mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 01:37:31 +00:00
feat: add azure provider templates (#5441)
Adds possibility to manage and use Microsoft Azure template based providers
This commit is contained in:
Livio Spring
@@ -1320,6 +1320,30 @@ service AdminService {
|
||||
};
|
||||
}
|
||||
|
||||
// Add a new Azure AD identity provider on the instance
|
||||
rpc AddAzureADProvider(AddAzureADProviderRequest) returns (AddAzureADProviderResponse) {
|
||||
option (google.api.http) = {
|
||||
post: "/idps/azure"
|
||||
body: "*"
|
||||
};
|
||||
|
||||
option (zitadel.v1.auth_option) = {
|
||||
permission: "iam.idp.write"
|
||||
};
|
||||
}
|
||||
|
||||
// Change an existing Azure AD identity provider on the instance
|
||||
rpc UpdateAzureADProvider(UpdateAzureADProviderRequest) returns (UpdateAzureADProviderResponse) {
|
||||
option (google.api.http) = {
|
||||
put: "/idps/azure/{id}"
|
||||
body: "*"
|
||||
};
|
||||
|
||||
option (zitadel.v1.auth_option) = {
|
||||
permission: "iam.idp.write"
|
||||
};
|
||||
}
|
||||
|
||||
// Add a new GitHub identity provider on the instance
|
||||
rpc AddGitHubProvider(AddGitHubProviderRequest) returns (AddGitHubProviderResponse) {
|
||||
option (google.api.http) = {
|
||||
@@ -4525,6 +4549,39 @@ message UpdateJWTProviderResponse {
|
||||
zitadel.v1.ObjectDetails details = 1;
|
||||
}
|
||||
|
||||
message AddAzureADProviderRequest {
|
||||
string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string client_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string client_secret = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
// if not provided the `common` tenant will be used
|
||||
zitadel.idp.v1.AzureADTenant tenant = 4;
|
||||
bool email_verified = 5;
|
||||
repeated string scopes = 6 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
|
||||
zitadel.idp.v1.Options provider_options = 7;
|
||||
}
|
||||
|
||||
message AddAzureADProviderResponse {
|
||||
zitadel.v1.ObjectDetails details = 1;
|
||||
string id = 2;
|
||||
}
|
||||
|
||||
message UpdateAzureADProviderRequest {
|
||||
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string client_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
// client_secret will only be updated if provided
|
||||
string client_secret = 4 [(validate.rules).string = {max_len: 200}];
|
||||
// if not provided the `common` tenant will be used
|
||||
zitadel.idp.v1.AzureADTenant tenant = 5;
|
||||
bool email_verified = 6;
|
||||
repeated string scopes = 7 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
|
||||
zitadel.idp.v1.Options provider_options = 8;
|
||||
}
|
||||
|
||||
message UpdateAzureADProviderResponse {
|
||||
zitadel.v1.ObjectDetails details = 1;
|
||||
}
|
||||
|
||||
message AddGitHubProviderRequest {
|
||||
// GitHub will be used as default, if no name is provided
|
||||
string name = 1 [(validate.rules).string = {max_len: 200}];
|
||||
|
||||
@@ -271,8 +271,10 @@ message ProviderConfig {
|
||||
GitHubEnterpriseServerConfig github_es = 8;
|
||||
GitLabConfig gitlab = 9;
|
||||
GitLabSelfHostedConfig gitlab_self_hosted = 10;
|
||||
AzureADConfig azure_ad = 11;
|
||||
}
|
||||
}
|
||||
|
||||
message OAuthConfig {
|
||||
string client_id = 1;
|
||||
string authorization_endpoint = 2;
|
||||
@@ -329,6 +331,13 @@ message LDAPConfig {
|
||||
Options provider_options = 9;
|
||||
}
|
||||
|
||||
message AzureADConfig {
|
||||
string client_id = 1;
|
||||
