feat: port reduction (#323)

* move mgmt pkg

* begin package restructure

* rename auth package to authz

* begin start api

* move auth

* move admin

* fix merge

* configs and interceptors

* interceptor

* revert generate-grpc.sh

* some cleanups

* console

* move console

* fix tests and merging

* js linting

* merge

* merging and configs

* change k8s base to current ports

* fixes

* cleanup

* regenerate proto

* remove unnecessary whitespace

* missing param

* go mod tidy

* fix merging

* move login pkg

* cleanup

* move api pkgs again

* fix pkg naming

* fix generate-static.sh for login

* update workflow

* fixes

* logging

* remove duplicate

* comment for optional gateway interfaces

* regenerate protos

* fix proto imports for grpc web

* protos

* grpc web generate

* grpc web generate

* fix changes

* add translation interceptor

* fix merging

* regenerate mgmt proto

pkg/grpc/admin/admin.pb.authoptions.go

@@ -0,0 +1,101 @@
+// Code generated by protoc-gen-authmethod. DO NOT EDIT.
+
+package admin
+
+import (
+	"github.com/caos/zitadel/internal/api/authz"
+)
+
+/**
+ * AdminService
+ */
+
+const AdminService_MethodPrefix = "caos.zitadel.admin.api.v1.AdminService"
+
+var AdminService_AuthMethods = authz.MethodMapping{
+
+	"/caos.zitadel.admin.api.v1.AdminService/IsOrgUnique": authz.Option{
+		Permission: "iam.read",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.admin.api.v1.AdminService/GetOrgByID": authz.Option{
+		Permission: "iam.read",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.admin.api.v1.AdminService/SearchOrgs": authz.Option{
+		Permission: "iam.read",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.admin.api.v1.AdminService/SetUpOrg": authz.Option{
+		Permission: "iam.write",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.admin.api.v1.AdminService/GetOrgIamPolicy": authz.Option{
+		Permission: "iam.policy.read",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.admin.api.v1.AdminService/CreateOrgIamPolicy": authz.Option{
+		Permission: "iam.policy.write",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.admin.api.v1.AdminService/UpdateOrgIamPolicy": authz.Option{
+		Permission: "iam.policy.write",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.admin.api.v1.AdminService/DeleteOrgIamPolicy": authz.Option{
+		Permission: "iam.policy.delete",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.admin.api.v1.AdminService/GetIamMemberRoles": authz.Option{
+		Permission: "iam.member.read",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.admin.api.v1.AdminService/AddIamMember": authz.Option{
+		Permission: "iam.member.write",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.admin.api.v1.AdminService/ChangeIamMember": authz.Option{
+		Permission: "iam.member.write",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.admin.api.v1.AdminService/RemoveIamMember": authz.Option{
+		Permission: "iam.member.delete",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.admin.api.v1.AdminService/SearchIamMembers": authz.Option{
+		Permission: "iam.member.read",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.admin.api.v1.AdminService/GetViews": authz.Option{
+		Permission: "iam.read",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.admin.api.v1.AdminService/ClearView": authz.Option{
+		Permission: "iam.write",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.admin.api.v1.AdminService/GetFailedEvents": authz.Option{
+		Permission: "iam.read",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.admin.api.v1.AdminService/RemoveFailedEvent": authz.Option{
+		Permission: "iam.write",
+		CheckParam: "",
+	},
+}

