TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-07-16 19:28:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(api): moving organization API resourced based (#9943)

Browse Source
This commit is contained in:
Iraq 2025-06-02 18:27:53 +02:00 committed by GitHub
parent b3d22dba05
commit ae1a2e93c1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
21 changed files with 3542 additions and 303 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/start/start.go
View File

@ -470,7 +470,7 @@ func startAPIs(
if err := apis.RegisterService(ctx, settings_v2beta.CreateServer(commands, queries)); err != nil {
return nil, err
}
if err := apis.RegisterService(ctx, org_v2beta.CreateServer(commands, queries, permissionCheck)); err != nil {
if err := apis.RegisterService(ctx, org_v2beta.CreateServer(config.SystemDefaults, commands, queries, permissionCheck)); err != nil {
return nil, err
}
if err := apis.RegisterService(ctx, feature_v2beta.CreateServer(commands, queries)); err != nil {

8
docs/docusaurus.config.js
View File

@ -342,6 +342,14 @@ module.exports = {
categoryLinkSource: "auto",
},
},
org_v2beta: {
specPath: ".artifacts/openapi/zitadel/org/v2beta/org_service.swagger.json",
outputDir: "docs/apis/resources/org_service_v2beta",
sidebarOptions: {
groupPathsBy: "tag",
categoryLinkSource: "auto",
},
},
project_v2beta: {
specPath: ".artifacts/openapi/zitadel/project/v2beta/project_service.swagger.json",
outputDir: "docs/apis/resources/project_service_v2",

13
docs/sidebars.js
View File

@ -10,6 +10,7 @@ const sidebar_api_oidc_service_v2 = require("./docs/apis/resources/oidc_service_
const sidebar_api_settings_service_v2 = require("./docs/apis/resources/settings_service_v2/sidebar.ts").default
const sidebar_api_feature_service_v2 = require("./docs/apis/resources/feature_service_v2/sidebar.ts").default
const sidebar_api_org_service_v2 = require("./docs/apis/resources/org_service_v2/sidebar.ts").default
const sidebar_api_org_service_v2beta = require("./docs/apis/resources/org_service_v2beta/sidebar.ts").default
const sidebar_api_idp_service_v2 = require("./docs/apis/resources/idp_service_v2/sidebar.ts").default
const sidebar_api_actions_v2 = require("./docs/apis/resources/action_service_v2/sidebar.ts").default
const sidebar_api_project_service_v2 = require("./docs/apis/resources/project_service_v2/sidebar.ts").default
@ -791,6 +792,18 @@ module.exports = {
},
items: sidebar_api_org_service_v2,
},
{
type: "category",
label: "Organization (Beta)",
link: {
type: "generated-index",
title: "Organization Service beta API",
slug: "/apis/resources/org_service/v2beta",
description:
"This API is intended to manage organizations for ZITADEL. \n",
},
items: sidebar_api_org_service_v2beta,
},
{
type: "category",
label: "Identity Provider",

4
internal/api/grpc/instance/converter.go
View File

@ -28,7 +28,7 @@ func InstanceToPb(instance *query.Instance) *instance_pb.Instance {
Name: instance.Name,
Domains: DomainsToPb(instance.Domains),
Version: build.Version(),
State: instance_pb.State_STATE_RUNNING, //TODO: change when delete is implemented
State: instance_pb.State_STATE_RUNNING, // TODO: change when delete is implemented
}
}
@ -44,7 +44,7 @@ func InstanceDetailToPb(instance *query.Instance) *instance_pb.InstanceDetail {
Name: instance.Name,
Domains: DomainsToPb(instance.Domains),
Version: build.Version(),
State: instance_pb.State_STATE_RUNNING, //TODO: change when delete is implemented
State: instance_pb.State_STATE_RUNNING, // TODO: change when delete is implemented
}
}

5
internal/api/grpc/instance/v2beta/integration_test/instance_test.go
View File

@ -9,10 +9,11 @@ import (
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/zitadel/zitadel/internal/integration"
instance "github.com/zitadel/zitadel/pkg/grpc/instance/v2beta"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
"github.com/zitadel/zitadel/internal/integration"
instance "github.com/zitadel/zitadel/pkg/grpc/instance/v2beta"
)
func TestDeleteInstace(t *testing.T) {

5
internal/api/grpc/instance/v2beta/integration_test/query_test.go
View File

@ -11,12 +11,13 @@ import (
"github.com/brianvoe/gofakeit/v6"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
"github.com/zitadel/zitadel/internal/integration"
filter "github.com/zitadel/zitadel/pkg/grpc/filter/v2beta"
instance "github.com/zitadel/zitadel/pkg/grpc/instance/v2beta"
"github.com/zitadel/zitadel/pkg/grpc/object/v2"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
)
func TestGetInstance(t *testing.T) {

4
internal/api/grpc/management/org_converter.go
View File

@ -26,7 +26,7 @@ func ListOrgDomainsRequestToModel(req *mgmt_pb.ListOrgDomainsRequest) (*query.Or
Limit: limit,
Asc: asc,
},
//SortingColumn: //TODO: sorting
// SortingColumn: //TODO: sorting
Queries: queries,
}, nil
}
@ -89,7 +89,7 @@ func ListOrgMembersRequestToModel(ctx context.Context, req *mgmt_pb.ListOrgMembe
Offset: offset,
Limit: limit,
Asc: asc,
//SortingColumn: //TODO: sorting
// SortingColumn: //TODO: sorting
},
Queries: queries,
},

4
internal/api/grpc/management/user.go
View File

@ -901,6 +901,7 @@ func (s *Server) ListHumanLinkedIDPs(ctx context.Context, req *mgmt_pb.ListHuman
Details: obj_grpc.ToListDetails(res.Count, res.Sequence, res.LastRun),
}, nil
}
func (s *Server) RemoveHumanLinkedIDP(ctx context.Context, req *mgmt_pb.RemoveHumanLinkedIDPRequest) (*mgmt_pb.RemoveHumanLinkedIDPResponse, error) {
objectDetails, err := s.command.RemoveUserIDPLink(ctx, RemoveHumanLinkedIDPRequestToDomain(ctx, req))
if err != nil {
@ -947,18 +948,21 @@ func cascadingIAMMembership(membership *query.IAMMembership) *command.CascadingI
}
return &command.CascadingIAMMembership{IAMID: membership.IAMID}
}
func cascadingOrgMembership(membership *query.OrgMembership) *command.CascadingOrgMembership {
if membership == nil {
return nil
}
return &command.CascadingOrgMembership{OrgID: membership.OrgID}
}
func cascadingProjectMembership(membership *query.ProjectMembership) *command.CascadingProjectMembership {
if membership == nil {
return nil
}
return &command.CascadingProjectMembership{ProjectID: membership.ProjectID}
}
func cascadingProjectGrantMembership(membership *query.ProjectGrantMembership) *command.CascadingProjectGrantMembership {
if membership == nil {
return nil

49
internal/api/grpc/metadata/v2beta/metadata.go Normal file
View File

@ -0,0 +1,49 @@
package metadata
import (
"google.golang.org/protobuf/types/known/timestamppb"
v2beta_object "github.com/zitadel/zitadel/internal/api/grpc/object/v2beta"
"github.com/zitadel/zitadel/internal/query"
"github.com/zitadel/zitadel/internal/zerrors"
meta_pb "github.com/zitadel/zitadel/pkg/grpc/metadata/v2beta"
)
// code in this file is copied from internal/api/grpc/metadata/metadata.go
func OrgMetadataListToPb(dataList []*query.OrgMetadata) []*meta_pb.Metadata {
mds := make([]*meta_pb.Metadata, len(dataList))
for i, data := range dataList {
mds[i] = OrgMetadataToPb(data)
}
return mds
}
func OrgMetadataToPb(data *query.OrgMetadata) *meta_pb.Metadata {
return &meta_pb.Metadata{
Key: data.Key,
Value: data.Value,
CreationDate: timestamppb.New(data.CreationDate),
ChangeDate: timestamppb.New(data.ChangeDate),
}
}
func OrgMetadataQueriesToQuery(queries []*meta_pb.MetadataQuery) (_ []query.SearchQuery, err error) {
q := make([]query.SearchQuery, len(queries))
for i, query := range queries {
q[i], err = OrgMetadataQueryToQuery(query)
if err != nil {
return nil, err
}
}
return q, nil
}
func OrgMetadataQueryToQuery(metadataQuery *meta_pb.MetadataQuery) (query.SearchQuery, error) {
switch q := metadataQuery.Query.(type) {
case *meta_pb.MetadataQuery_KeyQuery:
return query.NewOrgMetadataKeySearchQuery(q.KeyQuery.Key, v2beta_object.TextMethodToQuery(q.KeyQuery.Method))
default:
return nil, zerrors.ThrowInvalidArgument(nil, "METAD-fdg23", "List.Query.Invalid")
}
}

55
internal/api/grpc/object/v2beta/converter.go
View File

@ -9,6 +9,7 @@ import (
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/query"
object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"
org_pb "github.com/zitadel/zitadel/pkg/grpc/org/v2beta"
)
func DomainToDetailsPb(objectDetail *domain.ObjectDetails) *object.Details {
@ -34,6 +35,7 @@ func ToListDetails(response query.SearchResponse) *object.ListDetails {
return details
}
func ListQueryToQuery(query *object.ListQuery) (offset, limit uint64, asc bool) {
if query == nil {
return 0, 0, false
@ -73,3 +75,56 @@ func TextMethodToQuery(method object.TextQueryMethod) query.TextComparison {
return -1
}
}
func ListQueryToModel(query *object.ListQuery) (offset, limit uint64, asc bool) {
if query == nil {
return 0, 0, false
}
return query.Offset, uint64(query.Limit), query.Asc
}
func DomainsToPb(domains []*query.Domain) []*org_pb.Domain {
d := make([]*org_pb.Domain, len(domains))
for i, domain := range domains {
d[i] = DomainToPb(domain)
}
return d
}
func DomainToPb(d *query.Domain) *org_pb.Domain {
return &org_pb.Domain{
OrganizationId: d.OrgID,
DomainName: d.Domain,
IsVerified: d.IsVerified,
IsPrimary: d.IsPrimary,
ValidationType: DomainValidationTypeFromModel(d.ValidationType),
}
}
func DomainValidationTypeFromModel(validationType domain.OrgDomainValidationType) org_pb.DomainValidationType {
switch validationType {
case domain.OrgDomainValidationTypeDNS:
return org_pb.DomainValidationType_DOMAIN_VALIDATION_TYPE_DNS
case domain.OrgDomainValidationTypeHTTP:
return org_pb.DomainValidationType_DOMAIN_VALIDATION_TYPE_HTTP
case domain.OrgDomainValidationTypeUnspecified:
// added to please golangci-lint
return org_pb.DomainValidationType_DOMAIN_VALIDATION_TYPE_UNSPECIFIED
default:
return org_pb.DomainValidationType_DOMAIN_VALIDATION_TYPE_UNSPECIFIED
}
}
func DomainValidationTypeToDomain(validationType org_pb.DomainValidationType) domain.OrgDomainValidationType {
switch validationType {
case org_pb.DomainValidationType_DOMAIN_VALIDATION_TYPE_HTTP:
return domain.OrgDomainValidationTypeHTTP
case org_pb.DomainValidationType_DOMAIN_VALIDATION_TYPE_DNS:
return domain.OrgDomainValidationTypeDNS
case org_pb.DomainValidationType_DOMAIN_VALIDATION_TYPE_UNSPECIFIED:
// added to please golangci-lint
return domain.OrgDomainValidationTypeUnspecified
default:
return domain.OrgDomainValidationTypeUnspecified
}
}

