TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-01-06 13:57:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: proto (#260)

Browse Source 
* fix: global search calls

* fix: management proto

* fix: management proto mock

* fix: remove unused request

* fix: add mock file

* fix: remove unused objects

* fix: unique username
This commit is contained in:
Fabi 2020-06-23 10:09:30 +02:00 committed by GitHub
parent 83ff4c8ee6
commit c376b92315
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 4279 additions and 5031 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
internal/user/repository/eventsourcing/user.go
View File

@ -106,7 +106,7 @@ func UserCreateAggregate(ctx context.Context, aggCreator *es_models.AggregateCre
return nil, err
}
}
uniqueAggregates, err := getUniqueUserAggregates(ctx, aggCreator, user, resourceOwner)
uniqueAggregates, err := getUniqueUserAggregates(ctx, aggCreator, user, resourceOwner, userLoginMustBeDomain)
if err != nil {
return nil, err
}
@ -143,7 +143,7 @@ func UserRegisterAggregate(ctx context.Context, aggCreator *es_models.AggregateC
if err != nil {
return nil, err
}
uniqueAggregates, err := getUniqueUserAggregates(ctx, aggCreator, user, resourceOwner)
uniqueAggregates, err := getUniqueUserAggregates(ctx, aggCreator, user, resourceOwner, userLoginMustBeDomain)
if err != nil {
return nil, err
}
@ -154,8 +154,8 @@ func UserRegisterAggregate(ctx context.Context, aggCreator *es_models.AggregateC
}, nil
}
func getUniqueUserAggregates(ctx context.Context, aggCreator *es_models.AggregateCreator, user *model.User, resourceOwner string) ([]*es_models.Aggregate, error) {
userNameAggregate, err := reservedUniqueUserNameAggregate(ctx, aggCreator, resourceOwner, user.UserName)
func getUniqueUserAggregates(ctx context.Context, aggCreator *es_models.AggregateCreator, user *model.User, resourceOwner string, userLoginMustBeDomain bool) ([]*es_models.Aggregate, error) {
userNameAggregate, err := reservedUniqueUserNameAggregate(ctx, aggCreator, resourceOwner, user.UserName, userLoginMustBeDomain)
if err != nil {
return nil, err
}
@ -169,10 +169,14 @@ func getUniqueUserAggregates(ctx context.Context, aggCreator *es_models.Aggregat
emailAggregate,
}, nil
}
func reservedUniqueUserNameAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, resourceOwner, userName string) (*es_models.Aggregate, error) {
aggregate, err := aggCreator.NewAggregate(ctx, userName+resourceOwner, model.UserUserNameAggregate, model.UserVersion, 0)
func reservedUniqueUserNameAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, resourceOwner, userName string, userLoginMustBeDomain bool) (*es_models.Aggregate, error) {
uniqueUserName := userName
if userLoginMustBeDomain {
uniqueUserName = userName + resourceOwner
}
aggregate, err := aggCreator.NewAggregate(ctx, uniqueUserName, model.UserUserNameAggregate, model.UserVersion, 0)
if resourceOwner != "" {
aggregate, err = aggCreator.NewAggregate(ctx, userName+resourceOwner, model.UserUserNameAggregate, model.UserVersion, 0, es_models.OverwriteResourceOwner(resourceOwner))
aggregate, err = aggCreator.NewAggregate(ctx, uniqueUserName, model.UserUserNameAggregate, model.UserVersion, 0, es_models.OverwriteResourceOwner(resourceOwner))
}
if err != nil {
return nil, err
@ -182,7 +186,7 @@ func reservedUniqueUserNameAggregate(ctx context.Context, aggCreator *es_models.
return nil, err
}
return aggregate.SetPrecondition(UserUserNameUniqueQuery(userName), isEventValidation(aggregate, model.UserUserNameReserved)), nil
return aggregate.SetPrecondition(UserUserNameUniqueQuery(uniqueUserName), isEventValidation(aggregate, model.UserUserNameReserved)), nil
}
func reservedUniqueEmailAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, resourceOwner, email string) (aggregate *es_models.Aggregate, err error) {

10
pkg/management/api/grpc/auth_grant.go
View File

@ -1,10 +0,0 @@
package grpc
import (
"context"
"github.com/caos/zitadel/internal/errors"
)
func (s *Server) SearchAuthGrant(ctx context.Context, grantSearch *AuthGrantSearchRequest) (*AuthGrantSearchResponse, error) {
return nil, errors.ThrowUnimplemented(nil, "GRPC-dkwd5", "Not implemented")
}

6
pkg/management/api/grpc/management.pb.authoptions.go
View File

@ -215,7 +215,7 @@ var ManagementService_AuthMethods = utils_auth.MethodMapping{
CheckParam: "",
},
"/caos.zitadel.management.api.v1.ManagementService/GetOrgByID": utils_auth.Option{
"/caos.zitadel.management.api.v1.ManagementService/GetMyOrg": utils_auth.Option{
Permission: "org.read",
CheckParam: "",
},
@ -225,12 +225,12 @@ var ManagementService_AuthMethods = utils_auth.MethodMapping{
CheckParam: "",
},
"/caos.zitadel.management.api.v1.ManagementService/DeactivateOrg": utils_auth.Option{
"/caos.zitadel.management.api.v1.ManagementService/DeactivateMyOrg": utils_auth.Option{
Permission: "org.write",
CheckParam: "",
},
"/caos.zitadel.management.api.v1.ManagementService/ReactivateOrg": utils_auth.Option{
"/caos.zitadel.management.api.v1.ManagementService/ReactivateMyOrg": utils_auth.Option{
Permission: "org.write",
CheckParam: "",
},