pkg/grpc/admin/mock/admin.proto.mock.go

@@ -0,0 +1,438 @@
+// Code generated by MockGen. DO NOT EDIT.
+// Source: github.com/caos/zitadel/pkg/grpc/admin (interfaces: AdminServiceClient)
+
+// Package api is a generated GoMock package.
+package api
+
+import (
+	context "context"
+	admin "github.com/caos/zitadel/pkg/grpc/admin"
+	gomock "github.com/golang/mock/gomock"
+	grpc "google.golang.org/grpc"
+	emptypb "google.golang.org/protobuf/types/known/emptypb"
+	structpb "google.golang.org/protobuf/types/known/structpb"
+	reflect "reflect"
+)
+
+// MockAdminServiceClient is a mock of AdminServiceClient interface
+type MockAdminServiceClient struct {
+	ctrl     *gomock.Controller
+	recorder *MockAdminServiceClientMockRecorder
+}
+
+// MockAdminServiceClientMockRecorder is the mock recorder for MockAdminServiceClient
+type MockAdminServiceClientMockRecorder struct {
+	mock *MockAdminServiceClient
+}
+
+// NewMockAdminServiceClient creates a new mock instance
+func NewMockAdminServiceClient(ctrl *gomock.Controller) *MockAdminServiceClient {
+	mock := &MockAdminServiceClient{ctrl: ctrl}
+	mock.recorder = &MockAdminServiceClientMockRecorder{mock}
+	return mock
+}
+
+// EXPECT returns an object that allows the caller to indicate expected use
+func (m *MockAdminServiceClient) EXPECT() *MockAdminServiceClientMockRecorder {
+	return m.recorder
+}
+
+// AddIamMember mocks base method
+func (m *MockAdminServiceClient) AddIamMember(arg0 context.Context, arg1 *admin.AddIamMemberRequest, arg2 ...grpc.CallOption) (*admin.IamMember, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "AddIamMember", varargs...)
+	ret0, _ := ret[0].(*admin.IamMember)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// AddIamMember indicates an expected call of AddIamMember
+func (mr *MockAdminServiceClientMockRecorder) AddIamMember(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AddIamMember", reflect.TypeOf((*MockAdminServiceClient)(nil).AddIamMember), varargs...)
+}
+
+// ChangeIamMember mocks base method
+func (m *MockAdminServiceClient) ChangeIamMember(arg0 context.Context, arg1 *admin.ChangeIamMemberRequest, arg2 ...grpc.CallOption) (*admin.IamMember, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "ChangeIamMember", varargs...)
+	ret0, _ := ret[0].(*admin.IamMember)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// ChangeIamMember indicates an expected call of ChangeIamMember
+func (mr *MockAdminServiceClientMockRecorder) ChangeIamMember(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ChangeIamMember", reflect.TypeOf((*MockAdminServiceClient)(nil).ChangeIamMember), varargs...)
+}
+
+// ClearView mocks base method
+func (m *MockAdminServiceClient) ClearView(arg0 context.Context, arg1 *admin.ViewID, arg2 ...grpc.CallOption) (*emptypb.Empty, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "ClearView", varargs...)
+	ret0, _ := ret[0].(*emptypb.Empty)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// ClearView indicates an expected call of ClearView
+func (mr *MockAdminServiceClientMockRecorder) ClearView(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ClearView", reflect.TypeOf((*MockAdminServiceClient)(nil).ClearView), varargs...)
+}
+
+// CreateOrgIamPolicy mocks base method
+func (m *MockAdminServiceClient) CreateOrgIamPolicy(arg0 context.Context, arg1 *admin.OrgIamPolicyRequest, arg2 ...grpc.CallOption) (*admin.OrgIamPolicy, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "CreateOrgIamPolicy", varargs...)
+	ret0, _ := ret[0].(*admin.OrgIamPolicy)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// CreateOrgIamPolicy indicates an expected call of CreateOrgIamPolicy
+func (mr *MockAdminServiceClientMockRecorder) CreateOrgIamPolicy(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CreateOrgIamPolicy", reflect.TypeOf((*MockAdminServiceClient)(nil).CreateOrgIamPolicy), varargs...)
+}
+
+// DeleteOrgIamPolicy mocks base method
+func (m *MockAdminServiceClient) DeleteOrgIamPolicy(arg0 context.Context, arg1 *admin.OrgIamPolicyID, arg2 ...grpc.CallOption) (*emptypb.Empty, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "DeleteOrgIamPolicy", varargs...)
+	ret0, _ := ret[0].(*emptypb.Empty)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// DeleteOrgIamPolicy indicates an expected call of DeleteOrgIamPolicy
+func (mr *MockAdminServiceClientMockRecorder) DeleteOrgIamPolicy(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeleteOrgIamPolicy", reflect.TypeOf((*MockAdminServiceClient)(nil).DeleteOrgIamPolicy), varargs...)
+}
+
+// GetFailedEvents mocks base method