256
internal/api/grpc/org/v2beta/helper.go Normal file
View File

@ -0,0 +1,256 @@
package org
import (
"context"
"google.golang.org/protobuf/types/known/timestamppb"
// TODO fix below
filter "github.com/zitadel/zitadel/internal/api/grpc/filter/v2beta"
metadata "github.com/zitadel/zitadel/internal/api/grpc/metadata/v2beta"
v2beta_object "github.com/zitadel/zitadel/internal/api/grpc/object/v2beta"
"github.com/zitadel/zitadel/internal/command"
"github.com/zitadel/zitadel/internal/config/systemdefaults"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/eventstore/v1/models"
"github.com/zitadel/zitadel/internal/query"
"github.com/zitadel/zitadel/internal/zerrors"
v2beta "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"
org "github.com/zitadel/zitadel/pkg/grpc/org/v2beta"
v2beta_org "github.com/zitadel/zitadel/pkg/grpc/org/v2beta"
)
// NOTE: most of this code is copied from `internal/api/grpc/admin/*`, as we will eventually axe the previous versons of the API,
// we will have code duplication until then
func listOrgRequestToModel(systemDefaults systemdefaults.SystemDefaults, request *v2beta_org.ListOrganizationsRequest) (*query.OrgSearchQueries, error) {
offset, limit, asc, err := filter.PaginationPbToQuery(systemDefaults, request.Pagination)
if err != nil {
return nil, err
}
queries, err := OrgQueriesToModel(request.Filter)
if err != nil {
return nil, err
}
return &query.OrgSearchQueries{
SearchRequest: query.SearchRequest{
Offset: offset,
Limit: limit,
SortingColumn: FieldNameToOrgColumn(request.SortingColumn),
Asc: asc,
},
Queries: queries,
}, nil
}
func OrganizationViewToPb(org *query.Org) *v2beta_org.Organization {
return &v2beta_org.Organization{
Id: org.ID,
State: OrgStateToPb(org.State),
Name: org.Name,
PrimaryDomain: org.Domain,
CreationDate: timestamppb.New(org.CreationDate),
ChangedDate: timestamppb.New(org.ChangeDate),
}
}
func OrgStateToPb(state domain.OrgState) v2beta_org.OrgState {
switch state {
case domain.OrgStateActive:
return v2beta_org.OrgState_ORG_STATE_ACTIVE
case domain.OrgStateInactive:
return v2beta_org.OrgState_ORG_STATE_INACTIVE
case domain.OrgStateRemoved:
// added to please golangci-lint
return v2beta_org.OrgState_ORG_STATE_REMOVED
case domain.OrgStateUnspecified:
// added to please golangci-lint
return v2beta_org.OrgState_ORG_STATE_UNSPECIFIED
default:
return v2beta_org.OrgState_ORG_STATE_UNSPECIFIED
}
}
func createdOrganizationToPb(createdOrg *command.CreatedOrg) (_ *org.CreateOrganizationResponse, err error) {
admins := make([]*org.CreatedAdmin, len(createdOrg.CreatedAdmins))
for i, admin := range createdOrg.CreatedAdmins {
admins[i] = &org.CreatedAdmin{
UserId: admin.ID,
EmailCode: admin.EmailCode,
PhoneCode: admin.PhoneCode,
}
}
return &org.CreateOrganizationResponse{
CreationDate: timestamppb.New(createdOrg.ObjectDetails.EventDate),
Id: createdOrg.ObjectDetails.ResourceOwner,
CreatedAdmins: admins,
}, nil
}
func OrgViewsToPb(orgs []*query.Org) []*v2beta_org.Organization {
o := make([]*v2beta_org.Organization, len(orgs))
for i, org := range orgs {
o[i] = OrganizationViewToPb(org)
}
return o
}
func OrgQueriesToModel(queries []*v2beta_org.OrganizationSearchFilter) (_ []query.SearchQuery, err error) {
q := make([]query.SearchQuery, len(queries))
for i, query := range queries {
q[i], err = OrgQueryToModel(query)
if err != nil {
return nil, err
}
}
return q, nil
}
func OrgQueryToModel(apiQuery *v2beta_org.OrganizationSearchFilter) (query.SearchQuery, error) {
switch q := apiQuery.Filter.(type) {
case *v2beta_org.OrganizationSearchFilter_DomainFilter:
return query.NewOrgVerifiedDomainSearchQuery(v2beta_object.TextMethodToQuery(q.DomainFilter.Method), q.DomainFilter.Domain)
case *v2beta_org.OrganizationSearchFilter_NameFilter:
return query.NewOrgNameSearchQuery(v2beta_object.TextMethodToQuery(q.NameFilter.Method), q.NameFilter.Name)
case *v2beta_org.OrganizationSearchFilter_StateFilter:
return query.NewOrgStateSearchQuery(OrgStateToDomain(q.StateFilter.State))
case *v2beta_org.OrganizationSearchFilter_IdFilter:
return query.NewOrgIDSearchQuery(q.IdFilter.Id)
default:
return nil, zerrors.ThrowInvalidArgument(nil, "ORG-vR9nC", "List.Query.Invalid")
}
}
func OrgStateToDomain(state v2beta_org.OrgState) domain.OrgState {
switch state {
case v2beta_org.OrgState_ORG_STATE_ACTIVE:
return domain.OrgStateActive
case v2beta_org.OrgState_ORG_STATE_INACTIVE:
return domain.OrgStateInactive
case v2beta_org.OrgState_ORG_STATE_REMOVED:
// added to please golangci-lint
return domain.OrgStateRemoved
case v2beta_org.OrgState_ORG_STATE_UNSPECIFIED:
fallthrough
default:
return domain.OrgStateUnspecified
}
}
func FieldNameToOrgColumn(fieldName v2beta_org.OrgFieldName) query.Column {
switch fieldName {
case v2beta_org.OrgFieldName_ORG_FIELD_NAME_NAME:
return query.OrgColumnName
case v2beta_org.OrgFieldName_ORG_FIELD_NAME_CREATION_DATE:
return query.OrgColumnCreationDate
case v2beta_org.OrgFieldName_ORG_FIELD_NAME_UNSPECIFIED:
return query.Column{}
default:
return query.Column{}
}
}
func ListOrgDomainsRequestToModel(systemDefaults systemdefaults.SystemDefaults, request *org.ListOrganizationDomainsRequest) (*query.OrgDomainSearchQueries, error) {
offset, limit, asc, err := filter.PaginationPbToQuery(systemDefaults, request.Pagination)
if err != nil {
return nil, err
}
queries, err := DomainQueriesToModel(request.Filters)
if err != nil {
return nil, err
}
return &query.OrgDomainSearchQueries{
SearchRequest: query.SearchRequest{
Offset: offset,
Limit: limit,
Asc: asc,
},
// SortingColumn: //TODO: sorting
Queries: queries,
}, nil
}
func ListQueryToModel(query *v2beta.ListQuery) (offset, limit uint64, asc bool) {
if query == nil {
return 0, 0, false
}
return query.Offset, uint64(query.Limit), query.Asc
}
func DomainQueriesToModel(queries []*v2beta_org.DomainSearchFilter) (_ []query.SearchQuery, err error) {
q := make([]query.SearchQuery, len(queries))
for i, query := range queries {
q[i], err = DomainQueryToModel(query)
if err != nil {
return nil, err
}
}
return q, nil
}
func DomainQueryToModel(searchQuery *v2beta_org.DomainSearchFilter) (query.SearchQuery, error) {
switch q := searchQuery.Filter.(type) {
case *v2beta_org.DomainSearchFilter_DomainNameFilter:
return query.NewOrgDomainDomainSearchQuery(v2beta_object.TextMethodToQuery(q.DomainNameFilter.Method), q.DomainNameFilter.Name)
default:
return nil, zerrors.ThrowInvalidArgument(nil, "ORG-Ags89", "List.Query.Invalid")
}
}
func RemoveOrgDomainRequestToDomain(ctx context.Context, req *v2beta_org.DeleteOrganizationDomainRequest) *domain.OrgDomain {
return &domain.OrgDomain{
ObjectRoot: models.ObjectRoot{
AggregateID: req.OrganizationId,
},
Domain: req.Domain,
}
}
func GenerateOrgDomainValidationRequestToDomain(ctx context.Context, req *v2beta_org.GenerateOrganizationDomainValidationRequest) *domain.OrgDomain {
return &domain.OrgDomain{
ObjectRoot: models.ObjectRoot{
AggregateID: req.OrganizationId,
},
Domain: req.Domain,
ValidationType: v2beta_object.DomainValidationTypeToDomain(req.Type),
}
}
func ValidateOrgDomainRequestToDomain(ctx context.Context, req *v2beta_org.VerifyOrganizationDomainRequest) *domain.OrgDomain {
return &domain.OrgDomain{
ObjectRoot: models.ObjectRoot{
AggregateID: req.OrganizationId,
},
Domain: req.Domain,
}
}
func BulkSetOrgMetadataToDomain(req *v2beta_org.SetOrganizationMetadataRequest) []*domain.Metadata {
metadata := make([]*domain.Metadata, len(req.Metadata))
for i, data := range req.Metadata {
metadata[i] = &domain.Metadata{
Key: data.Key,
Value: data.Value,
}
}
return metadata
}
func ListOrgMetadataToDomain(systemDefaults systemdefaults.SystemDefaults, request *v2beta_org.ListOrganizationMetadataRequest) (*query.OrgMetadataSearchQueries, error) {
offset, limit, asc, err := filter.PaginationPbToQuery(systemDefaults, request.Pagination)
if err != nil {
return nil, err
}
queries, err := metadata.OrgMetadataQueriesToQuery(request.Filter)
if err != nil {
return nil, err
}
return &query.OrgMetadataSearchQueries{
SearchRequest: query.SearchRequest{
Offset: offset,
Limit: limit,
Asc: asc,
},
Queries: queries,
}, nil
}

