TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 14:37:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: project v2beta resource API (#9742)

Browse Source 
# Which Problems Are Solved

Resource management of projects and sub-resources was before limited by
the context provided by the management API, which would mean you could
only manage resources belonging to a specific organization.

# How the Problems Are Solved

With the addition of a resource-based API, it is now possible to manage
projects and sub-resources on the basis of the resources themselves,
which means that as long as you have the permission for the resource,
you can create, read, update and delete it.

- CreateProject to create a project under an organization
- UpdateProject to update an existing project
- DeleteProject to delete an existing project
- DeactivateProject and ActivateProject to change the status of a
project
- GetProject to query for a specific project with an identifier
- ListProject to query for projects and granted projects
- CreateProjectGrant to create a project grant with project and granted
organization
- UpdateProjectGrant to update the roles of a project grant
- DeactivateProjectGrant and ActivateProjectGrant to change the status
of a project grant
- DeleteProjectGrant to delete an existing project grant
- ListProjectGrants to query for project grants
- AddProjectRole to add a role to an existing project
- UpdateProjectRole to change texts of an existing role
- RemoveProjectRole to remove an existing role
- ListProjectRoles to query for project roles

# Additional Changes

- Changes to ListProjects, which now contains granted projects as well
- Changes to messages as defined in the
[API_DESIGN](https://github.com/zitadel/zitadel/blob/main/API_DESIGN.md)
- Permission checks for project functionality on query and command side
- Added testing to unit tests on command side
- Change update endpoints to no error returns if nothing changes in the
resource
- Changed all integration test utility to the new service
- ListProjects now also correctly lists `granted projects`
- Permission checks for project grant and project role functionality on
query and command side
- Change existing pre checks so that they also work resource specific
without resourceowner
- Added the resourceowner to the grant and role if no resourceowner is
provided
- Corrected import tests with project grants and roles
- Added testing to unit tests on command side
- Change update endpoints to no error returns if nothing changes in the
resource
- Changed all integration test utility to the new service
- Corrected some naming in the proto files to adhere to the API_DESIGN

# Additional Context

Closes #9177

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
This commit is contained in:
Stefan Benz
2025-05-21 14:40:47 +02:00
committed by GitHub
parent 6889d6a1da
commit 7eb45c6cfd
64 changed files with 9821 additions and 1037 deletions
Download Patch File Download Diff File Expand all files Collapse all files

