feat: protos refactoring

* start with user

* user first try done in all services

* user, org, idp for discussion

* remove unused stuff

* bla

* dockerbuild

* rename search, get multiple to list...

* add annotation

* update proto dependencies

* update proto dependencies

* change proto imports

* replace all old imports

* fix go out

* remove unused lines

* correct protoc flags

* grpc and openapi flags

* go out source path relative

* -p

* remove dead code

* sourcepath relative

* ls

* is onenapi the problem?

* hobla

* authoption output

* wrong field name

* gopf

* correct option, add correct flags

* small improvments

* SIMPLYFY

* relative path

* gopf bin ich en tubel

* correct path

* default policies in admin

* grpc generation in one file

* remove non ascii

* metadata on manipulations

* correct auth_option import

* fixes

* larry

* idp provider to idp

* fix generate

* admin and auth nearly done

* admin and auth nearly done

* gen

* healthz

* imports

* deleted too much imports

* fix org

* add import

* imports

* import

* naming

* auth_opt

* gopf

* management

* imports

* _TYPE_UNSPECIFIED

* improts

* auth opts

* management policies

* imports

* passwordlessType to MFAType

* auth_opt

* add user grant calls

* add missing messages

* result

* fix option

* improvements

* ids

* fix http

* imports

* fixes

* fields

* body

* add fields

* remove wrong member query

* fix request response

* fixes

* add copy files

* variable versions

* generate all files

* improvements

* add dependencies

* factors

* user session

* oidc information, iam

* remove unused file

* changes

* enums

* dockerfile

* fix build

* remove unused folder

* update readme for build

* move old server impl

* add event type to change

* some changes

* start admin

* remove wrong field

* admin only list calls missing

* fix proto numbers

* surprisingly it compiles

* service ts changes

* admin mgmt

* mgmt

* auth manipulation and gets done, lists missing

* validations and some field changes

* validations

* enum validations

* remove todo

* move proto files to proto/zitadel

* change proto path in dockerfile

* it compiles!

* add validate import

* remove duplicate import

* fix protos

* fix import

* tests

* cleanup

* remove unimplemented methods

* iam member multiple queries

* all auth and admin calls

* add initial password on crate human

* message names

* management user server

* machine done

* fix: todos (#1346)

* fix: pub sub in new eventstore

* fix: todos

* fix: todos

* fix: todos

* fix: todos

* fix: todos

* fix tests

* fix: search method domain

* admin service, user import type typescript

* admin changes

* admin changes

* fix: search method domain

* more user grpc and begin org, fix configs

* fix: return object details

* org grpc

* remove creation date add details

* app

* fix: return object details

* fix: return object details

* mgmt service, project members

* app

* fix: convert policies

* project, members, granted projects, searches

* fix: convert usergrants

* fix: convert usergrants

* auth user detail, user detail, mfa, second factor, auth

* fix: convert usergrants

* mfa, memberships, password, owned proj detail

* fix: convert usergrants

* project grant

* missing details

* changes, userview

* idp table, keys

* org list and user table filter

* unify rest paths (#1381)

* unify rest paths

* post for all searches,
mfa to multi_factor,
secondfactor to second_factor

* remove v1

* fix tests

* rename api client key to app key

* machine keys, age policy

* user list, machine keys, changes

* fix: org states

* add default flag to policy

* second factor to type

* idp id

* app type

* unify ListQuery, ListDetails, ObjectDetails field names

* user grants, apps, memberships

* fix type params

* metadata to detail, linke idps

* api create, membership, app detail, create

* idp, app, policy

* queries, multi -> auth factors and missing fields

* update converters

* provider to user, remove old mgmt refs

* temp remove authfactor dialog, build finish

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com>

internal/api/grpc/admin/administrator.go

@@ -1,36 +0,0 @@
-package admin
-
-import (
-	"context"
-
-	"github.com/golang/protobuf/ptypes/empty"
-
-	view_model "github.com/caos/zitadel/internal/view/model"
-	"github.com/caos/zitadel/pkg/grpc/admin"
-)
-
-func (s *Server) GetViews(ctx context.Context, _ *empty.Empty) (_ *admin.Views, err error) {
-	views, err := s.administrator.GetViews()
-	if err != nil {
-		return nil, err
-	}
-	return &admin.Views{Views: viewsFromModel(views)}, nil
-}
-
-func (s *Server) ClearView(ctx context.Context, viewID *admin.ViewID) (_ *empty.Empty, err error) {
-	err = s.administrator.ClearView(ctx, viewID.Database, viewID.ViewName)
-	return &empty.Empty{}, err
-}
-
-func (s *Server) GetFailedEvents(ctx context.Context, _ *empty.Empty) (_ *admin.FailedEvents, err error) {
-	failedEvents, err := s.administrator.GetFailedEvents(ctx)
-	if err != nil {
-		return nil, err
-	}
-	return &admin.FailedEvents{FailedEvents: failedEventsFromModel(failedEvents)}, nil
-}
-
-func (s *Server) RemoveFailedEvent(ctx context.Context, failedEventID *admin.FailedEventID) (_ *empty.Empty, err error) {
-	err = s.administrator.RemoveFailedEvent(ctx, &view_model.FailedEvent{Database: failedEventID.Database, ViewName: failedEventID.ViewName, FailedSequence: failedEventID.FailedSequence})
-	return &empty.Empty{}, err
-}

internal/api/grpc/admin/administrator_converter.go

@@ -1,51 +0,0 @@
-package admin
-
-import (
-	"github.com/caos/logging"
-	view_model "github.com/caos/zitadel/internal/view/model"
-	"github.com/caos/zitadel/pkg/grpc/admin"
-	"github.com/golang/protobuf/ptypes"
-)
-
-func viewsFromModel(views []*view_model.View) []*admin.View {
-	result := make([]*admin.View, len(views))
-	for i, view := range views {
-		result[i] = viewFromModel(view)
-	}
-
-	return result
-}
-
-func failedEventsFromModel(failedEvents []*view_model.FailedEvent) []*admin.FailedEvent {
-	result := make([]*admin.FailedEvent, len(failedEvents))
-	for i, view := range failedEvents {
-		result[i] = failedEventFromModel(view)
-	}
-
-	return result
-}
-
-func viewFromModel(view *view_model.View) *admin.View {
-	eventTimestamp, err := ptypes.TimestampProto(view.EventTimestamp)
-	logging.Log("GRPC-KSo03").OnError(err).Debug("unable to parse timestamp")
-	lastSpool, err := ptypes.TimestampProto(view.LastSuccessfulSpoolerRun)
-	logging.Log("GRPC-0oP87").OnError(err).Debug("unable to parse timestamp")
-
-	return &admin.View{
-		Database:                 view.Database,
-		ViewName:                 view.ViewName,
-		ProcessedSequence:        view.CurrentSequence,
-		EventTimestamp:           eventTimestamp,
-		LastSuccessfulSpoolerRun: lastSpool,
-	}
-}
-
-func failedEventFromModel(failedEvent *view_model.FailedEvent) *admin.FailedEvent {
-	return &admin.FailedEvent{
-		Database:       failedEvent.Database,
-		ViewName:       failedEvent.ViewName,
-		FailedSequence: failedEvent.FailedSequence,
-		FailureCount:   failedEvent.FailureCount,
-		ErrorMessage:   failedEvent.ErrMsg,
-	}
-}

internal/api/grpc/admin/failed_event.go

@@ -0,0 +1,23 @@
+package admin
+
+import (
+	"context"
+
+	admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
+)
+
+func (s *Server) ListFailedEvents(ctx context.Context, req *admin_pb.ListFailedEventsRequest) (*admin_pb.ListFailedEventsResponse, error) {
+	failedEvents, err := s.administrator.GetFailedEvents(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.ListFailedEventsResponse{Result: FailedEventsToPb(failedEvents)}, nil
+}
+
+func (s *Server) RemoveFailedEvent(ctx context.Context, req *admin_pb.RemoveFailedEventRequest) (*admin_pb.RemoveFailedEventResponse, error) {
+	err := s.administrator.RemoveFailedEvent(ctx, RemoveFailedEventRequestToModel(req))
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.RemoveFailedEventResponse{}, nil
+}

internal/api/grpc/admin/failed_event_converter.go

@@ -0,0 +1,32 @@
+package admin
+
+import (
+	"github.com/caos/zitadel/internal/view/model"
+	admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
+)
+
+func FailedEventsToPb(failedEvents []*model.FailedEvent) []*admin_pb.FailedEvent {
+	events := make([]*admin_pb.FailedEvent, len(failedEvents))
+	for i, failedEvent := range failedEvents {
+		events[i] = FailedEventToPb(failedEvent)
+	}
+	return events
+}
+
+func FailedEventToPb(failedEvent *model.FailedEvent) *admin_pb.FailedEvent {
+	return &admin_pb.FailedEvent{
+		Database:       failedEvent.Database,
+		ViewName:       failedEvent.ViewName,
+		FailedSequence: failedEvent.FailedSequence,
+		FailureCount:   failedEvent.FailureCount,
+		ErrorMessage:   failedEvent.ErrMsg,
+	}
+}
+
+func RemoveFailedEventRequestToModel(req *admin_pb.RemoveFailedEventRequest) *model.FailedEvent {
+	return &model.FailedEvent{
+		Database:       req.Database,
+		ViewName:       req.ViewName,
+		FailedSequence: req.FailedSequence,
+	}
+}

internal/api/grpc/admin/failed_event_converter_test.go

@@ -0,0 +1,95 @@
+package admin_test
+
+import (
+	"testing"
+
+	admin_grpc "github.com/caos/zitadel/internal/api/grpc/admin"
+	"github.com/caos/zitadel/internal/test"
+	"github.com/caos/zitadel/internal/view/model"
+	admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
+)
+
+func TestFailedEventsToPbFields(t *testing.T) {
+	type args struct {
+		failedEvents []*model.FailedEvent
+	}
+	tests := []struct {
+		name string
+		args args
+	}{
+		{
+			name: "all fields",
+			args: args{
+				failedEvents: []*model.FailedEvent{
+					{
+						Database:       "admin",
+						ViewName:       "users",
+						FailedSequence: 456,
+						FailureCount:   5,
+						ErrMsg:         "some error",
+					},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := admin_grpc.FailedEventsToPb(tt.args.failedEvents)
+			for _, g := range got {
+				test.AssertFieldsMapped(t, g)
+			}
+		})
+	}
+}
+
+func TestFailedEventToPbFields(t *testing.T) {
+	type args struct {
+		failedEvent *model.FailedEvent
+	}
+	tests := []struct {
+		name string
+		args args
+	}{
+		{
+			"all fields",
+			args{
+				failedEvent: &model.FailedEvent{
+					Database:       "admin",
+					ViewName:       "users",
+					FailedSequence: 456,
+					FailureCount:   5,
+					ErrMsg:         "some error",
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		converted := admin_grpc.FailedEventToPb(tt.args.failedEvent)
+		test.AssertFieldsMapped(t, converted)
+	}
+}
+
+func TestRemoveFailedEventRequestToModelFields(t *testing.T) {
+	type args struct {
+		req *admin_pb.RemoveFailedEventRequest
+	}
+	tests := []struct {
+		name string
+		args args
+	}{
+		{
+			"all fields",
+			args{
+				req: &admin_pb.RemoveFailedEventRequest{
+					Database:       "admin",
+					ViewName:       "users",
+					FailedSequence: 456,
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		converted := admin_grpc.RemoveFailedEventRequestToModel(tt.args.req)
+		test.AssertFieldsMapped(t, converted, "FailureCount", "ErrMsg")
+	}
+}

internal/api/grpc/admin/iam_member.go

@@ -2,42 +2,65 @@ package admin
 
 import (
 	"context"
+	"time"
 
-	"github.com/golang/protobuf/ptypes/empty"
-
-	"github.com/caos/zitadel/pkg/grpc/admin"
+	"github.com/caos/zitadel/internal/api/grpc/member"
+	"github.com/caos/zitadel/internal/api/grpc/object"
+	admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
 )
 
-func (s *Server) GetIamMemberRoles(ctx context.Context, _ *empty.Empty) (*admin.IamMemberRoles, error) {
-	return &admin.IamMemberRoles{Roles: s.iam.GetIAMMemberRoles()}, nil
+func (s *Server) ListIAMMemberRoles(ctx context.Context, req *admin_pb.ListIAMMemberRolesRequest) (*admin_pb.ListIAMMemberRolesResponse, error) {
+	roles := s.iam.GetIAMMemberRoles()
+	return &admin_pb.ListIAMMemberRolesResponse{
+		Details: object.ToListDetails(uint64(len(roles)), 0, time.Now()),
+	}, nil
 }
 
-func (s *Server) SearchIamMembers(ctx context.Context, in *admin.IamMemberSearchRequest) (*admin.IamMemberSearchResponse, error) {
-	members, err := s.iam.SearchIAMMembers(ctx, iamMemberSearchRequestToModel(in))
+func (s *Server) ListIAMMembers(ctx context.Context, req *admin_pb.ListIAMMembersRequest) (*admin_pb.ListIAMMembersResponse, error) {
+	res, err := s.iam.SearchIAMMembers(ctx, ListIAMMemberRequestToModel(req))
 	if err != nil {
 		return nil, err
 	}
-	return iamMemberSearchResponseFromModel(members), nil
+	return &admin_pb.ListIAMMembersResponse{
+		Details: object.ToListDetails(res.TotalResult, res.Sequence, res.Timestamp),
+		Result:  member.IAMMembersToPb(res.Result),
+	}, nil
 }
 
-func (s *Server) AddIamMember(ctx context.Context, member *admin.AddIamMemberRequest) (*admin.IamMember, error) {
-	addedMember, err := s.command.AddIAMMember(ctx, addIamMemberToDomain(member))
+func (s *Server) AddIAMMember(ctx context.Context, req *admin_pb.AddIAMMemberRequest) (*admin_pb.AddIAMMemberResponse, error) {
+	member, err := s.command.AddIAMMember(ctx, AddIAMMemberToDomain(req))
 	if err != nil {
 		return nil, err
 	}
-
-	return iamMemberFromDomain(addedMember), nil
+	return &admin_pb.AddIAMMemberResponse{
+		Details: object.ToDetailsPb(
+			member.Sequence,
+			member.ChangeDate,
+			member.ResourceOwner,
+		),
+	}, nil
 }
 
-func (s *Server) ChangeIamMember(ctx context.Context, member *admin.ChangeIamMemberRequest) (*admin.IamMember, error) {
-	changedMember, err := s.command.ChangeIAMMember(ctx, changeIamMemberToDomain(member))
+func (s *Server) UpdateIAMMember(ctx context.Context, req *admin_pb.UpdateIAMMemberRequest) (*admin_pb.UpdateIAMMemberResponse, error) {
+	member, err := s.command.ChangeIAMMember(ctx, UpdateIAMMemberToDomain(req))
 	if err != nil {
 		return nil, err
 	}
-	return iamMemberFromDomain(changedMember), nil
+	return &admin_pb.UpdateIAMMemberResponse{
+		Details: object.ToDetailsPb(
+			member.Sequence,
+			member.ChangeDate,
+			member.ResourceOwner,
+		),
+	}, nil
 }
 
-func (s *Server) RemoveIamMember(ctx context.Context, member *admin.RemoveIamMemberRequest) (*empty.Empty, error) {
-	err := s.command.RemoveIAMMember(ctx, member.UserId)
-	return &empty.Empty{}, err
+func (s *Server) RemoveIAMMember(ctx context.Context, req *admin_pb.RemoveIAMMemberRequest) (*admin_pb.RemoveIAMMemberResponse, error) {
+	objectDetails, err := s.command.RemoveIAMMember(ctx, req.UserId)
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.RemoveIAMMemberResponse{
+		Details: object.DomainToDetailsPb(objectDetails),
+	}, nil
 }

internal/api/grpc/admin/iam_member_converter.go

@@ -1,129 +1,32 @@
 package admin
 
 import (
-	"github.com/caos/logging"
+	member_grpc "github.com/caos/zitadel/internal/api/grpc/member"
 	"github.com/caos/zitadel/internal/domain"
-	"github.com/golang/protobuf/ptypes"
-	"google.golang.org/protobuf/types/known/timestamppb"
-
-	iam_model "github.com/caos/zitadel/internal/iam/model"
-	"github.com/caos/zitadel/pkg/grpc/admin"
+	"github.com/caos/zitadel/internal/iam/model"
+	admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
 )
 
