mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-11 19:17:32 +00:00
feat: add management for ldap idp template (#5220)
Add management functionality for LDAP idps with templates and the basic functionality for the LDAP provider, which can then be used with a separate login page in the future. --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
This commit is contained in:
Stefan Benz
@@ -1009,6 +1009,67 @@ service AdminService {
|
||||
};
|
||||
}
|
||||
|
||||
// Returns all identity providers, which match the query
|
||||
// Limit should always be set, there is a default limit set by the service
|
||||
rpc ListProviders(ListProvidersRequest) returns (ListProvidersResponse) {
|
||||
option (google.api.http) = {
|
||||
post: "/idps/templates/_search"
|
||||
body: "*"
|
||||
};
|
||||
|
||||
option (zitadel.v1.auth_option) = {
|
||||
permission: "org.idp.read"
|
||||
};
|
||||
}
|
||||
|
||||
// Returns an identity provider of the instance
|
||||
rpc GetProviderByID(GetProviderByIDRequest) returns (GetProviderByIDResponse) {
|
||||
option (google.api.http) = {
|
||||
get: "/idps/templates/{id}"
|
||||
};
|
||||
|
||||
option (zitadel.v1.auth_option) = {
|
||||
permission: "org.idp.read"
|
||||
};
|
||||
}
|
||||
|
||||
// Add a new ldap identity provider on the instance
|
||||
rpc AddLDAPProvider(AddLDAPProviderRequest) returns (AddLDAPProviderResponse) {
|
||||
option (google.api.http) = {
|
||||
post: "/idps/ldap"
|
||||
body: "*"
|
||||
};
|
||||
|
||||
option (zitadel.v1.auth_option) = {
|
||||
permission: "org.idp.write"
|
||||
};
|
||||
}
|
||||
|
||||
// Change an existing ldap identity provider on the instance
|
||||
rpc UpdateLDAPProvider(UpdateLDAPProviderRequest) returns (UpdateLDAPProviderResponse) {
|
||||
option (google.api.http) = {
|
||||
post: "/idps/ldap/{id}"
|
||||
body: "*"
|
||||
};
|
||||
|
||||
option (zitadel.v1.auth_option) = {
|
||||
permission: "org.idp.write"
|
||||
};
|
||||
}
|
||||
|
||||
// Remove an identity provider
|
||||
// Will remove all linked providers of this configuration on the users
|
||||
rpc DeleteProvider(DeleteProviderRequest) returns (DeleteProviderResponse) {
|
||||
option (google.api.http) = {
|
||||
post: "/idps/templates/{id}"
|
||||
body: "*"
|
||||
};
|
||||
|
||||
option (zitadel.v1.auth_option) = {
|
||||
permission: "org.idp.write"
|
||||
};
|
||||
}
|
||||
|
||||
//deprecated: please use DomainPolicy instead
|
||||
//Returns the Org IAM policy defined by the administrators of ZITADEL
|
||||
rpc GetOrgIAMPolicy(GetOrgIAMPolicyRequest) returns (GetOrgIAMPolicyResponse) {
|
||||
@@ -3623,6 +3684,79 @@ message UpdateIDPJWTConfigResponse {
|
||||
zitadel.v1.ObjectDetails details = 1;
|
||||
}
|
||||
|
||||
message ListProvidersRequest {
|
||||
//list limitations and ordering
|
||||
zitadel.v1.ListQuery query = 1;
|
||||
//criteria the client is looking for
|
||||
repeated ProviderQuery queries = 2;
|
||||
}
|
||||
|
||||
message ProviderQuery {
|
||||
oneof query {
|
||||
zitadel.idp.v1.IDPIDQuery idp_id_query = 1;
|
||||
zitadel.idp.v1.IDPNameQuery idp_name_query = 2;
|
||||
}
|
||||
}
|
||||
|
||||
message ListProvidersResponse {
|
||||
zitadel.v1.ListDetails details = 1;
|
||||
repeated zitadel.idp.v1.Provider result = 2;
|
||||
}
|
||||
|
||||
message GetProviderByIDRequest {
|
||||
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
}
|
||||
|
||||
message GetProviderByIDResponse {
|
||||
zitadel.idp.v1.Provider idp = 1;
|
||||
}
|
||||
|
||||
message AddLDAPProviderRequest {
|
||||
string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string host = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string port = 3 [(validate.rules).string = {max_len: 5}];
|
||||
bool tls = 4;
|
||||
string base_dn = 5 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string user_object_class = 6 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string user_unique_attribute = 7 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string admin = 8 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string password = 9 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
zitadel.idp.v1.LDAPAttributes attributes = 10;
|
||||
zitadel.idp.v1.Options provider_options = 11;
|
||||
}
|
||||
|
||||
message AddLDAPProviderResponse {
|
||||
zitadel.v1.ObjectDetails details = 1;
|
||||
string id = 2;
|
||||
}
|
||||
|
||||
message UpdateLDAPProviderRequest {
|
||||
