feat(actions): add token customization flow and extend functionally with modules (#4337)

* fix: potential memory leak

* feat(actions): possibility to parse json
feat(actions): possibility to perform http calls

* add query call

* feat(api): list flow and trigger types
fix(api): switch flow and trigger types to dynamic objects

* fix(translations): add action translations

* use `domain.FlowType`

* localizers

* localization

* trigger types

* options on `query.Action`

* add functions for actions

* feat: management api: add list flow and trigger  (#4352)

* console changes

* cleanup

* fix: wrong localization

Co-authored-by: Max Peintner <max@caos.ch>

* id token works

* check if claims not nil

* feat(actions): metadata api

* refactor(actions): modules

* fix: allow prerelease

* fix: test

* feat(actions): deny list for http hosts

* feat(actions): deny list for http hosts

* refactor: actions

* fix: different error ids

* fix: rename statusCode to status

* Actions objects as options (#4418)

* fix: rename statusCode to status

* fix(actions): objects as options

* fix(actions): objects as options

* fix(actions): set fields

* add http client to old actions

* fix(actions): add log module

* fix(actions): add user to context where possible

* fix(actions): add user to ctx in external authorization/pre creation

* fix(actions): query correct flow in claims

* test: actions

* fix(id-generator): panic if no machine id

* tests

* maybe this?

* fix linting

* refactor: improve code

* fix: metadata and usergrant usage in actions

* fix: appendUserGrant

* fix: allowedToFail and timeout in action execution

* fix: allowed to fail in token complement flow

* docs: add action log claim

* Update defaults.yaml

* fix log claim

* remove prerelease build

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Livio Spring <livio.a@gmail.com>

proto/zitadel/action.proto

@@ -1,6 +1,7 @@
 syntax = "proto3";
 
 import "zitadel/object.proto";
+import "zitadel/message.proto";
 import "validate/validate.proto";
 import "google/protobuf/duration.proto";
 import "protoc-gen-openapiv2/options/annotations.proto";
@@ -91,6 +92,7 @@ enum ActionFieldName {
 }
 
 message Flow {
+    // id of the flow type
     FlowType type = 1 [
         (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
             description: "\"the type of the flow\"";
@@ -105,9 +107,11 @@ message Flow {
     repeated TriggerAction trigger_actions = 4;
 }
 
-enum FlowType {
-    FLOW_TYPE_UNSPECIFIED = 0;
-    FLOW_TYPE_EXTERNAL_AUTHENTICATION = 1;
+message FlowType {
+    // identifier of the type
+    string id = 1;
+    // key and name of the type
+    zitadel.v1.LocalizedMessage name = 2;
 }
 
 enum FlowState {
@@ -116,40 +120,15 @@ enum FlowState {
     FLOW_STATE_ACTIVE = 2;
 }
 
-enum TriggerType {
-    TRIGGER_TYPE_UNSPECIFIED = 0;
-    TRIGGER_TYPE_POST_AUTHENTICATION = 1;
-    TRIGGER_TYPE_PRE_CREATION = 2;
-    TRIGGER_TYPE_POST_CREATION = 3;
+message TriggerType {
+    // identifier of the type
+    string id = 1;
+    // key and name of the type
+    zitadel.v1.LocalizedMessage name = 2;
 }
 
 message TriggerAction {
+    // id of the trigger type
     TriggerType trigger_type = 1;
     repeated Action actions = 2;
 }
-
-enum FlowFieldName {
-    FLOW_FIELD_NAME_UNSPECIFIED = 0;
-    FLOW_FIELD_NAME_TYPE = 1;
-    FLOW_FIELD_NAME_STATE = 2;
-}
-
-//FlowTypeQuery is always equals
-message FlowTypeQuery {
-    FlowType state = 1 [
-        (validate.rules).enum.defined_only = true,
-        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-            description: "type of the flow";
-        }
-    ];
-}
-
-//FlowStateQuery is always equals
-message FlowStateQuery {
-    FlowState state = 1 [
-        (validate.rules).enum.defined_only = true,
-        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-            description: "current state of the flow";
-        }
-    ];
-}

proto/zitadel/management.proto

@@ -2938,6 +2938,26 @@ service ManagementService {
         };
     }
 
+    rpc ListFlowTypes(ListFlowTypesRequest) returns (ListFlowTypesResponse) {
+        option (google.api.http) = {
+            post: "/flows/types/_search"
+        };
+
+        option (zitadel.v1.auth_option) = {
+            permission: "org.flow.read"
+        };
+    }
+
+    rpc ListFlowTriggerTypes(ListFlowTriggerTypesRequest) returns (ListFlowTriggerTypesResponse) {
+        option (google.api.http) = {
+            post: "/flows/{type}/triggers/_search"
+        };
+
+        option (zitadel.v1.auth_option) = {
+            permission: "org.flow.read"
+        };
+    }
+
     rpc GetFlow(GetFlowRequest) returns (GetFlowResponse) {
         option (google.api.http) = {
             get: "/flows/{type}"
@@ -5725,6 +5745,20 @@ message DeleteActionRequest {
 
 message DeleteActionResponse {}
 
+message ListFlowTypesRequest {}
+
+message ListFlowTypesResponse {
+    repeated zitadel.action.v1.FlowType result = 1;
+}
+
+message ListFlowTriggerTypesRequest {
+    string type = 1;
+}
+
+message ListFlowTriggerTypesResponse {
+    repeated zitadel.action.v1.TriggerType result = 1;
+}
+
 message DeactivateActionRequest {
     string id = 1;
 }
@@ -5742,7 +5776,8 @@ message ReactivateActionResponse {
 }
 
 message GetFlowRequest {
-    zitadel.action.v1.FlowType type = 1;
+    // id of the flow
+    string type = 1;
 }
 
 message GetFlowResponse {
@@ -5750,7 +5785,8 @@ message GetFlowResponse {
 }
 
 message ClearFlowRequest {
-    zitadel.action.v1.FlowType type = 1;
+    // id of the flow
+    string type = 1;
 }
 
 message ClearFlowResponse {
@@ -5758,8 +5794,10 @@ message ClearFlowResponse {
 }
 
 message SetTriggerActionsRequest {
-    zitadel.action.v1.FlowType flow_type = 1;
-    zitadel.action.v1.TriggerType trigger_type = 2;
+    // id of the flow type
+    string flow_type = 1;
+    // id of the trigger type
+    string trigger_type = 2;
     repeated string action_ids = 3;
 }