176
proto/zitadel/management.proto
View File

@@ -2678,6 +2678,11 @@ service ManagementService {
};
}
// Get Project By ID
//
// Deprecated: [Get Project](apis/resources/project_service_v2/project-service-get-project.api.mdx) to get project by ID.
//
// Returns a project owned by the organization (no granted projects). A Project is a vessel for different applications sharing the same role context.
rpc GetProjectByID(GetProjectByIDRequest) returns (GetProjectByIDResponse) {
option (google.api.http) = {
get: "/projects/{id}"
@@ -2690,8 +2695,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Projects";
summary: "Get Project By ID";
description: "Returns a project owned by the organization (no granted projects). A Project is a vessel for different applications sharing the same role context."
deprecated: true;
parameters: {
headers: {
name: "x-zitadel-orgid";
@@ -2703,6 +2707,11 @@ service ManagementService {
};
}
// Get Granted Project By ID
//
// Deprecated: [List Projects](apis/resources/project_service_v2/project-service-list-projects.api.mdx) to get granted projects.
//
// Returns a project owned by another organization and granted to my organization. A Project is a vessel for different applications sharing the same role context.
rpc GetGrantedProjectByID(GetGrantedProjectByIDRequest) returns (GetGrantedProjectByIDResponse) {
option (google.api.http) = {
get: "/granted_projects/{project_id}/grants/{grant_id}"
@@ -2715,8 +2724,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Projects";
summary: "Get Granted Project By ID";
description: "Returns a project owned by another organization and granted to my organization. A Project is a vessel for different applications sharing the same role context."
deprecated: true;
parameters: {
headers: {
name: "x-zitadel-orgid";
@@ -2728,6 +2736,11 @@ service ManagementService {
};
}
// List Projects
//
// Deprecated: [List Projects](apis/resources/project_service_v2/project-service-list-projects.api.mdx) to list all projects and granted projects.
//
// Lists projects my organization is the owner of (no granted projects). A Project is a vessel for different applications sharing the same role context.
rpc ListProjects(ListProjectsRequest) returns (ListProjectsResponse) {
option (google.api.http) = {
post: "/projects/_search"
@@ -2740,8 +2753,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Projects";
summary: "Search Project";
description: "Lists projects my organization is the owner of (no granted projects). A Project is a vessel for different applications sharing the same role context."
deprecated: true;
parameters: {
headers: {
name: "x-zitadel-orgid";
@@ -2753,6 +2765,11 @@ service ManagementService {
};
}
// List Granted Projects
//
// Deprecated: [List Projects](apis/resources/project_service_v2/project-service-list-projects.api.mdx) to list all projects and granted projects.
//
// Lists projects my organization got granted from another organization. A Project is a vessel for different applications sharing the same role context.
rpc ListGrantedProjects(ListGrantedProjectsRequest) returns (ListGrantedProjectsResponse) {
option (google.api.http) = {
post: "/granted_projects/_search"
@@ -2765,8 +2782,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Projects";
summary: "Search Granted Project";
description: "Lists projects my organization got granted from another organization. A Project is a vessel for different applications sharing the same role context."
deprecated: true;
parameters: {
headers: {
name: "x-zitadel-orgid";
@@ -2828,6 +2844,11 @@ service ManagementService {
};
}
// Create Project
//
// Deprecated: [Create Project](apis/resources/project_service_v2/project-service-create-project.api.mdx) to create a project.
//
// Create a new project. A Project is a vessel for different applications sharing the same role context.
rpc AddProject(AddProjectRequest) returns (AddProjectResponse) {
option (google.api.http) = {
post: "/projects"
@@ -2840,8 +2861,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Projects";
summary: "Create Project";
description: "Create a new project. A Project is a vessel for different applications sharing the same role context."
deprecated: true;
parameters: {
headers: {
name: "x-zitadel-orgid";
@@ -2853,6 +2873,11 @@ service ManagementService {
};
}
// Update Project
//
// Deprecated: [Update Project](apis/resources/project_service_v2/project-service-update-project.api.mdx) to update a project.
//
// Update a project and its settings. A Project is a vessel for different applications sharing the same role context.
rpc UpdateProject(UpdateProjectRequest) returns (UpdateProjectResponse) {
