TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 00:57:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: protos refactoring

Browse Source 
* start with user

* user first try done in all services

* user, org, idp for discussion

* remove unused stuff

* bla

* dockerbuild

* rename search, get multiple to list...

* add annotation

* update proto dependencies

* update proto dependencies

* change proto imports

* replace all old imports

* fix go out

* remove unused lines

* correct protoc flags

* grpc and openapi flags

* go out source path relative

* -p

* remove dead code

* sourcepath relative

* ls

* is onenapi the problem?

* hobla

* authoption output

* wrong field name

* gopf

* correct option, add correct flags

* small improvments

* SIMPLYFY

* relative path

* gopf bin ich en tubel

* correct path

* default policies in admin

* grpc generation in one file

* remove non ascii

* metadata on manipulations

* correct auth_option import

* fixes

* larry

* idp provider to idp

* fix generate

* admin and auth nearly done

* admin and auth nearly done

* gen

* healthz

* imports

* deleted too much imports

* fix org

* add import

* imports

* import

* naming

* auth_opt

* gopf

* management

* imports

* _TYPE_UNSPECIFIED

* improts

* auth opts

* management policies

* imports

* passwordlessType to MFAType

* auth_opt

* add user grant calls

* add missing messages

* result

* fix option

* improvements

* ids

* fix http

* imports

* fixes

* fields

* body

* add fields

* remove wrong member query

* fix request response

* fixes

* add copy files

* variable versions

* generate all files

* improvements

* add dependencies

* factors

* user session

* oidc information, iam

* remove unused file

* changes

* enums

* dockerfile

* fix build

* remove unused folder

* update readme for build

* move old server impl

* add event type to change

* some changes

* start admin

* remove wrong field

* admin only list calls missing

* fix proto numbers

* surprisingly it compiles

* service ts changes

* admin mgmt

* mgmt

* auth manipulation and gets done, lists missing

* validations and some field changes

* validations

* enum validations

* remove todo

* move proto files to proto/zitadel

* change proto path in dockerfile

* it compiles!

* add validate import

* remove duplicate import

* fix protos

* fix import

* tests

* cleanup

* remove unimplemented methods

* iam member multiple queries

* all auth and admin calls

* add initial password on crate human

* message names

* management user server

* machine done

* fix: todos (#1346)

* fix: pub sub in new eventstore

* fix: todos

* fix: todos

* fix: todos

* fix: todos

* fix: todos

* fix tests

* fix: search method domain

* admin service, user import type typescript

* admin changes

* admin changes

* fix: search method domain

* more user grpc and begin org, fix configs

* fix: return object details

* org grpc

* remove creation date add details

* app

* fix: return object details

* fix: return object details

* mgmt service, project members

* app

* fix: convert policies

* project, members, granted projects, searches

* fix: convert usergrants

* fix: convert usergrants

* auth user detail, user detail, mfa, second factor, auth

* fix: convert usergrants

* mfa, memberships, password, owned proj detail

* fix: convert usergrants

* project grant

* missing details

* changes, userview

* idp table, keys

* org list and user table filter

* unify rest paths (#1381)

* unify rest paths

* post for all searches,
mfa to multi_factor,
secondfactor to second_factor

* remove v1

* fix tests

* rename api client key to app key

* machine keys, age policy

* user list, machine keys, changes

* fix: org states

* add default flag to policy

* second factor to type

* idp id

* app type

* unify ListQuery, ListDetails, ObjectDetails field names

* user grants, apps, memberships

* fix type params

* metadata to detail, linke idps

* api create, membership, app detail, create

* idp, app, policy

* queries, multi -> auth factors and missing fields

* update converters

* provider to user, remove old mgmt refs

* temp remove authfactor dialog, build finish

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com>
This commit is contained in:
Silvan
2021-03-09 10:30:11 +01:00
committed by GitHub
parent 9f417f3957
commit dabd5920dc
372 changed files with 17881 additions and 22036 deletions
Download Patch File Download Diff File Expand all files Collapse all files

135
internal/api/grpc/management/application.go
View File

@@ -1,135 +0,0 @@
package management
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) SearchApplications(ctx context.Context, in *management.ApplicationSearchRequest) (*management.ApplicationSearchResponse, error) {
response, err := s.project.SearchApplications(ctx, applicationSearchRequestsToModel(in))
if err != nil {
return nil, err
}
return applicationSearchResponseFromModel(response), nil
}
func (s *Server) ApplicationByID(ctx context.Context, in *management.ApplicationID) (*management.ApplicationView, error) {
app, err := s.project.ApplicationByID(ctx, in.ProjectId, in.Id)
if err != nil {
return nil, err
}
return applicationViewFromModel(app), nil
}
func (s *Server) CreateOIDCApplication(ctx context.Context, in *management.OIDCApplicationCreate) (*management.Application, error) {
app, err := s.command.AddOIDCApplication(ctx, oidcAppCreateToDomain(in), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return oidcAppFromDomain(app), nil
}
func (s *Server) CreateAPIApplication(ctx context.Context, in *management.APIApplicationCreate) (*management.Application, error) {
app, err := s.command.AddAPIApplication(ctx, apiAppCreateToModel(in), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return apiAppFromDomain(app), nil
}
func (s *Server) UpdateApplication(ctx context.Context, in *management.ApplicationUpdate) (*management.Application, error) {
app, err := s.command.ChangeApplication(ctx, in.ProjectId, appUpdateToDomain(in), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return appFromDomain(app), nil
}
func (s *Server) DeactivateApplication(ctx context.Context, in *management.ApplicationID) (*empty.Empty, error) {
err := s.command.DeactivateApplication(ctx, in.ProjectId, in.Id, authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
}
func (s *Server) ReactivateApplication(ctx context.Context, in *management.ApplicationID) (*empty.Empty, error) {
err := s.command.ReactivateApplication(ctx, in.ProjectId, in.Id, authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
}
func (s *Server) RemoveApplication(ctx context.Context, in *management.ApplicationID) (*empty.Empty, error) {
err := s.command.RemoveApplication(ctx, in.ProjectId, in.Id, authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
}
func (s *Server) UpdateApplicationOIDCConfig(ctx context.Context, in *management.OIDCConfigUpdate) (*management.OIDCConfig, error) {
config, err := s.command.ChangeOIDCApplication(ctx, oidcConfigUpdateToDomain(in), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return oidcConfigFromDomain(config), nil
}
func (s *Server) UpdateApplicationAPIConfig(ctx context.Context, in *management.APIConfigUpdate) (*management.APIConfig, error) {
config, err := s.command.ChangeAPIApplication(ctx, apiConfigUpdateToDomain(in), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return apiConfigFromDomain(config), nil
}
func (s *Server) RegenerateOIDCClientSecret(ctx context.Context, in *management.ApplicationID) (*management.ClientSecret, error) {
config, err := s.command.ChangeOIDCApplicationSecret(ctx, in.ProjectId, in.Id, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &management.ClientSecret{ClientSecret: config.ClientSecretString}, nil
}
func (s *Server) RegenerateAPIClientSecret(ctx context.Context, in *management.ApplicationID) (*management.ClientSecret, error) {
config, err := s.command.ChangeAPIApplicationSecret(ctx, in.ProjectId, in.Id, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &management.ClientSecret{ClientSecret: config.ClientSecretString}, nil
}
func (s *Server) ApplicationChanges(ctx context.Context, changesRequest *management.ChangeRequest) (*management.Changes, error) {
response, err := s.project.ApplicationChanges(ctx, changesRequest.Id, changesRequest.SecId, changesRequest.SequenceOffset, changesRequest.Limit, changesRequest.Asc)
if err != nil {
return nil, err
}
return appChangesToResponse(response, changesRequest.GetSequenceOffset(), changesRequest.GetLimit()), nil
}
func (s *Server) SearchClientKeys(ctx context.Context, req *management.ClientKeySearchRequest) (*management.ClientKeySearchResponse, error) {
result, err := s.project.SearchClientKeys(ctx, clientKeySearchRequestToModel(req))
if err != nil {
return nil, err
}
return clientKeySearchResponseFromModel(result), nil
}
func (s *Server) GetClientKey(ctx context.Context, req *management.ClientKeyIDRequest) (*management.ClientKeyView, error) {
key, err := s.project.GetClientKey(ctx, req.ProjectId, req.ApplicationId, req.KeyId)
if err != nil {
return nil, err
}
return clientKeyViewFromModel(key), nil
}
func (s *Server) AddClientKey(ctx context.Context, req *management.AddClientKeyRequest) (*management.AddClientKeyResponse, error) {
key, err := s.command.AddApplicationKey(ctx, addClientKeyToDomain(req), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return addClientKeyFromDomain(key), nil
}
func (s *Server) DeleteClientKey(ctx context.Context, req *management.ClientKeyIDRequest) (*empty.Empty, error) {
err := s.command.RemoveApplicationKey(ctx, req.ProjectId, req.ApplicationId, req.KeyId, authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
}

