mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 04:57:33 +00:00
feat: exchange gRPC server implementation to connectRPC (#10145)
# Which Problems Are Solved The current maintained gRPC server in combination with a REST (grpc) gateway is getting harder and harder to maintain. Additionally, there have been and still are issues with supporting / displaying `oneOf`s correctly. We therefore decided to exchange the server implementation to connectRPC, which apart from supporting connect as protocol, also also "standard" gRCP clients as well as HTTP/1.1 / rest like clients, e.g. curl directly call the server without any additional gateway. # How the Problems Are Solved - All v2 services are moved to connectRPC implementation. (v1 services are still served as pure grpc servers) - All gRPC server interceptors were migrated / copied to a corresponding connectRPC interceptor. - API.ListGrpcServices and API. ListGrpcMethods were changed to include the connect services and endpoints. - gRPC server reflection was changed to a `StaticReflector` using the `ListGrpcServices` list. - The `grpc.Server` interfaces was split into different combinations to be able to handle the different cases (grpc server and prefixed gateway, connect server with grpc gateway, connect server only, ...) - Docs of services serving connectRPC only with no additional gateway (instance, webkey, project, app, org v2 beta) are changed to expose that - since the plugin is not yet available on buf, we download it using `postinstall` hook of the docs # Additional Changes - WebKey service is added as v2 service (in addition to the current v2beta) # Additional Context closes #9483 --------- Co-authored-by: Elio Bischof <elio@zitadel.com>
This commit is contained in:
Livio Spring
@@ -3,6 +3,7 @@ package saml
|
||||
import (
|
||||
"context"
|
||||
|
||||
"connectrpc.com/connect"
|
||||
"github.com/zitadel/logging"
|
||||
"github.com/zitadel/saml/pkg/provider"
|
||||
"google.golang.org/protobuf/types/known/timestamppb"
|
||||
@@ -16,15 +17,15 @@ import (
|
||||
saml_pb "github.com/zitadel/zitadel/pkg/grpc/saml/v2"
|
||||
)
|
||||
|
||||
func (s *Server) GetSAMLRequest(ctx context.Context, req *saml_pb.GetSAMLRequestRequest) (*saml_pb.GetSAMLRequestResponse, error) {
|
||||
authRequest, err := s.query.SamlRequestByID(ctx, true, req.GetSamlRequestId(), true)
|
||||
func (s *Server) GetSAMLRequest(ctx context.Context, req *connect.Request[saml_pb.GetSAMLRequestRequest]) (*connect.Response[saml_pb.GetSAMLRequestResponse], error) {
|
||||
authRequest, err := s.query.SamlRequestByID(ctx, true, req.Msg.GetSamlRequestId(), true)
|
||||
if err != nil {
|
||||
logging.WithError(err).Error("query samlRequest by ID")
|
||||
return nil, err
|
||||
}
|
||||
return &saml_pb.GetSAMLRequestResponse{
|
||||
return connect.NewResponse(&saml_pb.GetSAMLRequestResponse{
|
||||
SamlRequest: samlRequestToPb(authRequest),
|
||||
}, nil
|
||||
}), nil
|
||||
}
|
||||
|
||||
func samlRequestToPb(a *query.SamlRequest) *saml_pb.SAMLRequest {
|
||||
@@ -34,18 +35,18 @@ func samlRequestToPb(a *query.SamlRequest) *saml_pb.SAMLRequest {
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Server) CreateResponse(ctx context.Context, req *saml_pb.CreateResponseRequest) (*saml_pb.CreateResponseResponse, error) {
|
||||
switch v := req.GetResponseKind().(type) {
|
||||
func (s *Server) CreateResponse(ctx context.Context, req *connect.Request[saml_pb.CreateResponseRequest]) (*connect.Response[saml_pb.CreateResponseResponse], error) {
|
||||
switch v := req.Msg.GetResponseKind().(type) {
|
||||
case *saml_pb.CreateResponseRequest_Error:
|
||||
return s.failSAMLRequest(ctx, req.GetSamlRequestId(), v.Error)
|
||||
return s.failSAMLRequest(ctx, req.Msg.GetSamlRequestId(), v.Error)
|
||||
case *saml_pb.CreateResponseRequest_Session:
|
||||
return s.linkSessionToSAMLRequest(ctx, req.GetSamlRequestId(), v.Session)
|
||||
