TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 04:07:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: features (#1427)

Browse Source 
* features

* features

* features

* fix json tags

* add features handler to auth

* mocks for tests

* add setup step

* fixes

* add featurelist to auth api

* grandfather state and typos

* typo

* merge new-eventstore

* fix login policy tests

* label policy in features

* audit log retention
This commit is contained in:
Livio Amstutz
2021-03-25 17:26:21 +01:00
committed by GitHub
parent c9b3839f3d
commit a4763b1e4c
97 changed files with 3335 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

138
proto/zitadel/admin.proto
View File

@@ -7,9 +7,11 @@ import "zitadel/options.proto";
import "zitadel/org.proto";
import "zitadel/policy.proto";
import "zitadel/member.proto";
import "zitadel/features.proto";
import "google/api/annotations.proto";
import "google/protobuf/timestamp.proto";
import "google/protobuf/duration.proto";
import "protoc-gen-openapiv2/options/annotations.proto";
@@ -44,7 +46,7 @@ service AdminService {
get: "/healthz"
};
}
rpc IsOrgUnique(IsOrgUniqueRequest) returns (IsOrgUniqueResponse) {
option (google.api.http) = {
get: "/orgs/_is_unique"
@@ -171,6 +173,58 @@ service AdminService {
};
}
rpc GetDefaultFeatures(GetDefaultFeaturesRequest) returns (GetDefaultFeaturesResponse) {
option(google.api.http) = {
get: "/features"
};
option (zitadel.v1.auth_option) = {
permission: "iam.features.read"
};
}
rpc SetDefaultFeatures(SetDefaultFeaturesRequest) returns (SetDefaultFeaturesResponse) {
option(google.api.http) = {
put: "/features"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.features.write"
};
}
rpc GetOrgFeatures(GetOrgFeaturesRequest) returns (GetOrgFeaturesResponse) {
option(google.api.http) = {
get: "/orgs/{org_id}/features"
};
option (zitadel.v1.auth_option) = {
permission: "iam.features.read"
};
}
rpc SetOrgFeatures(SetOrgFeaturesRequest) returns (SetOrgFeaturesResponse) {
option(google.api.http) = {
put: "/orgs/{org_id}/features"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.features.write"
};
}
rpc ResetOrgFeatures(ResetOrgFeaturesRequest) returns (ResetOrgFeaturesResponse) {
option(google.api.http) = {
delete: "/orgs/{org_id}/features"
};
option (zitadel.v1.auth_option) = {
permission: "iam.features.write"
};
}
rpc GetOrgIAMPolicy(GetOrgIAMPolicyRequest) returns (GetOrgIAMPolicyResponse) {
option (google.api.http) = {
get: "/policies/orgiam"
@@ -259,18 +313,18 @@ service AdminService {
option (google.api.http) = {
get: "/policies/login"
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read"
};
}
rpc UpdateLoginPolicy(UpdateLoginPolicyRequest) returns (UpdateLoginPolicyResponse) {
option (google.api.http) = {
put: "/policies/login"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write"
};
@@ -395,18 +449,18 @@ service AdminService {
option (google.api.http) = {
get: "/policies/password/age"
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read"
};
}
rpc UpdatePasswordAgePolicy(UpdatePasswordAgePolicyRequest) returns (UpdatePasswordAgePolicyResponse) {
option (google.api.http) = {
put: "/policies/password/age"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write"
};
@@ -416,18 +470,18 @@ service AdminService {
option (google.api.http) = {
get: "/policies/password/lockout"
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read"
};
}
rpc UpdatePasswordLockoutPolicy(UpdatePasswordLockoutPolicyRequest) returns (UpdatePasswordLockoutPolicyResponse) {
option (google.api.http) = {
put: "/policies/password/lockout"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write"
};
@@ -583,9 +637,9 @@ message SetUpOrgRequest {
string phone = 1 [(validate.rules).string = {min_len: 1, max_len: 50, prefix: "+"}];
bool is_phone_verified = 2;
}
string user_name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
Profile profile = 2 [(validate.rules).message.required = true];
Email email = 3 [(validate.rules).message.required = true];
Phone phone = 4;
@@ -697,6 +751,66 @@ message UpdateIDPOIDCConfigResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetDefaultFeaturesRequest {}
message GetDefaultFeaturesResponse {
zitadel.features.v1.Features features = 1;
}
message SetDefaultFeaturesRequest {
string tier_name = 1 [(validate.rules).string = {max_len: 200}];
string description = 2 [(validate.rules).string = {max_len: 200}];
google.protobuf.Duration audit_log_retention = 5 [(validate.rules).duration = {gte: {seconds: 0}}];
bool login_policy_username_login = 6;
bool login_policy_registration = 7;
bool login_policy_idp = 8;
bool login_policy_factors = 9;
bool login_policy_passwordless = 10;
bool password_complexity_policy = 11;
bool label_policy = 12;
}
message SetDefaultFeaturesResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetOrgFeaturesRequest {
string org_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetOrgFeaturesResponse {
zitadel.features.v1.Features features = 1;
}
message SetOrgFeaturesRequest {
string org_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string tier_name = 2 [(validate.rules).string = {max_len: 200}];
string description = 3 [(validate.rules).string = {max_len: 200}];
zitadel.features.v1.FeaturesState state = 4;
string state_description = 5 [(validate.rules).string = {max_len: 200}];
google.protobuf.Duration audit_log_retention = 6 [(validate.rules).duration = {gte: {seconds: 0}}];
bool login_policy_username_login = 7;
bool login_policy_registration = 8;
bool login_policy_idp = 9;
bool login_policy_factors = 10;
bool login_policy_passwordless = 11;
bool password_complexity_policy = 12;
bool label_policy = 13;
}
message SetOrgFeaturesResponse {
zitadel.v1.ObjectDetails details = 1;
}
message ResetOrgFeaturesRequest {
string org_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message ResetOrgFeaturesResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetOrgIAMPolicyRequest {}
message GetOrgIAMPolicyResponse {

