TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 11:27:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: permit all features to every instance and organisation (#3566)

Browse Source
This commit is contained in:
Livio Amstutz
2022-05-02 11:18:17 +02:00
committed by GitHub
parent a9f71ba08e
commit 861cf07700
71 changed files with 90 additions and 6589 deletions
Download Patch File Download Diff File Expand all files Collapse all files

139
proto/zitadel/admin.proto
View File

@@ -10,7 +10,6 @@ import "zitadel/policy.proto";
import "zitadel/settings.proto";
import "zitadel/text.proto";
import "zitadel/member.proto";
import "zitadel/features.proto";
import "google/api/annotations.proto";
import "google/protobuf/timestamp.proto";
@@ -893,58 +892,6 @@ service AdminService {
};
}
rpc GetDefaultFeatures(GetDefaultFeaturesRequest) returns (GetDefaultFeaturesResponse) {
option(google.api.http) = {
get: "/features"
};
option (zitadel.v1.auth_option) = {
permission: "iam.features.read"
};
}
rpc SetDefaultFeatures(SetDefaultFeaturesRequest) returns (SetDefaultFeaturesResponse) {
option(google.api.http) = {
put: "/features"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.features.write"
};
}
rpc GetOrgFeatures(GetOrgFeaturesRequest) returns (GetOrgFeaturesResponse) {
option(google.api.http) = {
get: "/orgs/{org_id}/features"
};
option (zitadel.v1.auth_option) = {
permission: "iam.features.read"
};
}
rpc SetOrgFeatures(SetOrgFeaturesRequest) returns (SetOrgFeaturesResponse) {
option(google.api.http) = {
put: "/orgs/{org_id}/features"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.features.write"
};
}
rpc ResetOrgFeatures(ResetOrgFeaturesRequest) returns (ResetOrgFeaturesResponse) {
option(google.api.http) = {
delete: "/orgs/{org_id}/features"
};
option (zitadel.v1.auth_option) = {
permission: "iam.features.write"
};
}
//deprecated: please use DomainPolicy instead
//Returns the Org IAM policy defined by the administrators of ZITADEL
rpc GetOrgIAMPolicy(GetOrgIAMPolicyRequest) returns (GetOrgIAMPolicyResponse) {
@@ -3380,92 +3327,6 @@ message UpdateIDPJWTConfigResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetDefaultFeaturesRequest {}
message GetDefaultFeaturesResponse {
zitadel.features.v1.Features features = 1;
}
message SetDefaultFeaturesRequest {
string tier_name = 1 [(validate.rules).string = {max_len: 200}];
string description = 2 [(validate.rules).string = {max_len: 200}];
google.protobuf.Duration audit_log_retention = 5 [(validate.rules).duration = {gte: {seconds: 0}}];
bool login_policy_username_login = 6;
bool login_policy_registration = 7;
bool login_policy_idp = 8;
bool login_policy_factors = 9;
bool login_policy_passwordless = 10;
bool password_complexity_policy = 11;
bool label_policy = 12;
bool custom_domain = 13;
bool login_policy_password_reset = 14;
bool label_policy_private_label = 15;
bool label_policy_watermark = 16;
bool custom_text = 17;
bool privacy_policy = 18;
bool metadata_user = 19;
bool custom_text_message = 20;
bool custom_text_login = 21;
bool lockout_policy = 22;
bool actions = 23;
zitadel.features.v1.ActionsAllowed actions_allowed = 24;
int32 max_actions = 25;
}
message SetDefaultFeaturesResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetOrgFeaturesRequest {
string org_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetOrgFeaturesResponse {
zitadel.features.v1.Features features = 1;
}
message SetOrgFeaturesRequest {
string org_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string tier_name = 2 [(validate.rules).string = {max_len: 200}];
string description = 3 [(validate.rules).string = {max_len: 200}];
zitadel.features.v1.FeaturesState state = 4;
string state_description = 5 [(validate.rules).string = {max_len: 200}];
google.protobuf.Duration audit_log_retention = 6 [(validate.rules).duration = {gte: {seconds: 0}}];
bool login_policy_username_login = 7;
bool login_policy_registration = 8;
bool login_policy_idp = 9;
bool login_policy_factors = 10;
bool login_policy_passwordless = 11;
bool password_complexity_policy = 12;
bool label_policy = 13;
bool custom_domain = 14;
bool login_policy_password_reset = 15;
bool label_policy_private_label = 16;
bool label_policy_watermark = 17;
bool custom_text = 18;
bool privacy_policy = 19;
bool metadata_user = 20;
bool custom_text_message = 21;
bool custom_text_login = 22;
bool lockout_policy = 23;
bool actions = 24;
zitadel.features.v1.ActionsAllowed actions_allowed = 25;
int32 max_actions = 26;
}
message SetOrgFeaturesResponse {
zitadel.v1.ObjectDetails details = 1;
}
message ResetOrgFeaturesRequest {
string org_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message ResetOrgFeaturesResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetOrgIAMPolicyRequest {}
message GetOrgIAMPolicyResponse {