return s.linkSessionToSAMLRequest(ctx, req.Msg.GetSamlRequestId(), v.Session)
|
||||
default:
|
||||
return nil, zerrors.ThrowUnimplementedf(nil, "SAMLv2-0Tfak3fBS0", "verification oneOf %T in method CreateResponse not implemented", v)
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Server) failSAMLRequest(ctx context.Context, samlRequestID string, ae *saml_pb.AuthorizationError) (*saml_pb.CreateResponseResponse, error) {
|
||||
func (s *Server) failSAMLRequest(ctx context.Context, samlRequestID string, ae *saml_pb.AuthorizationError) (*connect.Response[saml_pb.CreateResponseResponse], error) {
|
||||
details, aar, err := s.command.FailSAMLRequest(ctx, samlRequestID, errorReasonToDomain(ae.GetError()))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -55,7 +56,7 @@ func (s *Server) failSAMLRequest(ctx context.Context, samlRequestID string, ae *
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return createCallbackResponseFromBinding(details, url, body, authReq.RelayState), nil
|
||||
return connect.NewResponse(createCallbackResponseFromBinding(details, url, body, authReq.RelayState)), nil
|
||||
}
|
||||
|
||||
func (s *Server) checkPermission(ctx context.Context, issuer string, userID string) error {
|
||||
@@ -72,7 +73,7 @@ func (s *Server) checkPermission(ctx context.Context, issuer string, userID stri
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *Server) linkSessionToSAMLRequest(ctx context.Context, samlRequestID string, session *saml_pb.Session) (*saml_pb.CreateResponseResponse, error) {
|
||||
func (s *Server) linkSessionToSAMLRequest(ctx context.Context, samlRequestID string, session *saml_pb.Session) (*connect.Response[saml_pb.CreateResponseResponse], error) {
|
||||
details, aar, err := s.command.LinkSessionToSAMLRequest(ctx, samlRequestID, session.GetSessionId(), session.GetSessionToken(), true, s.checkPermission)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -87,7 +88,7 @@ func (s *Server) linkSessionToSAMLRequest(ctx context.Context, samlRequestID str
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return createCallbackResponseFromBinding(details, url, body, authReq.RelayState), nil
|
||||
return connect.NewResponse(createCallbackResponseFromBinding(details, url, body, authReq.RelayState)), nil
|
||||
}
|
||||
|
||||
func createCallbackResponseFromBinding(details *domain.ObjectDetails, url string, body string, relayState string) *saml_pb.CreateResponseResponse {
|
||||
|
||||
@@ -1,7 +1,10 @@
|
||||
package saml
|
||||
|
||||
import (
|
||||
"google.golang.org/grpc"
|
||||
"net/http"
|
||||
|
||||
"connectrpc.com/connect"
|
||||
"google.golang.org/protobuf/reflect/protoreflect"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/api/authz"
|
||||
"github.com/zitadel/zitadel/internal/api/grpc/server"
|
||||
@@ -9,9 +12,10 @@ import (
|
||||
"github.com/zitadel/zitadel/internal/command"
|
||||
"github.com/zitadel/zitadel/internal/query"
|
||||
saml_pb "github.com/zitadel/zitadel/pkg/grpc/saml/v2"
|
||||
"github.com/zitadel/zitadel/pkg/grpc/saml/v2/samlconnect"
|
||||
)
|
||||
|
||||
var _ saml_pb.SAMLServiceServer = (*Server)(nil)
|
||||
var _ samlconnect.SAMLServiceHandler = (*Server)(nil)
|
||||
|
||||
type Server struct {
|
||||
saml_pb.UnimplementedSAMLServiceServer
|
||||
@@ -38,8 +42,12 @@ func CreateServer(
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Server) RegisterServer(grpcServer *grpc.Server) {
|
||||
saml_pb.RegisterSAMLServiceServer(grpcServer, s)
|
||||
func (s *Server) RegisterConnectServer(interceptors ...connect.Interceptor) (string, http.Handler) {
|
||||
return samlconnect.NewSAMLServiceHandler(s, connect.WithInterceptors(interceptors...))
|
||||
}
|
||||
|
||||
func (s *Server) FileDescriptor() protoreflect.FileDescriptor {
|
||||
return saml_pb.File_zitadel_saml_v2_saml_service_proto
|
||||
}
|
||||
|
||||
func (s *Server) AppName() string {
|
||||
|
||||
Reference in New Issue
Block a user