option (google.api.http) = {
put: "/projects/{id}"
@@ -2866,8 +2891,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Projects";
summary: "Update Project";
description: "Update a project and its settings. A Project is a vessel for different applications sharing the same role context."
deprecated: true;
parameters: {
headers: {
name: "x-zitadel-orgid";
@@ -2879,6 +2903,11 @@ service ManagementService {
};
}
// Deactivate Project
//
// Deprecated: [Deactivate Project](apis/resources/project_service_v2/project-service-deactivate-project.api.mdx) to deactivate a project.
//
// Set the state of a project to deactivated. Request returns an error if the project is already deactivated.
rpc DeactivateProject(DeactivateProjectRequest) returns (DeactivateProjectResponse) {
option (google.api.http) = {
post: "/projects/{id}/_deactivate"
@@ -2892,8 +2921,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Projects";
summary: "Deactivate Project";
description: "Set the state of a project to deactivated. Request returns an error if the project is already deactivated."
deprecated: true;
parameters: {
headers: {
name: "x-zitadel-orgid";
@@ -2905,6 +2933,11 @@ service ManagementService {
};
}
// Activate Project
//
// Deprecated: [Activate Project](apis/resources/project_service_v2/project-service-activate-project.api.mdx) to activate a project.
//
// Set the state of a project to active. Request returns an error if the project is not deactivated.
rpc ReactivateProject(ReactivateProjectRequest) returns (ReactivateProjectResponse) {
option (google.api.http) = {
post: "/projects/{id}/_reactivate"
@@ -2918,8 +2951,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Projects";
summary: "Reactivate Project";
description: "Set the state of a project to active. Request returns an error if the project is not deactivated."
deprecated: true;
parameters: {
headers: {
name: "x-zitadel-orgid";
@@ -2931,6 +2963,11 @@ service ManagementService {
};
}
// Remove Project
//
// Deprecated: [Delete Project](apis/resources/project_service_v2/project-service-delete-project.api.mdx) to remove a project.
//
// Project and all its sub-resources like project grants, applications, roles and user grants will be removed.
rpc RemoveProject(RemoveProjectRequest) returns (RemoveProjectResponse) {
option (google.api.http) = {
delete: "/projects/{id}"
@@ -2943,8 +2980,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Projects";
summary: "Remove Project";
description: "Project and all its sub-resources like project grants, applications, roles and user grants will be removed."
deprecated: true;
parameters: {
headers: {
name: "x-zitadel-orgid";
@@ -2956,6 +2992,11 @@ service ManagementService {
};
}
// Search Project Roles
//
// Deprecated: [List Project Roles](apis/resources/project_service_v2/project-service-list-project-roles.api.mdx) to get project roles.
//
// Returns all roles of a project matching the search query.
rpc ListProjectRoles(ListProjectRolesRequest) returns (ListProjectRolesResponse) {
option (google.api.http) = {
post: "/projects/{project_id}/roles/_search"
@@ -2969,8 +3010,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Project Roles";
summary: "Search Project Roles";
description: "Returns all roles of a project matching the search query."
deprecated: true;
parameters: {
headers: {
name: "x-zitadel-orgid";
@@ -2982,6 +3022,11 @@ service ManagementService {
};
}
// Add Project Role
//
// Deprecated: [Add Project Role](apis/resources/project_service_v2/project-service-add-project-role.api.mdx) to add a project role.
//
// Add a new project role to a project. The key must be unique within the project.\n\nDeprecated: please use user service v2 AddProjectRole.
rpc AddProjectRole(AddProjectRoleRequest) returns (AddProjectRoleResponse) {
option (google.api.http) = {
post: "/projects/{project_id}/roles"
@@ -2995,8 +3040,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Project Roles";
summary: "Add Project Role";
description: "Add a new project role to a project. The key must be unique within the project."
deprecated: true;
parameters: {
headers: {
name: "x-zitadel-orgid";
@@ -3008,6 +3052,11 @@ service ManagementService {
};
}
// Bulk add Project Role
//
// Deprecated: [Add Project Role](apis/resources/project_service_v2/project-service-add-project-role.api.mdx) to add a project role.
//
// Add a list of roles to a project. The keys must be unique within the project.
rpc BulkAddProjectRoles(BulkAddProjectRolesRequest) returns (BulkAddProjectRolesResponse) {
option (google.api.http) = {
post: "/projects/{project_id}/roles/_bulk"
@@ -3021,8 +3070,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Project Roles";