8281
pkg/management/api/grpc/management.pb.go
View File

File diff suppressed because it is too large Load Diff

197
pkg/management/api/grpc/management.pb.gw.go
View File

@ -92,26 +92,16 @@ func request_ManagementService_GetUserByID_0(ctx context.Context, marshaler runt
}
var (
filter_ManagementService_GetUserByEmailGlobal_0 = &utilities.DoubleArray{Encoding: map[string]int{}, Base: []int(nil), Check: []int(nil)}
)
func request_ManagementService_GetUserByEmailGlobal_0(ctx context.Context, marshaler runtime.Marshaler, client ManagementServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
var protoReq UserEmailID
var protoReq Email
var metadata runtime.ServerMetadata
var (
val string
ok bool
err error
_ = err
)
val, ok = pathParams["email"]
if !ok {
return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "email")
}
protoReq.Email, err = runtime.String(val)
if err != nil {
return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "email", err)
if err := runtime.PopulateQueryParameters(&protoReq, req.URL.Query(), filter_ManagementService_GetUserByEmailGlobal_0); err != nil {
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
}
msg, err := client.GetUserByEmailGlobal(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
@ -1083,59 +1073,23 @@ func request_ManagementService_DeletePasswordLockoutPolicy_0(ctx context.Context
}
func request_ManagementService_GetOrgByID_0(ctx context.Context, marshaler runtime.Marshaler, client ManagementServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
var protoReq OrgID
func request_ManagementService_GetMyOrg_0(ctx context.Context, marshaler runtime.Marshaler, client ManagementServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
var protoReq empty.Empty
var metadata runtime.ServerMetadata
var (
val string
ok bool
err error
_ = err
)
val, ok = pathParams["id"]
if !ok {
return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "id")
}
protoReq.Id, err = runtime.String(val)
if err != nil {
return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "id", err)
}
msg, err := client.GetOrgByID(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
msg, err := client.GetMyOrg(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
return msg, metadata, err
}
var (
filter_ManagementService_GetOrgByDomainGlobal_0 = &utilities.DoubleArray{Encoding: map[string]int{"domain": 0}, Base: []int{1, 1, 0}, Check: []int{0, 1, 2}}
filter_ManagementService_GetOrgByDomainGlobal_0 = &utilities.DoubleArray{Encoding: map[string]int{}, Base: []int(nil), Check: []int(nil)}
)
func request_ManagementService_GetOrgByDomainGlobal_0(ctx context.Context, marshaler runtime.Marshaler, client ManagementServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
var protoReq OrgDomain
var protoReq Domain
var metadata runtime.ServerMetadata
var (
val string
ok bool
err error
_ = err
)
val, ok = pathParams["domain"]
if !ok {
return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "domain")
}
protoReq.Domain, err = runtime.String(val)
if err != nil {
return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "domain", err)
}
if err := runtime.PopulateQueryParameters(&protoReq, req.URL.Query(), filter_ManagementService_GetOrgByDomainGlobal_0); err != nil {
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
}
@ -1145,8 +1099,8 @@ func request_ManagementService_GetOrgByDomainGlobal_0(ctx context.Context, marsh
}
func request_ManagementService_DeactivateOrg_0(ctx context.Context, marshaler runtime.Marshaler, client ManagementServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
var protoReq OrgID
func request_ManagementService_DeactivateMyOrg_0(ctx context.Context, marshaler runtime.Marshaler, client ManagementServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
var protoReq empty.Empty
var metadata runtime.ServerMetadata
newReader, berr := utilities.IOReaderFactory(req.Body)
@ -1157,31 +1111,13 @@ func request_ManagementService_DeactivateOrg_0(ctx context.Context, marshaler ru
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
}
var (
val string
ok bool
err error
_ = err
)
val, ok = pathParams["id"]
if !ok {
return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "id")
}
protoReq.Id, err = runtime.String(val)
if err != nil {
return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "id", err)
}
msg, err := client.DeactivateOrg(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
msg, err := client.DeactivateMyOrg(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
return msg, metadata, err
}
func request_ManagementService_ReactivateOrg_0(ctx context.Context, marshaler runtime.Marshaler, client ManagementServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
var protoReq OrgID
func request_ManagementService_ReactivateMyOrg_0(ctx context.Context, marshaler runtime.Marshaler, client ManagementServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
var protoReq empty.Empty
var metadata runtime.ServerMetadata
newReader, berr := utilities.IOReaderFactory(req.Body)
@ -1192,25 +1128,7 @@ func request_ManagementService_ReactivateOrg_0(ctx context.Context, marshaler ru
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
}
var (
val string
ok bool
err error
_ = err
)
val, ok = pathParams["id"]
if !ok {
return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "id")
}
protoReq.Id, err = runtime.String(val)
if err != nil {
return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "id", err)
}
msg, err := client.ReactivateOrg(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
msg, err := client.ReactivateMyOrg(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
return msg, metadata, err
}
@ -3749,23 +3667,6 @@ func request_ManagementService_ReactivateProjectGrantUserGrant_0(ctx context.Con
}
func request_ManagementService_SearchAuthGrant_0(ctx context.Context, marshaler runtime.Marshaler, client ManagementServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
var protoReq AuthGrantSearchRequest
var metadata runtime.ServerMetadata
newReader, berr := utilities.IOReaderFactory(req.Body)
if berr != nil {
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr)
}
if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF {
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
}
msg, err := client.SearchAuthGrant(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
return msg, metadata, err
}
// RegisterManagementServiceHandlerFromEndpoint is same as RegisterManagementServiceHandler but
// automatically dials to "endpoint" and closes the connection when "ctx" gets done.
func RegisterManagementServiceHandlerFromEndpoint(ctx context.Context, mux *runtime.ServeMux, endpoint string, opts []grpc.DialOption) (err error) {
@ -4664,7 +4565,7 @@ func RegisterManagementServiceHandlerClient(ctx context.Context, mux *runtime.Se
})
mux.Handle("GET", pattern_ManagementService_GetOrgByID_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
mux.Handle("GET", pattern_ManagementService_GetMyOrg_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
ctx, cancel := context.WithCancel(req.Context())
defer cancel()
inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
@ -4673,14 +4574,14 @@ func RegisterManagementServiceHandlerClient(ctx context.Context, mux *runtime.Se
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
return
}
resp, md, err := request_ManagementService_GetOrgByID_0(rctx, inboundMarshaler, client, req, pathParams)
resp, md, err := request_ManagementService_GetMyOrg_0(rctx, inboundMarshaler, client, req, pathParams)
ctx = runtime.NewServerMetadataContext(ctx, md)
if err != nil {
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
return
}
forward_ManagementService_GetOrgByID_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
forward_ManagementService_GetMyOrg_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
})
@ -4704,7 +4605,7 @@ func RegisterManagementServiceHandlerClient(ctx context.Context, mux *runtime.Se
})
mux.Handle("PUT", pattern_ManagementService_DeactivateOrg_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
mux.Handle("PUT", pattern_ManagementService_DeactivateMyOrg_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
ctx, cancel := context.WithCancel(req.Context())
defer cancel()
inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
@ -4713,18 +4614,18 @@ func RegisterManagementServiceHandlerClient(ctx context.Context, mux *runtime.Se
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
return
}
resp, md, err := request_ManagementService_DeactivateOrg_0(rctx, inboundMarshaler, client, req, pathParams)
resp, md, err := request_ManagementService_DeactivateMyOrg_0(rctx, inboundMarshaler, client, req, pathParams)
ctx = runtime.NewServerMetadataContext(ctx, md)
if err != nil {
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
return
}
forward_ManagementService_DeactivateOrg_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
forward_ManagementService_DeactivateMyOrg_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
})
mux.Handle("PUT", pattern_ManagementService_ReactivateOrg_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
mux.Handle("PUT", pattern_ManagementService_ReactivateMyOrg_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
ctx, cancel := context.WithCancel(req.Context())
defer cancel()
inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
@ -4733,14 +4634,14 @@ func RegisterManagementServiceHandlerClient(ctx context.Context, mux *runtime.Se
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
return
}
resp, md, err := request_ManagementService_ReactivateOrg_0(rctx, inboundMarshaler, client, req, pathParams)
resp, md, err := request_ManagementService_ReactivateMyOrg_0(rctx, inboundMarshaler, client, req, pathParams)
ctx = runtime.NewServerMetadataContext(ctx, md)
if err != nil {
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
return
}
forward_ManagementService_ReactivateOrg_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
forward_ManagementService_ReactivateMyOrg_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
})
@ -6144,26 +6045,6 @@ func RegisterManagementServiceHandlerClient(ctx context.Context, mux *runtime.Se
})
mux.Handle("POST", pattern_ManagementService_SearchAuthGrant_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
ctx, cancel := context.WithCancel(req.Context())
defer cancel()
inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
rctx, err := runtime.AnnotateContext(ctx, mux, req)
if err != nil {
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
return
}
resp, md, err := request_ManagementService_SearchAuthGrant_0(rctx, inboundMarshaler, client, req, pathParams)
ctx = runtime.NewServerMetadataContext(ctx, md)
if err != nil {
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
return
}
forward_ManagementService_SearchAuthGrant_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
})
return nil
}
@ -6178,7 +6059,7 @@ var (
pattern_ManagementService_GetUserByID_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 1, 0, 4, 1, 5, 1}, []string{"users", "id"}, ""))
pattern_ManagementService_GetUserByEmailGlobal_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 2}, []string{"global", "users", "email"}, ""))
pattern_ManagementService_GetUserByEmailGlobal_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"global", "users", "_byemail"}, ""))
pattern_ManagementService_SearchUsers_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1}, []string{"users", "_search"}, ""))
@ -6226,9 +6107,9 @@ var (
pattern_ManagementService_GetUserMfas_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 1, 0, 4, 1, 5, 1, 2, 2}, []string{"users", "id", "mfas"}, ""))
pattern_ManagementService_SendSetPasswordNotification_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 1, 0, 4, 1, 5, 1, 2, 2}, []string{"users", "id", "_sendsetpwnotify"}, ""))
pattern_ManagementService_SendSetPasswordNotification_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 1, 0, 4, 1, 5, 1, 2, 2, 2, 3}, []string{"users", "id", "password", "_sendsetnotification"}, ""))
pattern_ManagementService_SetInitialPassword_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 1, 0, 4, 1, 5, 1, 2, 2}, []string{"users", "id", "_setinitialpw"}, ""))
pattern_ManagementService_SetInitialPassword_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 1, 0, 4, 1, 5, 1, 2, 2, 2, 3}, []string{"users", "id", "password", "_initialize"}, ""))
pattern_ManagementService_GetPasswordComplexityPolicy_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"policies", "passwords", "complexity"}, ""))
@ -6254,13 +6135,13 @@ var (
pattern_ManagementService_DeletePasswordLockoutPolicy_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"policies", "passwords", "lockout"}, ""))
pattern_ManagementService_GetOrgByID_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 1, 0, 4, 1, 5, 1}, []string{"orgs", "id"}, ""))
pattern_ManagementService_GetMyOrg_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1}, []string{"orgs", "me"}, ""))
pattern_ManagementService_GetOrgByDomainGlobal_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 2}, []string{"global", "orgs", "domain"}, ""))
pattern_ManagementService_GetOrgByDomainGlobal_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"global", "orgs", "_bydomain"}, ""))
pattern_ManagementService_DeactivateOrg_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 1, 0, 4, 1, 5, 1, 2, 2}, []string{"orgs", "id", "_deactivate"}, ""))
pattern_ManagementService_DeactivateMyOrg_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"orgs", "me", "_deactivate"}, ""))
pattern_ManagementService_ReactivateOrg_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 1, 0, 4, 1, 5, 1, 2, 2}, []string{"orgs", "id", "_reactivate"}, ""))
pattern_ManagementService_ReactivateMyOrg_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"orgs", "me", "_reactivate"}, ""))
pattern_ManagementService_SearchMyOrgDomains_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"orgs", "me", "domains", "_search"}, ""))
@ -6401,8 +6282,6 @@ var (
pattern_ManagementService_DeactivateProjectGrantUserGrant_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 1, 0, 4, 1, 5, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4, 1, 0, 4, 1, 5, 5, 2, 6}, []string{"projectgrants", "project_grant_id", "users", "user_id", "grants", "id", "_deactivate"}, ""))
pattern_ManagementService_ReactivateProjectGrantUserGrant_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 1, 0, 4, 1, 5, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4, 1, 0, 4, 1, 5, 5, 2, 6}, []string{"projectgrants", "project_grant_id", "users", "user_id", "grants", "id", "_reactivate"}, ""))
pattern_ManagementService_SearchAuthGrant_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1}, []string{"authgrants", "_search"}, ""))
)
var (
@ -6492,13 +6371,13 @@ var (
forward_ManagementService_DeletePasswordLockoutPolicy_0 = runtime.ForwardResponseMessage
forward_ManagementService_GetOrgByID_0 = runtime.ForwardResponseMessage
forward_ManagementService_GetMyOrg_0 = runtime.ForwardResponseMessage
forward_ManagementService_GetOrgByDomainGlobal_0 = runtime.ForwardResponseMessage
forward_ManagementService_DeactivateOrg_0 = runtime.ForwardResponseMessage
forward_ManagementService_DeactivateMyOrg_0 = runtime.ForwardResponseMessage
forward_ManagementService_ReactivateOrg_0 = runtime.ForwardResponseMessage
forward_ManagementService_ReactivateMyOrg_0 = runtime.ForwardResponseMessage
forward_ManagementService_SearchMyOrgDomains_0 = runtime.ForwardResponseMessage
@ -6639,6 +6518,4 @@ var (
forward_ManagementService_DeactivateProjectGrantUserGrant_0 = runtime.ForwardResponseMessage
forward_ManagementService_ReactivateProjectGrantUserGrant_0 = runtime.ForwardResponseMessage
forward_ManagementService_SearchAuthGrant_0 = runtime.ForwardResponseMessage
)