-func addIamMemberToDomain(member *admin.AddIamMemberRequest) *domain.Member {
-	return domain.NewMember(domain.IAMID, member.UserId, member.Roles...)
-}
-
-func changeIamMemberToDomain(member *admin.ChangeIamMemberRequest) *domain.Member {
-	return domain.NewMember(domain.IAMID, member.UserId, member.Roles...)
-}
-
-func iamMemberFromDomain(member *domain.Member) *admin.IamMember {
-	return &admin.IamMember{
-		UserId:     member.UserID,
-		ChangeDate: timestamppb.New(member.ChangeDate),
-		Roles:      member.Roles,
-		Sequence:   member.Sequence,
+func AddIAMMemberToDomain(req *admin_pb.AddIAMMemberRequest) *domain.Member {
+	return &domain.Member{
+		UserID: req.UserId,
+		Roles:  req.Roles,
 	}
 }
 
-func iamMemberSearchRequestToModel(request *admin.IamMemberSearchRequest) *iam_model.IAMMemberSearchRequest {
-	return &iam_model.IAMMemberSearchRequest{
-		Limit:   request.Limit,
-		Offset:  request.Offset,
-		Queries: iamMemberSearchQueriesToModel(request.Queries),
+func UpdateIAMMemberToDomain(req *admin_pb.UpdateIAMMemberRequest) *domain.Member {
+	return &domain.Member{
+		UserID: req.UserId,
+		Roles:  req.Roles,
 	}
 }
 
-func iamMemberSearchQueriesToModel(queries []*admin.IamMemberSearchQuery) []*iam_model.IAMMemberSearchQuery {
-	modelQueries := make([]*iam_model.IAMMemberSearchQuery, len(queries))
-	for i, query := range queries {
-		modelQueries[i] = iamMemberSearchQueryToModel(query)
-	}
-
-	return modelQueries
-}
-
-func iamMemberSearchQueryToModel(query *admin.IamMemberSearchQuery) *iam_model.IAMMemberSearchQuery {
-	return &iam_model.IAMMemberSearchQuery{
-		Key:    iamMemberSearchKeyToModel(query.Key),
-		Method: searchMethodToModel(query.Method),
-		Value:  query.Value,
-	}
-}
-
-func iamMemberSearchKeyToModel(key admin.IamMemberSearchKey) iam_model.IAMMemberSearchKey {
-	switch key {
-	case admin.IamMemberSearchKey_IAMMEMBERSEARCHKEY_EMAIL:
-		return iam_model.IAMMemberSearchKeyEmail
-	case admin.IamMemberSearchKey_IAMMEMBERSEARCHKEY_FIRST_NAME:
-		return iam_model.IAMMemberSearchKeyFirstName
-	case admin.IamMemberSearchKey_IAMMEMBERSEARCHKEY_LAST_NAME:
-		return iam_model.IAMMemberSearchKeyLastName
-	case admin.IamMemberSearchKey_IAMMEMBERSEARCHKEY_USER_ID:
-		return iam_model.IAMMemberSearchKeyUserID
-	default:
-		return iam_model.IAMMemberSearchKeyUnspecified
-	}
-}
-
-func searchMethodToModel(key admin.SearchMethod) domain.SearchMethod {
-	switch key {
-	case admin.SearchMethod_SEARCHMETHOD_CONTAINS:
-		return domain.SearchMethodContains
-	case admin.SearchMethod_SEARCHMETHOD_CONTAINS_IGNORE_CASE:
-		return domain.SearchMethodContainsIgnoreCase
-	case admin.SearchMethod_SEARCHMETHOD_EQUALS:
-		return domain.SearchMethodEquals
-	case admin.SearchMethod_SEARCHMETHOD_EQUALS_IGNORE_CASE:
-		return domain.SearchMethodEqualsIgnoreCase
-	case admin.SearchMethod_SEARCHMETHOD_STARTS_WITH:
-		return domain.SearchMethodStartsWith
-	case admin.SearchMethod_SEARCHMETHOD_STARTS_WITH_IGNORE_CASE:
-		return domain.SearchMethodStartsWithIgnoreCase
-	default:
-		return -1
-	}
-}
-
-func iamMemberSearchResponseFromModel(resp *iam_model.IAMMemberSearchResponse) *admin.IamMemberSearchResponse {
-	timestamp, err := ptypes.TimestampProto(resp.Timestamp)
-	logging.Log("GRPC-5shu8").OnError(err).Debug("date parse failed")
-	return &admin.IamMemberSearchResponse{
-		Limit:             resp.Limit,
-		Offset:            resp.Offset,
-		TotalResult:       resp.TotalResult,
-		Result:            iamMembersFromView(resp.Result),
-		ProcessedSequence: resp.Sequence,
-		ViewTimestamp:     timestamp,
-	}
-}
-func iamMembersFromView(viewMembers []*iam_model.IAMMemberView) []*admin.IamMemberView {
-	members := make([]*admin.IamMemberView, len(viewMembers))
-
-	for i, member := range viewMembers {
-		members[i] = iamMemberFromView(member)
-	}
-
-	return members
-}
-
-func iamMemberFromView(member *iam_model.IAMMemberView) *admin.IamMemberView {
-	changeDate, err := ptypes.TimestampProto(member.ChangeDate)
-	logging.Log("GRPC-Lso9c").OnError(err).Debug("unable to parse changedate")
-	creationDate, err := ptypes.TimestampProto(member.CreationDate)
-	logging.Log("GRPC-6szE").OnError(err).Debug("unable to parse creation date")
-
-	return &admin.IamMemberView{
-		ChangeDate:   changeDate,
-		CreationDate: creationDate,
-		Roles:        member.Roles,
-		Sequence:     member.Sequence,
-		UserId:       member.UserID,
-		UserName:     member.UserName,
-		Email:        member.Email,
-		FirstName:    member.FirstName,
-		LastName:     member.LastName,
-		DisplayName:  member.DisplayName,
+func ListIAMMemberRequestToModel(req *admin_pb.ListIAMMembersRequest) *model.IAMMemberSearchRequest {
+	return &model.IAMMemberSearchRequest{
+		Offset: req.Query.Offset,
+		Limit:  uint64(req.Query.Limit),
+		Asc:    req.Query.Asc,
+		// SortingColumn: model.IAMMemberSearchKey, //TOOD: not implemented in proto
+		Queries: member_grpc.MemberQueriesToIAMMember(req.Queries),
 	}
 }

internal/api/grpc/admin/iam_member_converter_test.go

@@ -0,0 +1,60 @@
+package admin
+
+import (
+	"testing"
+
+	"github.com/caos/zitadel/internal/test"
+	"github.com/caos/zitadel/pkg/grpc/admin"
+)
+
+func TestAddIAMMemberToDomain(t *testing.T) {
+	type args struct {
+		req *admin.AddIAMMemberRequest
+	}
+	tests := []struct {
+		name string
+		args args
+	}{
+		{
+			name: "all fields filled",
+			args: args{
+				req: &admin.AddIAMMemberRequest{
+					UserId: "1232452",
+					Roles:  []string{"admin"},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := AddIAMMemberToDomain(tt.args.req)
+			test.AssertFieldsMapped(t, got, "ObjectRoot")
+		})
+	}
+}
+
+func TestUpdateIAMMemberToDomain(t *testing.T) {
+	type args struct {
+		req *admin.UpdateIAMMemberRequest
+	}
+	tests := []struct {
+		name string
+		args args
+	}{
+		{
+			name: "all fields filled",
+			args: args{
+				req: &admin.UpdateIAMMemberRequest{
+					UserId: "1232452",
+					Roles:  []string{"admin"},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := UpdateIAMMemberToDomain(tt.args.req)
+			test.AssertFieldsMapped(t, got, "ObjectRoot")
+		})
+	}
+}

internal/api/grpc/admin/idp.go

@@ -0,0 +1,103 @@
+package admin
+
+import (
+	"context"
+
+	idp_grpc "github.com/caos/zitadel/internal/api/grpc/idp"
+	object_pb "github.com/caos/zitadel/internal/api/grpc/object"
+	admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
+)
+
+func (s *Server) GetIDPByID(ctx context.Context, req *admin_pb.GetIDPByIDRequest) (*admin_pb.GetIDPByIDResponse, error) {
+	idp, err := s.query.DefaultIDPConfigByID(ctx, req.Id)
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.GetIDPByIDResponse{Idp: idp_grpc.IDPViewToPb(idp)}, nil
+}
+
+func (s *Server) ListIDPs(ctx context.Context, req *admin_pb.ListIDPsRequest) (*admin_pb.ListIDPsResponse, error) {
+	resp, err := s.iam.SearchIDPConfigs(ctx, listIDPsToModel(req))
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.ListIDPsResponse{
+		Result:  idp_grpc.IDPViewsToPb(resp.Result),
+		Details: object_pb.ToListDetails(resp.TotalResult, resp.Sequence, resp.Timestamp),
+	}, nil
+}
+
+func (s *Server) AddOIDCIDP(ctx context.Context, req *admin_pb.AddOIDCIDPRequest) (*admin_pb.AddOIDCIDPResponse, error) {
+	config, err := s.command.AddDefaultIDPConfig(ctx, addOIDCIDPRequestToDomain(req))
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.AddOIDCIDPResponse{
+		IdpId: config.AggregateID,
+		Details: object_pb.ToDetailsPb(
+			config.Sequence,
+			config.ChangeDate,
+			config.ResourceOwner,
+		),
+	}, nil
+}
+
+func (s *Server) UpdateIDP(ctx context.Context, req *admin_pb.UpdateIDPRequest) (*admin_pb.UpdateIDPResponse, error) {
+	config, err := s.command.ChangeDefaultIDPConfig(ctx, updateIDPToDomain(req))
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.UpdateIDPResponse{
+		Details: object_pb.ToDetailsPb(
+			config.Sequence,
+			config.ChangeDate,
+			config.ResourceOwner,
+		),
+	}, nil
+}
+
+func (s *Server) DeactivateIDP(ctx context.Context, req *admin_pb.DeactivateIDPRequest) (*admin_pb.DeactivateIDPResponse, error) {
+	objectDetails, err := s.command.DeactivateDefaultIDPConfig(ctx, req.IdpId)
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.DeactivateIDPResponse{Details: object_pb.DomainToDetailsPb(objectDetails)}, nil
+}
+
+func (s *Server) ReactivateIDP(ctx context.Context, req *admin_pb.ReactivateIDPRequest) (*admin_pb.ReactivateIDPResponse, error) {
+	objectDetails, err := s.command.ReactivateDefaultIDPConfig(ctx, req.IdpId)
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.ReactivateIDPResponse{Details: object_pb.DomainToDetailsPb(objectDetails)}, nil
+}
+
+func (s *Server) RemoveIDP(ctx context.Context, req *admin_pb.RemoveIDPRequest) (*admin_pb.RemoveIDPResponse, error) {
+	idpProviders, err := s.iam.IDPProvidersByIDPConfigID(ctx, req.IdpId)
+	if err != nil {
+		return nil, err
+	}
+	externalIDPs, err := s.iam.ExternalIDPsByIDPConfigID(ctx, req.IdpId)
+	if err != nil {
+		return nil, err
+	}
+	objectDetails, err := s.command.RemoveDefaultIDPConfig(ctx, req.IdpId, idpProviderViewsToDomain(idpProviders), externalIDPViewsToDomain(externalIDPs)...)
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.RemoveIDPResponse{Details: object_pb.DomainToDetailsPb(objectDetails)}, nil
+}
+
+func (s *Server) UpdateIDPOIDCConfig(ctx context.Context, req *admin_pb.UpdateIDPOIDCConfigRequest) (*admin_pb.UpdateIDPOIDCConfigResponse, error) {
+	config, err := s.command.ChangeDefaultIDPOIDCConfig(ctx, updateOIDCConfigToDomain(req))
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.UpdateIDPOIDCConfigResponse{
+		Details: object_pb.ToDetailsPb(
+			config.Sequence,
+			config.ChangeDate,
+			config.ResourceOwner,
+		),
+	}, nil
+}

internal/api/grpc/admin/idp_config.go

@@ -1,71 +0,0 @@
-package admin
-
-import (
-	"context"
-	"github.com/golang/protobuf/ptypes/empty"
-
-	"github.com/caos/zitadel/pkg/grpc/admin"
-)
-
-func (s *Server) IdpByID(ctx context.Context, id *admin.IdpID) (*admin.IdpView, error) {
-	config, err := s.query.DefaultIDPConfigByID(ctx, id.Id)
-	if err != nil {
-		return nil, err
-	}
-	return idpViewFromDomain(config), nil
-}
-
-func (s *Server) CreateOidcIdp(ctx context.Context, oidcIdpConfig *admin.OidcIdpConfigCreate) (*admin.Idp, error) {
-	config, err := s.command.AddDefaultIDPConfig(ctx, createOIDCIDPToDomain(oidcIdpConfig))
-	if err != nil {
-		return nil, err
-	}
-	return idpFromDomain(config), nil
-}
-
-func (s *Server) UpdateIdpConfig(ctx context.Context, idpConfig *admin.IdpUpdate) (*admin.Idp, error) {
-	config, err := s.command.ChangeDefaultIDPConfig(ctx, updateIdpToDomain(idpConfig))
-	if err != nil {
-		return nil, err
-	}
-	return idpFromDomain(config), nil
-}
-
-func (s *Server) DeactivateIdpConfig(ctx context.Context, id *admin.IdpID) (*empty.Empty, error) {
-	err := s.command.DeactivateDefaultIDPConfig(ctx, id.Id)
-	return &empty.Empty{}, err
-}
-
-func (s *Server) ReactivateIdpConfig(ctx context.Context, id *admin.IdpID) (*empty.Empty, error) {
-	err := s.command.ReactivateDefaultIDPConfig(ctx, id.Id)
-	return &empty.Empty{}, err
-}
-
-func (s *Server) RemoveIdpConfig(ctx context.Context, id *admin.IdpID) (*empty.Empty, error) {
-	idpProviders, err := s.iam.IDPProvidersByIDPConfigID(ctx, id.Id)
-	if err != nil {
-		return &empty.Empty{}, err
-	}
-	externalIDPs, err := s.iam.ExternalIDPsByIDPConfigID(ctx, id.Id)
-	if err != nil {
-		return &empty.Empty{}, err
-	}
-	err = s.command.RemoveDefaultIDPConfig(ctx, id.Id, idpProviderViewsToDomain(idpProviders), externalIDPViewsToDomain(externalIDPs)...)
-	return &empty.Empty{}, err
-}
-
-func (s *Server) UpdateOidcIdpConfig(ctx context.Context, request *admin.OidcIdpConfigUpdate) (*admin.OidcIdpConfig, error) {
-	config, err := s.command.ChangeDefaultIDPOIDCConfig(ctx, updateOIDCIDPToDomain(request))
-	if err != nil {
-		return nil, err
-	}
-	return oidcIDPConfigFromDomain(config), nil
-}
-
-func (s *Server) SearchIdps(ctx context.Context, request *admin.IdpSearchRequest) (*admin.IdpSearchResponse, error) {
-	response, err := s.iam.SearchIDPConfigs(ctx, idpConfigSearchRequestToModel(request))
-	if err != nil {
-		return nil, err
-	}
-	return idpConfigSearchResponseFromModel(response), nil
-}