+func (m *MockAdminServiceClient) GetFailedEvents(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc.CallOption) (*admin.FailedEvents, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "GetFailedEvents", varargs...)
+	ret0, _ := ret[0].(*admin.FailedEvents)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetFailedEvents indicates an expected call of GetFailedEvents
+func (mr *MockAdminServiceClientMockRecorder) GetFailedEvents(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetFailedEvents", reflect.TypeOf((*MockAdminServiceClient)(nil).GetFailedEvents), varargs...)
+}
+
+// GetIamMemberRoles mocks base method
+func (m *MockAdminServiceClient) GetIamMemberRoles(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc.CallOption) (*admin.IamMemberRoles, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "GetIamMemberRoles", varargs...)
+	ret0, _ := ret[0].(*admin.IamMemberRoles)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetIamMemberRoles indicates an expected call of GetIamMemberRoles
+func (mr *MockAdminServiceClientMockRecorder) GetIamMemberRoles(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetIamMemberRoles", reflect.TypeOf((*MockAdminServiceClient)(nil).GetIamMemberRoles), varargs...)
+}
+
+// GetOrgByID mocks base method
+func (m *MockAdminServiceClient) GetOrgByID(arg0 context.Context, arg1 *admin.OrgID, arg2 ...grpc.CallOption) (*admin.Org, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "GetOrgByID", varargs...)
+	ret0, _ := ret[0].(*admin.Org)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetOrgByID indicates an expected call of GetOrgByID
+func (mr *MockAdminServiceClientMockRecorder) GetOrgByID(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetOrgByID", reflect.TypeOf((*MockAdminServiceClient)(nil).GetOrgByID), varargs...)
+}
+
+// GetOrgIamPolicy mocks base method
+func (m *MockAdminServiceClient) GetOrgIamPolicy(arg0 context.Context, arg1 *admin.OrgIamPolicyID, arg2 ...grpc.CallOption) (*admin.OrgIamPolicy, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "GetOrgIamPolicy", varargs...)
+	ret0, _ := ret[0].(*admin.OrgIamPolicy)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetOrgIamPolicy indicates an expected call of GetOrgIamPolicy
+func (mr *MockAdminServiceClientMockRecorder) GetOrgIamPolicy(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetOrgIamPolicy", reflect.TypeOf((*MockAdminServiceClient)(nil).GetOrgIamPolicy), varargs...)
+}
+
+// GetViews mocks base method
+func (m *MockAdminServiceClient) GetViews(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc.CallOption) (*admin.Views, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "GetViews", varargs...)
+	ret0, _ := ret[0].(*admin.Views)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetViews indicates an expected call of GetViews
+func (mr *MockAdminServiceClientMockRecorder) GetViews(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetViews", reflect.TypeOf((*MockAdminServiceClient)(nil).GetViews), varargs...)
+}
+
+// Healthz mocks base method
+func (m *MockAdminServiceClient) Healthz(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc.CallOption) (*emptypb.Empty, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "Healthz", varargs...)
+	ret0, _ := ret[0].(*emptypb.Empty)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// Healthz indicates an expected call of Healthz
+func (mr *MockAdminServiceClientMockRecorder) Healthz(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Healthz", reflect.TypeOf((*MockAdminServiceClient)(nil).Healthz), varargs...)
+}
+
+// IsOrgUnique mocks base method
+func (m *MockAdminServiceClient) IsOrgUnique(arg0 context.Context, arg1 *admin.UniqueOrgRequest, arg2 ...grpc.CallOption) (*admin.UniqueOrgResponse, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "IsOrgUnique", varargs...)
+	ret0, _ := ret[0].(*admin.UniqueOrgResponse)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// IsOrgUnique indicates an expected call of IsOrgUnique
+func (mr *MockAdminServiceClientMockRecorder) IsOrgUnique(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "IsOrgUnique", reflect.TypeOf((*MockAdminServiceClient)(nil).IsOrgUnique), varargs...)
+}
+
+// Ready mocks base method
+func (m *MockAdminServiceClient) Ready(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc.CallOption) (*emptypb.Empty, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "Ready", varargs...)
+	ret0, _ := ret[0].(*emptypb.Empty)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// Ready indicates an expected call of Ready
