjectMember(ctx, projectMemberAddToModel(in))
if err != nil {
return nil, err
}
return projectMemberFromModel(member), nil
}
func (s *Server) ChangeProjectMember(ctx context.Context, in *management.ProjectMemberChange) (*management.ProjectMember, error) {
member, err := s.project.ChangeProjectMember(ctx, projectMemberChangeToModel(in))
if err != nil {
return nil, err
}
return projectMemberFromModel(member), nil
}
func (s *Server) RemoveProjectMember(ctx context.Context, in *management.ProjectMemberRemove) (*empty.Empty, error) {
err := s.project.RemoveProjectMember(ctx, in.Id, in.UserId)
return &empty.Empty{}, err
}

122
internal/api/grpc/management/project_member_converter.go Normal file
View File

@@ -0,0 +1,122 @@
package management
import (
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
"github.com/caos/zitadel/internal/eventstore/models"
proj_model "github.com/caos/zitadel/internal/project/model"
"github.com/caos/zitadel/pkg/grpc/management"
)
func projectMemberFromModel(member *proj_model.ProjectMember) *management.ProjectMember {
creationDate, err := ptypes.TimestampProto(member.CreationDate)
logging.Log("GRPC-kd8re").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(member.ChangeDate)
logging.Log("GRPC-dlei3").OnError(err).Debug("unable to parse timestamp")
return &management.ProjectMember{
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: member.Sequence,
UserId: member.UserID,
Roles: member.Roles,
}
}
func projectMemberAddToModel(member *management.ProjectMemberAdd) *proj_model.ProjectMember {
return &proj_model.ProjectMember{
ObjectRoot: models.ObjectRoot{
AggregateID: member.Id,
},
UserID: member.UserId,
Roles: member.Roles,
}
}
func projectMemberChangeToModel(member *management.ProjectMemberChange) *proj_model.ProjectMember {
return &proj_model.ProjectMember{
ObjectRoot: models.ObjectRoot{
AggregateID: member.Id,
},
UserID: member.UserId,
Roles: member.Roles,
}
}
func projectMemberSearchRequestsToModel(role *management.ProjectMemberSearchRequest) *proj_model.ProjectMemberSearchRequest {
return &proj_model.ProjectMemberSearchRequest{
Offset: role.Offset,
Limit: role.Limit,
Queries: projectMemberSearchQueriesToModel(role.Queries),
}
}
func projectMemberSearchQueriesToModel(queries []*management.ProjectMemberSearchQuery) []*proj_model.ProjectMemberSearchQuery {
converted := make([]*proj_model.ProjectMemberSearchQuery, len(queries))
for i, q := range queries {
converted[i] = projectMemberSearchQueryToModel(q)
}
return converted
}
func projectMemberSearchQueryToModel(query *management.ProjectMemberSearchQuery) *proj_model.ProjectMemberSearchQuery {
return &proj_model.ProjectMemberSearchQuery{
Key: projectMemberSearchKeyToModel(query.Key),
Method: searchMethodToModel(query.Method),
Value: query.Value,
}
}
func projectMemberSearchKeyToModel(key management.ProjectMemberSearchKey) proj_model.ProjectMemberSearchKey {
switch key {
case management.ProjectMemberSearchKey_PROJECTMEMBERSEARCHKEY_EMAIL:
return proj_model.ProjectMemberSearchKeyEmail
case management.ProjectMemberSearchKey_PROJECTMEMBERSEARCHKEY_FIRST_NAME:
return proj_model.ProjectMemberSearchKeyFirstName
case management.ProjectMemberSearchKey_PROJECTMEMBERSEARCHKEY_LAST_NAME:
return proj_model.ProjectMemberSearchKeyLastName
case management.ProjectMemberSearchKey_PROJECTMEMBERSEARCHKEY_USER_NAME:
return proj_model.ProjectMemberSearchKeyUserName
default:
return proj_model.ProjectMemberSearchKeyUnspecified
}
}
func projectMemberSearchResponseFromModel(response *proj_model.ProjectMemberSearchResponse) *management.ProjectMemberSearchResponse {
return &management.ProjectMemberSearchResponse{
Offset: response.Offset,
Limit: response.Limit,
TotalResult: response.TotalResult,
Result: projectMemberViewsFromModel(response.Result),
}
}
func projectMemberViewsFromModel(members []*proj_model.ProjectMemberView) []*management.ProjectMemberView {
converted := make([]*management.ProjectMemberView, len(members))
for i, member := range members {
converted[i] = projectMemberViewFromModel(member)
}
return converted
}
func projectMemberViewFromModel(member *proj_model.ProjectMemberView) *management.ProjectMemberView {
creationDate, err := ptypes.TimestampProto(member.CreationDate)
logging.Log("GRPC-sl9cs").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(member.ChangeDate)
logging.Log("GRPC-8iw2d").OnError(err).Debug("unable to parse timestamp")
return &management.ProjectMemberView{
UserId: member.UserID,
UserName: member.UserName,
Email: member.Email,
FirstName: member.FirstName,
LastName: member.LastName,
Roles: member.Roles,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: member.Sequence,
}
}

31
internal/api/grpc/management/search_converter.go Normal file
View File

@@ -0,0 +1,31 @@
package management
import (
"github.com/caos/zitadel/internal/model"
"github.com/caos/zitadel/pkg/grpc/management"
)
func searchMethodToModel(method management.SearchMethod) model.SearchMethod {
switch method {
case management.SearchMethod_SEARCHMETHOD_EQUALS:
return model.SearchMethodEquals
case management.SearchMethod_SEARCHMETHOD_CONTAINS:
return model.SearchMethodContains
case management.SearchMethod_SEARCHMETHOD_STARTS_WITH:
return model.SearchMethodStartsWith
case management.SearchMethod_SEARCHMETHOD_EQUALS_IGNORE_CASE:
return model.SearchMethodEqualsIgnoreCase
case management.SearchMethod_SEARCHMETHOD_CONTAINS_IGNORE_CASE:
return model.SearchMethodContainsIgnoreCase
case management.SearchMethod_SEARCHMETHOD_STARTS_WITH_IGNORE_CASE:
return model.SearchMethodStartsWithIgnoreCase
case management.SearchMethod_SEARCHMETHOD_NOT_EQUALS:
return model.SearchMethodNotEquals
case management.SearchMethod_SEARCHMETHOD_IS_ONE_OF:
return model.SearchMethodIsOneOf
case management.SearchMethod_SEARCHMETHOD_LIST_CONTAINS:
return model.SearchMethodListContains
default:
return model.SearchMethodEquals
}
}

69
internal/api/grpc/management/server.go Normal file
View File

@@ -0,0 +1,69 @@
package management
import (
"google.golang.org/grpc"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/api/grpc/server"
"github.com/caos/zitadel/internal/config/systemdefaults"
"github.com/caos/zitadel/internal/management/repository"
"github.com/caos/zitadel/internal/management/repository/eventsourcing"
"github.com/caos/zitadel/pkg/grpc/management"
)
const (
mgmtName = "Management-API"
)
var _ management.ManagementServiceServer = (*Server)(nil)
type Server struct {
project repository.ProjectRepository
policy repository.PolicyRepository
org repository.OrgRepository
user repository.UserRepository
usergrant repository.UserGrantRepository
iam repository.IamRepository
authZ authz.Config
systemDefaults systemdefaults.SystemDefaults
}
type Config struct {
Repository eventsourcing.Config
}
func CreateServer(repo repository.Repository, sd systemdefaults.SystemDefaults) *Server {
return &Server{
project: repo,
policy: repo,
org: repo,
user: repo,
usergrant: repo,
iam: repo,
systemDefaults: sd,
}
}
func (s *Server) RegisterServer(grpcServer *grpc.Server) {
management.RegisterManagementServiceServer(grpcServer, s)
}
func (s *Server) AppName() string {
return mgmtName
}
func (s *Server) MethodPrefix() string {
return management.ManagementService_MethodPrefix
}
func (s *Server) AuthMethods() authz.MethodMapping {
return management.ManagementService_AuthMethods
}
func (s *Server) RegisterGateway() server.GatewayFunc {
return management.RegisterManagementServiceHandlerFromEndpoint
}
func (s *Server) GatewayPathPrefix() string {
return "/mgmt/v1"
}

196
internal/api/grpc/management/user.go Normal file
View File

@@ -0,0 +1,196 @@
package management
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
grpc_util "github.com/caos/zitadel/internal/api/grpc"
"github.com/caos/zitadel/internal/api/http"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) GetUserByID(ctx context.Context, id *management.UserID) (*management.UserView, error) {
user, err := s.user.UserByID(ctx, id.Id)
if err != nil {
return nil, err
}
return userViewFromModel(user), nil
}
func (s *Server) GetUserByEmailGlobal(ctx context.Context, email *management.Email) (*management.UserView, error) {
user, err := s.user.GetGlobalUserByEmail(ctx, email.Email)
if err != nil {
return nil, err
}
return userViewFromModel(user), nil
}
func (s *Server) SearchUsers(ctx context.Context, in *management.UserSearchRequest) (*management.UserSearchResponse, error) {
request := userSearchRequestsToModel(in)
orgID := grpc_util.GetHeader(ctx, http.ZitadelOrgID)
request.AppendMyOrgQuery(orgID)
response, err := s.user.SearchUsers(ctx, request)
if err != nil {
return nil, err
}
return userSearchResponseFromModel(response), nil
}
func (s *Server) UserChanges(ctx context.Context, changesRequest *management.ChangeRequest) (*management.Changes, error) {
response, err := s.user.UserChanges(ctx, changesRequest.Id, changesRequest.SequenceOffset, changesRequest.Limit, changesRequest.Asc)
if err != nil {
return nil, err
}
return userChangesToResponse(response, changesRequest.GetSequenceOffset(), changesRequest.GetLimit()), nil
}
func (s *Server) IsUserUnique(ctx context.Context, request *management.UniqueUserRequest) (*management.UniqueUserResponse, error) {
unique, err := s.user.IsUserUnique(ctx, request.UserName, request.Email)
if err != nil {
return nil, err
}
return &management.UniqueUserResponse{IsUnique: unique}, nil
}
func (s *Server) CreateUser(ctx context.Context, in *management.CreateUserRequest) (*management.User, error) {
user, err := s.user.CreateUser(ctx, userCreateToModel(in))
if err != nil {
return nil, err
}
return userFromModel(user), nil
}
func (s *Server) DeactivateUser(ctx context.Context, in *management.UserID) (*management.User, error) {
user, err := s.user.DeactivateUser(ctx, in.Id)
if err != nil {
return nil, err
}
return userFromModel(user), nil
}
func (s *Server) ReactivateUser(ctx context.Context, in *management.UserID) (*management.User, error) {
user, err := s.user.ReactivateUser(ctx, in.Id)
if err != nil {
return nil, err
}
return userFromModel(user), nil
}
func (s *Server) LockUser(ctx context.Context, in *management.UserID) (*management.User, error) {
user, err := s.user.LockUser(ctx, in.Id)
if err != nil {
return nil, err
}
return userFromModel(user), nil
}
func (s *Server) UnlockUser(ctx context.Context, in *management.UserID) (*management.User, error) {
user, err := s.user.UnlockUser(ctx, in.Id)
if err != nil {
return nil, err
}
return userFromModel(user), nil
}
func (s *Server) DeleteUser(ctx context.Context, in *management.UserID) (*empty.Empty, error) {
return nil, errors.ThrowUnimplemented(nil, "GRPC-as4fg", "Not implemented")
}
func (s *Server) GetUserProfile(ctx context.Context, in *management.UserID) (*management.UserProfileView, error) {
profile, err := s.user.ProfileByID(ctx, in.Id)
if err != nil {
return nil, err
}
return profileViewFromModel(profile), nil
}
func (s *Server) UpdateUserProfile(ctx context.Context, request *management.UpdateUserProfileRequest) (*management.UserProfile, error) {
profile, err := s.user.ChangeProfile(ctx, updateProfileToModel(request))
if err != nil {
return nil, err
}
return profileFromModel(profile), nil
}
func (s *Server) GetUserEmail(ctx context.Context, in *management.UserID) (*management.UserEmailView, error) {
email, err := s.user.EmailByID(ctx, in.Id)
if err != nil {
return nil, err
}
return emailViewFromModel(email), nil
}
func (s *Server) ChangeUserEmail(ctx context.Context, request *management.UpdateUserEmailRequest) (*management.UserEmail, error) {
email, err := s.user.ChangeEmail(ctx, updateEmailToModel(request))
if err != nil {
return nil, err
}
return emailFromModel(email), nil
}
func (s *Server) ResendEmailVerificationMail(ctx context.Context, in *management.UserID) (*empty.Empty, error) {
err := s.user.CreateEmailVerificationCode(ctx, in.Id)
return &empty.Empty{}, err
}
func (s *Server) GetUserPhone(ctx context.Context, in *management.UserID) (*management.UserPhoneView, error) {
phone, err := s.user.PhoneByID(ctx, in.Id)
if err != nil {
return nil, err
}
return phoneViewFromModel(phone), nil
}
func (s *Server) ChangeUserPhone(ctx context.Context, request *management.UpdateUserPhoneRequest) (*management.UserPhone, error) {
phone, err := s.user.ChangePhone(ctx, updatePhoneToModel(request))
if err != nil {
return nil, err
}
return phoneFromModel(phone), nil
}
func (s *Server) RemoveUserPhone(ctx context.Context, userID *management.UserID) (*empty.Empty, error) {
err := s.user.RemovePhone(ctx, userID.Id)
return &empty.Empty{}, err
}
func (s *Server) ResendPhoneVerificationCode(ctx context.Context, in *management.UserID) (*empty.Empty, error) {
err := s.user.CreatePhoneVerificationCode(ctx, in.Id)
return &empty.Empty{}, err
}
func (s *Server) GetUserAddress(ctx context.Context, in *management.UserID) (*management.UserAddressView, error) {
address, err := s.user.AddressByID(ctx, in.Id)
if err != nil {
return nil, err
}
return addressViewFromModel(address), nil
}
func (s *Server) UpdateUserAddress(ctx context.Context, request *management.UpdateUserAddressRequest) (*management.UserAddress, error) {
address, err := s.user.ChangeAddress(ctx, updateAddressToModel(request))
if err != nil {
return nil, err
}
return addressFromModel(address), nil
}
func (s *Server) SendSetPasswordNotification(ctx context.Context, request *management.SetPasswordNotificationRequest) (*empty.Empty, error) {
err := s.user.RequestSetPassword(ctx, request.Id, notifyTypeToModel(request.Type))
return &empty.Empty{}, err
}
func (s *Server) SetInitialPassword(ctx context.Context, request *management.PasswordRequest) (*empty.Empty, error) {
_, err := s.user.SetOneTimePassword(ctx, passwordRequestToModel(request))
return &empty.Empty{}, err
}
func (s *Server) GetUserMfas(ctx context.Context, userID *management.UserID) (*management.MultiFactors, error) {
mfas, err := s.user.UserMfas(ctx, userID.Id)
if err != nil {
return nil, err
}
return &management.MultiFactors{Mfas: mfasFromModel(mfas)}, nil
}