736
internal/api/grpc/management/application_converter.go
View File

@@ -1,736 +0,0 @@
package management
import (
"encoding/json"
"time"
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
"google.golang.org/protobuf/encoding/protojson"
"google.golang.org/protobuf/types/known/durationpb"
"google.golang.org/protobuf/types/known/structpb"
"google.golang.org/protobuf/types/known/timestamppb"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/eventstore/v1/models"
key_model "github.com/caos/zitadel/internal/key/model"
proj_model "github.com/caos/zitadel/internal/project/model"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/caos/zitadel/pkg/grpc/message"
)
func appFromDomain(app domain.Application) *management.Application {
return &management.Application{
Id: app.GetAppID(),
State: appStateFromDomain(app.GetState()),
Name: app.GetApplicationName(),
}
}
func appFromModel(app *proj_model.Application) *management.Application {
changeDate, err := ptypes.TimestampProto(app.ChangeDate)
logging.Log("GRPC-di7rw").OnError(err).Debug("unable to parse timestamp")
return &management.Application{
Id: app.AppID,
State: appStateFromModel(app.State),
ChangeDate: changeDate,
Name: app.Name,
Sequence: app.Sequence,
AppConfig: appConfigFromModel(app),
}
}
func appConfigFromModel(app *proj_model.Application) management.AppConfig {
if app.Type == proj_model.AppTypeAPI {
return &management.Application_ApiConfig{
ApiConfig: apiConfigFromModel(app.APIConfig),
}
}
return nil
}
func oidcAppFromDomain(app *domain.OIDCApp) *management.Application {
return &management.Application{
Id: app.AppID,
State: appStateFromDomain(app.State),
ChangeDate: timestamppb.New(app.ChangeDate),
Name: app.AppName,
Sequence: app.Sequence,
AppConfig: oidcAppConfigFromDomain(app),
}
}
func apiAppFromDomain(app *domain.APIApp) *management.Application {
return &management.Application{
Id: app.AppID,
State: appStateFromDomain(app.State),
ChangeDate: timestamppb.New(app.ChangeDate),
Name: app.AppName,
Sequence: app.Sequence,
AppConfig: apiAppConfigFromDomain(app),
}
}
func oidcAppConfigFromDomain(app *domain.OIDCApp) management.AppConfig {
return &management.Application_OidcConfig{
OidcConfig: oidcConfigFromDomain(app),
}
}
func apiAppConfigFromDomain(app *domain.APIApp) management.AppConfig {
return &management.Application_ApiConfig{
ApiConfig: apiConfigFromDomain(app),
}
}
func oidcConfigFromDomain(config *domain.OIDCApp) *management.OIDCConfig {
return &management.OIDCConfig{
RedirectUris: config.RedirectUris,
ResponseTypes: oidcResponseTypesFromDomain(config.ResponseTypes),
GrantTypes: oidcGrantTypesFromDomain(config.GrantTypes),
ApplicationType: oidcApplicationTypeFromDomain(config.ApplicationType),
ClientId: config.ClientID,
ClientSecret: config.ClientSecretString,
AuthMethodType: oidcAuthMethodTypeFromDomain(config.AuthMethodType),
PostLogoutRedirectUris: config.PostLogoutRedirectUris,
Version: oidcVersionFromDomain(config.OIDCVersion),
NoneCompliant: config.Compliance.NoneCompliant,
ComplianceProblems: complianceProblemsToLocalizedMessages(config.Compliance.Problems),
DevMode: config.DevMode,
AccessTokenType: oidcTokenTypeFromDomain(config.AccessTokenType),
AccessTokenRoleAssertion: config.AccessTokenRoleAssertion,
IdTokenRoleAssertion: config.IDTokenRoleAssertion,
IdTokenUserinfoAssertion: config.IDTokenUserinfoAssertion,
ClockSkew: durationpb.New(config.ClockSkew),
}
}
func apiConfigFromDomain(config *domain.APIApp) *management.APIConfig {
return &management.APIConfig{
ClientId: config.ClientID,
ClientSecret: config.ClientSecretString,
AuthMethodType: apiAuthMethodTypeFromDomain(config.AuthMethodType),
}
}
func apiConfigFromModel(config *proj_model.APIConfig) *management.APIConfig {
return &management.APIConfig{
ClientId: config.ClientID,
ClientSecret: config.ClientSecretString,
AuthMethodType: apiAuthMethodTypeFromModel(config.AuthMethodType),
}
}
func oidcConfigFromApplicationViewModel(app *proj_model.ApplicationView) *management.OIDCConfig {
return &management.OIDCConfig{
RedirectUris: app.OIDCRedirectUris,
ResponseTypes: oidcResponseTypesFromModel(app.OIDCResponseTypes),
GrantTypes: oidcGrantTypesFromModel(app.OIDCGrantTypes),
ApplicationType: oidcApplicationTypeFromModel(app.OIDCApplicationType),
ClientId: app.OIDCClientID,
AuthMethodType: oidcAuthMethodTypeFromModel(app.OIDCAuthMethodType),
PostLogoutRedirectUris: app.OIDCPostLogoutRedirectUris,
Version: oidcVersionFromDomain(domain.OIDCVersion(app.OIDCVersion)),
NoneCompliant: app.NoneCompliant,
ComplianceProblems: complianceProblemsToLocalizedMessages(app.ComplianceProblems),
DevMode: app.DevMode,
AccessTokenType: oidcTokenTypeFromDomain(domain.OIDCTokenType(app.AccessTokenType)),
AccessTokenRoleAssertion: app.AccessTokenRoleAssertion,
IdTokenRoleAssertion: app.IDTokenRoleAssertion,
IdTokenUserinfoAssertion: app.IDTokenUserinfoAssertion,
ClockSkew: durationpb.New(app.ClockSkew),
}
}
func apiConfigFromApplicationViewModel(app *proj_model.ApplicationView) *management.APIConfig {
return &management.APIConfig{
ClientId: app.OIDCClientID,
AuthMethodType: apiAuthMethodTypeFromModel(proj_model.APIAuthMethodType(app.OIDCAuthMethodType)),
}
}
func complianceProblemsToLocalizedMessages(problems []string) []*message.LocalizedMessage {
converted := make([]*message.LocalizedMessage, len(problems))
for i, p := range problems {
converted[i] = message.NewLocalizedMessage(p)
}
return converted
}
func oidcAppCreateToDomain(app *management.OIDCApplicationCreate) *domain.OIDCApp {
return &domain.OIDCApp{
ObjectRoot: models.ObjectRoot{
AggregateID: app.ProjectId,
},
AppName: app.Name,
OIDCVersion: oidcVersionToDomain(app.Version),
RedirectUris: app.RedirectUris,
ResponseTypes: oidcResponseTypesToDomain(app.ResponseTypes),
GrantTypes: oidcGrantTypesToDomain(app.GrantTypes),
ApplicationType: oidcApplicationTypeToDomain(app.ApplicationType),
AuthMethodType: oidcAuthMethodTypeToDomain(app.AuthMethodType),
PostLogoutRedirectUris: app.PostLogoutRedirectUris,
DevMode: app.DevMode,
AccessTokenType: oidcTokenTypeToDomain(app.AccessTokenType),
AccessTokenRoleAssertion: app.AccessTokenRoleAssertion,
IDTokenRoleAssertion: app.IdTokenRoleAssertion,
IDTokenUserinfoAssertion: app.IdTokenUserinfoAssertion,
ClockSkew: app.ClockSkew.AsDuration(),
}
}
func apiAppCreateToModel(app *management.APIApplicationCreate) *domain.APIApp {
return &domain.APIApp{
ObjectRoot: models.ObjectRoot{
AggregateID: app.ProjectId,
},
AppName: app.Name,
AuthMethodType: apiAuthMethodTypeToDomain(app.AuthMethodType),
}
}
func appUpdateToDomain(app *management.ApplicationUpdate) domain.Application {
return &domain.ChangeApp{
AppID: app.Id,
AppName: app.Name,
}
}
func oidcConfigUpdateToDomain(app *management.OIDCConfigUpdate) *domain.OIDCApp {
return &domain.OIDCApp{
ObjectRoot: models.ObjectRoot{
AggregateID: app.ProjectId,
},
AppID: app.ApplicationId,
RedirectUris: app.RedirectUris,
ResponseTypes: oidcResponseTypesToDomain(app.ResponseTypes),
GrantTypes: oidcGrantTypesToDomain(app.GrantTypes),
ApplicationType: oidcApplicationTypeToDomain(app.ApplicationType),
AuthMethodType: oidcAuthMethodTypeToDomain(app.AuthMethodType),
PostLogoutRedirectUris: app.PostLogoutRedirectUris,
DevMode: app.DevMode,
AccessTokenType: oidcTokenTypeToDomain(app.AccessTokenType),
AccessTokenRoleAssertion: app.AccessTokenRoleAssertion,
IDTokenRoleAssertion: app.IdTokenRoleAssertion,
IDTokenUserinfoAssertion: app.IdTokenUserinfoAssertion,
ClockSkew: app.ClockSkew.AsDuration(),
}
}
func apiConfigUpdateToDomain(app *management.APIConfigUpdate) *domain.APIApp {
return &domain.APIApp{
ObjectRoot: models.ObjectRoot{
AggregateID: app.ProjectId,
},
AppID: app.ApplicationId,
AuthMethodType: apiAuthMethodTypeToDomain(app.AuthMethodType),
}
}
func addClientKeyToDomain(key *management.AddClientKeyRequest) *domain.ApplicationKey {
expirationDate := time.Time{}
if key.ExpirationDate != nil {
expirationDate = key.ExpirationDate.AsTime()
}
return &domain.ApplicationKey{
ObjectRoot: models.ObjectRoot{
AggregateID: key.ProjectId,
},
ExpirationDate: expirationDate,
Type: authNKeyTypeToDomain(key.Type),
ApplicationID: key.ApplicationId,
}
}
func addClientKeyFromDomain(key *domain.ApplicationKey) *management.AddClientKeyResponse {
detail, err := key.Detail()
logging.Log("MANAG-adt42").OnError(err).Warn("unable to marshal key")
return &management.AddClientKeyResponse{
Id: key.KeyID,
CreationDate: timestamppb.New(key.CreationDate),
ExpirationDate: timestamppb.New(key.ExpirationDate),
Sequence: key.Sequence,
KeyDetails: detail,
Type: authNKeyTypeFromDomain(key.Type),
}
}
func applicationSearchRequestsToModel(request *management.ApplicationSearchRequest) *proj_model.ApplicationSearchRequest {
return &proj_model.ApplicationSearchRequest{
Offset: request.Offset,
Limit: request.Limit,
Queries: applicationSearchQueriesToModel(request.ProjectId, request.Queries),
}
}
func applicationSearchQueriesToModel(projectID string, queries []*management.ApplicationSearchQuery) []*proj_model.ApplicationSearchQuery {
converted := make([]*proj_model.ApplicationSearchQuery, len(queries)+1)
for i, q := range queries {
converted[i] = applicationSearchQueryToModel(q)
}
converted[len(queries)] = &proj_model.ApplicationSearchQuery{Key: proj_model.AppSearchKeyProjectID, Method: domain.SearchMethodEquals, Value: projectID}
return converted
}
func applicationSearchQueryToModel(query *management.ApplicationSearchQuery) *proj_model.ApplicationSearchQuery {
return &proj_model.ApplicationSearchQuery{
Key: applicationSearchKeyToModel(query.Key),
Method: searchMethodToModel(query.Method),
Value: query.Value,
}
}
func applicationSearchKeyToModel(key management.ApplicationSearchKey) proj_model.AppSearchKey {
switch key {
case management.ApplicationSearchKey_APPLICATIONSEARCHKEY_APP_NAME:
return proj_model.AppSearchKeyName
default:
return proj_model.AppSearchKeyUnspecified
}
}
func applicationSearchResponseFromModel(response *proj_model.ApplicationSearchResponse) *management.ApplicationSearchResponse {
timestamp, err := ptypes.TimestampProto(response.Timestamp)
logging.Log("GRPC-Lp06f").OnError(err).Debug("unable to parse timestamp")
return &management.ApplicationSearchResponse{
Offset: response.Offset,
Limit: response.Limit,
TotalResult: response.TotalResult,
Result: applicationViewsFromModel(response.Result),
ProcessedSequence: response.Sequence,
ViewTimestamp: timestamp,
}
}
func applicationViewsFromModel(apps []*proj_model.ApplicationView) []*management.ApplicationView {
converted := make([]*management.ApplicationView, len(apps))
for i, app := range apps {
converted[i] = applicationViewFromModel(app)
}
return converted
}
func applicationViewFromModel(application *proj_model.ApplicationView) *management.ApplicationView {
creationDate, err := ptypes.TimestampProto(application.CreationDate)
logging.Log("GRPC-lo9sw").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(application.ChangeDate)
logging.Log("GRPC-8uwsd").OnError(err).Debug("unable to parse timestamp")
converted := &management.ApplicationView{
Id: application.ID,
State: appStateFromModel(application.State),
CreationDate: creationDate,
ChangeDate: changeDate,
Name: application.Name,
Sequence: application.Sequence,
}
if application.IsOIDC {
converted.AppConfig = &management.ApplicationView_OidcConfig{
OidcConfig: oidcConfigFromApplicationViewModel(application),
}
} else {
converted.AppConfig = &management.ApplicationView_ApiConfig{
ApiConfig: apiConfigFromApplicationViewModel(application),
}
}
return converted
}
func appStateFromDomain(state domain.AppState) management.AppState {
switch state {
case domain.AppStateActive:
return management.AppState_APPSTATE_ACTIVE
case domain.AppStateInactive:
return management.AppState_APPSTATE_INACTIVE
default:
return management.AppState_APPSTATE_UNSPECIFIED
}
}
func appStateFromModel(state proj_model.AppState) management.AppState {
switch state {
case proj_model.AppStateActive:
return management.AppState_APPSTATE_ACTIVE
case proj_model.AppStateInactive:
return management.AppState_APPSTATE_INACTIVE
default:
return management.AppState_APPSTATE_UNSPECIFIED
}
}
func oidcResponseTypesToDomain(responseTypes []management.OIDCResponseType) []domain.OIDCResponseType {
if responseTypes == nil || len(responseTypes) == 0 {
return []domain.OIDCResponseType{domain.OIDCResponseTypeCode}
}
oidcResponseTypes := make([]domain.OIDCResponseType, len(responseTypes))
for i, responseType := range responseTypes {
switch responseType {
case management.OIDCResponseType_OIDCRESPONSETYPE_CODE:
oidcResponseTypes[i] = domain.OIDCResponseTypeCode
case management.OIDCResponseType_OIDCRESPONSETYPE_ID_TOKEN:
oidcResponseTypes[i] = domain.OIDCResponseTypeIDToken
case management.OIDCResponseType_OIDCRESPONSETYPE_ID_TOKEN_TOKEN:
oidcResponseTypes[i] = domain.OIDCResponseTypeIDTokenToken
}
}
return oidcResponseTypes
}
func oidcResponseTypesFromDomain(responseTypes []domain.OIDCResponseType) []management.OIDCResponseType {
oidcResponseTypes := make([]management.OIDCResponseType, len(responseTypes))
for i, responseType := range responseTypes {
switch responseType {
case domain.OIDCResponseTypeCode:
oidcResponseTypes[i] = management.OIDCResponseType_OIDCRESPONSETYPE_CODE
case domain.OIDCResponseTypeIDToken:
oidcResponseTypes[i] = management.OIDCResponseType_OIDCRESPONSETYPE_ID_TOKEN
case domain.OIDCResponseTypeIDTokenToken:
oidcResponseTypes[i] = management.OIDCResponseType_OIDCRESPONSETYPE_ID_TOKEN_TOKEN
}
}
return oidcResponseTypes
}
func oidcResponseTypesFromModel(responseTypes []proj_model.OIDCResponseType) []management.OIDCResponseType {
oidcResponseTypes := make([]management.OIDCResponseType, len(responseTypes))
for i, responseType := range responseTypes {
switch responseType {
case proj_model.OIDCResponseTypeCode:
oidcResponseTypes[i] = management.OIDCResponseType_OIDCRESPONSETYPE_CODE
case proj_model.OIDCResponseTypeIDToken:
oidcResponseTypes[i] = management.OIDCResponseType_OIDCRESPONSETYPE_ID_TOKEN
case proj_model.OIDCResponseTypeIDTokenToken:
oidcResponseTypes[i] = management.OIDCResponseType_OIDCRESPONSETYPE_ID_TOKEN_TOKEN
}
}
return oidcResponseTypes
}
func oidcGrantTypesToDomain(grantTypes []management.OIDCGrantType) []domain.OIDCGrantType {
if grantTypes == nil || len(grantTypes) == 0 {
return []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode}
}
oidcGrantTypes := make([]domain.OIDCGrantType, len(grantTypes))
for i, grantType := range grantTypes {
switch grantType {
case management.OIDCGrantType_OIDCGRANTTYPE_AUTHORIZATION_CODE:
oidcGrantTypes[i] = domain.OIDCGrantTypeAuthorizationCode
case management.OIDCGrantType_OIDCGRANTTYPE_IMPLICIT:
oidcGrantTypes[i] = domain.OIDCGrantTypeImplicit
case management.OIDCGrantType_OIDCGRANTTYPE_REFRESH_TOKEN:
oidcGrantTypes[i] = domain.OIDCGrantTypeRefreshToken
}
}
return oidcGrantTypes
}
func oidcGrantTypesFromDomain(grantTypes []domain.OIDCGrantType) []management.OIDCGrantType {
oidcGrantTypes := make([]management.OIDCGrantType, len(grantTypes))
for i, grantType := range grantTypes {
switch grantType {
case domain.OIDCGrantTypeAuthorizationCode:
oidcGrantTypes[i] = management.OIDCGrantType_OIDCGRANTTYPE_AUTHORIZATION_CODE
case domain.OIDCGrantTypeImplicit:
oidcGrantTypes[i] = management.OIDCGrantType_OIDCGRANTTYPE_IMPLICIT
case domain.OIDCGrantTypeRefreshToken:
oidcGrantTypes[i] = management.OIDCGrantType_OIDCGRANTTYPE_REFRESH_TOKEN
}
}
return oidcGrantTypes
}
func oidcGrantTypesFromModel(grantTypes []proj_model.OIDCGrantType) []management.OIDCGrantType {
oidcGrantTypes := make([]management.OIDCGrantType, len(grantTypes))
for i, grantType := range grantTypes {
switch grantType {
case proj_model.OIDCGrantTypeAuthorizationCode:
oidcGrantTypes[i] = management.OIDCGrantType_OIDCGRANTTYPE_AUTHORIZATION_CODE
case proj_model.OIDCGrantTypeImplicit:
oidcGrantTypes[i] = management.OIDCGrantType_OIDCGRANTTYPE_IMPLICIT
case proj_model.OIDCGrantTypeRefreshToken:
oidcGrantTypes[i] = management.OIDCGrantType_OIDCGRANTTYPE_REFRESH_TOKEN
}
}
return oidcGrantTypes
}
func oidcApplicationTypeToDomain(appType management.OIDCApplicationType) domain.OIDCApplicationType {
switch appType {
case management.OIDCApplicationType_OIDCAPPLICATIONTYPE_WEB:
return domain.OIDCApplicationTypeWeb
case management.OIDCApplicationType_OIDCAPPLICATIONTYPE_USER_AGENT:
return domain.OIDCApplicationTypeUserAgent
case management.OIDCApplicationType_OIDCAPPLICATIONTYPE_NATIVE:
return domain.OIDCApplicationTypeNative
}
return domain.OIDCApplicationTypeWeb
}
func oidcVersionToDomain(version management.OIDCVersion) domain.OIDCVersion {
switch version {
case management.OIDCVersion_OIDCV1_0:
return domain.OIDCVersionV1
}
return domain.OIDCVersionV1
}
func oidcApplicationTypeFromDomain(appType domain.OIDCApplicationType) management.OIDCApplicationType {
switch appType {
case domain.OIDCApplicationTypeWeb:
return management.OIDCApplicationType_OIDCAPPLICATIONTYPE_WEB
case domain.OIDCApplicationTypeUserAgent:
return management.OIDCApplicationType_OIDCAPPLICATIONTYPE_USER_AGENT
case domain.OIDCApplicationTypeNative:
return management.OIDCApplicationType_OIDCAPPLICATIONTYPE_NATIVE
default:
return management.OIDCApplicationType_OIDCAPPLICATIONTYPE_WEB
}
}
func oidcApplicationTypeFromModel(appType proj_model.OIDCApplicationType) management.OIDCApplicationType {
switch appType {
case proj_model.OIDCApplicationTypeWeb:
return management.OIDCApplicationType_OIDCAPPLICATIONTYPE_WEB
case proj_model.OIDCApplicationTypeUserAgent:
return management.OIDCApplicationType_OIDCAPPLICATIONTYPE_USER_AGENT
case proj_model.OIDCApplicationTypeNative:
return management.OIDCApplicationType_OIDCAPPLICATIONTYPE_NATIVE
default:
return management.OIDCApplicationType_OIDCAPPLICATIONTYPE_WEB
}
}
func oidcAuthMethodTypeToDomain(authType management.OIDCAuthMethodType) domain.OIDCAuthMethodType {
switch authType {
case management.OIDCAuthMethodType_OIDCAUTHMETHODTYPE_BASIC:
return domain.OIDCAuthMethodTypeBasic
case management.OIDCAuthMethodType_OIDCAUTHMETHODTYPE_POST:
return domain.OIDCAuthMethodTypePost
case management.OIDCAuthMethodType_OIDCAUTHMETHODTYPE_NONE:
return domain.OIDCAuthMethodTypeNone
case management.OIDCAuthMethodType_OIDCAUTHMETHODTYPE_PRIVATE_KEY_JWT:
return domain.OIDCAuthMethodTypePrivateKeyJWT
default:
return domain.OIDCAuthMethodTypeBasic
}
}
func oidcAuthMethodTypeFromDomain(authType domain.OIDCAuthMethodType) management.OIDCAuthMethodType {
switch authType {
case domain.OIDCAuthMethodTypeBasic:
return management.OIDCAuthMethodType_OIDCAUTHMETHODTYPE_BASIC
case domain.OIDCAuthMethodTypePost:
return management.OIDCAuthMethodType_OIDCAUTHMETHODTYPE_POST
case domain.OIDCAuthMethodTypeNone:
return management.OIDCAuthMethodType_OIDCAUTHMETHODTYPE_NONE
case domain.OIDCAuthMethodTypePrivateKeyJWT:
return management.OIDCAuthMethodType_OIDCAUTHMETHODTYPE_PRIVATE_KEY_JWT
default:
return management.OIDCAuthMethodType_OIDCAUTHMETHODTYPE_BASIC
}
}
func apiAuthMethodTypeToDomain(authType management.APIAuthMethodType) domain.APIAuthMethodType {
switch authType {
case management.APIAuthMethodType_APIAUTHMETHODTYPE_BASIC:
return domain.APIAuthMethodTypeBasic
case management.APIAuthMethodType_APIAUTHMETHODTYPE_PRIVATE_KEY_JWT:
return domain.APIAuthMethodTypePrivateKeyJWT
default:
return domain.APIAuthMethodTypeBasic
}
}
func apiAuthMethodTypeFromDomain(authType domain.APIAuthMethodType) management.APIAuthMethodType {
switch authType {
case domain.APIAuthMethodTypeBasic:
return management.APIAuthMethodType_APIAUTHMETHODTYPE_BASIC
case domain.APIAuthMethodTypePrivateKeyJWT:
return management.APIAuthMethodType_APIAUTHMETHODTYPE_PRIVATE_KEY_JWT
default:
return management.APIAuthMethodType_APIAUTHMETHODTYPE_BASIC
}
}
func oidcAuthMethodTypeFromModel(authType proj_model.OIDCAuthMethodType) management.OIDCAuthMethodType {
switch authType {
case proj_model.OIDCAuthMethodTypeBasic:
return management.OIDCAuthMethodType_OIDCAUTHMETHODTYPE_BASIC
case proj_model.OIDCAuthMethodTypePost:
return management.OIDCAuthMethodType_OIDCAUTHMETHODTYPE_POST
case proj_model.OIDCAuthMethodTypeNone:
return management.OIDCAuthMethodType_OIDCAUTHMETHODTYPE_NONE
case proj_model.OIDCAuthMethodTypePrivateKeyJWT:
return management.OIDCAuthMethodType_OIDCAUTHMETHODTYPE_PRIVATE_KEY_JWT
default:
return management.OIDCAuthMethodType_OIDCAUTHMETHODTYPE_BASIC
}
}
func oidcTokenTypeToDomain(tokenType management.OIDCTokenType) domain.OIDCTokenType {
switch tokenType {
case management.OIDCTokenType_OIDCTokenType_Bearer:
return domain.OIDCTokenTypeBearer
case management.OIDCTokenType_OIDCTokenType_JWT:
return domain.OIDCTokenTypeJWT
default:
return domain.OIDCTokenTypeBearer
}
}
func oidcTokenTypeFromDomain(tokenType domain.OIDCTokenType) management.OIDCTokenType {
switch tokenType {
case domain.OIDCTokenTypeBearer:
return management.OIDCTokenType_OIDCTokenType_Bearer
case domain.OIDCTokenTypeJWT:
return management.OIDCTokenType_OIDCTokenType_JWT
default:
return management.OIDCTokenType_OIDCTokenType_Bearer
}
}
func apiAuthMethodTypeFromModel(authType proj_model.APIAuthMethodType) management.APIAuthMethodType {
switch authType {
case proj_model.APIAuthMethodTypeBasic:
return management.APIAuthMethodType_APIAUTHMETHODTYPE_BASIC
case proj_model.APIAuthMethodTypePrivateKeyJWT:
return management.APIAuthMethodType_APIAUTHMETHODTYPE_PRIVATE_KEY_JWT
default:
return management.APIAuthMethodType_APIAUTHMETHODTYPE_BASIC
}
}
func oidcVersionFromDomain(version domain.OIDCVersion) management.OIDCVersion {
switch version {
case domain.OIDCVersionV1:
return management.OIDCVersion_OIDCV1_0
default:
return management.OIDCVersion_OIDCV1_0
}
}
func authNKeyTypeToDomain(keyType management.AuthNKeyType) domain.AuthNKeyType {
switch keyType {
case management.AuthNKeyType_AUTHNKEY_JSON:
return domain.AuthNKeyTypeJSON
default:
return domain.AuthNKeyTypeNONE
}
}
func authNKeyTypeFromDomain(typ domain.AuthNKeyType) management.AuthNKeyType {
switch typ {
case domain.AuthNKeyTypeJSON:
return management.AuthNKeyType_AUTHNKEY_JSON
default:
return management.AuthNKeyType_AUTHNKEY_UNSPECIFIED
}
}
func appChangesToResponse(response *proj_model.ApplicationChanges, offset uint64, limit uint64) (_ *management.Changes) {
return &management.Changes{
Limit: limit,
Offset: offset,
Changes: appChangesToMgtAPI(response),
}
}
func appChangesToMgtAPI(changes *proj_model.ApplicationChanges) (_ []*management.Change) {
result := make([]*management.Change, len(changes.Changes))
for i, change := range changes.Changes {
b, err := json.Marshal(change.Data)
data := &structpb.Struct{}
err = protojson.Unmarshal(b, data)
if err != nil {
}
result[i] = &management.Change{
ChangeDate: change.ChangeDate,
EventType: message.NewLocalizedEventType(change.EventType),
Sequence: change.Sequence,
Editor: change.ModifierName,
EditorId: change.ModifierId,
Data: data,
}
}
return result
}
func clientKeyViewsFromModel(keys ...*key_model.AuthNKeyView) []*management.ClientKeyView {
keyViews := make([]*management.ClientKeyView, len(keys))
for i, key := range keys {
keyViews[i] = clientKeyViewFromModel(key)
}
return keyViews
}
func clientKeyViewFromModel(key *key_model.AuthNKeyView) *management.ClientKeyView {
creationDate, err := ptypes.TimestampProto(key.CreationDate)
logging.Log("MANAG-DAs2t").OnError(err).Debug("unable to parse timestamp")
expirationDate, err := ptypes.TimestampProto(key.ExpirationDate)
logging.Log("MANAG-BDgh4").OnError(err).Debug("unable to parse timestamp")
return &management.ClientKeyView{
Id: key.ID,
CreationDate: creationDate,
ExpirationDate: expirationDate,
Sequence: key.Sequence,
Type: authNKeyTypeFromModel(key.Type),
}
}
func authNKeyTypeFromModel(typ key_model.AuthNKeyType) management.AuthNKeyType {
switch typ {
case key_model.AuthNKeyTypeJSON:
return management.AuthNKeyType_AUTHNKEY_JSON
default:
return management.AuthNKeyType_AUTHNKEY_UNSPECIFIED
}
}
func clientKeySearchRequestToModel(req *management.ClientKeySearchRequest) *key_model.AuthNKeySearchRequest {
return &key_model.AuthNKeySearchRequest{
Offset: req.Offset,
Limit: req.Limit,
Asc: req.Asc,
Queries: []*key_model.AuthNKeySearchQuery{
{
Key: key_model.AuthNKeyObjectType,
Method: domain.SearchMethodEquals,
Value: key_model.AuthNKeyObjectTypeApplication,
}, {
Key: key_model.AuthNKeyObjectID,
Method: domain.SearchMethodEquals,
Value: req.ApplicationId,
},
},
}
}
func clientKeySearchResponseFromModel(req *key_model.AuthNKeySearchResponse) *management.ClientKeySearchResponse {
viewTimestamp, err := ptypes.TimestampProto(req.Timestamp)
logging.Log("MANAG-Sk9ds").OnError(err).Debug("unable to parse cretaion date")
return &management.ClientKeySearchResponse{
Offset: req.Offset,
Limit: req.Limit,
TotalResult: req.TotalResult,
ProcessedSequence: req.Sequence,
ViewTimestamp: viewTimestamp,
Result: clientKeyViewsFromModel(req.Result...),
}
}

50
internal/api/grpc/management/gateway.go
View File

@@ -1,50 +0,0 @@
package management
import (
"strings"
"github.com/grpc-ecosystem/grpc-gateway/runtime"
grpc_util "github.com/caos/zitadel/internal/api/grpc"
"github.com/caos/zitadel/internal/api/grpc/server"
"github.com/caos/zitadel/pkg/grpc/management"
)
type Gateway struct {
grpcEndpoint string
port string
cutomHeaders []string
}
func StartGateway(conf grpc_util.GatewayConfig) *Gateway {
return &Gateway{
grpcEndpoint: conf.GRPCEndpoint,
port: conf.Port,
cutomHeaders: conf.CustomHeaders,
}
}
func (gw *Gateway) Gateway() server.GatewayFunc {
return management.RegisterManagementServiceHandlerFromEndpoint
}
func (gw *Gateway) GRPCEndpoint() string {
return ":" + gw.grpcEndpoint
}
func (gw *Gateway) GatewayPort() string {
return gw.port
}
func (gw *Gateway) GatewayServeMuxOptions() []runtime.ServeMuxOption {
return []runtime.ServeMuxOption{
runtime.WithIncomingHeaderMatcher(func(header string) (string, bool) {
for _, customHeader := range gw.cutomHeaders {
if strings.HasPrefix(strings.ToLower(header), customHeader) {
return header, true
}
}
return runtime.DefaultHeaderMatcher(header)
}),
}
}

11
internal/api/grpc/management/iam.go
View File

@@ -3,15 +3,16 @@ package management
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/pkg/grpc/management"
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) GetIam(ctx context.Context, _ *empty.Empty) (*management.Iam, error) {
func (s *Server) GetIAM(ctx context.Context, req *mgmt_pb.GetIAMRequest) (*mgmt_pb.GetIAMResponse, error) {
iam, err := s.project.GetIAMByID(ctx)
if err != nil {
return nil, err
}
return iamFromModel(iam), nil
return &mgmt_pb.GetIAMResponse{
GlobalOrgId: iam.GlobalOrgID,
IamProjectId: iam.IAMProjectID,
}, nil
}