518
pkg/management/api/grpc/management.swagger.json
View File

@ -19,35 +19,9 @@
"application/grpc"
],
"paths": {
"/authgrants/_search": {
"post": {
"summary": "Grant",
"operationId": "SearchAuthGrant",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/v1AuthGrantSearchResponse"
}
}
},
"parameters": [
{
"name": "body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/v1AuthGrantSearchRequest"
}
}
],
"tags": [
"ManagementService"
]
}
},
"/global/orgs/domain/{domain}": {
"/global/orgs/_bydomain": {
"get": {
"summary": "search a organisation by its domain overall organisations",
"operationId": "GetOrgByDomainGlobal",
"responses": {
"200": {
@ -60,50 +34,9 @@
"parameters": [
{
"name": "domain",
"in": "path",
"required": true,
"type": "string"
},
{
"name": "org_id",
"in": "query",
"required": false,
"type": "string"
},
{
"name": "creation_date",
"in": "query",
"required": false,
"type": "string",
"format": "date-time"
},
{
"name": "change_date",
"in": "query",
"required": false,
"type": "string",
"format": "date-time"
},
{
"name": "verified",
"in": "query",
"required": false,
"type": "boolean",
"format": "boolean"
},
{
"name": "primary",
"in": "query",
"required": false,
"type": "boolean",
"format": "boolean"
},
{
"name": "sequence",
"in": "query",
"required": false,
"type": "string",
"format": "uint64"
}
],
"tags": [
@ -111,8 +44,9 @@
]
}
},
"/global/users/email/{email}": {
"/global/users/_byemail": {
"get": {
"summary": "GetUserByEmailGlobal returns User, global search is overall organisations",
"operationId": "GetUserByEmailGlobal",
"responses": {
"200": {
@ -125,8 +59,8 @@
"parameters": [
{
"name": "email",
"in": "path",
"required": true,
"in": "query",
"required": false,
"type": "string"
}
],
@ -137,7 +71,7 @@
},
"/grantedprojects/_search": {
"post": {
"summary": "GRANTED_PROJECT_GRANTS",
"summary": "returns all projects my organisation got granted from another organisation",
"operationId": "SearchGrantedProjects",
"responses": {
"200": {
@ -164,6 +98,7 @@
},
"/grantedprojects/{project_id}/grants/{id}": {
"get": {
"summary": "returns a project my organisation got granted from another organisation",
"operationId": "GetGrantedProjectByID",
"responses": {
"200": {
@ -211,7 +146,7 @@
},
"/iam": {
"get": {
"summary": "IAM",
"summary": "GetIam returns some needed settings of the iam (Global Organisation ID, Zitadel Project ID)",
"operationId": "GetIam",
"responses": {
"200": {
@ -226,6 +161,74 @@
]
}
},
"/orgs/me": {
"get": {
"operationId": "GetMyOrg",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/v1OrgView"
}
}
},
"tags": [
"ManagementService"
]
}
},
"/orgs/me/_deactivate": {
"put": {
"operationId": "DeactivateMyOrg",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/v1Org"
}
}
},
"parameters": [
{
"name": "body",
"in": "body",
"required": true,
"schema": {
"properties": {}
}
}
],
"tags": [
"ManagementService"
]
}
},
"/orgs/me/_reactivate": {
"put": {
"operationId": "ReactivateMyOrg",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/v1Org"
}
}
},
"parameters": [
{
"name": "body",
"in": "body",
"required": true,
"schema": {
"properties": {}
}
}
],
"tags": [
"ManagementService"
]
}
},
"/orgs/me/domains": {
"post": {
"operationId": "AddMyOrgDomain",
@ -304,7 +307,6 @@
},
"/orgs/me/iampolicy": {
"get": {
"summary": "ORG_IAM_POLICY",
"operationId": "GetMyOrgIamPolicy",
"responses": {
"200": {
@ -427,7 +429,6 @@
},
"/orgs/members/roles": {
"get": {
"summary": "ORG_MEMBERS",
"operationId": "GetOrgMemberRoles",
"responses": {
"200": {
@ -442,97 +443,9 @@
]
}
},
"/orgs/{id}": {
"get": {
"summary": "ORG",
"operationId": "GetOrgByID",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/v1OrgView"
}
}
},
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"type": "string"
}
],
"tags": [
"ManagementService"
]
}
},
"/orgs/{id}/_deactivate": {
"put": {
"operationId": "DeactivateOrg",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/v1Org"
}
}
},
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"type": "string"
},
{
"name": "body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/v1OrgID"
}
}
],
"tags": [
"ManagementService"
]
}
},
"/orgs/{id}/_reactivate": {
"put": {
"operationId": "ReactivateOrg",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/v1Org"
}
}
},
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"type": "string"
},
{
"name": "body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/v1OrgID"
}
}
],
"tags": [
"ManagementService"
]
}
},
"/orgs/{id}/changes": {
"get": {
"summary": "OrgChanges returns the event stream of the org object",
"operationId": "OrgChanges",
"responses": {
"200": {
@ -577,7 +490,7 @@
},
"/policies/passwords/age": {
"get": {
"summary": "PASSWORD_AGE_POLICY",
"summary": "returns default if nothing other set on organisation",
"operationId": "GetPasswordAgePolicy",
"responses": {
"200": {
@ -664,7 +577,7 @@
},
"/policies/passwords/complexity": {
"get": {
"summary": "PASSWORD_COMPLEXITY_POLICY",
"summary": "returns default policy if nothing other set on organisation",
"operationId": "GetPasswordComplexityPolicy",
"responses": {
"200": {
@ -751,7 +664,7 @@
},
"/policies/passwords/lockout": {
"get": {
"summary": "PASSWORD_LOCKOUT_POLICY",
"summary": "returns default if nothing other set on organisation",
"operationId": "GetPasswordLockoutPolicy",
"responses": {
"200": {
@ -838,7 +751,7 @@
},
"/projectgrants/{project_grant_id}/users/grants/_search": {
"post": {
"summary": "PROJECT_GRANT_USER_GRANT",
"summary": "search user grants based on a projectgrant\nThis request is required that the user authorizations of zitadel can be differentiated",
"operationId": "SearchProjectGrantUserGrants",
"responses": {
"200": {
@ -871,6 +784,7 @@
},
"/projectgrants/{project_grant_id}/users/{user_id}/grants": {
"post": {
"summary": "create user grant based on a projectgrant\nThis request is required that the user authorizations of zitadel can be differentiated",
"operationId": "CreateProjectGrantUserGrant",
"responses": {
"200": {
@ -909,6 +823,7 @@
},
"/projectgrants/{project_grant_id}/users/{user_id}/grants/{id}": {
"get": {
"summary": "get user grant based on a projectgrant\nThis request is required that the user authorizations of zitadel can be differentiated",
"operationId": "ProjectGrantUserGrantByID",
"responses": {
"200": {
@ -943,6 +858,7 @@
]
},
"put": {
"summary": "update user grant based on a projectgrant\nThis request is required that the user authorizations of zitadel can be differentiated",
"operationId": "UpdateProjectGrantUserGrant",
"responses": {
"200": {
@ -987,6 +903,7 @@
},
"/projectgrants/{project_grant_id}/users/{user_id}/grants/{id}/_deactivate": {
"put": {
"summary": "deactivate user grant based on a projectgrant\nThis request is required that the user authorizations of zitadel can be differentiated",
"operationId": "DeactivateProjectGrantUserGrant",
"responses": {
"200": {
@ -1031,6 +948,7 @@
},
"/projectgrants/{project_grant_id}/users/{user_id}/grants/{id}/_reactivate": {
"put": {
"summary": "reactivate user grant based on a projectgrant\nThis request is required that the user authorizations of zitadel can be differentiated",
"operationId": "ReactivateProjectGrantUserGrant",
"responses": {
"200": {
@ -1101,7 +1019,6 @@
},
"/projects/_search": {
"post": {
"summary": "PROJECTS",
"operationId": "SearchProjects",
"responses": {
"200": {
@ -1128,7 +1045,6 @@
},
"/projects/grants/members/roles": {
"get": {
"summary": "PROJECT_GRANT_MEMBER",
"operationId": "GetProjectGrantMemberRoles",
"responses": {
"200": {
@ -1145,7 +1061,6 @@
},
"/projects/members/roles": {
"get": {
"summary": "PROJECT_MEMBERS",
"operationId": "GetProjectMemberRoles",
"responses": {
"200": {
@ -1280,6 +1195,7 @@
},
"/projects/{id}/applications/{sec_id}/changes": {
"get": {
"summary": "ApplicationChanges returns the event stream of the application object",
"operationId": "ApplicationChanges",
"responses": {
"200": {
@ -1324,6 +1240,7 @@
},
"/projects/{id}/changes": {
"get": {
"summary": "ProjectChanges returns the event stream of the project object",
"operationId": "ProjectChanges",
"responses": {
"200": {
