feat: project v2beta resource API (#9742)

# Which Problems Are Solved Resource management of projects and sub-resources was before limited by the context provided by the management API, which would mean you could only manage resources belonging to a specific organization. # How the Problems Are Solved With the addition of a resource-based API, it is now possible to manage projects and sub-resources on the basis of the resources themselves, which means that as long as you have the permission for the resource, you can create, read, update and delete it. - CreateProject to create a project under an organization - UpdateProject to update an existing project - DeleteProject to delete an existing project - DeactivateProject and ActivateProject to change the status of a project - GetProject to query for a specific project with an identifier - ListProject to query for projects and granted projects - CreateProjectGrant to create a project grant with project and granted organization - UpdateProjectGrant to update the roles of a project grant - DeactivateProjectGrant and ActivateProjectGrant to change the status of a project grant - DeleteProjectGrant to delete an existing project grant - ListProjectGrants to query for project grants - AddProjectRole to add a role to an existing project - UpdateProjectRole to change texts of an existing role - RemoveProjectRole to remove an existing role - ListProjectRoles to query for project roles # Additional Changes - Changes to ListProjects, which now contains granted projects as well - Changes to messages as defined in the [API_DESIGN](https://github.com/zitadel/zitadel/blob/main/API_DESIGN.md) - Permission checks for project functionality on query and command side - Added testing to unit tests on command side - Change update endpoints to no error returns if nothing changes in the resource - Changed all integration test utility to the new service - ListProjects now also correctly lists `granted projects` - Permission checks for project grant and project role functionality on query and command side - Change existing pre checks so that they also work resource specific without resourceowner - Added the resourceowner to the grant and role if no resourceowner is provided - Corrected import tests with project grants and roles - Added testing to unit tests on command side - Change update endpoints to no error returns if nothing changes in the resource - Changed all integration test utility to the new service - Corrected some naming in the proto files to adhere to the API_DESIGN # Additional Context Closes #9177 --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-12 00:47:33 +00:00 · 2025-05-21 14:40:47 +02:00
parent 6889d6a1da
commit 7eb45c6cfd
64 changed files with 9821 additions and 1037 deletions
--- a/internal/api/grpc/admin/export.go
+++ b/internal/api/grpc/admin/export.go
@@ -736,7 +736,7 @@ func (s *Server) getProjectsAndApps(ctx context.Context, org string) ([]*v1_pb.D
 	if err != nil {
 		return nil, nil, nil, nil, nil, err
 	}
-	queriedProjects, err := s.query.SearchProjects(ctx, &query.ProjectSearchQueries{Queries: []query.SearchQuery{projectSearch}})
+	queriedProjects, err := s.query.SearchProjects(ctx, &query.ProjectSearchQueries{Queries: []query.SearchQuery{projectSearch}}, nil)
 	if err != nil {
 		return nil, nil, nil, nil, nil, err
 	}
@@ -763,7 +763,7 @@ func (s *Server) getProjectsAndApps(ctx context.Context, org string) ([]*v1_pb.D
 			return nil, nil, nil, nil, nil, err
 		}

-		queriedProjectRoles, err := s.query.SearchProjectRoles(ctx, false, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectRoleSearch}})
+		queriedProjectRoles, err := s.query.SearchProjectRoles(ctx, false, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectRoleSearch}}, nil)
 		if err != nil {
 			return nil, nil, nil, nil, nil, err
 		}
@@ -945,7 +945,7 @@ func (s *Server) getNecessaryProjectGrantsForOrg(ctx context.Context, org string
 	if err != nil {
 		return nil, err
 	}
-	queriedProjectGrants, err := s.query.SearchProjectGrants(ctx, &query.ProjectGrantSearchQueries{Queries: []query.SearchQuery{projectGrantSearchOrg}})
+	queriedProjectGrants, err := s.query.SearchProjectGrants(ctx, &query.ProjectGrantSearchQueries{Queries: []query.SearchQuery{projectGrantSearchOrg}}, nil)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/api/grpc/admin/import.go
+++ b/internal/api/grpc/admin/import.go
@@ -621,7 +621,7 @@ func importProjects(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDa
 	}
 	for _, project := range org.GetProjects() {
 		logging.Debugf("import project: %s", project.GetProjectId())
-		_, err := s.command.AddProjectWithID(ctx, management.ProjectCreateToDomain(project.GetProject()), org.GetOrgId(), project.GetProjectId())
+		_, err := s.command.AddProject(ctx, management.ProjectCreateToCommand(project.GetProject(), project.GetProjectId(), org.GetOrgId()))
 		if err != nil {
 			*errors = append(*errors, &admin_pb.ImportDataError{Type: "project", Id: project.GetProjectId(), Message: err.Error()})
 			if isCtxTimeout(ctx) {
@@ -761,7 +761,7 @@ func importProjectRoles(ctx context.Context, s *Server, errors *[]*admin_pb.Impo
 		logging.Debugf("import projectroles: %s", role.ProjectId+"_"+role.RoleKey)