36
internal/api/grpc/management/iam_converter.go
View File

@@ -1,36 +0,0 @@
package management
import (
"github.com/caos/zitadel/internal/domain"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/pkg/grpc/management"
)
func iamFromModel(iam *iam_model.IAM) *management.Iam {
return &management.Iam{
IamProjectId: iam.IAMProjectID,
GlobalOrgId: iam.GlobalOrgID,
SetUpDone: iamSetupStepFromModel(iam.SetUpDone),
SetUpStarted: iamSetupStepFromModel(iam.SetUpStarted),
}
}
func iamSetupStepFromModel(step domain.Step) management.IamSetupStep {
switch step {
case domain.Step1:
return management.IamSetupStep_iam_setup_step_1
case domain.Step2:
return management.IamSetupStep_iam_setup_step_2
// case iam_model.Step3:
// return management.IamSetupStep_iam_setup_step_3
// case iam_model.Step4:
// return management.IamSetupStep_iam_setup_step_4
// case iam_model.Step5:
// return management.IamSetupStep_iam_setup_step_5
// case iam_model.Step6:
// return management.IamSetupStep_iam_setup_step_6
default:
return management.IamSetupStep_iam_setup_step_UNDEFINED
}
}

35
internal/api/grpc/management/idp.go Normal file
View File

@@ -0,0 +1,35 @@
package management
import (
"context"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) GetOrgIDPByID(ctx context.Context, req *mgmt_pb.GetOrgIDPByIDRequest) (*mgmt_pb.GetOrgIDPByIDResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method GetOrgIDPByID not implemented")
}
func (s *Server) ListOrgIDPs(ctx context.Context, req *mgmt_pb.ListOrgIDPsRequest) (*mgmt_pb.ListOrgIDPsResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method ListOrgIDPs not implemented")
}
func (s *Server) AddOrgOIDCIDP(ctx context.Context, req *mgmt_pb.AddOrgOIDCIDPRequest) (*mgmt_pb.AddOrgOIDCIDPResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method AddOrgOIDCIDP not implemented")
}
func (s *Server) DeactivateOrgIDP(ctx context.Context, req *mgmt_pb.DeactivateOrgIDPRequest) (*mgmt_pb.DeactivateOrgIDPResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method DeactivateOrgIDP not implemented")
}
func (s *Server) ReactivateOrgIDP(ctx context.Context, req *mgmt_pb.ReactivateOrgIDPRequest) (*mgmt_pb.ReactivateOrgIDPResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method ReactivateOrgIDP not implemented")
}
func (s *Server) RemoveOrgIDP(ctx context.Context, req *mgmt_pb.RemoveOrgIDPRequest) (*mgmt_pb.RemoveOrgIDPResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method RemoveOrgIDP not implemented")
}
func (s *Server) UpdateOrgIDP(ctx context.Context, req *mgmt_pb.UpdateOrgIDPRequest) (*mgmt_pb.UpdateOrgIDPResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method UpdateOrgIDP not implemented")
}
func (s *Server) UpdateOrgIDPOIDCConfig(ctx context.Context, req *mgmt_pb.UpdateOrgIDPOIDCConfigRequest) (*mgmt_pb.UpdateOrgIDPOIDCConfigResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method UpdateOrgIDPOIDCConfig not implemented")
}

77
internal/api/grpc/management/idp_config.go
View File

@@ -1,77 +0,0 @@
package management
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) IdpByID(ctx context.Context, id *management.IdpID) (*management.IdpView, error) {
config, err := s.org.IDPConfigByID(ctx, id.Id)
if err != nil {
return nil, err
}
return idpViewFromModel(config), nil
}
func (s *Server) CreateOidcIdp(ctx context.Context, oidcIdpConfig *management.OidcIdpConfigCreate) (*management.Idp, error) {
config, err := s.command.AddIDPConfig(ctx, createOidcIdpToDomain(oidcIdpConfig))
if err != nil {
return nil, err
}
return idpFromDomain(config), nil
}
func (s *Server) UpdateIdpConfig(ctx context.Context, idpConfig *management.IdpUpdate) (*management.Idp, error) {
config, err := s.command.ChangeIDPConfig(ctx, updateIdpToDomain(ctx, idpConfig))
if err != nil {
return nil, err
}
return idpFromDomain(config), nil
}
func (s *Server) DeactivateIdpConfig(ctx context.Context, id *management.IdpID) (*empty.Empty, error) {
err := s.command.DeactivateIDPConfig(ctx, id.Id, authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
}
func (s *Server) ReactivateIdpConfig(ctx context.Context, id *management.IdpID) (*empty.Empty, error) {
err := s.command.ReactivateIDPConfig(ctx, id.Id, authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
}
func (s *Server) RemoveIdpConfig(ctx context.Context, id *management.IdpID) (*empty.Empty, error) {
externalIdps, err := s.user.ExternalIDPsByIDPConfigIDAndResourceOwner(ctx, id.Id, authz.GetCtxData(ctx).OrgID)
if err != nil {
return &empty.Empty{}, err
}
providers, err := s.org.GetIDPProvidersByIDPConfigID(ctx, authz.GetCtxData(ctx).OrgID, id.Id)
if err != nil {
return &empty.Empty{}, err
}
err = s.command.RemoveIDPConfig(ctx, id.Id, authz.GetCtxData(ctx).OrgID, len(providers) > 0, externalIDPViewsToDomain(externalIdps)...)
return &empty.Empty{}, err
}
func (s *Server) UpdateOidcIdpConfig(ctx context.Context, request *management.OidcIdpConfigUpdate) (*management.OidcIdpConfig, error) {
config, err := s.command.ChangeIDPOIDCConfig(ctx, updateOidcIdpToDomain(ctx, request))
if err != nil {
return nil, err
}
return oidcIdpConfigFromDomain(config), nil
}
func (s *Server) SearchIdps(ctx context.Context, request *management.IdpSearchRequest) (*management.IdpSearchResponse, error) {
searchRequest, err := idpConfigSearchRequestToModel(request)
if err != nil {
return nil, err
}
response, err := s.org.SearchIDPConfigs(ctx, searchRequest)
if err != nil {
return nil, err
}
return idpConfigSearchResponseFromModel(response), nil
}

347
internal/api/grpc/management/idp_config_converter.go
View File

@@ -1,347 +0,0 @@
package management
import (
"context"
"github.com/caos/zitadel/internal/user/model"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/domain"
caos_errors "github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/eventstore/v1/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/golang/protobuf/ptypes"
"google.golang.org/protobuf/types/known/timestamppb"
"strconv"
)
func createOidcIdpToDomain(idp *management.OidcIdpConfigCreate) *domain.IDPConfig {
return &domain.IDPConfig{
Name: idp.Name,
StylingType: idpConfigStylingTypeToDomain(idp.StylingType),
Type: domain.IDPConfigTypeOIDC,
OIDCConfig: &domain.OIDCIDPConfig{
ClientID: idp.ClientId,
ClientSecretString: idp.ClientSecret,
Issuer: idp.Issuer,
Scopes: idp.Scopes,
IDPDisplayNameMapping: oidcMappingFieldToDomain(idp.IdpDisplayNameMapping),
UsernameMapping: oidcMappingFieldToDomain(idp.UsernameMapping),
},
}
}
func updateIdpToDomain(ctx context.Context, idp *management.IdpUpdate) *domain.IDPConfig {
return &domain.IDPConfig{
ObjectRoot: models.ObjectRoot{
AggregateID: authz.GetCtxData(ctx).OrgID,
},
IDPConfigID: idp.Id,
Name: idp.Name,
StylingType: idpConfigStylingTypeToDomain(idp.StylingType),
}
}
func updateOidcIdpToDomain(ctx context.Context, idp *management.OidcIdpConfigUpdate) *domain.OIDCIDPConfig {
return &domain.OIDCIDPConfig{
ObjectRoot: models.ObjectRoot{
AggregateID: authz.GetCtxData(ctx).OrgID,
},
IDPConfigID: idp.IdpId,
ClientID: idp.ClientId,
ClientSecretString: idp.ClientSecret,
Issuer: idp.Issuer,
Scopes: idp.Scopes,
IDPDisplayNameMapping: oidcMappingFieldToDomain(idp.IdpDisplayNameMapping),
UsernameMapping: oidcMappingFieldToDomain(idp.UsernameMapping),
}
}
func idpFromDomain(idp *domain.IDPConfig) *management.Idp {
return &management.Idp{
Id: idp.IDPConfigID,
ChangeDate: timestamppb.New(idp.ChangeDate),
Sequence: idp.Sequence,
Name: idp.Name,
StylingType: idpConfigStylingTypeFromDomain(idp.StylingType),
State: idpConfigStateFromDomain(idp.State),
IdpConfig: idpConfigFromDomain(idp),
}
}
func idpViewFromModel(idp *iam_model.IDPConfigView) *management.IdpView {
creationDate, err := ptypes.TimestampProto(idp.CreationDate)
logging.Log("GRPC-8dju8").OnError(err).Debug("date parse failed")
changeDate, err := ptypes.TimestampProto(idp.ChangeDate)
logging.Log("GRPC-Dsj8i").OnError(err).Debug("date parse failed")
return &management.IdpView{
Id: idp.IDPConfigID,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: idp.Sequence,
ProviderType: idpProviderTypeFromModel(idp.IDPProviderType),
Name: idp.Name,
StylingType: idpConfigStylingTypeFromModel(idp.StylingType),
State: idpConfigStateFromModel(idp.State),
IdpConfigView: idpConfigViewFromModel(idp),
}
}
func idpConfigFromDomain(idp *domain.IDPConfig) *management.Idp_OidcConfig {
if idp.Type == domain.IDPConfigTypeOIDC {
return &management.Idp_OidcConfig{
OidcConfig: oidcIdpConfigFromDomain(idp.OIDCConfig),
}
}
return nil
}
func idpConfigFromModel(idp *iam_model.IDPConfig) *management.Idp_OidcConfig {
if idp.Type == iam_model.IDPConfigTypeOIDC {
return &management.Idp_OidcConfig{
OidcConfig: oidcIdpConfigFromModel(idp.OIDCConfig),
}
}
return nil
}
func oidcIdpConfigFromDomain(idp *domain.OIDCIDPConfig) *management.OidcIdpConfig {
return &management.OidcIdpConfig{
ClientId: idp.ClientID,
Issuer: idp.Issuer,
Scopes: idp.Scopes,
IdpDisplayNameMapping: oidcMappingFieldFromDomain(idp.IDPDisplayNameMapping),
UsernameMapping: oidcMappingFieldFromDomain(idp.UsernameMapping),
}
}
func oidcIdpConfigFromModel(idp *iam_model.OIDCIDPConfig) *management.OidcIdpConfig {
return &management.OidcIdpConfig{
ClientId: idp.ClientID,
Issuer: idp.Issuer,
Scopes: idp.Scopes,
IdpDisplayNameMapping: oidcMappingFieldFromModel(idp.IDPDisplayNameMapping),
UsernameMapping: oidcMappingFieldFromModel(idp.UsernameMapping),
}
}
func idpConfigViewFromModel(idp *iam_model.IDPConfigView) *management.IdpView_OidcConfig {
if idp.IsOIDC {
return &management.IdpView_OidcConfig{
OidcConfig: oidcIdpConfigViewFromModel(idp),
}
}
return nil
}
func oidcIdpConfigViewFromModel(idp *iam_model.IDPConfigView) *management.OidcIdpConfigView {
return &management.OidcIdpConfigView{
ClientId: idp.OIDCClientID,
Issuer: idp.OIDCIssuer,
Scopes: idp.OIDCScopes,
IdpDisplayNameMapping: oidcMappingFieldFromModel(idp.OIDCIDPDisplayNameMapping),
UsernameMapping: oidcMappingFieldFromModel(idp.OIDCUsernameMapping),
}
}
func idpConfigStateFromDomain(state domain.IDPConfigState) management.IdpState {
switch state {
case domain.IDPConfigStateActive:
return management.IdpState_IDPCONFIGSTATE_ACTIVE
case domain.IDPConfigStateInactive:
return management.IdpState_IDPCONFIGSTATE_INACTIVE
default:
return management.IdpState_IDPCONFIGSTATE_UNSPECIFIED
}
}
func idpConfigStateFromModel(state iam_model.IDPConfigState) management.IdpState {
switch state {
case iam_model.IDPConfigStateActive:
return management.IdpState_IDPCONFIGSTATE_ACTIVE
case iam_model.IDPConfigStateInactive:
return management.IdpState_IDPCONFIGSTATE_INACTIVE
default:
return management.IdpState_IDPCONFIGSTATE_UNSPECIFIED
}
}
func idpConfigSearchRequestToModel(request *management.IdpSearchRequest) (*iam_model.IDPConfigSearchRequest, error) {
convertedSearchRequest := &iam_model.IDPConfigSearchRequest{
Limit: request.Limit,
Offset: request.Offset,
}
convertedQueries, err := idpConfigSearchQueriesToModel(request.Queries)
if err != nil {
return nil, err
}
convertedSearchRequest.Queries = convertedQueries
return convertedSearchRequest, nil
}
func idpConfigSearchQueriesToModel(queries []*management.IdpSearchQuery) ([]*iam_model.IDPConfigSearchQuery, error) {
modelQueries := make([]*iam_model.IDPConfigSearchQuery, len(queries))
for i, query := range queries {
converted, err := idpConfigSearchQueryToModel(query)
if err != nil {
return nil, err
}
modelQueries[i] = converted
}
return modelQueries, nil
}
func idpConfigSearchQueryToModel(query *management.IdpSearchQuery) (*iam_model.IDPConfigSearchQuery, error) {
converted := &iam_model.IDPConfigSearchQuery{
Key: idpConfigSearchKeyToModel(query.Key),
Method: searchMethodToModel(query.Method),
Value: query.Value,
}
if query.Key != management.IdpSearchKey_IDPSEARCHKEY_PROVIDER_TYPE {
return converted, nil
}
value, err := idpProviderTypeStringToModel(query.Value)
if err != nil {
return nil, err
}
converted.Value = value
return converted, nil
}
func idpConfigSearchKeyToModel(key management.IdpSearchKey) iam_model.IDPConfigSearchKey {
switch key {
case management.IdpSearchKey_IDPSEARCHKEY_IDP_CONFIG_ID:
return iam_model.IDPConfigSearchKeyIdpConfigID
case management.IdpSearchKey_IDPSEARCHKEY_NAME:
return iam_model.IDPConfigSearchKeyName
case management.IdpSearchKey_IDPSEARCHKEY_PROVIDER_TYPE:
return iam_model.IDPConfigSearchKeyIdpProviderType
default:
return iam_model.IDPConfigSearchKeyUnspecified
}
}
func idpConfigSearchResponseFromModel(resp *iam_model.IDPConfigSearchResponse) *management.IdpSearchResponse {
timestamp, err := ptypes.TimestampProto(resp.Timestamp)
logging.Log("GRPC-KSi8c").OnError(err).Debug("date parse failed")
return &management.IdpSearchResponse{
Limit: resp.Limit,
Offset: resp.Offset,
TotalResult: resp.TotalResult,
Result: idpConfigsFromView(resp.Result),
ProcessedSequence: resp.Sequence,
ViewTimestamp: timestamp,
}
}
func idpConfigsFromView(viewIdps []*iam_model.IDPConfigView) []*management.IdpView {
idps := make([]*management.IdpView, len(viewIdps))
for i, idp := range viewIdps {
idps[i] = idpViewFromModel(idp)
}
return idps
}
func oidcMappingFieldFromDomain(field domain.OIDCMappingField) management.OIDCMappingField {
switch field {
case domain.OIDCMappingFieldPreferredLoginName:
return management.OIDCMappingField_OIDCMAPPINGFIELD_PREFERRED_USERNAME
case domain.OIDCMappingFieldEmail:
return management.OIDCMappingField_OIDCMAPPINGFIELD_EMAIL
default:
return management.OIDCMappingField_OIDCMAPPINGFIELD_UNSPECIFIED
}
}
func oidcMappingFieldFromModel(field iam_model.OIDCMappingField) management.OIDCMappingField {
switch field {
case iam_model.OIDCMappingFieldPreferredLoginName:
return management.OIDCMappingField_OIDCMAPPINGFIELD_PREFERRED_USERNAME
case iam_model.OIDCMappingFieldEmail:
return management.OIDCMappingField_OIDCMAPPINGFIELD_EMAIL
default:
return management.OIDCMappingField_OIDCMAPPINGFIELD_UNSPECIFIED
}
}
func oidcMappingFieldToDomain(field management.OIDCMappingField) domain.OIDCMappingField {
switch field {
case management.OIDCMappingField_OIDCMAPPINGFIELD_PREFERRED_USERNAME:
return domain.OIDCMappingFieldPreferredLoginName
case management.OIDCMappingField_OIDCMAPPINGFIELD_EMAIL:
return domain.OIDCMappingFieldEmail
default:
return domain.OIDCMappingFieldUnspecified
}
}
func oidcMappingFieldToModel(field management.OIDCMappingField) iam_model.OIDCMappingField {
switch field {
case management.OIDCMappingField_OIDCMAPPINGFIELD_PREFERRED_USERNAME:
return iam_model.OIDCMappingFieldPreferredLoginName
case management.OIDCMappingField_OIDCMAPPINGFIELD_EMAIL:
return iam_model.OIDCMappingFieldEmail
default:
return iam_model.OIDCMappingFieldUnspecified
}
}
func idpConfigStylingTypeFromDomain(stylingType domain.IDPConfigStylingType) management.IdpStylingType {
switch stylingType {
case domain.IDPConfigStylingTypeGoogle:
return management.IdpStylingType_IDPSTYLINGTYPE_GOOGLE
default:
return management.IdpStylingType_IDPSTYLINGTYPE_UNSPECIFIED
}
}
func idpConfigStylingTypeFromModel(stylingType iam_model.IDPStylingType) management.IdpStylingType {
switch stylingType {
case iam_model.IDPStylingTypeGoogle:
return management.IdpStylingType_IDPSTYLINGTYPE_GOOGLE
default:
return management.IdpStylingType_IDPSTYLINGTYPE_UNSPECIFIED
}
}
func idpConfigStylingTypeToDomain(stylingType management.IdpStylingType) domain.IDPConfigStylingType {
switch stylingType {
case management.IdpStylingType_IDPSTYLINGTYPE_GOOGLE:
return domain.IDPConfigStylingTypeGoogle
default:
return domain.IDPConfigStylingTypeUnspecified
}
}
func idpProviderTypeStringToModel(providerType string) (iam_model.IDPProviderType, error) {
i, _ := strconv.ParseInt(providerType, 10, 32)
switch management.IdpProviderType(i) {
case management.IdpProviderType_IDPPROVIDERTYPE_SYSTEM:
return iam_model.IDPProviderTypeSystem, nil
case management.IdpProviderType_IDPPROVIDERTYPE_ORG:
return iam_model.IDPProviderTypeOrg, nil
default:
return 0, caos_errors.ThrowPreconditionFailed(nil, "MGMT-6is9f", "Errors.Org.IDP.InvalidSearchQuery")
}
}
func externalIDPViewsToDomain(idps []*model.ExternalIDPView) []*domain.ExternalIDP {
externalIDPs := make([]*domain.ExternalIDP, len(idps))
for i, idp := range idps {
externalIDPs[i] = &domain.ExternalIDP{
ObjectRoot: models.ObjectRoot{
AggregateID: idp.UserID,
ResourceOwner: idp.ResourceOwner,
},
IDPConfigID: idp.IDPConfigID,
ExternalUserID: idp.ExternalUserID,
DisplayName: idp.UserDisplayName,
}
}
return externalIDPs
}

18
internal/api/grpc/management/information.go Normal file
View File

@@ -0,0 +1,18 @@
package management
import (
"context"
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) Healthz(context.Context, *mgmt_pb.HealthzRequest) (*mgmt_pb.HealthzResponse, error) {
return &mgmt_pb.HealthzResponse{}, nil
}
func (s *Server) GetOIDCInformation(ctx context.Context, req *mgmt_pb.GetOIDCInformationRequest) (*mgmt_pb.GetOIDCInformationResponse, error) {
return &mgmt_pb.GetOIDCInformationResponse{
Issuer: s.systemDefaults.ZitadelDocs.Issuer,
DiscoveryEndpoint: s.systemDefaults.ZitadelDocs.DiscoveryEndpoint,
}, nil
}