+func (mr *MockAdminServiceClientMockRecorder) Ready(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Ready", reflect.TypeOf((*MockAdminServiceClient)(nil).Ready), varargs...)
+}
+
+// RemoveFailedEvent mocks base method
+func (m *MockAdminServiceClient) RemoveFailedEvent(arg0 context.Context, arg1 *admin.FailedEventID, arg2 ...grpc.CallOption) (*emptypb.Empty, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "RemoveFailedEvent", varargs...)
+	ret0, _ := ret[0].(*emptypb.Empty)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// RemoveFailedEvent indicates an expected call of RemoveFailedEvent
+func (mr *MockAdminServiceClientMockRecorder) RemoveFailedEvent(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RemoveFailedEvent", reflect.TypeOf((*MockAdminServiceClient)(nil).RemoveFailedEvent), varargs...)
+}
+
+// RemoveIamMember mocks base method
+func (m *MockAdminServiceClient) RemoveIamMember(arg0 context.Context, arg1 *admin.RemoveIamMemberRequest, arg2 ...grpc.CallOption) (*emptypb.Empty, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "RemoveIamMember", varargs...)
+	ret0, _ := ret[0].(*emptypb.Empty)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// RemoveIamMember indicates an expected call of RemoveIamMember
+func (mr *MockAdminServiceClientMockRecorder) RemoveIamMember(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RemoveIamMember", reflect.TypeOf((*MockAdminServiceClient)(nil).RemoveIamMember), varargs...)
+}
+
+// SearchIamMembers mocks base method
+func (m *MockAdminServiceClient) SearchIamMembers(arg0 context.Context, arg1 *admin.IamMemberSearchRequest, arg2 ...grpc.CallOption) (*admin.IamMemberSearchResponse, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "SearchIamMembers", varargs...)
+	ret0, _ := ret[0].(*admin.IamMemberSearchResponse)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// SearchIamMembers indicates an expected call of SearchIamMembers
+func (mr *MockAdminServiceClientMockRecorder) SearchIamMembers(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SearchIamMembers", reflect.TypeOf((*MockAdminServiceClient)(nil).SearchIamMembers), varargs...)
+}
+
+// SearchOrgs mocks base method
+func (m *MockAdminServiceClient) SearchOrgs(arg0 context.Context, arg1 *admin.OrgSearchRequest, arg2 ...grpc.CallOption) (*admin.OrgSearchResponse, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "SearchOrgs", varargs...)
+	ret0, _ := ret[0].(*admin.OrgSearchResponse)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// SearchOrgs indicates an expected call of SearchOrgs
+func (mr *MockAdminServiceClientMockRecorder) SearchOrgs(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SearchOrgs", reflect.TypeOf((*MockAdminServiceClient)(nil).SearchOrgs), varargs...)
+}
+
+// SetUpOrg mocks base method
+func (m *MockAdminServiceClient) SetUpOrg(arg0 context.Context, arg1 *admin.OrgSetUpRequest, arg2 ...grpc.CallOption) (*admin.OrgSetUpResponse, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "SetUpOrg", varargs...)
+	ret0, _ := ret[0].(*admin.OrgSetUpResponse)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// SetUpOrg indicates an expected call of SetUpOrg
+func (mr *MockAdminServiceClientMockRecorder) SetUpOrg(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SetUpOrg", reflect.TypeOf((*MockAdminServiceClient)(nil).SetUpOrg), varargs...)
+}
+
+// UpdateOrgIamPolicy mocks base method
+func (m *MockAdminServiceClient) UpdateOrgIamPolicy(arg0 context.Context, arg1 *admin.OrgIamPolicyRequest, arg2 ...grpc.CallOption) (*admin.OrgIamPolicy, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "UpdateOrgIamPolicy", varargs...)
+	ret0, _ := ret[0].(*admin.OrgIamPolicy)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// UpdateOrgIamPolicy indicates an expected call of UpdateOrgIamPolicy
+func (mr *MockAdminServiceClientMockRecorder) UpdateOrgIamPolicy(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UpdateOrgIamPolicy", reflect.TypeOf((*MockAdminServiceClient)(nil).UpdateOrgIamPolicy), varargs...)
+}
+
+// Validate mocks base method
+func (m *MockAdminServiceClient) Validate(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc.CallOption) (*structpb.Struct, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "Validate", varargs...)
+	ret0, _ := ret[0].(*structpb.Struct)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// Validate indicates an expected call of Validate
+func (mr *MockAdminServiceClientMockRecorder) Validate(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Validate", reflect.TypeOf((*MockAdminServiceClient)(nil).Validate), varargs...)
+}