summary: "Bulk Add Project Role";
description: "Add a list of roles to a project. The keys must be unique within the project."
deprecated: true;
parameters: {
headers: {
name: "x-zitadel-orgid";
@@ -3034,6 +3082,11 @@ service ManagementService {
};
}
// Update Project Role
//
// Deprecated: [Update Project Role](apis/resources/project_service_v2/project-service-update-project-role.api.mdx) to update a project role.
//
// Change a project role. The key is not editable. If a key should change, remove the role and create a new one.
rpc UpdateProjectRole(UpdateProjectRoleRequest) returns (UpdateProjectRoleResponse) {
option (google.api.http) = {
put: "/projects/{project_id}/roles/{role_key}"
@@ -3047,8 +3100,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Project Roles";
summary: "Change Project Role";
description: "Change a project role. The key is not editable. If a key should change, remove the role and create a new one."
deprecated: true;
parameters: {
headers: {
name: "x-zitadel-orgid";
@@ -3060,6 +3112,11 @@ service ManagementService {
};
}
// Remove Project Role
//
// Deprecated: [Delete Project Role](apis/resources/project_service_v2/project-service-update-project-role.api.mdx) to remove a project role.
//
// Removes the role from the project and on every resource it has a dependency. This includes project grants and user grants.
rpc RemoveProjectRole(RemoveProjectRoleRequest) returns (RemoveProjectRoleResponse) {
option (google.api.http) = {
delete: "/projects/{project_id}/roles/{role_key}"
@@ -3072,8 +3129,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Project Roles";
summary: "Remove Project Role";
description: "Removes the role from the project and on every resource it has a dependency. This includes project grants and user grants."
deprecated: true;
parameters: {
headers: {
name: "x-zitadel-orgid";
@@ -3737,6 +3793,11 @@ service ManagementService {
};
}
// Get Project Grant By ID
//
// Deprecated: [List Project Grants](apis/resources/project_service_v2/project-service-list-project-grants.api.mdx) to get a project grant.
//
// Returns a project grant. A project grant is when the organization grants its project to another organization.
rpc GetProjectGrantByID(GetProjectGrantByIDRequest) returns (GetProjectGrantByIDResponse) {
option (google.api.http) = {
get: "/projects/{project_id}/grants/{grant_id}"
@@ -3748,8 +3809,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Projects";
summary: "Project Grant By ID";
description: "Returns a project grant. A project grant is when the organization grants its project to another organization."
deprecated: true;
parameters: {
headers: {
name: "x-zitadel-orgid";
@@ -3761,6 +3821,11 @@ service ManagementService {
};
}
// List Project Grants
//
// Deprecated: [List Project Grants](apis/resources/project_service_v2/project-service-list-project-grants.api.mdx) to list project grants.
//
// Returns a list of project grants for a specific project. A project grant is when the organization grants its project to another organization.
rpc ListProjectGrants(ListProjectGrantsRequest) returns (ListProjectGrantsResponse) {
option (google.api.http) = {
post: "/projects/{project_id}/grants/_search"
@@ -3774,8 +3839,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Project Grants";
summary: "Search Project Grants from Project";
description: "Returns a list of project grants for a specific project. A project grant is when the organization grants its project to another organization."
deprecated: true;
parameters: {
headers: {
name: "x-zitadel-orgid";
@@ -3787,6 +3851,11 @@ service ManagementService {
};
}
// Search Project Grants
//
// Deprecated: [List Project Grants](apis/resources/project_service_v2/project-service-list-project-grants.api.mdx) to list project grants.
//
// Returns a list of project grants. A project grant is when the organization grants its project to another organization.
rpc ListAllProjectGrants(ListAllProjectGrantsRequest) returns (ListAllProjectGrantsResponse) {
option (google.api.http) = {
post: "/projectgrants/_search"
@@ -3799,8 +3868,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Project Grants";
summary: "Search Project Grants";
description: "Returns a list of project grants. A project grant is when the organization grants its project to another organization."
deprecated: true;
parameters: {
headers: {
name: "x-zitadel-orgid";
@@ -3812,6 +3880,11 @@ service ManagementService {
};
}
// Add Project Grant
//
// Deprecated: [Create Project Grant](apis/resources/project_service_v2/project-service-create-project-grant.api.mdx) to add a project grant.