114
internal/api/grpc/management/login_policy.go
View File

@@ -1,114 +0,0 @@
package management
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) GetLoginPolicy(ctx context.Context, _ *empty.Empty) (*management.LoginPolicyView, error) {
result, err := s.org.GetLoginPolicy(ctx)
if err != nil {
return nil, err
}
return loginPolicyViewFromModel(result), nil
}
func (s *Server) GetDefaultLoginPolicy(ctx context.Context, _ *empty.Empty) (*management.LoginPolicyView, error) {
result, err := s.org.GetDefaultLoginPolicy(ctx)
if err != nil {
return nil, err
}
return loginPolicyViewFromModel(result), nil
}
func (s *Server) CreateLoginPolicy(ctx context.Context, policy *management.LoginPolicyRequest) (*management.LoginPolicy, error) {
result, err := s.command.AddLoginPolicy(ctx, authz.GetCtxData(ctx).OrgID, loginPolicyRequestToDomain(ctx, policy))
if err != nil {
return nil, err
}
return loginPolicyFromDomain(result), nil
}
func (s *Server) UpdateLoginPolicy(ctx context.Context, policy *management.LoginPolicyRequest) (*management.LoginPolicy, error) {
result, err := s.command.ChangeLoginPolicy(ctx, authz.GetCtxData(ctx).OrgID, loginPolicyRequestToDomain(ctx, policy))
if err != nil {
return nil, err
}
return loginPolicyFromDomain(result), nil
}
func (s *Server) RemoveLoginPolicy(ctx context.Context, _ *empty.Empty) (*empty.Empty, error) {
err := s.command.RemoveLoginPolicy(ctx, authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
}
func (s *Server) GetLoginPolicyIdpProviders(ctx context.Context, request *management.IdpProviderSearchRequest) (*management.IdpProviderSearchResponse, error) {
result, err := s.org.SearchIDPProviders(ctx, idpProviderSearchRequestToModel(request))
if err != nil {
return nil, err
}
return idpProviderSearchResponseFromModel(result), nil
}
func (s *Server) AddIdpProviderToLoginPolicy(ctx context.Context, provider *management.IdpProviderAdd) (*management.IdpProvider, error) {
result, err := s.command.AddIDPProviderToLoginPolicy(ctx, authz.GetCtxData(ctx).OrgID, idpProviderAddToDomain(ctx, provider))
if err != nil {
return nil, err
}
return idpProviderFromDomain(result), nil
}
func (s *Server) RemoveIdpProviderFromLoginPolicy(ctx context.Context, provider *management.IdpProviderID) (*empty.Empty, error) {
externalIDPs, err := s.user.ExternalIDPsByIDPConfigIDAndResourceOwner(ctx, provider.IdpConfigId, authz.GetCtxData(ctx).OrgID)
if err != nil {
return &empty.Empty{}, err
}
err = s.command.RemoveIDPProviderFromLoginPolicy(ctx, authz.GetCtxData(ctx).OrgID, idpProviderIDToDomain(ctx, provider), externalIDPViewsToDomain(externalIDPs)...)
return &empty.Empty{}, err
}
func (s *Server) GetLoginPolicySecondFactors(ctx context.Context, _ *empty.Empty) (*management.SecondFactorsResult, error) {
result, err := s.org.SearchSecondFactors(ctx)
if err != nil {
return nil, err
}
return secondFactorResultFromModel(result), nil
}
func (s *Server) AddSecondFactorToLoginPolicy(ctx context.Context, mfa *management.SecondFactor) (*management.SecondFactor, error) {
result, err := s.command.AddSecondFactorToLoginPolicy(ctx, secondFactorTypeToDomain(mfa), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return secondFactorFromDomain(result), nil
}
func (s *Server) RemoveSecondFactorFromLoginPolicy(ctx context.Context, mfa *management.SecondFactor) (*empty.Empty, error) {
err := s.command.RemoveSecondFactorFromLoginPolicy(ctx, secondFactorTypeToDomain(mfa), authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
}
func (s *Server) GetLoginPolicyMultiFactors(ctx context.Context, _ *empty.Empty) (*management.MultiFactorsResult, error) {
result, err := s.org.SearchMultiFactors(ctx)
if err != nil {
return nil, err
}
return multiFactorResultFromModel(result), nil
}
func (s *Server) AddMultiFactorToLoginPolicy(ctx context.Context, mfa *management.MultiFactor) (*management.MultiFactor, error) {
result, err := s.command.AddMultiFactorToLoginPolicy(ctx, multiFactorTypeToDomain(mfa), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return multiFactorFromDomain(result), nil
}
func (s *Server) RemoveMultiFactorFromLoginPolicy(ctx context.Context, mfa *management.MultiFactor) (*empty.Empty, error) {
err := s.command.RemoveMultiFactorFromLoginPolicy(ctx, multiFactorTypeToDomain(mfa), authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
}

292
internal/api/grpc/management/login_policy_converter.go
View File

@@ -1,292 +0,0 @@
package management
import (
"context"
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
"google.golang.org/protobuf/types/known/timestamppb"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/eventstore/v1/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/pkg/grpc/management"
)
func loginPolicyRequestToDomain(ctx context.Context, policy *management.LoginPolicyRequest) *domain.LoginPolicy {
return &domain.LoginPolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: authz.GetCtxData(ctx).OrgID,
},
AllowUsernamePassword: policy.AllowUsernamePassword,
AllowExternalIDP: policy.AllowExternalIdp,
AllowRegister: policy.AllowRegister,
ForceMFA: policy.ForceMfa,
PasswordlessType: passwordlessTypeToDomain(policy.PasswordlessType),
}
}
func loginPolicyFromDomain(policy *domain.LoginPolicy) *management.LoginPolicy {
return &management.LoginPolicy{
AllowUsernamePassword: policy.AllowUsernamePassword,
AllowExternalIdp: policy.AllowExternalIDP,
AllowRegister: policy.AllowRegister,
ChangeDate: timestamppb.New(policy.ChangeDate),
ForceMfa: policy.ForceMFA,
PasswordlessType: passwordlessTypeFromDomain(policy.PasswordlessType),
}
}
func loginPolicyViewFromModel(policy *iam_model.LoginPolicyView) *management.LoginPolicyView {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-5Tsm8").OnError(err).Debug("date parse failed")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-8dJgs").OnError(err).Debug("date parse failed")
return &management.LoginPolicyView{
Default: policy.Default,
AllowUsernamePassword: policy.AllowUsernamePassword,
AllowExternalIdp: policy.AllowExternalIDP,
AllowRegister: policy.AllowRegister,
CreationDate: creationDate,
ChangeDate: changeDate,
ForceMfa: policy.ForceMFA,
PasswordlessType: passwordlessTypeFromModel(policy.PasswordlessType),
}
}
func idpProviderSearchRequestToModel(request *management.IdpProviderSearchRequest) *iam_model.IDPProviderSearchRequest {
return &iam_model.IDPProviderSearchRequest{
Limit: request.Limit,
Offset: request.Offset,
}
}
func idpProviderSearchResponseFromModel(response *iam_model.IDPProviderSearchResponse) *management.IdpProviderSearchResponse {
return &management.IdpProviderSearchResponse{
Limit: response.Limit,
Offset: response.Offset,
TotalResult: response.TotalResult,
Result: idpProviderViewsFromModel(response.Result),
}
}
func idpProviderIDToDomain(ctx context.Context, provider *management.IdpProviderID) *domain.IDPProvider {
return &domain.IDPProvider{
ObjectRoot: models.ObjectRoot{
AggregateID: authz.GetCtxData(ctx).OrgID,
},
IDPConfigID: provider.IdpConfigId,
}
}
func idpProviderAddToDomain(ctx context.Context, provider *management.IdpProviderAdd) *domain.IDPProvider {
return &domain.IDPProvider{
ObjectRoot: models.ObjectRoot{
AggregateID: authz.GetCtxData(ctx).OrgID,
},
IDPConfigID: provider.IdpConfigId,
Type: idpProviderTypeToDomain(provider.IdpProviderType),
}
}
func idpProviderIDFromModel(provider *iam_model.IDPProvider) *management.IdpProviderID {
return &management.IdpProviderID{
IdpConfigId: provider.IDPConfigID,
}
}
func idpProviderFromDomain(provider *domain.IDPProvider) *management.IdpProvider {
return &management.IdpProvider{
IdpConfigId: provider.IDPConfigID,
IdpProvider_Type: idpProviderTypeFromDomain(provider.Type),
}
}
func idpProviderViewsFromModel(providers []*iam_model.IDPProviderView) []*management.IdpProviderView {
converted := make([]*management.IdpProviderView, len(providers))
for i, provider := range providers {
converted[i] = idpProviderViewFromModel(provider)
}
return converted
}
func idpProviderViewFromModel(provider *iam_model.IDPProviderView) *management.IdpProviderView {
return &management.IdpProviderView{
IdpConfigId: provider.IDPConfigID,
Name: provider.Name,
Type: idpProviderTypeFromModel(provider.IDPProviderType),
}
}
func idpConfigTypeToModel(providerType iam_model.IdpConfigType) management.IdpType {
switch providerType {
case iam_model.IDPConfigTypeOIDC:
return management.IdpType_IDPTYPE_OIDC
case iam_model.IDPConfigTypeSAML:
return management.IdpType_IDPTYPE_SAML
default:
return management.IdpType_IDPTYPE_UNSPECIFIED
}
}
func idpProviderTypeToDomain(providerType management.IdpProviderType) domain.IdentityProviderType {
switch providerType {
case management.IdpProviderType_IDPPROVIDERTYPE_SYSTEM:
return domain.IdentityProviderTypeSystem
case management.IdpProviderType_IDPPROVIDERTYPE_ORG:
return domain.IdentityProviderTypeOrg
default:
return domain.IdentityProviderTypeSystem
}
}
func idpProviderTypeFromDomain(providerType domain.IdentityProviderType) management.IdpProviderType {
switch providerType {
case domain.IdentityProviderTypeSystem:
return management.IdpProviderType_IDPPROVIDERTYPE_SYSTEM
case domain.IdentityProviderTypeOrg:
return management.IdpProviderType_IDPPROVIDERTYPE_ORG
default:
return management.IdpProviderType_IDPPROVIDERTYPE_UNSPECIFIED
}
}
func idpProviderTypeFromModel(providerType iam_model.IDPProviderType) management.IdpProviderType {
switch providerType {
case iam_model.IDPProviderTypeSystem:
return management.IdpProviderType_IDPPROVIDERTYPE_SYSTEM
case iam_model.IDPProviderTypeOrg:
return management.IdpProviderType_IDPPROVIDERTYPE_ORG
default:
return management.IdpProviderType_IDPPROVIDERTYPE_UNSPECIFIED
}
}
func secondFactorResultFromModel(result *iam_model.SecondFactorsSearchResponse) *management.SecondFactorsResult {
converted := make([]management.SecondFactorType, len(result.Result))
for i, mfaType := range result.Result {
converted[i] = secondFactorTypeFromModel(mfaType)
}
return &management.SecondFactorsResult{
SecondFactors: converted,
}
}
func secondFactorFromDomain(mfaType domain.SecondFactorType) *management.SecondFactor {
return &management.SecondFactor{
SecondFactor: secondFactorTypeFromDomain(mfaType),
}
}
func secondFactorFromModel(mfaType iam_model.SecondFactorType) *management.SecondFactor {
return &management.SecondFactor{
SecondFactor: secondFactorTypeFromModel(mfaType),
}
}
func secondFactorTypeFromDomain(mfaType domain.SecondFactorType) management.SecondFactorType {
switch mfaType {
case domain.SecondFactorTypeOTP:
return management.SecondFactorType_SECONDFACTORTYPE_OTP
case domain.SecondFactorTypeU2F:
return management.SecondFactorType_SECONDFACTORTYPE_U2F
default:
return management.SecondFactorType_SECONDFACTORTYPE_UNSPECIFIED
}
}
func secondFactorTypeFromModel(mfaType iam_model.SecondFactorType) management.SecondFactorType {
switch mfaType {
case iam_model.SecondFactorTypeOTP:
return management.SecondFactorType_SECONDFACTORTYPE_OTP
case iam_model.SecondFactorTypeU2F:
return management.SecondFactorType_SECONDFACTORTYPE_U2F
default:
return management.SecondFactorType_SECONDFACTORTYPE_UNSPECIFIED
}
}
func secondFactorTypeToDomain(mfaType *management.SecondFactor) domain.SecondFactorType {
switch mfaType.SecondFactor {
case management.SecondFactorType_SECONDFACTORTYPE_OTP:
return domain.SecondFactorTypeOTP
case management.SecondFactorType_SECONDFACTORTYPE_U2F:
return domain.SecondFactorTypeU2F
default:
return domain.SecondFactorTypeUnspecified
}
}
func multiFactorResultFromModel(result *iam_model.MultiFactorsSearchResponse) *management.MultiFactorsResult {
converted := make([]management.MultiFactorType, len(result.Result))
for i, mfaType := range result.Result {
converted[i] = multiFactorTypeFromModel(mfaType)
}
return &management.MultiFactorsResult{
MultiFactors: converted,
}
}
func multiFactorFromDomain(mfaType domain.MultiFactorType) *management.MultiFactor {
return &management.MultiFactor{
MultiFactor: multiFactorTypeFromDomain(mfaType),
}
}
func multiFactorTypeFromDomain(mfaType domain.MultiFactorType) management.MultiFactorType {
switch mfaType {
case domain.MultiFactorTypeU2FWithPIN:
return management.MultiFactorType_MULTIFACTORTYPE_U2F_WITH_PIN
default:
return management.MultiFactorType_MULTIFACTORTYPE_UNSPECIFIED
}
}
func multiFactorTypeFromModel(mfaType iam_model.MultiFactorType) management.MultiFactorType {
switch mfaType {
case iam_model.MultiFactorTypeU2FWithPIN:
return management.MultiFactorType_MULTIFACTORTYPE_U2F_WITH_PIN
default:
return management.MultiFactorType_MULTIFACTORTYPE_UNSPECIFIED
}
}
func multiFactorTypeToDomain(mfaType *management.MultiFactor) domain.MultiFactorType {
switch mfaType.MultiFactor {
case management.MultiFactorType_MULTIFACTORTYPE_U2F_WITH_PIN:
return domain.MultiFactorTypeU2FWithPIN
default:
return domain.MultiFactorTypeUnspecified
}
}
func passwordlessTypeFromModel(passwordlessType iam_model.PasswordlessType) management.PasswordlessType {
switch passwordlessType {
case iam_model.PasswordlessTypeAllowed:
return management.PasswordlessType_PASSWORDLESSTYPE_ALLOWED
default:
return management.PasswordlessType_PASSWORDLESSTYPE_NOT_ALLOWED
}
}
func passwordlessTypeFromDomain(passwordlessType domain.PasswordlessType) management.PasswordlessType {
switch passwordlessType {
case domain.PasswordlessTypeAllowed:
return management.PasswordlessType_PASSWORDLESSTYPE_ALLOWED
default:
return management.PasswordlessType_PASSWORDLESSTYPE_NOT_ALLOWED
}
}
func passwordlessTypeToDomain(passwordlessType management.PasswordlessType) domain.PasswordlessType {
switch passwordlessType {
case management.PasswordlessType_PASSWORDLESSTYPE_ALLOWED:
return domain.PasswordlessTypeAllowed
default:
return domain.PasswordlessTypeNotAllowed
}
}

46
internal/api/grpc/management/mail_template.go
View File

@@ -1,46 +0,0 @@
package management
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/golang/protobuf/ptypes/empty"
)
func (s *Server) GetMailTemplate(ctx context.Context, _ *empty.Empty) (*management.MailTemplateView, error) {
result, err := s.org.GetMailTemplate(ctx)
if err != nil {
return nil, err
}
return mailTemplateViewFromModel(result), nil
}
func (s *Server) GetDefaultMailTemplate(ctx context.Context, _ *empty.Empty) (*management.MailTemplateView, error) {
result, err := s.org.GetDefaultMailTemplate(ctx)
if err != nil {
return nil, err
}
return mailTemplateViewFromModel(result), nil
}
func (s *Server) CreateMailTemplate(ctx context.Context, template *management.MailTemplateUpdate) (*management.MailTemplate, error) {
result, err := s.command.AddMailTemplate(ctx, authz.GetCtxData(ctx).OrgID, mailTemplateRequestToDomain(template))
if err != nil {
return nil, err
}
return mailTemplateFromDomain(result), nil
}
func (s *Server) UpdateMailTemplate(ctx context.Context, template *management.MailTemplateUpdate) (*management.MailTemplate, error) {
result, err := s.command.ChangeMailTemplate(ctx, authz.GetCtxData(ctx).OrgID, mailTemplateRequestToDomain(template))
if err != nil {
return nil, err
}
return mailTemplateFromDomain(result), nil
}
func (s *Server) RemoveMailTemplate(ctx context.Context, _ *empty.Empty) (*empty.Empty, error) {
err := s.command.RemoveMailTemplate(ctx, authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
}

31
internal/api/grpc/management/mail_template_converter.go
View File

@@ -1,31 +0,0 @@
package management
import (
"github.com/caos/zitadel/internal/domain"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/pkg/grpc/management"
"google.golang.org/protobuf/types/known/timestamppb"
)
func mailTemplateRequestToDomain(mailTemplate *management.MailTemplateUpdate) *domain.MailTemplate {
return &domain.MailTemplate{
Template: mailTemplate.Template,
}
}
func mailTemplateFromDomain(mailTemplate *domain.MailTemplate) *management.MailTemplate {
return &management.MailTemplate{
Template: mailTemplate.Template,
CreationDate: timestamppb.New(mailTemplate.CreationDate),
ChangeDate: timestamppb.New(mailTemplate.ChangeDate),
}
}
func mailTemplateViewFromModel(mailTemplate *iam_model.MailTemplateView) *management.MailTemplateView {
return &management.MailTemplateView{
Default: mailTemplate.Default,
Template: mailTemplate.Template,
CreationDate: timestamppb.New(mailTemplate.CreationDate),
ChangeDate: timestamppb.New(mailTemplate.ChangeDate),
}
}

46
internal/api/grpc/management/mail_text.go
View File

@@ -1,46 +0,0 @@
package management
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/golang/protobuf/ptypes/empty"
)
func (s *Server) GetMailTexts(ctx context.Context, _ *empty.Empty) (*management.MailTextsView, error) {
result, err := s.org.GetMailTexts(ctx)
if err != nil {
return nil, err
}
return mailTextsViewFromModel(result.Texts), nil
}
func (s *Server) GetDefaultMailTexts(ctx context.Context, _ *empty.Empty) (*management.MailTextsView, error) {
result, err := s.org.GetDefaultMailTexts(ctx)
if err != nil {
return nil, err
}
return mailTextsViewFromModel(result.Texts), nil
}
func (s *Server) CreateMailText(ctx context.Context, mailText *management.MailTextUpdate) (*management.MailText, error) {
result, err := s.command.AddMailText(ctx, authz.GetCtxData(ctx).OrgID, mailTextRequestToDomain(mailText))
if err != nil {
return nil, err
}
return mailTextFromDoamin(result), nil
}
func (s *Server) UpdateMailText(ctx context.Context, mailText *management.MailTextUpdate) (*management.MailText, error) {
result, err := s.command.ChangeMailText(ctx, authz.GetCtxData(ctx).OrgID, mailTextRequestToDomain(mailText))
if err != nil {
return nil, err
}
return mailTextFromDoamin(result), nil
}
func (s *Server) RemoveMailText(ctx context.Context, mailText *management.MailTextRemove) (*empty.Empty, error) {
err := s.command.RemoveMailText(ctx, authz.GetCtxData(ctx).OrgID, mailText.MailTextType, mailText.Language)
return &empty.Empty{}, err
}

71
internal/api/grpc/management/mail_text_converter.go
View File

@@ -1,71 +0,0 @@
package management
import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/domain"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/golang/protobuf/ptypes"
"google.golang.org/protobuf/types/known/timestamppb"
)
func mailTextRequestToDomain(mailText *management.MailTextUpdate) *domain.MailText {
return &domain.MailText{
MailTextType: mailText.MailTextType,
Language: mailText.Language,
Title: mailText.Title,
PreHeader: mailText.PreHeader,
Subject: mailText.Subject,
Greeting: mailText.Greeting,
Text: mailText.Text,
ButtonText: mailText.ButtonText,
}
}
func mailTextFromDoamin(mailText *domain.MailText) *management.MailText {
return &management.MailText{
MailTextType: mailText.MailTextType,
Language: mailText.Language,
Title: mailText.Title,
PreHeader: mailText.PreHeader,
Subject: mailText.Subject,
Greeting: mailText.Greeting,
Text: mailText.Text,
ButtonText: mailText.ButtonText,
CreationDate: timestamppb.New(mailText.CreationDate),
ChangeDate: timestamppb.New(mailText.ChangeDate),
}
}
func mailTextsViewFromModel(queries []*iam_model.MailTextView) *management.MailTextsView {
modelQueries := make([]*management.MailTextView, len(queries))
for i, query := range queries {
modelQueries[i] = mailTextViewFromModel(query)
}
return &management.MailTextsView{
Texts: modelQueries,
}
}
func mailTextViewFromModel(mailText *iam_model.MailTextView) *management.MailTextView {
creationDate, err := ptypes.TimestampProto(mailText.CreationDate)
logging.Log("MANAG-koQnB").OnError(err).Debug("date parse failed")
changeDate, err := ptypes.TimestampProto(mailText.ChangeDate)
logging.Log("MANAG-ToDhD").OnError(err).Debug("date parse failed")
return &management.MailTextView{
Default: mailText.Default,
MailTextType: mailText.MailTextType,
Language: mailText.Language,
Title: mailText.Title,
PreHeader: mailText.PreHeader,
Subject: mailText.Subject,
Greeting: mailText.Greeting,
Text: mailText.Text,
ButtonText: mailText.ButtonText,
CreationDate: creationDate,
ChangeDate: changeDate,
}
}