internal/api/grpc/admin/idp_config_converter.go

@@ -1,283 +0,0 @@
-package admin
-
-import (
-	"github.com/caos/logging"
-	"github.com/caos/zitadel/internal/domain"
-	"github.com/caos/zitadel/internal/eventstore/v1/models"
-	iam_model "github.com/caos/zitadel/internal/iam/model"
-	"github.com/caos/zitadel/pkg/grpc/admin"
-	"github.com/golang/protobuf/ptypes"
-	"google.golang.org/protobuf/types/known/timestamppb"
-)
-
-func createOIDCIDPToDomain(idp *admin.OidcIdpConfigCreate) *domain.IDPConfig {
-	return &domain.IDPConfig{
-		Name:        idp.Name,
-		StylingType: idpConfigStylingTypeToDomain(idp.StylingType),
-		Type:        domain.IDPConfigTypeOIDC,
-		OIDCConfig: &domain.OIDCIDPConfig{
-			ClientID:              idp.ClientId,
-			ClientSecretString:    idp.ClientSecret,
-			Issuer:                idp.Issuer,
-			Scopes:                idp.Scopes,
-			IDPDisplayNameMapping: oidcMappingFieldToDomain(idp.IdpDisplayNameMapping),
-			UsernameMapping:       oidcMappingFieldToDomain(idp.UsernameMapping),
-		},
-	}
-}
-
-func updateIdpToDomain(idp *admin.IdpUpdate) *domain.IDPConfig {
-	return &domain.IDPConfig{
-		IDPConfigID: idp.Id,
-		Name:        idp.Name,
-		StylingType: idpConfigStylingTypeToDomain(idp.StylingType),
-	}
-}
-
-func updateOIDCIDPToDomain(idp *admin.OidcIdpConfigUpdate) *domain.OIDCIDPConfig {
-	return &domain.OIDCIDPConfig{
-		IDPConfigID:           idp.IdpId,
-		ClientID:              idp.ClientId,
-		ClientSecretString:    idp.ClientSecret,
-		Issuer:                idp.Issuer,
-		Scopes:                idp.Scopes,
-		IDPDisplayNameMapping: oidcMappingFieldToDomain(idp.IdpDisplayNameMapping),
-		UsernameMapping:       oidcMappingFieldToDomain(idp.UsernameMapping),
-	}
-}
-
-func idpFromDomain(idp *domain.IDPConfig) *admin.Idp {
-	return &admin.Idp{
-		Id:          idp.IDPConfigID,
-		ChangeDate:  timestamppb.New(idp.ChangeDate),
-		Sequence:    idp.Sequence,
-		Name:        idp.Name,
-		StylingType: idpConfigStylingTypeFromDomain(idp.StylingType),
-		State:       idpConfigStateFromDomain(idp.State),
-		IdpConfig:   idpConfigFromDomain(idp),
-	}
-}
-
-func idpViewFromDomain(idp *domain.IDPConfigView) *admin.IdpView {
-	creationDate, err := ptypes.TimestampProto(idp.CreationDate)
-	logging.Log("GRPC-8dju8").OnError(err).Debug("date parse failed")
-
-	changeDate, err := ptypes.TimestampProto(idp.ChangeDate)
-	logging.Log("GRPC-Dsj8i").OnError(err).Debug("date parse failed")
-
-	return &admin.IdpView{
-		Id:            idp.IDPConfigID,
-		CreationDate:  creationDate,
-		ChangeDate:    changeDate,
-		Sequence:      idp.Sequence,
-		Name:          idp.Name,
-		StylingType:   admin.IdpStylingType(idp.StylingType),
-		State:         admin.IdpState(idp.State),
-		IdpConfigView: idpConfigViewFromDomain(idp),
-	}
-}
-
-func idpViewFromModel(idp *iam_model.IDPConfigView) *admin.IdpView {
-	creationDate, err := ptypes.TimestampProto(idp.CreationDate)
-	logging.Log("GRPC-8dju8").OnError(err).Debug("date parse failed")
-
-	changeDate, err := ptypes.TimestampProto(idp.ChangeDate)
-	logging.Log("GRPC-Dsj8i").OnError(err).Debug("date parse failed")
-
-	return &admin.IdpView{
-		Id:            idp.IDPConfigID,
-		CreationDate:  creationDate,
-		ChangeDate:    changeDate,
-		Sequence:      idp.Sequence,
-		Name:          idp.Name,
-		StylingType:   admin.IdpStylingType(idp.StylingType),
-		State:         admin.IdpState(idp.State),
-		IdpConfigView: idpConfigViewFromModel(idp),
-	}
-}
-
-func idpConfigFromDomain(idp *domain.IDPConfig) *admin.Idp_OidcConfig {
-	if idp.Type == domain.IDPConfigTypeOIDC {
-		return &admin.Idp_OidcConfig{
-			OidcConfig: oidcIDPConfigFromDomain(idp.OIDCConfig),
-		}
-	}
-	return nil
-}
-
-func oidcIDPConfigFromDomain(idp *domain.OIDCIDPConfig) *admin.OidcIdpConfig {
-	return &admin.OidcIdpConfig{
-		ClientId: idp.ClientID,
-		Issuer:   idp.Issuer,
-		Scopes:   idp.Scopes,
-	}
-}
-
-func idpConfigViewFromDomain(idp *domain.IDPConfigView) *admin.IdpView_OidcConfig {
-	if idp.IsOIDC {
-		return &admin.IdpView_OidcConfig{
-			OidcConfig: oidcIdpConfigViewFromDomain(idp),
-		}
-	}
-	return nil
-}
-
-func idpConfigViewFromModel(idp *iam_model.IDPConfigView) *admin.IdpView_OidcConfig {
-	if idp.IsOIDC {
-		return &admin.IdpView_OidcConfig{
-			OidcConfig: oidcIdpConfigViewFromModel(idp),
-		}
-	}
-	return nil
-}
-
-func oidcIdpConfigViewFromDomain(idp *domain.IDPConfigView) *admin.OidcIdpConfigView {
-	return &admin.OidcIdpConfigView{
-		ClientId:              idp.OIDCClientID,
-		Issuer:                idp.OIDCIssuer,
-		Scopes:                idp.OIDCScopes,
-		IdpDisplayNameMapping: oidcMappingFieldFromDomain(idp.OIDCIDPDisplayNameMapping),
-		UsernameMapping:       oidcMappingFieldFromDomain(idp.OIDCUsernameMapping),
-	}
-}
-
-func oidcIdpConfigViewFromModel(idp *iam_model.IDPConfigView) *admin.OidcIdpConfigView {
-	return &admin.OidcIdpConfigView{
-		ClientId:              idp.OIDCClientID,
-		Issuer:                idp.OIDCIssuer,
-		Scopes:                idp.OIDCScopes,
-		IdpDisplayNameMapping: admin.OIDCMappingField(idp.OIDCIDPDisplayNameMapping),
-		UsernameMapping:       admin.OIDCMappingField(idp.OIDCUsernameMapping),
-	}
-}
-
-func idpConfigStateFromDomain(state domain.IDPConfigState) admin.IdpState {
-	switch state {
-	case domain.IDPConfigStateActive:
-		return admin.IdpState_IDPCONFIGSTATE_ACTIVE
-	case domain.IDPConfigStateInactive:
-		return admin.IdpState_IDPCONFIGSTATE_INACTIVE
-	default:
-		return admin.IdpState_IDPCONFIGSTATE_UNSPECIFIED
-	}
-}
-
-func oidcMappingFieldFromDomain(field domain.OIDCMappingField) admin.OIDCMappingField {
-	switch field {
-	case domain.OIDCMappingFieldPreferredLoginName:
-		return admin.OIDCMappingField_OIDCMAPPINGFIELD_PREFERRED_USERNAME
-	case domain.OIDCMappingFieldEmail:
-		return admin.OIDCMappingField_OIDCMAPPINGFIELD_EMAIL
-	default:
-		return admin.OIDCMappingField_OIDCMAPPINGFIELD_UNSPECIFIED
-	}
-}
-
-func oidcMappingFieldToDomain(field admin.OIDCMappingField) domain.OIDCMappingField {
-	switch field {
-	case admin.OIDCMappingField_OIDCMAPPINGFIELD_PREFERRED_USERNAME:
-		return domain.OIDCMappingFieldPreferredLoginName
-	case admin.OIDCMappingField_OIDCMAPPINGFIELD_EMAIL:
-		return domain.OIDCMappingFieldEmail
-	default:
-		return domain.OIDCMappingFieldPreferredLoginName
-	}
-}
-
-func idpConfigSearchRequestToModel(request *admin.IdpSearchRequest) *iam_model.IDPConfigSearchRequest {
-	return &iam_model.IDPConfigSearchRequest{
-		Limit:   request.Limit,
-		Offset:  request.Offset,
-		Queries: idpConfigSearchQueriesToModel(request.Queries),
-	}
-}
-
-func idpConfigSearchQueriesToModel(queries []*admin.IdpSearchQuery) []*iam_model.IDPConfigSearchQuery {
-	modelQueries := make([]*iam_model.IDPConfigSearchQuery, len(queries))
-	for i, query := range queries {
-		modelQueries[i] = idpConfigSearchQueryToModel(query)
-	}
-
-	return modelQueries
-}
-
-func idpConfigSearchQueryToModel(query *admin.IdpSearchQuery) *iam_model.IDPConfigSearchQuery {
-	return &iam_model.IDPConfigSearchQuery{
-		Key:    idpConfigSearchKeyToModel(query.Key),
-		Method: searchMethodToModel(query.Method),
-		Value:  query.Value,
-	}
-}
-
-func idpConfigSearchKeyToModel(key admin.IdpSearchKey) iam_model.IDPConfigSearchKey {
-	switch key {
-	case admin.IdpSearchKey_IDPSEARCHKEY_IDP_CONFIG_ID:
-		return iam_model.IDPConfigSearchKeyIdpConfigID
-	case admin.IdpSearchKey_IDPSEARCHKEY_NAME:
-		return iam_model.IDPConfigSearchKeyName
-	default:
-		return iam_model.IDPConfigSearchKeyUnspecified
-	}
-}
-
-func idpConfigSearchResponseFromModel(resp *iam_model.IDPConfigSearchResponse) *admin.IdpSearchResponse {
-	timestamp, err := ptypes.TimestampProto(resp.Timestamp)
-	logging.Log("GRPC-KSi8c").OnError(err).Debug("date parse failed")
-	return &admin.IdpSearchResponse{
-		Limit:             resp.Limit,
-		Offset:            resp.Offset,
-		TotalResult:       resp.TotalResult,
-		Result:            idpConfigsFromView(resp.Result),
-		ProcessedSequence: resp.Sequence,
-		ViewTimestamp:     timestamp,
-	}
-}
-
-func idpConfigsFromView(viewIdps []*iam_model.IDPConfigView) []*admin.IdpView {
-	idps := make([]*admin.IdpView, len(viewIdps))
-	for i, idp := range viewIdps {
-		idps[i] = idpViewFromModel(idp)
-	}
-	return idps
-}
-
-func idpConfigStylingTypeFromDomain(stylingType domain.IDPConfigStylingType) admin.IdpStylingType {
-	switch stylingType {
-	case domain.IDPConfigStylingTypeGoogle:
-		return admin.IdpStylingType_IDPSTYLINGTYPE_GOOGLE
-	default:
-		return admin.IdpStylingType_IDPSTYLINGTYPE_UNSPECIFIED
-	}
-}
-
-func idpConfigStylingTypeToDomain(stylingType admin.IdpStylingType) domain.IDPConfigStylingType {
-	switch stylingType {
-	case admin.IdpStylingType_IDPSTYLINGTYPE_GOOGLE:
-		return domain.IDPConfigStylingTypeGoogle
-	default:
-		return domain.IDPConfigStylingTypeUnspecified
-	}
-}
-
-func idpConfigTypeToDomain(idpType iam_model.IDPProviderType) domain.IdentityProviderType {
-	switch idpType {
-	case iam_model.IDPProviderTypeOrg:
-		return domain.IdentityProviderTypeOrg
-	default:
-		return domain.IdentityProviderTypeSystem
-	}
-}
-
-func idpProviderViewsToDomain(idps []*iam_model.IDPProviderView) []*domain.IDPProvider {
-	idpProvider := make([]*domain.IDPProvider, len(idps))
-	for i, idp := range idps {
-		idpProvider[i] = &domain.IDPProvider{
-			ObjectRoot: models.ObjectRoot{
-				AggregateID: idp.AggregateID,
-			},
-			IDPConfigID: idp.IDPConfigID,
-			Type:        idpConfigTypeToDomain(idp.IDPProviderType),
-		}
-	}
-	return idpProvider
-}

internal/api/grpc/admin/idp_converter.go

@@ -0,0 +1,119 @@
+package admin
+
+import (
+	idp_grpc "github.com/caos/zitadel/internal/api/grpc/idp"
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/eventstore/v1/models"
+	iam_model "github.com/caos/zitadel/internal/iam/model"
+	user_model "github.com/caos/zitadel/internal/user/model"
+	admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
+)
+
+func addOIDCIDPRequestToDomain(req *admin_pb.AddOIDCIDPRequest) *domain.IDPConfig {
+	return &domain.IDPConfig{
+		Name:        req.Name,
+		OIDCConfig:  addOIDCIDPRequestToDomainOIDCIDPConfig(req),
+		StylingType: idp_grpc.IDPStylingTypeToDomain(req.StylingType),
+		Type:        domain.IDPConfigTypeOIDC,
+	}
+}
+
+func addOIDCIDPRequestToDomainOIDCIDPConfig(req *admin_pb.AddOIDCIDPRequest) *domain.OIDCIDPConfig {
+	return &domain.OIDCIDPConfig{
+		ClientID:              req.ClientId,
+		ClientSecretString:    req.ClientSecret,
+		Issuer:                req.Issuer,
+		Scopes:                req.Scopes,
+		IDPDisplayNameMapping: idp_grpc.MappingFieldToDomain(req.DisplayNameMapping),
+		UsernameMapping:       idp_grpc.MappingFieldToDomain(req.UsernameMapping),
+	}
+}
+
+func updateIDPToDomain(req *admin_pb.UpdateIDPRequest) *domain.IDPConfig {
+	return &domain.IDPConfig{
+		IDPConfigID: req.IdpId,
+		Name:        req.Name,
+		StylingType: idp_grpc.IDPStylingTypeToDomain(req.StylingType),
+	}
+}
+
+func updateOIDCConfigToDomain(req *admin_pb.UpdateIDPOIDCConfigRequest) *domain.OIDCIDPConfig {
+	return &domain.OIDCIDPConfig{
+		IDPConfigID:           req.IdpId,
+		ClientID:              req.ClientId,
+		ClientSecretString:    req.ClientSecret,
+		Issuer:                req.Issuer,
+		Scopes:                req.Scopes,
+		IDPDisplayNameMapping: idp_grpc.MappingFieldToDomain(req.DisplayNameMapping),
+		UsernameMapping:       idp_grpc.MappingFieldToDomain(req.UsernameMapping),
+	}
+}
+
+func listIDPsToModel(req *admin_pb.ListIDPsRequest) *iam_model.IDPConfigSearchRequest {
+	return &iam_model.IDPConfigSearchRequest{
+		Offset:        req.Query.Offset,
+		Limit:         uint64(req.Query.Limit),
+		Asc:           req.Query.Asc,
+		SortingColumn: idp_grpc.FieldNameToModel(req.SortingColumn),
+		Queries:       idpQueriesToModel(req.Queries),
+	}
+}
+
+func idpQueriesToModel(queries []*admin_pb.IDPQuery) []*iam_model.IDPConfigSearchQuery {
+	q := make([]*iam_model.IDPConfigSearchQuery, len(queries))
+	for i, query := range queries {
+		q[i] = idpQueryToModel(query)
+	}
+
+	return q
+}
+
+func idpQueryToModel(query *admin_pb.IDPQuery) *iam_model.IDPConfigSearchQuery {
+	switch q := query.Query.(type) {
+	case *admin_pb.IDPQuery_IdpNameQuery:
+		return idp_grpc.IDPNameQueryToModel(q.IdpNameQuery)
+	case *admin_pb.IDPQuery_IdpIdQuery:
+		return idp_grpc.IDPIDQueryToModel(q.IdpIdQuery)
+	default:
+		return nil
+	}
+}
+
+func idpProviderViewsToDomain(idps []*iam_model.IDPProviderView) []*domain.IDPProvider {
+	idpProvider := make([]*domain.IDPProvider, len(idps))
+	for i, idp := range idps {
+		idpProvider[i] = &domain.IDPProvider{
+			ObjectRoot: models.ObjectRoot{
+				AggregateID: idp.AggregateID,
+			},
+			IDPConfigID: idp.IDPConfigID,
+			Type:        idpConfigTypeToDomain(idp.IDPProviderType),
+		}
+	}
+	return idpProvider
+}
+
+func idpConfigTypeToDomain(idpType iam_model.IDPProviderType) domain.IdentityProviderType {
+	switch idpType {
+	case iam_model.IDPProviderTypeOrg:
+		return domain.IdentityProviderTypeOrg
+	default:
+		return domain.IdentityProviderTypeSystem
+	}
+}
+
+func externalIDPViewsToDomain(idps []*user_model.ExternalIDPView) []*domain.ExternalIDP {
+	externalIDPs := make([]*domain.ExternalIDP, len(idps))
+	for i, idp := range idps {
+		externalIDPs[i] = &domain.ExternalIDP{
+			ObjectRoot: models.ObjectRoot{
+				AggregateID:   idp.UserID,
+				ResourceOwner: idp.ResourceOwner,
+			},
+			IDPConfigID:    idp.IDPConfigID,
+			ExternalUserID: idp.ExternalUserID,
+			DisplayName:    idp.UserDisplayName,
+		}
+	}
+	return externalIDPs
+}