//
// Grant a project to another organization. The project grant will allow the granted organization to access the project and manage the authorizations for its users. Project Grant will be listed in the granted project of the granted organization.
rpc AddProjectGrant(AddProjectGrantRequest) returns (AddProjectGrantResponse) {
option (google.api.http) = {
post: "/projects/{project_id}/grants"
@@ -3824,8 +3897,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Project Grants";
summary: "Add Project Grant";
description: "Grant a project to another organization. The project grant will allow the granted organization to access the project and manage the authorizations for its users. Project Grant will be listed in the granted project of the granted organization"
deprecated: true;
parameters: {
headers: {
name: "x-zitadel-orgid";
@@ -3837,6 +3909,11 @@ service ManagementService {
};
}
// Update Project Grant
//
// Deprecated: [Update Project Grant](apis/resources/project_service_v2/project-service-update-project-grant.api.mdx) to update a project grant.
//
// Change the roles of the project that is granted to another organization. The project grant will allow the granted organization to access the project and manage the authorizations for its users. Project Grant will be listed in the granted project of the granted organization.
rpc UpdateProjectGrant(UpdateProjectGrantRequest) returns (UpdateProjectGrantResponse) {
option (google.api.http) = {
put: "/projects/{project_id}/grants/{grant_id}"
@@ -3849,8 +3926,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Project Grants";
summary: "Change Project Grant";
description: "Change the roles of the project that is granted to another organization. The project grant will allow the granted organization to access the project and manage the authorizations for its users. Project Grant will be listed in the granted project of the granted organization"
deprecated: true;
parameters: {
headers: {
name: "x-zitadel-orgid";
@@ -3862,6 +3938,11 @@ service ManagementService {
};
}
// Deactivate Project Grant
//
// Deprecated: [Deactivate Project Grant](apis/resources/project_service_v2/project-service-deactivate-project-grant.api.mdx) to deactivate a project grant.
//
// Set the state of the project grant to deactivated. The grant has to be active to be able to deactivate.
rpc DeactivateProjectGrant(DeactivateProjectGrantRequest) returns (DeactivateProjectGrantResponse) {
option (google.api.http) = {
post: "/projects/{project_id}/grants/{grant_id}/_deactivate"
@@ -3874,8 +3955,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Project Grants";
summary: "Deactivate Project Grant";
description: "Set the state of the project grant to deactivated. The grant has to be active to be able to deactivate."
deprecated: true;
parameters: {
headers: {
name: "x-zitadel-orgid";
@@ -3887,6 +3967,11 @@ service ManagementService {
};
}
// Reactivate Project Grant
//
// Deprecated: [Activate Project Grant](apis/resources/project_service_v2/project-service-activate-project-grant.api.mdx) to activate a project grant.
//
// Set the state of the project grant to active. The grant has to be deactivated to be able to reactivate.
rpc ReactivateProjectGrant(ReactivateProjectGrantRequest) returns (ReactivateProjectGrantResponse) {
option (google.api.http) = {
post: "/projects/{project_id}/grants/{grant_id}/_reactivate"
@@ -3899,8 +3984,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Project Grants";
summary: "Reactivate Project Grant";
description: "Set the state of the project grant to active. The grant has to be deactivated to be able to reactivate."
deprecated: true;
parameters: {
headers: {
name: "x-zitadel-orgid";
@@ -3912,6 +3996,11 @@ service ManagementService {
};
}
// Remove Project Grant
//
// Deprecated: [Delete Project Grant](apis/resources/project_service_v2/project-service-delete-project-grant.api.mdx) to remove a project grant.
//
// Remove a project grant. All user grants for this project grant will also be removed. A user will not have access to the project afterward (if permissions are checked).
rpc RemoveProjectGrant(RemoveProjectGrantRequest) returns (RemoveProjectGrantResponse) {
option (google.api.http) = {
delete: "/projects/{project_id}/grants/{grant_id}"
@@ -3923,8 +4012,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Project Grants";
summary: "Remove Project Grant";
description: "Remove a project grant. All user grants for this project grant will also be removed. A user will not have access to the project afterward (if permissions are checked)."
deprecated: true;
parameters: {
headers: {
name: "x-zitadel-orgid";