pkg/grpc/admin/proto/admin.proto

@@ -0,0 +1,508 @@
+
+syntax = "proto3";
+
+import "google/api/annotations.proto";
+import "google/protobuf/empty.proto";
+import "google/protobuf/timestamp.proto";
+import "google/protobuf/struct.proto";
+import "validate/validate.proto";
+import "protoc-gen-swagger/options/annotations.proto";
+import "authoption/options.proto";
+
+package caos.zitadel.admin.api.v1;
+
+option go_package ="github.com/caos/zitadel/pkg/grpc/admin";
+
+option (grpc.gateway.protoc_gen_swagger.options.openapiv2_swagger) = {
+    info: {
+        title: "admin service";
+        version: "0.1";
+        contact:{
+            url: "https://github.com/caos/zitadel/pkg/admin"
+        };
+    };
+
+    schemes: HTTPS;
+
+    consumes: "application/json";
+    consumes: "application/grpc";
+
+    produces: "application/json";
+    produces: "application/grpc";
+};
+
+service AdminService {
+    // ---------
+    // Probes
+    // ---------
+
+    // Healthz returns status OK as soon as the service started
+    rpc Healthz(google.protobuf.Empty) returns (google.protobuf.Empty) {
+        option (google.api.http) = {
+           get: "/healthz"
+        };
+    }
+
+    // Ready returns status OK as soon as all dependent services are available
+    rpc Ready(google.protobuf.Empty) returns (google.protobuf.Empty) {
+        option (google.api.http) = {
+           get: "/ready"
+        };
+    }
+
+    rpc Validate(google.protobuf.Empty) returns (google.protobuf.Struct) {
+        option (google.api.http) = {
+            get: "/validate"
+        };
+    }
+
+//ORG
+    rpc IsOrgUnique(UniqueOrgRequest) returns (UniqueOrgResponse) {
+        option (google.api.http) = {
+            get: "/orgs/_isunique"
+        };
+
+        option (caos.zitadel.utils.v1.auth_option) = {
+            permission: "iam.read"
+        };
+    }
+
+    rpc GetOrgByID(OrgID) returns (Org) {
+        option (google.api.http) = {
+            get: "/orgs/{id}"
+        };
+
+        option (caos.zitadel.utils.v1.auth_option) = {
+            permission: "iam.read"
+        };
+    }
+
+    rpc SearchOrgs(OrgSearchRequest) returns (OrgSearchResponse) {
+        option (google.api.http) = {
+            post: "/orgs/_search"
+            body: "*"
+        };
+
+        option (caos.zitadel.utils.v1.auth_option) = {
+            permission: "iam.read"
+        };
+    }
+
+    rpc SetUpOrg(OrgSetUpRequest) returns (OrgSetUpResponse) {
+        option (google.api.http) = {
+            post: "/orgs/_setup"
+            body: "*"
+        };
+
+        option (caos.zitadel.utils.v1.auth_option) = {
+            permission: "iam.write"
+        };
+    }
+
+    //ORG_IAM_POLICY
+    rpc GetOrgIamPolicy(OrgIamPolicyID) returns (OrgIamPolicy) {
+        option (google.api.http) = {
+            get: "/orgs/{org_id}/iampolicy"
+        };
+
+        option (caos.zitadel.utils.v1.auth_option) = {
+            permission: "iam.policy.read"
+        };
+    }
+
+    rpc CreateOrgIamPolicy(OrgIamPolicyRequest) returns (OrgIamPolicy) {
+        option (google.api.http) = {
+            post: "/orgs/{org_id}/iampolicy"
+            body: "*"
+        };
+
+        option (caos.zitadel.utils.v1.auth_option) = {
+            permission: "iam.policy.write"
+        };
+    }
+
+    rpc UpdateOrgIamPolicy(OrgIamPolicyRequest) returns (OrgIamPolicy) {
+        option (google.api.http) = {
+            put: "/orgs/{org_id}/iampolicy"
+            body: "*"