internal/api/grpc/admin/idp_converter_test.go

@@ -0,0 +1,149 @@
+package admin
+
+import (
+	"testing"
+
+	"github.com/caos/zitadel/internal/test"
+	admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
+	"github.com/caos/zitadel/pkg/grpc/idp"
+)
+
+func Test_addOIDCIDPRequestToDomain(t *testing.T) {
+	type args struct {
+		req *admin_pb.AddOIDCIDPRequest
+	}
+	tests := []struct {
+		name string
+		args args
+	}{
+		{
+			name: "all fields filled",
+			args: args{
+				req: &admin_pb.AddOIDCIDPRequest{
+					Name:               "ZITADEL",
+					StylingType:        idp.IDPStylingType_STYLING_TYPE_GOOGLE,
+					ClientId:           "test1234",
+					ClientSecret:       "test4321",
+					Issuer:             "zitadel.ch",
+					Scopes:             []string{"email", "profile"},
+					DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL,
+					UsernameMapping:    idp.OIDCMappingField_OIDC_MAPPING_FIELD_PREFERRED_USERNAME,
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := addOIDCIDPRequestToDomain(tt.args.req)
+			test.AssertFieldsMapped(t, got,
+				"ObjectRoot",
+				"OIDCConfig.ClientSecret",
+				"OIDCConfig.ObjectRoot",
+				"OIDCConfig.IDPConfigID",
+				"IDPConfigID",
+				"State",
+				"Type", //TODO: default (0) is oidc
+			)
+		})
+	}
+}
+
+func Test_addOIDCIDPRequestToDomainOIDCIDPConfig(t *testing.T) {
+	type args struct {
+		req *admin_pb.AddOIDCIDPRequest
+	}
+	tests := []struct {
+		name string
+		args args
+	}{
+		{
+			name: "all fields filled",
+			args: args{
+				req: &admin_pb.AddOIDCIDPRequest{
+					ClientId:           "test1234",
+					ClientSecret:       "test4321",
+					Issuer:             "zitadel.ch",
+					Scopes:             []string{"email", "profile"},
+					DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL,
+					UsernameMapping:    idp.OIDCMappingField_OIDC_MAPPING_FIELD_PREFERRED_USERNAME,
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := addOIDCIDPRequestToDomainOIDCIDPConfig(tt.args.req)
+			test.AssertFieldsMapped(t, got,
+				"ObjectRoot",
+				"ClientSecret", //TODO: is client secret string enough for backend?
+				"IDPConfigID",
+			)
+		})
+	}
+}
+
+func Test_updateIDPToDomain(t *testing.T) {
+	type args struct {
+		req *admin_pb.UpdateIDPRequest
+	}
+	tests := []struct {
+		name string
+		args args
+	}{
+		{
+			name: "all fields filled",
+			args: args{
+				req: &admin_pb.UpdateIDPRequest{
+					Id:          "13523",
+					Name:        "new name",
+					StylingType: idp.IDPStylingType_STYLING_TYPE_GOOGLE,
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := updateIDPToDomain(tt.args.req)
+			test.AssertFieldsMapped(t, got,
+				"ObjectRoot",
+				"OIDCConfig",
+				"State",
+				"Type", //TODO: type should not be changeable
+			)
+		})
+	}
+}
+
+func Test_updateOIDCConfigToDomain(t *testing.T) {
+	type args struct {
+		req *admin_pb.UpdateIDPOIDCConfigRequest
+	}
+	tests := []struct {
+		name string
+		args args
+	}{
+		{
+			name: "all fields filled",
+			args: args{
+				req: &admin_pb.UpdateIDPOIDCConfigRequest{
+					IdpId:              "4208",
+					Issuer:             "zitadel.ch",
+					ClientId:           "ZITEADEL",
+					ClientSecret:       "i'm so secret",
+					Scopes:             []string{"profile"},
+					DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL,
+					UsernameMapping:    idp.OIDCMappingField_OIDC_MAPPING_FIELD_PREFERRED_USERNAME,
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := updateOIDCConfigToDomain(tt.args.req)
+			test.AssertFieldsMapped(t, got,
+				"ObjectRoot",
+				"ClientSecret",
+			)
+		})
+	}
+}

internal/api/grpc/admin/information.go

@@ -0,0 +1,11 @@
+package admin
+
+import (
+	"context"
+
+	"github.com/caos/zitadel/pkg/grpc/admin"
+)
+
+func (s *Server) Healthz(context.Context, *admin.HealthzRequest) (*admin.HealthzResponse, error) {
+	return &admin.HealthzResponse{}, nil
+}

internal/api/grpc/admin/label_policy.go

@@ -3,22 +3,29 @@ package admin
 import (
 	"context"
 
-	"github.com/caos/zitadel/pkg/grpc/admin"
-	"github.com/golang/protobuf/ptypes/empty"
+	"github.com/caos/zitadel/internal/api/grpc/object"
+	policy_grpc "github.com/caos/zitadel/internal/api/grpc/policy"
+	admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
 )
 
-func (s *Server) GetDefaultLabelPolicy(ctx context.Context, _ *empty.Empty) (*admin.DefaultLabelPolicyView, error) {
-	result, err := s.iam.GetDefaultLabelPolicy(ctx)
+func (s *Server) GetLabelPolicy(ctx context.Context, req *admin_pb.GetLabelPolicyRequest) (*admin_pb.GetLabelPolicyResponse, error) {
+	policy, err := s.iam.GetDefaultLabelPolicy(ctx)
 	if err != nil {
 		return nil, err
 	}
-	return labelPolicyViewFromModel(result), nil
+	return &admin_pb.GetLabelPolicyResponse{Policy: policy_grpc.ModelLabelPolicyToPb(policy)}, nil
 }
 
-func (s *Server) UpdateDefaultLabelPolicy(ctx context.Context, policy *admin.DefaultLabelPolicyUpdate) (*admin.DefaultLabelPolicy, error) {
-	result, err := s.command.ChangeDefaultLabelPolicy(ctx, labelPolicyToDomain(policy))
+func (s *Server) UpdateLabelPolicy(ctx context.Context, req *admin_pb.UpdateLabelPolicyRequest) (*admin_pb.UpdateLabelPolicyResponse, error) {
+	policy, err := s.command.ChangeDefaultLabelPolicy(ctx, updateLabelPolicyToDomain(req))
 	if err != nil {
 		return nil, err
 	}
-	return labelPolicyFromDomain(result), nil
+	return &admin_pb.UpdateLabelPolicyResponse{
+		Details: object.ToDetailsPb(
+			policy.Sequence,
+			policy.ChangeDate,
+			policy.ResourceOwner,
+		),
+	}, nil
 }

internal/api/grpc/admin/label_policy_converter.go

@@ -1,40 +1,13 @@
 package admin
 
 import (
-	"github.com/caos/logging"
 	"github.com/caos/zitadel/internal/domain"
-	iam_model "github.com/caos/zitadel/internal/iam/model"
-	"github.com/caos/zitadel/pkg/grpc/admin"
-	"github.com/golang/protobuf/ptypes"
-	"google.golang.org/protobuf/types/known/timestamppb"
+	admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
 )
 
-func labelPolicyToDomain(policy *admin.DefaultLabelPolicyUpdate) *domain.LabelPolicy {
+func updateLabelPolicyToDomain(policy *admin_pb.UpdateLabelPolicyRequest) *domain.LabelPolicy {
 	return &domain.LabelPolicy{
 		PrimaryColor:   policy.PrimaryColor,
 		SecondaryColor: policy.SecondaryColor,
 	}
 }
-
-func labelPolicyFromDomain(policy *domain.LabelPolicy) *admin.DefaultLabelPolicy {
-	return &admin.DefaultLabelPolicy{
-		PrimaryColor:   policy.PrimaryColor,
-		SecondaryColor: policy.SecondaryColor,
-		ChangeDate:     timestamppb.New(policy.ChangeDate),
-	}
-}
-
-func labelPolicyViewFromModel(policy *iam_model.LabelPolicyView) *admin.DefaultLabelPolicyView {
-	creationDate, err := ptypes.TimestampProto(policy.CreationDate)
-	logging.Log("ADMIN-zMnlF").OnError(err).Debug("date parse failed")
-
-	changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
-	logging.Log("ADMIN-Vhvfp").OnError(err).Debug("date parse failed")
-
-	return &admin.DefaultLabelPolicyView{
-		PrimaryColor:   policy.PrimaryColor,
-		SecondaryColor: policy.SecondaryColor,
-		CreationDate:   creationDate,
-		ChangeDate:     changeDate,
-	}
-}

internal/api/grpc/admin/login_policy.go

@@ -2,89 +2,138 @@ package admin
 
 import (
 	"context"
-	"github.com/caos/zitadel/pkg/grpc/admin"
-	"github.com/golang/protobuf/ptypes/empty"
+	"github.com/caos/zitadel/internal/api/grpc/user"
+	"time"
+
+	"github.com/caos/zitadel/internal/api/grpc/idp"
+	"github.com/caos/zitadel/internal/api/grpc/object"
+	"github.com/caos/zitadel/internal/api/grpc/policy"
+	policy_grpc "github.com/caos/zitadel/internal/api/grpc/policy"
+	"github.com/caos/zitadel/internal/domain"
+	admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
 )
 
-func (s *Server) GetDefaultLoginPolicy(ctx context.Context, _ *empty.Empty) (*admin.DefaultLoginPolicyView, error) {
-	result, err := s.iam.GetDefaultLoginPolicy(ctx)
+func (s *Server) GetLoginPolicy(ctx context.Context, _ *admin_pb.GetLoginPolicyRequest) (*admin_pb.GetLoginPolicyResponse, error) {
+	policy, err := s.iam.GetDefaultLoginPolicy(ctx)
 	if err != nil {
 		return nil, err
 	}
-	return loginPolicyViewFromModel(result), nil
+	return &admin_pb.GetLoginPolicyResponse{Policy: policy_grpc.ModelLoginPolicyToPb(policy)}, nil
 }
 
-func (s *Server) UpdateDefaultLoginPolicy(ctx context.Context, policy *admin.DefaultLoginPolicyRequest) (*admin.DefaultLoginPolicy, error) {
-	result, err := s.command.ChangeDefaultLoginPolicy(ctx, loginPolicyToDomain(policy))
+func (s *Server) UpdateLoginPolicy(ctx context.Context, p *admin_pb.UpdateLoginPolicyRequest) (*admin_pb.UpdateLoginPolicyResponse, error) {
+	policy, err := s.command.ChangeDefaultLoginPolicy(ctx, updateLoginPolicyToDomain(p))
 	if err != nil {
 		return nil, err
 	}
-	return loginPolicyFromDomain(result), nil
+	return &admin_pb.UpdateLoginPolicyResponse{
+		Details: object.ToDetailsPb(
+			policy.Sequence,
+			policy.ChangeDate,
+			policy.ResourceOwner,
+		),
+	}, nil
 }
 
-func (s *Server) GetDefaultLoginPolicyIdpProviders(ctx context.Context, request *admin.IdpProviderSearchRequest) (*admin.IdpProviderSearchResponse, error) {
-	result, err := s.iam.SearchDefaultIDPProviders(ctx, idpProviderSearchRequestToModel(request))
+func (s *Server) ListLoginPolicyIDPs(ctx context.Context, req *admin_pb.ListLoginPolicyIDPsRequest) (*admin_pb.ListLoginPolicyIDPsResponse, error) {
+	res, err := s.iam.SearchDefaultIDPProviders(ctx, ListLoginPolicyIDPsRequestToModel(req))
 	if err != nil {
 		return nil, err
 	}
-	return idpProviderSearchResponseFromModel(result), nil
+	return &admin_pb.ListLoginPolicyIDPsResponse{
+		Result:  idp.ExternalIDPViewsToLoginPolicyLinkPb(res.Result),
+		Details: object.ToListDetails(res.TotalResult, res.Sequence, res.Timestamp),
+	}, nil
 }
 
-func (s *Server) AddIdpProviderToDefaultLoginPolicy(ctx context.Context, provider *admin.IdpProviderID) (*admin.IdpProviderID, error) {
-	result, err := s.command.AddIDPProviderToDefaultLoginPolicy(ctx, idpProviderToDomain(provider))
+func (s *Server) AddIDPToLoginPolicy(ctx context.Context, req *admin_pb.AddIDPToLoginPolicyRequest) (*admin_pb.AddIDPToLoginPolicyResponse, error) {
+	idp, err := s.command.AddIDPProviderToDefaultLoginPolicy(ctx, &domain.IDPProvider{IDPConfigID: req.IdpId}) //TODO: old way was to also add type but this doesnt make sense in my point of view
 	if err != nil {
 		return nil, err
 	}
-	return idpProviderFromDomain(result), nil
+	return &admin_pb.AddIDPToLoginPolicyResponse{
+		Details: object.ToDetailsPb(
+			idp.Sequence,
+			idp.ChangeDate,
+			idp.ResourceOwner,
+		),
+	}, nil
 }
 
-func (s *Server) RemoveIdpProviderFromDefaultLoginPolicy(ctx context.Context, provider *admin.IdpProviderID) (*empty.Empty, error) {
-	externalIDPs, err := s.iam.ExternalIDPsByIDPConfigIDFromDefaultPolicy(ctx, provider.IdpConfigId)
+func (s *Server) RemoveIDPFromLoginPolicy(ctx context.Context, req *admin_pb.RemoveIDPFromLoginPolicyRequest) (*admin_pb.RemoveIDPFromLoginPolicyResponse, error) {
+	externalIDPs, err := s.iam.ExternalIDPsByIDPConfigID(ctx, req.IdpId)
 	if err != nil {
-		return &empty.Empty{}, err
+		return nil, err
 	}
-	err = s.command.RemoveIDPProviderFromDefaultLoginPolicy(ctx, idpProviderToDomain(provider), externalIDPViewsToDomain(externalIDPs)...)
-	return &empty.Empty{}, err
+	objectDetails, err := s.command.RemoveIDPProviderFromDefaultLoginPolicy(ctx, &domain.IDPProvider{IDPConfigID: req.IdpId}, user.ExternalIDPViewsToExternalIDPs(externalIDPs)...)
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.RemoveIDPFromLoginPolicyResponse{
+		Details: object.DomainToDetailsPb(objectDetails),
+	}, nil
 }
 
-func (s *Server) GetDefaultLoginPolicySecondFactors(ctx context.Context, _ *empty.Empty) (*admin.SecondFactorsResult, error) {
+func (s *Server) ListLoginPolicySecondFactors(ctx context.Context, req *admin_pb.ListLoginPolicySecondFactorsRequest) (*admin_pb.ListLoginPolicySecondFactorsResponse, error) {
 	result, err := s.iam.SearchDefaultSecondFactors(ctx)
 	if err != nil {
 		return nil, err
 	}
-	return secondFactorsResultFromModel(result), nil
+	return &admin_pb.ListLoginPolicySecondFactorsResponse{
+		//TODO: missing values from res
+		Details: object.ToListDetails(result.TotalResult, 0, time.Time{}),
+		Result:  policy.ModelSecondFactorTypesToPb(result.Result),
+	}, nil
 }
 