519
internal/api/grpc/management/user_converter.go Normal file
View File

@@ -0,0 +1,519 @@
package management
import (
"encoding/json"
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
"golang.org/x/text/language"
"google.golang.org/protobuf/encoding/protojson"
"google.golang.org/protobuf/types/known/structpb"
"github.com/caos/zitadel/internal/eventstore/models"
usr_model "github.com/caos/zitadel/internal/user/model"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/caos/zitadel/pkg/grpc/message"
)
func userFromModel(user *usr_model.User) *management.User {
creationDate, err := ptypes.TimestampProto(user.CreationDate)
logging.Log("GRPC-8duwe").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(user.ChangeDate)
logging.Log("GRPC-ckoe3d").OnError(err).Debug("unable to parse timestamp")
converted := &management.User{
Id: user.AggregateID,
State: userStateFromModel(user.State),
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: user.Sequence,
UserName: user.UserName,
FirstName: user.FirstName,
LastName: user.LastName,
DisplayName: user.DisplayName,
NickName: user.NickName,
PreferredLanguage: user.PreferredLanguage.String(),
Gender: genderFromModel(user.Gender),
}
if user.Email != nil {
converted.Email = user.EmailAddress
converted.IsEmailVerified = user.IsEmailVerified
}
if user.Phone != nil {
converted.Phone = user.PhoneNumber
converted.IsPhoneVerified = user.IsPhoneVerified
}
if user.Address != nil {
converted.Country = user.Country
converted.Locality = user.Locality
converted.PostalCode = user.PostalCode
converted.Region = user.Region
converted.StreetAddress = user.StreetAddress
}
return converted
}
func userCreateToModel(u *management.CreateUserRequest) *usr_model.User {
preferredLanguage, err := language.Parse(u.PreferredLanguage)
logging.Log("GRPC-cK5k2").OnError(err).Debug("language malformed")
user := &usr_model.User{
Profile: &usr_model.Profile{
UserName: u.UserName,
FirstName: u.FirstName,
LastName: u.LastName,
NickName: u.NickName,
PreferredLanguage: preferredLanguage,
Gender: genderToModel(u.Gender),
},
Email: &usr_model.Email{
EmailAddress: u.Email,
IsEmailVerified: u.IsEmailVerified,
},
Address: &usr_model.Address{
Country: u.Country,
Locality: u.Locality,
PostalCode: u.PostalCode,
Region: u.Region,
StreetAddress: u.StreetAddress,
},
}
if u.Password != "" {
user.Password = &usr_model.Password{SecretString: u.Password}
}
if u.Phone != "" {
user.Phone = &usr_model.Phone{PhoneNumber: u.Phone, IsPhoneVerified: u.IsPhoneVerified}
}
return user
}
func passwordRequestToModel(r *management.PasswordRequest) *usr_model.Password {
return &usr_model.Password{
ObjectRoot: models.ObjectRoot{AggregateID: r.Id},
SecretString: r.Password,
}
}
func userSearchRequestsToModel(project *management.UserSearchRequest) *usr_model.UserSearchRequest {
return &usr_model.UserSearchRequest{
Offset: project.Offset,
Limit: project.Limit,
Queries: userSearchQueriesToModel(project.Queries),
}
}
func userSearchQueriesToModel(queries []*management.UserSearchQuery) []*usr_model.UserSearchQuery {
converted := make([]*usr_model.UserSearchQuery, len(queries))
for i, q := range queries {
converted[i] = userSearchQueryToModel(q)
}
return converted
}
func userSearchQueryToModel(query *management.UserSearchQuery) *usr_model.UserSearchQuery {
return &usr_model.UserSearchQuery{
Key: userSearchKeyToModel(query.Key),
Method: searchMethodToModel(query.Method),
Value: query.Value,
}
}
func userSearchKeyToModel(key management.UserSearchKey) usr_model.UserSearchKey {
switch key {
case management.UserSearchKey_USERSEARCHKEY_USER_NAME:
return usr_model.UserSearchKeyUserName
case management.UserSearchKey_USERSEARCHKEY_FIRST_NAME:
return usr_model.UserSearchKeyFirstName
case management.UserSearchKey_USERSEARCHKEY_LAST_NAME:
return usr_model.UserSearchKeyLastName
case management.UserSearchKey_USERSEARCHKEY_NICK_NAME:
return usr_model.UserSearchKeyNickName
case management.UserSearchKey_USERSEARCHKEY_DISPLAY_NAME:
return usr_model.UserSearchKeyDisplayName
case management.UserSearchKey_USERSEARCHKEY_EMAIL:
return usr_model.UserSearchKeyEmail
case management.UserSearchKey_USERSEARCHKEY_STATE:
return usr_model.UserSearchKeyState
default:
return usr_model.UserSearchKeyUnspecified
}
}
func profileFromModel(profile *usr_model.Profile) *management.UserProfile {
creationDate, err := ptypes.TimestampProto(profile.CreationDate)
logging.Log("GRPC-dkso3").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(profile.ChangeDate)
logging.Log("GRPC-ski8d").OnError(err).Debug("unable to parse timestamp")
return &management.UserProfile{
Id: profile.AggregateID,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: profile.Sequence,
UserName: profile.UserName,
FirstName: profile.FirstName,
LastName: profile.LastName,
DisplayName: profile.DisplayName,
NickName: profile.NickName,
PreferredLanguage: profile.PreferredLanguage.String(),
Gender: genderFromModel(profile.Gender),
}
}
func profileViewFromModel(profile *usr_model.Profile) *management.UserProfileView {
creationDate, err := ptypes.TimestampProto(profile.CreationDate)
logging.Log("GRPC-sk8sk").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(profile.ChangeDate)
logging.Log("GRPC-s30Ks'").OnError(err).Debug("unable to parse timestamp")
return &management.UserProfileView{
Id: profile.AggregateID,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: profile.Sequence,
UserName: profile.UserName,
FirstName: profile.FirstName,
LastName: profile.LastName,
DisplayName: profile.DisplayName,
NickName: profile.NickName,
PreferredLanguage: profile.PreferredLanguage.String(),
Gender: genderFromModel(profile.Gender),
LoginNames: profile.LoginNames,
PreferredLoginName: profile.PreferredLoginName,
}
}
func updateProfileToModel(u *management.UpdateUserProfileRequest) *usr_model.Profile {
preferredLanguage, err := language.Parse(u.PreferredLanguage)
logging.Log("GRPC-d8k2s").OnError(err).Debug("language malformed")
return &usr_model.Profile{
ObjectRoot: models.ObjectRoot{AggregateID: u.Id},
FirstName: u.FirstName,
LastName: u.LastName,
NickName: u.NickName,
PreferredLanguage: preferredLanguage,
Gender: genderToModel(u.Gender),
}
}
func emailFromModel(email *usr_model.Email) *management.UserEmail {
creationDate, err := ptypes.TimestampProto(email.CreationDate)
logging.Log("GRPC-d9ow2").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(email.ChangeDate)
logging.Log("GRPC-s0dkw").OnError(err).Debug("unable to parse timestamp")
return &management.UserEmail{
Id: email.AggregateID,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: email.Sequence,
Email: email.EmailAddress,
IsEmailVerified: email.IsEmailVerified,
}
}
func emailViewFromModel(email *usr_model.Email) *management.UserEmailView {
creationDate, err := ptypes.TimestampProto(email.CreationDate)
logging.Log("GRPC-sKefs").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(email.ChangeDate)
logging.Log("GRPC-0isjD").OnError(err).Debug("unable to parse timestamp")
return &management.UserEmailView{
Id: email.AggregateID,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: email.Sequence,
Email: email.EmailAddress,
IsEmailVerified: email.IsEmailVerified,
}
}
func updateEmailToModel(e *management.UpdateUserEmailRequest) *usr_model.Email {
return &usr_model.Email{
ObjectRoot: models.ObjectRoot{AggregateID: e.Id},
EmailAddress: e.Email,
IsEmailVerified: e.IsEmailVerified,
}
}
func phoneFromModel(phone *usr_model.Phone) *management.UserPhone {
creationDate, err := ptypes.TimestampProto(phone.CreationDate)
logging.Log("GRPC-ps9ws").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(phone.ChangeDate)
logging.Log("GRPC-09ewq").OnError(err).Debug("unable to parse timestamp")
return &management.UserPhone{
Id: phone.AggregateID,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: phone.Sequence,
Phone: phone.PhoneNumber,
IsPhoneVerified: phone.IsPhoneVerified,
}
}
func phoneViewFromModel(phone *usr_model.Phone) *management.UserPhoneView {
creationDate, err := ptypes.TimestampProto(phone.CreationDate)
logging.Log("GRPC-6gSj").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(phone.ChangeDate)
logging.Log("GRPC-lKs8f").OnError(err).Debug("unable to parse timestamp")
return &management.UserPhoneView{
Id: phone.AggregateID,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: phone.Sequence,
Phone: phone.PhoneNumber,
IsPhoneVerified: phone.IsPhoneVerified,
}
}
func updatePhoneToModel(e *management.UpdateUserPhoneRequest) *usr_model.Phone {
return &usr_model.Phone{
ObjectRoot: models.ObjectRoot{AggregateID: e.Id},
PhoneNumber: e.Phone,
IsPhoneVerified: e.IsPhoneVerified,
}
}
func addressFromModel(address *usr_model.Address) *management.UserAddress {
creationDate, err := ptypes.TimestampProto(address.CreationDate)
logging.Log("GRPC-ud8w7").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(address.ChangeDate)
logging.Log("GRPC-si9ws").OnError(err).Debug("unable to parse timestamp")
return &management.UserAddress{
Id: address.AggregateID,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: address.Sequence,
Country: address.Country,
StreetAddress: address.StreetAddress,
Region: address.Region,
PostalCode: address.PostalCode,
Locality: address.Locality,
}
}
func addressViewFromModel(address *usr_model.Address) *management.UserAddressView {
creationDate, err := ptypes.TimestampProto(address.CreationDate)
logging.Log("GRPC-67stC").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(address.ChangeDate)
logging.Log("GRPC-0jSfs").OnError(err).Debug("unable to parse timestamp")
return &management.UserAddressView{
Id: address.AggregateID,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: address.Sequence,
Country: address.Country,
StreetAddress: address.StreetAddress,
Region: address.Region,
PostalCode: address.PostalCode,
Locality: address.Locality,
}
}
func updateAddressToModel(address *management.UpdateUserAddressRequest) *usr_model.Address {
return &usr_model.Address{
ObjectRoot: models.ObjectRoot{AggregateID: address.Id},
Country: address.Country,
StreetAddress: address.StreetAddress,
Region: address.Region,
PostalCode: address.PostalCode,
Locality: address.Locality,
}
}
func userSearchResponseFromModel(response *usr_model.UserSearchResponse) *management.UserSearchResponse {
return &management.UserSearchResponse{
Offset: response.Offset,
Limit: response.Limit,
TotalResult: response.TotalResult,
Result: userViewsFromModel(response.Result),
}
}
func userViewsFromModel(users []*usr_model.UserView) []*management.UserView {
converted := make([]*management.UserView, len(users))
for i, user := range users {
converted[i] = userViewFromModel(user)
}
return converted
}
func userViewFromModel(user *usr_model.UserView) *management.UserView {
creationDate, err := ptypes.TimestampProto(user.CreationDate)
logging.Log("GRPC-dl9we").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(user.ChangeDate)
logging.Log("GRPC-lpsg5").OnError(err).Debug("unable to parse timestamp")
lastLogin, err := ptypes.TimestampProto(user.LastLogin)
logging.Log("GRPC-dksi3").OnError(err).Debug("unable to parse timestamp")
passwordChanged, err := ptypes.TimestampProto(user.PasswordChanged)
logging.Log("GRPC-dl9ws").OnError(err).Debug("unable to parse timestamp")
return &management.UserView{
Id: user.ID,
State: userStateFromModel(user.State),
CreationDate: creationDate,
ChangeDate: changeDate,
LastLogin: lastLogin,
PasswordChanged: passwordChanged,
UserName: user.UserName,
FirstName: user.FirstName,
LastName: user.LastName,
DisplayName: user.DisplayName,
NickName: user.NickName,
PreferredLanguage: user.PreferredLanguage,
Gender: genderFromModel(user.Gender),
Email: user.Email,
IsEmailVerified: user.IsEmailVerified,
Phone: user.Phone,
IsPhoneVerified: user.IsPhoneVerified,
Country: user.Country,
Locality: user.Locality,
PostalCode: user.PostalCode,
Region: user.Region,
StreetAddress: user.StreetAddress,
Sequence: user.Sequence,
ResourceOwner: user.ResourceOwner,
LoginNames: user.LoginNames,
PreferredLoginName: user.PreferredLoginName,
}
}
func mfasFromModel(mfas []*usr_model.MultiFactor) []*management.MultiFactor {
converted := make([]*management.MultiFactor, len(mfas))
for i, mfa := range mfas {
converted[i] = mfaFromModel(mfa)
}
return converted
}
func mfaFromModel(mfa *usr_model.MultiFactor) *management.MultiFactor {
return &management.MultiFactor{
State: mfaStateFromModel(mfa.State),
Type: mfaTypeFromModel(mfa.Type),
}
}
func notifyTypeToModel(state management.NotificationType) usr_model.NotificationType {
switch state {
case management.NotificationType_NOTIFICATIONTYPE_EMAIL:
return usr_model.NotificationTypeEmail
case management.NotificationType_NOTIFICATIONTYPE_SMS:
return usr_model.NotificationTypeSms
default:
return usr_model.NotificationTypeEmail
}
}
func userStateFromModel(state usr_model.UserState) management.UserState {
switch state {
case usr_model.UserStateActive:
return management.UserState_USERSTATE_ACTIVE
case usr_model.UserStateInactive:
return management.UserState_USERSTATE_INACTIVE
case usr_model.UserStateLocked:
return management.UserState_USERSTATE_LOCKED
case usr_model.UserStateInitial:
return management.UserState_USERSTATE_INITIAL
case usr_model.UserStateSuspend:
return management.UserState_USERSTATE_SUSPEND
default:
return management.UserState_USERSTATE_UNSPECIFIED
}
}
func genderFromModel(gender usr_model.Gender) management.Gender {
switch gender {
case usr_model.GenderFemale:
return management.Gender_GENDER_FEMALE
case usr_model.GenderMale:
return management.Gender_GENDER_MALE
case usr_model.GenderDiverse:
return management.Gender_GENDER_DIVERSE
default:
return management.Gender_GENDER_UNSPECIFIED
}
}
func genderToModel(gender management.Gender) usr_model.Gender {
switch gender {
case management.Gender_GENDER_FEMALE:
return usr_model.GenderFemale
case management.Gender_GENDER_MALE:
return usr_model.GenderMale
case management.Gender_GENDER_DIVERSE:
return usr_model.GenderDiverse
default:
return usr_model.GenderUnspecified
}
}
func mfaTypeFromModel(mfatype usr_model.MfaType) management.MfaType {
switch mfatype {
case usr_model.MfaTypeOTP:
return management.MfaType_MFATYPE_OTP
case usr_model.MfaTypeSMS:
return management.MfaType_MFATYPE_SMS
default:
return management.MfaType_MFATYPE_UNSPECIFIED
}
}
func mfaStateFromModel(state usr_model.MfaState) management.MFAState {
switch state {
case usr_model.MfaStateReady:
return management.MFAState_MFASTATE_READY
case usr_model.MfaStateNotReady:
return management.MFAState_MFASTATE_NOT_READY
default:
return management.MFAState_MFASTATE_UNSPECIFIED
}
}
func userChangesToResponse(response *usr_model.UserChanges, offset uint64, limit uint64) (_ *management.Changes) {
return &management.Changes{
Limit: limit,
Offset: offset,
Changes: userChangesToMgtAPI(response),
}
}
func userChangesToMgtAPI(changes *usr_model.UserChanges) (_ []*management.Change) {
result := make([]*management.Change, len(changes.Changes))
for i, change := range changes.Changes {
var data *structpb.Struct
changedData, err := json.Marshal(change.Data)
if err == nil {
data = new(structpb.Struct)
err = protojson.Unmarshal(changedData, data)
logging.Log("GRPC-a7F54").OnError(err).Debug("unable to marshal changed data to struct")
}
result[i] = &management.Change{
ChangeDate: change.ChangeDate,
EventType: message.NewLocalizedEventType(change.EventType),
Sequence: change.Sequence,
Data: data,
EditorId: change.ModifierId,
Editor: change.ModifierName,
}
}
return result
}

