fix: rename iam to instance (#3345)

* fix: rename iam command side to instance

* fix: rename iam command side to instance

* fix: rename iam command side to instance

* fix: rename iam command side to instance

* fix: rename orgiampolicy to domain policy

* fix: merge conflicts

* fix: protos

* fix: md files

* implement deprecated org iam policy again

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

internal/api/grpc/admin/custom_text.go

@@ -46,7 +46,7 @@ func (s *Server) SetDefaultInitMessageText(ctx context.Context, req *admin_pb.Se
 }
 
 func (s *Server) ResetCustomInitMessageTextToDefault(ctx context.Context, req *admin_pb.ResetCustomInitMessageTextToDefaultRequest) (*admin_pb.ResetCustomInitMessageTextToDefaultResponse, error) {
-	result, err := s.command.RemoveIAMMessageTexts(ctx, domain.InitCodeMessageType, language.Make(req.Language))
+	result, err := s.command.RemoveInstanceMessageTexts(ctx, domain.InitCodeMessageType, language.Make(req.Language))
 	if err != nil {
 		return nil, err
 	}
@@ -94,7 +94,7 @@ func (s *Server) SetDefaultPasswordResetMessageText(ctx context.Context, req *ad
 }
 
 func (s *Server) ResetCustomPasswordResetMessageTextToDefault(ctx context.Context, req *admin_pb.ResetCustomPasswordResetMessageTextToDefaultRequest) (*admin_pb.ResetCustomPasswordResetMessageTextToDefaultResponse, error) {
-	result, err := s.command.RemoveIAMMessageTexts(ctx, domain.PasswordResetMessageType, language.Make(req.Language))
+	result, err := s.command.RemoveInstanceMessageTexts(ctx, domain.PasswordResetMessageType, language.Make(req.Language))
 	if err != nil {
 		return nil, err
 	}
@@ -142,7 +142,7 @@ func (s *Server) SetDefaultVerifyEmailMessageText(ctx context.Context, req *admi
 }
 
 func (s *Server) ResetCustomVerifyEmailMessageTextToDefault(ctx context.Context, req *admin_pb.ResetCustomVerifyEmailMessageTextToDefaultRequest) (*admin_pb.ResetCustomVerifyEmailMessageTextToDefaultResponse, error) {
-	result, err := s.command.RemoveIAMMessageTexts(ctx, domain.VerifyEmailMessageType, language.Make(req.Language))
+	result, err := s.command.RemoveInstanceMessageTexts(ctx, domain.VerifyEmailMessageType, language.Make(req.Language))
 	if err != nil {
 		return nil, err
 	}
@@ -190,7 +190,7 @@ func (s *Server) SetDefaultVerifyPhoneMessageText(ctx context.Context, req *admi
 }
 
 func (s *Server) ResetCustomVerifyPhoneMessageTextToDefault(ctx context.Context, req *admin_pb.ResetCustomVerifyPhoneMessageTextToDefaultRequest) (*admin_pb.ResetCustomVerifyPhoneMessageTextToDefaultResponse, error) {
-	result, err := s.command.RemoveIAMMessageTexts(ctx, domain.VerifyPhoneMessageType, language.Make(req.Language))
+	result, err := s.command.RemoveInstanceMessageTexts(ctx, domain.VerifyPhoneMessageType, language.Make(req.Language))
 	if err != nil {
 		return nil, err
 	}
@@ -238,7 +238,7 @@ func (s *Server) SetDefaultDomainClaimedMessageText(ctx context.Context, req *ad
 }
 
 func (s *Server) ResetCustomDomainClaimedMessageTextToDefault(ctx context.Context, req *admin_pb.ResetCustomDomainClaimedMessageTextToDefaultRequest) (*admin_pb.ResetCustomDomainClaimedMessageTextToDefaultResponse, error) {
-	result, err := s.command.RemoveIAMMessageTexts(ctx, domain.DomainClaimedMessageType, language.Make(req.Language))
+	result, err := s.command.RemoveInstanceMessageTexts(ctx, domain.DomainClaimedMessageType, language.Make(req.Language))
 	if err != nil {
 		return nil, err
 	}
@@ -286,7 +286,7 @@ func (s *Server) SetDefaultPasswordlessRegistrationMessageText(ctx context.Conte
 }
 