-func (s *Server) AddSecondFactorToDefaultLoginPolicy(ctx context.Context, mfa *admin.SecondFactor) (*admin.SecondFactor, error) {
-	result, err := s.command.AddSecondFactorToDefaultLoginPolicy(ctx, secondFactorTypeToDomain(mfa))
+func (s *Server) AddSecondFactorToLoginPolicy(ctx context.Context, req *admin_pb.AddSecondFactorToLoginPolicyRequest) (*admin_pb.AddSecondFactorToLoginPolicyResponse, error) {
+	_, objectDetails, err := s.command.AddSecondFactorToDefaultLoginPolicy(ctx, policy.SecondFactorTypeToDomain(req.Type))
 	if err != nil {
 		return nil, err
 	}
-	return secondFactorFromDomain(result), nil
+	return &admin_pb.AddSecondFactorToLoginPolicyResponse{
+		Details: object.DomainToDetailsPb(objectDetails),
+	}, nil
 }
 
-func (s *Server) RemoveSecondFactorFromDefaultLoginPolicy(ctx context.Context, mfa *admin.SecondFactor) (*empty.Empty, error) {
-	err := s.command.RemoveSecondFactorFromDefaultLoginPolicy(ctx, secondFactorTypeToDomain(mfa))
-	return &empty.Empty{}, err
-}
-
-func (s *Server) GetDefaultLoginPolicyMultiFactors(ctx context.Context, _ *empty.Empty) (*admin.MultiFactorsResult, error) {
-	result, err := s.iam.SearchDefaultMultiFactors(ctx)
+func (s *Server) RemoveSecondFactorFromLoginPolicy(ctx context.Context, req *admin_pb.RemoveSecondFactorFromLoginPolicyRequest) (*admin_pb.RemoveSecondFactorFromLoginPolicyResponse, error) {
+	objectDetails, err := s.command.RemoveSecondFactorFromDefaultLoginPolicy(ctx, policy.SecondFactorTypeToDomain(req.Type))
 	if err != nil {
 		return nil, err
 	}
-	return multiFactorResultFromModel(result), nil
+	return &admin_pb.RemoveSecondFactorFromLoginPolicyResponse{
+		Details: object.DomainToDetailsPb(objectDetails),
+	}, nil
 }
 
-func (s *Server) AddMultiFactorToDefaultLoginPolicy(ctx context.Context, mfa *admin.MultiFactor) (*admin.MultiFactor, error) {
-	result, err := s.command.AddMultiFactorToDefaultLoginPolicy(ctx, multiFactorTypeToDomain(mfa))
+func (s *Server) ListLoginPolicyMultiFactors(ctx context.Context, req *admin_pb.ListLoginPolicyMultiFactorsRequest) (*admin_pb.ListLoginPolicyMultiFactorsResponse, error) {
+	res, err := s.iam.SearchDefaultMultiFactors(ctx)
 	if err != nil {
 		return nil, err
 	}
-	return multiFactorFromDomain(result), nil
+	return &admin_pb.ListLoginPolicyMultiFactorsResponse{
+		//TODO: additional values
+		Details: object.ToListDetails(res.TotalResult, 0, time.Time{}),
+		Result:  policy.ModelMultiFactorTypesToPb(res.Result),
+	}, nil
 }
 
-func (s *Server) RemoveMultiFactorFromDefaultLoginPolicy(ctx context.Context, mfa *admin.MultiFactor) (*empty.Empty, error) {
-	err := s.command.RemoveMultiFactorFromDefaultLoginPolicy(ctx, multiFactorTypeToDomain(mfa))
-	return &empty.Empty{}, err
+func (s *Server) AddMultiFactorToLoginPolicy(ctx context.Context, req *admin_pb.AddMultiFactorToLoginPolicyRequest) (*admin_pb.AddMultiFactorToLoginPolicyResponse, error) {
+	_, objectDetails, err := s.command.AddMultiFactorToDefaultLoginPolicy(ctx, policy_grpc.MultiFactorTypeToDomain(req.Type))
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.AddMultiFactorToLoginPolicyResponse{
+		Details: object.DomainToDetailsPb(objectDetails),
+	}, nil
+}
+
+func (s *Server) RemoveMultiFactorFromLoginPolicy(ctx context.Context, req *admin_pb.RemoveMultiFactorFromLoginPolicyRequest) (*admin_pb.RemoveMultiFactorFromLoginPolicyResponse, error) {
+	objectDetails, err := s.command.RemoveMultiFactorFromDefaultLoginPolicy(ctx, policy.MultiFactorTypeToDomain(req.Type))
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.RemoveMultiFactorFromLoginPolicyResponse{
+		Details: object.DomainToDetailsPb(objectDetails),
+	}, nil
 }

internal/api/grpc/admin/login_policy_converter.go

@@ -1,223 +1,28 @@
 package admin
 
 import (
-	"github.com/caos/logging"
+	policy_grpc "github.com/caos/zitadel/internal/api/grpc/policy"
 	"github.com/caos/zitadel/internal/domain"
-	iam_model "github.com/caos/zitadel/internal/iam/model"
-	"github.com/caos/zitadel/pkg/grpc/admin"
-	"github.com/golang/protobuf/ptypes"
-	"google.golang.org/protobuf/types/known/timestamppb"
+	"github.com/caos/zitadel/internal/iam/model"
+	admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
 )
 
-func loginPolicyToDomain(policy *admin.DefaultLoginPolicyRequest) *domain.LoginPolicy {
+func updateLoginPolicyToDomain(p *admin_pb.UpdateLoginPolicyRequest) *domain.LoginPolicy {
 	return &domain.LoginPolicy{
-		AllowUsernamePassword: policy.AllowUsernamePassword,
-		AllowExternalIDP:      policy.AllowExternalIdp,
-		AllowRegister:         policy.AllowRegister,
-		ForceMFA:              policy.ForceMfa,
-		PasswordlessType:      passwordlessTypeToDomain(policy.PasswordlessType),
+		AllowUsernamePassword: p.AllowUsernamePassword,
+		AllowRegister:         p.AllowRegister,
+		AllowExternalIDP:      p.AllowExternalIdp,
+		ForceMFA:              p.ForceMfa,
+		PasswordlessType:      policy_grpc.PasswordlessTypeToDomain(p.PasswordlessType),
 	}
 }
 
-func loginPolicyFromDomain(policy *domain.LoginPolicy) *admin.DefaultLoginPolicy {
-	return &admin.DefaultLoginPolicy{
-		AllowUsernamePassword: policy.AllowUsernamePassword,
-		AllowExternalIdp:      policy.AllowExternalIDP,
-		AllowRegister:         policy.AllowRegister,
-		ForceMfa:              policy.ForceMFA,
-		PasswordlessType:      passwordlessTypeFromDomain(policy.PasswordlessType),
-		ChangeDate:            timestamppb.New(policy.ChangeDate),
-	}
-}
-
-func loginPolicyViewFromModel(policy *iam_model.LoginPolicyView) *admin.DefaultLoginPolicyView {
-	creationDate, err := ptypes.TimestampProto(policy.CreationDate)
-	logging.Log("GRPC-3Gk9s").OnError(err).Debug("date parse failed")
-
-	changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
-	logging.Log("GRPC-6Jlos").OnError(err).Debug("date parse failed")
-
-	return &admin.DefaultLoginPolicyView{
-		AllowUsernamePassword: policy.AllowUsernamePassword,
-		AllowExternalIdp:      policy.AllowExternalIDP,
-		AllowRegister:         policy.AllowRegister,
-		ForceMfa:              policy.ForceMFA,
-		PasswordlessType:      admin.PasswordlessType(policy.PasswordlessType),
-		CreationDate:          creationDate,
-		ChangeDate:            changeDate,
-	}
-}
-
-func idpProviderSearchRequestToModel(request *admin.IdpProviderSearchRequest) *iam_model.IDPProviderSearchRequest {
-	return &iam_model.IDPProviderSearchRequest{
-		Limit:  request.Limit,
-		Offset: request.Offset,
-	}
-}
-
-func idpProviderSearchResponseFromModel(response *iam_model.IDPProviderSearchResponse) *admin.IdpProviderSearchResponse {
-	return &admin.IdpProviderSearchResponse{
-		Limit:       response.Limit,
-		Offset:      response.Offset,
-		TotalResult: response.TotalResult,
-		Result:      idpProviderViewsFromModel(response.Result),
-	}
-}
-
-func idpProviderToDomain(provider *admin.IdpProviderID) *domain.IDPProvider {
-	return &domain.IDPProvider{
-		IDPConfigID: provider.IdpConfigId,
-		Type:        domain.IdentityProviderTypeSystem,
-	}
-}
-
-func idpProviderToModel(provider *admin.IdpProviderID) *iam_model.IDPProvider {
-	return &iam_model.IDPProvider{
-		IDPConfigID: provider.IdpConfigId,
-		Type:        iam_model.IDPProviderTypeSystem,
-	}
-}
-
-func idpProviderFromDomain(provider *domain.IDPProvider) *admin.IdpProviderID {
-	return &admin.IdpProviderID{
-		IdpConfigId: provider.IDPConfigID,
-	}
-}
-
-func idpProviderViewsFromModel(providers []*iam_model.IDPProviderView) []*admin.IdpProviderView {
-	converted := make([]*admin.IdpProviderView, len(providers))
-	for i, provider := range providers {
-		converted[i] = idpProviderViewFromModel(provider)
-	}
-
-	return converted
-}
-
-func idpProviderViewFromModel(provider *iam_model.IDPProviderView) *admin.IdpProviderView {
-	return &admin.IdpProviderView{
-		IdpConfigId: provider.IDPConfigID,
-		Name:        provider.Name,
-		Type:        idpConfigTypeToModel(provider.IDPConfigType),
-	}
-}
-
-func idpConfigTypeToModel(providerType iam_model.IdpConfigType) admin.IdpType {
-	switch providerType {
-	case iam_model.IDPConfigTypeOIDC:
-		return admin.IdpType_IDPTYPE_OIDC
-	case iam_model.IDPConfigTypeSAML:
-		return admin.IdpType_IDPTYPE_SAML
-	default:
-		return admin.IdpType_IDPTYPE_UNSPECIFIED
-	}
-}
-
-func secondFactorsResultFromModel(result *iam_model.SecondFactorsSearchResponse) *admin.SecondFactorsResult {
-	converted := make([]admin.SecondFactorType, len(result.Result))
-	for i, mfaType := range result.Result {
-		converted[i] = secondFactorTypeFromModel(mfaType)
-	}
-	return &admin.SecondFactorsResult{
-		SecondFactors: converted,
-	}
-}
-
-func secondFactorFromDomain(mfaType domain.SecondFactorType) *admin.SecondFactor {
-	return &admin.SecondFactor{
-		SecondFactor: secondFactorTypeFromDomain(mfaType),
-	}
-}
-
-func secondFactorTypeFromDomain(mfaType domain.SecondFactorType) admin.SecondFactorType {
-	switch mfaType {
-	case domain.SecondFactorTypeOTP:
-		return admin.SecondFactorType_SECONDFACTORTYPE_OTP
-	case domain.SecondFactorTypeU2F:
-		return admin.SecondFactorType_SECONDFACTORTYPE_U2F
-	default:
-		return admin.SecondFactorType_SECONDFACTORTYPE_UNSPECIFIED
-	}
-}
-
-func secondFactorTypeFromModel(mfaType iam_model.SecondFactorType) admin.SecondFactorType {
-	switch mfaType {
-	case iam_model.SecondFactorTypeOTP:
-		return admin.SecondFactorType_SECONDFACTORTYPE_OTP
-	case iam_model.SecondFactorTypeU2F:
-		return admin.SecondFactorType_SECONDFACTORTYPE_U2F
-	default:
-		return admin.SecondFactorType_SECONDFACTORTYPE_UNSPECIFIED
-	}
-}
-
-func secondFactorTypeToDomain(mfaType *admin.SecondFactor) domain.SecondFactorType {
-	switch mfaType.SecondFactor {
-	case admin.SecondFactorType_SECONDFACTORTYPE_OTP:
-		return domain.SecondFactorTypeOTP
-	case admin.SecondFactorType_SECONDFACTORTYPE_U2F:
-		return domain.SecondFactorTypeU2F
-	default:
-		return domain.SecondFactorTypeUnspecified
-	}
-}
-
-func passwordlessTypeFromDomain(passwordlessType domain.PasswordlessType) admin.PasswordlessType {
-	switch passwordlessType {
-	case domain.PasswordlessTypeAllowed:
-		return admin.PasswordlessType_PASSWORDLESSTYPE_ALLOWED
-	default:
-		return admin.PasswordlessType_PASSWORDLESSTYPE_NOT_ALLOWED
-	}
-}
-
-func passwordlessTypeToDomain(passwordlessType admin.PasswordlessType) domain.PasswordlessType {
-	switch passwordlessType {
-	case admin.PasswordlessType_PASSWORDLESSTYPE_ALLOWED:
-		return domain.PasswordlessTypeAllowed
-	default:
-		return domain.PasswordlessTypeNotAllowed
-	}
-}
-
-func multiFactorResultFromModel(result *iam_model.MultiFactorsSearchResponse) *admin.MultiFactorsResult {
-	converted := make([]admin.MultiFactorType, len(result.Result))
-	for i, mfaType := range result.Result {
-		converted[i] = multiFactorTypeFromModel(mfaType)
-	}
-	return &admin.MultiFactorsResult{
-		MultiFactors: converted,
-	}
-}
-
-func multiFactorFromDomain(mfaType domain.MultiFactorType) *admin.MultiFactor {
-	return &admin.MultiFactor{
-		MultiFactor: multiFactorTypeFromDomain(mfaType),
-	}
-}
-
-func multiFactorTypeFromDomain(mfaType domain.MultiFactorType) admin.MultiFactorType {
-	switch mfaType {
-	case domain.MultiFactorTypeU2FWithPIN:
-		return admin.MultiFactorType_MULTIFACTORTYPE_U2F_WITH_PIN
-	default:
-		return admin.MultiFactorType_MULTIFACTORTYPE_UNSPECIFIED
-	}
-}
-
-func multiFactorTypeFromModel(mfaType iam_model.MultiFactorType) admin.MultiFactorType {
-	switch mfaType {
-	case iam_model.MultiFactorTypeU2FWithPIN:
-		return admin.MultiFactorType_MULTIFACTORTYPE_U2F_WITH_PIN
-	default:
-		return admin.MultiFactorType_MULTIFACTORTYPE_UNSPECIFIED
-	}
-}
-
-func multiFactorTypeToDomain(mfaType *admin.MultiFactor) domain.MultiFactorType {
-	switch mfaType.MultiFactor {
-	case admin.MultiFactorType_MULTIFACTORTYPE_U2F_WITH_PIN:
-		return domain.MultiFactorTypeU2FWithPIN
-	default:
-		return domain.MultiFactorTypeUnspecified
+func ListLoginPolicyIDPsRequestToModel(req *admin_pb.ListLoginPolicyIDPsRequest) *model.IDPProviderSearchRequest {
+	return &model.IDPProviderSearchRequest{
+		Offset: req.Query.Offset,
+		Limit:  uint64(req.Query.Limit),
+		Asc:    req.Query.Asc,
+		// SortingColumn: model.IDPProviderSearchKey, //TODO: not in proto
+		// Queries: []*model.IDPProviderSearchQuery, //TODO: not in proto
 	}
 }

internal/api/grpc/admin/oneof.go

@@ -0,0 +1,6 @@
+package admin
+
+//IdpConfig is a type alias of the generated isIdp_IdpConfig config
+//to make it public
+// type IdpConfig = isIdp_IdpConfig
+// type IdpConfigView = isIdpView_IdpConfigView

internal/api/grpc/admin/org.go

@@ -2,85 +2,46 @@ package admin
 
 import (
 	"context"
-	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/api/grpc/object"
 
-	"github.com/golang/protobuf/ptypes/empty"
-
-	"github.com/caos/zitadel/pkg/grpc/admin"
+	org_grpc "github.com/caos/zitadel/internal/api/grpc/org"
+	admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
 )
 