1815
internal/api/grpc/org/v2beta/integration_test/org_test.go
View File

File diff suppressed because it is too large Load Diff

238
internal/api/grpc/org/v2beta/org.go
View File

@ -2,16 +2,23 @@ package org
import (
"context"
"errors"
"google.golang.org/protobuf/types/known/timestamppb"
metadata "github.com/zitadel/zitadel/internal/api/grpc/metadata/v2beta"
object "github.com/zitadel/zitadel/internal/api/grpc/object/v2beta"
user "github.com/zitadel/zitadel/internal/api/grpc/user/v2beta"
"github.com/zitadel/zitadel/internal/command"
"github.com/zitadel/zitadel/internal/query"
"github.com/zitadel/zitadel/internal/zerrors"
filter "github.com/zitadel/zitadel/pkg/grpc/filter/v2beta"
org "github.com/zitadel/zitadel/pkg/grpc/org/v2beta"
v2beta_org "github.com/zitadel/zitadel/pkg/grpc/org/v2beta"
)
func (s *Server) AddOrganization(ctx context.Context, request *org.AddOrganizationRequest) (*org.AddOrganizationResponse, error) {
orgSetup, err := addOrganizationRequestToCommand(request)
func (s *Server) CreateOrganization(ctx context.Context, request *v2beta_org.CreateOrganizationRequest) (*v2beta_org.CreateOrganizationResponse, error) {
orgSetup, err := createOrganizationRequestToCommand(request)
if err != nil {
return nil, err
}
@ -22,8 +29,182 @@ func (s *Server) AddOrganization(ctx context.Context, request *org.AddOrganizati
return createdOrganizationToPb(createdOrg)
}
func addOrganizationRequestToCommand(request *org.AddOrganizationRequest) (*command.OrgSetup, error) {
admins, err := addOrganizationRequestAdminsToCommand(request.GetAdmins())
func (s *Server) UpdateOrganization(ctx context.Context, request *v2beta_org.UpdateOrganizationRequest) (*v2beta_org.UpdateOrganizationResponse, error) {
org, err := s.command.ChangeOrg(ctx, request.Id, request.Name)
if err != nil {
return nil, err
}
return &v2beta_org.UpdateOrganizationResponse{
ChangeDate: timestamppb.New(org.EventDate),
}, nil
}
func (s *Server) ListOrganizations(ctx context.Context, request *v2beta_org.ListOrganizationsRequest) (*v2beta_org.ListOrganizationsResponse, error) {
queries, err := listOrgRequestToModel(s.systemDefaults, request)
if err != nil {
return nil, err
}
orgs, err := s.query.SearchOrgs(ctx, queries, s.checkPermission)
if err != nil {
return nil, err
}
return &v2beta_org.ListOrganizationsResponse{
Organizations: OrgViewsToPb(orgs.Orgs),
Pagination: &filter.PaginationResponse{
TotalResult: orgs.Count,
AppliedLimit: uint64(request.GetPagination().GetLimit()),
},
}, nil
}
func (s *Server) DeleteOrganization(ctx context.Context, request *v2beta_org.DeleteOrganizationRequest) (*v2beta_org.DeleteOrganizationResponse, error) {
details, err := s.command.RemoveOrg(ctx, request.Id)
if err != nil {
var notFoundError *zerrors.NotFoundError
if errors.As(err, &notFoundError) {
return &v2beta_org.DeleteOrganizationResponse{}, nil
}
return nil, err
}
return &v2beta_org.DeleteOrganizationResponse{
DeletionDate: timestamppb.New(details.EventDate),
}, nil
}
func (s *Server) SetOrganizationMetadata(ctx context.Context, request *v2beta_org.SetOrganizationMetadataRequest) (*v2beta_org.SetOrganizationMetadataResponse, error) {
result, err := s.command.BulkSetOrgMetadata(ctx, request.OrganizationId, BulkSetOrgMetadataToDomain(request)...)
if err != nil {
return nil, err
}
return &org.SetOrganizationMetadataResponse{
SetDate: timestamppb.New(result.EventDate),
}, nil
}
func (s *Server) ListOrganizationMetadata(ctx context.Context, request *v2beta_org.ListOrganizationMetadataRequest) (*v2beta_org.ListOrganizationMetadataResponse, error) {
metadataQueries, err := ListOrgMetadataToDomain(s.systemDefaults, request)
if err != nil {
return nil, err
}
res, err := s.query.SearchOrgMetadata(ctx, true, request.OrganizationId, metadataQueries, false)
if err != nil {
return nil, err
}
return &v2beta_org.ListOrganizationMetadataResponse{
Metadata: metadata.OrgMetadataListToPb(res.Metadata),
Pagination: &filter.PaginationResponse{
TotalResult: res.Count,
AppliedLimit: uint64(request.GetPagination().GetLimit()),
},
}, nil
}
func (s *Server) DeleteOrganizationMetadata(ctx context.Context, request *v2beta_org.DeleteOrganizationMetadataRequest) (*v2beta_org.DeleteOrganizationMetadataResponse, error) {
result, err := s.command.BulkRemoveOrgMetadata(ctx, request.OrganizationId, request.Keys...)
if err != nil {
return nil, err
}
return &v2beta_org.DeleteOrganizationMetadataResponse{
DeletionDate: timestamppb.New(result.EventDate),
}, nil
}
func (s *Server) DeactivateOrganization(ctx context.Context, request *org.DeactivateOrganizationRequest) (*org.DeactivateOrganizationResponse, error) {
objectDetails, err := s.command.DeactivateOrg(ctx, request.Id)
if err != nil {
return nil, err
}
return &org.DeactivateOrganizationResponse{
ChangeDate: timestamppb.New(objectDetails.EventDate),
}, nil
}
func (s *Server) ActivateOrganization(ctx context.Context, request *org.ActivateOrganizationRequest) (*org.ActivateOrganizationResponse, error) {
objectDetails, err := s.command.ReactivateOrg(ctx, request.Id)
if err != nil {
return nil, err
}
return &org.ActivateOrganizationResponse{
ChangeDate: timestamppb.New(objectDetails.EventDate),
}, err
}
func (s *Server) AddOrganizationDomain(ctx context.Context, request *org.AddOrganizationDomainRequest) (*org.AddOrganizationDomainResponse, error) {
userIDs, err := s.getClaimedUserIDsOfOrgDomain(ctx, request.Domain, request.OrganizationId)
if err != nil {
return nil, err
}
details, err := s.command.AddOrgDomain(ctx, request.OrganizationId, request.Domain, userIDs)
if err != nil {
return nil, err
}
return &org.AddOrganizationDomainResponse{
CreationDate: timestamppb.New(details.EventDate),
}, nil
}
func (s *Server) ListOrganizationDomains(ctx context.Context, req *org.ListOrganizationDomainsRequest) (*org.ListOrganizationDomainsResponse, error) {
queries, err := ListOrgDomainsRequestToModel(s.systemDefaults, req)
if err != nil {
return nil, err
}
orgIDQuery, err := query.NewOrgDomainOrgIDSearchQuery(req.OrganizationId)
if err != nil {
return nil, err
}
queries.Queries = append(queries.Queries, orgIDQuery)
domains, err := s.query.SearchOrgDomains(ctx, queries, false)
if err != nil {
return nil, err
}
return &org.ListOrganizationDomainsResponse{
Domains: object.DomainsToPb(domains.Domains),
Pagination: &filter.PaginationResponse{
TotalResult: domains.Count,
AppliedLimit: uint64(req.GetPagination().GetLimit()),
},
}, nil
}
func (s *Server) DeleteOrganizationDomain(ctx context.Context, req *org.DeleteOrganizationDomainRequest) (*org.DeleteOrganizationDomainResponse, error) {
details, err := s.command.RemoveOrgDomain(ctx, RemoveOrgDomainRequestToDomain(ctx, req))
if err != nil {
return nil, err
}
return &org.DeleteOrganizationDomainResponse{
DeletionDate: timestamppb.New(details.EventDate),
}, err
}
func (s *Server) GenerateOrganizationDomainValidation(ctx context.Context, req *org.GenerateOrganizationDomainValidationRequest) (*org.GenerateOrganizationDomainValidationResponse, error) {
token, url, err := s.command.GenerateOrgDomainValidation(ctx, GenerateOrgDomainValidationRequestToDomain(ctx, req))
if err != nil {
return nil, err
}
return &org.GenerateOrganizationDomainValidationResponse{
Token: token,
Url: url,
}, nil
}
func (s *Server) VerifyOrganizationDomain(ctx context.Context, request *org.VerifyOrganizationDomainRequest) (*org.VerifyOrganizationDomainResponse, error) {
userIDs, err := s.getClaimedUserIDsOfOrgDomain(ctx, request.Domain, request.OrganizationId)
if err != nil {
return nil, err
}
details, err := s.command.ValidateOrgDomain(ctx, ValidateOrgDomainRequestToDomain(ctx, request), userIDs)
if err != nil {
return nil, err
}
return &org.VerifyOrganizationDomainResponse{
ChangeDate: timestamppb.New(details.EventDate),
}, nil
}
func createOrganizationRequestToCommand(request *v2beta_org.CreateOrganizationRequest) (*command.OrgSetup, error) {
admins, err := createOrganizationRequestAdminsToCommand(request.GetAdmins())
if err != nil {
return nil, err
}
@ -31,14 +212,14 @@ func addOrganizationRequestToCommand(request *org.AddOrganizationRequest) (*comm
Name: request.GetName(),
CustomDomain: "",
Admins: admins,
OrgID: request.GetOrgId(),
OrgID: request.GetId(),
}, nil
}
func addOrganizationRequestAdminsToCommand(requestAdmins []*org.AddOrganizationRequest_Admin) (admins []*command.OrgSetupAdmin, err error) {
func createOrganizationRequestAdminsToCommand(requestAdmins []*v2beta_org.CreateOrganizationRequest_Admin) (admins []*command.OrgSetupAdmin, err error) {
admins = make([]*command.OrgSetupAdmin, len(requestAdmins))
for i, admin := range requestAdmins {
admins[i], err = addOrganizationRequestAdminToCommand(admin)
admins[i], err = createOrganizationRequestAdminToCommand(admin)
if err != nil {
return nil, err
}
@ -46,14 +227,14 @@ func addOrganizationRequestAdminsToCommand(requestAdmins []*org.AddOrganizationR
return admins, nil
}
func addOrganizationRequestAdminToCommand(admin *org.AddOrganizationRequest_Admin) (*command.OrgSetupAdmin, error) {
func createOrganizationRequestAdminToCommand(admin *v2beta_org.CreateOrganizationRequest_Admin) (*command.OrgSetupAdmin, error) {
switch a := admin.GetUserType().(type) {
case *org.AddOrganizationRequest_Admin_UserId:
case *v2beta_org.CreateOrganizationRequest_Admin_UserId:
return &command.OrgSetupAdmin{
ID: a.UserId,
Roles: admin.GetRoles(),
}, nil
case *org.AddOrganizationRequest_Admin_Human:
case *v2beta_org.CreateOrganizationRequest_Admin_Human:
human, err := user.AddUserRequestToAddHuman(a.Human)
if err != nil {
return nil, err
@ -63,22 +244,31 @@ func addOrganizationRequestAdminToCommand(admin *org.AddOrganizationRequest_Admi
Roles: admin.GetRoles(),
}, nil
default:
return nil, zerrors.ThrowUnimplementedf(nil, "ORGv2-SD2r1", "userType oneOf %T in method AddOrganization not implemented", a)
return nil, zerrors.ThrowUnimplementedf(nil, "ORGv2-SL2r8", "userType oneOf %T in method AddOrganization not implemented", a)
}
}
func createdOrganizationToPb(createdOrg *command.CreatedOrg) (_ *org.AddOrganizationResponse, err error) {
admins := make([]*org.AddOrganizationResponse_CreatedAdmin, len(createdOrg.CreatedAdmins))
for i, admin := range createdOrg.CreatedAdmins {
admins[i] = &org.AddOrganizationResponse_CreatedAdmin{
UserId: admin.ID,
EmailCode: admin.EmailCode,
PhoneCode: admin.PhoneCode,
}
func (s *Server) getClaimedUserIDsOfOrgDomain(ctx context.Context, orgDomain, orgID string) ([]string, error) {
queries := make([]query.SearchQuery, 0, 2)
loginName, err := query.NewUserPreferredLoginNameSearchQuery("@"+orgDomain, query.TextEndsWithIgnoreCase)
if err != nil {
return nil, err
}
return &org.AddOrganizationResponse{
Details: object.DomainToDetailsPb(createdOrg.ObjectDetails),
OrganizationId: createdOrg.ObjectDetails.ResourceOwner,
CreatedAdmins: admins,
}, nil
queries = append(queries, loginName)
if orgID != "" {
owner, err := query.NewUserResourceOwnerSearchQuery(orgID, query.TextNotEquals)
if err != nil {
return nil, err
}
queries = append(queries, owner)
}
users, err := s.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: queries}, nil)
if err != nil {
return nil, err
}
userIDs := make([]string, len(users.Users))
for i, user := range users.Users {
userIDs[i] = user.ID
}
return userIDs, nil
}