 func (s *Server) ResetCustomPasswordlessRegistrationMessageTextToDefault(ctx context.Context, req *admin_pb.ResetCustomPasswordlessRegistrationMessageTextToDefaultRequest) (*admin_pb.ResetCustomPasswordlessRegistrationMessageTextToDefaultResponse, error) {
-	result, err := s.command.RemoveIAMMessageTexts(ctx, domain.PasswordlessRegistrationMessageType, language.Make(req.Language))
+	result, err := s.command.RemoveInstanceMessageTexts(ctx, domain.PasswordlessRegistrationMessageType, language.Make(req.Language))
 	if err != nil {
 		return nil, err
 	}
@@ -319,7 +319,7 @@ func (s *Server) GetCustomLoginTexts(ctx context.Context, req *admin_pb.GetCusto
 }
 
 func (s *Server) SetCustomLoginText(ctx context.Context, req *admin_pb.SetCustomLoginTextsRequest) (*admin_pb.SetCustomLoginTextsResponse, error) {
-	result, err := s.command.SetCustomIAMLoginText(ctx, SetLoginTextToDomain(req))
+	result, err := s.command.SetCustomInstanceLoginText(ctx, SetLoginTextToDomain(req))
 	if err != nil {
 		return nil, err
 	}
@@ -333,7 +333,7 @@ func (s *Server) SetCustomLoginText(ctx context.Context, req *admin_pb.SetCustom
 }
 
 func (s *Server) ResetCustomLoginTextToDefault(ctx context.Context, req *admin_pb.ResetCustomLoginTextsToDefaultRequest) (*admin_pb.ResetCustomLoginTextsToDefaultResponse, error) {
-	result, err := s.command.RemoveCustomIAMLoginTexts(ctx, language.Make(req.Language))
+	result, err := s.command.RemoveCustomInstanceLoginTexts(ctx, language.Make(req.Language))
 	if err != nil {
 		return nil, err
 	}