+        };
+
+        option (caos.zitadel.utils.v1.auth_option) = {
+            permission: "iam.policy.write"
+        };
+    }
+
+    rpc DeleteOrgIamPolicy(OrgIamPolicyID) returns (google.protobuf.Empty) {
+        option (google.api.http) = {
+            delete: "/orgs/{org_id}/iampolicy"
+        };
+
+        option (caos.zitadel.utils.v1.auth_option) = {
+            permission: "iam.policy.delete"
+        };
+    }
+
+    rpc GetIamMemberRoles(google.protobuf.Empty) returns (IamMemberRoles) {
+        option (google.api.http) = {
+            get: "/members/roles"
+        };
+
+        option (caos.zitadel.utils.v1.auth_option) = {
+            permission: "iam.member.read"
+        };
+    }
+
+    rpc AddIamMember(AddIamMemberRequest) returns (IamMember) {
+        option (google.api.http) = {
+            post: "/members"
+            body: "*"
+        };
+
+        option (caos.zitadel.utils.v1.auth_option) = {
+            permission: "iam.member.write"
+        };
+    }
+
+    rpc ChangeIamMember(ChangeIamMemberRequest) returns (IamMember) {
+        option (google.api.http) = {
+            put: "/members/{user_id}"
+            body: "*"
+        };
+
+        option (caos.zitadel.utils.v1.auth_option) = {
+            permission: "iam.member.write"
+        };
+    }
+
+    rpc RemoveIamMember(RemoveIamMemberRequest) returns (google.protobuf.Empty) {
+        option (google.api.http) = {
+            delete: "/members/{user_id}"
+        };
+
+        option (caos.zitadel.utils.v1.auth_option) = {
+            permission: "iam.member.delete"
+        };
+    }
+
+    rpc SearchIamMembers(IamMemberSearchRequest) returns (IamMemberSearchResponse) {
+        option (google.api.http) = {
+            post: "/members/_search"
+            body: "*"
+        };
+
+        option (caos.zitadel.utils.v1.auth_option) = {
+            permission: "iam.member.read"
+        };
+    }
+
+    rpc GetViews(google.protobuf.Empty) returns (Views) {
+        option (google.api.http) = {
+            get: "/views"
+        };
+
+        option (caos.zitadel.utils.v1.auth_option) = {
+            permission: "iam.read"
+        };
+    }
+
+    rpc ClearView(ViewID) returns (google.protobuf.Empty) {
+        option (google.api.http) = {
+            post: "/views/{database}/{view_name}"
+        };
+
+        option (caos.zitadel.utils.v1.auth_option) = {
+            permission: "iam.write"
+        };
+    }
+
+    rpc GetFailedEvents(google.protobuf.Empty) returns (FailedEvents) {
+        option (google.api.http) = {
+            get: "/failedevents"
+        };
+
+        option (caos.zitadel.utils.v1.auth_option) = {
+            permission: "iam.read"
+        };
+    }
+
+    rpc RemoveFailedEvent(FailedEventID) returns (google.protobuf.Empty) {
+        option (google.api.http) = {
+            delete: "/failedevents/{database}/{view_name}/{failed_sequence}"
+        };
+
+        option (caos.zitadel.utils.v1.auth_option) = {
+            permission: "iam.write"
+        };
+    }
+}
+
+message OrgID {
+    string id = 1;
+}
+
+message UniqueOrgRequest {
+    string name = 1 [(validate.rules).string.min_len = 1];
+    string domain = 2 [(validate.rules).string.min_len = 1];
+}
+
+message UniqueOrgResponse {
+    bool is_unique = 1;
+}
+
+message Org {
+    string id = 1;
+    OrgState state = 2;
+    google.protobuf.Timestamp creation_date = 3;
+    google.protobuf.Timestamp change_date = 4;