18
proto/zitadel/auth.proto
View File

@@ -551,17 +551,6 @@ service AuthService {
};
}
// Returns a list of features, which are allowed on these organisation based on the subscription of the organisation
rpc ListMyZitadelFeatures(ListMyZitadelFeaturesRequest) returns (ListMyZitadelFeaturesResponse) {
option (google.api.http) = {
post: "/features/zitadel/me/_search"
};
option (zitadel.v1.auth_option) = {
permission: "authenticated"
};
}
// Returns the permissions the authorized user has in ZITADEL based on his manager roles (e.g ORG_OWNER)
rpc ListMyZitadelPermissions(ListMyZitadelPermissionsRequest) returns (ListMyZitadelPermissionsResponse) {
option (google.api.http) = {
@@ -1003,13 +992,6 @@ message ListMyProjectOrgsResponse {
repeated zitadel.org.v1.Org result = 2;
}
//This is an empty request
message ListMyZitadelFeaturesRequest {}
message ListMyZitadelFeaturesResponse {
repeated string result = 1;
}
//This is an empty request
message ListMyZitadelPermissionsRequest {}

57
proto/zitadel/features.proto
View File

@@ -1,57 +0,0 @@
syntax = "proto3";
import "zitadel/object.proto";
import "google/protobuf/duration.proto";
package zitadel.features.v1;
option go_package = "github.com/zitadel/zitadel/pkg/grpc/features";
message Features {
zitadel.v1.ObjectDetails details = 1;
FeatureTier tier = 2;
bool is_default = 3;
google.protobuf.Duration audit_log_retention = 4;
bool login_policy_username_login = 5;
bool login_policy_registration = 6;
bool login_policy_idp = 7;
bool login_policy_factors = 8;
bool login_policy_passwordless = 9;
bool password_complexity_policy = 10;
bool label_policy = 11;
bool custom_domain = 12;
bool login_policy_password_reset = 13;
bool label_policy_private_label = 14;
bool label_policy_watermark = 15;
bool custom_text = 16;
bool privacy_policy = 17;
bool metadata_user = 18;
bool custom_text_message = 19;
bool custom_text_login = 20;
bool lockout_policy = 21;
bool actions = 22;
ActionsAllowed actions_allowed = 23;
int32 max_actions = 24;
}
message FeatureTier {
string name = 1;
string description = 2;
FeaturesState state = 3;
string status_info = 4;
}
enum FeaturesState {
FEATURES_STATE_ACTIVE = 0;
FEATURES_STATE_ACTION_REQUIRED = 1;
FEATURES_STATE_CANCELED = 2;
FEATURES_STATE_GRANDFATHERED = 3;
}
enum ActionsAllowed {
ACTIONS_ALLOWED_NOT_ALLOWED = 0;
ACTIONS_ALLOWED_MAX = 1;
ACTIONS_ALLOWED_UNLIMITED = 2;
}