@ -1498,6 +1415,7 @@
},
"/projects/{id}/roles/_bulk": {
"post": {
"summary": "add a list of project roles in one request",
"operationId": "BulkAddProjectRole",
"responses": {
"200": {
@ -1597,7 +1515,6 @@
},
"/projects/{project_id}/applications/_search": {
"post": {
"summary": "APPLICATIONS",
"operationId": "SearchApplications",
"responses": {
"200": {
@ -1908,7 +1825,6 @@
},
"/projects/{project_id}/grants/_search": {
"post": {
"summary": "PROJECT_GRANT",
"operationId": "SearchProjectGrants",
"responses": {
"200": {
@ -2123,6 +2039,7 @@
]
},
"delete": {
"summary": "RemoveProjectGrant removes project grant and all user grants for this project grant",
"operationId": "RemoveProjectGrant",
"responses": {
"200": {
@ -2329,7 +2246,6 @@
},
"/projects/{project_id}/roles/_search": {
"post": {
"summary": "PROJECT_ROLES",
"operationId": "SearchProjectRoles",
"responses": {
"200": {
@ -2362,7 +2278,7 @@
},
"/projects/{project_id}/users/grants/_search": {
"post": {
"summary": "PROJECT_USER_GRANT",
"summary": "search user grants based on a project\nThis request is required that the user authorizations of zitadel can be differentiated",
"operationId": "SearchProjectUserGrants",
"responses": {
"200": {
@ -2395,6 +2311,7 @@
},
"/projects/{project_id}/users/{user_id}/grants": {
"post": {
"summary": "create user grant based on a project\nThis request is required that the user authorizations of zitadel can be differentiated",
"operationId": "CreateProjectUserGrant",
"responses": {
"200": {
@ -2433,6 +2350,7 @@
},
"/projects/{project_id}/users/{user_id}/grants/{id}": {
"get": {
"summary": "get user grant based on a project\nThis request is required that the user authorizations of zitadel can be differentiated",
"operationId": "ProjectUserGrantByID",
"responses": {
"200": {
@ -2467,6 +2385,7 @@
]
},
"put": {
"summary": "update user grant based on a project\nThis request is required that the user authorizations of zitadel can be differentiated",
"operationId": "UpdateProjectUserGrant",
"responses": {
"200": {
@ -2511,6 +2430,7 @@
},
"/projects/{project_id}/users/{user_id}/grants/{id}/_deactivate": {
"put": {
"summary": "deactivate user grant based on a project\nThis request is required that the user authorizations of zitadel can be differentiated",
"operationId": "DeactivateProjectUserGrant",
"responses": {
"200": {
@ -2555,6 +2475,7 @@
},
"/projects/{project_id}/users/{user_id}/grants/{id}/_reactivate": {
"put": {
"summary": "reactivate user grant based on a project\nThis request is required that the user authorizations of zitadel can be differentiated",
"operationId": "ReactivateProjectUserGrant",
"responses": {
"200": {
@ -2615,6 +2536,7 @@
},
"/usergrants/_bulk": {
"post": {
"summary": "add a list of user grants in one request",
"operationId": "BulkCreateUserGrant",
"responses": {
"200": {
@ -2639,6 +2561,7 @@
]
},
"put": {
"summary": "update a list of user grants in one request",
"operationId": "BulkUpdateUserGrant",
"responses": {
"200": {
@ -2721,6 +2644,7 @@
},
"/users/_search": {
"post": {
"summary": "Limit should always be set, there is a default limit set by the service",
"operationId": "SearchUsers",
"responses": {
"200": {
@ -2747,7 +2671,6 @@
},
"/users/grants/_search": {
"post": {
"summary": "USER_GRANT",
"operationId": "SearchUserGrants",
"responses": {
"200": {
@ -2774,7 +2697,6 @@
},
"/users/{id}": {
"get": {
"summary": "USER",
"operationId": "GetUserByID",
"responses": {
"200": {
@ -2915,72 +2837,6 @@
]
}
},
"/users/{id}/_sendsetpwnotify": {
"post": {
"summary": "PASSWORD\nSends an Notification (Email/SMS) with a password reset Link",
"operationId": "SendSetPasswordNotification",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"properties": {}
}
}
},
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"type": "string"
},
{
"name": "body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/v1SetPasswordNotificationRequest"
}
}
],
"tags": [
"ManagementService"
]
}
},
"/users/{id}/_setinitialpw": {
"post": {
"summary": "A Manager is only allowed to set an initial password, on the next login the user has to change his password",
"operationId": "SetInitialPassword",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"properties": {}
}
}
},
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"type": "string"
},
{
"name": "body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/v1PasswordRequest"
}
}
],
"tags": [
"ManagementService"
]
}
},
"/users/{id}/_unlock": {
"put": {
"operationId": "UnlockUser",
@ -3015,7 +2871,6 @@
},
"/users/{id}/address": {
"get": {
"summary": "USER_ADDRESS",
"operationId": "GetUserAddress",
"responses": {
"200": {
@ -3070,6 +2925,7 @@
},
"/users/{id}/changes": {
"get": {
"summary": "UserChanges returns the event stream of the user object",
"operationId": "UserChanges",
"responses": {
"200": {
@ -3114,7 +2970,6 @@
},
"/users/{id}/email": {
"get": {
"summary": "USER_EMAIL",
"operationId": "GetUserEmail",
"responses": {
"200": {
@ -3201,7 +3056,6 @@
},
"/users/{id}/mfas": {
"get": {
"summary": "MFA",
"operationId": "GetUserMfas",
"responses": {
"200": {
@ -3224,9 +3078,74 @@
]
}
},
"/users/{id}/password/_initialize": {
"post": {
"summary": "A Manager is only allowed to set an initial password, on the next login the user has to change his password",
"operationId": "SetInitialPassword",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"properties": {}
}
}
},
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"type": "string"
},
{
"name": "body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/v1PasswordRequest"
}
}
],
"tags": [
"ManagementService"
]
}
},
"/users/{id}/password/_sendsetnotification": {
"post": {
"summary": "Sends an Notification (Email/SMS) with a password reset Link",
"operationId": "SendSetPasswordNotification",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"properties": {}
}
}
},
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"type": "string"
},
{
"name": "body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/v1SetPasswordNotificationRequest"
}
}
],
"tags": [
"ManagementService"
]
}
},
"/users/{id}/phone": {
"get": {
"summary": "USER_PHONE",
"operationId": "GetUserPhone",
"responses": {
"200": {
@ -3313,7 +3232,6 @@
},
"/users/{id}/profile": {
"get": {
"summary": "USER_PROFILE",
"operationId": "GetUserProfile",
"responses": {
"200": {
@ -3570,6 +3488,7 @@
},
"/usersgrants/_bulk": {
"delete": {
"summary": "remove a list of user grants in one request",
"operationId": "BulkRemoveUserGrant",
"responses": {
"200": {
@ -3859,99 +3778,6 @@
}
}
},
"v1AuthGrant": {
"type": "object",
"properties": {
"orgId": {
"type": "string"
},
"projectId": {
"type": "string"
},
"userId": {
"type": "string"
},
"roles": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
"v1AuthGrantSearchKey": {
"type": "string",
"enum": [
"AUTHGRANTSEARCHKEY_UNSPECIFIED",
"AUTHGRANTSEARCHKEY_ORG_ID",
"AUTHGRANTSEARCHKEY_PROJECT_ID",
"AUTHGRANTSEARCHKEY_USER_ID"
],
"default": "AUTHGRANTSEARCHKEY_UNSPECIFIED"
},
"v1AuthGrantSearchQuery": {
"type": "object",
"properties": {
"key": {
"$ref": "#/definitions/v1AuthGrantSearchKey"
},
"method": {
"$ref": "#/definitions/v1SearchMethod"
},
"value": {
"type": "string"
}
}
},
"v1AuthGrantSearchRequest": {
"type": "object",
"properties": {
"offset": {
"type": "string",
"format": "uint64"
},
"limit": {
"type": "string",
"format": "uint64"
},
"sorting_column": {
"$ref": "#/definitions/v1AuthGrantSearchKey"
},
"asc": {
"type": "boolean",
"format": "boolean"
},
"queries": {
"type": "array",
"items": {
"$ref": "#/definitions/v1AuthGrantSearchQuery"
}
}
}
},
"v1AuthGrantSearchResponse": {
"type": "object",
"properties": {
"offset": {
"type": "string",
"format": "uint64"
},
"limit": {
"type": "string",
"format": "uint64"
},
"total_result": {
"type": "string",
"format": "uint64"
},
"result": {
"type": "array",
"items": {
"$ref": "#/definitions/v1AuthGrant"
}
}
}
},
"v1Change": {
"type": "object",
"properties": {
@ -4478,14 +4304,6 @@
}
}
},
"v1OrgID": {
"type": "object",
"properties": {
"id": {
"type": "string"
}
}
},
"v1OrgIamPolicy": {
"type": "object",
"properties": {