45
internal/api/grpc/org/v2beta/org_test.go
View File

@ -12,14 +12,13 @@ import (
"github.com/zitadel/zitadel/internal/command"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/zerrors"
object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"
org "github.com/zitadel/zitadel/pkg/grpc/org/v2beta"
user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
)
func Test_addOrganizationRequestToCommand(t *testing.T) {
func Test_createOrganizationRequestToCommand(t *testing.T) {
type args struct {
request *org.AddOrganizationRequest
request *org.CreateOrganizationRequest
}
tests := []struct {
name string
@ -30,21 +29,21 @@ func Test_addOrganizationRequestToCommand(t *testing.T) {
{
name: "nil user",
args: args{
request: &org.AddOrganizationRequest{
request: &org.CreateOrganizationRequest{
Name: "name",
Admins: []*org.AddOrganizationRequest_Admin{
Admins: []*org.CreateOrganizationRequest_Admin{
{},
},
},
},
wantErr: zerrors.ThrowUnimplementedf(nil, "ORGv2-SD2r1", "userType oneOf %T in method AddOrganization not implemented", nil),
wantErr: zerrors.ThrowUnimplementedf(nil, "ORGv2-SL2r8", "userType oneOf %T in method AddOrganization not implemented", nil),
},
{
name: "custom org ID",
args: args{
request: &org.AddOrganizationRequest{
Name: "custom org ID",
OrgId: gu.Ptr("org-ID"),
request: &org.CreateOrganizationRequest{
Name: "custom org ID",
Id: gu.Ptr("org-ID"),
},
},
want: &command.OrgSetup{
@ -57,11 +56,11 @@ func Test_addOrganizationRequestToCommand(t *testing.T) {
{
name: "user ID",
args: args{
request: &org.AddOrganizationRequest{
request: &org.CreateOrganizationRequest{
Name: "name",
Admins: []*org.AddOrganizationRequest_Admin{
Admins: []*org.CreateOrganizationRequest_Admin{
{
UserType: &org.AddOrganizationRequest_Admin_UserId{
UserType: &org.CreateOrganizationRequest_Admin_UserId{
UserId: "userID",
},
Roles: nil,
@ -82,11 +81,11 @@ func Test_addOrganizationRequestToCommand(t *testing.T) {
{
name: "human user",
args: args{
request: &org.AddOrganizationRequest{
request: &org.CreateOrganizationRequest{
Name: "name",
Admins: []*org.AddOrganizationRequest_Admin{
Admins: []*org.CreateOrganizationRequest_Admin{
{
UserType: &org.AddOrganizationRequest_Admin_Human{
UserType: &org.CreateOrganizationRequest_Admin_Human{
Human: &user.AddHumanUserRequest{
Profile: &user.SetHumanProfile{
GivenName: "firstname",
@ -124,7 +123,7 @@ func Test_addOrganizationRequestToCommand(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := addOrganizationRequestToCommand(tt.args.request)
got, err := createOrganizationRequestToCommand(tt.args.request)
require.ErrorIs(t, err, tt.wantErr)
assert.Equal(t, tt.want, got)
})
@ -139,7 +138,7 @@ func Test_createdOrganizationToPb(t *testing.T) {
tests := []struct {
name string
args args
want *org.AddOrganizationResponse
want *org.CreateOrganizationResponse
wantErr error
}{
{
@ -160,14 +159,10 @@ func Test_createdOrganizationToPb(t *testing.T) {
},
},
},
want: &org.AddOrganizationResponse{
Details: &object.Details{
Sequence: 1,
ChangeDate: timestamppb.New(now),
ResourceOwner: "orgID",
},
OrganizationId: "orgID",
CreatedAdmins: []*org.AddOrganizationResponse_CreatedAdmin{
want: &org.CreateOrganizationResponse{
CreationDate: timestamppb.New(now),
Id: "orgID",
CreatedAdmins: []*org.CreatedAdmin{
{
UserId: "id",
EmailCode: gu.Ptr("emailCode"),

4
internal/api/grpc/org/v2beta/server.go
View File

@ -6,6 +6,7 @@ import (
"github.com/zitadel/zitadel/internal/api/authz"
"github.com/zitadel/zitadel/internal/api/grpc/server"
"github.com/zitadel/zitadel/internal/command"
"github.com/zitadel/zitadel/internal/config/systemdefaults"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/query"
org "github.com/zitadel/zitadel/pkg/grpc/org/v2beta"
@ -15,6 +16,7 @@ var _ org.OrganizationServiceServer = (*Server)(nil)
type Server struct {
org.UnimplementedOrganizationServiceServer
systemDefaults systemdefaults.SystemDefaults
command *command.Commands
query *query.Queries
checkPermission domain.PermissionCheck
@ -23,11 +25,13 @@ type Server struct {
type Config struct{}
func CreateServer(
systemDefaults systemdefaults.SystemDefaults,
command *command.Commands,
query *query.Queries,
checkPermission domain.PermissionCheck,
) *Server {
return &Server{
systemDefaults: systemDefaults,
command: command,
query: query,
checkPermission: checkPermission,

1
internal/query/org_metadata.go
View File

@ -194,7 +194,6 @@ func prepareOrgMetadataQuery() (sq.SelectBuilder, func(*sql.Row) (*OrgMetadata,
&m.Key,
&m.Value,
)
if err != nil {
if errors.Is(err, sql.ErrNoRows) {
return nil, zerrors.ThrowNotFound(err, "QUERY-Rph32", "Errors.Metadata.NotFound")

28
proto/zitadel/admin.proto
View File

@ -307,7 +307,6 @@ service AdminService {
};
}
// Deprecated: Use [ListCustomDomains](apis/resources/instance_service_v2/instance-service-list-custom-domains.api.mdx) instead to list custom domains
rpc ListInstanceDomains(ListInstanceDomainsRequest) returns (ListInstanceDomainsResponse) {
option (google.api.http) = {
post: "/domains/_search";
@ -320,12 +319,10 @@ service AdminService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Instance";
summary: "List Instance Domains";
description: "Returns a list of domains that are configured for this ZITADEL instance. These domains are the URLs where ZITADEL is running.";
deprecated: true;
description: "Returns a list of domains that are configured for this ZITADEL instance. These domains are the URLs where ZITADEL is running."
};
}
// Deprecated: Use [ListTrustedDomains](apis/resources/instance_service_v2/instance-service-list-trusted-domains.api.mdx) instead to list trusted domains
rpc ListInstanceTrustedDomains(ListInstanceTrustedDomainsRequest) returns (ListInstanceTrustedDomainsResponse) {
option (google.api.http) = {
post: "/trusted_domains/_search";
@ -338,12 +335,10 @@ service AdminService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Instance";
summary: "List Instance Trusted Domains";
description: "Returns a list of domains that are configured for this ZITADEL instance. These domains are trusted to be used as public hosts.";
deprecated: true;
description: "Returns a list of domains that are configured for this ZITADEL instance. These domains are trusted to be used as public hosts."
};
}
// Deprecated: Use [AddTrustedDomain](apis/resources/instance_service_v2/instance-service-add-trusted-domain.api.mdx) instead to add a trusted domain
rpc AddInstanceTrustedDomain(AddInstanceTrustedDomainRequest) returns (AddInstanceTrustedDomainResponse) {
option (google.api.http) = {
post: "/trusted_domains";
@ -357,12 +352,10 @@ service AdminService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Instance";
summary: "Add an Instance Trusted Domain";
description: "Returns a list of domains that are configured for this ZITADEL instance. These domains are trusted to be used as public hosts.";
deprecated: true;
description: "Returns a list of domains that are configured for this ZITADEL instance. These domains are trusted to be used as public hosts."
};
}
// Deprecated: Use [RemoveTrustedDomain](apis/resources/instance_service_v2/instance-service-remove-trusted-domain.api.mdx) instead to remove a trusted domain
rpc RemoveInstanceTrustedDomain(RemoveInstanceTrustedDomainRequest) returns (RemoveInstanceTrustedDomainResponse) {
option (google.api.http) = {
delete: "/trusted_domains/{domain}";
@ -375,8 +368,7 @@ service AdminService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Instance";
summary: "Remove an Instance Trusted Domain";
description: "Returns a list of domains that are configured for this ZITADEL instance. These domains are trusted to be used as public hosts.";
deprecated: true;
description: "Returns a list of domains that are configured for this ZITADEL instance. These domains are trusted to be used as public hosts."
};
}
@ -1245,6 +1237,7 @@ service AdminService {
};
}
// Deprecated: use ListOrganization [apis/resources/org_service_v2beta/organization-service-list-organizations.api.mdx] API instead
rpc ListOrgs(ListOrgsRequest) returns (ListOrgsResponse) {
option (google.api.http) = {
post: "/orgs/_search";
@ -1264,7 +1257,8 @@ service AdminService {
value: {
description: "list of organizations matching the query";
};
};
}
deprecated: true;
responses: {
key: "400";
value: {
@ -1279,6 +1273,7 @@ service AdminService {
};
}
// Deprecated: use CreateOrganization [apis/resources/org_service_v2beta/organization-service-create-organization.api.mdx] API instead
rpc SetUpOrg(SetUpOrgRequest) returns (SetUpOrgResponse) {
option (google.api.http) = {
post: "/orgs/_setup";
@ -1298,7 +1293,8 @@ service AdminService {
value: {
description: "org, user and user membership were created successfully";
};
};
}
deprecated: true;
responses: {
key: "400";
value: {
@ -1313,6 +1309,7 @@ service AdminService {
};
}
// Deprecated: use DeleteOrganization [apis/resources/org_service_v2beta/organization-service-delete-organization.api.mdx] API instead
rpc RemoveOrg(RemoveOrgRequest) returns (RemoveOrgResponse) {
option (google.api.http) = {
delete: "/orgs/{org_id}"
@ -1330,7 +1327,8 @@ service AdminService {
value: {
description: "org removed successfully";
};
};
}
deprecated: true;
responses: {
key: "400";
value: {

