feat: exchange gRPC server implementation to connectRPC (#10145)

# Which Problems Are Solved

The current maintained gRPC server in combination with a REST (grpc)
gateway is getting harder and harder to maintain. Additionally, there
have been and still are issues with supporting / displaying `oneOf`s
correctly.
We therefore decided to exchange the server implementation to
connectRPC, which apart from supporting connect as protocol, also also
"standard" gRCP clients as well as HTTP/1.1 / rest like clients, e.g.
curl directly call the server without any additional gateway.

# How the Problems Are Solved

- All v2 services are moved to connectRPC implementation. (v1 services
are still served as pure grpc servers)
- All gRPC server interceptors were migrated / copied to a corresponding
connectRPC interceptor.
- API.ListGrpcServices and API. ListGrpcMethods were changed to include
the connect services and endpoints.
- gRPC server reflection was changed to a `StaticReflector` using the
`ListGrpcServices` list.
- The `grpc.Server` interfaces was split into different combinations to
be able to handle the different cases (grpc server and prefixed gateway,
connect server with grpc gateway, connect server only, ...)
- Docs of services serving connectRPC only with no additional gateway
(instance, webkey, project, app, org v2 beta) are changed to expose that
- since the plugin is not yet available on buf, we download it using
`postinstall` hook of the docs

# Additional Changes

- WebKey service is added as v2 service (in addition to the current
v2beta)

# Additional Context

closes #9483

---------

Co-authored-by: Elio Bischof <elio@zitadel.com>

docs/.gitignore

@@ -27,3 +27,4 @@ npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 .vercel
+/protoc-gen-connect-openapi*

docs/base.yaml

@@ -0,0 +1,3 @@
+openapi: 3.1.0
+info:
+  version: v2

docs/buf.gen.yaml

@@ -1,11 +1,18 @@
 # buf.gen.yaml
-version: v1
+version: v2
 managed:
   enabled: true
 plugins:
-  - plugin: buf.build/grpc-ecosystem/openapiv2
+  - remote: buf.build/grpc-ecosystem/openapiv2
     out: .artifacts/openapi
     opt:
       - allow_delete_body
       - remove_internal_comments=true
       - preserve_rpc_order=true
+  - local: ./protoc-gen-connect-openapi
+    out: .artifacts/openapi3
+    strategy: all
+    opt:
+      - short-service-tags
+      - ignore-googleapi-http
+      - base=base.yaml

docs/docusaurus.config.js

@@ -337,7 +337,7 @@ module.exports = {
           },
           webkey_v2: {
             specPath:
-              ".artifacts/openapi/zitadel/webkey/v2beta/webkey_service.swagger.json",
+              ".artifacts/openapi3/zitadel/webkey/v2/webkey_service.openapi.yaml",
             outputDir: "docs/apis/resources/webkey_service_v2",
             sidebarOptions: {
               groupPathsBy: "tag",
@@ -373,7 +373,7 @@ module.exports = {
           },
           org_v2beta: {
             specPath:
-              ".artifacts/openapi/zitadel/org/v2beta/org_service.swagger.json",
+              ".artifacts/openapi3/zitadel/org/v2beta/org_service.openapi.yaml",
             outputDir: "docs/apis/resources/org_service_v2beta",
             sidebarOptions: {
               groupPathsBy: "tag",
@@ -382,16 +382,24 @@ module.exports = {
           },
           project_v2beta: {
             specPath:
-              ".artifacts/openapi/zitadel/project/v2beta/project_service.swagger.json",
+              ".artifacts/openapi3/zitadel/project/v2beta/project_service.openapi.yaml",
             outputDir: "docs/apis/resources/project_service_v2",
             sidebarOptions: {
               groupPathsBy: "tag",
               categoryLinkSource: "auto",
             },
           },
+          application_v2: {
+            specPath: ".artifacts/openapi3/zitadel/app/v2beta/app_service.openapi.yaml",
+            outputDir: "docs/apis/resources/application_service_v2",
+            sidebarOptions: {
+              groupPathsBy: "tag",
+              categoryLinkSource: "auto",
+            },
+          },
           instance_v2: {
             specPath:
-              ".artifacts/openapi/zitadel/instance/v2beta/instance_service.swagger.json",
+              ".artifacts/openapi3/zitadel/instance/v2beta/instance_service.openapi.yaml",
             outputDir: "docs/apis/resources/instance_service_v2",
             sidebarOptions: {
               groupPathsBy: "tag",