114
pkg/management/api/grpc/mock/management.proto.mock.go
View File

@ -138,14 +138,14 @@ func (mr *MockManagementServiceClientMockRecorder) AddProjectRole(arg0, arg1 int
}
// ApplicationByID mocks base method
func (m *MockManagementServiceClient) ApplicationByID(arg0 context.Context, arg1 *grpc.ApplicationID, arg2 ...grpc0.CallOption) (*grpc.Application, error) {
func (m *MockManagementServiceClient) ApplicationByID(arg0 context.Context, arg1 *grpc.ApplicationID, arg2 ...grpc0.CallOption) (*grpc.ApplicationView, error) {
m.ctrl.T.Helper()
varargs := []interface{}{arg0, arg1}
for _, a := range arg2 {
varargs = append(varargs, a)
}
ret := m.ctrl.Call(m, "ApplicationByID", varargs...)
ret0, _ := ret[0].(*grpc.Application)
ret0, _ := ret[0].(*grpc.ApplicationView)
ret1, _ := ret[1].(error)
return ret0, ret1
}
@ -597,24 +597,24 @@ func (mr *MockManagementServiceClientMockRecorder) DeactivateApplication(arg0, a
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeactivateApplication", reflect.TypeOf((*MockManagementServiceClient)(nil).DeactivateApplication), varargs...)
}
// DeactivateOrg mocks base method
func (m *MockManagementServiceClient) DeactivateOrg(arg0 context.Context, arg1 *grpc.OrgID, arg2 ...grpc0.CallOption) (*grpc.Org, error) {
// DeactivateMyOrg mocks base method
func (m *MockManagementServiceClient) DeactivateMyOrg(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc0.CallOption) (*grpc.Org, error) {
m.ctrl.T.Helper()
varargs := []interface{}{arg0, arg1}
for _, a := range arg2 {
varargs = append(varargs, a)
}
ret := m.ctrl.Call(m, "DeactivateOrg", varargs...)
ret := m.ctrl.Call(m, "DeactivateMyOrg", varargs...)
ret0, _ := ret[0].(*grpc.Org)
ret1, _ := ret[1].(error)
return ret0, ret1
}
// DeactivateOrg indicates an expected call of DeactivateOrg
func (mr *MockManagementServiceClientMockRecorder) DeactivateOrg(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
// DeactivateMyOrg indicates an expected call of DeactivateMyOrg
func (mr *MockManagementServiceClientMockRecorder) DeactivateMyOrg(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
mr.mock.ctrl.T.Helper()
varargs := append([]interface{}{arg0, arg1}, arg2...)
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeactivateOrg", reflect.TypeOf((*MockManagementServiceClient)(nil).DeactivateOrg), varargs...)
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeactivateMyOrg", reflect.TypeOf((*MockManagementServiceClient)(nil).DeactivateMyOrg), varargs...)
}
// DeactivateProject mocks base method
@ -857,6 +857,26 @@ func (mr *MockManagementServiceClientMockRecorder) GetIam(arg0, arg1 interface{}
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetIam", reflect.TypeOf((*MockManagementServiceClient)(nil).GetIam), varargs...)
}
// GetMyOrg mocks base method
func (m *MockManagementServiceClient) GetMyOrg(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc0.CallOption) (*grpc.OrgView, error) {
m.ctrl.T.Helper()
varargs := []interface{}{arg0, arg1}
for _, a := range arg2 {
varargs = append(varargs, a)
}
ret := m.ctrl.Call(m, "GetMyOrg", varargs...)
ret0, _ := ret[0].(*grpc.OrgView)
ret1, _ := ret[1].(error)
return ret0, ret1
}
// GetMyOrg indicates an expected call of GetMyOrg
func (mr *MockManagementServiceClientMockRecorder) GetMyOrg(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
mr.mock.ctrl.T.Helper()
varargs := append([]interface{}{arg0, arg1}, arg2...)
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetMyOrg", reflect.TypeOf((*MockManagementServiceClient)(nil).GetMyOrg), varargs...)
}
// GetMyOrgIamPolicy mocks base method
func (m *MockManagementServiceClient) GetMyOrgIamPolicy(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc0.CallOption) (*grpc.OrgIamPolicy, error) {
m.ctrl.T.Helper()
@ -878,14 +898,14 @@ func (mr *MockManagementServiceClientMockRecorder) GetMyOrgIamPolicy(arg0, arg1
}
// GetOrgByDomainGlobal mocks base method
func (m *MockManagementServiceClient) GetOrgByDomainGlobal(arg0 context.Context, arg1 *grpc.OrgDomain, arg2 ...grpc0.CallOption) (*grpc.Org, error) {
func (m *MockManagementServiceClient) GetOrgByDomainGlobal(arg0 context.Context, arg1 *grpc.Domain, arg2 ...grpc0.CallOption) (*grpc.OrgView, error) {
m.ctrl.T.Helper()
varargs := []interface{}{arg0, arg1}
for _, a := range arg2 {
varargs = append(varargs, a)
}
ret := m.ctrl.Call(m, "GetOrgByDomainGlobal", varargs...)
ret0, _ := ret[0].(*grpc.Org)
ret0, _ := ret[0].(*grpc.OrgView)
ret1, _ := ret[1].(error)
return ret0, ret1
}
@ -897,26 +917,6 @@ func (mr *MockManagementServiceClientMockRecorder) GetOrgByDomainGlobal(arg0, ar
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetOrgByDomainGlobal", reflect.TypeOf((*MockManagementServiceClient)(nil).GetOrgByDomainGlobal), varargs...)
}
// GetOrgByID mocks base method
func (m *MockManagementServiceClient) GetOrgByID(arg0 context.Context, arg1 *grpc.OrgID, arg2 ...grpc0.CallOption) (*grpc.Org, error) {
m.ctrl.T.Helper()
varargs := []interface{}{arg0, arg1}
for _, a := range arg2 {
varargs = append(varargs, a)
}
ret := m.ctrl.Call(m, "GetOrgByID", varargs...)
ret0, _ := ret[0].(*grpc.Org)
ret1, _ := ret[1].(error)
return ret0, ret1
}
// GetOrgByID indicates an expected call of GetOrgByID
func (mr *MockManagementServiceClientMockRecorder) GetOrgByID(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
mr.mock.ctrl.T.Helper()
varargs := append([]interface{}{arg0, arg1}, arg2...)
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetOrgByID", reflect.TypeOf((*MockManagementServiceClient)(nil).GetOrgByID), varargs...)
}
// GetOrgMemberRoles mocks base method
func (m *MockManagementServiceClient) GetOrgMemberRoles(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc0.CallOption) (*grpc.OrgMemberRoles, error) {
m.ctrl.T.Helper()
@ -1058,7 +1058,7 @@ func (mr *MockManagementServiceClientMockRecorder) GetUserAddress(arg0, arg1 int
}
// GetUserByEmailGlobal mocks base method
func (m *MockManagementServiceClient) GetUserByEmailGlobal(arg0 context.Context, arg1 *grpc.UserEmailID, arg2 ...grpc0.CallOption) (*grpc.UserView, error) {
func (m *MockManagementServiceClient) GetUserByEmailGlobal(arg0 context.Context, arg1 *grpc.Email, arg2 ...grpc0.CallOption) (*grpc.UserView, error) {
m.ctrl.T.Helper()
varargs := []interface{}{arg0, arg1}
for _, a := range arg2 {
@ -1258,14 +1258,14 @@ func (mr *MockManagementServiceClientMockRecorder) OrgChanges(arg0, arg1 interfa
}
// ProjectByID mocks base method
func (m *MockManagementServiceClient) ProjectByID(arg0 context.Context, arg1 *grpc.ProjectID, arg2 ...grpc0.CallOption) (*grpc.Project, error) {
func (m *MockManagementServiceClient) ProjectByID(arg0 context.Context, arg1 *grpc.ProjectID, arg2 ...grpc0.CallOption) (*grpc.ProjectView, error) {
m.ctrl.T.Helper()
varargs := []interface{}{arg0, arg1}
for _, a := range arg2 {
varargs = append(varargs, a)
}
ret := m.ctrl.Call(m, "ProjectByID", varargs...)
ret0, _ := ret[0].(*grpc.Project)
ret0, _ := ret[0].(*grpc.ProjectView)
ret1, _ := ret[1].(error)
return ret0, ret1
}
@ -1298,14 +1298,14 @@ func (mr *MockManagementServiceClientMockRecorder) ProjectChanges(arg0, arg1 int
}
// ProjectGrantByID mocks base method
func (m *MockManagementServiceClient) ProjectGrantByID(arg0 context.Context, arg1 *grpc.ProjectGrantID, arg2 ...grpc0.CallOption) (*grpc.ProjectGrant, error) {
func (m *MockManagementServiceClient) ProjectGrantByID(arg0 context.Context, arg1 *grpc.ProjectGrantID, arg2 ...grpc0.CallOption) (*grpc.ProjectGrantView, error) {
m.ctrl.T.Helper()
varargs := []interface{}{arg0, arg1}
for _, a := range arg2 {
varargs = append(varargs, a)
}
ret := m.ctrl.Call(m, "ProjectGrantByID", varargs...)
ret0, _ := ret[0].(*grpc.ProjectGrant)
ret0, _ := ret[0].(*grpc.ProjectGrantView)
ret1, _ := ret[1].(error)
return ret0, ret1
}
@ -1318,14 +1318,14 @@ func (mr *MockManagementServiceClientMockRecorder) ProjectGrantByID(arg0, arg1 i
}
// ProjectGrantUserGrantByID mocks base method
func (m *MockManagementServiceClient) ProjectGrantUserGrantByID(arg0 context.Context, arg1 *grpc.ProjectGrantUserGrantID, arg2 ...grpc0.CallOption) (*grpc.UserGrant, error) {
func (m *MockManagementServiceClient) ProjectGrantUserGrantByID(arg0 context.Context, arg1 *grpc.ProjectGrantUserGrantID, arg2 ...grpc0.CallOption) (*grpc.UserGrantView, error) {
m.ctrl.T.Helper()
varargs := []interface{}{arg0, arg1}
for _, a := range arg2 {
varargs = append(varargs, a)
}
ret := m.ctrl.Call(m, "ProjectGrantUserGrantByID", varargs...)
ret0, _ := ret[0].(*grpc.UserGrant)
ret0, _ := ret[0].(*grpc.UserGrantView)
ret1, _ := ret[1].(error)
return ret0, ret1
}
@ -1338,14 +1338,14 @@ func (mr *MockManagementServiceClientMockRecorder) ProjectGrantUserGrantByID(arg
}
// ProjectUserGrantByID mocks base method
func (m *MockManagementServiceClient) ProjectUserGrantByID(arg0 context.Context, arg1 *grpc.ProjectUserGrantID, arg2 ...grpc0.CallOption) (*grpc.UserGrant, error) {
func (m *MockManagementServiceClient) ProjectUserGrantByID(arg0 context.Context, arg1 *grpc.ProjectUserGrantID, arg2 ...grpc0.CallOption) (*grpc.UserGrantView, error) {
m.ctrl.T.Helper()
varargs := []interface{}{arg0, arg1}
for _, a := range arg2 {
varargs = append(varargs, a)
}
ret := m.ctrl.Call(m, "ProjectUserGrantByID", varargs...)
ret0, _ := ret[0].(*grpc.UserGrant)
ret0, _ := ret[0].(*grpc.UserGrantView)
ret1, _ := ret[1].(error)
return ret0, ret1
}
@ -1377,24 +1377,24 @@ func (mr *MockManagementServiceClientMockRecorder) ReactivateApplication(arg0, a
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ReactivateApplication", reflect.TypeOf((*MockManagementServiceClient)(nil).ReactivateApplication), varargs...)
}
// ReactivateOrg mocks base method
func (m *MockManagementServiceClient) ReactivateOrg(arg0 context.Context, arg1 *grpc.OrgID, arg2 ...grpc0.CallOption) (*grpc.Org, error) {
// ReactivateMyOrg mocks base method
func (m *MockManagementServiceClient) ReactivateMyOrg(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc0.CallOption) (*grpc.Org, error) {
m.ctrl.T.Helper()
varargs := []interface{}{arg0, arg1}
for _, a := range arg2 {
varargs = append(varargs, a)
}
ret := m.ctrl.Call(m, "ReactivateOrg", varargs...)
ret := m.ctrl.Call(m, "ReactivateMyOrg", varargs...)
ret0, _ := ret[0].(*grpc.Org)
ret1, _ := ret[1].(error)
return ret0, ret1
}
// ReactivateOrg indicates an expected call of ReactivateOrg
func (mr *MockManagementServiceClientMockRecorder) ReactivateOrg(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
// ReactivateMyOrg indicates an expected call of ReactivateMyOrg
func (mr *MockManagementServiceClientMockRecorder) ReactivateMyOrg(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
mr.mock.ctrl.T.Helper()
varargs := append([]interface{}{arg0, arg1}, arg2...)
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ReactivateOrg", reflect.TypeOf((*MockManagementServiceClient)(nil).ReactivateOrg), varargs...)
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ReactivateMyOrg", reflect.TypeOf((*MockManagementServiceClient)(nil).ReactivateMyOrg), varargs...)
}
// ReactivateProject mocks base method
@ -1777,26 +1777,6 @@ func (mr *MockManagementServiceClientMockRecorder) SearchApplications(arg0, arg1
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SearchApplications", reflect.TypeOf((*MockManagementServiceClient)(nil).SearchApplications), varargs...)
}
// SearchAuthGrant mocks base method
func (m *MockManagementServiceClient) SearchAuthGrant(arg0 context.Context, arg1 *grpc.AuthGrantSearchRequest, arg2 ...grpc0.CallOption) (*grpc.AuthGrantSearchResponse, error) {
m.ctrl.T.Helper()
varargs := []interface{}{arg0, arg1}
for _, a := range arg2 {
varargs = append(varargs, a)
}
ret := m.ctrl.Call(m, "SearchAuthGrant", varargs...)
ret0, _ := ret[0].(*grpc.AuthGrantSearchResponse)
ret1, _ := ret[1].(error)
return ret0, ret1
}
// SearchAuthGrant indicates an expected call of SearchAuthGrant
func (mr *MockManagementServiceClientMockRecorder) SearchAuthGrant(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
mr.mock.ctrl.T.Helper()
varargs := append([]interface{}{arg0, arg1}, arg2...)
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SearchAuthGrant", reflect.TypeOf((*MockManagementServiceClient)(nil).SearchAuthGrant), varargs...)
}
// SearchGrantedProjects mocks base method
func (m *MockManagementServiceClient) SearchGrantedProjects(arg0 context.Context, arg1 *grpc.GrantedProjectSearchRequest, arg2 ...grpc0.CallOption) (*grpc.ProjectGrantSearchResponse, error) {
m.ctrl.T.Helper()
@ -2358,14 +2338,14 @@ func (mr *MockManagementServiceClientMockRecorder) UserChanges(arg0, arg1 interf
}
// UserGrantByID mocks base method
func (m *MockManagementServiceClient) UserGrantByID(arg0 context.Context, arg1 *grpc.UserGrantID, arg2 ...grpc0.CallOption) (*grpc.UserGrant, error) {
func (m *MockManagementServiceClient) UserGrantByID(arg0 context.Context, arg1 *grpc.UserGrantID, arg2 ...grpc0.CallOption) (*grpc.UserGrantView, error) {
m.ctrl.T.Helper()
varargs := []interface{}{arg0, arg1}
for _, a := range arg2 {
varargs = append(varargs, a)
}
ret := m.ctrl.Call(m, "UserGrantByID", varargs...)
ret0, _ := ret[0].(*grpc.UserGrant)
ret0, _ := ret[0].(*grpc.UserGrantView)
ret1, _ := ret[1].(error)
return ret0, ret1
}