73
proto/zitadel/management.proto
View File

@@ -13,7 +13,6 @@ import "zitadel/text.proto";
import "zitadel/message.proto";
import "zitadel/change.proto";
import "zitadel/auth_n_key.proto";
import "zitadel/features.proto";
import "zitadel/metadata.proto";
import "zitadel/action.proto";
@@ -307,7 +306,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "user.write"
feature: "metadata.user"
};
}
@@ -320,7 +318,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "user.write"
feature: "metadata.user"
};
}
@@ -333,7 +330,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "user.read"
feature: "metadata.user"
};
}
@@ -345,7 +341,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "user.read"
feature: "metadata.user"
};
}
@@ -357,7 +352,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "user.write"
feature: "metadata.user"
};
}
@@ -370,7 +364,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "user.write"
feature: "metadata.user"
};
}
@@ -871,7 +864,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "org.write"
feature: "custom_domain"
};
}
@@ -895,7 +887,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "org.write"
feature: "custom_domain"
};
}
@@ -909,7 +900,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "org.write"
feature: "custom_domain"
};
}
@@ -922,7 +912,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "org.write"
feature: "custom_domain"
};
}
@@ -1740,16 +1729,6 @@ service ManagementService {
};
}
rpc GetFeatures(GetFeaturesRequest) returns (GetFeaturesResponse) {
option (google.api.http) = {
get: "/features"
};
option (zitadel.v1.auth_option) = {
permission: "features.read"
};
}
//deprecated: please use DomainPolicy instead
// Returns the domain policy (this policy is managed by the iam administrator)
rpc GetOrgIAMPolicy(GetOrgIAMPolicyRequest) returns (GetOrgIAMPolicyResponse) {
@@ -1806,7 +1785,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "login_policy"
};
}
@@ -1820,7 +1798,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "login_policy"
};
}
@@ -1858,7 +1835,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "login_policy.idp"
};
}
@@ -1870,7 +1846,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "login_policy.idp"
};
}
@@ -1894,7 +1869,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "login_policy.factors"
};
}
@@ -1906,7 +1880,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "login_policy.factors"
};
}
@@ -1930,7 +1903,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "login_policy.factors"
};
}
@@ -1942,7 +1914,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "login_policy.factors"
};
}
@@ -1980,7 +1951,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "password_complexity_policy"
};
}
@@ -1994,7 +1964,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "password_complexity_policy"
};
}
@@ -2154,7 +2123,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "privacy_policy"
};
}
@@ -2169,7 +2137,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "privacy_policy"
};
}
@@ -2218,7 +2185,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.read"
feature: "label_policy"
};
}
@@ -2232,7 +2198,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "label_policy"
};
}
@@ -2246,7 +2211,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "label_policy"
};
}
@@ -2260,7 +2224,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "label_policy"
};
}
@@ -2272,7 +2235,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "label_policy"
};
}
@@ -2284,7 +2246,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "label_policy"
};
}
@@ -2296,7 +2257,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "label_policy"
};
}
@@ -2308,7 +2268,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "label_policy"
};
}
@@ -2320,7 +2279,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "label_policy"
};
}
@@ -2369,7 +2327,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write";
feature: "custom_text.message"
};
}
@@ -2417,7 +2374,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write";
feature: "custom_text.message"
};
}
@@ -2466,7 +2422,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write";
feature: "custom_text.message"
};
}
@@ -2515,7 +2470,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write";
feature: "custom_text.message"
};
}
@@ -2564,7 +2518,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write";
feature: "custom_text.message"
};
}
@@ -2613,7 +2566,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write";
feature: "custom_text.message"
};
}
@@ -2661,7 +2613,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write";
feature: "custom_text.login"
};
}
@@ -2711,7 +2662,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "org.idp.write"
feature: "login_policy.idp"
};
}
@@ -2724,7 +2674,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "org.idp.write"
feature: "login_policy.idp"
};
}
@@ -2739,7 +2688,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "org.idp.write"
feature: "login_policy.idp"
};
}
@@ -2753,7 +2701,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "org.idp.write"
feature: "login_policy.idp"
};
}
@@ -2766,7 +2713,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "org.idp.write"
feature: "login_policy.idp"
};
}
@@ -2779,7 +2725,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "org.idp.write"
feature: "login_policy.idp"
};
}
@@ -2792,7 +2737,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "org.idp.write"
feature: "login_policy.idp"
};
}
@@ -2805,7 +2749,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "org.idp.write"
feature: "login_policy.idp"
};
}
@@ -2817,7 +2760,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "org.action.read"
feature: "actions"
};
}
@@ -2828,7 +2770,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "org.action.read"
feature: "actions"
};
}
@@ -2840,7 +2781,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "org.action.write"
feature: "actions"
};
}
@@ -2852,7 +2792,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "org.action.write"
feature: "actions"
};
}
@@ -2864,7 +2803,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "org.action.write"
feature: "actions"
};
}
@@ -2876,7 +2814,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "org.action.write"
feature: "actions"
};
}
@@ -2888,7 +2825,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "org.action.delete"
feature: "actions"
};
}
@@ -2899,7 +2835,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "org.flow.read"
feature: "actions"
};
}
@@ -2910,7 +2845,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "org.flow.delete"
feature: "actions"
};
}
@@ -2922,7 +2856,6 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "org.flow.write"
feature: "actions"
};
}
}
@@ -4378,12 +4311,6 @@ message BulkRemoveUserGrantRequest {
message BulkRemoveUserGrantResponse {}
message GetFeaturesRequest {}
message GetFeaturesResponse {
zitadel.features.v1.Features features = 1;
}
message GetOrgIAMPolicyRequest {}
message GetOrgIAMPolicyResponse {

1
proto/zitadel/options.proto
View File

@@ -14,5 +14,4 @@ extend google.protobuf.MethodOptions {
message AuthOption {
string permission = 1;
string check_field_name = 2;
string feature = 3;
}

1
proto/zitadel/settings.proto
View File

@@ -3,7 +3,6 @@ syntax = "proto3";
import "zitadel/object.proto";
import "validate/validate.proto";
import "google/protobuf/duration.proto";
import "protoc-gen-openapiv2/options/annotations.proto";
package zitadel.settings.v1;

4
proto/zitadel/system.proto
View File

@@ -3,14 +3,10 @@ syntax = "proto3";
import "zitadel/object.proto";
import "zitadel/options.proto";
import "zitadel/instance.proto";
import "zitadel/text.proto";
import "google/api/annotations.proto";
import "google/protobuf/timestamp.proto";
import "google/protobuf/duration.proto";
import "protoc-gen-openapiv2/options/annotations.proto";
import "validate/validate.proto";
package zitadel.system.v1;