docs/package.json

@@ -18,7 +18,8 @@
     "generate:apidocs": "docusaurus gen-api-docs all",
     "generate:configdocs": "cp -r ../cmd/defaults.yaml ./docs/self-hosting/manage/configure/ && cp -r ../cmd/setup/steps.yaml ./docs/self-hosting/manage/configure/",
     "generate:re-gen": "yarn generate:clean-all && yarn generate",
-    "generate:clean-all": "docusaurus clean-api-docs all"
+    "generate:clean-all": "docusaurus clean-api-docs all",
+    "postinstall": "sh ./plugin-download.sh"
   },
   "dependencies": {
     "@bufbuild/buf": "^1.14.0",

docs/plugin-download.sh

@@ -0,0 +1,21 @@
+echo $(uname -m)
+
+if [ "$(uname)" = "Darwin" ]; then
+  curl -L -o protoc-gen-connect-openapi.tar.gz https://github.com/sudorandom/protoc-gen-connect-openapi/releases/download/v0.18.0/protoc-gen-connect-openapi_0.18.0_darwin_all.tar.gz
+else
+  ARCH=$(uname -m)
+  case $ARCH in
+    x86_64)
+      ARCH="amd64"
+      ;;
+    aarch64|arm64)
+      ARCH="arm64"
+      ;;
+    *)
+      echo "Unsupported architecture: $ARCH"
+      exit 1
+      ;;
+  esac
+  curl -L -o protoc-gen-connect-openapi.tar.gz https://github.com/sudorandom/protoc-gen-connect-openapi/releases/download/v0.18.0/protoc-gen-connect-openapi_0.18.0_linux_${ARCH}.tar.gz
+fi
+tar -xvf protoc-gen-connect-openapi.tar.gz

docs/sidebars.js

@@ -16,6 +16,7 @@ const sidebar_api_actions_v2 = require("./docs/apis/resources/action_service_v2/
 const sidebar_api_project_service_v2 = require("./docs/apis/resources/project_service_v2/sidebar.ts").default
 const sidebar_api_webkey_service_v2 = require("./docs/apis/resources/webkey_service_v2/sidebar.ts").default
 const sidebar_api_instance_service_v2 = require("./docs/apis/resources/instance_service_v2/sidebar.ts").default
+const sidebar_api_app_v2 = require("./docs/apis/resources/application_service_v2/sidebar.ts").default
 