internal/api/grpc/admin/domain_policy.go

@@ -0,0 +1,174 @@
+package admin
+
+import (
+	"context"
+
+	"github.com/caos/zitadel/internal/api/grpc/object"
+	policy_grpc "github.com/caos/zitadel/internal/api/grpc/policy"
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/eventstore/v1/models"
+	admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
+)
+
+func (s *Server) GetDomainPolicy(ctx context.Context, _ *admin_pb.GetDomainPolicyRequest) (*admin_pb.GetDomainPolicyResponse, error) {
+	policy, err := s.query.DefaultDomainPolicy(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.GetDomainPolicyResponse{Policy: policy_grpc.DomainPolicyToPb(policy)}, nil
+}
+
+func (s *Server) GetCustomDomainPolicy(ctx context.Context, req *admin_pb.GetCustomDomainPolicyRequest) (*admin_pb.GetCustomDomainPolicyResponse, error) {
+	policy, err := s.query.DomainPolicyByOrg(ctx, req.OrgId)
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.GetCustomDomainPolicyResponse{Policy: policy_grpc.DomainPolicyToPb(policy)}, nil
+}
+
+func (s *Server) AddCustomOrgIAMPolicy(ctx context.Context, req *admin_pb.AddCustomOrgIAMPolicyRequest) (*admin_pb.AddCustomOrgIAMPolicyResponse, error) {
+	policy, err := s.command.AddOrgDomainPolicy(ctx, req.OrgId, domainPolicyToDomain(req.UserLoginMustBeDomain))
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.AddCustomOrgIAMPolicyResponse{
+		Details: object.AddToDetailsPb(
+			policy.Sequence,
+			policy.ChangeDate,
+			policy.ResourceOwner,
+		),
+	}, nil
+}
+
+func (s *Server) UpdateOrgIAMPolicy(ctx context.Context, req *admin_pb.UpdateOrgIAMPolicyRequest) (*admin_pb.UpdateOrgIAMPolicyResponse, error) {
+	config, err := s.command.ChangeDefaultDomainPolicy(ctx, updateOrgIAMPolicyToDomain(req))
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.UpdateOrgIAMPolicyResponse{
+		Details: object.ChangeToDetailsPb(
+			config.Sequence,
+			config.ChangeDate,
+			config.ResourceOwner,
+		),
+	}, nil
+}
+
+func (s *Server) UpdateCustomOrgIAMPolicy(ctx context.Context, req *admin_pb.UpdateCustomOrgIAMPolicyRequest) (*admin_pb.UpdateCustomOrgIAMPolicyResponse, error) {
+	config, err := s.command.ChangeOrgDomainPolicy(ctx, req.OrgId, updateCustomOrgIAMPolicyToDomain(req))
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.UpdateCustomOrgIAMPolicyResponse{
+		Details: object.ChangeToDetailsPb(
+			config.Sequence,
+			config.ChangeDate,
+			config.ResourceOwner,
+		),
+	}, nil
+}
+
+func (s *Server) GetOrgIAMPolicy(ctx context.Context, _ *admin_pb.GetOrgIAMPolicyRequest) (*admin_pb.GetOrgIAMPolicyResponse, error) {
+	policy, err := s.query.DefaultDomainPolicy(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.GetOrgIAMPolicyResponse{Policy: policy_grpc.DomainPolicyToOrgIAMPb(policy)}, nil
+}
+
+func (s *Server) GetCustomOrgIAMPolicy(ctx context.Context, req *admin_pb.GetCustomOrgIAMPolicyRequest) (*admin_pb.GetCustomOrgIAMPolicyResponse, error) {
+	policy, err := s.query.DomainPolicyByOrg(ctx, req.OrgId)
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.GetCustomOrgIAMPolicyResponse{Policy: policy_grpc.DomainPolicyToOrgIAMPb(policy)}, nil
+}
+
+func (s *Server) AddCustomDomainPolicy(ctx context.Context, req *admin_pb.AddCustomDomainPolicyRequest) (*admin_pb.AddCustomDomainPolicyResponse, error) {
+	policy, err := s.command.AddOrgDomainPolicy(ctx, req.OrgId, domainPolicyToDomain(req.UserLoginMustBeDomain))
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.AddCustomDomainPolicyResponse{
+		Details: object.AddToDetailsPb(
+			policy.Sequence,
+			policy.ChangeDate,
+			policy.ResourceOwner,
+		),
+	}, nil
+}
+
+func (s *Server) UpdateDomainPolicy(ctx context.Context, req *admin_pb.UpdateDomainPolicyRequest) (*admin_pb.UpdateDomainPolicyResponse, error) {
+	config, err := s.command.ChangeDefaultDomainPolicy(ctx, updateDomainPolicyToDomain(req))
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.UpdateDomainPolicyResponse{
+		Details: object.ChangeToDetailsPb(
+			config.Sequence,
+			config.ChangeDate,
+			config.ResourceOwner,
+		),
+	}, nil
+}
+
+func (s *Server) UpdateCustomDomainPolicy(ctx context.Context, req *admin_pb.UpdateCustomDomainPolicyRequest) (*admin_pb.UpdateCustomDomainPolicyResponse, error) {
+	config, err := s.command.ChangeOrgDomainPolicy(ctx, req.OrgId, updateCustomDomainPolicyToDomain(req))
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.UpdateCustomDomainPolicyResponse{
+		Details: object.ChangeToDetailsPb(
+			config.Sequence,
+			config.ChangeDate,
+			config.ResourceOwner,
+		),
+	}, nil
+}
+
+func (s *Server) ResetCustomDomainPolicyTo(ctx context.Context, req *admin_pb.ResetCustomDomainPolicyToDefaultRequest) (*admin_pb.ResetCustomDomainPolicyToDefaultResponse, error) {
+	err := s.command.RemoveOrgDomainPolicy(ctx, req.OrgId)
+	if err != nil {
+		return nil, err
+	}
+	return nil, nil //TOOD: return data
+}
+
+func domainPolicyToDomain(userLoginMustBeDomain bool) *domain.DomainPolicy {
+	return &domain.DomainPolicy{
+		UserLoginMustBeDomain: userLoginMustBeDomain,
+	}
+}
+
+func updateDomainPolicyToDomain(req *admin_pb.UpdateDomainPolicyRequest) *domain.DomainPolicy {
+	return &domain.DomainPolicy{
+		// ObjectRoot: models.ObjectRoot{
+		// 	// AggreagateID: //TODO: there should only be ONE default
+		// },
+		UserLoginMustBeDomain: req.UserLoginMustBeDomain,
+	}
+}
+
+func updateCustomDomainPolicyToDomain(req *admin_pb.UpdateCustomDomainPolicyRequest) *domain.DomainPolicy {
+	return &domain.DomainPolicy{
+		ObjectRoot: models.ObjectRoot{
+			AggregateID: req.OrgId,
+		},
+		UserLoginMustBeDomain: req.UserLoginMustBeDomain,
+	}
+}
+
+func updateOrgIAMPolicyToDomain(req *admin_pb.UpdateOrgIAMPolicyRequest) *domain.DomainPolicy {
+	return &domain.DomainPolicy{
+		UserLoginMustBeDomain: req.UserLoginMustBeDomain,
+	}
+}
+
+func updateCustomOrgIAMPolicyToDomain(req *admin_pb.UpdateCustomOrgIAMPolicyRequest) *domain.DomainPolicy {
+	return &domain.DomainPolicy{
+		ObjectRoot: models.ObjectRoot{
+			AggregateID: req.OrgId,
+		},
+		UserLoginMustBeDomain: req.UserLoginMustBeDomain,
+	}
+}