+    string name = 5;
+    string domain = 6;
+}
+
+enum OrgState {
+    ORGSTATE_UNSPECIFIED = 0;
+    ORGSTATE_ACTIVE = 1;
+    ORGSTATE_INACTIVE = 2;
+}
+
+message OrgSearchRequest {
+    uint64 offset = 1;
+    uint64 limit = 2;
+    OrgSearchKey sorting_column = 3 [(validate.rules).enum = {not_in: [0]}];;
+    bool asc = 4;
+    repeated OrgSearchQuery queries = 5;
+}
+
+message OrgSearchQuery {
+    OrgSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}];;
+    OrgSearchMethod method = 2;
+    string value = 3;
+}
+
+enum OrgSearchKey {
+    ORGSEARCHKEY_UNSPECIFIED = 0;
+    ORGSEARCHKEY_ORG_NAME = 1;
+    ORGSEARCHKEY_DOMAIN = 2;
+    ORGSEARCHKEY_STATE = 3;
+}
+
+message OrgSearchResponse {
+    uint64 offset = 1;
+    uint64 limit = 2;
+    uint64 total_result = 3;
+    repeated Org result = 4;
+}
+
+enum OrgSearchMethod {
+    ORGSEARCHMETHOD_EQUALS = 0;
+    ORGSEARCHMETHOD_STARTS_WITH = 1;
+    ORGSEARCHMETHOD_CONTAINS = 2;
+}
+
+message OrgSetUpRequest {
+    CreateOrgRequest org = 1;
+    CreateUserRequest user = 2;
+}
+
+message OrgSetUpResponse {
+    Org org = 1;
+    User user = 2;
+}
+
+message CreateUserRequest {
+    string user_name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
+    string first_name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
+    string last_name = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
+    string nick_name = 4 [(validate.rules).string = {max_len: 200}];
+    string preferred_language = 5 [(validate.rules).string = {max_len: 200}];
+    Gender gender = 6;
+    string email = 7 [(validate.rules).string = {min_len: 1, max_len: 200, email: true}];
+    bool is_email_verified = 8;
+    string phone = 9 [(validate.rules).string = {max_len: 20}];
+    bool is_phone_verified = 10;
+    string country = 11 [(validate.rules).string = {max_len: 200}];
+    string locality = 12 [(validate.rules).string = {max_len: 200}];
+    string postal_code = 13 [(validate.rules).string = {max_len: 200}];
+    string region = 14 [(validate.rules).string = {max_len: 200}];
+    string street_address = 15 [(validate.rules).string = {max_len: 200}];
+    string password = 16 [(validate.rules).string = {max_len: 72}];
+}
+
+message User {
+    string id = 1;
+    UserState state = 2;
+    google.protobuf.Timestamp creation_date = 3;
+    google.protobuf.Timestamp change_date = 4;
+    string user_name = 5;
+    string first_name = 6;
+    string last_name = 7;
+    string nick_name = 8;
+    string display_name = 9;
+    string preferred_language = 10;
+    Gender gender = 11;
+    string email = 12;
+    bool isEmailVerified = 13;
+    string phone = 14;
+    bool isPhoneVerified = 15;
+    string country = 16;
+    string locality = 17;
+    string postal_code = 18;
+    string region = 19;
+    string street_address = 20;
+    uint64 sequence = 21;
+}
+
+enum UserState {
+    USERSTATE_UNSPECIFIED = 0;
+    USERSTATE_ACTIVE = 1;
+    USERSTATE_INACTIVE = 2;
+    USERSTATE_DELETED = 3;
+    USERSTATE_LOCKED = 4;
+    USERSTATE_SUSPEND = 5;
+    USERSTATE_INITIAL= 6;
+}
+
+enum Gender {
+    GENDER_UNSPECIFIED = 0;
+    GENDER_FEMALE = 1;
+    GENDER_MALE = 2;
+    GENDER_DIVERSE = 3;
+}
+
+message CreateOrgRequest {
+    string name = 1 [(validate.rules).string.min_len = 1];
+    string domain = 2;
+}
+
+message OrgIamPolicy {
+    string org_id = 1;
+    string description = 2;
+    bool user_login_must_be_domain = 3;
+    bool default = 4;
+    uint64 sequence = 5;