-func (s *Server) GetOrgByID(ctx context.Context, orgID *admin.OrgID) (_ *admin.Org, err error) {
-	org, err := s.org.OrgByID(ctx, orgID.Id)
+func (s *Server) IsOrgUnique(ctx context.Context, req *admin_pb.IsOrgUniqueRequest) (*admin_pb.IsOrgUniqueResponse, error) {
+	isUnique, err := s.org.IsOrgUnique(ctx, req.Name, req.Domain)
+	return &admin_pb.IsOrgUniqueResponse{IsUnique: isUnique}, err
+}
+
+func (s *Server) GetOrgByID(ctx context.Context, req *admin_pb.GetOrgByIDRequest) (*admin_pb.GetOrgByIDResponse, error) {
+	org, err := s.org.OrgByID(ctx, req.Id)
 	if err != nil {
 		return nil, err
 	}
-	return orgViewFromModel(org), nil
+	return &admin_pb.GetOrgByIDResponse{Org: org_grpc.OrgViewToPb(org)}, nil
 }
 
-func (s *Server) SearchOrgs(ctx context.Context, request *admin.OrgSearchRequest) (_ *admin.OrgSearchResponse, err error) {
-	result, err := s.org.SearchOrgs(ctx, orgSearchRequestToModel(request))
+func (s *Server) ListOrgs(ctx context.Context, req *admin_pb.ListOrgsRequest) (*admin_pb.ListOrgsResponse, error) {
+	query, err := listOrgRequestToModel(req)
 	if err != nil {
 		return nil, err
 	}
-	return orgSearchResponseFromModel(result), nil
-}
-
-func (s *Server) IsOrgUnique(ctx context.Context, request *admin.UniqueOrgRequest) (org *admin.UniqueOrgResponse, err error) {
-	isUnique, err := s.org.IsOrgUnique(ctx, request.Name, request.Domain)
-
-	return &admin.UniqueOrgResponse{IsUnique: isUnique}, err
-}
-
-func (s *Server) SetUpOrg(ctx context.Context, orgSetUp *admin.OrgSetUpRequest) (_ *empty.Empty, err error) {
-	human, _ := userCreateRequestToDomain(orgSetUp.User)
-	if human == nil {
-		return &empty.Empty{}, errors.ThrowPreconditionFailed(nil, "ADMIN-4nd9f", "Errors.User.NotHuman")
-	}
-	err = s.command.SetUpOrg(ctx, orgCreateRequestToDomain(orgSetUp.Org), human)
-	return &empty.Empty{}, nil
-}
-
-func (s *Server) GetDefaultOrgIamPolicy(ctx context.Context, _ *empty.Empty) (_ *admin.OrgIamPolicyView, err error) {
-	policy, err := s.iam.GetDefaultOrgIAMPolicy(ctx)
+	orgs, err := s.org.SearchOrgs(ctx, query)
 	if err != nil {
 		return nil, err
 	}
-	return orgIAMPolicyViewFromModel(policy), err
+	return &admin_pb.ListOrgsResponse{Result: org_grpc.OrgViewsToPb(orgs.Result)}, nil
 }
 
-func (s *Server) UpdateDefaultOrgIamPolicy(ctx context.Context, in *admin.OrgIamPolicyRequest) (_ *admin.OrgIamPolicy, err error) {
-	policy, err := s.command.ChangeDefaultOrgIAMPolicy(ctx, orgIAMPolicyRequestToDomain(in))
+func (s *Server) SetUpOrg(ctx context.Context, req *admin_pb.SetUpOrgRequest) (*admin_pb.SetUpOrgResponse, error) {
+	human := setUpOrgHumanToDomain(req.User.(*admin_pb.SetUpOrgRequest_Human_).Human) //TODO: handle machine
+	org := setUpOrgOrgToDomain(req.Org)
+
+	objectDetails, err := s.command.SetUpOrg(ctx, org, human)
 	if err != nil {
 		return nil, err
 	}
-	return orgIAMPolicyFromDomain(policy), err
-}
-
-func (s *Server) GetOrgIamPolicy(ctx context.Context, in *admin.OrgIamPolicyID) (_ *admin.OrgIamPolicyView, err error) {
-	policy, err := s.org.GetOrgIAMPolicyByID(ctx, in.OrgId)
-	if err != nil {
-		return nil, err
-	}
-	return orgIAMPolicyViewFromModel(policy), err
-}
-
-func (s *Server) CreateOrgIamPolicy(ctx context.Context, in *admin.OrgIamPolicyRequest) (_ *admin.OrgIamPolicy, err error) {
-	policy, err := s.command.AddOrgIAMPolicy(ctx, in.OrgId, orgIAMPolicyRequestToDomain(in))
-	if err != nil {
-		return nil, err
-	}
-	return orgIAMPolicyFromDomain(policy), err
-}
-
-func (s *Server) UpdateOrgIamPolicy(ctx context.Context, in *admin.OrgIamPolicyRequest) (_ *admin.OrgIamPolicy, err error) {
-	policy, err := s.command.ChangeOrgIAMPolicy(ctx, in.OrgId, orgIAMPolicyRequestToDomain(in))
-	if err != nil {
-		return nil, err
-	}
-	return orgIAMPolicyFromDomain(policy), err
-}
-
-func (s *Server) RemoveOrgIamPolicy(ctx context.Context, in *admin.OrgIamPolicyID) (_ *empty.Empty, err error) {
-	err = s.command.RemoveOrgIAMPolicy(ctx, in.OrgId)
-	return &empty.Empty{}, err
+	return &admin_pb.SetUpOrgResponse{
+		Details: object.DomainToDetailsPb(objectDetails),
+	}, nil
 }

internal/api/grpc/admin/org_converter.go

@@ -1,209 +1,32 @@
 package admin
 
 import (
-	"github.com/caos/logging"
-	"github.com/golang/protobuf/ptypes"
-	"google.golang.org/protobuf/types/known/timestamppb"
-
+	org_grpc "github.com/caos/zitadel/internal/api/grpc/org"
 	"github.com/caos/zitadel/internal/domain"
-	iam_model "github.com/caos/zitadel/internal/iam/model"
-
-	"github.com/caos/zitadel/internal/eventstore/v1/models"
-	org_model "github.com/caos/zitadel/internal/org/model"
-	usr_model "github.com/caos/zitadel/internal/user/model"
+	"github.com/caos/zitadel/internal/org/model"
 	"github.com/caos/zitadel/pkg/grpc/admin"
 )
 
-func orgCreateRequestToDomain(org *admin.CreateOrgRequest) *domain.Org {
-	o := &domain.Org{
+func listOrgRequestToModel(req *admin.ListOrgsRequest) (*model.OrgSearchRequest, error) {
+	queries, err := org_grpc.OrgQueriesToModel(req.Queries)
+	if err != nil {
+		return nil, err
+	}
+	return &model.OrgSearchRequest{
+		Offset:  req.Query.Offset,
+		Limit:   uint64(req.Query.Limit),
+		Asc:     req.Query.Asc,
+		Queries: queries,
+	}, nil
+}
+
+func setUpOrgOrgToDomain(req *admin.SetUpOrgRequest_Org) *domain.Org {
+	org := &domain.Org{
+		Name:    req.Name,
 		Domains: []*domain.OrgDomain{},
-		Name:    org.Name,
 	}
-	if org.Domain != "" {
-		o.Domains = append(o.Domains, &domain.OrgDomain{Domain: org.Domain})
-	}
-
-	return o
-}
-
-func orgSearchResponseFromModel(request *org_model.OrgSearchResult) *admin.OrgSearchResponse {
-	timestamp, err := ptypes.TimestampProto(request.Timestamp)
-	logging.Log("GRPC-shu7s").OnError(err).Debug("unable to get timestamp from time")
-	return &admin.OrgSearchResponse{
-		Result:            orgViewsFromModel(request.Result),
-		Limit:             request.Limit,
-		Offset:            request.Offset,
-		TotalResult:       request.TotalResult,
-		ProcessedSequence: request.Sequence,
-		ViewTimestamp:     timestamp,
-	}
-}
-
-func orgViewsFromModel(orgs []*org_model.OrgView) []*admin.Org {
-	result := make([]*admin.Org, len(orgs))
-	for i, org := range orgs {
-		result[i] = orgViewFromModel(org)
-	}
-
-	return result
-}
-
-func orgFromModel(org *org_model.Org) *admin.Org {
-	changeDate, err := ptypes.TimestampProto(org.ChangeDate)
-	logging.Log("GRPC-dVnoj").OnError(err).Debug("unable to get timestamp from time")
-
-	return &admin.Org{
-		ChangeDate: changeDate,
-		Id:         org.AggregateID,
-		Name:       org.Name,
-		State:      orgStateFromModel(org.State),
-	}
-}
-
-func orgViewFromModel(org *org_model.OrgView) *admin.Org {
-	changeDate, err := ptypes.TimestampProto(org.ChangeDate)
-	logging.Log("GRPC-dVnoj").OnError(err).Debug("unable to get timestamp from time")
-
-	return &admin.Org{
-		ChangeDate: changeDate,
-		Id:         org.ID,
-		Name:       org.Name,
-		State:      orgStateFromModel(org.State),
-	}
-}
-
-func orgStateFromModel(state org_model.OrgState) admin.OrgState {
-	switch state {
-	case org_model.OrgStateActive:
-		return admin.OrgState_ORGSTATE_ACTIVE
-	case org_model.OrgStateInactive:
-		return admin.OrgState_ORGSTATE_INACTIVE
-	default:
-		return admin.OrgState_ORGSTATE_UNSPECIFIED
-	}
-}
-
-func genderFromModel(gender usr_model.Gender) admin.Gender {
-	switch gender {
-	case usr_model.GenderFemale:
-		return admin.Gender_GENDER_FEMALE
-	case usr_model.GenderMale:
-		return admin.Gender_GENDER_MALE
-	case usr_model.GenderDiverse:
-		return admin.Gender_GENDER_DIVERSE
-	default:
-		return admin.Gender_GENDER_UNSPECIFIED
-	}
-}
-
-func genderToModel(gender admin.Gender) usr_model.Gender {
-	switch gender {
-	case admin.Gender_GENDER_FEMALE:
-		return usr_model.GenderFemale
-	case admin.Gender_GENDER_MALE:
-		return usr_model.GenderMale
-	case admin.Gender_GENDER_DIVERSE:
-		return usr_model.GenderDiverse
-	default:
-		return usr_model.GenderUnspecified
-	}
-}
-
-func userStateFromModel(state usr_model.UserState) admin.UserState {
-	switch state {
-	case usr_model.UserStateActive:
-		return admin.UserState_USERSTATE_ACTIVE
-	case usr_model.UserStateInactive:
-		return admin.UserState_USERSTATE_INACTIVE
-	case usr_model.UserStateLocked:
-		return admin.UserState_USERSTATE_LOCKED
-	default:
-		return admin.UserState_USERSTATE_UNSPECIFIED
-	}
-}
-
-func orgSearchRequestToModel(req *admin.OrgSearchRequest) *org_model.OrgSearchRequest {
-	return &org_model.OrgSearchRequest{
-		Limit:         req.Limit,
-		Asc:           req.Asc,
-		Offset:        req.Offset,
-		Queries:       orgQueriesToModel(req.Queries),
-		SortingColumn: orgQueryKeyToModel(req.SortingColumn),
-	}
-}
-
-func orgQueriesToModel(queries []*admin.OrgSearchQuery) []*org_model.OrgSearchQuery {
-	modelQueries := make([]*org_model.OrgSearchQuery, len(queries))
-
-	for i, query := range queries {
-		modelQueries[i] = orgQueryToModel(query)
-	}
-
-	return modelQueries
-}
-
-func orgQueryToModel(query *admin.OrgSearchQuery) *org_model.OrgSearchQuery {
-	return &org_model.OrgSearchQuery{
-		Key:    orgQueryKeyToModel(query.Key),
-		Value:  query.Value,
-		Method: orgQueryMethodToModel(query.Method),
-	}
-}
-
-func orgQueryKeyToModel(key admin.OrgSearchKey) org_model.OrgSearchKey {
-	switch key {
-	case admin.OrgSearchKey_ORGSEARCHKEY_DOMAIN:
-		return org_model.OrgSearchKeyOrgDomain
-	case admin.OrgSearchKey_ORGSEARCHKEY_NAME:
-		return org_model.OrgSearchKeyOrgName
-	case admin.OrgSearchKey_ORGSEARCHKEY_STATE:
-		return org_model.OrgSearchKeyState
-	default:
-		return org_model.OrgSearchKeyUnspecified
-	}
-}
-
-func orgQueryMethodToModel(method admin.OrgSearchMethod) domain.SearchMethod {
-	switch method {
-	case admin.OrgSearchMethod_ORGSEARCHMETHOD_CONTAINS:
-		return domain.SearchMethodContains
-	case admin.OrgSearchMethod_ORGSEARCHMETHOD_EQUALS:
-		return domain.SearchMethodEquals
-	case admin.OrgSearchMethod_ORGSEARCHMETHOD_STARTS_WITH:
-		return domain.SearchMethodStartsWith
-	default:
-		return 0
-	}
-}
-
-func orgIAMPolicyFromDomain(policy *domain.OrgIAMPolicy) *admin.OrgIamPolicy {
-	return &admin.OrgIamPolicy{
-		OrgId:                 policy.AggregateID,
-		UserLoginMustBeDomain: policy.UserLoginMustBeDomain,
-		ChangeDate:            timestamppb.New(policy.ChangeDate),
-	}
-}
-
-func orgIAMPolicyViewFromModel(policy *iam_model.OrgIAMPolicyView) *admin.OrgIamPolicyView {
-	creationDate, err := ptypes.TimestampProto(policy.CreationDate)
-	logging.Log("GRPC-ush36").OnError(err).Debug("unable to get timestamp from time")
-
-	changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
-	logging.Log("GRPC-Ps9fW").OnError(err).Debug("unable to get timestamp from time")
-
-	return &admin.OrgIamPolicyView{
-		OrgId:                 policy.AggregateID,
-		UserLoginMustBeDomain: policy.UserLoginMustBeDomain,
-		CreationDate:          creationDate,
-		ChangeDate:            changeDate,
-	}
-}
-
-func orgIAMPolicyRequestToDomain(policy *admin.OrgIamPolicyRequest) *domain.OrgIAMPolicy {
-	return &domain.OrgIAMPolicy{
-		ObjectRoot: models.ObjectRoot{
-			AggregateID: policy.OrgId,
-		},
-		UserLoginMustBeDomain: policy.UserLoginMustBeDomain,
+	if req.Domain != "" {
+		org.Domains = append(org.Domains, &domain.OrgDomain{Domain: req.Domain})
 	}
+	return org
 }