internal/api/grpc/admin/iam_member.go

@@ -34,7 +34,7 @@ func (s *Server) ListIAMMembers(ctx context.Context, req *admin_pb.ListIAMMember
 }
 
 func (s *Server) AddIAMMember(ctx context.Context, req *admin_pb.AddIAMMemberRequest) (*admin_pb.AddIAMMemberResponse, error) {
-	member, err := s.command.AddIAMMember(ctx, AddIAMMemberToDomain(req))
+	member, err := s.command.AddInstanceMember(ctx, AddIAMMemberToDomain(req))
 	if err != nil {
 		return nil, err
 	}
@@ -48,7 +48,7 @@ func (s *Server) AddIAMMember(ctx context.Context, req *admin_pb.AddIAMMemberReq
 }
 
 func (s *Server) UpdateIAMMember(ctx context.Context, req *admin_pb.UpdateIAMMemberRequest) (*admin_pb.UpdateIAMMemberResponse, error) {
-	member, err := s.command.ChangeIAMMember(ctx, UpdateIAMMemberToDomain(req))
+	member, err := s.command.ChangeInstanceMember(ctx, UpdateIAMMemberToDomain(req))
 	if err != nil {
 		return nil, err
 	}
@@ -62,7 +62,7 @@ func (s *Server) UpdateIAMMember(ctx context.Context, req *admin_pb.UpdateIAMMem
 }
 
 func (s *Server) RemoveIAMMember(ctx context.Context, req *admin_pb.RemoveIAMMemberRequest) (*admin_pb.RemoveIAMMemberResponse, error) {
-	objectDetails, err := s.command.RemoveIAMMember(ctx, req.UserId)
+	objectDetails, err := s.command.RemoveInstanceMember(ctx, req.UserId)
 	if err != nil {
 		return nil, err
 	}