5
internal/api/grpc/management/oneof.go Normal file
View File

@@ -0,0 +1,5 @@
package management
//AppConfig is a type alias of the generated isApplication_AppConfig config
//to make it public
// type AppConfig = isApplication_AppConfig

280
internal/api/grpc/management/org.go
View File

@@ -3,100 +3,246 @@ package management
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/pkg/grpc/management"
change_grpc "github.com/caos/zitadel/internal/api/grpc/change"
member_grpc "github.com/caos/zitadel/internal/api/grpc/member"
"github.com/caos/zitadel/internal/api/grpc/object"
org_grpc "github.com/caos/zitadel/internal/api/grpc/org"
policy_grpc "github.com/caos/zitadel/internal/api/grpc/policy"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/eventstore/v1/models"
org_model "github.com/caos/zitadel/internal/org/model"
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) CreateOrg(ctx context.Context, request *management.OrgCreateRequest) (_ *management.Org, err error) {
ctxData := authz.GetCtxData(ctx)
org, err := s.command.AddOrg(ctx, request.Name, ctxData.UserID, ctxData.ResourceOwner)
if err != nil {
return nil, err
}
return orgFromDomain(org), err
}
func (s *Server) GetMyOrg(ctx context.Context, _ *empty.Empty) (*management.OrgView, error) {
func (s *Server) GetMyOrg(ctx context.Context, req *mgmt_pb.GetMyOrgRequest) (*mgmt_pb.GetMyOrgResponse, error) {
org, err := s.org.OrgByID(ctx, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return orgViewFromModel(org), nil
return &mgmt_pb.GetMyOrgResponse{Org: org_grpc.OrgViewToPb(org)}, nil
}
func (s *Server) GetOrgByDomainGlobal(ctx context.Context, in *management.Domain) (*management.OrgView, error) {
org, err := s.org.OrgByDomainGlobal(ctx, in.Domain)
func (s *Server) GetOrgByDomainGlobal(ctx context.Context, req *mgmt_pb.GetOrgByDomainGlobalRequest) (*mgmt_pb.GetOrgByDomainGlobalResponse, error) {
org, err := s.org.OrgByDomainGlobal(ctx, req.Domain)
if err != nil {
return nil, err
}
return orgViewFromModel(org), nil
return &mgmt_pb.GetOrgByDomainGlobalResponse{Org: org_grpc.OrgViewToPb(org)}, nil
}
func (s *Server) DeactivateMyOrg(ctx context.Context, _ *empty.Empty) (*empty.Empty, error) {
err := s.command.DeactivateOrg(ctx, authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
}
func (s *Server) ReactivateMyOrg(ctx context.Context, _ *empty.Empty) (*empty.Empty, error) {
err := s.command.ReactivateOrg(ctx, authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
}
func (s *Server) SearchMyOrgDomains(ctx context.Context, in *management.OrgDomainSearchRequest) (*management.OrgDomainSearchResponse, error) {
domains, err := s.org.SearchMyOrgDomains(ctx, orgDomainSearchRequestToModel(in))
func (s *Server) ListOrgChanges(ctx context.Context, req *mgmt_pb.ListOrgChangesRequest) (*mgmt_pb.ListOrgChangesResponse, error) {
response, err := s.org.OrgChanges(ctx, authz.GetCtxData(ctx).OrgID, req.Query.Offset, uint64(req.Query.Limit), req.Query.Asc)
if err != nil {
return nil, err
}
return orgDomainSearchResponseFromModel(domains), nil
}
func (s *Server) AddMyOrgDomain(ctx context.Context, in *management.AddOrgDomainRequest) (*management.OrgDomain, error) {
domain, err := s.command.AddOrgDomain(ctx, addOrgDomainToDomain(ctx, in))
if err != nil {
return nil, err
}
return orgDomainFromDomain(domain), nil
}
func (s *Server) GenerateMyOrgDomainValidation(ctx context.Context, in *management.OrgDomainValidationRequest) (*management.OrgDomainValidationResponse, error) {
token, url, err := s.command.GenerateOrgDomainValidation(ctx, orgDomainValidationToDomain(ctx, in))
if err != nil {
return nil, err
}
return &management.OrgDomainValidationResponse{
Token: token,
Url: url,
return &mgmt_pb.ListOrgChangesResponse{
Result: change_grpc.OrgChangesToPb(response.Changes),
}, nil
}
func (s *Server) ValidateMyOrgDomain(ctx context.Context, in *management.ValidateOrgDomainRequest) (*empty.Empty, error) {
err := s.command.ValidateOrgDomain(ctx, validateOrgDomainToDomain(ctx, in))
return &empty.Empty{}, err
}
func (s *Server) SetMyPrimaryOrgDomain(ctx context.Context, in *management.PrimaryOrgDomainRequest) (*empty.Empty, error) {
err := s.command.SetPrimaryOrgDomain(ctx, primaryOrgDomainToDomain(ctx, in))
return &empty.Empty{}, err
}
func (s *Server) RemoveMyOrgDomain(ctx context.Context, in *management.RemoveOrgDomainRequest) (*empty.Empty, error) {
err := s.command.RemoveOrgDomain(ctx, removeOrgDomainToDomain(ctx, in))
return &empty.Empty{}, err
}
func (s *Server) OrgChanges(ctx context.Context, changesRequest *management.ChangeRequest) (*management.Changes, error) {
response, err := s.org.OrgChanges(ctx, changesRequest.Id, changesRequest.SequenceOffset, changesRequest.Limit, changesRequest.Asc)
func (s *Server) AddOrg(ctx context.Context, req *mgmt_pb.AddOrgRequest) (*mgmt_pb.AddOrgResponse, error) {
ctxData := authz.GetCtxData(ctx)
org, err := s.command.AddOrg(ctx, req.Name, ctxData.UserID, ctxData.ResourceOwner)
if err != nil {
return nil, err
}
return orgChangesToResponse(response, changesRequest.GetSequenceOffset(), changesRequest.GetLimit()), nil
return &mgmt_pb.AddOrgResponse{
Id: org.AggregateID,
Details: object.ToDetailsPb(
org.Sequence,
org.ChangeDate,
org.ResourceOwner,
),
}, err
}
func (s *Server) GetMyOrgIamPolicy(ctx context.Context, _ *empty.Empty) (_ *management.OrgIamPolicyView, err error) {
func (s *Server) DeactivateOrg(ctx context.Context, req *mgmt_pb.DeactivateOrgRequest) (*mgmt_pb.DeactivateOrgResponse, error) {
objectDetails, err := s.command.DeactivateOrg(ctx, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.DeactivateOrgResponse{
Details: object.DomainToDetailsPb(objectDetails),
}, nil
}
func (s *Server) ReactivateOrg(ctx context.Context, req *mgmt_pb.ReactivateOrgRequest) (*mgmt_pb.ReactivateOrgResponse, error) {
objectDetails, err := s.command.ReactivateOrg(ctx, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.ReactivateOrgResponse{
Details: object.DomainToDetailsPb(objectDetails),
}, err
}
func (s *Server) GetOrgIAMPolicy(ctx context.Context, req *mgmt_pb.GetOrgIAMPolicyRequest) (*mgmt_pb.GetOrgIAMPolicyResponse, error) {
policy, err := s.org.GetMyOrgIamPolicy(ctx)
if err != nil {
return nil, err
}
return orgIamPolicyViewFromModel(policy), err
return &mgmt_pb.GetOrgIAMPolicyResponse{
Policy: policy_grpc.OrgIAMPolicyToPb(policy),
}, nil
}
func (s *Server) ListOrgDomains(ctx context.Context, req *mgmt_pb.ListOrgDomainsRequest) (*mgmt_pb.ListOrgDomainsResponse, error) {
queries, err := ListOrgDomainsRequestToModel(req)
if err != nil {
return nil, err
}
domains, err := s.org.SearchMyOrgDomains(ctx, queries)
if err != nil {
return nil, err
}
return &mgmt_pb.ListOrgDomainsResponse{
Result: org_grpc.DomainsToPb(domains.Result),
Details: object.ToListDetails(
domains.TotalResult,
domains.Sequence,
domains.Timestamp,
),
}, nil
}
func (s *Server) AddOrgDomain(ctx context.Context, req *mgmt_pb.AddOrgDomainRequest) (*mgmt_pb.AddOrgDomainResponse, error) {
domain, err := s.command.AddOrgDomain(ctx, AddOrgDomainRequestToDomain(ctx, req))
if err != nil {
return nil, err
}
return &mgmt_pb.AddOrgDomainResponse{
Details: object.ToDetailsPb(
domain.Sequence,
domain.ChangeDate,
domain.ResourceOwner,
),
}, nil
}
func (s *Server) RemoveOrgDomain(ctx context.Context, req *mgmt_pb.RemoveOrgDomainRequest) (*mgmt_pb.RemoveOrgDomainResponse, error) {
details, err := s.command.RemoveOrgDomain(ctx, RemoveOrgDomainRequestToDomain(ctx, req))
if err != nil {
return nil, err
}
return &mgmt_pb.RemoveOrgDomainResponse{
Details: object.DomainToDetailsPb(details),
}, err
}
func (s *Server) GenerateOrgDomainValidation(ctx context.Context, req *mgmt_pb.GenerateOrgDomainValidationRequest) (*mgmt_pb.GenerateOrgDomainValidationResponse, error) {
token, url, err := s.command.GenerateOrgDomainValidation(ctx, GenerateOrgDomainValidationRequestToDomain(ctx, req))
if err != nil {
return nil, err
}
return &mgmt_pb.GenerateOrgDomainValidationResponse{
Token: token,
Url: url,
//TODO: remove details from proto
}, nil
}
func GenerateOrgDomainValidationRequestToDomain(ctx context.Context, req *mgmt_pb.GenerateOrgDomainValidationRequest) *domain.OrgDomain {
return &domain.OrgDomain{
ObjectRoot: models.ObjectRoot{
AggregateID: authz.GetCtxData(ctx).OrgID,
},
Domain: req.Domain,
ValidationType: org_grpc.DomainValidationTypeToDomain(req.Type),
}
}
func (s *Server) ValidateOrgDomain(ctx context.Context, req *mgmt_pb.ValidateOrgDomainRequest) (*mgmt_pb.ValidateOrgDomainResponse, error) {
details, err := s.command.ValidateOrgDomain(ctx, ValidateOrgDomainRequestToDomain(ctx, req))
if err != nil {
return nil, err
}
return &mgmt_pb.ValidateOrgDomainResponse{
Details: object.DomainToDetailsPb(details),
}, nil
}
func (s *Server) SetPrimaryOrgDomain(ctx context.Context, req *mgmt_pb.SetPrimaryOrgDomainRequest) (*mgmt_pb.SetPrimaryOrgDomainResponse, error) {
details, err := s.command.SetPrimaryOrgDomain(ctx, SetPrimaryOrgDomainRequestToDomain(ctx, req))
if err != nil {
return nil, err
}
return &mgmt_pb.SetPrimaryOrgDomainResponse{
Details: object.DomainToDetailsPb(details),
}, nil
}
func (s *Server) ListOrgMemberRoles(ctx context.Context, req *mgmt_pb.ListOrgMemberRolesRequest) (*mgmt_pb.ListOrgMemberRolesResponse, error) {
roles := s.org.GetOrgMemberRoles()
return &mgmt_pb.ListOrgMemberRolesResponse{
Result: roles,
}, nil
}
func (s *Server) ListOrgMembers(ctx context.Context, req *mgmt_pb.ListOrgMembersRequest) (*mgmt_pb.ListOrgMembersResponse, error) {
queries, err := ListOrgMembersRequestToModel(req)
if err != nil {
return nil, err
}
members, err := s.org.SearchMyOrgMembers(ctx, queries)
if err != nil {
return nil, err
}
return &mgmt_pb.ListOrgMembersResponse{
Result: member_grpc.OrgMembersToPb(members.Result),
Details: object.ToListDetails(
members.TotalResult,
members.Sequence,
members.Timestamp,
),
}, nil
}
func ListOrgMembersRequestToModel(req *mgmt_pb.ListOrgMembersRequest) (*org_model.OrgMemberSearchRequest, error) {
queries := member_grpc.MemberQueriesToOrgMember(req.Queries)
return &org_model.OrgMemberSearchRequest{
Offset: req.Query.Offset,
Limit: uint64(req.Query.Limit),
Asc: req.Query.Asc,
//SortingColumn: //TODO: sorting
Queries: queries,
}, nil
}
func (s *Server) AddOrgMember(ctx context.Context, req *mgmt_pb.AddOrgMemberRequest) (*mgmt_pb.AddOrgMemberResponse, error) {
addedMember, err := s.command.AddOrgMember(ctx, AddOrgMemberRequestToDomain(ctx, req))
if err != nil {
return nil, err
}
return &mgmt_pb.AddOrgMemberResponse{
Details: object.ToDetailsPb(
addedMember.Sequence,
addedMember.ChangeDate,
addedMember.ResourceOwner,
),
}, nil
}
func (s *Server) UpdateOrgMember(ctx context.Context, req *mgmt_pb.UpdateOrgMemberRequest) (*mgmt_pb.UpdateOrgMemberResponse, error) {
changedMember, err := s.command.ChangeOrgMember(ctx, UpdateOrgMemberRequestToDomain(ctx, req))
if err != nil {
return nil, err
}
return &mgmt_pb.UpdateOrgMemberResponse{
Details: object.ToDetailsPb(
changedMember.Sequence,
changedMember.ChangeDate,
changedMember.ResourceOwner,
),
}, nil
}
func (s *Server) RemoveOrgMember(ctx context.Context, req *mgmt_pb.RemoveOrgMemberRequest) (*mgmt_pb.RemoveOrgMemberResponse, error) {
details, err := s.command.RemoveOrgMember(ctx, authz.GetCtxData(ctx).OrgID, req.UserId)
if err != nil {
return nil, err
}
return &mgmt_pb.RemoveOrgMemberResponse{
Details: object.DomainToDetailsPb(details),
}, nil
}

273
internal/api/grpc/management/org_converter.go
View File

@@ -2,258 +2,69 @@ package management
import (
"context"
"encoding/json"
"google.golang.org/protobuf/types/known/timestamppb"
"github.com/caos/zitadel/internal/api/authz"
org_grpc "github.com/caos/zitadel/internal/api/grpc/org"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/eventstore/v1/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
"google.golang.org/protobuf/encoding/protojson"
"google.golang.org/protobuf/types/known/structpb"
org_model "github.com/caos/zitadel/internal/org/model"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/caos/zitadel/pkg/grpc/message"
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
)
func orgFromDomain(org *domain.Org) *management.Org {
return &management.Org{
ChangeDate: timestamppb.New(org.ChangeDate),
Id: org.AggregateID,
Name: org.Name,
State: orgStateFromDomain(org.State),
func ListOrgDomainsRequestToModel(req *mgmt_pb.ListOrgDomainsRequest) (*org_model.OrgDomainSearchRequest, error) {
queries, err := org_grpc.DomainQueriesToModel(req.Queries)
if err != nil {
return nil, err
}
}
func orgViewFromModel(org *org_model.OrgView) *management.OrgView {
creationDate, err := ptypes.TimestampProto(org.CreationDate)
logging.Log("GRPC-GTHsZ").OnError(err).Debug("unable to get timestamp from time")
changeDate, err := ptypes.TimestampProto(org.ChangeDate)
logging.Log("GRPC-dVnoj").OnError(err).Debug("unable to get timestamp from time")
return &management.OrgView{
ChangeDate: changeDate,
CreationDate: creationDate,
Id: org.ID,
Name: org.Name,
State: orgStateFromModel(org.State),
}
}
func orgStateFromDomain(state domain.OrgState) management.OrgState {
switch state {
case domain.OrgStateActive:
return management.OrgState_ORGSTATE_ACTIVE
case domain.OrgStateInactive:
return management.OrgState_ORGSTATE_INACTIVE
default:
return management.OrgState_ORGSTATE_UNSPECIFIED
}
}
func orgStateFromModel(state org_model.OrgState) management.OrgState {
switch state {
case org_model.OrgStateActive:
return management.OrgState_ORGSTATE_ACTIVE
case org_model.OrgStateInactive:
return management.OrgState_ORGSTATE_INACTIVE
default:
return management.OrgState_ORGSTATE_UNSPECIFIED
}
}
func addOrgDomainToDomain(ctx context.Context, orgDomain *management.AddOrgDomainRequest) *domain.OrgDomain {
return &domain.OrgDomain{
ObjectRoot: models.ObjectRoot{
AggregateID: authz.GetCtxData(ctx).OrgID,
},
Domain: orgDomain.Domain,
}
}
func orgDomainValidationToDomain(ctx context.Context, orgDomain *management.OrgDomainValidationRequest) *domain.OrgDomain {
return &domain.OrgDomain{
ObjectRoot: models.ObjectRoot{
AggregateID: authz.GetCtxData(ctx).OrgID,
},
Domain: orgDomain.Domain,
ValidationType: orgDomainValidationTypeToDomain(orgDomain.Type),
}
}
func validateOrgDomainToDomain(ctx context.Context, orgDomain *management.ValidateOrgDomainRequest) *domain.OrgDomain {
return &domain.OrgDomain{
ObjectRoot: models.ObjectRoot{
AggregateID: authz.GetCtxData(ctx).OrgID,
},
Domain: orgDomain.Domain,
}
}
func orgDomainValidationTypeToDomain(validationType management.OrgDomainValidationType) domain.OrgDomainValidationType {
switch validationType {
case management.OrgDomainValidationType_ORGDOMAINVALIDATIONTYPE_HTTP:
return domain.OrgDomainValidationTypeHTTP
case management.OrgDomainValidationType_ORGDOMAINVALIDATIONTYPE_DNS:
return domain.OrgDomainValidationTypeDNS
default:
return domain.OrgDomainValidationTypeUnspecified
}
}
func orgDomainValidationTypeFromModel(key org_model.OrgDomainValidationType) management.OrgDomainValidationType {
switch key {
case org_model.OrgDomainValidationTypeHTTP:
return management.OrgDomainValidationType_ORGDOMAINVALIDATIONTYPE_HTTP
case org_model.OrgDomainValidationTypeDNS:
return management.OrgDomainValidationType_ORGDOMAINVALIDATIONTYPE_DNS
default:
return management.OrgDomainValidationType_ORGDOMAINVALIDATIONTYPE_UNSPECIFIED
}
}
func primaryOrgDomainToDomain(ctx context.Context, ordDomain *management.PrimaryOrgDomainRequest) *domain.OrgDomain {
return &domain.OrgDomain{
ObjectRoot: models.ObjectRoot{
AggregateID: authz.GetCtxData(ctx).OrgID,
},
Domain: ordDomain.Domain,
}
}
func removeOrgDomainToDomain(ctx context.Context, ordDomain *management.RemoveOrgDomainRequest) *domain.OrgDomain {
return &domain.OrgDomain{
ObjectRoot: models.ObjectRoot{
AggregateID: authz.GetCtxData(ctx).OrgID,
},
Domain: ordDomain.Domain,
}
}
func orgDomainFromDomain(orgDomain *domain.OrgDomain) *management.OrgDomain {
return &management.OrgDomain{
ChangeDate: timestamppb.New(orgDomain.ChangeDate),
OrgId: orgDomain.AggregateID,
Domain: orgDomain.Domain,
Verified: orgDomain.Verified,
Primary: orgDomain.Primary,
}
}
func orgDomainViewFromModel(domain *org_model.OrgDomainView) *management.OrgDomainView {
creationDate, err := ptypes.TimestampProto(domain.CreationDate)
logging.Log("GRPC-7sjDs").OnError(err).Debug("unable to get timestamp from time")
changeDate, err := ptypes.TimestampProto(domain.ChangeDate)
logging.Log("GRPC-8iSji").OnError(err).Debug("unable to get timestamp from time")
return &management.OrgDomainView{
ChangeDate: changeDate,
CreationDate: creationDate,
OrgId: domain.OrgID,
Domain: domain.Domain,
Verified: domain.Verified,
Primary: domain.Primary,
ValidationType: orgDomainValidationTypeFromModel(domain.ValidationType),
}
}
func orgDomainSearchRequestToModel(request *management.OrgDomainSearchRequest) *org_model.OrgDomainSearchRequest {
return &org_model.OrgDomainSearchRequest{
Limit: request.Limit,
Offset: request.Offset,
Queries: orgDomainSearchQueriesToModel(request.Queries),
Offset: req.Query.Offset,
Limit: uint64(req.Query.Limit),
Asc: req.Query.Asc,
//SortingColumn: //TODO: sorting
Queries: queries,
}, nil
}
func AddOrgDomainRequestToDomain(ctx context.Context, req *mgmt_pb.AddOrgDomainRequest) *domain.OrgDomain {
return &domain.OrgDomain{
ObjectRoot: models.ObjectRoot{
AggregateID: authz.GetCtxData(ctx).OrgID,
},
Domain: req.Domain,
}
}
func orgDomainSearchQueriesToModel(queries []*management.OrgDomainSearchQuery) []*org_model.OrgDomainSearchQuery {
modelQueries := make([]*org_model.OrgDomainSearchQuery, len(queries))
for i, query := range queries {
modelQueries[i] = orgDomainSearchQueryToModel(query)
}
return modelQueries
}
func orgDomainSearchQueryToModel(query *management.OrgDomainSearchQuery) *org_model.OrgDomainSearchQuery {
return &org_model.OrgDomainSearchQuery{
Key: orgDomainSearchKeyToModel(query.Key),
Method: searchMethodToModel(query.Method),
Value: query.Value,
func RemoveOrgDomainRequestToDomain(ctx context.Context, req *mgmt_pb.RemoveOrgDomainRequest) *domain.OrgDomain {
return &domain.OrgDomain{
ObjectRoot: models.ObjectRoot{
AggregateID: authz.GetCtxData(ctx).OrgID,
},
Domain: req.Domain,
}
}
func orgDomainSearchKeyToModel(key management.OrgDomainSearchKey) org_model.OrgDomainSearchKey {
switch key {
case management.OrgDomainSearchKey_ORGDOMAINSEARCHKEY_DOMAIN:
return org_model.OrgDomainSearchKeyDomain
default:
return org_model.OrgDomainSearchKeyUnspecified
func ValidateOrgDomainRequestToDomain(ctx context.Context, req *mgmt_pb.ValidateOrgDomainRequest) *domain.OrgDomain {
return &domain.OrgDomain{
ObjectRoot: models.ObjectRoot{
AggregateID: authz.GetCtxData(ctx).OrgID,
},
Domain: req.Domain,
}
}
func orgDomainSearchResponseFromModel(resp *org_model.OrgDomainSearchResponse) *management.OrgDomainSearchResponse {
timestamp, err := ptypes.TimestampProto(resp.Timestamp)
logging.Log("GRPC-Mxi9w").OnError(err).Debug("unable to get timestamp from time")
return &management.OrgDomainSearchResponse{
Limit: resp.Limit,
Offset: resp.Offset,
TotalResult: resp.TotalResult,
Result: orgDomainsFromModel(resp.Result),
ProcessedSequence: resp.Sequence,
ViewTimestamp: timestamp,
}
}
func orgDomainsFromModel(viewDomains []*org_model.OrgDomainView) []*management.OrgDomainView {
domains := make([]*management.OrgDomainView, len(viewDomains))
for i, domain := range viewDomains {
domains[i] = orgDomainViewFromModel(domain)
}
return domains
}
func orgChangesToResponse(response *org_model.OrgChanges, offset uint64, limit uint64) (_ *management.Changes) {
return &management.Changes{
Limit: limit,
Offset: offset,
Changes: orgChangesToMgtAPI(response),
func SetPrimaryOrgDomainRequestToDomain(ctx context.Context, req *mgmt_pb.SetPrimaryOrgDomainRequest) *domain.OrgDomain {
return &domain.OrgDomain{
ObjectRoot: models.ObjectRoot{
AggregateID: authz.GetCtxData(ctx).OrgID,
},
Domain: req.Domain,
}
}
func orgChangesToMgtAPI(changes *org_model.OrgChanges) (_ []*management.Change) {
result := make([]*management.Change, len(changes.Changes))
for i, change := range changes.Changes {
b, err := json.Marshal(change.Data)
data := &structpb.Struct{}
err = protojson.Unmarshal(b, data)
if err != nil {
}
result[i] = &management.Change{
ChangeDate: change.ChangeDate,
EventType: message.NewLocalizedEventType(change.EventType),
Sequence: change.Sequence,
Data: data,
Editor: change.ModifierName,
EditorId: change.ModifierId,
}
}
return result
func AddOrgMemberRequestToDomain(ctx context.Context, req *mgmt_pb.AddOrgMemberRequest) *domain.Member {
return domain.NewMember(authz.GetCtxData(ctx).OrgID, req.UserId, req.Roles...)
}
func orgIamPolicyViewFromModel(policy *iam_model.OrgIAMPolicyView) *management.OrgIamPolicyView {
return &management.OrgIamPolicyView{
UserLoginMustBeDomain: policy.UserLoginMustBeDomain,
Default: policy.Default,
}
func UpdateOrgMemberRequestToDomain(ctx context.Context, req *mgmt_pb.UpdateOrgMemberRequest) *domain.Member {
return domain.NewMember(authz.GetCtxData(ctx).OrgID, req.UserId, req.Roles...)
}