AzureADTenant tenant = 2;
|
||||
bool email_verified = 3;
|
||||
repeated string scopes = 4;
|
||||
}
|
||||
|
||||
message Options {
|
||||
bool is_linking_allowed = 1;
|
||||
bool is_creation_allowed = 2;
|
||||
@@ -352,3 +361,15 @@ message LDAPAttributes {
|
||||
string profile_attribute = 13 [(validate.rules).string = {max_len: 200}];
|
||||
}
|
||||
|
||||
enum AzureADTenantType {
|
||||
AZURE_AD_TENANT_TYPE_COMMON = 0;
|
||||
AZURE_AD_TENANT_TYPE_ORGANISATIONS = 1;
|
||||
AZURE_AD_TENANT_TYPE_CONSUMERS = 2;
|
||||
}
|
||||
|
||||
message AzureADTenant {
|
||||
oneof type {
|
||||
AzureADTenantType tenant_type = 1;
|
||||
string tenant_id = 2;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -6536,6 +6536,30 @@ service ManagementService {
|
||||
};
|
||||
}
|
||||
|
||||
// Add a new Azure AD identity provider in the organisation
|
||||
rpc AddAzureADProvider(AddAzureADProviderRequest) returns (AddAzureADProviderResponse) {
|
||||
option (google.api.http) = {
|
||||
post: "/idps/azure"
|
||||
body: "*"
|
||||
};
|
||||
|
||||
option (zitadel.v1.auth_option) = {
|
||||
permission: "org.idp.write"
|
||||
};
|
||||
}
|
||||
|
||||
// Change an existing Azure AD identity provider in the organisation
|
||||
rpc UpdateAzureADProvider(UpdateAzureADProviderRequest) returns (UpdateAzureADProviderResponse) {
|
||||
option (google.api.http) = {
|
||||
put: "/idps/azure/{id}"
|
||||
body: "*"
|
||||
};
|
||||
|
||||
option (zitadel.v1.auth_option) = {
|
||||
permission: "org.idp.write"
|
||||
};
|
||||
}
|
||||
|
||||
// Add a new GitHub identity provider in the organization
|
||||
rpc AddGitHubProvider(AddGitHubProviderRequest) returns (AddGitHubProviderResponse) {
|
||||
option (google.api.http) = {
|
||||
@@ -11199,6 +11223,39 @@ message UpdateJWTProviderResponse {
|
||||
zitadel.v1.ObjectDetails details = 1;
|
||||
}
|
||||
|
||||
message AddAzureADProviderRequest {
|
||||
string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string client_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string client_secret = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
// if not provided the `common` tenant will be used
|
||||
zitadel.idp.v1.AzureADTenant tenant = 4;
|
||||
bool email_verified = 5;
|
||||
repeated string scopes = 6 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
|
||||
zitadel.idp.v1.Options provider_options = 7;
|
||||
}
|
||||
|
||||
message AddAzureADProviderResponse {
|
||||
zitadel.v1.ObjectDetails details = 1;
|
||||
string id = 2;
|
||||
}
|
||||
|
||||
message UpdateAzureADProviderRequest {
|
||||
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
string client_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
||||
// client_secret will only be updated if provided
|
||||
string client_secret = 4 [(validate.rules).string = {max_len: 200}];
|
||||
// if not provided the `common` tenant will be used
|
||||
zitadel.idp.v1.AzureADTenant tenant = 5;
|
||||
bool email_verified = 6;
|
||||
repeated string scopes = 7 [(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}}];
|
||||
zitadel.idp.v1.Options provider_options = 8;
|
||||
}
|
||||
|
||||
message UpdateAzureADProviderResponse {
|
||||
zitadel.v1.ObjectDetails details = 1;
|
||||
}
|
||||
|
||||
message AddGitHubProviderRequest {
|
||||
// GitHub will be used as default, if no name is provided
|
||||
string name = 1 [(validate.rules).string = {max_len: 200}];
|
||||
|
||||
Reference in New Issue
Block a user