feat: add management for ldap idp template (#5220)

Add management functionality for LDAP idps with templates and the basic functionality for the LDAP provider, which can then be used with a separate login page in the future. --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-12 00:47:33 +00:00 · 2023-02-15 09:14:59 +01:00
parent 058192c22b
commit 586495a0be
37 changed files with 7298 additions and 14 deletions
--- a/internal/api/grpc/admin/idp.go
+++ b/internal/api/grpc/admin/idp.go
@@ -150,3 +150,57 @@ func (s *Server) UpdateIDPJWTConfig(ctx context.Context, req *admin_pb.UpdateIDP
 		),
 	}, nil
 }
+
+func (s *Server) GetProviderByID(ctx context.Context, req *admin_pb.GetProviderByIDRequest) (*admin_pb.GetProviderByIDResponse, error) {
+	idp, err := s.query.IDPTemplateByIDAndResourceOwner(ctx, true, req.Id, authz.GetInstance(ctx).InstanceID(), false)
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.GetProviderByIDResponse{Idp: idp_grpc.ProviderToPb(idp)}, nil
+}
+
+func (s *Server) ListProviders(ctx context.Context, req *admin_pb.ListProvidersRequest) (*admin_pb.ListProvidersResponse, error) {
+	queries, err := listProvidersToQuery(authz.GetInstance(ctx).InstanceID(), req)
+	if err != nil {
+		return nil, err
+	}
+	resp, err := s.query.IDPTemplates(ctx, queries, false)
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.ListProvidersResponse{
+		Result:  idp_grpc.ProvidersToPb(resp.Templates),
+		Details: object_pb.ToListDetails(resp.Count, resp.Sequence, resp.Timestamp),
+	}, nil
+}
+
+func (s *Server) AddLDAPProvider(ctx context.Context, req *admin_pb.AddLDAPProviderRequest) (*admin_pb.AddLDAPProviderResponse, error) {
+	id, details, err := s.command.AddInstanceLDAPProvider(ctx, addLDAPProviderToCommand(req))
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.AddLDAPProviderResponse{
+		Id:      id,
+		Details: object_pb.DomainToAddDetailsPb(details),
+	}, nil
+}
+
+func (s *Server) UpdateLDAPProvider(ctx context.Context, req *admin_pb.UpdateLDAPProviderRequest) (*admin_pb.UpdateLDAPProviderResponse, error) {
+	details, err := s.command.UpdateInstanceLDAPProvider(ctx, req.Id, updateLDAPProviderToCommand(req))
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.UpdateLDAPProviderResponse{
+		Details: object_pb.DomainToChangeDetailsPb(details),
+	}, nil
+}
+
+func (s *Server) DeleteProvider(ctx context.Context, req *admin_pb.DeleteProviderRequest) (*admin_pb.DeleteProviderResponse, error) {
+	details, err := s.command.DeleteInstanceProvider(ctx, req.Id)
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.DeleteProviderResponse{
+		Details: object_pb.DomainToChangeDetailsPb(details),
+	}, nil
+}
--- a/internal/api/grpc/admin/idp_converter.go
+++ b/internal/api/grpc/admin/idp_converter.go
@@ -3,6 +3,7 @@ package admin
 import (
 	idp_grpc "github.com/zitadel/zitadel/internal/api/grpc/idp"
 	"github.com/zitadel/zitadel/internal/api/grpc/object"
+	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/errors"
 	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
@@ -155,3 +156,79 @@ func idpUserLinksToDomain(idps []*query.IDPUserLink) []*domain.UserIDPLink {
 	}
 	return externalIDPs
 }
+
+func listProvidersToQuery(instanceID string, req *admin_pb.ListProvidersRequest) (*query.IDPTemplateSearchQueries, error) {
+	offset, limit, asc := object.ListQueryToModel(req.Query)
+	queries, err := providerQueriesToQuery(req.Queries)
+	if err != nil {
+		return nil, err
+	}
+	iamQuery, err := query.NewIDPTemplateResourceOwnerSearchQuery(instanceID)
+	if err != nil {
+		return nil, err
+	}
+	queries = append(queries, iamQuery)
+	return &query.IDPTemplateSearchQueries{
+		SearchRequest: query.SearchRequest{
+			Offset: offset,
+			Limit:  limit,
+			Asc:    asc,
+		},
+		Queries: queries,
+	}, nil
+}
+
+func providerQueriesToQuery(queries []*admin_pb.ProviderQuery) (q []query.SearchQuery, err error) {
+	q = make([]query.SearchQuery, len(queries))
+	for i, query := range queries {
+		q[i], err = providerQueryToQuery(query)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return q, nil
+}
+
+func providerQueryToQuery(idpQuery *admin_pb.ProviderQuery) (query.SearchQuery, error) {
+	switch q := idpQuery.Query.(type) {
+	case *admin_pb.ProviderQuery_IdpNameQuery:
+		return query.NewIDPTemplateNameSearchQuery(object.TextMethodToQuery(q.IdpNameQuery.Method), q.IdpNameQuery.Name)
+	case *admin_pb.ProviderQuery_IdpIdQuery:
+		return query.NewIDPTemplateIDSearchQuery(q.IdpIdQuery.Id)
+	default:
+		return nil, errors.ThrowInvalidArgument(nil, "ADMIN-Dr2aa", "List.Query.Invalid")
+	}
+}
+
+func addLDAPProviderToCommand(req *admin_pb.AddLDAPProviderRequest) command.LDAPProvider {
+	return command.LDAPProvider{
+		Name:                req.Name,
+		Host:                req.Host,
+		Port:                req.Port,
+		TLS:                 req.Tls,
+		BaseDN:              req.BaseDn,
+		UserObjectClass:     req.UserObjectClass,
+		UserUniqueAttribute: req.UserUniqueAttribute,
+		Admin:               req.Admin,
+		Password:            req.Password,
+		LDAPAttributes:      idp_grpc.LDAPAttributesToCommand(req.Attributes),
+		IDPOptions:          idp_grpc.OptionsToCommand(req.ProviderOptions),
+	}
+}
+
+func updateLDAPProviderToCommand(req *admin_pb.UpdateLDAPProviderRequest) command.LDAPProvider {
+	return command.LDAPProvider{
+		Name:                req.Name,
+		Host:                req.Host,
+		Port:                req.Port,
+		TLS:                 req.Tls,
+		BaseDN:              req.BaseDn,
+		UserObjectClass:     req.UserObjectClass,
+		UserUniqueAttribute: req.UserUniqueAttribute,
+		Admin:               req.Admin,
+		Password:            req.Password,
+		LDAPAttributes:      idp_grpc.LDAPAttributesToCommand(req.Attributes),
+		IDPOptions:          idp_grpc.OptionsToCommand(req.ProviderOptions),
+	}
+}