15
pkg/management/api/grpc/org.go
View File

@ -2,18 +2,19 @@ package grpc
import (
"context"
"github.com/caos/zitadel/internal/api/auth"
"github.com/golang/protobuf/ptypes/empty"
)
func (s *Server) GetOrgByID(ctx context.Context, orgID *OrgID) (*OrgView, error) {
org, err := s.org.OrgByID(ctx, orgID.Id)
func (s *Server) GetMyOrg(ctx context.Context, _ *empty.Empty) (*OrgView, error) {
org, err := s.org.OrgByID(ctx, auth.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return orgViewFromModel(org), nil
}
func (s *Server) GetOrgByDomainGlobal(ctx context.Context, in *OrgDomain) (*OrgView, error) {
func (s *Server) GetOrgByDomainGlobal(ctx context.Context, in *Domain) (*OrgView, error) {
org, err := s.org.OrgByDomainGlobal(ctx, in.Domain)
if err != nil {
return nil, err
@ -21,16 +22,16 @@ func (s *Server) GetOrgByDomainGlobal(ctx context.Context, in *OrgDomain) (*OrgV
return orgViewFromModel(org), nil
}
func (s *Server) DeactivateOrg(ctx context.Context, in *OrgID) (*Org, error) {
org, err := s.org.DeactivateOrg(ctx, in.Id)
func (s *Server) DeactivateMyOrg(ctx context.Context, _ *empty.Empty) (*Org, error) {
org, err := s.org.DeactivateOrg(ctx, auth.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return orgFromModel(org), nil
}
func (s *Server) ReactivateOrg(ctx context.Context, in *OrgID) (*Org, error) {
org, err := s.org.ReactivateOrg(ctx, in.Id)
func (s *Server) ReactivateMyOrg(ctx context.Context, _ *empty.Empty) (*Org, error) {
org, err := s.org.ReactivateOrg(ctx, auth.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}

2
pkg/management/api/grpc/user.go
View File

@ -17,7 +17,7 @@ func (s *Server) GetUserByID(ctx context.Context, id *UserID) (*UserView, error)
return userViewFromModel(user), nil
}
func (s *Server) GetUserByEmailGlobal(ctx context.Context, email *UserEmailID) (*UserView, error) {
func (s *Server) GetUserByEmailGlobal(ctx context.Context, email *Email) (*UserView, error) {
user, err := s.user.GetGlobalUserByEmail(ctx, email.Email)
if err != nil {
return nil, err