258
proto/zitadel/management.proto
View File

@ -2119,6 +2119,7 @@ service ManagementService {
};
}
// Deprecated: use CreateOrganization [apis/resources/org_service_v2beta/organization-service-create-organization.api.mdx] API instead
rpc AddOrg(AddOrgRequest) returns (AddOrgResponse) {
option (google.api.http) = {
post: "/orgs"
@ -2133,6 +2134,7 @@ service ManagementService {
tags: "Organizations";
summary: "Create Organization";
description: "Create a new organization. Based on the given name a domain will be generated to be able to identify users within an organization."
deprecated: true
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -2144,6 +2146,7 @@ service ManagementService {
};
}
// Deprecated: use UpdateOrganization [apis/resources/org_service_v2beta/organization-service-update-organization.api.mdx] API instead
rpc UpdateOrg(UpdateOrgRequest) returns (UpdateOrgResponse) {
option (google.api.http) = {
put: "/orgs/me"
@ -2158,6 +2161,7 @@ service ManagementService {
tags: "Organizations";
summary: "Update Organization";
description: "Change the name of the organization."
deprecated: true
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -2169,6 +2173,7 @@ service ManagementService {
};
}
// Deprecated: use DeactivateOrganization [apis/resources/org_service_v2beta/organization-service-deactivate-organization.api.mdx] API instead
rpc DeactivateOrg(DeactivateOrgRequest) returns (DeactivateOrgResponse) {
option (google.api.http) = {
post: "/orgs/me/_deactivate"
@ -2183,6 +2188,7 @@ service ManagementService {
tags: "Organizations";
summary: "Deactivate Organization";
description: "Sets the state of my organization to deactivated. Users of this organization will not be able to log in."
deprecated: true
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -2194,6 +2200,7 @@ service ManagementService {
};
}
// Deprecated: use ActivateOrganization [apis/resources/org_service_v2beta/organization-service-activate-organization.api.mdx] API instead
rpc ReactivateOrg(ReactivateOrgRequest) returns (ReactivateOrgResponse) {
option (google.api.http) = {
post: "/orgs/me/_reactivate"
@ -2208,6 +2215,7 @@ service ManagementService {
tags: "Organizations";
summary: "Reactivate Organization";
description: "Set the state of my organization to active. The state of the organization has to be deactivated to perform the request. Users of this organization will be able to log in again."
deprecated: true
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -2219,6 +2227,7 @@ service ManagementService {
};
}
// Deprecated: use DeleteOrganization [apis/resources/org_service_v2beta/organization-service-delete-organization.api.mdx] API instead
rpc RemoveOrg(RemoveOrgRequest) returns (RemoveOrgResponse) {
option (google.api.http) = {
delete: "/orgs/me"
@ -2232,6 +2241,7 @@ service ManagementService {
tags: "Organizations";
summary: "Delete Organization";
description: "Deletes my organization and all its resources (Users, Projects, Grants to and from the org). Users of this organization will not be able to log in."
deprecated: true
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -2243,6 +2253,7 @@ service ManagementService {
};
}
// Deprecated: use SetOrganizationMetadata [apis/resources/org_service_v2beta/organization-service-set-organization-metadata.api.mdx] API instead
rpc SetOrgMetadata(SetOrgMetadataRequest) returns (SetOrgMetadataResponse) {
option (google.api.http) = {
post: "/metadata/{key}"
@ -2258,6 +2269,7 @@ service ManagementService {
tags: "Organization Metadata";
summary: "Set Organization Metadata";
description: "This endpoint either adds or updates a metadata value for the requested key. Make sure the value is base64 encoded."
deprecated: true
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -2269,6 +2281,7 @@ service ManagementService {
};
}
// Deprecated: use SetOrganizationMetadata [apis/resources/org_service_v2beta/organization-service-set-organization-metadata.api.mdx] API instead
rpc BulkSetOrgMetadata(BulkSetOrgMetadataRequest) returns (BulkSetOrgMetadataResponse) {
option (google.api.http) = {
post: "/metadata/_bulk"
@ -2284,6 +2297,7 @@ service ManagementService {
tags: "Organization Metadata";
summary: "Bulk Set Organization Metadata";
description: "This endpoint sets a list of metadata to the organization. Make sure the values are base64 encoded."
deprecated: true
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -2295,6 +2309,7 @@ service ManagementService {
};
}
// Deprecated: use ListOrganizationMetadata [apis/resources/org_service_v2beta/organization-service-list-organization-metadata.api.mdx] API instead
rpc ListOrgMetadata(ListOrgMetadataRequest) returns (ListOrgMetadataResponse) {
option (google.api.http) = {
post: "/metadata/_search"
@ -2310,6 +2325,7 @@ service ManagementService {
tags: "Organization Metadata";
summary: "Search Organization Metadata";
description: "Get the metadata of an organization filtered by your query."
deprecated: true
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -2321,6 +2337,7 @@ service ManagementService {
};
}
// Deprecated: use ListOrganizationMetadata [apis/resources/org_service_v2beta/organization-service-list-organization-metadata.api.mdx] API instead
rpc GetOrgMetadata(GetOrgMetadataRequest) returns (GetOrgMetadataResponse) {
option (google.api.http) = {
get: "/metadata/{key}"
@ -2335,6 +2352,7 @@ service ManagementService {
tags: "Organization Metadata";
summary: "Get Organization Metadata By Key";
description: "Get a metadata object from an organization by a specific key."
deprecated: true
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -2346,6 +2364,7 @@ service ManagementService {
};
}
// Deprecated: use DeleteOrganizationMetadata [apis/resources/org_service_v2beta/organization-service-delete-organization-metadata.api.mdx] API instead
rpc RemoveOrgMetadata(RemoveOrgMetadataRequest) returns (RemoveOrgMetadataResponse) {
option (google.api.http) = {
delete: "/metadata/{key}"
@ -2360,6 +2379,7 @@ service ManagementService {
tags: "Organization Metadata";
summary: "Delete Organization Metadata By Key";
description: "Remove a metadata object from an organization with a specific key."
deprecated: true
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -2371,6 +2391,7 @@ service ManagementService {
};
}
// Deprecated: use DeleteOrganizationMetadata [apis/resources/org_service_v2beta/organization-service-delete-organization-metadata.api.mdx] API instead
rpc BulkRemoveOrgMetadata(BulkRemoveOrgMetadataRequest) returns (BulkRemoveOrgMetadataResponse) {
option (google.api.http) = {
delete: "/metadata/_bulk"
@ -2384,6 +2405,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Organizations";
tags: "Organization Metadata";
deprecated: true
summary: "Bulk Delete Metadata";
description: "Remove a list of metadata objects from an organization with a list of keys."
parameters: {
@ -2397,31 +2419,7 @@ service ManagementService {
};
}
rpc ListOrgDomains(ListOrgDomainsRequest) returns (ListOrgDomainsResponse) {
option (google.api.http) = {
post: "/orgs/me/domains/_search"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "org.read"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Organizations";
summary: "Search Domains";
description: "Returns the list of registered domains of an organization. The domains are used to identify to which organization a user belongs."
parameters: {
headers: {
name: "x-zitadel-orgid";
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
type: STRING,
required: false;
};
};
};
}
// Deprecated: use AddOrganizationDomain [apis/resources/org_service_v2beta/organization-service-add-organization-domain.api.mdx] API instead
rpc AddOrgDomain(AddOrgDomainRequest) returns (AddOrgDomainResponse) {
option (google.api.http) = {
post: "/orgs/me/domains"
@ -2436,6 +2434,7 @@ service ManagementService {
tags: "Organizations";
summary: "Add Domain";
description: "Add a new domain to an organization. The domains are used to identify to which organization a user belongs."
deprecated: true
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -2447,6 +2446,34 @@ service ManagementService {
};
}
// Deprecated: use ListOrganizationDomains [apis/resources/org_service_v2beta/organization-service-list-organization-domains.api.mdx] API instead
rpc ListOrgDomains(ListOrgDomainsRequest) returns (ListOrgDomainsResponse) {
option (google.api.http) = {
post: "/orgs/me/domains/_search"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "org.read"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Organizations";
summary: "Search Domains";
description: "Returns the list of registered domains of an organization. The domains are used to identify to which organization a user belongs."
deprecated: true
parameters: {
headers: {
name: "x-zitadel-orgid";
description: "The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.";
type: STRING,
required: false;
};
};
};
}
// Deprecated: use DeleteOrganizationDomain [apis/resources/org_service_v2beta/organization-service-delete-organization-domain.api.mdx] API instead
rpc RemoveOrgDomain(RemoveOrgDomainRequest) returns (RemoveOrgDomainResponse) {
option (google.api.http) = {
delete: "/orgs/me/domains/{domain}"
@ -2460,6 +2487,7 @@ service ManagementService {
tags: "Organizations";
summary: "Remove Domain";
description: "Delete a new domain from an organization. The domains are used to identify to which organization a user belongs. If the uses use the domain for login, this will not be possible afterwards. They have to use another domain instead."
deprecated: true
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -2471,6 +2499,7 @@ service ManagementService {
};
}
// Deprecated: use GenerateOrganizationDomainValidation [apis/resources/org_service_v2beta/organization-service-generate-organization-domain-validation.api.mdx] API instead
rpc GenerateOrgDomainValidation(GenerateOrgDomainValidationRequest) returns (GenerateOrgDomainValidationResponse) {
option (google.api.http) = {
post: "/orgs/me/domains/{domain}/validation/_generate"
@ -2485,6 +2514,7 @@ service ManagementService {
tags: "Organizations";
summary: "Generate Domain Verification";
description: "Generate a new file to be able to verify your domain with DNS or HTTP challenge."
deprecated: true
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -2496,6 +2526,7 @@ service ManagementService {
};
}
// Deprecated: use VerifyOrganizationDomain [apis/resources/org_service_v2beta/organization-service-verify-organization-domain.api.mdx] API instead
rpc ValidateOrgDomain(ValidateOrgDomainRequest) returns (ValidateOrgDomainResponse) {
option (google.api.http) = {
post: "/orgs/me/domains/{domain}/validation/_validate"
@ -2510,6 +2541,7 @@ service ManagementService {
tags: "Organizations";
summary: "Verify Domain";
description: "Make sure you have added the required verification to your domain, depending on the method you have chosen (HTTP or DNS challenge). ZITADEL will check it and set the domain as verified if it was successful. A verify domain has to be unique."
deprecated: true
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -2678,11 +2710,6 @@ service ManagementService {
};
}
// Get Project By ID
//
// Deprecated: [Get Project](apis/resources/project_service_v2/project-service-get-project.api.mdx) to get project by ID.
//
// Returns a project owned by the organization (no granted projects). A Project is a vessel for different applications sharing the same role context.
rpc GetProjectByID(GetProjectByIDRequest) returns (GetProjectByIDResponse) {
option (google.api.http) = {
get: "/projects/{id}"
@ -2695,7 +2722,8 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Projects";
deprecated: true;
summary: "Get Project By ID";
description: "Returns a project owned by the organization (no granted projects). A Project is a vessel for different applications sharing the same role context."
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -2707,11 +2735,6 @@ service ManagementService {
};
}
// Get Granted Project By ID
//
// Deprecated: [List Projects](apis/resources/project_service_v2/project-service-list-projects.api.mdx) to get granted projects.
//
// Returns a project owned by another organization and granted to my organization. A Project is a vessel for different applications sharing the same role context.
rpc GetGrantedProjectByID(GetGrantedProjectByIDRequest) returns (GetGrantedProjectByIDResponse) {
option (google.api.http) = {
get: "/granted_projects/{project_id}/grants/{grant_id}"
@ -2724,7 +2747,8 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Projects";
deprecated: true;
summary: "Get Granted Project By ID";
description: "Returns a project owned by another organization and granted to my organization. A Project is a vessel for different applications sharing the same role context."
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -2736,11 +2760,6 @@ service ManagementService {
};
}
// List Projects
//
// Deprecated: [List Projects](apis/resources/project_service_v2/project-service-list-projects.api.mdx) to list all projects and granted projects.
//
// Lists projects my organization is the owner of (no granted projects). A Project is a vessel for different applications sharing the same role context.
rpc ListProjects(ListProjectsRequest) returns (ListProjectsResponse) {
option (google.api.http) = {
post: "/projects/_search"
@ -2753,7 +2772,8 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Projects";
deprecated: true;
summary: "Search Project";
description: "Lists projects my organization is the owner of (no granted projects). A Project is a vessel for different applications sharing the same role context."
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -2765,11 +2785,6 @@ service ManagementService {
};
}
// List Granted Projects
//
// Deprecated: [List Projects](apis/resources/project_service_v2/project-service-list-projects.api.mdx) to list all projects and granted projects.
//
// Lists projects my organization got granted from another organization. A Project is a vessel for different applications sharing the same role context.
rpc ListGrantedProjects(ListGrantedProjectsRequest) returns (ListGrantedProjectsResponse) {
option (google.api.http) = {
post: "/granted_projects/_search"
@ -2782,7 +2797,8 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Projects";
deprecated: true;
summary: "Search Granted Project";
description: "Lists projects my organization got granted from another organization. A Project is a vessel for different applications sharing the same role context."
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -2844,11 +2860,6 @@ service ManagementService {
};
}
// Create Project
//
// Deprecated: [Create Project](apis/resources/project_service_v2/project-service-create-project.api.mdx) to create a project.
//
// Create a new project. A Project is a vessel for different applications sharing the same role context.
rpc AddProject(AddProjectRequest) returns (AddProjectResponse) {
option (google.api.http) = {
post: "/projects"
@ -2861,7 +2872,8 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Projects";
deprecated: true;
summary: "Create Project";
description: "Create a new project. A Project is a vessel for different applications sharing the same role context."
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -2873,11 +2885,6 @@ service ManagementService {
};
}
// Update Project
//
// Deprecated: [Update Project](apis/resources/project_service_v2/project-service-update-project.api.mdx) to update a project.
//
// Update a project and its settings. A Project is a vessel for different applications sharing the same role context.
rpc UpdateProject(UpdateProjectRequest) returns (UpdateProjectResponse) {
option (google.api.http) = {
put: "/projects/{id}"
@ -2891,7 +2898,8 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Projects";
deprecated: true;
summary: "Update Project";
description: "Update a project and its settings. A Project is a vessel for different applications sharing the same role context."
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -2903,11 +2911,6 @@ service ManagementService {
};
}
// Deactivate Project
//
// Deprecated: [Deactivate Project](apis/resources/project_service_v2/project-service-deactivate-project.api.mdx) to deactivate a project.
//
// Set the state of a project to deactivated. Request returns an error if the project is already deactivated.
rpc DeactivateProject(DeactivateProjectRequest) returns (DeactivateProjectResponse) {
option (google.api.http) = {
post: "/projects/{id}/_deactivate"
@ -2921,7 +2924,8 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Projects";
deprecated: true;
summary: "Deactivate Project";
description: "Set the state of a project to deactivated. Request returns an error if the project is already deactivated."
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -2933,11 +2937,6 @@ service ManagementService {
};
}
// Activate Project
//
// Deprecated: [Activate Project](apis/resources/project_service_v2/project-service-activate-project.api.mdx) to activate a project.
//
// Set the state of a project to active. Request returns an error if the project is not deactivated.
rpc ReactivateProject(ReactivateProjectRequest) returns (ReactivateProjectResponse) {
option (google.api.http) = {
post: "/projects/{id}/_reactivate"
@ -2951,7 +2950,8 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Projects";
deprecated: true;
summary: "Reactivate Project";
description: "Set the state of a project to active. Request returns an error if the project is not deactivated."
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -2963,11 +2963,6 @@ service ManagementService {
};
}
// Remove Project
//
// Deprecated: [Delete Project](apis/resources/project_service_v2/project-service-delete-project.api.mdx) to remove a project.
//
// Project and all its sub-resources like project grants, applications, roles and user grants will be removed.
rpc RemoveProject(RemoveProjectRequest) returns (RemoveProjectResponse) {
option (google.api.http) = {
delete: "/projects/{id}"
@ -2980,7 +2975,8 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Projects";
deprecated: true;
summary: "Remove Project";
description: "Project and all its sub-resources like project grants, applications, roles and user grants will be removed."
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -2992,11 +2988,6 @@ service ManagementService {
};
}
// Search Project Roles
//
// Deprecated: [List Project Roles](apis/resources/project_service_v2/project-service-list-project-roles.api.mdx) to get project roles.
//
// Returns all roles of a project matching the search query.
rpc ListProjectRoles(ListProjectRolesRequest) returns (ListProjectRolesResponse) {
option (google.api.http) = {
post: "/projects/{project_id}/roles/_search"
@ -3010,7 +3001,8 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Project Roles";
deprecated: true;
summary: "Search Project Roles";
description: "Returns all roles of a project matching the search query."
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -3022,11 +3014,6 @@ service ManagementService {
};
}
// Add Project Role
//
// Deprecated: [Add Project Role](apis/resources/project_service_v2/project-service-add-project-role.api.mdx) to add a project role.
//
// Add a new project role to a project. The key must be unique within the project.\n\nDeprecated: please use user service v2 AddProjectRole.
rpc AddProjectRole(AddProjectRoleRequest) returns (AddProjectRoleResponse) {
option (google.api.http) = {
post: "/projects/{project_id}/roles"
@ -3040,7 +3027,8 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Project Roles";
deprecated: true;
summary: "Add Project Role";
description: "Add a new project role to a project. The key must be unique within the project."
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -3052,11 +3040,6 @@ service ManagementService {
};
}
// Bulk add Project Role
//
// Deprecated: [Add Project Role](apis/resources/project_service_v2/project-service-add-project-role.api.mdx) to add a project role.
//
// Add a list of roles to a project. The keys must be unique within the project.
rpc BulkAddProjectRoles(BulkAddProjectRolesRequest) returns (BulkAddProjectRolesResponse) {
option (google.api.http) = {
post: "/projects/{project_id}/roles/_bulk"
@ -3070,7 +3053,8 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Project Roles";
deprecated: true;
summary: "Bulk Add Project Role";
description: "Add a list of roles to a project. The keys must be unique within the project."
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -3082,11 +3066,6 @@ service ManagementService {
};
}
// Update Project Role
//
// Deprecated: [Update Project Role](apis/resources/project_service_v2/project-service-update-project-role.api.mdx) to update a project role.
//
// Change a project role. The key is not editable. If a key should change, remove the role and create a new one.
rpc UpdateProjectRole(UpdateProjectRoleRequest) returns (UpdateProjectRoleResponse) {
option (google.api.http) = {
put: "/projects/{project_id}/roles/{role_key}"
@ -3100,7 +3079,8 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Project Roles";
deprecated: true;
summary: "Change Project Role";
description: "Change a project role. The key is not editable. If a key should change, remove the role and create a new one."
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -3112,11 +3092,6 @@ service ManagementService {
};
}
// Remove Project Role
//
// Deprecated: [Delete Project Role](apis/resources/project_service_v2/project-service-update-project-role.api.mdx) to remove a project role.
//
// Removes the role from the project and on every resource it has a dependency. This includes project grants and user grants.
rpc RemoveProjectRole(RemoveProjectRoleRequest) returns (RemoveProjectRoleResponse) {
option (google.api.http) = {
delete: "/projects/{project_id}/roles/{role_key}"
@ -3129,7 +3104,8 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Project Roles";
deprecated: true;
summary: "Remove Project Role";
description: "Removes the role from the project and on every resource it has a dependency. This includes project grants and user grants."
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -3793,11 +3769,6 @@ service ManagementService {
};
}
// Get Project Grant By ID
//
// Deprecated: [List Project Grants](apis/resources/project_service_v2/project-service-list-project-grants.api.mdx) to get a project grant.
//
// Returns a project grant. A project grant is when the organization grants its project to another organization.
rpc GetProjectGrantByID(GetProjectGrantByIDRequest) returns (GetProjectGrantByIDResponse) {
option (google.api.http) = {
get: "/projects/{project_id}/grants/{grant_id}"
@ -3809,7 +3780,8 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Projects";
deprecated: true;
summary: "Project Grant By ID";
description: "Returns a project grant. A project grant is when the organization grants its project to another organization."
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -3821,11 +3793,6 @@ service ManagementService {
};
}
// List Project Grants
//
// Deprecated: [List Project Grants](apis/resources/project_service_v2/project-service-list-project-grants.api.mdx) to list project grants.
//
// Returns a list of project grants for a specific project. A project grant is when the organization grants its project to another organization.
rpc ListProjectGrants(ListProjectGrantsRequest) returns (ListProjectGrantsResponse) {
option (google.api.http) = {
post: "/projects/{project_id}/grants/_search"
@ -3839,7 +3806,8 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Project Grants";
deprecated: true;
summary: "Search Project Grants from Project";
description: "Returns a list of project grants for a specific project. A project grant is when the organization grants its project to another organization."
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -3851,11 +3819,6 @@ service ManagementService {
};
}
// Search Project Grants
//
// Deprecated: [List Project Grants](apis/resources/project_service_v2/project-service-list-project-grants.api.mdx) to list project grants.
//
// Returns a list of project grants. A project grant is when the organization grants its project to another organization.
rpc ListAllProjectGrants(ListAllProjectGrantsRequest) returns (ListAllProjectGrantsResponse) {
option (google.api.http) = {
post: "/projectgrants/_search"
@ -3868,7 +3831,8 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Project Grants";
deprecated: true;
summary: "Search Project Grants";
description: "Returns a list of project grants. A project grant is when the organization grants its project to another organization."
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -3880,11 +3844,6 @@ service ManagementService {
};
}
// Add Project Grant
//
// Deprecated: [Create Project Grant](apis/resources/project_service_v2/project-service-create-project-grant.api.mdx) to add a project grant.
//
// Grant a project to another organization. The project grant will allow the granted organization to access the project and manage the authorizations for its users. Project Grant will be listed in the granted project of the granted organization.
rpc AddProjectGrant(AddProjectGrantRequest) returns (AddProjectGrantResponse) {
option (google.api.http) = {
post: "/projects/{project_id}/grants"
@ -3897,7 +3856,8 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Project Grants";
deprecated: true;
summary: "Add Project Grant";
description: "Grant a project to another organization. The project grant will allow the granted organization to access the project and manage the authorizations for its users. Project Grant will be listed in the granted project of the granted organization"
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -3909,11 +3869,6 @@ service ManagementService {
};
}
// Update Project Grant
//
// Deprecated: [Update Project Grant](apis/resources/project_service_v2/project-service-update-project-grant.api.mdx) to update a project grant.
//
// Change the roles of the project that is granted to another organization. The project grant will allow the granted organization to access the project and manage the authorizations for its users. Project Grant will be listed in the granted project of the granted organization.
rpc UpdateProjectGrant(UpdateProjectGrantRequest) returns (UpdateProjectGrantResponse) {
option (google.api.http) = {
put: "/projects/{project_id}/grants/{grant_id}"
@ -3926,7 +3881,8 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Project Grants";
deprecated: true;
summary: "Change Project Grant";
description: "Change the roles of the project that is granted to another organization. The project grant will allow the granted organization to access the project and manage the authorizations for its users. Project Grant will be listed in the granted project of the granted organization"
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -3938,11 +3894,6 @@ service ManagementService {
};
}
// Deactivate Project Grant
//
// Deprecated: [Deactivate Project Grant](apis/resources/project_service_v2/project-service-deactivate-project-grant.api.mdx) to deactivate a project grant.
//
// Set the state of the project grant to deactivated. The grant has to be active to be able to deactivate.
rpc DeactivateProjectGrant(DeactivateProjectGrantRequest) returns (DeactivateProjectGrantResponse) {
option (google.api.http) = {
post: "/projects/{project_id}/grants/{grant_id}/_deactivate"
@ -3955,7 +3906,8 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Project Grants";
deprecated: true;
summary: "Deactivate Project Grant";
description: "Set the state of the project grant to deactivated. The grant has to be active to be able to deactivate."
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -3967,11 +3919,6 @@ service ManagementService {
};
}
// Reactivate Project Grant
//
// Deprecated: [Activate Project Grant](apis/resources/project_service_v2/project-service-activate-project-grant.api.mdx) to activate a project grant.
//
// Set the state of the project grant to active. The grant has to be deactivated to be able to reactivate.
rpc ReactivateProjectGrant(ReactivateProjectGrantRequest) returns (ReactivateProjectGrantResponse) {
option (google.api.http) = {
post: "/projects/{project_id}/grants/{grant_id}/_reactivate"
@ -3984,7 +3931,8 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Project Grants";
deprecated: true;
summary: "Reactivate Project Grant";
description: "Set the state of the project grant to active. The grant has to be deactivated to be able to reactivate."
parameters: {
headers: {
name: "x-zitadel-orgid";
@ -3996,11 +3944,6 @@ service ManagementService {
};
}
// Remove Project Grant
//
// Deprecated: [Delete Project Grant](apis/resources/project_service_v2/project-service-delete-project-grant.api.mdx) to remove a project grant.
//
// Remove a project grant. All user grants for this project grant will also be removed. A user will not have access to the project afterward (if permissions are checked).
rpc RemoveProjectGrant(RemoveProjectGrantRequest) returns (RemoveProjectGrantResponse) {
option (google.api.http) = {
delete: "/projects/{project_id}/grants/{grant_id}"
@ -4012,7 +3955,8 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Project Grants";
deprecated: true;
summary: "Remove Project Grant";
description: "Remove a project grant. All user grants for this project grant will also be removed. A user will not have access to the project afterward (if permissions are checked)."
parameters: {
headers: {
name: "x-zitadel-orgid";