internal/api/grpc/admin/org_iam_policy.go

@@ -1,101 +0,0 @@
-package admin
-
-import (
-	"context"
-
-	"github.com/caos/zitadel/internal/api/grpc/object"
-	policy_grpc "github.com/caos/zitadel/internal/api/grpc/policy"
-	"github.com/caos/zitadel/internal/domain"
-	"github.com/caos/zitadel/internal/eventstore/v1/models"
-	admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
-)
-
-func (s *Server) GetOrgIAMPolicy(ctx context.Context, _ *admin_pb.GetOrgIAMPolicyRequest) (*admin_pb.GetOrgIAMPolicyResponse, error) {
-	policy, err := s.query.DefaultOrgIAMPolicy(ctx)
-	if err != nil {
-		return nil, err
-	}
-	return &admin_pb.GetOrgIAMPolicyResponse{Policy: policy_grpc.OrgIAMPolicyToPb(policy)}, nil
-}
-
-func (s *Server) GetCustomOrgIAMPolicy(ctx context.Context, req *admin_pb.GetCustomOrgIAMPolicyRequest) (*admin_pb.GetCustomOrgIAMPolicyResponse, error) {
-	policy, err := s.query.OrgIAMPolicyByOrg(ctx, req.OrgId)
-	if err != nil {
-		return nil, err
-	}
-	return &admin_pb.GetCustomOrgIAMPolicyResponse{Policy: policy_grpc.OrgIAMPolicyToPb(policy)}, nil
-}
-
-func (s *Server) AddCustomOrgIAMPolicy(ctx context.Context, req *admin_pb.AddCustomOrgIAMPolicyRequest) (*admin_pb.AddCustomOrgIAMPolicyResponse, error) {
-	policy, err := s.command.AddOrgIAMPolicy(ctx, req.OrgId, toDomainOrgIAMPolicy(req.UserLoginMustBeDomain))
-	if err != nil {
-		return nil, err
-	}
-	return &admin_pb.AddCustomOrgIAMPolicyResponse{
-		Details: object.AddToDetailsPb(
-			policy.Sequence,
-			policy.ChangeDate,
-			policy.ResourceOwner,
-		),
-	}, nil
-}
-
-func (s *Server) UpdateOrgIAMPolicy(ctx context.Context, req *admin_pb.UpdateOrgIAMPolicyRequest) (*admin_pb.UpdateOrgIAMPolicyResponse, error) {
-	config, err := s.command.ChangeDefaultOrgIAMPolicy(ctx, updateOrgIAMPolicyToDomain(req))
-	if err != nil {
-		return nil, err
-	}
-	return &admin_pb.UpdateOrgIAMPolicyResponse{
-		Details: object.ChangeToDetailsPb(
-			config.Sequence,
-			config.ChangeDate,
-			config.ResourceOwner,
-		),
-	}, nil
-}
-
-func (s *Server) UpdateCustomOrgIAMPolicy(ctx context.Context, req *admin_pb.UpdateCustomOrgIAMPolicyRequest) (*admin_pb.UpdateCustomOrgIAMPolicyResponse, error) {
-	config, err := s.command.ChangeOrgIAMPolicy(ctx, req.OrgId, updateCustomOrgIAMPolicyToDomain(req))
-	if err != nil {
-		return nil, err
-	}
-	return &admin_pb.UpdateCustomOrgIAMPolicyResponse{
-		Details: object.ChangeToDetailsPb(
-			config.Sequence,
-			config.ChangeDate,
-			config.ResourceOwner,
-		),
-	}, nil
-}
-
-func (s *Server) ResetCustomOrgIAMPolicyTo(ctx context.Context, req *admin_pb.ResetCustomOrgIAMPolicyToDefaultRequest) (*admin_pb.ResetCustomOrgIAMPolicyToDefaultResponse, error) {
-	err := s.command.RemoveOrgIAMPolicy(ctx, req.OrgId)
-	if err != nil {
-		return nil, err
-	}
-	return nil, nil //TOOD: return data
-}
-
-func toDomainOrgIAMPolicy(userLoginMustBeDomain bool) *domain.OrgIAMPolicy {
-	return &domain.OrgIAMPolicy{
-		UserLoginMustBeDomain: userLoginMustBeDomain,
-	}
-}
-
-func updateOrgIAMPolicyToDomain(req *admin_pb.UpdateOrgIAMPolicyRequest) *domain.OrgIAMPolicy {
-	return &domain.OrgIAMPolicy{
-		// ObjectRoot: models.ObjectRoot{
-		// 	// AggreagateID: //TODO: there should only be ONE default
-		// },
-		UserLoginMustBeDomain: req.UserLoginMustBeDomain,
-	}
-}
-
-func updateCustomOrgIAMPolicyToDomain(req *admin_pb.UpdateCustomOrgIAMPolicyRequest) *domain.OrgIAMPolicy {
-	return &domain.OrgIAMPolicy{
-		ObjectRoot: models.ObjectRoot{
-			AggregateID: req.OrgId,
-		},
-		UserLoginMustBeDomain: req.UserLoginMustBeDomain,
-	}
-}

internal/api/grpc/auth/user.go

@@ -152,7 +152,7 @@ func (s *Server) ListMyProjectOrgs(ctx context.Context, req *auth_pb.ListMyProje
 		return nil, err
 	}
 