+    google.protobuf.Timestamp creation_date = 6;
+    google.protobuf.Timestamp change_date = 7;
+}
+
+message OrgIamPolicyRequest {
+    string org_id = 1;
+    string description = 2;
+    bool user_login_must_be_domain = 3;
+}
+
+message OrgIamPolicyID {
+    string org_id = 1;
+}
+
+message IamMemberRoles {
+    repeated string roles = 1;
+}
+
+message IamMember {
+    string user_id = 1;
+    repeated string roles = 2;
+    google.protobuf.Timestamp change_date = 3;
+    google.protobuf.Timestamp creation_date = 4;
+    uint64 sequence = 5;
+}
+
+message AddIamMemberRequest {
+    string user_id = 1;
+    repeated string roles = 2;
+}
+
+message ChangeIamMemberRequest {
+    string user_id = 1;
+    repeated string roles = 2;
+}
+
+message RemoveIamMemberRequest {
+    string user_id = 1;
+}
+
+message IamMemberSearchResponse {
+    uint64 offset = 1;
+    uint64 limit = 2;
+    uint64 total_result = 3;
+    repeated IamMemberView result = 4;
+}
+
+message IamMemberView {
+    string user_id = 1;
+    repeated string roles = 2;
+    google.protobuf.Timestamp change_date = 3;
+    google.protobuf.Timestamp creation_date = 4;
+    uint64 sequence = 5;
+    string user_name = 6;
+    string email = 7;
+    string first_name = 8;
+    string last_name = 9;
+}
+
+message IamMemberSearchRequest {
+    uint64 offset = 1;
+    uint64 limit = 2;
+    repeated IamMemberSearchQuery queries = 3;
+}
+
+message IamMemberSearchQuery {
+    IamMemberSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}];
+    SearchMethod method = 2;
+    string value = 3;
+}
+
+enum IamMemberSearchKey {
+    IAMMEMBERSEARCHKEY_UNSPECIFIED = 0;
+    IAMMEMBERSEARCHKEY_FIRST_NAME = 1;
+    IAMMEMBERSEARCHKEY_LAST_NAME = 2;
+    IAMMEMBERSEARCHKEY_EMAIL = 3;
+    IAMMEMBERSEARCHKEY_USER_ID = 4;
+}
+
+enum SearchMethod {
+    SEARCHMETHOD_EQUALS = 0;
+    SEARCHMETHOD_STARTS_WITH = 1;
+    SEARCHMETHOD_CONTAINS = 2;
+    SEARCHMETHOD_EQUALS_IGNORE_CASE = 3;
+    SEARCHMETHOD_STARTS_WITH_IGNORE_CASE = 4;
+    SEARCHMETHOD_CONTAINS_IGNORE_CASE = 5;
+    SEARCHMETHOD_NOT_EQUALS = 6;
+    SEARCHMETHOD_GREATER_THAN = 7;
+    SEARCHMETHOD_LESS_THAN = 8;
+    SEARCHMETHOD_IS_ONE_OF = 9;
+    SEARCHMETHOD_LIST_CONTAINS = 10;
+}
+
+message FailedEventID {
+    string database = 1;
+    string view_name = 2;
+    uint64 failed_sequence = 3;
+}
+
+message FailedEvents {
+    repeated FailedEvent failed_events = 1;
+}
+
+message FailedEvent {
+    string database = 1;
+    string view_name = 2;
+    uint64 failed_sequence = 3;
+    uint64 failure_count = 4;
+    string error_message = 5;
+}
+
+message ViewID {
+    string database = 1;
+    string view_name = 2;
+}
+
+message Views {
+    repeated View views = 1;
+}
+
+message View {
+    string database = 1;
+    string view_name = 2;
+    uint64 sequence = 3;
+}
+
+

pkg/grpc/admin/proto/generate.go

@@ -0,0 +1,4 @@
+package proto
+
+//go:generate protoc -I$GOPATH/src -I../proto -I$GOPATH/src/github.com/grpc-ecosystem/grpc-gateway -I$GOPATH/src/github.com/grpc-ecosystem/grpc-gateway/third_party/googleapis -I$GOPATH/src/github.com/envoyproxy/protoc-gen-validate -I$GOPATH/src/github.com/caos/zitadel/internal/protoc/protoc-gen-authoption --go_out=plugins=grpc:$GOPATH/src --grpc-gateway_out=logtostderr=true:$GOPATH/src --swagger_out=logtostderr=true:.. --authoption_out=.. admin.proto
+//go:generate mockgen -package api -destination ../mock/admin.proto.mock.go github.com/caos/zitadel/pkg/grpc/admin AdminServiceClient