57
proto/zitadel/metadata/v2beta/metadata.proto Normal file
View File

@ -0,0 +1,57 @@
syntax = "proto3";
import "zitadel/object/v2beta/object.proto";
import "protoc-gen-openapiv2/options/annotations.proto";
import "validate/validate.proto";
import "google/protobuf/timestamp.proto";
package zitadel.metadata.v2beta;
option go_package ="github.com/zitadel/zitadel/pkg/grpc/metadata/v2beta";
message Metadata {
google.protobuf.Timestamp creation_date = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2025-01-23T10:34:18.051Z\"";
}
];
google.protobuf.Timestamp change_date = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2025-01-23T10:34:18.051Z\"";
}
];
string key = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "metadata key",
example: "\"key1\"";
}
];
bytes value = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "metadata value is base64 encoded, make sure to decode to get the value",
example: "\"VGhpcyBpcyBteSBmaXJzdCB2YWx1ZQ==\"";
}
];
}
message MetadataQuery {
oneof query {
option (validate.required) = true;
MetadataKeyQuery key_query = 1;
}
}
message MetadataKeyQuery {
string key = 1 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"key\""
}
];
zitadel.object.v2beta.TextQueryMethod method = 2 [
(validate.rules).enum.defined_only = true,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines which text equality method is used";
}
];
}