 module.exports = {
   guides: [
@@ -806,6 +807,18 @@ module.exports = {
               },
               items: sidebar_api_org_service_v2,
             },
+            {
+              type: "category",
+              label: "Organization (Beta)",
+              link: {
+                type: "generated-index",
+                title: "Organization Service beta API",
+                slug: "/apis/resources/org_service/v2beta",
+                description:
+                    "This API is intended to manage organizations for ZITADEL. \n",
+              },
+              items: sidebar_api_org_service_v2beta,
+            },
             {
               type: "category",
               label: "Identity Provider",
@@ -820,19 +833,15 @@ module.exports = {
             },
             {
               type: "category",
-              label: "Web key (Beta)",
+              label: "Web Key",
               link: {
                 type: "generated-index",
-                title: "Web Key Service API (Beta)",
+                title: "Web Key Service API",
                 slug: "/apis/resources/webkey_service_v2",
                 description:
                     "This API is intended to manage web keys for a ZITADEL instance, used to sign and validate OIDC tokens.\n" +
-                    "\n" +
-                    "This service is in beta state. It can AND will continue breaking until a stable version is released.\n"+
                     "\n"+
-                    "The public key endpoint (outside of this service) is used to retrieve the public keys of the active and inactive keys.\n"+
-                    "\n"+
-                    "Please make sure to enable the `web_key` feature flag on your instance to use this service and that you're running ZITADEL V3.",
+                    "The public key endpoint (outside of this service) is used to retrieve the public keys of the active and inactive keys.\n",
               },
               items: sidebar_api_webkey_service_v2
             },
@@ -857,6 +866,54 @@ module.exports = {
               },
               items: sidebar_api_actions_v2,
             },
+            {
+              type: "category",
+              label: "Project (Beta)",
+              link: {
+                type: "generated-index",
+                title: "Project Service API (Beta)",
+                slug: "/apis/resources/project_service_v2",
+                description:
+                    "This API is intended to manage projects and subresources for ZITADEL. \n" +
+                    "\n" +
+                    "This service is in beta state. It can AND will continue breaking until a stable version is released.",
+              },
+              items: sidebar_api_project_service_v2,
+            },
+            {
+              type: "category",
+              label: "Instance (Beta)",
+              link: {
+                type: "generated-index",
+                title: "Instance Service API (Beta)",
+                slug: "/apis/resources/instance_service_v2",
+                description:
+                    "This API is intended to manage instances, custom domains and trusted domains in ZITADEL.\n" +
+                    "\n" +
+                    "This service is in beta state. It can AND will continue breaking until a stable version is released.\n"+
+                    "\n" +
+                    "This v2 of the API provides the same functionalities as the v1, but organised on a per resource basis.\n" +
+                    "The whole functionality related to domains (custom and trusted) has been moved under this instance API."
+                ,
+              },
+              items: sidebar_api_instance_service_v2,
+            },
+            {
+              type: "category",
+              label: "App (Beta)",
+              link: {
+                type: "generated-index",
+                title: "Application Service API (Beta)",
+                slug: "/apis/resources/application_service_v2",
+                description:
+                    "This API lets you manage Zitadel applications (API, SAML, OIDC).\n"+
+                    "\n"+
+                    "The API offers generic endpoints that work for all app types (API, SAML, OIDC), "+
+                    "\n"+
+                    "This API is in beta state. It can AND will continue breaking until a stable version is released.\n"
+              },
+              items: sidebar_api_app_v2,
+            },
           ],
         },
         {

docs/yarn.lock

@@ -6121,6 +6121,11 @@ caniuse-lite@^1.0.30001702, caniuse-lite@^1.0.30001718:
   resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001724.tgz#312e163553dd70d2c0fb603d74810c85d8ed94a0"
   integrity sha512-WqJo7p0TbHDOythNTqYujmaJTvtYRZrjpP8TCvH6Vb9CYJerJNKamKzIWOM4BkQatWj9H2lYulpdAQNBe7QhNA==
 
+caniuse-lite@^1.0.30001716:
+  version "1.0.30001726"
+  resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001726.tgz#a15bd87d5a4bf01f6b6f70ae7c97fdfd28b5ae47"
+  integrity sha512-VQAUIUzBiZ/UnlM28fSp2CRF3ivUn1BWEvxMcVTNwpw91Py1pGbPIyIKtd+tzct9C3ouceCVdGAXxZOpZAsgdw==
+
 ccount@^2.0.0:
   version "2.0.1"
   resolved "https://registry.yarnpkg.com/ccount/-/ccount-2.0.1.tgz#17a3bf82302e0870d6da43a01311a8bc02a3ecf5"
@@ -7503,6 +7508,11 @@ electron-to-chromium@^1.4.796:
   resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.4.803.tgz#cf55808a5ee12e2a2778bbe8cdc941ef87c2093b"
   integrity sha512-61H9mLzGOCLLVsnLiRzCbc63uldP0AniRYPV3hbGVtONA1pI7qSGILdbofR7A8TMbOypDocEAjH/e+9k1QIe3g==
 
+electron-to-chromium@^1.5.149:
+  version "1.5.178"
+  resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.5.178.tgz#6fc4d69eb5275bb13068931448fd822458901fbb"
+  integrity sha512-wObbz/ar3Bc6e4X5vf0iO8xTN8YAjN/tgiAOJLr7yjYFtP9wAjq8Mb5h0yn6kResir+VYx2DXBj9NNobs0ETSA==
+
 electron-to-chromium@^1.5.160:
   version "1.5.172"
   resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.5.172.tgz#fe1d99028d8d6321668d0f1fed61d99ac896259c"