internal/api/grpc/admin/org_iam_policy.go

@@ -0,0 +1,101 @@
+package admin
+
+import (
+	"context"
+
+	"github.com/caos/zitadel/internal/api/grpc/object"
+	policy_grpc "github.com/caos/zitadel/internal/api/grpc/policy"
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/eventstore/v1/models"
+	admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
+)
+
+func (s *Server) GetOrgIAMPolicy(ctx context.Context, _ *admin_pb.GetOrgIAMPolicyRequest) (*admin_pb.GetOrgIAMPolicyResponse, error) {
+	policy, err := s.iam.GetDefaultOrgIAMPolicy(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.GetOrgIAMPolicyResponse{Policy: policy_grpc.OrgIAMPolicyToPb(policy)}, nil
+}
+
+func (s *Server) GetCustomOrgIAMPolicy(ctx context.Context, req *admin_pb.GetCustomOrgIAMPolicyRequest) (*admin_pb.GetCustomOrgIAMPolicyResponse, error) {
+	policy, err := s.org.GetOrgIAMPolicyByID(ctx, req.OrgId)
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.GetCustomOrgIAMPolicyResponse{Policy: policy_grpc.OrgIAMPolicyToPb(policy)}, nil
+}
+
+func (s *Server) AddCustomOrgIAMPolicy(ctx context.Context, req *admin_pb.AddCustomOrgIAMPolicyRequest) (*admin_pb.AddCustomOrgIAMPolicyResponse, error) {
+	policy, err := s.command.AddOrgIAMPolicy(ctx, req.OrgId, toDomainOrgIAMPolicy(req.UserLoginMustBeDomain))
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.AddCustomOrgIAMPolicyResponse{
+		Details: object.ToDetailsPb(
+			policy.Sequence,
+			policy.ChangeDate,
+			policy.ResourceOwner,
+		),
+	}, nil
+}
+
+func (s *Server) UpdateOrgIAMPolicy(ctx context.Context, req *admin_pb.UpdateOrgIAMPolicyRequest) (*admin_pb.UpdateOrgIAMPolicyResponse, error) {
+	config, err := s.command.ChangeDefaultOrgIAMPolicy(ctx, updateOrgIAMPolicyToDomain(req))
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.UpdateOrgIAMPolicyResponse{
+		Details: object.ToDetailsPb(
+			config.Sequence,
+			config.ChangeDate,
+			config.ResourceOwner,
+		),
+	}, nil
+}
+
+func (s *Server) UpdateCustomOrgIAMPolicy(ctx context.Context, req *admin_pb.UpdateCustomOrgIAMPolicyRequest) (*admin_pb.UpdateCustomOrgIAMPolicyResponse, error) {
+	config, err := s.command.ChangeOrgIAMPolicy(ctx, req.OrgId, updateCustomOrgIAMPolicyToDomain(req))
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.UpdateCustomOrgIAMPolicyResponse{
+		Details: object.ToDetailsPb(
+			config.Sequence,
+			config.ChangeDate,
+			config.ResourceOwner,
+		),
+	}, nil
+}
+
+func (s *Server) ResetCustomOrgIAMPolicyTo(ctx context.Context, req *admin_pb.ResetCustomOrgIAMPolicyToDefaultRequest) (*admin_pb.ResetCustomOrgIAMPolicyToDefaultResponse, error) {
+	err := s.command.RemoveOrgIAMPolicy(ctx, req.OrgId)
+	if err != nil {
+		return nil, err
+	}
+	return nil, nil //TOOD: return data
+}
+
+func toDomainOrgIAMPolicy(userLoginMustBeDomain bool) *domain.OrgIAMPolicy {
+	return &domain.OrgIAMPolicy{
+		UserLoginMustBeDomain: userLoginMustBeDomain,
+	}
+}
+
+func updateOrgIAMPolicyToDomain(req *admin_pb.UpdateOrgIAMPolicyRequest) *domain.OrgIAMPolicy {
+	return &domain.OrgIAMPolicy{
+		// ObjectRoot: models.ObjectRoot{
+		// 	// AggreagateID: //TODO: there should only be ONE default
+		// },
+		UserLoginMustBeDomain: req.UserLoginMustBeDomain,
+	}
+}
+
+func updateCustomOrgIAMPolicyToDomain(req *admin_pb.UpdateCustomOrgIAMPolicyRequest) *domain.OrgIAMPolicy {
+	return &domain.OrgIAMPolicy{
+		ObjectRoot: models.ObjectRoot{
+			AggregateID: req.OrgId,
+		},
+		UserLoginMustBeDomain: req.UserLoginMustBeDomain,
+	}
+}

internal/api/grpc/admin/password_age.go

@@ -0,0 +1,33 @@
+package admin
+
+import (
+	"context"
+
+	"github.com/caos/zitadel/internal/api/grpc/object"
+	policy_grpc "github.com/caos/zitadel/internal/api/grpc/policy"
+	admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
+)
+
+func (s *Server) GetPasswordAgePolicy(ctx context.Context, req *admin_pb.GetPasswordAgePolicyRequest) (*admin_pb.GetPasswordAgePolicyResponse, error) {
+	policy, err := s.iam.GetDefaultPasswordAgePolicy(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.GetPasswordAgePolicyResponse{
+		Policy: policy_grpc.ModelPasswordAgePolicyToPb(policy),
+	}, nil
+}
+
+func (s *Server) UpdatePasswordAgePolicy(ctx context.Context, req *admin_pb.UpdatePasswordAgePolicyRequest) (*admin_pb.UpdatePasswordAgePolicyResponse, error) {
+	result, err := s.command.ChangeDefaultPasswordAgePolicy(ctx, UpdatePasswordAgePolicyToDomain(req))
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.UpdatePasswordAgePolicyResponse{
+		Details: object.ToDetailsPb(
+			result.Sequence,
+			result.ChangeDate,
+			result.ResourceOwner,
+		),
+	}, nil
+}

internal/api/grpc/admin/password_age_converter.go

@@ -0,0 +1,13 @@
+package admin
+
+import (
+	"github.com/caos/zitadel/internal/domain"
+	admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
+)
+
+func UpdatePasswordAgePolicyToDomain(policy *admin_pb.UpdatePasswordAgePolicyRequest) *domain.PasswordAgePolicy {
+	return &domain.PasswordAgePolicy{
+		MaxAgeDays:     uint64(policy.MaxAgeDays),
+		ExpireWarnDays: uint64(policy.ExpireWarnDays),
+	}
+}

internal/api/grpc/admin/password_age_policy.go

@@ -1,23 +0,0 @@
-package admin
-
-import (
-	"context"
-	"github.com/caos/zitadel/pkg/grpc/admin"
-	"github.com/golang/protobuf/ptypes/empty"
-)
-
-func (s *Server) GetDefaultPasswordAgePolicy(ctx context.Context, _ *empty.Empty) (*admin.DefaultPasswordAgePolicyView, error) {
-	result, err := s.iam.GetDefaultPasswordAgePolicy(ctx)
-	if err != nil {
-		return nil, err
-	}
-	return passwordAgePolicyViewFromModel(result), nil
-}
-
-func (s *Server) UpdateDefaultPasswordAgePolicy(ctx context.Context, policy *admin.DefaultPasswordAgePolicyRequest) (*admin.DefaultPasswordAgePolicy, error) {
-	result, err := s.command.ChangeDefaultPasswordAgePolicy(ctx, passwordAgePolicyToDomain(policy))
-	if err != nil {
-		return nil, err
-	}
-	return passwordAgePolicyFromDomain(result), nil
-}

internal/api/grpc/admin/password_age_policy_converter.go

@@ -1,40 +0,0 @@
-package admin
-
-import (
-	"github.com/caos/logging"
-	"github.com/caos/zitadel/internal/domain"
-	iam_model "github.com/caos/zitadel/internal/iam/model"
-	"github.com/caos/zitadel/pkg/grpc/admin"
-	"github.com/golang/protobuf/ptypes"
-	"google.golang.org/protobuf/types/known/timestamppb"
-)
-
-func passwordAgePolicyToDomain(policy *admin.DefaultPasswordAgePolicyRequest) *domain.PasswordAgePolicy {
-	return &domain.PasswordAgePolicy{
-		MaxAgeDays:     policy.MaxAgeDays,
-		ExpireWarnDays: policy.ExpireWarnDays,
-	}
-}
-
-func passwordAgePolicyFromDomain(policy *domain.PasswordAgePolicy) *admin.DefaultPasswordAgePolicy {
-	return &admin.DefaultPasswordAgePolicy{
-		MaxAgeDays:     policy.MaxAgeDays,
-		ExpireWarnDays: policy.ExpireWarnDays,
-		ChangeDate:     timestamppb.New(policy.ChangeDate),
-	}
-}
-
-func passwordAgePolicyViewFromModel(policy *iam_model.PasswordAgePolicyView) *admin.DefaultPasswordAgePolicyView {
-	creationDate, err := ptypes.TimestampProto(policy.CreationDate)
-	logging.Log("GRPC-2Gs9o").OnError(err).Debug("date parse failed")
-
-	changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
-	logging.Log("GRPC-8Hjss").OnError(err).Debug("date parse failed")
-
-	return &admin.DefaultPasswordAgePolicyView{
-		MaxAgeDays:     policy.MaxAgeDays,
-		ExpireWarnDays: policy.ExpireWarnDays,
-		CreationDate:   creationDate,
-		ChangeDate:     changeDate,
-	}
-}

internal/api/grpc/admin/password_complexity.go

@@ -0,0 +1,31 @@
+package admin
+
+import (
+	"context"
+
+	"github.com/caos/zitadel/internal/api/grpc/object"
+	policy_grpc "github.com/caos/zitadel/internal/api/grpc/policy"
+	admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
+)
+
+func (s *Server) GetPasswordComplexityPolicy(ctx context.Context, _ *admin_pb.GetPasswordComplexityPolicyRequest) (*admin_pb.GetPasswordComplexityPolicyResponse, error) {
+	policy, err := s.iam.GetDefaultPasswordComplexityPolicy(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.GetPasswordComplexityPolicyResponse{Policy: policy_grpc.ModelPasswordComplexityPolicyToPb(policy)}, nil
+}
+
+func (s *Server) UpdatePasswordComplexityPolicy(ctx context.Context, req *admin_pb.UpdatePasswordComplexityPolicyRequest) (*admin_pb.UpdatePasswordComplexityPolicyResponse, error) {
+	result, err := s.command.ChangeDefaultPasswordComplexityPolicy(ctx, UpdatePasswordComplexityPolicyToDomain(req))
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.UpdatePasswordComplexityPolicyResponse{
+		Details: object.ToDetailsPb(
+			result.Sequence,
+			result.ChangeDate,
+			result.ResourceOwner,
+		),
+	}, nil
+}

internal/api/grpc/admin/password_complexity_converter.go

@@ -0,0 +1,16 @@
+package admin
+
+import (
+	"github.com/caos/zitadel/internal/domain"
+	admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
+)
+
+func UpdatePasswordComplexityPolicyToDomain(req *admin_pb.UpdatePasswordComplexityPolicyRequest) *domain.PasswordComplexityPolicy {
+	return &domain.PasswordComplexityPolicy{
+		MinLength:    uint64(req.MinLength),
+		HasLowercase: req.HasLowercase,
+		HasUppercase: req.HasUppercase,
+		HasNumber:    req.HasNumber,
+		HasSymbol:    req.HasSymbol,
+	}
+}

internal/api/grpc/admin/password_complexity_policy.go

@@ -1,23 +0,0 @@
-package admin
-
-import (
-	"context"
-	"github.com/caos/zitadel/pkg/grpc/admin"
-	"github.com/golang/protobuf/ptypes/empty"
-)
-
-func (s *Server) GetDefaultPasswordComplexityPolicy(ctx context.Context, _ *empty.Empty) (*admin.DefaultPasswordComplexityPolicyView, error) {
-	result, err := s.iam.GetDefaultPasswordComplexityPolicy(ctx)
-	if err != nil {
-		return nil, err
-	}
-	return passwordComplexityPolicyViewFromModel(result), nil
-}
-
-func (s *Server) UpdateDefaultPasswordComplexityPolicy(ctx context.Context, policy *admin.DefaultPasswordComplexityPolicyRequest) (*admin.DefaultPasswordComplexityPolicy, error) {
-	result, err := s.command.ChangeDefaultPasswordComplexityPolicy(ctx, passwordComplexityPolicyToDomain(policy))
-	if err != nil {
-		return nil, err
-	}
-	return passwordComplexityPolicyFromDomain(result), nil
-}

internal/api/grpc/admin/password_complexity_policy_converter.go

@@ -1,49 +0,0 @@
-package admin
-
-import (
-	"github.com/caos/logging"
-	"github.com/caos/zitadel/internal/domain"
-	iam_model "github.com/caos/zitadel/internal/iam/model"
-	"github.com/caos/zitadel/pkg/grpc/admin"
-	"github.com/golang/protobuf/ptypes"
-	"google.golang.org/protobuf/types/known/timestamppb"
-)
-
-func passwordComplexityPolicyToDomain(policy *admin.DefaultPasswordComplexityPolicyRequest) *domain.PasswordComplexityPolicy {
-	return &domain.PasswordComplexityPolicy{
-		MinLength:    policy.MinLength,
-		HasUppercase: policy.HasUppercase,
-		HasLowercase: policy.HasLowercase,
-		HasNumber:    policy.HasNumber,
-		HasSymbol:    policy.HasSymbol,
-	}
-}
-
-func passwordComplexityPolicyFromDomain(policy *domain.PasswordComplexityPolicy) *admin.DefaultPasswordComplexityPolicy {
-	return &admin.DefaultPasswordComplexityPolicy{
-		MinLength:    policy.MinLength,
-		HasUppercase: policy.HasUppercase,
-		HasLowercase: policy.HasLowercase,
-		HasNumber:    policy.HasNumber,
-		HasSymbol:    policy.HasSymbol,
-		ChangeDate:   timestamppb.New(policy.ChangeDate),
-	}
-}
-
-func passwordComplexityPolicyViewFromModel(policy *iam_model.PasswordComplexityPolicyView) *admin.DefaultPasswordComplexityPolicyView {
-	creationDate, err := ptypes.TimestampProto(policy.CreationDate)
-	logging.Log("GRPC-rTs9f").OnError(err).Debug("date parse failed")
-
-	changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
-	logging.Log("GRPC-ks9Zt").OnError(err).Debug("date parse failed")
-
-	return &admin.DefaultPasswordComplexityPolicyView{
-		MinLength:    policy.MinLength,
-		HasUppercase: policy.HasUppercase,
-		HasLowercase: policy.HasLowercase,
-		HasNumber:    policy.HasNumber,
-		HasSymbol:    policy.HasSymbol,
-		CreationDate: creationDate,
-		ChangeDate:   changeDate,
-	}
-}

internal/api/grpc/admin/password_lockout.go

@@ -0,0 +1,31 @@
+package admin
+
+import (
+	"context"
+
+	"github.com/caos/zitadel/internal/api/grpc/object"
+	policy_grpc "github.com/caos/zitadel/internal/api/grpc/policy"
+	admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
+)
+
+func (s *Server) GetPasswordLockoutPolicy(ctx context.Context, req *admin_pb.GetPasswordLockoutPolicyRequest) (*admin_pb.GetPasswordLockoutPolicyResponse, error) {
+	policy, err := s.iam.GetDefaultPasswordLockoutPolicy(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.GetPasswordLockoutPolicyResponse{Policy: policy_grpc.ModelPasswordLockoutPolicyToPb(policy)}, nil
+}
+
+func (s *Server) UpdatePasswordLockoutPolicy(ctx context.Context, req *admin_pb.UpdatePasswordLockoutPolicyRequest) (*admin_pb.UpdatePasswordLockoutPolicyResponse, error) {
+	policy, err := s.command.ChangeDefaultPasswordLockoutPolicy(ctx, UpdatePasswordLockoutPolicyToDomain(req))
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.UpdatePasswordLockoutPolicyResponse{
+		Details: object.ToDetailsPb(
+			policy.Sequence,
+			policy.ChangeDate,
+			policy.ResourceOwner,
+		),
+	}, nil
+}

internal/api/grpc/admin/password_lockout_converter.go

@@ -0,0 +1,13 @@
+package admin
+
+import (
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/pkg/grpc/admin"
+)
+
+func UpdatePasswordLockoutPolicyToDomain(p *admin.UpdatePasswordLockoutPolicyRequest) *domain.PasswordLockoutPolicy {
+	return &domain.PasswordLockoutPolicy{
+		MaxAttempts:         uint64(p.MaxAttempts),
+		ShowLockOutFailures: p.ShowLockoutFailure,
+	}
+}

internal/api/grpc/admin/password_lockout_policy.go

@@ -1,23 +0,0 @@
-package admin
-
-import (
-	"context"
-	"github.com/caos/zitadel/pkg/grpc/admin"
-	"github.com/golang/protobuf/ptypes/empty"
-)
-
-func (s *Server) GetDefaultPasswordLockoutPolicy(ctx context.Context, _ *empty.Empty) (*admin.DefaultPasswordLockoutPolicyView, error) {
-	result, err := s.iam.GetDefaultPasswordLockoutPolicy(ctx)
-	if err != nil {
-		return nil, err
-	}
-	return passwordLockoutPolicyViewFromModel(result), nil
-}
-
-func (s *Server) UpdateDefaultPasswordLockoutPolicy(ctx context.Context, policy *admin.DefaultPasswordLockoutPolicyRequest) (*admin.DefaultPasswordLockoutPolicy, error) {
-	result, err := s.command.ChangeDefaultPasswordLockoutPolicy(ctx, passwordLockoutPolicyToDomain(policy))
-	if err != nil {
-		return nil, err
-	}
-	return passwordLockoutPolicyFromDomain(result), nil
-}

