feat: migrate external idp to other types (#5984)

* feat: migrate instance oidc to azureAD * feat: migrate instance oidc to azureAD * feat: migrate org oidc to azureAD * feat: migrate oidc to google * fix: correct idp writemodels * fix: review changes
2025-12-08 00:02:07 +00:00 · 2023-06-08 00:50:53 +02:00
parent 0b1738dc5d
commit 5562ee94a6
19 changed files with 1968 additions and 12 deletions
--- a/proto/zitadel/admin.proto
+++ b/proto/zitadel/admin.proto
@@ -1342,6 +1342,24 @@ service AdminService {
        };
    }

+    // Migrate an existing OIDC identity provider on the instance
+    rpc MigrateGenericOIDCProvider(MigrateGenericOIDCProviderRequest) returns (MigrateGenericOIDCProviderResponse) {
+        option (google.api.http) = {
+            post: "/idps/generic_oidc/{id}/_migrate"
+            body: "*"
+        };
+
+        option (zitadel.v1.auth_option) = {
+            permission: "iam.idp.write"
+        };
+
+        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+            tags: "Identity Providers";
+            summary: "Migrate Generic OIDC Identity Provider";
+            description: "";
+        };
+    }
+
    // Add a new JWT identity provider on the instance
    rpc AddJWTProvider(AddJWTProviderRequest) returns (AddJWTProviderResponse) {
        option (google.api.http) = {
@@ -4828,6 +4846,23 @@ message UpdateGenericOIDCProviderResponse {
    zitadel.v1.ObjectDetails details = 1;
 }

+message MigrateGenericOIDCProviderRequest{
+    string id = 1 [
+        (validate.rules).string = {min_len: 1, max_len: 200},
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"69629023906488334\"";
+        }
+    ];
+    oneof template {
+        AddAzureADProviderRequest azure = 2;
+        AddGoogleProviderRequest google = 3;
+    }
+}
+
+message MigrateGenericOIDCProviderResponse{
+    zitadel.v1.ObjectDetails details = 1;
+}
+
 message AddJWTProviderRequest {
    string name = 1 [
        (validate.rules).string = {min_len: 1, max_len: 200},
--- a/proto/zitadel/management.proto
+++ b/proto/zitadel/management.proto
@@ -6558,6 +6558,24 @@ service ManagementService {
        };
    }

+    // Migrate an existing OIDC identity provider in the organization
+    rpc MigrateGenericOIDCProvider(MigrateGenericOIDCProviderRequest) returns (MigrateGenericOIDCProviderResponse) {
+        option (google.api.http) = {
+            post: "/idps/generic_oidc/{id}/_migrate"
+            body: "*"
+        };
+
+        option (zitadel.v1.auth_option) = {
+            permission: "org.idp.write"
+        };
+
+        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+            tags: "Identity Providers";
+            summary: "Migrate Generic OIDC Identity Provider";
+            description: "";
+        };
+    }
+
    // Add a new JWT identity provider in the organization
    rpc AddJWTProvider(AddJWTProviderRequest) returns (AddJWTProviderResponse) {
        option (google.api.http) = {
@@ -11526,6 +11544,23 @@ message UpdateGenericOIDCProviderResponse {
    zitadel.v1.ObjectDetails details = 1;
 }

+message MigrateGenericOIDCProviderRequest{
+    string id = 1 [
+        (validate.rules).string = {min_len: 1, max_len: 200},
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"69629023906488334\"";
+        }
+    ];
+    oneof template {
+        AddAzureADProviderRequest azure = 2;
+        AddGoogleProviderRequest google = 3;
+    }
+}
+
+message MigrateGenericOIDCProviderResponse{
+    zitadel.v1.ObjectDetails details = 1;
+}
+
 message AddJWTProviderRequest {
    string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
    string issuer = 2 [