16
proto/zitadel/auth.proto
View File

@@ -375,6 +375,16 @@ service AuthService {
};
}
rpc ListMyZitadelFeatures(ListMyZitadelFeaturesRequest) returns (ListMyZitadelFeaturesResponse) {
option (google.api.http) = {
post: "/features/zitadel/me/_search"
};
option (zitadel.v1.auth_option) = {
permission: "authenticated"
};
}
rpc ListMyZitadelPermissions(ListMyZitadelPermissionsRequest) returns (ListMyZitadelPermissionsResponse) {
option (google.api.http) = {
post: "/permissions/zitadel/me/_search"
@@ -658,6 +668,12 @@ message ListMyProjectOrgsResponse {
repeated zitadel.org.v1.Org result = 2;
}
message ListMyZitadelFeaturesRequest {}
message ListMyZitadelFeaturesResponse {
repeated string result = 1;
}
message ListMyZitadelPermissionsRequest {}
message ListMyZitadelPermissionsResponse {

39
proto/zitadel/features.proto Normal file
View File

@@ -0,0 +1,39 @@
syntax = "proto3";
import "zitadel/object.proto";
import "google/protobuf/timestamp.proto";
import "google/protobuf/duration.proto";
package zitadel.features.v1;
option go_package = "github.com/caos/zitadel/pkg/grpc/features";
message Features {
zitadel.v1.ObjectDetails details = 1;
FeatureTier tier = 2;
bool is_default = 3;
google.protobuf.Duration audit_log_retention = 4;
bool login_policy_username_login = 5;
bool login_policy_registration = 6;
bool login_policy_idp = 7;
bool login_policy_factors = 8;
bool login_policy_passwordless = 9;
bool password_complexity_policy = 10;
bool label_policy = 11;
}
message FeatureTier {
string name = 1;
string description = 2;
FeaturesState state = 3;
string status_info = 4;
}
enum FeaturesState {
FEATURES_STATE_ACTIVE = 0;
FEATURES_STATE_ACTION_REQUIRED = 1;
FEATURES_STATE_CANCELED = 2;
FEATURES_STATE_GRANDFATHERED = 3;
}