44
internal/api/grpc/management/org_member.go
View File

@@ -1,44 +0,0 @@
package management
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) GetOrgMemberRoles(ctx context.Context, _ *empty.Empty) (*management.OrgMemberRoles, error) {
return &management.OrgMemberRoles{Roles: s.org.GetOrgMemberRoles()}, nil
}
func (s *Server) SearchMyOrgMembers(ctx context.Context, in *management.OrgMemberSearchRequest) (*management.OrgMemberSearchResponse, error) {
members, err := s.org.SearchMyOrgMembers(ctx, orgMemberSearchRequestToModel(in))
if err != nil {
return nil, err
}
return orgMemberSearchResponseFromModel(members), nil
}
func (s *Server) AddMyOrgMember(ctx context.Context, member *management.AddOrgMemberRequest) (*management.OrgMember, error) {
addedMember, err := s.command.AddOrgMember(ctx, addOrgMemberToDomain(ctx, member))
if err != nil {
return nil, err
}
return orgMemberFromDomain(addedMember), nil
}
func (s *Server) ChangeMyOrgMember(ctx context.Context, member *management.ChangeOrgMemberRequest) (*management.OrgMember, error) {
changedMember, err := s.command.ChangeOrgMember(ctx, changeOrgMemberToModel(ctx, member))
if err != nil {
return nil, err
}
return orgMemberFromDomain(changedMember), nil
}
func (s *Server) RemoveMyOrgMember(ctx context.Context, member *management.RemoveOrgMemberRequest) (*empty.Empty, error) {
err := s.command.RemoveOrgMember(ctx, authz.GetCtxData(ctx).OrgID, member.UserId)
return &empty.Empty{}, err
}

133
internal/api/grpc/management/org_member_converter.go
View File

@@ -1,133 +0,0 @@
package management
import (
"context"
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
"google.golang.org/protobuf/types/known/timestamppb"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/domain"
org_model "github.com/caos/zitadel/internal/org/model"
"github.com/caos/zitadel/pkg/grpc/management"
)
func addOrgMemberToDomain(ctx context.Context, member *management.AddOrgMemberRequest) *domain.Member {
return domain.NewMember(authz.GetCtxData(ctx).OrgID, member.UserId, member.Roles...)
}
func changeOrgMemberToModel(ctx context.Context, member *management.ChangeOrgMemberRequest) *domain.Member {
return domain.NewMember(authz.GetCtxData(ctx).OrgID, member.UserId, member.Roles...)
}
func orgMemberFromDomain(member *domain.Member) *management.OrgMember {
return &management.OrgMember{
UserId: member.UserID,
ChangeDate: timestamppb.New(member.ChangeDate),
Roles: member.Roles,
Sequence: member.Sequence,
}
}
func orgMemberSearchRequestToModel(request *management.OrgMemberSearchRequest) *org_model.OrgMemberSearchRequest {
return &org_model.OrgMemberSearchRequest{
Limit: request.Limit,
Offset: request.Offset,
Queries: orgMemberSearchQueriesToModel(request.Queries),
}
}
func orgMemberSearchQueriesToModel(queries []*management.OrgMemberSearchQuery) []*org_model.OrgMemberSearchQuery {
modelQueries := make([]*org_model.OrgMemberSearchQuery, len(queries)+1)
for i, query := range queries {
modelQueries[i] = orgMemberSearchQueryToModel(query)
}
return modelQueries
}
func orgMemberSearchQueryToModel(query *management.OrgMemberSearchQuery) *org_model.OrgMemberSearchQuery {
return &org_model.OrgMemberSearchQuery{
Key: orgMemberSearchKeyToModel(query.Key),
Method: orgMemberSearchMethodToModel(query.Method),
Value: query.Value,
}
}
func orgMemberSearchKeyToModel(key management.OrgMemberSearchKey) org_model.OrgMemberSearchKey {
switch key {
case management.OrgMemberSearchKey_ORGMEMBERSEARCHKEY_EMAIL:
return org_model.OrgMemberSearchKeyEmail
case management.OrgMemberSearchKey_ORGMEMBERSEARCHKEY_FIRST_NAME:
return org_model.OrgMemberSearchKeyFirstName
case management.OrgMemberSearchKey_ORGMEMBERSEARCHKEY_LAST_NAME:
return org_model.OrgMemberSearchKeyLastName
case management.OrgMemberSearchKey_ORGMEMBERSEARCHKEY_USER_ID:
return org_model.OrgMemberSearchKeyUserID
default:
return org_model.OrgMemberSearchKeyUnspecified
}
}
func orgMemberSearchMethodToModel(key management.SearchMethod) domain.SearchMethod {
switch key {
case management.SearchMethod_SEARCHMETHOD_CONTAINS:
return domain.SearchMethodContains
case management.SearchMethod_SEARCHMETHOD_CONTAINS_IGNORE_CASE:
return domain.SearchMethodContainsIgnoreCase
case management.SearchMethod_SEARCHMETHOD_EQUALS:
return domain.SearchMethodEquals
case management.SearchMethod_SEARCHMETHOD_EQUALS_IGNORE_CASE:
return domain.SearchMethodEqualsIgnoreCase
case management.SearchMethod_SEARCHMETHOD_STARTS_WITH:
return domain.SearchMethodStartsWith
case management.SearchMethod_SEARCHMETHOD_STARTS_WITH_IGNORE_CASE:
return domain.SearchMethodStartsWithIgnoreCase
default:
return -1
}
}
func orgMemberSearchResponseFromModel(resp *org_model.OrgMemberSearchResponse) *management.OrgMemberSearchResponse {
timestamp, err := ptypes.TimestampProto(resp.Timestamp)
logging.Log("GRPC-Swmr6").OnError(err).Debug("date parse failed")
return &management.OrgMemberSearchResponse{
Limit: resp.Limit,
Offset: resp.Offset,
TotalResult: resp.TotalResult,
Result: orgMembersFromView(resp.Result),
ProcessedSequence: resp.Sequence,
ViewTimestamp: timestamp,
}
}
func orgMembersFromView(viewMembers []*org_model.OrgMemberView) []*management.OrgMemberView {
members := make([]*management.OrgMemberView, len(viewMembers))
for i, member := range viewMembers {
members[i] = orgMemberFromView(member)
}
return members
}
func orgMemberFromView(member *org_model.OrgMemberView) *management.OrgMemberView {
changeDate, err := ptypes.TimestampProto(member.ChangeDate)
logging.Log("GRPC-S9LAZ").OnError(err).Debug("unable to parse changedate")
creationDate, err := ptypes.TimestampProto(member.CreationDate)
logging.Log("GRPC-oJN56").OnError(err).Debug("unable to parse creation date")
return &management.OrgMemberView{
ChangeDate: changeDate,
CreationDate: creationDate,
Roles: member.Roles,
Sequence: member.Sequence,
UserId: member.UserID,
UserName: member.UserName,
Email: member.Email,
FirstName: member.FirstName,
LastName: member.LastName,
DisplayName: member.DisplayName,
}
}

45
internal/api/grpc/management/password_age_policy.go
View File

@@ -1,45 +0,0 @@
package management
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/golang/protobuf/ptypes/empty"
)
func (s *Server) GetPasswordAgePolicy(ctx context.Context, _ *empty.Empty) (*management.PasswordAgePolicyView, error) {
result, err := s.org.GetPasswordAgePolicy(ctx)
if err != nil {
return nil, err
}
return passwordAgePolicyViewFromModel(result), nil
}
func (s *Server) GetDefaultPasswordAgePolicy(ctx context.Context, _ *empty.Empty) (*management.PasswordAgePolicyView, error) {
result, err := s.org.GetDefaultPasswordAgePolicy(ctx)
if err != nil {
return nil, err
}
return passwordAgePolicyViewFromModel(result), nil
}
func (s *Server) CreatePasswordAgePolicy(ctx context.Context, policy *management.PasswordAgePolicyRequest) (*management.PasswordAgePolicy, error) {
result, err := s.command.AddPasswordAgePolicy(ctx, authz.GetCtxData(ctx).OrgID, passwordAgePolicyRequestToDomain(ctx, policy))
if err != nil {
return nil, err
}
return passwordAgePolicyFromDomain(result), nil
}
func (s *Server) UpdatePasswordAgePolicy(ctx context.Context, policy *management.PasswordAgePolicyRequest) (*management.PasswordAgePolicy, error) {
result, err := s.command.ChangePasswordAgePolicy(ctx, authz.GetCtxData(ctx).OrgID, passwordAgePolicyRequestToDomain(ctx, policy))
if err != nil {
return nil, err
}
return passwordAgePolicyFromDomain(result), nil
}
func (s *Server) RemovePasswordAgePolicy(ctx context.Context, _ *empty.Empty) (*empty.Empty, error) {
err := s.command.RemovePasswordAgePolicy(ctx, authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
}

48
internal/api/grpc/management/password_age_policy_converter.go
View File

@@ -1,48 +0,0 @@
package management
import (
"context"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/eventstore/v1/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/golang/protobuf/ptypes"
"google.golang.org/protobuf/types/known/timestamppb"
)
func passwordAgePolicyRequestToDomain(ctx context.Context, policy *management.PasswordAgePolicyRequest) *domain.PasswordAgePolicy {
return &domain.PasswordAgePolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: authz.GetCtxData(ctx).OrgID,
},
MaxAgeDays: policy.MaxAgeDays,
ExpireWarnDays: policy.ExpireWarnDays,
}
}
func passwordAgePolicyFromDomain(policy *domain.PasswordAgePolicy) *management.PasswordAgePolicy {
return &management.PasswordAgePolicy{
MaxAgeDays: policy.MaxAgeDays,
ExpireWarnDays: policy.ExpireWarnDays,
ChangeDate: timestamppb.New(policy.ChangeDate),
}
}
func passwordAgePolicyViewFromModel(policy *iam_model.PasswordAgePolicyView) *management.PasswordAgePolicyView {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-4Bms9").OnError(err).Debug("date parse failed")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-6Hmlo").OnError(err).Debug("date parse failed")
return &management.PasswordAgePolicyView{
Default: policy.Default,
MaxAgeDays: policy.MaxAgeDays,
ExpireWarnDays: policy.ExpireWarnDays,
ChangeDate: changeDate,
CreationDate: creationDate,
}
}

45
internal/api/grpc/management/password_complexity_policy.go
View File

@@ -1,45 +0,0 @@
package management
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/golang/protobuf/ptypes/empty"
)
func (s *Server) GetPasswordComplexityPolicy(ctx context.Context, _ *empty.Empty) (*management.PasswordComplexityPolicyView, error) {
result, err := s.org.GetPasswordComplexityPolicy(ctx)
if err != nil {
return nil, err
}
return passwordComplexityPolicyViewFromModel(result), nil
}
func (s *Server) GetDefaultPasswordComplexityPolicy(ctx context.Context, _ *empty.Empty) (*management.PasswordComplexityPolicyView, error) {
result, err := s.org.GetDefaultPasswordComplexityPolicy(ctx)
if err != nil {
return nil, err
}
return passwordComplexityPolicyViewFromModel(result), nil
}
func (s *Server) CreatePasswordComplexityPolicy(ctx context.Context, policy *management.PasswordComplexityPolicyRequest) (*management.PasswordComplexityPolicy, error) {
result, err := s.command.AddPasswordComplexityPolicy(ctx, authz.GetCtxData(ctx).OrgID, passwordComplexityPolicyRequestToDomain(ctx, policy))
if err != nil {
return nil, err
}
return passwordComplexityPolicyFromDomain(result), nil
}
func (s *Server) UpdatePasswordComplexityPolicy(ctx context.Context, policy *management.PasswordComplexityPolicyRequest) (*management.PasswordComplexityPolicy, error) {
result, err := s.command.ChangePasswordComplexityPolicy(ctx, authz.GetCtxData(ctx).OrgID, passwordComplexityPolicyRequestToDomain(ctx, policy))
if err != nil {
return nil, err
}
return passwordComplexityPolicyFromDomain(result), nil
}
func (s *Server) RemovePasswordComplexityPolicy(ctx context.Context, _ *empty.Empty) (*empty.Empty, error) {
err := s.command.RemovePasswordComplexityPolicy(ctx, authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
}

57
internal/api/grpc/management/password_complexity_policy_converter.go
View File

@@ -1,57 +0,0 @@
package management
import (
"context"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/eventstore/v1/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/golang/protobuf/ptypes"
"google.golang.org/protobuf/types/known/timestamppb"
)
func passwordComplexityPolicyRequestToDomain(ctx context.Context, policy *management.PasswordComplexityPolicyRequest) *domain.PasswordComplexityPolicy {
return &domain.PasswordComplexityPolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: authz.GetCtxData(ctx).OrgID,
},
MinLength: policy.MinLength,
HasLowercase: policy.HasLowercase,
HasUppercase: policy.HasUppercase,
HasSymbol: policy.HasSymbol,
HasNumber: policy.HasNumber,
}
}
func passwordComplexityPolicyFromDomain(policy *domain.PasswordComplexityPolicy) *management.PasswordComplexityPolicy {
return &management.PasswordComplexityPolicy{
MinLength: policy.MinLength,
HasLowercase: policy.HasLowercase,
HasUppercase: policy.HasUppercase,
HasSymbol: policy.HasSymbol,
HasNumber: policy.HasNumber,
ChangeDate: timestamppb.New(policy.ChangeDate),
}
}
func passwordComplexityPolicyViewFromModel(policy *iam_model.PasswordComplexityPolicyView) *management.PasswordComplexityPolicyView {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-wmi8f").OnError(err).Debug("date parse failed")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-dmOp0").OnError(err).Debug("date parse failed")
return &management.PasswordComplexityPolicyView{
Default: policy.Default,
MinLength: policy.MinLength,
HasLowercase: policy.HasLowercase,
HasUppercase: policy.HasUppercase,
HasSymbol: policy.HasSymbol,
HasNumber: policy.HasNumber,
CreationDate: changeDate,
ChangeDate: creationDate,
}
}

45
internal/api/grpc/management/password_lockout_policy.go
View File

@@ -1,45 +0,0 @@
package management
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/golang/protobuf/ptypes/empty"
)
func (s *Server) GetPasswordLockoutPolicy(ctx context.Context, _ *empty.Empty) (*management.PasswordLockoutPolicyView, error) {
result, err := s.org.GetPasswordLockoutPolicy(ctx)
if err != nil {
return nil, err
}
return passwordLockoutPolicyViewFromModel(result), nil
}
func (s *Server) GetDefaultPasswordLockoutPolicy(ctx context.Context, _ *empty.Empty) (*management.PasswordLockoutPolicyView, error) {
result, err := s.org.GetDefaultPasswordLockoutPolicy(ctx)
if err != nil {
return nil, err
}
return passwordLockoutPolicyViewFromModel(result), nil
}
func (s *Server) CreatePasswordLockoutPolicy(ctx context.Context, policy *management.PasswordLockoutPolicyRequest) (*management.PasswordLockoutPolicy, error) {
result, err := s.command.AddPasswordLockoutPolicy(ctx, authz.GetCtxData(ctx).OrgID, passwordLockoutPolicyRequestToDomain(ctx, policy))
if err != nil {
return nil, err
}
return passwordLockoutPolicyFromDomain(result), nil
}
func (s *Server) UpdatePasswordLockoutPolicy(ctx context.Context, policy *management.PasswordLockoutPolicyRequest) (*management.PasswordLockoutPolicy, error) {
result, err := s.command.ChangePasswordLockoutPolicy(ctx, authz.GetCtxData(ctx).OrgID, passwordLockoutPolicyRequestToDomain(ctx, policy))
if err != nil {
return nil, err
}
return passwordLockoutPolicyFromDomain(result), nil
}
func (s *Server) RemovePasswordLockoutPolicy(ctx context.Context, _ *empty.Empty) (*empty.Empty, error) {
err := s.command.RemovePasswordLockoutPolicy(ctx, authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
}