182
internal/api/grpc/management/user_grant.go Normal file
View File

@@ -0,0 +1,182 @@
package management
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) SearchUserGrants(ctx context.Context, in *management.UserGrantSearchRequest) (*management.UserGrantSearchResponse, error) {
request := userGrantSearchRequestsToModel(in)
request.AppendMyOrgQuery(authz.GetCtxData(ctx).OrgID)
response, err := s.usergrant.SearchUserGrants(ctx, request)
if err != nil {
return nil, err
}
return userGrantSearchResponseFromModel(response), nil
}
func (s *Server) UserGrantByID(ctx context.Context, request *management.UserGrantID) (*management.UserGrantView, error) {
user, err := s.usergrant.UserGrantByID(ctx, request.Id)
if err != nil {
return nil, err
}
return userGrantViewFromModel(user), nil
}
func (s *Server) CreateUserGrant(ctx context.Context, in *management.UserGrantCreate) (*management.UserGrant, error) {
user, err := s.usergrant.AddUserGrant(ctx, userGrantCreateToModel(in))
if err != nil {
return nil, err
}
return usergrantFromModel(user), nil
}
func (s *Server) UpdateUserGrant(ctx context.Context, in *management.UserGrantUpdate) (*management.UserGrant, error) {
user, err := s.usergrant.ChangeUserGrant(ctx, userGrantUpdateToModel(in))
if err != nil {
return nil, err
}
return usergrantFromModel(user), nil
}
func (s *Server) DeactivateUserGrant(ctx context.Context, in *management.UserGrantID) (*management.UserGrant, error) {
user, err := s.usergrant.DeactivateUserGrant(ctx, in.Id)
if err != nil {
return nil, err
}
return usergrantFromModel(user), nil
}
func (s *Server) ReactivateUserGrant(ctx context.Context, in *management.UserGrantID) (*management.UserGrant, error) {
user, err := s.usergrant.ReactivateUserGrant(ctx, in.Id)
if err != nil {
return nil, err
}
return usergrantFromModel(user), nil
}
func (s *Server) RemoveUserGrant(ctx context.Context, in *management.UserGrantID) (*empty.Empty, error) {
err := s.usergrant.RemoveUserGrant(ctx, in.Id)
return &empty.Empty{}, err
}
func (s *Server) BulkCreateUserGrant(ctx context.Context, in *management.UserGrantCreateBulk) (*empty.Empty, error) {
err := s.usergrant.BulkAddUserGrant(ctx, userGrantCreateBulkToModel(in)...)
return &empty.Empty{}, err
}
func (s *Server) BulkUpdateUserGrant(ctx context.Context, in *management.UserGrantUpdateBulk) (*empty.Empty, error) {
err := s.usergrant.BulkChangeUserGrant(ctx, userGrantUpdateBulkToModel(in)...)
return &empty.Empty{}, err
}
func (s *Server) BulkRemoveUserGrant(ctx context.Context, in *management.UserGrantRemoveBulk) (*empty.Empty, error) {
err := s.usergrant.BulkRemoveUserGrant(ctx, userGrantRemoveBulkToModel(in)...)
return &empty.Empty{}, err
}
func (s *Server) SearchProjectUserGrants(ctx context.Context, in *management.ProjectUserGrantSearchRequest) (*management.UserGrantSearchResponse, error) {
request := projectUserGrantSearchRequestsToModel(in)
request.AppendMyOrgQuery(authz.GetCtxData(ctx).OrgID)
request.AppendProjectIDQuery(in.ProjectId)
response, err := s.usergrant.SearchUserGrants(ctx, request)
if err != nil {
return nil, err
}
return userGrantSearchResponseFromModel(response), nil
}
func (s *Server) ProjectUserGrantByID(ctx context.Context, request *management.ProjectUserGrantID) (*management.UserGrantView, error) {
user, err := s.usergrant.UserGrantByID(ctx, request.Id)
if err != nil {
return nil, err
}
return userGrantViewFromModel(user), nil
}
func (s *Server) CreateProjectUserGrant(ctx context.Context, in *management.UserGrantCreate) (*management.UserGrant, error) {
user, err := s.usergrant.AddUserGrant(ctx, userGrantCreateToModel(in))
if err != nil {
return nil, err
}
return usergrantFromModel(user), nil
}
func (s *Server) UpdateProjectUserGrant(ctx context.Context, in *management.ProjectUserGrantUpdate) (*management.UserGrant, error) {
user, err := s.usergrant.ChangeUserGrant(ctx, projectUserGrantUpdateToModel(in))
if err != nil {
return nil, err
}
return usergrantFromModel(user), nil
}
func (s *Server) DeactivateProjectUserGrant(ctx context.Context, in *management.ProjectUserGrantID) (*management.UserGrant, error) {
user, err := s.usergrant.DeactivateUserGrant(ctx, in.Id)
if err != nil {
return nil, err
}
return usergrantFromModel(user), nil
}
func (s *Server) ReactivateProjectUserGrant(ctx context.Context, in *management.ProjectUserGrantID) (*management.UserGrant, error) {
user, err := s.usergrant.ReactivateUserGrant(ctx, in.Id)
if err != nil {
return nil, err
}
return usergrantFromModel(user), nil
}
func (s *Server) SearchProjectGrantUserGrants(ctx context.Context, in *management.ProjectGrantUserGrantSearchRequest) (*management.UserGrantSearchResponse, error) {
grant, err := s.project.ProjectGrantByID(ctx, in.ProjectGrantId)
if err != nil {
return nil, err
}
request := projectGrantUserGrantSearchRequestsToModel(in)
request.AppendMyOrgQuery(authz.GetCtxData(ctx).OrgID)
request.AppendProjectIDQuery(grant.ProjectID)
response, err := s.usergrant.SearchUserGrants(ctx, request)
if err != nil {
return nil, err
}
return userGrantSearchResponseFromModel(response), nil
}
func (s *Server) ProjectGrantUserGrantByID(ctx context.Context, request *management.ProjectGrantUserGrantID) (*management.UserGrantView, error) {
user, err := s.usergrant.UserGrantByID(ctx, request.Id)
if err != nil {
return nil, err
}
return userGrantViewFromModel(user), nil
}
func (s *Server) CreateProjectGrantUserGrant(ctx context.Context, in *management.ProjectGrantUserGrantCreate) (*management.UserGrant, error) {
user, err := s.usergrant.AddUserGrant(ctx, projectGrantUserGrantCreateToModel(in))
if err != nil {
return nil, err
}
return usergrantFromModel(user), nil
}
func (s *Server) UpdateProjectGrantUserGrant(ctx context.Context, in *management.ProjectGrantUserGrantUpdate) (*management.UserGrant, error) {
user, err := s.usergrant.ChangeUserGrant(ctx, projectGrantUserGrantUpdateToModel(in))
if err != nil {
return nil, err
}
return usergrantFromModel(user), nil
}
func (s *Server) DeactivateProjectGrantUserGrant(ctx context.Context, in *management.ProjectGrantUserGrantID) (*management.UserGrant, error) {
user, err := s.usergrant.DeactivateUserGrant(ctx, in.Id)
if err != nil {
return nil, err
}
return usergrantFromModel(user), nil
}
func (s *Server) ReactivateProjectGrantUserGrant(ctx context.Context, in *management.ProjectGrantUserGrantID) (*management.UserGrant, error) {
user, err := s.usergrant.ReactivateUserGrant(ctx, in.Id)
if err != nil {
return nil, err
}
return usergrantFromModel(user), nil
}