147
pkg/management/api/proto/management.proto
View File

@ -31,7 +31,10 @@ option (grpc.gateway.protoc_gen_swagger.options.openapiv2_swagger) = {
produces: "application/grpc";
};
// All requests are based on your context if nothing other is specified
// Requests which have /me in the url get the parameter from the context
service ManagementService {
//READINESS
rpc Healthz(google.protobuf.Empty) returns (google.protobuf.Empty) {
option (google.api.http) = {
@ -51,7 +54,7 @@ service ManagementService {
};
}
//IAM
// GetIam returns some needed settings of the iam (Global Organisation ID, Zitadel Project ID)
rpc GetIam(google.protobuf.Empty) returns (Iam) {
option (google.api.http) = {
get: "/iam"
@ -62,7 +65,6 @@ service ManagementService {
};
}
//USER
rpc GetUserByID(UserID) returns (UserView) {
option (google.api.http) = {
get: "/users/{id}"
@ -73,9 +75,10 @@ service ManagementService {
};
}
rpc GetUserByEmailGlobal(UserEmailID) returns (UserView) {
// GetUserByEmailGlobal returns User, global search is overall organisations
rpc GetUserByEmailGlobal(Email) returns (UserView) {
option (google.api.http) = {
get: "/global/users/email/{email}"
get: "/global/users/_byemail"
};
option (caos.zitadel.utils.v1.auth_option) = {
@ -83,6 +86,7 @@ service ManagementService {
};
}
// Limit should always be set, there is a default limit set by the service
rpc SearchUsers(UserSearchRequest) returns (UserSearchResponse) {
option (google.api.http) = {
post: "/users/_search"
@ -169,6 +173,7 @@ service ManagementService {
};
}
// UserChanges returns the event stream of the user object
rpc UserChanges(ChangeRequest) returns (Changes) {
option (google.api.http) = {
get: "/users/{id}/changes"
@ -179,6 +184,7 @@ service ManagementService {
};
}
// ApplicationChanges returns the event stream of the application object
rpc ApplicationChanges(ChangeRequest) returns (Changes) {
option (google.api.http) = {
get: "/projects/{id}/applications/{sec_id}/changes"
@ -189,6 +195,7 @@ service ManagementService {
};
}
// OrgChanges returns the event stream of the org object
rpc OrgChanges(ChangeRequest) returns (Changes) {
option (google.api.http) = {
get: "/orgs/{id}/changes"
@ -199,6 +206,7 @@ service ManagementService {
};
}
// ProjectChanges returns the event stream of the project object
rpc ProjectChanges(ChangeRequest) returns (Changes) {
option (google.api.http) = {
get: "/projects/{id}/changes"
@ -209,7 +217,6 @@ service ManagementService {
};
}
//USER_PROFILE
rpc GetUserProfile(UserID) returns (UserProfileView) {
option (google.api.http) = {
get: "/users/{id}/profile"
@ -231,7 +238,6 @@ service ManagementService {
};
}
//USER_EMAIL
rpc GetUserEmail(UserID) returns (UserEmailView) {
option (google.api.http) = {
get: "/users/{id}/email"
@ -264,7 +270,6 @@ service ManagementService {
};
}
//USER_PHONE
rpc GetUserPhone(UserID) returns (UserPhoneView) {
option (google.api.http) = {
get: "/users/{id}/phone"
@ -297,7 +302,6 @@ service ManagementService {
};
}
//USER_ADDRESS
rpc GetUserAddress(UserID) returns (UserAddressView) {
option (google.api.http) = {
get: "/users/{id}/address"
@ -318,7 +322,7 @@ service ManagementService {
permission: "user.write"
};
}
//MFA
rpc GetUserMfas(UserID) returns (MultiFactors) {
option (google.api.http) = {
get: "/users/{id}/mfas"
@ -329,11 +333,10 @@ service ManagementService {
};
}
//PASSWORD
// Sends an Notification (Email/SMS) with a password reset Link
rpc SendSetPasswordNotification(SetPasswordNotificationRequest) returns (google.protobuf.Empty) {
option (google.api.http) = {
post: "/users/{id}/_sendsetpwnotify"
post: "/users/{id}/password/_sendsetnotification"
body: "*"
};
@ -345,7 +348,7 @@ service ManagementService {
// A Manager is only allowed to set an initial password, on the next login the user has to change his password
rpc SetInitialPassword(PasswordRequest) returns (google.protobuf.Empty) {
option (google.api.http) = {
post: "/users/{id}/_setinitialpw"
post: "/users/{id}/password/_initialize"
body: "*"
};
@ -354,8 +357,7 @@ service ManagementService {
};
}
//PASSWORD_COMPLEXITY_POLICY
// returns default policy if nothing other set on organisation
rpc GetPasswordComplexityPolicy(google.protobuf.Empty) returns (PasswordComplexityPolicy) {
option (google.api.http) = {
get: "/policies/passwords/complexity"
@ -398,7 +400,7 @@ service ManagementService {
};
}
//PASSWORD_AGE_POLICY
// returns default if nothing other set on organisation
rpc GetPasswordAgePolicy(google.protobuf.Empty) returns (PasswordAgePolicy) {
option (google.api.http) = {
get: "/policies/passwords/age"
@ -441,7 +443,7 @@ service ManagementService {
};
}
//PASSWORD_LOCKOUT_POLICY
// returns default if nothing other set on organisation
rpc GetPasswordLockoutPolicy(google.protobuf.Empty) returns (PasswordLockoutPolicy) {
option (google.api.http) = {
get: "/policies/passwords/lockout"
@ -484,10 +486,9 @@ service ManagementService {
};
}
//ORG
rpc GetOrgByID(OrgID) returns (OrgView) {
rpc GetMyOrg(google.protobuf.Empty) returns (OrgView) {
option (google.api.http) = {
get: "/orgs/{id}"
get: "/orgs/me"
};
option (caos.zitadel.utils.v1.auth_option) = {
@ -495,9 +496,10 @@ service ManagementService {
};
}
rpc GetOrgByDomainGlobal(OrgDomain) returns (OrgView) {
// search a organisation by its domain overall organisations
rpc GetOrgByDomainGlobal(Domain) returns (OrgView) {
option (google.api.http) = {
get: "/global/orgs/domain/{domain}"
get: "/global/orgs/_bydomain"
};
option (caos.zitadel.utils.v1.auth_option) = {
@ -505,9 +507,9 @@ service ManagementService {
};
}
rpc DeactivateOrg(OrgID) returns (Org) {
rpc DeactivateMyOrg(google.protobuf.Empty) returns (Org) {
option (google.api.http) = {
put: "/orgs/{id}/_deactivate"
put: "/orgs/me/_deactivate"
body: "*"
};
@ -516,9 +518,9 @@ service ManagementService {
};
}
rpc ReactivateOrg(OrgID) returns (Org) {
rpc ReactivateMyOrg(google.protobuf.Empty) returns (Org) {
option (google.api.http) = {
put: "/orgs/{id}/_reactivate"
put: "/orgs/me/_reactivate"
body: "*"
};
@ -559,7 +561,6 @@ service ManagementService {
};
}
//ORG_IAM_POLICY
rpc GetMyOrgIamPolicy(google.protobuf.Empty) returns (OrgIamPolicy) {
option (google.api.http) = {
get: "/orgs/me/iampolicy"
@ -570,7 +571,6 @@ service ManagementService {
};
}
//ORG_MEMBERS
rpc GetOrgMemberRoles(google.protobuf.Empty) returns (OrgMemberRoles) {
option (google.api.http) = {
get: "/orgs/members/roles"
@ -624,7 +624,6 @@ service ManagementService {
};
}
//PROJECTS
rpc SearchProjects(ProjectSearchRequest) returns (ProjectSearchResponse) {
option (google.api.http) = {
post: "/projects/_search"
@ -694,7 +693,7 @@ service ManagementService {
};
}
//GRANTED_PROJECT_GRANTS
// returns all projects my organisation got granted from another organisation
rpc SearchGrantedProjects(GrantedProjectSearchRequest) returns (ProjectGrantSearchResponse) {
option (google.api.http) = {
post: "/grantedprojects/_search"
@ -707,6 +706,7 @@ service ManagementService {
};
}
// returns a project my organisation got granted from another organisation
rpc GetGrantedProjectByID(ProjectGrantID) returns (ProjectGrantView) {
option (google.api.http) = {
get: "/grantedprojects/{project_id}/grants/{id}"
@ -717,7 +717,6 @@ service ManagementService {
};
}
//PROJECT_MEMBERS
rpc GetProjectMemberRoles(google.protobuf.Empty) returns (ProjectMemberRoles) {
option (google.api.http) = {
get: "/projects/members/roles"
@ -775,7 +774,6 @@ service ManagementService {
};
}
//PROJECT_ROLES
rpc SearchProjectRoles(ProjectRoleSearchRequest) returns (ProjectRoleSearchResponse) {
option (google.api.http) = {
post: "/projects/{project_id}/roles/_search"
@ -800,6 +798,7 @@ service ManagementService {
};
}
// add a list of project roles in one request
rpc BulkAddProjectRole(ProjectRoleAddBulk) returns (google.protobuf.Empty) {
option (google.api.http) = {
post: "/projects/{id}/roles/_bulk"
@ -824,7 +823,7 @@ service ManagementService {
};
}
/* RemoveProjectRole removes role from UserGrants, ProjectGrants and from Project */
// RemoveProjectRole removes role from UserGrants, ProjectGrants and from Project