43
proto/zitadel/management.proto
View File

@@ -12,6 +12,7 @@ import "zitadel/policy.proto";
import "zitadel/message.proto";
import "zitadel/change.proto";
import "zitadel/auth_n_key.proto";
import "zitadel/features.proto";
import "google/api/annotations.proto";
import "google/protobuf/timestamp.proto";
@@ -44,7 +45,7 @@ option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
schemes: HTTPS;
consumes: "application/json";
produces: "application/json";
consumes: "application/grpc";
produces: "application/grpc";
@@ -242,7 +243,7 @@ service ManagementService {
option (google.api.http) = {
get: "/users/{user_id}/username"
};
option (zitadel.v1.auth_option) = {
permission: "user.write"
};
@@ -292,7 +293,7 @@ service ManagementService {
rpc ResendHumanInitialization(ResendHumanInitializationRequest) returns (ResendHumanInitializationResponse) {
option (google.api.http) = {
post: "/users/{user_id}/_resend_initialization"
post: "/users/{user_id}/_resend_initialization"
body: "*"
};
@@ -310,7 +311,7 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "user.write"
};
}
}
rpc GetHumanPhone(GetHumanPhoneRequest) returns (GetHumanPhoneResponse) {
option (google.api.http) = {
@@ -1340,6 +1341,16 @@ service ManagementService {
};
}
rpc GetFeatures(GetFeaturesRequest) returns (GetFeaturesResponse) {
option (google.api.http) = {
get: "/features"
};
option (zitadel.v1.auth_option) = {
permission: "features.read"
};
}
rpc GetOrgIAMPolicy(GetOrgIAMPolicyRequest) returns (GetOrgIAMPolicyResponse) {
option (google.api.http) = {
get: "/policies/orgiam"
@@ -1378,6 +1389,7 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "login_policy"
};
}
@@ -1389,6 +1401,7 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "login_policy"
};
}
@@ -1421,6 +1434,7 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "login_policy.idp"
};
}
@@ -1431,6 +1445,7 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "login_policy.idp"
};
}
@@ -1452,6 +1467,7 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "login_policy.factors"
};
}
@@ -1462,6 +1478,7 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "login_policy.factors"
};
}
@@ -1483,6 +1500,7 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "login_policy.factors"
};
}
@@ -1493,6 +1511,7 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "login_policy.factors"
};
}
@@ -1524,6 +1543,7 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "password_complexity_policy"
};
}
@@ -1535,6 +1555,7 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "password_complexity_policy"
};
}
@@ -1680,6 +1701,7 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "label_policy"
};
}
@@ -1691,6 +1713,7 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "policy.write"
feature: "label_policy"
};
}
@@ -1733,6 +1756,7 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "org.idp.write"
feature: "login_policy.idp"
};
}
@@ -1744,6 +1768,7 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "org.idp.write"
feature: "login_policy.idp"
};
}
@@ -1755,6 +1780,7 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "org.idp.write"
feature: "login_policy.idp"
};
}
@@ -1765,6 +1791,7 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "org.idp.write"
feature: "login_policy.idp"
};
}
@@ -1776,6 +1803,7 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "org.idp.write"
feature: "login_policy.idp"
};
}
@@ -1787,6 +1815,7 @@ service ManagementService {
option (zitadel.v1.auth_option) = {
permission: "org.idp.write"
feature: "login_policy.idp"
};
}
}
@@ -2956,6 +2985,12 @@ message BulkRemoveUserGrantRequest {
message BulkRemoveUserGrantResponse {}
message GetFeaturesRequest {}
message GetFeaturesResponse {
zitadel.features.v1.Features features = 1;
}
message GetOrgIAMPolicyRequest {}
message GetOrgIAMPolicyResponse {

3
proto/zitadel/options.proto
View File

@@ -14,4 +14,5 @@ extend google.protobuf.MethodOptions {
message AuthOption {
string permission = 1;
string check_field_name = 2;
}
string feature = 3;
}