203
internal/api/grpc/management/user_grant_converter.go Normal file
View File

@@ -0,0 +1,203 @@
package management
import (
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
"github.com/caos/zitadel/internal/eventstore/models"
grant_model "github.com/caos/zitadel/internal/usergrant/model"
"github.com/caos/zitadel/pkg/grpc/management"
)
func usergrantFromModel(grant *grant_model.UserGrant) *management.UserGrant {
creationDate, err := ptypes.TimestampProto(grant.CreationDate)
logging.Log("GRPC-ki9ds").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(grant.ChangeDate)
logging.Log("GRPC-sl9ew").OnError(err).Debug("unable to parse timestamp")
return &management.UserGrant{
Id: grant.AggregateID,
UserId: grant.UserID,
State: usergrantStateFromModel(grant.State),
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: grant.Sequence,
ProjectId: grant.ProjectID,
RoleKeys: grant.RoleKeys,
}
}
func userGrantCreateBulkToModel(u *management.UserGrantCreateBulk) []*grant_model.UserGrant {
grants := make([]*grant_model.UserGrant, len(u.UserGrants))
for i, grant := range u.UserGrants {
grants[i] = userGrantCreateToModel(grant)
}
return grants
}
func userGrantCreateToModel(u *management.UserGrantCreate) *grant_model.UserGrant {
return &grant_model.UserGrant{
ObjectRoot: models.ObjectRoot{AggregateID: u.UserId},
UserID: u.UserId,
ProjectID: u.ProjectId,
RoleKeys: u.RoleKeys,
}
}
func userGrantUpdateBulkToModel(u *management.UserGrantUpdateBulk) []*grant_model.UserGrant {
grants := make([]*grant_model.UserGrant, len(u.UserGrants))
for i, grant := range u.UserGrants {
grants[i] = userGrantUpdateToModel(grant)
}
return grants
}
func userGrantUpdateToModel(u *management.UserGrantUpdate) *grant_model.UserGrant {
return &grant_model.UserGrant{
ObjectRoot: models.ObjectRoot{AggregateID: u.Id},
RoleKeys: u.RoleKeys,
}
}
func userGrantRemoveBulkToModel(u *management.UserGrantRemoveBulk) []string {
ids := make([]string, len(u.Ids))
for i, id := range u.Ids {
ids[i] = id
}
return ids
}
func projectUserGrantUpdateToModel(u *management.ProjectUserGrantUpdate) *grant_model.UserGrant {
return &grant_model.UserGrant{
ObjectRoot: models.ObjectRoot{AggregateID: u.Id},
RoleKeys: u.RoleKeys,
}
}
func projectGrantUserGrantCreateToModel(u *management.ProjectGrantUserGrantCreate) *grant_model.UserGrant {
return &grant_model.UserGrant{
UserID: u.UserId,
ProjectID: u.ProjectId,
RoleKeys: u.RoleKeys,
}
}
func projectGrantUserGrantUpdateToModel(u *management.ProjectGrantUserGrantUpdate) *grant_model.UserGrant {
return &grant_model.UserGrant{
ObjectRoot: models.ObjectRoot{AggregateID: u.Id},
RoleKeys: u.RoleKeys,
}
}
func userGrantSearchRequestsToModel(project *management.UserGrantSearchRequest) *grant_model.UserGrantSearchRequest {
return &grant_model.UserGrantSearchRequest{
Offset: project.Offset,
Limit: project.Limit,
Queries: userGrantSearchQueriesToModel(project.Queries),
}
}
func userGrantSearchQueriesToModel(queries []*management.UserGrantSearchQuery) []*grant_model.UserGrantSearchQuery {
converted := make([]*grant_model.UserGrantSearchQuery, len(queries))
for i, q := range queries {
converted[i] = userGrantSearchQueryToModel(q)
}
return converted
}
func userGrantSearchQueryToModel(query *management.UserGrantSearchQuery) *grant_model.UserGrantSearchQuery {
return &grant_model.UserGrantSearchQuery{
Key: userGrantSearchKeyToModel(query.Key),
Method: searchMethodToModel(query.Method),
Value: query.Value,
}
}
func userGrantSearchKeyToModel(key management.UserGrantSearchKey) grant_model.UserGrantSearchKey {
switch key {
case management.UserGrantSearchKey_USERGRANTSEARCHKEY_ORG_ID:
return grant_model.UserGrantSearchKeyResourceOwner
case management.UserGrantSearchKey_USERGRANTSEARCHKEY_PROJECT_ID:
return grant_model.UserGrantSearchKeyProjectID
case management.UserGrantSearchKey_USERGRANTSEARCHKEY_USER_ID:
return grant_model.UserGrantSearchKeyUserID
case management.UserGrantSearchKey_USERGRANTSEARCHKEY_ROLE_KEY:
return grant_model.UserGrantSearchKeyRoleKey
default:
return grant_model.UserGrantSearchKeyUnspecified
}
}
func userGrantSearchResponseFromModel(response *grant_model.UserGrantSearchResponse) *management.UserGrantSearchResponse {
return &management.UserGrantSearchResponse{
Offset: response.Offset,
Limit: response.Limit,
TotalResult: response.TotalResult,
Result: userGrantViewsFromModel(response.Result),
}
}
func userGrantViewsFromModel(users []*grant_model.UserGrantView) []*management.UserGrantView {
converted := make([]*management.UserGrantView, len(users))
for i, user := range users {
converted[i] = userGrantViewFromModel(user)
}
return converted
}
func userGrantViewFromModel(grant *grant_model.UserGrantView) *management.UserGrantView {
creationDate, err := ptypes.TimestampProto(grant.CreationDate)
logging.Log("GRPC-dl9we").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(grant.ChangeDate)
logging.Log("GRPC-lpsg5").OnError(err).Debug("unable to parse timestamp")
return &management.UserGrantView{
Id: grant.ID,
State: usergrantStateFromModel(grant.State),
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: grant.Sequence,
ResourceOwner: grant.ResourceOwner,
UserName: grant.UserName,
FirstName: grant.FirstName,
LastName: grant.LastName,
Email: grant.Email,
ProjectName: grant.ProjectName,
OrgName: grant.OrgName,
OrgDomain: grant.OrgDomain,
RoleKeys: grant.RoleKeys,
UserId: grant.UserID,
ProjectId: grant.ProjectID,
OrgId: grant.ResourceOwner,
DisplayName: grant.DisplayName,
}
}
func usergrantStateFromModel(state grant_model.UserGrantState) management.UserGrantState {
switch state {
case grant_model.UserGrantStateActive:
return management.UserGrantState_USERGRANTSTATE_ACTIVE
case grant_model.UserGrantStateInactive:
return management.UserGrantState_USERGRANTSTATE_INACTIVE
default:
return management.UserGrantState_USERGRANTSTATE_UNSPECIFIED
}
}
func projectUserGrantSearchRequestsToModel(project *management.ProjectUserGrantSearchRequest) *grant_model.UserGrantSearchRequest {
return &grant_model.UserGrantSearchRequest{
Offset: project.Offset,
Limit: project.Limit,
Queries: userGrantSearchQueriesToModel(project.Queries),
}
}
func projectGrantUserGrantSearchRequestsToModel(project *management.ProjectGrantUserGrantSearchRequest) *grant_model.UserGrantSearchRequest {
return &grant_model.UserGrantSearchRequest{
Offset: project.Offset,
Limit: project.Limit,
Queries: userGrantSearchQueriesToModel(project.Queries),
}
}

109
internal/api/grpc/server/gateway.go
View File

@@ -3,12 +3,14 @@ package server
import (
"context"
"net/http"
"strings"
"github.com/grpc-ecosystem/grpc-gateway/runtime"
"google.golang.org/grpc"
"github.com/caos/logging"
grpc_util "github.com/caos/zitadel/internal/api/grpc"
client_middleware "github.com/caos/zitadel/internal/api/grpc/client/middleware"
http_util "github.com/caos/zitadel/internal/api/http"
http_mw "github.com/caos/zitadel/internal/api/http/middleware"
@@ -22,26 +24,41 @@ const (
var (
DefaultJSONMarshaler = &runtime.JSONPb{OrigName: false, EmitDefaults: false}
DefaultServeMuxOptions = []runtime.ServeMuxOption{
runtime.WithMarshalerOption(DefaultJSONMarshaler.ContentType(), DefaultJSONMarshaler),
runtime.WithMarshalerOption(mimeWildcard, DefaultJSONMarshaler),
runtime.WithMarshalerOption(runtime.MIMEWildcard, DefaultJSONMarshaler),
runtime.WithIncomingHeaderMatcher(runtime.DefaultHeaderMatcher),
runtime.WithOutgoingHeaderMatcher(runtime.DefaultHeaderMatcher),
DefaultServeMuxOptions = func(customHeaders ...string) []runtime.ServeMuxOption {
return []runtime.ServeMuxOption{
runtime.WithMarshalerOption(DefaultJSONMarshaler.ContentType(), DefaultJSONMarshaler),
runtime.WithMarshalerOption(mimeWildcard, DefaultJSONMarshaler),
runtime.WithMarshalerOption(runtime.MIMEWildcard, DefaultJSONMarshaler),
runtime.WithIncomingHeaderMatcher(DefaultHeaderMatcher(customHeaders...)),
runtime.WithOutgoingHeaderMatcher(runtime.DefaultHeaderMatcher),
}
}
DefaultHeaderMatcher = func(customHeaders ...string) runtime.HeaderMatcherFunc {
return func(header string) (string, bool) {
for _, customHeader := range customHeaders {
if strings.HasPrefix(strings.ToLower(header), customHeader) {
return header, true
}
}
return runtime.DefaultHeaderMatcher(header)
}
}
)
type Gateway interface {
GRPCEndpoint() string
GatewayPort() string
Gateway() GatewayFunc
RegisterGateway() GatewayFunc
GatewayPathPrefix() string
}
type GatewayFunc func(ctx context.Context, mux *runtime.ServeMux, endpoint string, opts []grpc.DialOption) error
//optional extending interfaces of Gateway below
type gatewayCustomServeMuxOptions interface {
GatewayServeMuxOptions() []runtime.ServeMuxOption
}
type grpcGatewayCustomInterceptor interface {
GatewayHTTPInterceptor(http.Handler) http.Handler
}
@@ -50,28 +67,62 @@ type gatewayCustomCallOptions interface {
GatewayCallOptions() []grpc.DialOption
}
func StartGateway(ctx context.Context, g Gateway) {
mux := createMux(ctx, g)
serveGateway(ctx, mux, gatewayPort(g.GatewayPort()), g)
type GatewayHandler struct {
mux *http.ServeMux
serverPort string
gatewayPort string
customHeaders []string
}
func createMux(ctx context.Context, g Gateway) *runtime.ServeMux {
muxOptions := DefaultServeMuxOptions
func CreateGatewayHandler(config grpc_util.Config) *GatewayHandler {
return &GatewayHandler{
mux: http.NewServeMux(),
serverPort: config.ServerPort,
gatewayPort: config.GatewayPort,
customHeaders: config.CustomHeaders,
}
}
//RegisterGateway registers a handler (Gateway interface) on defined port
//Gateway interface may be extended with optional implementation of interfaces (gatewayCustomServeMuxOptions, ...)
func (g *GatewayHandler) RegisterGateway(ctx context.Context, gateway Gateway) {
handler := createGateway(ctx, gateway, g.serverPort, g.customHeaders...)
prefix := gateway.GatewayPathPrefix()
g.RegisterHandler(prefix, handler)
}
func (g *GatewayHandler) RegisterHandler(prefix string, handler http.Handler) {
http_util.RegisterHandler(g.mux, prefix, handler)
}
func (g *GatewayHandler) Serve(ctx context.Context) {
http_util.Serve(ctx, g.mux, g.gatewayPort, "api")
}
func createGateway(ctx context.Context, g Gateway, port string, customHeaders ...string) http.Handler {
mux := createMux(g, customHeaders...)
opts := createDialOptions(g)
err := g.RegisterGateway()(ctx, mux, http_util.Endpoint(port), opts)
logging.Log("SERVE-7B7G0E").OnError(err).Panic("failed to register grpc gateway")
return addInterceptors(mux, g)
}
func createMux(g Gateway, customHeaders ...string) *runtime.ServeMux {
muxOptions := DefaultServeMuxOptions(customHeaders...)
if customOpts, ok := g.(gatewayCustomServeMuxOptions); ok {
muxOptions = customOpts.GatewayServeMuxOptions()
}
mux := runtime.NewServeMux(muxOptions...)
return runtime.NewServeMux(muxOptions...)
}
func createDialOptions(g Gateway) []grpc.DialOption {
opts := []grpc.DialOption{grpc.WithInsecure()}
opts = append(opts, client_middleware.DefaultTracingStatsClient())
if customOpts, ok := g.(gatewayCustomCallOptions); ok {
opts = append(opts, customOpts.GatewayCallOptions()...)
}
err := g.Gateway()(ctx, mux, g.GRPCEndpoint(), opts)
logging.Log("SERVE-7B7G0E").OnError(err).Panic("failed to create mux for grpc gateway")
return mux
return opts
}
func addInterceptors(handler http.Handler, g Gateway) http.Handler {
@@ -83,26 +134,6 @@ func addInterceptors(handler http.Handler, g Gateway) http.Handler {
return http_mw.CORSInterceptorOpts(http_mw.DefaultCORSOptions, handler)
}
func serveGateway(ctx context.Context, handler http.Handler, port string, g Gateway) {
server := &http.Server{
Handler: addInterceptors(handler, g),
}
listener := http_util.CreateListener(port)
go func() {
<-ctx.Done()
err := server.Shutdown(ctx)
logging.Log("SERVE-m7kBlq").OnError(err).Warn("error during graceful shutdown of grpc gateway")
}()
go func() {
err := server.Serve(listener)
logging.Log("SERVE-tBHR60").OnError(err).Panic("grpc gateway serve failed")
}()
logging.LogWithFields("SERVE-KHh0Cb", "port", port).Info("grpc gateway is listening")
}
func gatewayPort(port string) string {
if port == "" {
return defaultGatewayPort