internal/api/grpc/admin/password_lockout_policy_converter.go

@@ -1,40 +0,0 @@
-package admin
-
-import (
-	"github.com/caos/logging"
-	"github.com/caos/zitadel/internal/domain"
-	iam_model "github.com/caos/zitadel/internal/iam/model"
-	"github.com/caos/zitadel/pkg/grpc/admin"
-	"github.com/golang/protobuf/ptypes"
-	"google.golang.org/protobuf/types/known/timestamppb"
-)
-
-func passwordLockoutPolicyToDomain(policy *admin.DefaultPasswordLockoutPolicyRequest) *domain.PasswordLockoutPolicy {
-	return &domain.PasswordLockoutPolicy{
-		MaxAttempts:         policy.MaxAttempts,
-		ShowLockOutFailures: policy.ShowLockoutFailure,
-	}
-}
-
-func passwordLockoutPolicyFromDomain(policy *domain.PasswordLockoutPolicy) *admin.DefaultPasswordLockoutPolicy {
-	return &admin.DefaultPasswordLockoutPolicy{
-		MaxAttempts:        policy.MaxAttempts,
-		ShowLockoutFailure: policy.ShowLockOutFailures,
-		ChangeDate:         timestamppb.New(policy.ChangeDate),
-	}
-}
-
-func passwordLockoutPolicyViewFromModel(policy *iam_model.PasswordLockoutPolicyView) *admin.DefaultPasswordLockoutPolicyView {
-	creationDate, err := ptypes.TimestampProto(policy.CreationDate)
-	logging.Log("GRPC-7Hmlo").OnError(err).Debug("date parse failed")
-
-	changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
-	logging.Log("GRPC-0oLgs").OnError(err).Debug("date parse failed")
-
-	return &admin.DefaultPasswordLockoutPolicyView{
-		MaxAttempts:        policy.MaxAttempts,
-		ShowLockoutFailure: policy.ShowLockOutFailures,
-		CreationDate:       creationDate,
-		ChangeDate:         changeDate,
-	}
-}

internal/api/grpc/admin/probes.go

@@ -1,10 +0,0 @@
-package admin
-
-import (
-	"context"
-	"github.com/golang/protobuf/ptypes/empty"
-)
-
-func (s *Server) Healthz(_ context.Context, e *empty.Empty) (*empty.Empty, error) {
-	return &empty.Empty{}, nil
-}

internal/api/grpc/admin/server.go

@@ -1,15 +1,14 @@
 package admin
 
 import (
-	"github.com/caos/zitadel/internal/command"
-	"github.com/caos/zitadel/internal/query"
-	"google.golang.org/grpc"
-
 	"github.com/caos/zitadel/internal/admin/repository"
 	"github.com/caos/zitadel/internal/admin/repository/eventsourcing"
 	"github.com/caos/zitadel/internal/api/authz"
 	"github.com/caos/zitadel/internal/api/grpc/server"
+	"github.com/caos/zitadel/internal/command"
+	"github.com/caos/zitadel/internal/query"
 	"github.com/caos/zitadel/pkg/grpc/admin"
+	"google.golang.org/grpc"
 )
 
 const (
@@ -19,6 +18,7 @@ const (
 var _ admin.AdminServiceServer = (*Server)(nil)
 
 type Server struct {
+	admin.UnimplementedAdminServiceServer
 	command       *command.Commands
 	query         *query.Queries
 	org           repository.OrgRepository

internal/api/grpc/admin/template.go

@@ -1,24 +0,0 @@
-package admin
-
-import (
-	"context"
-
-	"github.com/caos/zitadel/pkg/grpc/admin"
-	"github.com/golang/protobuf/ptypes/empty"
-)
-
-func (s *Server) GetDefaultMailTemplate(ctx context.Context, _ *empty.Empty) (*admin.DefaultMailTemplateView, error) {
-	result, err := s.iam.GetDefaultMailTemplate(ctx)
-	if err != nil {
-		return nil, err
-	}
-	return templateViewFromModel(result), nil
-}
-
-func (s *Server) UpdateDefaultMailTemplate(ctx context.Context, policy *admin.DefaultMailTemplateUpdate) (*admin.DefaultMailTemplate, error) {
-	result, err := s.command.ChangeDefaultMailTemplate(ctx, templateToDomain(policy))
-	if err != nil {
-		return nil, err
-	}
-	return templateFromDomain(result), nil
-}

internal/api/grpc/admin/template_converter.go

@@ -1,30 +0,0 @@
-package admin
-
-import (
-	"github.com/caos/zitadel/internal/domain"
-	iam_model "github.com/caos/zitadel/internal/iam/model"
-	"github.com/caos/zitadel/pkg/grpc/admin"
-	"google.golang.org/protobuf/types/known/timestamppb"
-)
-
-func templateToDomain(policy *admin.DefaultMailTemplateUpdate) *domain.MailTemplate {
-	return &domain.MailTemplate{
-		Template: policy.Template,
-	}
-}
-
-func templateFromDomain(policy *domain.MailTemplate) *admin.DefaultMailTemplate {
-	return &admin.DefaultMailTemplate{
-		Template:     policy.Template,
-		CreationDate: timestamppb.New(policy.CreationDate),
-		ChangeDate:   timestamppb.New(policy.ChangeDate),
-	}
-}
-
-func templateViewFromModel(policy *iam_model.MailTemplateView) *admin.DefaultMailTemplateView {
-	return &admin.DefaultMailTemplateView{
-		Template:     policy.Template,
-		CreationDate: timestamppb.New(policy.CreationDate),
-		ChangeDate:   timestamppb.New(policy.ChangeDate),
-	}
-}

internal/api/grpc/admin/text.go

@@ -1,32 +0,0 @@
-package admin
-
-import (
-	"context"
-
-	"github.com/caos/zitadel/pkg/grpc/admin"
-	"github.com/golang/protobuf/ptypes/empty"
-)
-
-func (s *Server) GetDefaultMailTexts(ctx context.Context, _ *empty.Empty) (*admin.DefaultMailTextsView, error) {
-	result, err := s.iam.GetDefaultMailTexts(ctx)
-	if err != nil {
-		return nil, err
-	}
-	return textsViewFromModel(result), nil
-}
-
-func (s *Server) GetDefaultMailText(ctx context.Context, textType string, language string) (*admin.DefaultMailTextView, error) {
-	result, err := s.iam.GetDefaultMailText(ctx, textType, language)
-	if err != nil {
-		return nil, err
-	}
-	return textViewFromModel(result), nil
-}
-
-func (s *Server) UpdateDefaultMailText(ctx context.Context, text *admin.DefaultMailTextUpdate) (*admin.DefaultMailText, error) {
-	result, err := s.command.ChangeDefaultMailText(ctx, textToDomain(text))
-	if err != nil {
-		return nil, err
-	}
-	return textFromDomain(result), nil
-}

internal/api/grpc/admin/text_converter.go

@@ -1,66 +0,0 @@
-package admin
-
-import (
-	"github.com/caos/zitadel/internal/domain"
-	iam_model "github.com/caos/zitadel/internal/iam/model"
-	"github.com/caos/zitadel/pkg/grpc/admin"
-	"google.golang.org/protobuf/types/known/timestamppb"
-)
-
-func textToDomain(text *admin.DefaultMailTextUpdate) *domain.MailText {
-	return &domain.MailText{
-		MailTextType: text.MailTextType,
-		Language:     text.Language,
-		Title:        text.Title,
-		PreHeader:    text.PreHeader,
-		Subject:      text.Subject,
-		Greeting:     text.Greeting,
-		Text:         text.Text,
-		ButtonText:   text.ButtonText,
-	}
-}
-
-func textFromDomain(text *domain.MailText) *admin.DefaultMailText {
-	return &admin.DefaultMailText{
-		MailTextType: text.MailTextType,
-		Language:     text.Language,
-		Title:        text.Title,
-		PreHeader:    text.PreHeader,
-		Subject:      text.Subject,
-		Greeting:     text.Greeting,
-		Text:         text.Text,
-		ButtonText:   text.ButtonText,
-		CreationDate: timestamppb.New(text.CreationDate),
-		ChangeDate:   timestamppb.New(text.ChangeDate),
-	}
-}
-
-func textsViewFromModel(textsin *iam_model.MailTextsView) *admin.DefaultMailTextsView {
-	return &admin.DefaultMailTextsView{
-		Texts: textsViewToModel(textsin.Texts),
-	}
-}
-
-func textsViewToModel(queries []*iam_model.MailTextView) []*admin.DefaultMailTextView {
-	modelQueries := make([]*admin.DefaultMailTextView, len(queries))
-	for i, query := range queries {
-		modelQueries[i] = textViewFromModel(query)
-	}
-
-	return modelQueries
-}
-
-func textViewFromModel(text *iam_model.MailTextView) *admin.DefaultMailTextView {
-	return &admin.DefaultMailTextView{
-		MailTextType: text.MailTextType,
-		Language:     text.Language,
-		Title:        text.Title,
-		PreHeader:    text.PreHeader,
-		Subject:      text.Subject,
-		Greeting:     text.Greeting,
-		Text:         text.Text,
-		ButtonText:   text.ButtonText,
-		CreationDate: timestamppb.New(text.CreationDate),
-		ChangeDate:   timestamppb.New(text.ChangeDate),
-	}
-}

internal/api/grpc/admin/user_converter.go

@@ -2,92 +2,46 @@ package admin
 
 import (
 	"github.com/caos/logging"
+	user_grpc "github.com/caos/zitadel/internal/api/grpc/user"
 	"github.com/caos/zitadel/internal/domain"
-	"github.com/caos/zitadel/internal/eventstore/v1/models"
-	usr_model "github.com/caos/zitadel/internal/user/model"
-	"github.com/caos/zitadel/pkg/grpc/admin"
+	admin_grpc "github.com/caos/zitadel/pkg/grpc/admin"
 	"golang.org/x/text/language"
 )
 
-func userCreateRequestToDomain(user *admin.CreateUserRequest) (*domain.Human, *domain.Machine) {
-	if h := user.GetHuman(); h != nil {
-		human := humanCreateToDomain(h)
-		human.Username = user.UserName
-		return human, nil
-	}
-	if m := user.GetMachine(); m != nil {
-		machine := machineCreateToDomain(m)
-		machine.Username = user.UserName
-		return nil, machine
-	}
-	return nil, nil
-}
-
-func humanCreateToDomain(u *admin.CreateHumanRequest) *domain.Human {
-	preferredLanguage, err := language.Parse(u.PreferredLanguage)
-	logging.Log("GRPC-1ouQc").OnError(err).Debug("language malformed")
-
-	human := &domain.Human{
-		Profile: &domain.Profile{
-			FirstName:         u.FirstName,
-			LastName:          u.LastName,
-			NickName:          u.NickName,
-			PreferredLanguage: preferredLanguage,
-			Gender:            genderToDomain(u.Gender),
-		},
-		Email: &domain.Email{
-			EmailAddress:    u.Email,
-			IsEmailVerified: u.IsEmailVerified,
-		},
-		Address: &domain.Address{
-			Country:       u.Country,
-			Locality:      u.Locality,
-			PostalCode:    u.PostalCode,
-			Region:        u.Region,
-			StreetAddress: u.StreetAddress,
-		},
-	}
-	if u.Password != "" {
-		human.Password = &domain.Password{SecretString: u.Password}
-	}
-	if u.Phone != "" {
-		human.Phone = &domain.Phone{PhoneNumber: u.Phone, IsPhoneVerified: u.IsPhoneVerified}
-	}
-	return human
-}
-
-func genderToDomain(gender admin.Gender) domain.Gender {
-	switch gender {
-	case admin.Gender_GENDER_FEMALE:
-		return domain.GenderFemale
-	case admin.Gender_GENDER_MALE:
-		return domain.GenderMale
-	case admin.Gender_GENDER_DIVERSE:
-		return domain.GenderDiverse
-	default:
-		return domain.GenderUnspecified
+func setUpOrgHumanToDomain(human *admin_grpc.SetUpOrgRequest_Human) *domain.Human {
+	return &domain.Human{
+		Username: human.UserName,
+		Profile:  setUpOrgHumanProfileToDomain(human.Profile),
+		Email:    setUpOrgHumanEmailToDomain(human.Email),
+		Phone:    setUpOrgHumanPhoneToDomain(human.Phone),
 	}
 }
 
-func machineCreateToDomain(machine *admin.CreateMachineRequest) *domain.Machine {
-	return &domain.Machine{
-		Name:        machine.Name,
-		Description: machine.Description,
+func setUpOrgHumanProfileToDomain(profile *admin_grpc.SetUpOrgRequest_Human_Profile) *domain.Profile {
+	var lang language.Tag
+	lang, err := language.Parse(profile.PreferredLanguage)
+	logging.Log("ADMIN-tiMWs").OnError(err).Debug("unable to parse language")
+
+	return &domain.Profile{
+		FirstName:         profile.FirstName,
+		LastName:          profile.LastName,
+		NickName:          profile.NickName,
+		DisplayName:       profile.DisplayName,
+		PreferredLanguage: lang,
+		Gender:            user_grpc.GenderToDomain(profile.Gender),
 	}
 }
 
-func externalIDPViewsToDomain(idps []*usr_model.ExternalIDPView) []*domain.ExternalIDP {
-	externalIDPs := make([]*domain.ExternalIDP, len(idps))
-	for i, idp := range idps {
-		externalIDPs[i] = &domain.ExternalIDP{
-			ObjectRoot: models.ObjectRoot{
-				AggregateID:   idp.UserID,
-				ResourceOwner: idp.ResourceOwner,
-			},
-			IDPConfigID:    idp.IDPConfigID,
-			ExternalUserID: idp.ExternalUserID,
-			DisplayName:    idp.UserDisplayName,
-		}
+func setUpOrgHumanEmailToDomain(email *admin_grpc.SetUpOrgRequest_Human_Email) *domain.Email {
+	return &domain.Email{
+		EmailAddress:    email.Email,
+		IsEmailVerified: email.IsEmailVerified,
+	}
+}
+
+func setUpOrgHumanPhoneToDomain(phone *admin_grpc.SetUpOrgRequest_Human_Phone) *domain.Phone {
+	return &domain.Phone{
+		PhoneNumber:     phone.Phone,
+		IsPhoneVerified: phone.IsPhoneVerified,
 	}
-	return externalIDPs
 }

internal/api/grpc/admin/view.go

@@ -0,0 +1,23 @@
+package admin
+
+import (
+	"context"
+
+	admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
+)
+
+func (s *Server) ListViews(context.Context, *admin_pb.ListViewsRequest) (*admin_pb.ListViewsResponse, error) {
+	views, err := s.administrator.GetViews()
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.ListViewsResponse{Result: ViewsToPb(views)}, nil
+}
+
+func (s *Server) ClearView(ctx context.Context, req *admin_pb.ClearViewRequest) (*admin_pb.ClearViewResponse, error) {
+	err := s.administrator.ClearView(ctx, req.Database, req.ViewName)
+	if err != nil {
+		return nil, err
+	}
+	return &admin_pb.ClearViewResponse{}, nil
+}

internal/api/grpc/admin/view_converter.go

@@ -0,0 +1,32 @@
+package admin
+
+import (
+	"github.com/caos/logging"
+	"github.com/caos/zitadel/internal/view/model"
+	admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
+	"github.com/golang/protobuf/ptypes"
+)
+
+func ViewsToPb(views []*model.View) []*admin_pb.View {
+	v := make([]*admin_pb.View, len(views))
+	for i, view := range views {
+		v[i] = ViewToPb(view)
+	}
+	return v
+}
+
+func ViewToPb(view *model.View) *admin_pb.View {
+	lastSuccessfulSpoolerRun, err := ptypes.TimestampProto(view.LastSuccessfulSpoolerRun)
+	logging.Log("ADMIN-4zs01").OnError(err).Debug("unable to parse last successful spooler run")
+
+	eventTs, err := ptypes.TimestampProto(view.EventTimestamp)
+	logging.Log("ADMIN-q2Wzj").OnError(err).Debug("unable to parse event timestamp")
+
+	return &admin_pb.View{
+		Database:                 view.Database,
+		ViewName:                 view.ViewName,
+		LastSuccessfulSpoolerRun: lastSuccessfulSpoolerRun,
+		ProcessedSequence:        view.CurrentSequence,
+		EventTimestamp:           eventTs,
+	}
+}