48
internal/api/grpc/management/password_lockout_policy_converter.go
View File

@@ -1,48 +0,0 @@
package management
import (
"context"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/eventstore/v1/models"
iam_model "github.com/caos/zitadel/internal/iam/model"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/golang/protobuf/ptypes"
"google.golang.org/protobuf/types/known/timestamppb"
)
func passwordLockoutPolicyRequestToDomain(ctx context.Context, policy *management.PasswordLockoutPolicyRequest) *domain.PasswordLockoutPolicy {
return &domain.PasswordLockoutPolicy{
ObjectRoot: models.ObjectRoot{
AggregateID: authz.GetCtxData(ctx).OrgID,
},
MaxAttempts: policy.MaxAttempts,
ShowLockOutFailures: policy.ShowLockoutFailure,
}
}
func passwordLockoutPolicyFromDomain(policy *domain.PasswordLockoutPolicy) *management.PasswordLockoutPolicy {
return &management.PasswordLockoutPolicy{
MaxAttempts: policy.MaxAttempts,
ShowLockoutFailure: policy.ShowLockOutFailures,
ChangeDate: timestamppb.New(policy.ChangeDate),
}
}
func passwordLockoutPolicyViewFromModel(policy *iam_model.PasswordLockoutPolicyView) *management.PasswordLockoutPolicyView {
creationDate, err := ptypes.TimestampProto(policy.CreationDate)
logging.Log("GRPC-4Bms9").OnError(err).Debug("date parse failed")
changeDate, err := ptypes.TimestampProto(policy.ChangeDate)
logging.Log("GRPC-6Hmlo").OnError(err).Debug("date parse failed")
return &management.PasswordLockoutPolicyView{
Default: policy.Default,
MaxAttempts: policy.MaxAttempts,
ShowLockoutFailure: policy.ShowLockOutFailures,
ChangeDate: changeDate,
CreationDate: creationDate,
}
}

171
internal/api/grpc/management/policy_login.go Normal file
View File

@@ -0,0 +1,171 @@
package management
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/api/grpc/idp"
"github.com/caos/zitadel/internal/api/grpc/object"
policy_grpc "github.com/caos/zitadel/internal/api/grpc/policy"
"github.com/caos/zitadel/internal/api/grpc/user"
"github.com/caos/zitadel/internal/domain"
"time"
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) GetLoginPolicy(ctx context.Context, req *mgmt_pb.GetLoginPolicyRequest) (*mgmt_pb.GetLoginPolicyResponse, error) {
policy, err := s.org.GetLoginPolicy(ctx)
if err != nil {
return nil, err
}
return &mgmt_pb.GetLoginPolicyResponse{Policy: policy_grpc.ModelLoginPolicyToPb(policy)}, nil
}
func (s *Server) GetDefaultLoginPolicy(ctx context.Context, req *mgmt_pb.GetDefaultLoginPolicyRequest) (*mgmt_pb.GetDefaultLoginPolicyResponse, error) {
policy, err := s.org.GetDefaultLoginPolicy(ctx)
if err != nil {
return nil, err
}
return &mgmt_pb.GetDefaultLoginPolicyResponse{Policy: policy_grpc.ModelLoginPolicyToPb(policy)}, nil
}
func (s *Server) AddCustomLoginPolicy(ctx context.Context, req *mgmt_pb.AddCustomLoginPolicyRequest) (*mgmt_pb.AddCustomLoginPolicyResponse, error) {
policy, err := s.command.AddLoginPolicy(ctx, authz.GetCtxData(ctx).OrgID, addLoginPolicyToDomain(req))
if err != nil {
return nil, err
}
return &mgmt_pb.AddCustomLoginPolicyResponse{
Details: object.ToDetailsPb(
policy.Sequence,
policy.ChangeDate,
policy.ResourceOwner,
),
}, nil
}
func (s *Server) UpdateCustomLoginPolicy(ctx context.Context, req *mgmt_pb.UpdateCustomLoginPolicyRequest) (*mgmt_pb.UpdateCustomLoginPolicyResponse, error) {
policy, err := s.command.ChangeLoginPolicy(ctx, authz.GetCtxData(ctx).OrgID, updateLoginPolicyToDomain(req))
if err != nil {
return nil, err
}
return &mgmt_pb.UpdateCustomLoginPolicyResponse{
Details: object.ToDetailsPb(
policy.Sequence,
policy.ChangeDate,
policy.ResourceOwner,
),
}, nil
}
func (s *Server) ResetLoginPolicyToDefault(ctx context.Context, req *mgmt_pb.ResetLoginPolicyToDefaultRequest) (*mgmt_pb.ResetLoginPolicyToDefaultResponse, error) {
objectDetails, err := s.command.RemoveLoginPolicy(ctx, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.ResetLoginPolicyToDefaultResponse{
Details: object.DomainToDetailsPb(objectDetails),
}, nil
}
func (s *Server) ListLoginPolicyIDPs(ctx context.Context, req *mgmt_pb.ListLoginPolicyIDPsRequest) (*mgmt_pb.ListLoginPolicyIDPsResponse, error) {
res, err := s.org.SearchIDPProviders(ctx, ListLoginPolicyIDPsRequestToModel(req))
if err != nil {
return nil, err
}
return &mgmt_pb.ListLoginPolicyIDPsResponse{
Result: idp.ExternalIDPViewsToLoginPolicyLinkPb(res.Result),
Details: object.ToListDetails(res.TotalResult, res.Sequence, res.Timestamp),
}, nil
}
func (s *Server) AddIDPToLoginPolicy(ctx context.Context, req *mgmt_pb.AddIDPToLoginPolicyRequest) (*mgmt_pb.AddIDPToLoginPolicyResponse, error) {
idp, err := s.command.AddIDPProviderToLoginPolicy(ctx, authz.GetCtxData(ctx).OrgID, &domain.IDPProvider{IDPConfigID: req.IdpId}) //TODO: old way was to also add type but this doesnt make sense in my point of view
if err != nil {
return nil, err
}
return &mgmt_pb.AddIDPToLoginPolicyResponse{
Details: object.ToDetailsPb(
idp.Sequence,
idp.ChangeDate,
idp.ResourceOwner,
),
}, nil
}
func (s *Server) RemoveIDPFromLoginPolicy(ctx context.Context, req *mgmt_pb.RemoveIDPFromLoginPolicyRequest) (*mgmt_pb.RemoveIDPFromLoginPolicyResponse, error) {
externalIDPs, err := s.user.ExternalIDPsByIDPConfigID(ctx, req.IdpId)
if err != nil {
return nil, err
}
objectDetails, err := s.command.RemoveIDPProviderFromLoginPolicy(ctx, authz.GetCtxData(ctx).OrgID, &domain.IDPProvider{IDPConfigID: req.IdpId}, user.ExternalIDPViewsToExternalIDPs(externalIDPs)...)
if err != nil {
return nil, err
}
return &mgmt_pb.RemoveIDPFromLoginPolicyResponse{
Details: object.DomainToDetailsPb(objectDetails),
}, nil
}
func (s *Server) ListLoginPolicySecondFactors(ctx context.Context, req *mgmt_pb.ListLoginPolicySecondFactorsRequest) (*mgmt_pb.ListLoginPolicySecondFactorsResponse, error) {
result, err := s.org.SearchSecondFactors(ctx)
if err != nil {
return nil, err
}
return &mgmt_pb.ListLoginPolicySecondFactorsResponse{
//TODO: missing values from res
Details: object.ToListDetails(result.TotalResult, 0, time.Time{}),
Result: policy_grpc.ModelSecondFactorTypesToPb(result.Result),
}, nil
}
func (s *Server) AddSecondFactorToLoginPolicy(ctx context.Context, req *mgmt_pb.AddSecondFactorToLoginPolicyRequest) (*mgmt_pb.AddSecondFactorToLoginPolicyResponse, error) {
_, objectDetails, err := s.command.AddSecondFactorToDefaultLoginPolicy(ctx, policy_grpc.SecondFactorTypeToDomain(req.Type))
if err != nil {
return nil, err
}
return &mgmt_pb.AddSecondFactorToLoginPolicyResponse{
Details: object.DomainToDetailsPb(objectDetails),
}, nil
}
func (s *Server) RemoveSecondFactorFromLoginPolicy(ctx context.Context, req *mgmt_pb.RemoveSecondFactorFromLoginPolicyRequest) (*mgmt_pb.RemoveSecondFactorFromLoginPolicyResponse, error) {
objectDetails, err := s.command.RemoveSecondFactorFromDefaultLoginPolicy(ctx, policy_grpc.SecondFactorTypeToDomain(req.Type))
if err != nil {
return nil, err
}
return &mgmt_pb.RemoveSecondFactorFromLoginPolicyResponse{
Details: object.DomainToDetailsPb(objectDetails),
}, nil
}
func (s *Server) ListLoginPolicyMultiFactors(ctx context.Context, req *mgmt_pb.ListLoginPolicyMultiFactorsRequest) (*mgmt_pb.ListLoginPolicyMultiFactorsResponse, error) {
res, err := s.org.SearchMultiFactors(ctx)
if err != nil {
return nil, err
}
return &mgmt_pb.ListLoginPolicyMultiFactorsResponse{
//TODO: additional values
Details: object.ToListDetails(res.TotalResult, 0, time.Time{}),
Result: policy_grpc.ModelMultiFactorTypesToPb(res.Result),
}, nil
}
func (s *Server) AddMultiFactorToLoginPolicy(ctx context.Context, req *mgmt_pb.AddMultiFactorToLoginPolicyRequest) (*mgmt_pb.AddMultiFactorToLoginPolicyResponse, error) {
_, objectDetails, err := s.command.AddMultiFactorToDefaultLoginPolicy(ctx, policy_grpc.MultiFactorTypeToDomain(req.Type))
if err != nil {
return nil, err
}
return &mgmt_pb.AddMultiFactorToLoginPolicyResponse{
Details: object.DomainToDetailsPb(objectDetails),
}, nil
}
func (s *Server) RemoveMultiFactorFromLoginPolicy(ctx context.Context, req *mgmt_pb.RemoveMultiFactorFromLoginPolicyRequest) (*mgmt_pb.RemoveMultiFactorFromLoginPolicyResponse, error) {
objectDetails, err := s.command.RemoveMultiFactorFromDefaultLoginPolicy(ctx, policy_grpc.MultiFactorTypeToDomain(req.Type))
if err != nil {
return nil, err
}
return &mgmt_pb.RemoveMultiFactorFromLoginPolicyResponse{
Details: object.DomainToDetailsPb(objectDetails),
}, nil
}

38
internal/api/grpc/management/policy_login_converter.go Normal file
View File

@@ -0,0 +1,38 @@
package management
import (
policy_grpc "github.com/caos/zitadel/internal/api/grpc/policy"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/iam/model"
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
)
func addLoginPolicyToDomain(p *mgmt_pb.AddCustomLoginPolicyRequest) *domain.LoginPolicy {
return &domain.LoginPolicy{
AllowUsernamePassword: p.AllowUsernamePassword,
AllowRegister: p.AllowRegister,
AllowExternalIDP: p.AllowExternalIdp,
ForceMFA: p.ForceMfa,
PasswordlessType: policy_grpc.PasswordlessTypeToDomain(p.PasswordlessType),
}
}
func updateLoginPolicyToDomain(p *mgmt_pb.UpdateCustomLoginPolicyRequest) *domain.LoginPolicy {
return &domain.LoginPolicy{
AllowUsernamePassword: p.AllowUsernamePassword,
AllowRegister: p.AllowRegister,
AllowExternalIDP: p.AllowExternalIdp,
ForceMFA: p.ForceMfa,
PasswordlessType: policy_grpc.PasswordlessTypeToDomain(p.PasswordlessType),
}
}
func ListLoginPolicyIDPsRequestToModel(req *mgmt_pb.ListLoginPolicyIDPsRequest) *model.IDPProviderSearchRequest {
return &model.IDPProviderSearchRequest{
Offset: req.Query.Offset,
Limit: uint64(req.Query.Limit),
Asc: req.Query.Asc,
// SortingColumn: model.IDPProviderSearchKey, //TODO: not in proto
// Queries: []*model.IDPProviderSearchQuery, //TODO: not in proto
}
}

67
internal/api/grpc/management/policy_password_age.go Normal file
View File

@@ -0,0 +1,67 @@
package management
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/api/grpc/object"
policy_grpc "github.com/caos/zitadel/internal/api/grpc/policy"
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) GetPasswordAgePolicy(ctx context.Context, req *mgmt_pb.GetPasswordAgePolicyRequest) (*mgmt_pb.GetPasswordAgePolicyResponse, error) {
policy, err := s.org.GetPasswordAgePolicy(ctx)
if err != nil {
return nil, err
}
return &mgmt_pb.GetPasswordAgePolicyResponse{
Policy: policy_grpc.ModelPasswordAgePolicyToPb(policy),
}, nil
}
func (s *Server) GetDefaultPasswordAgePolicy(ctx context.Context, req *mgmt_pb.GetDefaultPasswordAgePolicyRequest) (*mgmt_pb.GetDefaultPasswordAgePolicyResponse, error) {
policy, err := s.org.GetDefaultPasswordAgePolicy(ctx)
if err != nil {
return nil, err
}
return &mgmt_pb.GetDefaultPasswordAgePolicyResponse{
Policy: policy_grpc.ModelPasswordAgePolicyToPb(policy),
}, nil
}
func (s *Server) AddCustomPasswordAgePolicy(ctx context.Context, req *mgmt_pb.AddCustomPasswordAgePolicyRequest) (*mgmt_pb.AddCustomPasswordAgePolicyResponse, error) {
result, err := s.command.AddPasswordAgePolicy(ctx, authz.GetCtxData(ctx).OrgID, AddPasswordAgePolicyToDomain(req))
if err != nil {
return nil, err
}
return &mgmt_pb.AddCustomPasswordAgePolicyResponse{
Details: object.ToDetailsPb(
result.Sequence,
result.ChangeDate,
result.ResourceOwner,
),
}, nil
}
func (s *Server) UpdateCustomPasswordAgePolicy(ctx context.Context, req *mgmt_pb.UpdateCustomPasswordAgePolicyRequest) (*mgmt_pb.UpdateCustomPasswordAgePolicyResponse, error) {
result, err := s.command.ChangePasswordAgePolicy(ctx, authz.GetCtxData(ctx).OrgID, UpdatePasswordAgePolicyToDomain(req))
if err != nil {
return nil, err
}
return &mgmt_pb.UpdateCustomPasswordAgePolicyResponse{
Details: object.ToDetailsPb(
result.Sequence,
result.ChangeDate,
result.ResourceOwner,
),
}, nil
}
func (s *Server) ResetPasswordAgePolicyToDefault(ctx context.Context, req *mgmt_pb.ResetPasswordAgePolicyToDefaultRequest) (*mgmt_pb.ResetPasswordAgePolicyToDefaultResponse, error) {
objectDetails, err := s.command.RemovePasswordAgePolicy(ctx, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.ResetPasswordAgePolicyToDefaultResponse{
Details: object.DomainToDetailsPb(objectDetails),
}, nil
}

20
internal/api/grpc/management/policy_password_age_converter.go Normal file
View File

@@ -0,0 +1,20 @@
package management
import (
"github.com/caos/zitadel/internal/domain"
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
)
func AddPasswordAgePolicyToDomain(policy *mgmt_pb.AddCustomPasswordAgePolicyRequest) *domain.PasswordAgePolicy {
return &domain.PasswordAgePolicy{
MaxAgeDays: uint64(policy.MaxAgeDays),
ExpireWarnDays: uint64(policy.ExpireWarnDays),
}
}
func UpdatePasswordAgePolicyToDomain(policy *mgmt_pb.UpdateCustomPasswordAgePolicyRequest) *domain.PasswordAgePolicy {
return &domain.PasswordAgePolicy{
MaxAgeDays: uint64(policy.MaxAgeDays),
ExpireWarnDays: uint64(policy.ExpireWarnDays),
}
}

63
internal/api/grpc/management/policy_password_complexity.go Normal file
View File

@@ -0,0 +1,63 @@
package management
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/api/grpc/object"
policy_grpc "github.com/caos/zitadel/internal/api/grpc/policy"
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) GetPasswordComplexityPolicy(ctx context.Context, req *mgmt_pb.GetPasswordComplexityPolicyRequest) (*mgmt_pb.GetPasswordComplexityPolicyResponse, error) {
policy, err := s.org.GetPasswordComplexityPolicy(ctx)
if err != nil {
return nil, err
}
return &mgmt_pb.GetPasswordComplexityPolicyResponse{Policy: policy_grpc.ModelPasswordComplexityPolicyToPb(policy)}, nil
}
func (s *Server) GetDefaultPasswordComplexityPolicy(ctx context.Context, req *mgmt_pb.GetDefaultPasswordComplexityPolicyRequest) (*mgmt_pb.GetDefaultPasswordComplexityPolicyResponse, error) {
policy, err := s.org.GetDefaultPasswordComplexityPolicy(ctx)
if err != nil {
return nil, err
}
return &mgmt_pb.GetDefaultPasswordComplexityPolicyResponse{Policy: policy_grpc.ModelPasswordComplexityPolicyToPb(policy)}, nil
}
func (s *Server) AddCustomPasswordComplexityPolicy(ctx context.Context, req *mgmt_pb.AddCustomPasswordComplexityPolicyRequest) (*mgmt_pb.AddCustomPasswordComplexityPolicyResponse, error) {
result, err := s.command.AddPasswordComplexityPolicy(ctx, authz.GetCtxData(ctx).OrgID, AddPasswordComplexityPolicyToDomain(req))
if err != nil {
return nil, err
}
return &mgmt_pb.AddCustomPasswordComplexityPolicyResponse{
Details: object.ToDetailsPb(
result.Sequence,
result.ChangeDate,
result.ResourceOwner,
),
}, nil
}
func (s *Server) UpdateCustomPasswordComplexityPolicy(ctx context.Context, req *mgmt_pb.UpdateCustomPasswordComplexityPolicyRequest) (*mgmt_pb.UpdateCustomPasswordComplexityPolicyResponse, error) {
result, err := s.command.ChangePasswordComplexityPolicy(ctx, authz.GetCtxData(ctx).OrgID, UpdatePasswordComplexityPolicyToDomain(req))
if err != nil {
return nil, err
}
return &mgmt_pb.UpdateCustomPasswordComplexityPolicyResponse{
Details: object.ToDetailsPb(
result.Sequence,
result.ChangeDate,
result.ResourceOwner,
),
}, nil
}
func (s *Server) ResetPasswordComplexityPolicyToDefault(ctx context.Context, req *mgmt_pb.ResetPasswordComplexityPolicyToDefaultRequest) (*mgmt_pb.ResetPasswordComplexityPolicyToDefaultResponse, error) {
objectDetails, err := s.command.RemovePasswordComplexityPolicy(ctx, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.ResetPasswordComplexityPolicyToDefaultResponse{
Details: object.DomainToDetailsPb(objectDetails),
}, nil
}

26
internal/api/grpc/management/policy_password_complexity_converter.go Normal file
View File

@@ -0,0 +1,26 @@
package management
import (
"github.com/caos/zitadel/internal/domain"
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
)
func AddPasswordComplexityPolicyToDomain(req *mgmt_pb.AddCustomPasswordComplexityPolicyRequest) *domain.PasswordComplexityPolicy {
return &domain.PasswordComplexityPolicy{
MinLength: req.MinLength,
HasLowercase: req.HasLowercase,
HasUppercase: req.HasUppercase,
HasNumber: req.HasNumber,
HasSymbol: req.HasSymbol,
}
}
func UpdatePasswordComplexityPolicyToDomain(req *mgmt_pb.UpdateCustomPasswordComplexityPolicyRequest) *domain.PasswordComplexityPolicy {
return &domain.PasswordComplexityPolicy{
MinLength: req.MinLength,
HasLowercase: req.HasLowercase,
HasUppercase: req.HasUppercase,
HasNumber: req.HasNumber,
HasSymbol: req.HasSymbol,
}
}