50
internal/api/grpc/server/middleware/auth_interceptor.go
View File

@@ -2,37 +2,39 @@ package middleware
import (
"context"
"google.golang.org/grpc"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
"github.com/caos/zitadel/internal/api"
"github.com/caos/zitadel/internal/api/auth"
"github.com/caos/zitadel/internal/api/authz"
grpc_util "github.com/caos/zitadel/internal/api/grpc"
"github.com/caos/zitadel/internal/api/http"
)
func AuthorizationInterceptor(verifier auth.TokenVerifier, authConfig *auth.Config, authMethods auth.MethodMapping) func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
func AuthorizationInterceptor(verifier *authz.TokenVerifier, authConfig authz.Config) grpc.UnaryServerInterceptor {
return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
authOpt, needsToken := authMethods[info.FullMethod]
if !needsToken {
return handler(ctx, req)
}
authToken := ""
//TODO: Remove check internal as soon as authentification is implemented
if !auth.CheckInternal(ctx) {
authToken = grpc_util.GetAuthorizationHeader(ctx)
if authToken == "" {
return nil, status.Error(codes.Unauthenticated, "auth header missing")
}
}
orgID := grpc_util.GetHeader(ctx, api.ZitadelOrgID)
ctx, err := auth.CheckUserAuthorization(ctx, req, authToken, orgID, verifier, authConfig, authOpt)
if err != nil {
return nil, err
}
return handler(ctx, req)
return authorize(ctx, req, info, handler, verifier, authConfig)
}
}
func authorize(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler, verifier *authz.TokenVerifier, authConfig authz.Config) (interface{}, error) {
authOpt, needsToken := verifier.CheckAuthMethod(info.FullMethod)
if !needsToken {
return handler(ctx, req)
}
authToken := grpc_util.GetAuthorizationHeader(ctx)
if authToken == "" {
return nil, status.Error(codes.Unauthenticated, "auth header missing")
}
orgID := grpc_util.GetHeader(ctx, http.ZitadelOrgID)
ctx, err := authz.CheckUserAuthorization(ctx, req, authToken, orgID, verifier, authConfig, authOpt, info.FullMethod)
if err != nil {
return nil, err
}
return handler(ctx, req)
}

148
internal/api/grpc/server/middleware/auth_interceptor_test.go Normal file
View File

@@ -0,0 +1,148 @@
package middleware
import (
"context"
"reflect"
"testing"
"google.golang.org/grpc"
"google.golang.org/grpc/metadata"
"github.com/caos/zitadel/internal/api/authz"
)
var (
mockMethods = authz.MethodMapping{
"need.authentication": authz.Option{
Permission: "authenticated",
},
}
)
type verifierMock struct{}
func (v *verifierMock) VerifyAccessToken(ctx context.Context, token, clientID string) (string, string, error) {
return "", "", nil
}
func (v *verifierMock) ResolveGrants(ctx context.Context) (*authz.Grant, error) {
return nil, nil
}
func (v *verifierMock) ProjectIDByClientID(ctx context.Context, clientID string) (string, error) {
return "", nil
}
func (v *verifierMock) VerifierClientID(ctx context.Context, appName string) (string, error) {
return "", nil
}
func Test_authorize(t *testing.T) {
type args struct {
ctx context.Context
req interface{}
info *grpc.UnaryServerInfo
handler grpc.UnaryHandler
verifier *authz.TokenVerifier
authConfig authz.Config
authMethods authz.MethodMapping
}
type res struct {
want interface{}
wantErr bool
}
tests := []struct {
name string
args args
res res
}{
{
"no token needed ok",
args{
ctx: context.Background(),
req: &mockReq{},
info: mockInfo("/no/token/needed"),
handler: emptyMockHandler,
verifier: func() *authz.TokenVerifier {
verifier := authz.Start(&verifierMock{})
verifier.RegisterServer("need", "need", authz.MethodMapping{})
return verifier
}(),
authMethods: mockMethods,
},
res{
&mockReq{},
false,
},
},
{
"auth header missing error",
args{
ctx: context.Background(),
req: &mockReq{},
info: mockInfo("/need/authentication"),
handler: emptyMockHandler,
verifier: func() *authz.TokenVerifier {
verifier := authz.Start(&verifierMock{})
verifier.RegisterServer("need", "need", authz.MethodMapping{"/need/authentication": authz.Option{Permission: "authenticated"}})
return verifier
}(),
authConfig: authz.Config{},
authMethods: mockMethods,
},
res{
nil,
true,
},
},
{
"unauthorized error",
args{
ctx: metadata.NewIncomingContext(context.Background(), metadata.Pairs("authorization", "wrong")),
req: &mockReq{},
info: mockInfo("/need/authentication"),
handler: emptyMockHandler,
verifier: func() *authz.TokenVerifier {
verifier := authz.Start(&verifierMock{})
verifier.RegisterServer("need", "need", authz.MethodMapping{"/need/authentication": authz.Option{Permission: "authenticated"}})
return verifier
}(),
authConfig: authz.Config{},
authMethods: mockMethods,
},
res{
nil,
true,
},
},
{
"authorized ok",
args{
ctx: metadata.NewIncomingContext(context.Background(), metadata.Pairs("authorization", "Bearer token")),
req: &mockReq{},
info: mockInfo("/need/authentication"),
handler: emptyMockHandler,
verifier: func() *authz.TokenVerifier {
verifier := authz.Start(&verifierMock{})
verifier.RegisterServer("need", "need", authz.MethodMapping{"/need/authentication": authz.Option{Permission: "authenticated"}})
return verifier
}(),
authConfig: authz.Config{},
authMethods: mockMethods,
},
res{
&mockReq{},
false,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := authorize(tt.args.ctx, tt.args.req, tt.args.info, tt.args.handler, tt.args.verifier, tt.args.authConfig)
if (err != nil) != tt.res.wantErr {
t.Errorf("authorize() error = %v, wantErr %v", err, tt.res.wantErr)
return
}
if !reflect.DeepEqual(got, tt.res.want) {
t.Errorf("authorize() got = %v, want %v", got, tt.res.want)
}
})
}
}

12
internal/api/grpc/server/middleware/error_interceptor.go
View File

@@ -4,18 +4,22 @@ import (
"context"
"golang.org/x/text/language"
"google.golang.org/grpc"
grpc_util "github.com/caos/zitadel/internal/api/grpc"
"github.com/caos/zitadel/internal/i18n"
_ "github.com/caos/zitadel/internal/statik"
)
func ErrorHandler(defaultLanguage language.Tag) func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
func ErrorHandler(defaultLanguage language.Tag) grpc.UnaryServerInterceptor {
translator := newZitadelTranslator(defaultLanguage)
return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
resp, err := handler(ctx, req)
return resp, grpc_util.CaosToGRPCError(err, ctx, translator)
return toGRPCError(ctx, req, handler, translator)
}
}
func toGRPCError(ctx context.Context, req interface{}, handler grpc.UnaryHandler, translator *i18n.Translator) (interface{}, error) {
resp, err := handler(ctx, req)
return resp, grpc_util.CaosToGRPCError(ctx, err, translator)
}

63
internal/api/grpc/server/middleware/error_interceptor_test.go Normal file
View File

@@ -0,0 +1,63 @@
package middleware
import (
"context"
"reflect"
"testing"
"google.golang.org/grpc"
)
func Test_toGRPCError(t *testing.T) {
type args struct {
ctx context.Context
req interface{}
handler grpc.UnaryHandler
}
type res struct {
want interface{}
wantErr bool
}
tests := []struct {
name string
args args
res res
}{
{
"no error",
args{
ctx: context.Background(),
req: &mockReq{},
handler: emptyMockHandler,
},
res{
&mockReq{},
false,
},
},
{
"error",
args{
ctx: context.Background(),
req: &mockReq{},
handler: errorMockHandler,
},
res{
nil,
true,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := toGRPCError(tt.args.ctx, tt.args.req, tt.args.handler, nil)
if (err != nil) != tt.res.wantErr {
t.Errorf("toGRPCError() error = %v, wantErr %v", err, tt.res.wantErr)
return
}
if !reflect.DeepEqual(got, tt.res.want) {
t.Errorf("toGRPCError() got = %v, want %v", got, tt.res.want)
}
})
}
}

26
internal/api/grpc/server/middleware/mock_test.go Normal file
View File

@@ -0,0 +1,26 @@
package middleware
import (
"context"
"google.golang.org/grpc"
"github.com/caos/zitadel/internal/errors"
)
func emptyMockHandler(_ context.Context, req interface{}) (interface{}, error) {
return req, nil
}
func errorMockHandler(_ context.Context, req interface{}) (interface{}, error) {
return nil, errors.ThrowInternal(nil, "test", "error")
}
type mockReq struct{}
func mockInfo(path string) *grpc.UnaryServerInfo {
return &grpc.UnaryServerInfo{
Server: nil,
FullMethod: path,
}
}

17
internal/api/grpc/server/middleware/tracing.go
View File

@@ -9,13 +9,28 @@ import (
"google.golang.org/grpc"
"google.golang.org/grpc/stats"
"github.com/caos/zitadel/internal/api/http"
"github.com/caos/zitadel/internal/tracing"
)
type GRPCMethod string
func TracingStatsServer(ignoredMethods ...GRPCMethod) grpc.ServerOption {
return grpc.StatsHandler(&tracingServerHandler{ignoredMethods, ocgrpc.ServerHandler{StartOptions: trace.StartOptions{Sampler: tracing.Sampler(), SpanKind: trace.SpanKindServer}}})
return grpc.StatsHandler(
&tracingServerHandler{
ignoredMethods,
ocgrpc.ServerHandler{
StartOptions: trace.StartOptions{
Sampler: tracing.Sampler(),
SpanKind: trace.SpanKindServer,
},
},
},
)
}
func DefaultTracingStatsServer() grpc.ServerOption {
return TracingStatsServer(http.Healthz, http.Readiness, http.Validation)
}
type tracingServerHandler struct {

71
internal/api/grpc/server/middleware/tracing_test.go Normal file
View File

@@ -0,0 +1,71 @@
package middleware
import (
"context"
"testing"
"go.opencensus.io/plugin/ocgrpc"
"go.opencensus.io/trace"
"google.golang.org/grpc/stats"
)
func Test_tracingServerHandler_TagRPC(t *testing.T) {
type fields struct {
IgnoredMethods []GRPCMethod
ServerHandler ocgrpc.ServerHandler
}
type args struct {
ctx context.Context
tagInfo *stats.RPCTagInfo
}
type res struct {
wantSpan bool
}
tests := []struct {
name string
fields fields
args args
res res
}{
{
"ignored method",
fields{
IgnoredMethods: []GRPCMethod{"ignore"},
ServerHandler: ocgrpc.ServerHandler{},
},
args{
ctx: context.Background(),
tagInfo: &stats.RPCTagInfo{
FullMethodName: "ignore",
},
},
res{false},
},
{
"tag",
fields{
IgnoredMethods: []GRPCMethod{"ignore"},
ServerHandler: ocgrpc.ServerHandler{},
},
args{
ctx: context.Background(),
tagInfo: &stats.RPCTagInfo{
FullMethodName: "tag",
},
},
res{true},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
s := &tracingServerHandler{
IgnoredMethods: tt.fields.IgnoredMethods,
ServerHandler: tt.fields.ServerHandler,
}
got := s.TagRPC(tt.args.ctx, tt.args.tagInfo)
if (trace.FromContext(got) != nil) != tt.res.wantSpan {
t.Errorf("TagRPC() = %v, want %v", got, tt.res.wantSpan)
}
})
}
}

12
internal/api/grpc/server/probes.go
View File

@@ -26,7 +26,10 @@ func (v *Validator) Healthz(_ context.Context, e *empty.Empty) (*empty.Empty, er
}
func (v *Validator) Ready(ctx context.Context, e *empty.Empty) (*empty.Empty, error) {
return e, ready(ctx, v.validations)
if len(validate(ctx, v.validations)) == 0 {
return e, nil
}
return nil, errors.ThrowInternal(nil, "API-2jD9a", "not ready")
}
func (v *Validator) Validate(ctx context.Context, _ *empty.Empty) (*structpb.Struct, error) {
@@ -34,13 +37,6 @@ func (v *Validator) Validate(ctx context.Context, _ *empty.Empty) (*structpb.Str
return proto.ToPBStruct(validations)
}
func ready(ctx context.Context, validations map[string]ValidationFunction) error {
if len(validate(ctx, validations)) == 0 {
return nil
}
return errors.ThrowInternal(nil, "API-2jD9a", "not ready")
}
func validate(ctx context.Context, validations map[string]ValidationFunction) map[string]error {
errors := make(map[string]error)
for id, validation := range validations {