169
proto/zitadel/org/v2beta/org.proto Normal file
View File

@ -0,0 +1,169 @@
syntax = "proto3";
package zitadel.org.v2beta;
option go_package = "github.com/zitadel/zitadel/pkg/grpc/org/v2beta;org";
import "protoc-gen-openapiv2/options/annotations.proto";
import "validate/validate.proto";
import "zitadel/object/v2beta/object.proto";
import "google/protobuf/timestamp.proto";
message Organization {
// Unique identifier of the organization.
string id = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\""
}
];
// The timestamp of the organization was created.
google.protobuf.Timestamp creation_date = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2024-12-18T07:50:47.492Z\"";
}
];
// The timestamp of the verification of the organization domain.
google.protobuf.Timestamp changed_date = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2025-01-23T10:34:18.051Z\"";
}
];
// Current state of the organization, for example active, inactive and deleted.
OrgState state = 4;
// Name of the organization.
string name = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"ZITADEL\"";
}
];
// Primary domain used in the organization.
string primary_domain = 6 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"zitadel.cloud\"";
}
];
}
enum OrgState {
ORG_STATE_UNSPECIFIED = 0;
ORG_STATE_ACTIVE = 1;
ORG_STATE_INACTIVE = 2;
ORG_STATE_REMOVED = 3;
}
enum OrgFieldName {
ORG_FIELD_NAME_UNSPECIFIED = 0;
ORG_FIELD_NAME_NAME = 1;
ORG_FIELD_NAME_CREATION_DATE = 2;
}
message OrganizationSearchFilter{
oneof filter {
option (validate.required) = true;
OrgNameFilter name_filter = 1;
OrgDomainFilter domain_filter = 2;
OrgStateFilter state_filter = 3;
OrgIDFilter id_filter = 4;
}
}
message OrgNameFilter {
// Organization name.
string name = 1 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"ZITADEL\"";
}
];
// Defines which text equality method is used.
zitadel.object.v2beta.TextQueryMethod method = 2 [
(validate.rules).enum.defined_only = true
];
}
message OrgDomainFilter {
// The domain.
string domain = 1 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"zitadel.cloud\"";
}
];
// Defines which text equality method is used.
zitadel.object.v2beta.TextQueryMethod method = 2 [
(validate.rules).enum.defined_only = true
];
}
message OrgStateFilter {
// Current state of the organization.
OrgState state = 1 [
(validate.rules).enum.defined_only = true
];
}
message OrgIDFilter {
// The Organization id.
string id = 1 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\""
}
];
}
// from proto/zitadel/org.proto
message DomainSearchFilter {
oneof filter {
option (validate.required) = true;
DomainNameFilter domain_name_filter = 1;
}
}
// from proto/zitadel/org.proto
message DomainNameFilter {
// The domain.
string name = 1 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"zitadel.cloud\"";
}
];
// Defines which text equality method is used.
zitadel.object.v2beta.TextQueryMethod method = 2 [
(validate.rules).enum.defined_only = true
];
}
// from proto/zitadel/org.proto
message Domain {
// The Organization id.
string organization_id = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\""
}
];
// The domain name.
string domain_name = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"zitadel.com\"";
}
];
// Defines if the domain is verified.
bool is_verified = 3;
// Defines if the domain is the primary domain.
bool is_primary = 4;
// Defines the protocol the domain was validated with.
DomainValidationType validation_type = 5;
}
// from proto/zitadel/org.proto
enum DomainValidationType {
DOMAIN_VALIDATION_TYPE_UNSPECIFIED = 0;
DOMAIN_VALIDATION_TYPE_HTTP = 1;
DOMAIN_VALIDATION_TYPE_DNS = 2;
}