-	iam, err := s.query.IAM(ctx)
+	iam, err := s.query.Instance(ctx)
 	if err != nil {
 		return nil, err
 	}

internal/api/grpc/management/iam.go

@@ -7,7 +7,7 @@ import (
 )
 
 func (s *Server) GetIAM(ctx context.Context, _ *mgmt_pb.GetIAMRequest) (*mgmt_pb.GetIAMResponse, error) {
-	iam, err := s.query.IAM(ctx)
+	iam, err := s.query.Instance(ctx)
 	if err != nil {
 		return nil, err
 	}

internal/api/grpc/management/org.go

@@ -102,13 +102,13 @@ func (s *Server) ReactivateOrg(ctx context.Context, req *mgmt_pb.ReactivateOrgRe
 	}, err
 }
 
-func (s *Server) GetOrgIAMPolicy(ctx context.Context, req *mgmt_pb.GetOrgIAMPolicyRequest) (*mgmt_pb.GetOrgIAMPolicyResponse, error) {
-	policy, err := s.query.OrgIAMPolicyByOrg(ctx, authz.GetCtxData(ctx).OrgID)
+func (s *Server) GetDomainPolicy(ctx context.Context, req *mgmt_pb.GetDomainPolicyRequest) (*mgmt_pb.GetDomainPolicyResponse, error) {
+	policy, err := s.query.DomainPolicyByOrg(ctx, authz.GetCtxData(ctx).OrgID)
 	if err != nil {
 		return nil, err
 	}
-	return &mgmt_pb.GetOrgIAMPolicyResponse{
-		Policy: policy_grpc.OrgIAMPolicyToPb(policy),
+	return &mgmt_pb.GetDomainPolicyResponse{
+		Policy: policy_grpc.DomainPolicyToPb(policy),
 	}, nil
 }
 
@@ -207,7 +207,7 @@ func (s *Server) SetPrimaryOrgDomain(ctx context.Context, req *mgmt_pb.SetPrimar
 }
 
 func (s *Server) ListOrgMemberRoles(ctx context.Context, _ *mgmt_pb.ListOrgMemberRolesRequest) (*mgmt_pb.ListOrgMemberRolesResponse, error) {
-	iam, err := s.query.IAM(ctx)
+	iam, err := s.query.Instance(ctx)
 	if err != nil {
 		return nil, err
 	}

internal/api/grpc/management/user.go

@@ -90,7 +90,7 @@ func (s *Server) ListUserChanges(ctx context.Context, req *mgmt_pb.ListUserChang
 
 func (s *Server) IsUserUnique(ctx context.Context, req *mgmt_pb.IsUserUniqueRequest) (*mgmt_pb.IsUserUniqueResponse, error) {
 	orgID := authz.GetCtxData(ctx).OrgID
-	policy, err := s.query.OrgIAMPolicyByOrg(ctx, orgID)
+	policy, err := s.query.DomainPolicyByOrg(ctx, orgID)
 	if err != nil {
 		return nil, err
 	}

internal/api/grpc/policy/domain_policy.go

@@ -6,7 +6,20 @@ import (
 	policy_pb "github.com/caos/zitadel/pkg/grpc/policy"
 )
 
-func OrgIAMPolicyToPb(policy *query.OrgIAMPolicy) *policy_pb.OrgIAMPolicy {
+func DomainPolicyToPb(policy *query.DomainPolicy) *policy_pb.DomainPolicy {
+	return &policy_pb.DomainPolicy{
+		UserLoginMustBeDomain: policy.UserLoginMustBeDomain,
+		IsDefault:             policy.IsDefault,
+		Details: object.ToViewDetailsPb(
+			policy.Sequence,
+			policy.CreationDate,
+			policy.ChangeDate,
+			policy.ResourceOwner,
+		),
+	}
+}
+
+func DomainPolicyToOrgIAMPb(policy *query.DomainPolicy) *policy_pb.OrgIAMPolicy {
 	return &policy_pb.OrgIAMPolicy{
 		UserLoginMustBeDomain: policy.UserLoginMustBeDomain,
 		IsDefault:             policy.IsDefault,