158
internal/api/grpc/server/probes_test.go Normal file
View File

@@ -0,0 +1,158 @@
package server
import (
"context"
"reflect"
"testing"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/internal/errors"
)
func TestValidator_Healthz(t *testing.T) {
type fields struct {
validations map[string]ValidationFunction
}
type res struct {
want *empty.Empty
hasErr bool
}
tests := []struct {
name string
fields fields
res res
}{
{
"ok",
fields{},
res{
&empty.Empty{},
false,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
v := &Validator{
validations: tt.fields.validations,
}
got, err := v.Healthz(nil, &empty.Empty{})
if (err != nil) != tt.res.hasErr {
t.Errorf("Healthz() error = %v, wantErr %v", err, tt.res.hasErr)
return
}
if !reflect.DeepEqual(got, tt.res.want) {
t.Errorf("Healthz() got = %v, want %v", got, tt.res.want)
}
})
}
}
func TestValidator_Ready(t *testing.T) {
type fields struct {
validations map[string]ValidationFunction
}
type res struct {
want *empty.Empty
hasErr bool
}
tests := []struct {
name string
fields fields
res res
}{
{
"unready error",
fields{validations: map[string]ValidationFunction{
"error": func(_ context.Context) error {
return errors.ThrowInternal(nil, "id", "message")
},
}},
res{
nil,
true,
},
},
{
"ready ok",
fields{validations: map[string]ValidationFunction{
"ok": func(_ context.Context) error {
return nil
},
}},
res{
&empty.Empty{},
false,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
v := &Validator{
validations: tt.fields.validations,
}
got, err := v.Ready(context.Background(), &empty.Empty{})
if (err != nil) != tt.res.hasErr {
t.Errorf("Ready() error = %v, wantErr %v", err, tt.res.hasErr)
return
}
if !reflect.DeepEqual(got, tt.res.want) {
t.Errorf("Ready() got = %v, want %v", got, tt.res.want)
}
})
}
}
func Test_validate(t *testing.T) {
type args struct {
validations map[string]ValidationFunction
}
type res struct {
want map[string]error
}
tests := []struct {
name string
args args
res res
}{
{
"no error empty",
args{
validations: map[string]ValidationFunction{
"ok": func(_ context.Context) error {
return nil
},
},
},
res{
map[string]error{},
},
},
{
"error in list",
args{
validations: map[string]ValidationFunction{
"ok": func(_ context.Context) error {
return nil
},
"error": func(_ context.Context) error {
return errors.ThrowInternal(nil, "id", "message")
},
},
},
res{
map[string]error{
"error": errors.ThrowInternal(nil, "id", "message"),
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := validate(context.Background(), tt.args.validations); !reflect.DeepEqual(got, tt.res.want) {
t.Errorf("validate() = %v, want %v", got, tt.res.want)
}
})
}
}

40
internal/api/grpc/server/server.go
View File

@@ -2,12 +2,14 @@ package server
import (
"context"
"github.com/caos/zitadel/internal/config/systemdefaults"
"net"
"github.com/caos/logging"
grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware"
"golang.org/x/text/language"
"google.golang.org/grpc"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/api/grpc/server/middleware"
"github.com/caos/zitadel/internal/api/http"
)
@@ -16,30 +18,36 @@ const (
)
type Server interface {
GRPCPort() string
GRPCServer(defaults systemdefaults.SystemDefaults) (*grpc.Server, error)
Gateway
RegisterServer(*grpc.Server)
AppName() string
MethodPrefix() string
AuthMethods() authz.MethodMapping
}
func StartServer(ctx context.Context, s Server, defaults systemdefaults.SystemDefaults) {
port := grpcPort(s.GRPCPort())
listener := http.CreateListener(port)
server := createGrpcServer(s, defaults)
serveServer(ctx, server, listener, port)
func CreateServer(verifier *authz.TokenVerifier, authConfig authz.Config, lang language.Tag) *grpc.Server {
return grpc.NewServer(
middleware.TracingStatsServer(http.Healthz, http.Readiness, http.Validation),
grpc.UnaryInterceptor(
grpc_middleware.ChainUnaryServer(
middleware.ErrorHandler(lang),
middleware.TranslationHandler(lang),
grpc_middleware.ChainUnaryServer(
middleware.AuthorizationInterceptor(verifier, authConfig),
),
),
),
)
}
func createGrpcServer(s Server, defaults systemdefaults.SystemDefaults) *grpc.Server {
grpcServer, err := s.GRPCServer(defaults)
logging.Log("SERVE-k280HZ").OnError(err).Panic("failed to create grpc server")
return grpcServer
}
func serveServer(ctx context.Context, server *grpc.Server, listener net.Listener, port string) {
func Serve(ctx context.Context, server *grpc.Server, port string) {
go func() {
<-ctx.Done()
server.GracefulStop()
}()
go func() {
listener := http.CreateListener(port)
err := server.Serve(listener)
logging.Log("SERVE-Ga3e94").OnError(err).Panic("grpc server serve failed")
}()

30
internal/api/header.go
View File

@@ -1,30 +0,0 @@
package api
const (
Authorization = "authorization"
Accept = "accept"
AcceptLanguage = "accept-language"
CacheControl = "cache-control"
ContentType = "content-type"
Expires = "expires"
Location = "location"
Origin = "origin"
Pragma = "pragma"
UserAgent = "user-agent"
ForwardedFor = "x-forwarded-for"
ContentSecurityPolicy = "content-security-policy"
XXSSProtection = "x-xss-protection"
StrictTransportSecurity = "strict-transport-security"
XFrameOptions = "x-frame-options"
XContentTypeOptions = "x-content-type-options"
ReferrerPolicy = "referrer-policy"
FeaturePolicy = "feature-policy"
ZitadelOrgID = "x-zitadel-orgid"
//TODO: Remove as soon an authentification is implemented
ZitadelUserID = "x-zitadel-userid"
ZitadelClientID = "x-zitadel-clientid"
ZitadelAgentID = "x-zitadel-agentid"
LoginKey = "x-zitadel-login"
)

109
internal/api/html/i18n.go
View File

@@ -1,109 +0,0 @@
package html
import (
"encoding/json"
"io/ioutil"
"net/http"
"path"
"github.com/BurntSushi/toml"
"github.com/caos/logging"
"github.com/ghodss/yaml"
"github.com/nicksnyder/go-i18n/v2/i18n"
"golang.org/x/text/language"
"github.com/caos/zitadel/internal/api"
http_util "github.com/caos/zitadel/internal/api/http"
"github.com/caos/zitadel/internal/errors"
)
type Translator struct {
bundle *i18n.Bundle
cookieName string
cookieHandler *http_util.CookieHandler
}
type TranslatorConfig struct {
Path string
DefaultLanguage language.Tag
CookieName string
}
func NewTranslator(config TranslatorConfig) (*Translator, error) {
t := new(Translator)
var err error
t.bundle, err = newBundle(config.Path, config.DefaultLanguage)
if err != nil {
return nil, err
}
t.cookieHandler = http_util.NewCookieHandler()
t.cookieName = config.CookieName
return t, nil
}
func newBundle(i18nDir string, defaultLanguage language.Tag) (*i18n.Bundle, error) {
bundle := i18n.NewBundle(defaultLanguage)
yamlUnmarshal := func(data []byte, v interface{}) error { return yaml.Unmarshal(data, v) }
bundle.RegisterUnmarshalFunc("yaml", yamlUnmarshal)
bundle.RegisterUnmarshalFunc("yml", yamlUnmarshal)
bundle.RegisterUnmarshalFunc("json", json.Unmarshal)
bundle.RegisterUnmarshalFunc("toml", toml.Unmarshal)
files, err := ioutil.ReadDir(i18nDir)
if err != nil {
return nil, errors.ThrowNotFound(err, "HTML-MnXRie", "path not found")
}
for _, file := range files {
bundle.MustLoadMessageFile(path.Join(i18nDir, file.Name()))
}
return bundle, nil
}
func (t *Translator) LocalizeFromRequest(r *http.Request, id string, args map[string]interface{}) string {
s, err := t.localizerFromRequest(r).Localize(&i18n.LocalizeConfig{
MessageID: id,
TemplateData: args,
})
if err != nil {
logging.Log("HTML-MsF5sx").WithError(err).Warnf("missing translation")
return id
}
return s
}
func (t *Translator) Localize(id string, args map[string]interface{}) string {
s, _ := t.localizer().Localize(&i18n.LocalizeConfig{
MessageID: id,
TemplateData: args,
})
return s
}
func (t *Translator) Lang(r *http.Request) language.Tag {
matcher := language.NewMatcher(t.bundle.LanguageTags())
tag, _ := language.MatchStrings(matcher, t.langsFromRequest(r)...)
return tag
}
func (t *Translator) SetLangCookie(w http.ResponseWriter, lang language.Tag) {
t.cookieHandler.SetCookie(w, t.cookieName, lang.String())
}
func (t *Translator) localizerFromRequest(r *http.Request) *i18n.Localizer {
return t.localizer(t.langsFromRequest(r)...)
}
func (t *Translator) localizer(langs ...string) *i18n.Localizer {
return i18n.NewLocalizer(t.bundle, langs...)
}
func (t *Translator) langsFromRequest(r *http.Request) []string {
langs := make([]string, 0)
if r == nil {
return langs
}
lang, err := t.cookieHandler.GetCookieValue(r, t.cookieName)
if err == nil {
langs = append(langs, lang)
}
return append(langs, r.Header.Get(api.AcceptLanguage))
}

81
internal/api/html/renderer.go
View File

@@ -1,81 +0,0 @@
package html
import (
"net/http"
"path"
"text/template"
"github.com/caos/logging"
"golang.org/x/text/language"
)
const (
TranslateFn = "t"
)
type Renderer struct {
Templates map[string]*template.Template
translator *Translator
}
func NewRenderer(templatesDir string, tmplMapping map[string]string, funcs map[string]interface{}, translatorConfig TranslatorConfig) (*Renderer, error) {
var err error
r := new(Renderer)
r.translator, err = NewTranslator(translatorConfig)
if err != nil {
return nil, err
}
r.loadTemplates(templatesDir, tmplMapping, funcs)
return r, nil
}
func (r *Renderer) RenderTemplate(w http.ResponseWriter, req *http.Request, tmpl *template.Template, data interface{}, reqFuncs map[string]interface{}) {
reqFuncs = r.registerTranslateFn(req, reqFuncs)
err := tmpl.Funcs(reqFuncs).Execute(w, data)
logging.LogWithFields("HTML-lF8F6w", "template", tmpl.Name).OnError(err).Error("error rendering template")
}
func (r *Renderer) Localize(id string, args map[string]interface{}) string {
return r.translator.Localize(id, args)
}
func (r *Renderer) LocalizeFromRequest(req *http.Request, id string, args map[string]interface{}) string {
return r.translator.LocalizeFromRequest(req, id, args)
}
func (r *Renderer) Lang(req *http.Request) language.Tag {
return r.translator.Lang(req)
}
func (r *Renderer) loadTemplates(templatesDir string, tmplMapping map[string]string, funcs map[string]interface{}) {
funcs = r.registerTranslateFn(nil, funcs)
funcs[TranslateFn] = func(id string, args ...interface{}) string {
return id
}
tmpls := template.Must(template.New("").Funcs(funcs).ParseGlob(path.Join(templatesDir, "*.html")))
r.Templates = make(map[string]*template.Template, len(tmplMapping))
for name, file := range tmplMapping {
r.Templates[name] = tmpls.Lookup(file)
}
}
func (r *Renderer) registerTranslateFn(req *http.Request, funcs map[string]interface{}) map[string]interface{} {
if funcs == nil {
funcs = make(map[string]interface{})
}
funcs[TranslateFn] = func(id string, args ...interface{}) string {
m := map[string]interface{}{}
var key string
for i, arg := range args {
if i%2 == 0 {
key = arg.(string)
continue
}
m[key] = arg
}
if r == nil {
return r.Localize(id, m)
}
return r.LocalizeFromRequest(req, id, m)
}
return funcs
}

32
internal/api/http/header.go
View File

@@ -5,8 +5,30 @@ import (
"net"
"net/http"
"strings"
)
"github.com/caos/zitadel/internal/api"
const (
Authorization = "authorization"
Accept = "accept"
AcceptLanguage = "accept-language"
CacheControl = "cache-control"
ContentType = "content-type"
Expires = "expires"
Location = "location"
Origin = "origin"
Pragma = "pragma"
UserAgentHeader = "user-agent"
ForwardedFor = "x-forwarded-for"
ContentSecurityPolicy = "content-security-policy"
XXSSProtection = "x-xss-protection"
StrictTransportSecurity = "strict-transport-security"
XFrameOptions = "x-frame-options"
XContentTypeOptions = "x-content-type-options"
ReferrerPolicy = "referrer-policy"
FeaturePolicy = "feature-policy"
ZitadelOrgID = "x-zitadel-orgid"
)
type key int
@@ -35,7 +57,7 @@ func RemoteIPFromCtx(ctx context.Context) string {
if !ok {
return RemoteAddrFromCtx(ctx)
}
forwarded, ok := ForwardedFor(ctxHeaders)
forwarded, ok := GetForwardedFor(ctxHeaders)
if ok {
return forwarded
}
@@ -47,15 +69,15 @@ func RemoteIPFromRequest(r *http.Request) net.IP {
}
func RemoteIPStringFromRequest(r *http.Request) string {
ip, ok := ForwardedFor(r.Header)
ip, ok := GetForwardedFor(r.Header)
if ok {
return ip
}
return r.RemoteAddr
}
func ForwardedFor(headers http.Header) (string, bool) {
forwarded, ok := headers[api.ForwardedFor]
func GetForwardedFor(headers http.Header) (string, bool) {
forwarded, ok := headers[ForwardedFor]
if ok {
ip := strings.Split(forwarded[0], ", ")[0]
if ip != "" {