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string host = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string port = 4 [(validate.rules).string = {max_len: 5}];
|
||||
bool tls = 5;
|
||||
string base_dn = 6 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string user_object_class = 7 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string user_unique_attribute = 8 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string admin = 9 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string password = 10 [(validate.rules).string = {max_len: 200}];
|
||||
zitadel.idp.v1.LDAPAttributes attributes = 11;
|
||||
zitadel.idp.v1.Options provider_options = 12;
|
||||
}
|
||||
|
||||
message UpdateLDAPProviderResponse {
|
||||
zitadel.v1.ObjectDetails details = 1;
|
||||
}
|
||||
|
||||
message DeleteProviderRequest {
|
||||
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
}
|
||||
|
||||
message DeleteProviderResponse {
|
||||
zitadel.v1.ObjectDetails details = 1;
|
||||
}
|
||||
|
||||
message GetOrgIAMPolicyRequest {}
|
||||
|
||||
message GetOrgIAMPolicyResponse {
|
||||
|
||||
@@ -233,3 +233,70 @@ enum IDPFieldName {
|
||||
IDP_FIELD_NAME_UNSPECIFIED = 0;
|
||||
IDP_FIELD_NAME_NAME = 1;
|
||||
}
|
||||
|
||||
message Provider {
|
||||
string id = 1;
|
||||
zitadel.v1.ObjectDetails details = 2;
|
||||
IDPState state = 3;
|
||||
string name = 4;
|
||||
IDPOwnerType owner = 5;
|
||||
ProviderType type = 6;
|
||||
ProviderConfig config = 7;
|
||||
}
|
||||
|
||||
enum ProviderType {
|
||||
PROVIDER_TYPE_UNSPECIFIED = 0;
|
||||
PROVIDER_TYPE_OIDC = 1;
|
||||
PROVIDER_TYPE_JWT = 2;
|
||||
PROVIDER_TYPE_LDAP = 3;
|
||||
PROVIDER_TYPE_OAUTH = 4;
|
||||
PROVIDER_TYPE_AZURE_AD = 5;
|
||||
PROVIDER_TYPE_GITHUB = 6;
|
||||
PROVIDER_TYPE_GITHUB_EE = 7;
|
||||
PROVIDER_TYPE_GITLAB = 8;
|
||||
PROVIDER_TYPE_GITLAB_SELF_HOSTED = 9;
|
||||
PROVIDER_TYPE_GOOGLE = 10;
|
||||
}
|
||||
|
||||
message ProviderConfig {
|
||||
Options options = 1;
|
||||
oneof config {
|
||||
LDAPConfig ldap = 2;
|
||||
}
|
||||
}
|
||||
|
||||
message LDAPConfig {
|
||||
string host = 1;
|
||||
string port = 2;
|
||||
bool tls = 3;
|
||||
string base_dn = 4;
|
||||
string user_object_class = 5;
|
||||
string user_unique_attribute = 6;
|
||||
string admin = 7;
|
||||
LDAPAttributes attributes = 8;
|
||||
Options provider_options = 9;
|
||||
}
|
||||
|
||||
message Options {
|
||||
bool is_linking_allowed = 1;
|
||||
bool is_creation_allowed = 2;
|
||||
bool is_auto_creation = 3;
|
||||
bool is_auto_update = 4;
|
||||
}
|
||||
|
||||
message LDAPAttributes {
|
||||
string id_attribute = 1 [(validate.rules).string = {max_len: 200}];
|
||||
string first_name_attribute = 2 [(validate.rules).string = {max_len: 200}];
|
||||
string last_name_attribute = 3 [(validate.rules).string = {max_len: 200}];
|
||||
string display_name_attribute = 4 [(validate.rules).string = {max_len: 200}];
|
||||
string nick_name_attribute = 5 [(validate.rules).string = {max_len: 200}];
|
||||
string preferred_username_attribute = 6 [(validate.rules).string = {max_len: 200}];
|
||||
string email_attribute = 7 [(validate.rules).string = {max_len: 200}];
|
||||
string email_verified_attribute = 8 [(validate.rules).string = {max_len: 200}];
|
||||
string phone_attribute = 9 [(validate.rules).string = {max_len: 200}];
|
||||
string phone_verified_attribute = 10 [(validate.rules).string = {max_len: 200}];
|
||||
string preferred_language_attribute = 11 [(validate.rules).string = {max_len: 200}];
|
||||
string avatar_url_attribute = 12 [(validate.rules).string = {max_len: 200}];
|
||||
string profile_attribute = 13 [(validate.rules).string = {max_len: 200}];
|
||||
}
|
||||
|
||||
|
||||
@@ -3007,6 +3007,67 @@ service ManagementService {
|
||||
};
|
||||
}
|
||||
|
||||
// Returns all identity providers, which match the query
|
||||
// Limit should always be set, there is a default limit set by the service
|
||||
rpc ListProviders(ListProvidersRequest) returns (ListProvidersResponse) {
|
||||
option (google.api.http) = {
|
||||
post: "/idps/templates/_search"
|
||||
body: "*"
|
||||
};
|
||||
|
||||
option (zitadel.v1.auth_option) = {
|
||||
permission: "org.idp.read"
|
||||
};
|
||||
}
|
||||
|
||||
// Returns an identity provider of the organisation
|
||||
rpc GetProviderByID(GetProviderByIDRequest) returns (GetProviderByIDResponse) {
|
||||
option (google.api.http) = {
|
||||
get: "/idps/templates/{id}"
|
||||
};
|
||||
|
||||