 		// TBD: why not command.BulkAddProjectRole?
-		_, err := s.command.AddProjectRole(ctx, management.AddProjectRoleRequestToDomain(role), org.GetOrgId())
+		_, err := s.command.AddProjectRole(ctx, management.AddProjectRoleRequestToCommand(role, org.GetOrgId()))
 		if err != nil {
 			*errors = append(*errors, &admin_pb.ImportDataError{Type: "project_role", Id: role.ProjectId + "_" + role.RoleKey, Message: err.Error()})
 			if isCtxTimeout(ctx) {
@@ -1023,7 +1023,7 @@ func importOrg2(ctx context.Context, s *Server, errors *[]*admin_pb.ImportDataEr
 	if org.ProjectGrants != nil {
 		for _, grant := range org.GetProjectGrants() {
 			logging.Debugf("import projectgrant: %s", grant.GetGrantId()+"_"+grant.GetProjectGrant().GetProjectId()+"_"+grant.GetProjectGrant().GetGrantedOrgId())
-			_, err := s.command.AddProjectGrantWithID(ctx, management.AddProjectGrantRequestToDomain(grant.GetProjectGrant()), grant.GetGrantId(), org.GetOrgId())
+			_, err := s.command.AddProjectGrant(ctx, management.AddProjectGrantRequestToCommand(grant.GetProjectGrant(), grant.GetGrantId(), org.GetOrgId()))
 			if err != nil {
 				*errors = append(*errors, &admin_pb.ImportDataError{Type: "project_grant", Id: org.GetOrgId() + "_" + grant.GetProjectGrant().GetProjectId() + "_" + grant.GetProjectGrant().GetGrantedOrgId(), Message: err.Error()})
 				if isCtxTimeout(ctx) {
--- a/internal/api/grpc/admin/integration_test/import_test.go
+++ b/internal/api/grpc/admin/integration_test/import_test.go
@@ -259,6 +259,12 @@ func TestServer_ImportData(t *testing.T) {
 				Data: &admin.ImportDataRequest_DataOrgs{
 					DataOrgs: &admin.ImportDataOrg{
 						Orgs: []*admin.DataOrg{
+							{
+								OrgId: orgIDs[4],
+								Org: &management.AddOrgRequest{
+									Name: gofakeit.ProductName(),
+								},
+							},
 							{
 								OrgId: orgIDs[3],
 								Org: &management.AddOrgRequest{
@@ -336,6 +342,9 @@ func TestServer_ImportData(t *testing.T) {
 				},
 				Success: &admin.ImportDataSuccess{
 					Orgs: []*admin.ImportDataSuccessOrg{
+						{
+							OrgId: orgIDs[4],
+						},
 						{
 							OrgId:      orgIDs[3],
 							ProjectIds: projectIDs[2:4],
@@ -363,6 +372,12 @@ func TestServer_ImportData(t *testing.T) {
 				Data: &admin.ImportDataRequest_DataOrgs{
 					DataOrgs: &admin.ImportDataOrg{
 						Orgs: []*admin.DataOrg{
+							{
+								OrgId: orgIDs[6],
+								Org: &management.AddOrgRequest{
+									Name: gofakeit.ProductName(),
+								},
+							},
 							{
 								OrgId: orgIDs[5],
 								Org: &management.AddOrgRequest{
@@ -383,6 +398,11 @@ func TestServer_ImportData(t *testing.T) {
 										RoleKey:     "role1",
 										DisplayName: "role1",
 									},
+									{
+										ProjectId:   projectIDs[4],
+										RoleKey:     "role2",
+										DisplayName: "role2",
+									},
 								},
 								HumanUsers: []*v1.DataHumanUser{
 									{
@@ -442,11 +462,15 @@ func TestServer_ImportData(t *testing.T) {
 				},
 				Success: &admin.ImportDataSuccess{
 					Orgs: []*admin.ImportDataSuccessOrg{
+						{
+							OrgId: orgIDs[6],
+						},
 						{
 							OrgId:      orgIDs[5],
 							ProjectIds: projectIDs[4:5],
 							ProjectRoles: []string{
 								projectIDs[4] + "_role1",
+								projectIDs[4] + "_role2",
 							},
 							HumanUserIds: userIDs[2:3],
 							ProjectGrants: []*admin.ImportDataSuccessProjectGrant{