4
internal/api/http/listener.go
View File

@@ -8,12 +8,12 @@ import (
)
func CreateListener(endpoint string) net.Listener {
l, err := net.Listen("tcp", listenerEndpoint(endpoint))
l, err := net.Listen("tcp", Endpoint(endpoint))
logging.Log("SERVE-6vasef").OnError(err).Fatal("creating listener failed")
return l
}
func listenerEndpoint(endpoint string) string {
func Endpoint(endpoint string) string {
if strings.Contains(endpoint, ":") {
return endpoint
}

8
internal/api/http/middleware/cache_interceptor.go
View File

@@ -7,7 +7,7 @@ import (
"strings"
"time"
"github.com/caos/zitadel/internal/api"
http_utils "github.com/caos/zitadel/internal/api/http"
"github.com/caos/zitadel/internal/config/types"
)
@@ -120,9 +120,9 @@ func (c *Cache) serializeHeaders(w http.ResponseWriter) {
control = append(control, string(c.Revalidation))
}
w.Header().Set(api.CacheControl, strings.Join(control, ", "))
w.Header().Set(api.Expires, expires)
w.Header().Set(http_utils.CacheControl, strings.Join(control, ", "))
w.Header().Set(http_utils.Expires, expires)
if pragma {
w.Header().Set(api.Pragma, "no-cache")
w.Header().Set(http_utils.Pragma, "no-cache")
}
}

16
internal/api/http/middleware/cors_interceptor.go
View File

@@ -5,19 +5,19 @@ import (
"github.com/rs/cors"
"github.com/caos/zitadel/internal/api"
http_utils "github.com/caos/zitadel/internal/api/http"
)
var (
DefaultCORSOptions = cors.Options{
AllowCredentials: true,
AllowedHeaders: []string{
api.Origin,
api.ContentType,
api.Accept,
api.AcceptLanguage,
api.Authorization,
api.ZitadelOrgID,
http_utils.Origin,
http_utils.ContentType,
http_utils.Accept,
http_utils.AcceptLanguage,
http_utils.Authorization,
http_utils.ZitadelOrgID,
},
AllowedMethods: []string{
http.MethodOptions,
@@ -29,7 +29,7 @@ var (
http.MethodDelete,
},
ExposedHeaders: []string{
api.Location,
http_utils.Location,
},
AllowedOrigins: []string{
"http://localhost:*",

16
internal/api/http/middleware/security_headers.go
View File

@@ -6,7 +6,7 @@ import (
"encoding/base64"
"net/http"
"github.com/caos/zitadel/internal/api"
http_utils "github.com/caos/zitadel/internal/api/http"
)
type key int
@@ -63,13 +63,13 @@ func (h *headers) ServeHTTP(w http.ResponseWriter, r *http.Request) {
r = saveContext(r, nonceKey, nonce)
}
headers := w.Header()
headers.Set(api.ContentSecurityPolicy, h.csp.Value(nonce))
headers.Set(api.XXSSProtection, "1; mode=block")
headers.Set(api.StrictTransportSecurity, "max-age=31536000; includeSubDomains")
headers.Set(api.XFrameOptions, "DENY")
headers.Set(api.XContentTypeOptions, "nosniff")
headers.Set(api.ReferrerPolicy, "same-origin")
headers.Set(api.FeaturePolicy, "payment 'none'")
headers.Set(http_utils.ContentSecurityPolicy, h.csp.Value(nonce))
headers.Set(http_utils.XXSSProtection, "1; mode=block")
headers.Set(http_utils.StrictTransportSecurity, "max-age=31536000; includeSubDomains")
headers.Set(http_utils.XFrameOptions, "DENY")
headers.Set(http_utils.XContentTypeOptions, "nosniff")
headers.Set(http_utils.ReferrerPolicy, "same-origin")
headers.Set(http_utils.FeaturePolicy, "payment 'none'")
//PLANNED: add expect-ct
h.handler.ServeHTTP(w, r)

4
internal/api/http/middleware/trace_interceptor.go
View File

@@ -3,10 +3,10 @@ package middleware
import (
"net/http"
"github.com/caos/zitadel/internal/api"
http_utils "github.com/caos/zitadel/internal/api/http"
"github.com/caos/zitadel/internal/tracing"
)
func DefaultTraceHandler(handler http.Handler) http.Handler {
return tracing.TraceHandler(handler, api.Probes...)
return tracing.TraceHandler(handler, http_utils.Probes...)
}

2
internal/api/probes.go → internal/api/http/probes.go
View File

@@ -1,4 +1,4 @@
package api
package http
const (
Healthz = "/Healthz"

32
internal/api/http/server.go Normal file
View File

@@ -0,0 +1,32 @@
package http
import (
"context"
"net/http"
"github.com/caos/logging"
)
func Serve(ctx context.Context, handler http.Handler, port, servername string) {
server := &http.Server{
Handler: handler,
}
listener := CreateListener(port)
go func() {
<-ctx.Done()
err := server.Shutdown(ctx)
logging.LogWithFields("HTTP-m7kBlq", "name", servername).OnError(err).Warnf("error during graceful shutdown of http server (%s)", servername)
}()
go func() {
err := server.Serve(listener)
logging.LogWithFields("HTTP-tBHR60", "name", servername).OnError(err).Panicf("http serve (%s) failed", servername)
}()
logging.LogWithFields("HTTP-KHh0Cb", "name", servername, "port", port).Infof("http server (%s) is listening", servername)
}
func RegisterHandler(mux *http.ServeMux, prefix string, handler http.Handler) {
mux.Handle(prefix+"/", http.StripPrefix(prefix, handler))
}

82
internal/api/oidc/auth_request.go Normal file
View File

@@ -0,0 +1,82 @@
package oidc
import (
"context"
"time"
"github.com/caos/oidc/pkg/oidc"
"github.com/caos/oidc/pkg/op"
"gopkg.in/square/go-jose.v2"
"github.com/caos/zitadel/internal/auth_request/model"
"github.com/caos/zitadel/internal/errors"
)
func (o *OPStorage) CreateAuthRequest(ctx context.Context, req *oidc.AuthRequest, userID string) (op.AuthRequest, error) {
userAgentID, ok := UserAgentIDFromCtx(ctx)
if !ok {
return nil, errors.ThrowPreconditionFailed(nil, "OIDC-sd436", "no user agent id")
}
authRequest := CreateAuthRequestToBusiness(ctx, req, userAgentID, userID)
resp, err := o.repo.CreateAuthRequest(ctx, authRequest)
if err != nil {
return nil, err
}
return AuthRequestFromBusiness(resp)
}
func (o *OPStorage) AuthRequestByID(ctx context.Context, id string) (op.AuthRequest, error) {
resp, err := o.repo.AuthRequestByIDCheckLoggedIn(ctx, id)
if err != nil {
return nil, err
}
return AuthRequestFromBusiness(resp)
}
func (o *OPStorage) AuthRequestByCode(ctx context.Context, code string) (op.AuthRequest, error) {
resp, err := o.repo.AuthRequestByCode(ctx, code)
if err != nil {
return nil, err
}
return AuthRequestFromBusiness(resp)
}
func (o *OPStorage) SaveAuthCode(ctx context.Context, id, code string) error {
return o.repo.SaveAuthCode(ctx, id, code)
}
func (o *OPStorage) DeleteAuthRequest(ctx context.Context, id string) error {
return o.repo.DeleteAuthRequest(ctx, id)
}
func (o *OPStorage) CreateToken(ctx context.Context, authReq op.AuthRequest) (string, time.Time, error) {
req, err := o.repo.AuthRequestByID(ctx, authReq.GetID())
if err != nil {
return "", time.Time{}, err
}
resp, err := o.repo.CreateToken(ctx, req.AgentID, req.ApplicationID, req.UserID, req.Audience, req.Request.(*model.AuthRequestOIDC).Scopes, o.defaultAccessTokenLifetime) //PLANNED: lifetime from client
if err != nil {
return "", time.Time{}, err
}
return resp.ID, resp.Expiration, nil
}
func (o *OPStorage) TerminateSession(ctx context.Context, userID, clientID string) error {
userAgentID, ok := UserAgentIDFromCtx(ctx)
if !ok {
return errors.ThrowPreconditionFailed(nil, "OIDC-fso7F", "no user agent id")
}
return o.repo.SignOut(ctx, userAgentID)
}
func (o *OPStorage) GetSigningKey(ctx context.Context, keyCh chan<- jose.SigningKey, errCh chan<- error, timer <-chan time.Time) {
o.repo.GetSigningKey(ctx, keyCh, errCh, timer)
}
func (o *OPStorage) GetKeySet(ctx context.Context) (*jose.JSONWebKeySet, error) {
return o.repo.GetKeySet(ctx)
}
func (o *OPStorage) SaveNewKeyPair(ctx context.Context) error {
return o.repo.GenerateSigningKeyPair(ctx, o.signingKeyAlgorithm)
}

253
internal/api/oidc/auth_request_converter.go Normal file
View File

@@ -0,0 +1,253 @@
package oidc
import (
"context"
"net"
"time"
"github.com/caos/oidc/pkg/oidc"
"github.com/caos/oidc/pkg/op"
"golang.org/x/text/language"
http_utils "github.com/caos/zitadel/internal/api/http"
"github.com/caos/zitadel/internal/auth_request/model"
"github.com/caos/zitadel/internal/errors"
)
const (
amrPassword = "password"
amrMFA = "mfa"
amrOTP = "otp"
)
type AuthRequest struct {
*model.AuthRequest
}
func (a *AuthRequest) GetID() string {
return a.ID
}
func (a *AuthRequest) GetACR() string {
// return a.
return "" //PLANNED: impl
}
func (a *AuthRequest) GetAMR() []string {
amr := make([]string, 0)
if a.PasswordVerified {
amr = append(amr, amrPassword)
}
if len(a.MfasVerified) > 0 {
amr = append(amr, amrMFA)
for _, mfa := range a.MfasVerified {
if amrMfa := AMRFromMFAType(mfa); amrMfa != "" {
amr = append(amr, amrMfa)
}
}
}
return amr
}
func (a *AuthRequest) GetAudience() []string {
return a.Audience
}
func (a *AuthRequest) GetAuthTime() time.Time {
return a.AuthTime
}
func (a *AuthRequest) GetClientID() string {
return a.ApplicationID
}
func (a *AuthRequest) GetCodeChallenge() *oidc.CodeChallenge {
return CodeChallengeToOIDC(a.oidc().CodeChallenge)
}
func (a *AuthRequest) GetNonce() string {
return a.oidc().Nonce
}
func (a *AuthRequest) GetRedirectURI() string {
return a.CallbackURI
}
func (a *AuthRequest) GetResponseType() oidc.ResponseType {
return ResponseTypeToOIDC(a.oidc().ResponseType)
}
func (a *AuthRequest) GetScopes() []string {
return a.oidc().Scopes
}
func (a *AuthRequest) GetState() string {
return a.TransferState
}
func (a *AuthRequest) GetSubject() string {
return a.UserID
}
func (a *AuthRequest) Done() bool {
for _, step := range a.PossibleSteps {
if step.Type() == model.NextStepRedirectToCallback {
return true
}
}
return false
}
func (a *AuthRequest) oidc() *model.AuthRequestOIDC {
return a.Request.(*model.AuthRequestOIDC)
}
func AuthRequestFromBusiness(authReq *model.AuthRequest) (_ op.AuthRequest, err error) {
if _, ok := authReq.Request.(*model.AuthRequestOIDC); !ok {
return nil, errors.ThrowInvalidArgument(nil, "OIDC-Haz7A", "auth request is not of type oidc")
}
return &AuthRequest{authReq}, nil
}
func CreateAuthRequestToBusiness(ctx context.Context, authReq *oidc.AuthRequest, userAgentID, userID string) *model.AuthRequest {
return &model.AuthRequest{
AgentID: userAgentID,
BrowserInfo: ParseBrowserInfoFromContext(ctx),
ApplicationID: authReq.ClientID,
CallbackURI: authReq.RedirectURI,
TransferState: authReq.State,
Prompt: PromptToBusiness(authReq.Prompt),
PossibleLOAs: ACRValuesToBusiness(authReq.ACRValues),
UiLocales: UILocalesToBusiness(authReq.UILocales),
LoginHint: authReq.LoginHint,
MaxAuthAge: authReq.MaxAge,
UserID: userID,
Request: &model.AuthRequestOIDC{
Scopes: authReq.Scopes,
ResponseType: ResponseTypeToBusiness(authReq.ResponseType),
Nonce: authReq.Nonce,
CodeChallenge: CodeChallengeToBusiness(authReq.CodeChallenge, authReq.CodeChallengeMethod),
},
}
}
func ParseBrowserInfoFromContext(ctx context.Context) *model.BrowserInfo {
userAgent, acceptLang := HttpHeadersFromContext(ctx)
ip := IpFromContext(ctx)
return &model.BrowserInfo{RemoteIP: ip, UserAgent: userAgent, AcceptLanguage: acceptLang}
}
func HttpHeadersFromContext(ctx context.Context) (userAgent, acceptLang string) {
ctxHeaders, ok := http_utils.HeadersFromCtx(ctx)
if !ok {
return
}
if agents, ok := ctxHeaders[http_utils.UserAgentHeader]; ok {
userAgent = agents[0]
}
if langs, ok := ctxHeaders[http_utils.AcceptLanguage]; ok {
acceptLang = langs[0]
}
return userAgent, acceptLang
}
func IpFromContext(ctx context.Context) net.IP {
ipString := http_utils.RemoteIPFromCtx(ctx)
if ipString == "" {
return nil
}
return net.ParseIP(ipString)
}
func PromptToBusiness(prompt oidc.Prompt) model.Prompt {
switch prompt {
case oidc.PromptNone:
return model.PromptNone
case oidc.PromptLogin:
return model.PromptLogin
case oidc.PromptConsent:
return model.PromptConsent
case oidc.PromptSelectAccount:
return model.PromptSelectAccount
default:
return model.PromptUnspecified
}
}
func ACRValuesToBusiness(values []string) []model.LevelOfAssurance {
return nil
}
func UILocalesToBusiness(tags []language.Tag) []string {
if tags == nil {
return nil
}
locales := make([]string, len(tags))
for i, tag := range tags {
locales[i] = tag.String()
}
return locales
}
func ResponseTypeToBusiness(responseType oidc.ResponseType) model.OIDCResponseType {
switch responseType {
case oidc.ResponseTypeCode:
return model.OIDCResponseTypeCode
case oidc.ResponseTypeIDToken:
return model.OIDCResponseTypeIdToken
case oidc.ResponseTypeIDTokenOnly:
return model.OIDCResponseTypeToken
default:
return model.OIDCResponseTypeCode
}
}
func ResponseTypeToOIDC(responseType model.OIDCResponseType) oidc.ResponseType {
switch responseType {
case model.OIDCResponseTypeCode:
return oidc.ResponseTypeCode
case model.OIDCResponseTypeToken:
return oidc.ResponseTypeIDToken
case model.OIDCResponseTypeIdToken:
return oidc.ResponseTypeIDTokenOnly
default:
return oidc.ResponseTypeCode
}
}
func CodeChallengeToBusiness(challenge string, method oidc.CodeChallengeMethod) *model.OIDCCodeChallenge {
if challenge == "" {
return nil
}
challengeMethod := model.CodeChallengeMethodPlain
if method == oidc.CodeChallengeMethodS256 {
challengeMethod = model.CodeChallengeMethodS256
}
return &model.OIDCCodeChallenge{
Challenge: challenge,
Method: challengeMethod,
}
}
func CodeChallengeToOIDC(challenge *model.OIDCCodeChallenge) *oidc.CodeChallenge {
if challenge == nil {
return nil
}
challengeMethod := oidc.CodeChallengeMethodPlain
if challenge.Method == model.CodeChallengeMethodS256 {
challengeMethod = oidc.CodeChallengeMethodS256
}
return &oidc.CodeChallenge{
Challenge: challenge.Challenge,
Method: challengeMethod,
}
}
func AMRFromMFAType(mfaType model.MfaType) string {
switch mfaType {
case model.MfaTypeOTP:
return amrOTP
default:
return ""
}
}