option (zitadel.v1.auth_option) = {
|
||||
permission: "org.idp.read"
|
||||
};
|
||||
}
|
||||
|
||||
// Add a new ldap identity provider in the organisation
|
||||
rpc AddLDAPProvider(AddLDAPProviderRequest) returns (AddLDAPProviderResponse) {
|
||||
option (google.api.http) = {
|
||||
post: "/idps/ldap"
|
||||
body: "*"
|
||||
};
|
||||
|
||||
option (zitadel.v1.auth_option) = {
|
||||
permission: "org.idp.write"
|
||||
};
|
||||
}
|
||||
|
||||
// Change an existing ldap identity provider in the organisation
|
||||
rpc UpdateLDAPProvider(UpdateLDAPProviderRequest) returns (UpdateLDAPProviderResponse) {
|
||||
option (google.api.http) = {
|
||||
post: "/idps/ldap/{id}"
|
||||
body: "*"
|
||||
};
|
||||
|
||||
option (zitadel.v1.auth_option) = {
|
||||
permission: "org.idp.write"
|
||||
};
|
||||
}
|
||||
|
||||
// Remove an identity provider
|
||||
// Will remove all linked providers of this configuration on the users
|
||||
rpc DeleteProvider(DeleteProviderRequest) returns (DeleteProviderResponse) {
|
||||
option (google.api.http) = {
|
||||
post: "/idps/templates/{id}"
|
||||
body: "*"
|
||||
};
|
||||
|
||||
option (zitadel.v1.auth_option) = {
|
||||
permission: "org.idp.write"
|
||||
};
|
||||
}
|
||||
|
||||
rpc ListActions(ListActionsRequest) returns (ListActionsResponse) {
|
||||
option (google.api.http) = {
|
||||
post: "/actions/_search"
|
||||
@@ -5920,6 +5981,80 @@ message UpdateOrgIDPJWTConfigResponse {
|
||||
zitadel.v1.ObjectDetails details = 1;
|
||||
}
|
||||
|
||||
message ListProvidersRequest {
|
||||
//list limitations and ordering
|
||||
zitadel.v1.ListQuery query = 1;
|
||||
//criteria the client is looking for
|
||||
repeated ProviderQuery queries = 2;
|
||||
}
|
||||
|
||||
message ProviderQuery {
|
||||
oneof query {
|
||||
zitadel.idp.v1.IDPIDQuery idp_id_query = 1;
|
||||
zitadel.idp.v1.IDPNameQuery idp_name_query = 2;
|
||||
zitadel.idp.v1.IDPOwnerTypeQuery owner_type_query = 3;
|
||||
}
|
||||
}
|
||||
|
||||
message ListProvidersResponse {
|
||||
zitadel.v1.ListDetails details = 1;
|
||||
repeated zitadel.idp.v1.Provider result = 2;
|
||||
}
|
||||
|
||||
message GetProviderByIDRequest {
|
||||
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
}
|
||||
|
||||
message GetProviderByIDResponse {
|
||||
zitadel.idp.v1.Provider idp = 1;
|
||||
}
|
||||
|
||||
message AddLDAPProviderRequest {
|
||||
string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string host = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string port = 3 [(validate.rules).string = {max_len: 5}];
|
||||
bool tls = 4;
|
||||
string base_dn = 5 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string user_object_class = 6 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string user_unique_attribute = 7 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string admin = 8 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string password = 9 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
zitadel.idp.v1.LDAPAttributes attributes = 10;
|
||||
zitadel.idp.v1.Options provider_options = 11;
|
||||
}
|
||||
|
||||
message AddLDAPProviderResponse {
|
||||
zitadel.v1.ObjectDetails details = 1;
|
||||
string id = 2;
|
||||
}
|
||||
|
||||
message UpdateLDAPProviderRequest {
|
||||
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string host = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string port = 4 [(validate.rules).string = {max_len: 5}];
|
||||
bool tls = 5;
|
||||
string base_dn = 6 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string user_object_class = 7 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string user_unique_attribute = 8 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string admin = 9 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string password = 10 [(validate.rules).string = {max_len: 200}];
|
||||
zitadel.idp.v1.LDAPAttributes attributes = 11;
|
||||
zitadel.idp.v1.Options provider_options = 12;
|
||||
}
|
||||
|
||||
message UpdateLDAPProviderResponse {
|
||||
zitadel.v1.ObjectDetails details = 1;
|
||||
}
|
||||
|
||||
message DeleteProviderRequest {
|
||||
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
}
|
||||
|
||||
message DeleteProviderResponse {
|
||||
zitadel.v1.ObjectDetails details = 1;
|
||||
}
|
||||
|
||||
message ListActionsRequest {
|
||||
//list limitations and ordering
|
||||
zitadel.v1.ListQuery query = 1;
|
||||
|
||||
Reference in New Issue
Block a user