1237
proto/zitadel/project/v2beta/project_service.proto Normal file
View File

File diff suppressed because it is too large Load Diff

347
proto/zitadel/project/v2beta/query.proto Normal file
View File

@@ -0,0 +1,347 @@
syntax = "proto3";
package zitadel.project.v2beta;
option go_package = "github.com/zitadel/zitadel/pkg/grpc/project/v2beta;project";
import "google/api/field_behavior.proto";
import "protoc-gen-openapiv2/options/annotations.proto";
import "validate/validate.proto";
import "google/protobuf/timestamp.proto";
import "zitadel/filter/v2beta/filter.proto";
message ProjectGrant {
// The unique identifier of the organization which granted the project to the granted_organization_id.
string organization_id = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629012906488334\"";
}
];
// The timestamp of the granted project creation.
google.protobuf.Timestamp creation_date = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2024-12-18T07:50:47.492Z\"";
}
];
// The timestamp of the last change to the granted project (e.g. creation, activation, deactivation).
google.protobuf.Timestamp change_date = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2025-01-23T10:34:18.051Z\"";
}
];
// The ID of the organization the project is granted to.
string granted_organization_id = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\""
}
];
// The name of the organization the project is granted to.
string granted_organization_name = 6 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Some Organization\""
}
];
// The roles of the granted project.
repeated string granted_role_keys = 7 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"role.super.man\"]"
}
];
// The ID of the granted project.
string project_id = 8 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\""
}
];
// The name of the granted project.
string project_name = 9 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"ZITADEL\""
}
];
// Describes the current state of the granted project.
ProjectGrantState state = 10 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "current state of the project";
}
];
}
enum ProjectGrantState {
PROJECT_GRANT_STATE_UNSPECIFIED = 0;
PROJECT_GRANT_STATE_ACTIVE = 1;
PROJECT_GRANT_STATE_INACTIVE = 2;
}
message Project {
// The unique identifier of the project.
string id = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629012906488334\"";
}
];
// The unique identifier of the organization the project belongs to.
string organization_id = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629012906488334\"";
}
];
// The timestamp of the project creation.
google.protobuf.Timestamp creation_date = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2024-12-18T07:50:47.492Z\"";
}
];
// The timestamp of the last change to the project (e.g. creation, activation, deactivation).
google.protobuf.Timestamp change_date = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2025-01-23T10:34:18.051Z\"";
}
];
// The name of the project.
string name = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"ip_allow_list\"";
}
];
// Describes the current state of the project.
ProjectState state = 6 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "current state of the project";
}
];
// Describes if the roles of the user should be added to the token.
bool project_role_assertion = 7;
// When enabled ZITADEL will check if a user has an authorization to use this project assigned when login into an application of this project.
bool authorization_required = 8;
// When enabled ZITADEL will check if the organization of the user, that is trying to log in, has access to this project (either owns the project or is granted).
bool project_access_required = 9;
// Defines from where the private labeling should be triggered.
PrivateLabelingSetting private_labeling_setting = 10;
// The ID of the organization the project is granted to.
optional string granted_organization_id = 12 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\""
}
];
// The name of the organization the project is granted to.
optional string granted_organization_name = 13 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Some Organization\""
}
];
// Describes the current state of the granted project.
GrantedProjectState granted_state = 14 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "current state of the granted project";
}
];
}
enum ProjectState {
PROJECT_STATE_UNSPECIFIED = 0;
PROJECT_STATE_ACTIVE = 1;
PROJECT_STATE_INACTIVE = 2;
}
enum GrantedProjectState {
GRANTED_PROJECT_STATE_UNSPECIFIED = 0;
GRANTED_PROJECT_STATE_ACTIVE = 1;
GRANTED_PROJECT_STATE_INACTIVE = 2;
}
enum PrivateLabelingSetting {
PRIVATE_LABELING_SETTING_UNSPECIFIED = 0;