97
internal/api/oidc/client.go Normal file
View File

@@ -0,0 +1,97 @@
package oidc
import (
"context"
"github.com/caos/oidc/pkg/oidc"
"github.com/caos/oidc/pkg/op"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/errors"
proj_model "github.com/caos/zitadel/internal/project/model"
user_model "github.com/caos/zitadel/internal/user/model"
)
const (
scopeOpenID = "openid"
scopeProfile = "profile"
scopeEmail = "email"
scopePhone = "phone"
scopeAddress = "address"
oidcCtx = "oidc"
)
func (o *OPStorage) GetClientByClientID(ctx context.Context, id string) (op.Client, error) {
client, err := o.repo.ApplicationByClientID(ctx, id)
if err != nil {
return nil, err
}
if client.State != proj_model.AppStateActive {
return nil, errors.ThrowPreconditionFailed(nil, "OIDC-sdaGg", "client is not active")
}
return ClientFromBusiness(client, o.defaultLoginURL, o.defaultAccessTokenLifetime, o.defaultIdTokenLifetime)
}
func (o *OPStorage) AuthorizeClientIDSecret(ctx context.Context, id string, secret string) error {
ctx = authz.SetCtxData(ctx, authz.CtxData{
UserID: oidcCtx,
OrgID: oidcCtx,
})
return o.repo.AuthorizeOIDCApplication(ctx, id, secret)
}
func (o *OPStorage) GetUserinfoFromToken(ctx context.Context, tokenID string) (*oidc.Userinfo, error) {
token, err := o.repo.TokenByID(ctx, tokenID)
if err != nil {
return nil, err
}
return o.GetUserinfoFromScopes(ctx, token.UserID, token.Scopes)
}
func (o *OPStorage) GetUserinfoFromScopes(ctx context.Context, userID string, scopes []string) (*oidc.Userinfo, error) {
user, err := o.repo.UserByID(ctx, userID)
if err != nil {
return nil, err
}
userInfo := new(oidc.Userinfo)
for _, scope := range scopes {
switch scope {
case scopeOpenID:
userInfo.Subject = user.ID
case scopeEmail:
userInfo.Email = user.Email
userInfo.EmailVerified = user.IsEmailVerified
case scopeProfile:
userInfo.Name = user.DisplayName
userInfo.FamilyName = user.LastName
userInfo.GivenName = user.FirstName
userInfo.Nickname = user.NickName
userInfo.PreferredUsername = user.PreferredLoginName
userInfo.UpdatedAt = user.ChangeDate
userInfo.Gender = oidc.Gender(getGender(user.Gender))
case scopePhone:
userInfo.PhoneNumber = user.Phone
userInfo.PhoneNumberVerified = user.IsPhoneVerified
case scopeAddress:
userInfo.Address.StreetAddress = user.StreetAddress
userInfo.Address.Locality = user.Locality
userInfo.Address.Region = user.Region
userInfo.Address.PostalCode = user.PostalCode
userInfo.Address.Country = user.Country
}
}
return userInfo, nil
}
func getGender(gender user_model.Gender) string {
switch gender {
case user_model.GenderFemale:
return "female"
case user_model.GenderMale:
return "male"
case user_model.GenderDiverse:
return "diverse"
}
return ""
}

73
internal/api/oidc/client_converter.go Normal file
View File

@@ -0,0 +1,73 @@
package oidc
import (
"time"
"github.com/caos/oidc/pkg/op"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/project/model"
)
type Client struct {
*model.ApplicationView
defaultLoginURL string
defaultAccessTokenLifetime time.Duration
defaultIdTokenLifetime time.Duration
}
func ClientFromBusiness(app *model.ApplicationView, defaultLoginURL string, defaultAccessTokenLifetime, defaultIdTokenLifetime time.Duration) (op.Client, error) {
if !app.IsOIDC {
return nil, errors.ThrowInvalidArgument(nil, "OIDC-d5bhD", "client is not a proper oidc application")
}
return &Client{ApplicationView: app, defaultLoginURL: defaultLoginURL, defaultAccessTokenLifetime: defaultAccessTokenLifetime, defaultIdTokenLifetime: defaultIdTokenLifetime}, nil
}
func (c *Client) ApplicationType() op.ApplicationType {
return op.ApplicationType(c.OIDCApplicationType)
}
func (c *Client) GetAuthMethod() op.AuthMethod {
return authMethodToOIDC(c.OIDCAuthMethodType)
}
func (c *Client) GetID() string {
return c.OIDCClientID
}
func (c *Client) LoginURL(id string) string {
return c.defaultLoginURL + id
}
func (c *Client) RedirectURIs() []string {
return c.OIDCRedirectUris
}
func (c *Client) PostLogoutRedirectURIs() []string {
return c.OIDCPostLogoutRedirectUris
}
func (c *Client) AccessTokenLifetime() time.Duration {
return c.defaultAccessTokenLifetime //PLANNED: impl from real client
}
func (c *Client) IDTokenLifetime() time.Duration {
return c.defaultIdTokenLifetime //PLANNED: impl from real client
}
func (c *Client) AccessTokenType() op.AccessTokenType {
return op.AccessTokenTypeBearer //PLANNED: impl from real client
}
func authMethodToOIDC(authType model.OIDCAuthMethodType) op.AuthMethod {
switch authType {
case model.OIDCAuthMethodTypeBasic:
return op.AuthMethodBasic
case model.OIDCAuthMethodTypePost:
return op.AuthMethodPost
case model.OIDCAuthMethodTypeNone:
return op.AuthMethodNone
default:
return op.AuthMethodBasic
}
}

37
internal/api/oidc/cookie_interceptor.go Normal file
View File

@@ -0,0 +1,37 @@
package oidc
import (
"context"
"net/http"
http_utils "github.com/caos/zitadel/internal/api/http"
)
type key int
var (
userAgentKey key
)
func UserAgentIDFromCtx(ctx context.Context) (string, bool) {
userAgentID, ok := ctx.Value(userAgentKey).(string)
return userAgentID, ok
}
func UserAgentCookieHandler(cookieHandler *http_utils.UserAgentHandler, nextHandlerFunc func(http.HandlerFunc) http.HandlerFunc) func(http.HandlerFunc) http.HandlerFunc {
return func(handlerFunc http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
ua, err := cookieHandler.GetUserAgent(r)
if err != nil {
ua, err = cookieHandler.NewUserAgent()
}
if err == nil {
ctx := context.WithValue(r.Context(), userAgentKey, ua.ID)
r = r.WithContext(ctx)
cookieHandler.SetUserAgent(w, ua)
}
handlerFunc(w, r)
nextHandlerFunc(handlerFunc)
}
}
}

95
internal/api/oidc/op.go Normal file
View File

@@ -0,0 +1,95 @@
package oidc
import (
"context"
"net/http"
"time"
"github.com/caos/logging"
"github.com/caos/oidc/pkg/op"
http_utils "github.com/caos/zitadel/internal/api/http"
"github.com/caos/zitadel/internal/api/http/middleware"
"github.com/caos/zitadel/internal/auth/repository"
"github.com/caos/zitadel/internal/config/types"
"github.com/caos/zitadel/internal/id"
)
type OPHandlerConfig struct {
OPConfig *op.Config
StorageConfig StorageConfig
UserAgentCookieConfig *http_utils.UserAgentCookieConfig
Cache *middleware.CacheConfig
Endpoints *EndpointConfig
}
type StorageConfig struct {
DefaultLoginURL string
SigningKeyAlgorithm string
DefaultAccessTokenLifetime types.Duration
DefaultIdTokenLifetime types.Duration
}
type EndpointConfig struct {
Auth *Endpoint
Token *Endpoint
Userinfo *Endpoint
EndSession *Endpoint
Keys *Endpoint
}
type Endpoint struct {
Path string
URL string
}
type OPStorage struct {
repo repository.Repository
defaultLoginURL string
defaultAccessTokenLifetime time.Duration
defaultIdTokenLifetime time.Duration
signingKeyAlgorithm string
}
func NewProvider(ctx context.Context, config OPHandlerConfig, repo repository.Repository) op.OpenIDProvider {
cookieHandler, err := http_utils.NewUserAgentHandler(config.UserAgentCookieConfig, id.SonyFlakeGenerator)
logging.Log("OIDC-sd4fd").OnError(err).Panic("cannot user agent handler")
nextHandler := func(handlerFunc http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
middleware.NoCacheInterceptor(http_utils.CopyHeadersToContext(handlerFunc))
}
}
provider, err := op.NewDefaultOP(
ctx,
config.OPConfig,
newStorage(config.StorageConfig, repo),
op.WithHttpInterceptor(
UserAgentCookieHandler(
cookieHandler,
nextHandler,
),
),
op.WithCustomAuthEndpoint(op.NewEndpointWithURL(config.Endpoints.Auth.Path, config.Endpoints.Auth.URL)),
op.WithCustomTokenEndpoint(op.NewEndpointWithURL(config.Endpoints.Token.Path, config.Endpoints.Token.URL)),
op.WithCustomUserinfoEndpoint(op.NewEndpointWithURL(config.Endpoints.Userinfo.Path, config.Endpoints.Userinfo.URL)),
op.WithCustomEndSessionEndpoint(op.NewEndpointWithURL(config.Endpoints.EndSession.Path, config.Endpoints.EndSession.URL)),
op.WithCustomKeysEndpoint(op.NewEndpointWithURL(config.Endpoints.Keys.Path, config.Endpoints.Keys.URL)),
op.WithRetry(3, time.Duration(30*time.Second)),
)
logging.Log("OIDC-asf13").OnError(err).Panic("cannot create provider")
return provider
}
func newStorage(config StorageConfig, repo repository.Repository) *OPStorage {
return &OPStorage{
repo: repo,
defaultLoginURL: config.DefaultLoginURL,
signingKeyAlgorithm: config.SigningKeyAlgorithm,
defaultAccessTokenLifetime: config.DefaultAccessTokenLifetime.Duration,
defaultIdTokenLifetime: config.DefaultIdTokenLifetime.Duration,
}
}
func (o *OPStorage) Health(ctx context.Context) error {
return o.repo.Health(ctx)
}