825
proto/zitadel/org/v2beta/org_service.proto
View File

@ -6,24 +6,22 @@ package zitadel.org.v2beta;
import "zitadel/object/v2beta/object.proto";
import "zitadel/protoc_gen_zitadel/v2/options.proto";
import "zitadel/user/v2beta/auth.proto";
import "zitadel/user/v2beta/email.proto";
import "zitadel/user/v2beta/phone.proto";
import "zitadel/user/v2beta/idp.proto";
import "zitadel/user/v2beta/password.proto";
import "zitadel/user/v2beta/user.proto";
import "zitadel/org/v2beta/org.proto";
import "zitadel/metadata/v2beta/metadata.proto";
import "zitadel/user/v2beta/user_service.proto";
import "google/api/annotations.proto";
import "google/api/field_behavior.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/struct.proto";
import "protoc-gen-openapiv2/options/annotations.proto";
import "validate/validate.proto";
import "google/protobuf/timestamp.proto";
import "zitadel/filter/v2beta/filter.proto";
option go_package = "github.com/zitadel/zitadel/pkg/grpc/org/v2beta;org";
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
info: {
title: "User Service";
title: "Organization Service (Beta)";
version: "2.0-beta";
description: "This API is intended to manage organizations in a ZITADEL instance. This project is in beta state. It can AND will continue breaking until the services provide the same functionality as the current login.";
contact:{
@ -111,8 +109,13 @@ option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
service OrganizationService {
// Create a new organization and grant the user(s) permission to manage it
rpc AddOrganization(AddOrganizationRequest) returns (AddOrganizationResponse) {
// Create Organization
//
// Create a new organization with an administrative user. If no specific roles are sent for the users, they will be granted the role ORG_OWNER.
//
// Required permission:
// - `org.create`
rpc CreateOrganization(CreateOrganizationRequest) returns (CreateOrganizationResponse) {
option (google.api.http) = {
post: "/v2beta/organizations"
body: "*"
@ -122,34 +125,411 @@ service OrganizationService {
auth_option: {
permission: "org.create"
}
http_response: {
success_code: 201
}
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
summary: "Create an Organization";
description: "Create a new organization with an administrative user. If no specific roles are sent for the users, they will be granted the role ORG_OWNER."
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
responses: {
key: "200"
key: "200";
value: {
description: "OK";
description: "Organization created successfully";
};
};
responses: {
key: "409"
value: {
description: "The organization to create already exists.";
}
};
};
}
// Update Organization
//
// Change the name of the organization.
//
// Required permission:
// - `org.write`
rpc UpdateOrganization(UpdateOrganizationRequest) returns (UpdateOrganizationResponse) {
option (google.api.http) = {
post: "/v2beta/organizations/{id}"
body: "*"
};
option (zitadel.protoc_gen_zitadel.v2.options) = {
auth_option: {
permission: "org.write"
}
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
responses: {
key: "200";
value: {
description: "Organization created successfully";
};
};
responses: {
key: "404"
value: {
description: "Organisation's not found";
}
};
responses: {
key: "409"
value: {
description: "Organisation's name already taken";
}
};
};
}
// List Organizations
//
// Returns a list of organizations that match the requesting filters. All filters are applied with an AND condition.
//
// Required permission:
// - `iam.read`
rpc ListOrganizations(ListOrganizationsRequest) returns (ListOrganizationsResponse) {
option (google.api.http) = {
post: "/v2beta/organizations/search";
body: "*";
};
option (zitadel.protoc_gen_zitadel.v2.options) = {
auth_option: {
permission: "iam.read";
}
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
responses: {
key: "200";
};
};
}
// Delete Organization
//
// Deletes the organization and all its resources (Users, Projects, Grants to and from the org). Users of this organization will not be able to log in.
//
// Required permission:
// - `org.delete`
rpc DeleteOrganization(DeleteOrganizationRequest) returns (DeleteOrganizationResponse) {
option (google.api.http) = {
delete: "/v2beta/organizations/{id}"
};
option (zitadel.protoc_gen_zitadel.v2.options) = {
auth_option: {
permission: "org.delete";
}
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
responses: {
key: "200";
value: {
description: "Organization created successfully";
};
};
responses: {
key: "404"
value: {
description: "Organisation's not found";
}
};
};
}
// Set Organization Metadata
//
// Adds or updates a metadata value for the requested key. Make sure the value is base64 encoded.
//
// Required permission:
// - `org.write`
rpc SetOrganizationMetadata(SetOrganizationMetadataRequest) returns (SetOrganizationMetadataResponse) {
option (google.api.http) = {
post: "/v2beta/organizations/{organization_id}/metadata"
body: "*"
};
option (zitadel.protoc_gen_zitadel.v2.options) = {
auth_option: {
permission: "org.write"
}
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
responses: {
key: "200";
};
responses: {
// TODO This needs to chagne to 404
key: "400"
value: {
description: "Organisation's not found";
}
};
};
}
// List Organization Metadata
//
// List metadata of an organization filtered by query.
//
// Required permission:
// - `org.read`
rpc ListOrganizationMetadata(ListOrganizationMetadataRequest) returns (ListOrganizationMetadataResponse ) {
option (google.api.http) = {
post: "/v2beta/organizations/{organization_id}/metadata/search"
body: "*"
};
option (zitadel.protoc_gen_zitadel.v2.options) = { auth_option: {
permission: "org.read"
}
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
responses: {
key: "200";
};
};
}
// Delete Organization Metadata
//
// Delete metadata objects from an organization with a specific key.
//
// Required permission:
// - `org.write`
rpc DeleteOrganizationMetadata(DeleteOrganizationMetadataRequest) returns (DeleteOrganizationMetadataResponse) {
option (google.api.http) = {
delete: "/v2beta/organizations/{organization_id}/metadata"
};
option (zitadel.protoc_gen_zitadel.v2.options) = {
auth_option: {
permission: "org.write"
}
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
responses: {
key: "200";
};
};
}
// Add Organization Domain
//
// Add a new domain to an organization. The domains are used to identify to which organization a user belongs.
//
// Required permission:
// - `org.write`
rpc AddOrganizationDomain(AddOrganizationDomainRequest) returns (AddOrganizationDomainResponse) {
option (google.api.http) = {
post: "/v2beta/organizations/{organization_id}/domains"
body: "*"
};
option (zitadel.protoc_gen_zitadel.v2.options) = {
auth_option: {
permission: "org.write"
}
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
responses: {
key: "200";
};
responses: {
key: "409"
value: {
description: "Domain already exists";
}
};
};
}
// List Organization Domains
//
// Returns the list of registered domains of an organization. The domains are used to identify to which organization a user belongs.
//
// Required permission:
// - `org.read`
rpc ListOrganizationDomains(ListOrganizationDomainsRequest) returns (ListOrganizationDomainsResponse) {
option (google.api.http) = {
post: "/v2beta/organizations/{organization_id}/domains/search"
body: "*"
};
option (zitadel.protoc_gen_zitadel.v2.options) = {
auth_option: {
permission: "org.read"
}
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
responses: {
key: "200";
};
};
}
// Delete Organization Domain
//
// Delete a new domain from an organization. The domains are used to identify to which organization a user belongs. If the uses use the domain for login, this will not be possible afterwards. They have to use another domain instead.
//
// Required permission:
// - `org.write`
rpc DeleteOrganizationDomain(DeleteOrganizationDomainRequest) returns (DeleteOrganizationDomainResponse) {
option (google.api.http) = {
delete: "/v2beta/organizations/{organization_id}/domains"
};
option (zitadel.protoc_gen_zitadel.v2.options) = {
auth_option: {
permission: "org.write"
}
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
responses: {
key: "200";
};
};
}
// Generate Organization Domain Validation
//
// Generate a new file to be able to verify your domain with DNS or HTTP challenge.
//
// Required permission:
// - `org.write`
rpc GenerateOrganizationDomainValidation(GenerateOrganizationDomainValidationRequest) returns (GenerateOrganizationDomainValidationResponse) {
option (google.api.http) = {
post: "/v2beta/organizations/{organization_id}/domains/validation/generate"
body: "*"
};
option (zitadel.protoc_gen_zitadel.v2.options) = {
auth_option: {
permission: "org.write"
}
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
responses: {
key: "200";
};
responses: {
key: "404"
value: {
description: "Domain doesn't exist on organization";
}
};
};
}
// Verify Organization Domain
//
// Make sure you have added the required verification to your domain, depending on the method you have chosen (HTTP or DNS challenge). ZITADEL will check it and set the domain as verified if it was successful. A verify domain has to be unique.
//
// Required permission:
// - `org.write`
rpc VerifyOrganizationDomain(VerifyOrganizationDomainRequest) returns (VerifyOrganizationDomainResponse) {
option (google.api.http) = {
post: "/v2beta/organizations/{organization_id}/domains/validation/verify"
body: "*"
};
option (zitadel.protoc_gen_zitadel.v2.options) = {
auth_option: {
permission: "org.write"
}
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
responses: {
key: "200";
};
};
}
// Deactivate Organization
//
// Sets the state of my organization to deactivated. Users of this organization will not be able to log in.
//
// Required permission:
// - `org.write`
rpc DeactivateOrganization(DeactivateOrganizationRequest) returns (DeactivateOrganizationResponse) {
option (google.api.http) = {
post: "/v2beta/organizations/{id}/deactivate"
body: "*"
};
option (zitadel.protoc_gen_zitadel.v2.options) = {
auth_option: {
permission: "org.write"
}
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
responses: {
key: "200";
};
};
}
// Activate Organization
//
// Set the state of my organization to active. The state of the organization has to be deactivated to perform the request. Users of this organization will be able to log in again.
//
// Required permission:
// - `org.write`
rpc ActivateOrganization(ActivateOrganizationRequest) returns (ActivateOrganizationResponse) {
option (google.api.http) = {
post: "/v2beta/organizations/{id}/activate"
body: "*"
};
option (zitadel.protoc_gen_zitadel.v2.options) = {
auth_option: {
permission: "org.write"
}
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
responses: {
key: "200";
};
};
}
}
message AddOrganizationRequest{
message CreateOrganizationRequest{
// The Admin for the newly created Organization.
message Admin {
oneof user_type{
string user_id = 1;
zitadel.user.v2beta.AddHumanUserRequest human = 2;
}
// specify Org Member Roles for the provided user (default is ORG_OWNER if roles are empty)
// specify Organization Member Roles for the provided user (default is ORG_OWNER if roles are empty)
repeated string roles = 3;
}
// name of the Organization to be created.
string name = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
@ -159,24 +539,403 @@ message AddOrganizationRequest{
example: "\"ZITADEL\"";
}
];
repeated Admin admins = 2;
// optionally set your own id unique for the organization.
optional string org_id = 3 [
(validate.rules).string = {min_len: 1, max_len: 200},
// Optionally set your own id unique for the organization.
optional string id = 2 [
(validate.rules).string = {min_len: 1, max_len: 200 },
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"d654e6ba-70a3-48ef-a95d-37c8d8a7901a\"";
example: "\"69629012906488334\"";
}
];
// Additional Admins for the Organization.
repeated Admin admins = 3;
}
message CreatedAdmin {
string user_id = 1;
optional string email_code = 2;
optional string phone_code = 3;
}
message CreateOrganizationResponse{
// The timestamp of the organization was created.
google.protobuf.Timestamp creation_date = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2024-12-18T07:50:47.492Z\"";
}
];
// Organization ID of the newly created organization.
string id = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"69629012906488334\"";
}
];
// The admins created for the Organization
repeated CreatedAdmin created_admins = 3;
}
message UpdateOrganizationRequest {
// Organization Id for the Organization to be updated
string id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"69629012906488334\"";
}
];
// New Name for the Organization to be updated
string name = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"Customer 1\"";
}
];
}
message AddOrganizationResponse{
message CreatedAdmin {
string user_id = 1;
optional string email_code = 2;
optional string phone_code = 3;
}
zitadel.object.v2beta.Details details = 1;
string organization_id = 2;
repeated CreatedAdmin created_admins = 3;
message UpdateOrganizationResponse {
// The timestamp of the update to the organization.
google.protobuf.Timestamp change_date = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2025-01-23T10:34:18.051Z\"";
}
];
}
message ListOrganizationsRequest {
// List limitations and ordering.
optional zitadel.filter.v2beta.PaginationRequest pagination = 1;
// the field the result is sorted
zitadel.org.v2beta.OrgFieldName sorting_column = 2;
// Define the criteria to query for.
// repeated ProjectRoleQuery filters = 4;
repeated zitadel.org.v2beta.OrganizationSearchFilter filter = 3;
}
message ListOrganizationsResponse {
// Pagination of the Organizations results
zitadel.filter.v2beta.PaginationResponse pagination = 1;
// The Organizations requested
repeated zitadel.org.v2beta.Organization organizations = 2;
}
message DeleteOrganizationRequest {
// Organization Id for the Organization to be deleted
string id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
}
message DeleteOrganizationResponse {
// The timestamp of the deletion of the organization.
google.protobuf.Timestamp deletion_date = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2025-01-23T10:34:18.051Z\"";
}
];
}
message DeactivateOrganizationRequest {
// Organization Id for the Organization to be deactivated
string id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
}
message DeactivateOrganizationResponse {
// The timestamp of the deactivation of the organization.
google.protobuf.Timestamp change_date = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2025-01-23T10:34:18.051Z\"";
}
];
}
message ActivateOrganizationRequest {
// Organization Id for the Organization to be activated
string id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
}
message ActivateOrganizationResponse {
// The timestamp of the activation of the organization.
google.protobuf.Timestamp change_date = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2025-01-23T10:34:18.051Z\"";
}
];
}
message AddOrganizationDomainRequest {
// Organization Id for the Organization for which the domain is to be added to.
string organization_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"69629012906488334\"";
}
];
// The domain you want to add to the organization.
string domain = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"testdomain.com\"";
}
];
}
message AddOrganizationDomainResponse {
// The timestamp of the organization was created.
google.protobuf.Timestamp creation_date = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2024-12-18T07:50:47.492Z\"";
}
];
}
message ListOrganizationDomainsRequest {
// Organization Id for the Organization which domains are to be listed.
string organization_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"69629012906488334\"";
}
];
// List limitations and ordering.
optional zitadel.filter.v2beta.PaginationRequest pagination = 2;
// Define the criteria to query for.
repeated DomainSearchFilter filters = 3;
}
message ListOrganizationDomainsResponse {
// Pagination of the Organizations domain results.
zitadel.filter.v2beta.PaginationResponse pagination = 1;
// The domains requested.
repeated Domain domains = 2;
}
message DeleteOrganizationDomainRequest {
// Organization Id for the Organization which domain is to be deleted.
string organization_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"69629012906488334\"";
}
];
string domain = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"testdomain.com\"";
}
];
}
message DeleteOrganizationDomainResponse {
// The timestamp of the deletion of the organization domain.
google.protobuf.Timestamp deletion_date = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2025-01-23T10:34:18.051Z\"";
}
];
}
message GenerateOrganizationDomainValidationRequest {
// Organization Id for the Organization which doman to be validated.
string organization_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"69629012906488334\"";
}
];
// The domain which to be deleted.
string domain = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"testdomain.com\"";
}
];
DomainValidationType type = 3 [(validate.rules).enum = {defined_only: true, not_in: [0]}];
}
message GenerateOrganizationDomainValidationResponse {
// The token verify domain.
string token = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"ofSBHsSAVHAoTIE4Iv2gwhaYhTjcY5QX\"";
}
];
// URL used to verify the domain.
string url = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://testdomain.com/.well-known/zitadel-challenge/ofSBHsSAVHAoTIE4Iv2gwhaYhTjcY5QX\"";
}
];
}
message VerifyOrganizationDomainRequest {
// Organization Id for the Organization doman to be verified.
string organization_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"69629012906488334\"";
}
];
// Organization Id for the Organization doman to be verified.
string domain = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"testdomain.com\"";
}
];
}
message VerifyOrganizationDomainResponse {
// The timestamp of the verification of the organization domain.
google.protobuf.Timestamp change_date = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2025-01-23T10:34:18.051Z\"";
}
];
}
message Metadata {
// Key in the metadata key/value pair.
string key = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
// Value in the metadata key/value pair.
bytes value = 2 [(validate.rules).bytes = {min_len: 1, max_len: 500000}];
}
message SetOrganizationMetadataRequest{
// Organization Id for the Organization doman to be verified.
string organization_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"69629012906488334\"";
}
];
// Metadata to set.
repeated Metadata metadata = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
title: "Medata (Key/Value)"
description: "The values have to be base64 encoded.";
example: "[{\"key\": \"test1\", \"value\": \"VGhpcyBpcyBteSBmaXJzdCB2YWx1ZQ==\"}, {\"key\": \"test2\", \"value\": \"VGhpcyBpcyBteSBzZWNvbmQgdmFsdWU=\"}]"
}
];
}
message SetOrganizationMetadataResponse{
// The timestamp of the update of the organization metadata.
google.protobuf.Timestamp set_date = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2025-01-23T10:34:18.051Z\"";
}
];
}
message ListOrganizationMetadataRequest {
// Organization ID of Orgalization which metadata is to be listed.
string organization_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"69629012906488334\"";
}
];
// List limitations and ordering.
optional zitadel.filter.v2beta.PaginationRequest pagination = 2;
// Define the criteria to query for.
repeated zitadel.metadata.v2beta.MetadataQuery filter = 3;
}
message ListOrganizationMetadataResponse {
// Pagination of the Organizations metadata results.
zitadel.filter.v2beta.PaginationResponse pagination = 1;
// The Organization metadata requested.
repeated zitadel.metadata.v2beta.Metadata metadata = 2;
}
message DeleteOrganizationMetadataRequest {
// Organization ID of Orgalization which metadata is to be deleted is stored on.
string organization_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"69629012906488334\"";
}
];
// The keys for the Organization metadata to be deleted.
repeated string keys = 2 [(validate.rules).repeated.items.string = {min_len: 1, max_len: 200}];
}
message DeleteOrganizationMetadataResponse{
// The timestamp of the deletiion of the organization metadata.
google.protobuf.Timestamp deletion_date = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2025-01-23T10:34:18.051Z\"";
}
];
}