PRIVATE_LABELING_SETTING_ENFORCE_PROJECT_RESOURCE_OWNER_POLICY = 1;
PRIVATE_LABELING_SETTING_ALLOW_LOGIN_USER_RESOURCE_OWNER_POLICY = 2;
}
enum ProjectFieldName {
PROJECT_FIELD_NAME_UNSPECIFIED = 0;
PROJECT_FIELD_NAME_ID = 1;
PROJECT_FIELD_NAME_CREATION_DATE = 2;
PROJECT_FIELD_NAME_CHANGE_DATE = 3;
PROJECT_FIELD_NAME_NAME = 4;
}
enum ProjectGrantFieldName {
PROJECT_GRANT_FIELD_NAME_UNSPECIFIED = 0;
PROJECT_GRANT_FIELD_NAME_PROJECT_ID = 1;
PROJECT_GRANT_FIELD_NAME_CREATION_DATE = 2;
PROJECT_GRANT_FIELD_NAME_CHANGE_DATE = 3;
}
enum ProjectRoleFieldName {
PROJECT_ROLE_FIELD_NAME_UNSPECIFIED = 0;
PROJECT_ROLE_FIELD_NAME_KEY = 1;
PROJECT_ROLE_FIELD_NAME_CREATION_DATE = 2;
PROJECT_ROLE_FIELD_NAME_CHANGE_DATE = 3;
}
message ProjectSearchFilter {
oneof filter {
option (validate.required) = true;
ProjectNameFilter project_name_filter = 1;
InProjectIDsFilter in_project_ids_filter = 2;
ProjectResourceOwnerFilter project_resource_owner_filter = 3;
ProjectGrantResourceOwnerFilter project_grant_resource_owner_filter = 4;
ProjectOrganizationIDFilter project_organization_id_filter = 5;
}
}
message ProjectNameFilter {
// Defines the name of the project to query for.
string project_name = 1 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
max_length: 200;
example: "\"ip_allow_list\"";
}
];
// Defines which text comparison method used for the name query.
zitadel.filter.v2beta.TextFilterMethod method = 2 [
(validate.rules).enum.defined_only = true,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines which text equality method is used";
}
];
}
message InProjectIDsFilter {
// Defines the ids to query for.
repeated string project_ids = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "the ids of the projects to include"
example: "[\"69629023906488334\",\"69622366012355662\"]";
}
];
}
message ProjectResourceOwnerFilter {
// Defines the ID of organization the project belongs to query for.
string project_resource_owner = 1 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\""
}
];
}
message ProjectGrantResourceOwnerFilter {
// Defines the ID of organization the project grant belongs to query for.
string project_grant_resource_owner = 1 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\""
}
];
}
message ProjectOrganizationIDFilter {
// Defines the ID of organization the project and granted project belong to query for.
string project_organization_id = 1 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\""
}
];
}
message ProjectGrantSearchFilter {
oneof filter {
option (validate.required) = true;
ProjectNameFilter project_name_filter = 1;
ProjectRoleKeyFilter role_key_filter = 2;
InProjectIDsFilter in_project_ids_filter = 3;
ProjectResourceOwnerFilter project_resource_owner_filter = 4;
ProjectGrantResourceOwnerFilter project_grant_resource_owner_filter = 5;
}
}
message GrantedOrganizationIDFilter {
// Defines the ID of organization the project is granted to query for.
string granted_organization_id = 1 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\""
}
];
}
message ProjectRole {
// ID of the project.
string project_id = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629026806489455\"";
}
];
// Key of the project role.
string key = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"role.super.man\""
}
];
// The timestamp of the project role creation.
google.protobuf.Timestamp creation_date = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2024-12-18T07:50:47.492Z\"";
}
];
// The timestamp of the last change to the project role.
google.protobuf.Timestamp change_date = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2025-01-23T10:34:18.051Z\"";
}
];
// Display name of the project role.
string display_name = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Super man\""
}
];
// Group of the project role.
string group = 6 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"people\""
}
];
}
message ProjectRoleSearchFilter {
oneof filter {
option (validate.required) = true;
ProjectRoleKeyFilter role_key_filter = 1;
ProjectRoleDisplayNameFilter display_name_filter = 2;
}
}
message ProjectRoleKeyFilter {
string key = 1 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"role.super.man\""
}
];
// Defines which text comparison method used for the name query.
zitadel.filter.v2beta.TextFilterMethod method = 2 [
(validate.rules).enum.defined_only = true
];
}
message ProjectRoleDisplayNameFilter {
string display_name = 1 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"SUPER\""
}
];
// Defines which text comparison method used for the name query.
zitadel.filter.v2beta.TextFilterMethod method = 2 [
(validate.rules).enum.defined_only = true
];
}