rpc RemoveProjectRole(ProjectRoleRemove) returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/projects/{id}/roles/{key}"
@ -836,7 +835,6 @@ service ManagementService {
};
}
//APPLICATIONS
rpc SearchApplications(ApplicationSearchRequest) returns (ApplicationSearchResponse) {
option (google.api.http) = {
post: "/projects/{project_id}/applications/_search"
@ -943,7 +941,6 @@ service ManagementService {
};
}
//PROJECT_GRANT
rpc SearchProjectGrants(ProjectGrantSearchRequest) returns (ProjectGrantSearchResponse) {
option (google.api.http) = {
post: "/projects/{project_id}/grants/_search"
@ -1010,6 +1007,7 @@ service ManagementService {
};
}
// RemoveProjectGrant removes project grant and all user grants for this project grant
rpc RemoveProjectGrant(ProjectGrantID) returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/projects/{project_id}/grants/{id}"
@ -1020,7 +1018,6 @@ service ManagementService {
};
}
//PROJECT_GRANT_MEMBER
rpc GetProjectGrantMemberRoles(google.protobuf.Empty) returns (ProjectGrantMemberRoles) {
option (google.api.http) = {
get: "/projects/grants/members/roles"
@ -1030,6 +1027,7 @@ service ManagementService {
permission: "project.grant.member.read"
};
}
rpc SearchProjectGrantMembers(ProjectGrantMemberSearchRequest) returns (ProjectGrantMemberSearchResponse) {
option (google.api.http) = {
post: "/projects/{project_id}/grants/{grant_id}/members/_search"
@ -1073,7 +1071,6 @@ service ManagementService {
};
}
//USER_GRANT
rpc SearchUserGrants(UserGrantSearchRequest) returns (UserGrantSearchResponse) {
option (google.api.http) = {
post: "/users/grants/_search"
@ -1149,6 +1146,7 @@ service ManagementService {
};
}
// add a list of user grants in one request
rpc BulkCreateUserGrant(UserGrantCreateBulk) returns (google.protobuf.Empty) {
option (google.api.http) = {
post: "/usergrants/_bulk"
@ -1160,6 +1158,7 @@ service ManagementService {
};
}
// update a list of user grants in one request
rpc BulkUpdateUserGrant(UserGrantUpdateBulk) returns (google.protobuf.Empty) {
option (google.api.http) = {
put: "/usergrants/_bulk"
@ -1171,6 +1170,7 @@ service ManagementService {
};
}
// remove a list of user grants in one request
rpc BulkRemoveUserGrant(UserGrantRemoveBulk) returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/usersgrants/_bulk"
@ -1182,7 +1182,8 @@ service ManagementService {
};
}
//PROJECT_USER_GRANT
// search user grants based on a project
// This request is required that the user authorizations of zitadel can be differentiated
rpc SearchProjectUserGrants(ProjectUserGrantSearchRequest) returns (UserGrantSearchResponse) {
option (google.api.http) = {
post: "/projects/{project_id}/users/grants/_search"
@ -1195,6 +1196,8 @@ service ManagementService {
};
}
// get user grant based on a project
// This request is required that the user authorizations of zitadel can be differentiated
rpc ProjectUserGrantByID(ProjectUserGrantID) returns (UserGrantView) {
option (google.api.http) = {
get: "/projects/{project_id}/users/{user_id}/grants/{id}"
@ -1206,6 +1209,8 @@ service ManagementService {
};
}
// create user grant based on a project
// This request is required that the user authorizations of zitadel can be differentiated
rpc CreateProjectUserGrant(UserGrantCreate) returns (UserGrant) {
option (google.api.http) = {
post: "/projects/{project_id}/users/{user_id}/grants"
@ -1218,6 +1223,8 @@ service ManagementService {
};
}
// update user grant based on a project
// This request is required that the user authorizations of zitadel can be differentiated
rpc UpdateProjectUserGrant(ProjectUserGrantUpdate) returns (UserGrant) {
option (google.api.http) = {
put: "/projects/{project_id}/users/{user_id}/grants/{id}"
@ -1230,6 +1237,8 @@ service ManagementService {
};
}
// deactivate user grant based on a project
// This request is required that the user authorizations of zitadel can be differentiated
rpc DeactivateProjectUserGrant(ProjectUserGrantID) returns (UserGrant) {
option (google.api.http) = {
put: "/projects/{project_id}/users/{user_id}/grants/{id}/_deactivate"
@ -1242,6 +1251,8 @@ service ManagementService {
};
}
// reactivate user grant based on a project
// This request is required that the user authorizations of zitadel can be differentiated
rpc ReactivateProjectUserGrant(ProjectUserGrantID) returns (UserGrant) {
option (google.api.http) = {
put: "/projects/{project_id}/users/{user_id}/grants/{id}/_reactivate"
@ -1253,7 +1264,9 @@ service ManagementService {
check_field_name: "ProjectId"
};
}
//PROJECT_GRANT_USER_GRANT
// search user grants based on a projectgrant
// This request is required that the user authorizations of zitadel can be differentiated
rpc SearchProjectGrantUserGrants(ProjectGrantUserGrantSearchRequest) returns (UserGrantSearchResponse) {
option (google.api.http) = {
post: "/projectgrants/{project_grant_id}/users/grants/_search"
@ -1266,6 +1279,8 @@ service ManagementService {
};
}
// get user grant based on a projectgrant
// This request is required that the user authorizations of zitadel can be differentiated
rpc ProjectGrantUserGrantByID(ProjectGrantUserGrantID) returns (UserGrantView) {
option (google.api.http) = {
get: "/projectgrants/{project_grant_id}/users/{user_id}/grants/{id}"
@ -1277,6 +1292,8 @@ service ManagementService {
};
}
// create user grant based on a projectgrant
// This request is required that the user authorizations of zitadel can be differentiated
rpc CreateProjectGrantUserGrant(ProjectGrantUserGrantCreate) returns (UserGrant) {
option (google.api.http) = {
post: "/projectgrants/{project_grant_id}/users/{user_id}/grants"
@ -1289,6 +1306,8 @@ service ManagementService {
};
}
// update user grant based on a projectgrant
// This request is required that the user authorizations of zitadel can be differentiated
rpc UpdateProjectGrantUserGrant(ProjectGrantUserGrantUpdate) returns (UserGrant) {
option (google.api.http) = {
put: "/projectgrants/{project_grant_id}/users/{user_id}/grants/{id}"
@ -1301,6 +1320,8 @@ service ManagementService {
};
}
// deactivate user grant based on a projectgrant
// This request is required that the user authorizations of zitadel can be differentiated
rpc DeactivateProjectGrantUserGrant(ProjectGrantUserGrantID) returns (UserGrant) {
option (google.api.http) = {
put: "/projectgrants/{project_grant_id}/users/{user_id}/grants/{id}/_deactivate"
@ -1313,6 +1334,8 @@ service ManagementService {
};
}
// reactivate user grant based on a projectgrant
// This request is required that the user authorizations of zitadel can be differentiated
rpc ReactivateProjectGrantUserGrant(ProjectGrantUserGrantID) returns (UserGrant) {
option (google.api.http) = {
put: "/projectgrants/{project_grant_id}/users/{user_id}/grants/{id}/_reactivate"
@ -1324,13 +1347,6 @@ service ManagementService {
check_field_name: "ProjectGrantId"
};
}
//Grant
rpc SearchAuthGrant(AuthGrantSearchRequest) returns (AuthGrantSearchResponse) {
option (google.api.http) = {
post: "/authgrants/_search"
body: "*"
};
}
}
message Iam {
@ -1374,7 +1390,7 @@ message UserID {
string id = 1;
}
message UserEmailID {
message Email {
string email = 1;
}
@ -1826,6 +1842,10 @@ enum OrgState {
ORGSTATE_INACTIVE = 2;
}
message Domain {
string domain = 1;
}
message OrgDomains {
repeated OrgDomain domains = 1;
}
@ -2574,38 +2594,3 @@ message ProjectGrantUserGrantSearchRequest {
uint64 limit = 3;
repeated UserGrantSearchQuery queries = 4;
}
message AuthGrantSearchRequest {
uint64 offset = 1;
uint64 limit = 2;
AuthGrantSearchKey sorting_column = 3 [(validate.rules).enum = {not_in: [0]}];
bool asc = 4;
repeated AuthGrantSearchQuery queries = 5;
}
message AuthGrantSearchQuery {
AuthGrantSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}];
SearchMethod method = 2 [(validate.rules).enum = {in: [0]}];
string value = 3;
}
enum AuthGrantSearchKey {
AUTHGRANTSEARCHKEY_UNSPECIFIED = 0;
AUTHGRANTSEARCHKEY_ORG_ID = 1;
AUTHGRANTSEARCHKEY_PROJECT_ID = 2;
AUTHGRANTSEARCHKEY_USER_ID = 3;
}
message AuthGrantSearchResponse {
uint64 offset = 1;
uint64 limit = 2;
uint64 total_result = 3;
repeated AuthGrant result = 4;
}
message AuthGrant {
string orgId = 1;
string projectId = 2;
string userId = 3;
repeated string roles = 4;
}