63
internal/api/grpc/management/policy_password_lockout.go Normal file
View File

@@ -0,0 +1,63 @@
package management
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/api/grpc/object"
policy_grpc "github.com/caos/zitadel/internal/api/grpc/policy"
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) GetPasswordLockoutPolicy(ctx context.Context, req *mgmt_pb.GetPasswordLockoutPolicyRequest) (*mgmt_pb.GetPasswordLockoutPolicyResponse, error) {
policy, err := s.org.GetPasswordLockoutPolicy(ctx)
if err != nil {
return nil, err
}
return &mgmt_pb.GetPasswordLockoutPolicyResponse{Policy: policy_grpc.ModelPasswordLockoutPolicyToPb(policy)}, nil
}
func (s *Server) GetDefaultPasswordLockoutPolicy(ctx context.Context, req *mgmt_pb.GetDefaultPasswordLockoutPolicyRequest) (*mgmt_pb.GetDefaultPasswordLockoutPolicyResponse, error) {
policy, err := s.org.GetDefaultPasswordLockoutPolicy(ctx)
if err != nil {
return nil, err
}
return &mgmt_pb.GetDefaultPasswordLockoutPolicyResponse{Policy: policy_grpc.ModelPasswordLockoutPolicyToPb(policy)}, nil
}
func (s *Server) AddCustomPasswordLockoutPolicy(ctx context.Context, req *mgmt_pb.AddCustomPasswordLockoutPolicyRequest) (*mgmt_pb.AddCustomPasswordLockoutPolicyResponse, error) {
policy, err := s.command.AddPasswordLockoutPolicy(ctx, authz.GetCtxData(ctx).OrgID, AddPasswordLockoutPolicyToDomain(req))
if err != nil {
return nil, err
}
return &mgmt_pb.AddCustomPasswordLockoutPolicyResponse{
Details: object.ToDetailsPb(
policy.Sequence,
policy.ChangeDate,
policy.ResourceOwner,
),
}, nil
}
func (s *Server) UpdateCustomPasswordLockoutPolicy(ctx context.Context, req *mgmt_pb.UpdateCustomPasswordLockoutPolicyRequest) (*mgmt_pb.UpdateCustomPasswordLockoutPolicyResponse, error) {
policy, err := s.command.ChangePasswordLockoutPolicy(ctx, authz.GetCtxData(ctx).OrgID, UpdatePasswordLockoutPolicyToDomain(req))
if err != nil {
return nil, err
}
return &mgmt_pb.UpdateCustomPasswordLockoutPolicyResponse{
Details: object.ToDetailsPb(
policy.Sequence,
policy.ChangeDate,
policy.ResourceOwner,
),
}, nil
}
func (s *Server) ResetPasswordLockoutPolicyToDefault(ctx context.Context, req *mgmt_pb.ResetPasswordLockoutPolicyToDefaultRequest) (*mgmt_pb.ResetPasswordLockoutPolicyToDefaultResponse, error) {
objectDetails, err := s.command.RemovePasswordComplexityPolicy(ctx, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.ResetPasswordLockoutPolicyToDefaultResponse{
Details: object.DomainToDetailsPb(objectDetails),
}, nil
}

20
internal/api/grpc/management/policy_password_lockout_converter.go Normal file
View File

@@ -0,0 +1,20 @@
package management
import (
"github.com/caos/zitadel/internal/domain"
mgmt "github.com/caos/zitadel/pkg/grpc/management"
)
func AddPasswordLockoutPolicyToDomain(p *mgmt.AddCustomPasswordLockoutPolicyRequest) *domain.PasswordLockoutPolicy {
return &domain.PasswordLockoutPolicy{
MaxAttempts: uint64(p.MaxAttempts),
ShowLockOutFailures: p.ShowLockoutFailure,
}
}
func UpdatePasswordLockoutPolicyToDomain(p *mgmt.UpdateCustomPasswordLockoutPolicyRequest) *domain.PasswordLockoutPolicy {
return &domain.PasswordLockoutPolicy{
MaxAttempts: uint64(p.MaxAttempts),
ShowLockOutFailures: p.ShowLockoutFailure,
}
}

10
internal/api/grpc/management/probes.go
View File

@@ -1,10 +0,0 @@
package management
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
)
func (s *Server) Healthz(_ context.Context, e *empty.Empty) (*empty.Empty, error) {
return &empty.Empty{}, nil
}

310
internal/api/grpc/management/project.go
View File

@@ -2,131 +2,283 @@ package management
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/internal/api/authz"
grpc_util "github.com/caos/zitadel/internal/api/grpc"
"github.com/caos/zitadel/internal/api/http"
"github.com/caos/zitadel/pkg/grpc/management"
change_grpc "github.com/caos/zitadel/internal/api/grpc/change"
member_grpc "github.com/caos/zitadel/internal/api/grpc/member"
object_grpc "github.com/caos/zitadel/internal/api/grpc/object"
project_grpc "github.com/caos/zitadel/internal/api/grpc/project"
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) CreateProject(ctx context.Context, in *management.ProjectCreateRequest) (*management.Project, error) {
func (s *Server) GetProjectByID(ctx context.Context, req *mgmt_pb.GetProjectByIDRequest) (*mgmt_pb.GetProjectByIDResponse, error) {
project, err := s.project.ProjectByID(ctx, req.Id)
if err != nil {
return nil, err
}
return &mgmt_pb.GetProjectByIDResponse{
Project: project_grpc.ProjectToPb(project),
}, nil
}
func (s *Server) GetGrantedProjectByID(ctx context.Context, req *mgmt_pb.GetGrantedProjectByIDRequest) (*mgmt_pb.GetGrantedProjectByIDResponse, error) {
project, err := s.project.ProjectGrantViewByID(ctx, req.GrantId)
if err != nil {
return nil, err
}
return &mgmt_pb.GetGrantedProjectByIDResponse{
GrantedProject: project_grpc.GrantedProjectToPb(project),
}, nil
}
func (s *Server) ListProjects(ctx context.Context, req *mgmt_pb.ListProjectsRequest) (*mgmt_pb.ListProjectsResponse, error) {
queries, err := ListProjectsRequestToModel(req)
if err != nil {
return nil, err
}
domains, err := s.project.SearchProjects(ctx, queries)
if err != nil {
return nil, err
}
return &mgmt_pb.ListProjectsResponse{
Result: project_grpc.ProjectsToPb(domains.Result),
Details: object_grpc.ToListDetails(
domains.TotalResult,
domains.Sequence,
domains.Timestamp,
),
}, nil
}
func (s *Server) ListGrantedProjects(ctx context.Context, req *mgmt_pb.ListGrantedProjectsRequest) (*mgmt_pb.ListGrantedProjectsResponse, error) {
queries, err := ListGrantedProjectsRequestToModel(req)
if err != nil {
return nil, err
}
domains, err := s.project.SearchGrantedProjects(ctx, queries)
if err != nil {
return nil, err
}
return &mgmt_pb.ListGrantedProjectsResponse{
Result: project_grpc.GrantedProjectsToPb(domains.Result),
Details: object_grpc.ToListDetails(
domains.TotalResult,
domains.Sequence,
domains.Timestamp,
),
}, nil
}
func (s *Server) ListProjectChanges(ctx context.Context, req *mgmt_pb.ListProjectChangesRequest) (*mgmt_pb.ListProjectChangesResponse, error) {
res, err := s.project.ProjectChanges(ctx, req.ProjectId, req.Query.Offset, uint64(req.Query.Limit), req.Query.Asc)
if err != nil {
return nil, err
}
return &mgmt_pb.ListProjectChangesResponse{
Result: change_grpc.ProjectChangesToPb(res.Changes),
}, nil
}
func (s *Server) AddProject(ctx context.Context, req *mgmt_pb.AddProjectRequest) (*mgmt_pb.AddProjectResponse, error) {
ctxData := authz.GetCtxData(ctx)
project, err := s.command.AddProject(ctx, projectCreateToDomain(in), ctxData.ResourceOwner, ctxData.UserID)
project, err := s.command.AddProject(ctx, ProjectCreateToDomain(req), ctxData.ResourceOwner, ctxData.UserID)
if err != nil {
return nil, err
}
return projectFromDomain(project), nil
return &mgmt_pb.AddProjectResponse{
Id: project.AggregateID,
Details: object_grpc.ToDetailsPb(
project.Sequence,
project.ChangeDate,
project.ResourceOwner,
),
}, nil
}
func (s *Server) UpdateProject(ctx context.Context, in *management.ProjectUpdateRequest) (*management.Project, error) {
project, err := s.command.ChangeProject(ctx, projectUpdateToDomain(in), authz.GetCtxData(ctx).ResourceOwner)
func (s *Server) UpdateProject(ctx context.Context, req *mgmt_pb.UpdateProjectRequest) (*mgmt_pb.UpdateProjectResponse, error) {
project, err := s.command.ChangeProject(ctx, ProjectUpdateToDomain(req), authz.GetCtxData(ctx).ResourceOwner)
if err != nil {
return nil, err
}
return projectFromDomain(project), nil
}
func (s *Server) DeactivateProject(ctx context.Context, in *management.ProjectID) (*empty.Empty, error) {
err := s.command.DeactivateProject(ctx, in.Id, authz.GetCtxData(ctx).ResourceOwner)
return &empty.Empty{}, err
}
func (s *Server) ReactivateProject(ctx context.Context, in *management.ProjectID) (*empty.Empty, error) {
err := s.command.ReactivateProject(ctx, in.Id, authz.GetCtxData(ctx).ResourceOwner)
return &empty.Empty{}, err
return &mgmt_pb.UpdateProjectResponse{
Details: object_grpc.ToDetailsPb(
project.Sequence,
project.ChangeDate,
project.ResourceOwner,
),
}, nil
}
func (s *Server) RemoveProject(ctx context.Context, in *management.ProjectID) (*empty.Empty, error) {
grants, err := s.usergrant.UserGrantsByProjectID(ctx, in.Id)
if err != nil {
return &empty.Empty{}, err
}
err = s.command.RemoveProject(ctx, in.Id, authz.GetCtxData(ctx).OrgID, userGrantsToIDs(grants)...)
return &empty.Empty{}, err
}
func (s *Server) SearchProjects(ctx context.Context, in *management.ProjectSearchRequest) (*management.ProjectSearchResponse, error) {
request := projectSearchRequestsToModel(in)
request.AppendMyResourceOwnerQuery(grpc_util.GetHeader(ctx, http.ZitadelOrgID))
response, err := s.project.SearchProjects(ctx, request)
func (s *Server) DeactivateProject(ctx context.Context, req *mgmt_pb.DeactivateProjectRequest) (*mgmt_pb.DeactivateProjectResponse, error) {
details, err := s.command.DeactivateProject(ctx, req.Id, authz.GetCtxData(ctx).ResourceOwner)
if err != nil {
return nil, err
}
return projectSearchResponseFromModel(response), nil
return &mgmt_pb.DeactivateProjectResponse{
Details: object_grpc.DomainToDetailsPb(details),
}, nil
}
func (s *Server) ProjectByID(ctx context.Context, id *management.ProjectID) (*management.ProjectView, error) {
project, err := s.project.ProjectByID(ctx, id.Id)
func (s *Server) ReactivateProject(ctx context.Context, req *mgmt_pb.ReactivateProjectRequest) (*mgmt_pb.ReactivateProjectResponse, error) {
details, err := s.command.ReactivateProject(ctx, req.Id, authz.GetCtxData(ctx).ResourceOwner)
if err != nil {
return nil, err
}
return projectViewFromModel(project), nil
return &mgmt_pb.ReactivateProjectResponse{
Details: object_grpc.DomainToDetailsPb(details),
}, nil
}
func (s *Server) SearchGrantedProjects(ctx context.Context, in *management.GrantedProjectSearchRequest) (*management.ProjectGrantSearchResponse, error) {
request := grantedProjectSearchRequestsToModel(in)
request.AppendMyOrgQuery(grpc_util.GetHeader(ctx, http.ZitadelOrgID))
response, err := s.project.SearchGrantedProjects(ctx, request)
func (s *Server) RemoveProject(ctx context.Context, req *mgmt_pb.RemoveProjectRequest) (*mgmt_pb.RemoveProjectResponse, error) {
grants, err := s.usergrant.UserGrantsByProjectID(ctx, req.Id)
if err != nil {
return nil, err
}
return projectGrantSearchResponseFromModel(response), nil
}
func (s *Server) GetGrantedProjectByID(ctx context.Context, in *management.ProjectGrantID) (*management.ProjectGrantView, error) {
project, err := s.project.ProjectGrantViewByID(ctx, in.Id)
details, err := s.command.RemoveProject(ctx, req.Id, authz.GetCtxData(ctx).OrgID, userGrantsToIDs(grants)...)
if err != nil {
return nil, err
}
return projectGrantFromGrantedProjectModel(project), nil
return &mgmt_pb.RemoveProjectResponse{
Details: object_grpc.DomainToDetailsPb(details),
}, nil
}
func (s *Server) AddProjectRole(ctx context.Context, in *management.ProjectRoleAdd) (*management.ProjectRole, error) {
role, err := s.command.AddProjectRole(ctx, projectRoleAddToDomain(in), authz.GetCtxData(ctx).OrgID)
func (s *Server) ListProjectRoles(ctx context.Context, req *mgmt_pb.ListProjectRolesRequest) (*mgmt_pb.ListProjectRolesResponse, error) {
queries, err := ListProjectRolesRequestToModel(req)
if err != nil {
return nil, err
}
return projectRoleFromDomain(role), nil
}
func (s *Server) BulkAddProjectRole(ctx context.Context, in *management.ProjectRoleAddBulk) (*empty.Empty, error) {
err := s.command.BulkAddProjectRole(ctx, in.Id, authz.GetCtxData(ctx).OrgID, projectRoleAddBulkToDomain(in))
return &empty.Empty{}, err
}
func (s *Server) ChangeProjectRole(ctx context.Context, in *management.ProjectRoleChange) (*management.ProjectRole, error) {
role, err := s.command.ChangeProjectRole(ctx, projectRoleChangeToDomain(in), authz.GetCtxData(ctx).OrgID)
roles, err := s.project.SearchProjectRoles(ctx, req.ProjectId, queries)
if err != nil {
return nil, err
}
return projectRoleFromDomain(role), nil
return &mgmt_pb.ListProjectRolesResponse{
Result: project_grpc.RolesToPb(roles.Result),
Details: object_grpc.ToListDetails(
roles.TotalResult,
roles.Sequence,
roles.Timestamp,
),
}, nil
}
func (s *Server) RemoveProjectRole(ctx context.Context, in *management.ProjectRoleRemove) (*empty.Empty, error) {
userGrants, err := s.usergrant.UserGrantsByProjectIDAndRoleKey(ctx, in.Id, in.Key)
if err != nil {
return &empty.Empty{}, err
}
projectGrants, err := s.project.ProjectGrantsByProjectIDAndRoleKey(ctx, in.Id, in.Key)
if err != nil {
return &empty.Empty{}, err
}
err = s.command.RemoveProjectRole(ctx, in.Id, in.Key, authz.GetCtxData(ctx).OrgID, projectGrantsToIDs(projectGrants), userGrantsToIDs(userGrants)...)
return &empty.Empty{}, err
}
func (s *Server) SearchProjectRoles(ctx context.Context, in *management.ProjectRoleSearchRequest) (*management.ProjectRoleSearchResponse, error) {
request := projectRoleSearchRequestsToModel(in)
request.AppendMyOrgQuery(authz.GetCtxData(ctx).OrgID)
response, err := s.project.SearchProjectRoles(ctx, in.ProjectId, request)
func (s *Server) AddProjectRole(ctx context.Context, req *mgmt_pb.AddProjectRoleRequest) (*mgmt_pb.AddProjectRoleResponse, error) {
role, err := s.command.AddProjectRole(ctx, AddProjectRoleRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return projectRoleSearchResponseFromModel(response), nil
return &mgmt_pb.AddProjectRoleResponse{
Details: object_grpc.ToDetailsPb(
role.Sequence,
role.ChangeDate,
role.ResourceOwner,
),
}, nil
}
func (s *Server) ProjectChanges(ctx context.Context, changesRequest *management.ChangeRequest) (*management.Changes, error) {
response, err := s.project.ProjectChanges(ctx, changesRequest.Id, changesRequest.SequenceOffset, changesRequest.Limit, changesRequest.Asc)
func (s *Server) BulkAddProjectRoles(ctx context.Context, req *mgmt_pb.BulkAddProjectRolesRequest) (*mgmt_pb.BulkAddProjectRolesResponse, error) {
details, err := s.command.BulkAddProjectRole(ctx, req.ProjectId, authz.GetCtxData(ctx).OrgID, BulkAddProjectRolesRequestToDomain(req))
if err != nil {
return nil, err
}
return projectChangesToResponse(response, changesRequest.GetSequenceOffset(), changesRequest.GetLimit()), nil
return &mgmt_pb.BulkAddProjectRolesResponse{
Details: object_grpc.DomainToDetailsPb(details),
}, nil
}
func (s *Server) UpdateProjectRole(ctx context.Context, req *mgmt_pb.UpdateProjectRoleRequest) (*mgmt_pb.UpdateProjectRoleResponse, error) {
role, err := s.command.ChangeProjectRole(ctx, UpdateProjectRoleRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.UpdateProjectRoleResponse{
Details: object_grpc.ToDetailsPb(
role.Sequence,
role.ChangeDate,
role.ResourceOwner,
),
}, nil
}
func (s *Server) RemoveProjectRole(ctx context.Context, req *mgmt_pb.RemoveProjectRoleRequest) (*mgmt_pb.RemoveProjectRoleResponse, error) {
userGrants, err := s.usergrant.UserGrantsByProjectIDAndRoleKey(ctx, req.ProjectId, req.RoleKey)
if err != nil {
return nil, err
}
projectGrants, err := s.project.ProjectGrantsByProjectIDAndRoleKey(ctx, req.ProjectId, req.RoleKey)
if err != nil {
return nil, err
}
details, err := s.command.RemoveProjectRole(ctx, req.ProjectId, req.RoleKey, authz.GetCtxData(ctx).OrgID, ProjectGrantsToIDs(projectGrants), userGrantsToIDs(userGrants)...)
if err != nil {
return nil, err
}
return &mgmt_pb.RemoveProjectRoleResponse{
Details: object_grpc.DomainToDetailsPb(details),
}, nil
}
func (s *Server) ListProjectMemberRoles(ctx context.Context, req *mgmt_pb.ListProjectMemberRolesRequest) (*mgmt_pb.ListProjectMemberRolesResponse, error) {
roles, err := s.project.GetProjectMemberRoles(ctx)
if err != nil {
return nil, err
}
return &mgmt_pb.ListProjectMemberRolesResponse{Result: roles}, nil //TODO: details
}
func (s *Server) ListProjectMembers(ctx context.Context, req *mgmt_pb.ListProjectMembersRequest) (*mgmt_pb.ListProjectMembersResponse, error) {
queries, err := ListProjectMembersRequestToModel(req)
if err != nil {
return nil, err
}
domains, err := s.project.SearchProjectMembers(ctx, queries)
if err != nil {
return nil, err
}
return &mgmt_pb.ListProjectMembersResponse{
Result: member_grpc.ProjectMembersToPb(domains.Result),
Details: object_grpc.ToListDetails(
domains.TotalResult,
domains.Sequence,
domains.Timestamp,
),
}, nil
}
func (s *Server) AddProjectMember(ctx context.Context, req *mgmt_pb.AddProjectMemberRequest) (*mgmt_pb.AddProjectMemberResponse, error) {
member, err := s.command.AddProjectMember(ctx, AddProjectMemberRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.AddProjectMemberResponse{
Details: object_grpc.ToDetailsPb(
member.Sequence,
member.ChangeDate,
member.ResourceOwner,
),
}, nil
}
func (s *Server) UpdateProjectMember(ctx context.Context, req *mgmt_pb.UpdateProjectMemberRequest) (*mgmt_pb.UpdateProjectMemberResponse, error) {
member, err := s.command.ChangeProjectMember(ctx, UpdateProjectMemberRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.UpdateProjectMemberResponse{
Details: object_grpc.ToDetailsPb(
member.Sequence,
member.ChangeDate,
member.ResourceOwner,
),
}, nil
}
func (s *Server) RemoveProjectMember(ctx context.Context, req *mgmt_pb.RemoveProjectMemberRequest) (*mgmt_pb.RemoveProjectMemberResponse, error) {
details, err := s.command.RemoveProjectMember(ctx, req.ProjectId, req.UserId, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.RemoveProjectMemberResponse{
Details: object_grpc.DomainToDetailsPb(details),
}, nil
}

232
internal/api/grpc/management/project_application.go Normal file
View File

@@ -0,0 +1,232 @@
package management
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
authn_grpc "github.com/caos/zitadel/internal/api/grpc/authn"
change_grpc "github.com/caos/zitadel/internal/api/grpc/change"
object_grpc "github.com/caos/zitadel/internal/api/grpc/object"
project_grpc "github.com/caos/zitadel/internal/api/grpc/project"
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) GetAppByID(ctx context.Context, req *mgmt_pb.GetAppByIDRequest) (*mgmt_pb.GetAppByIDResponse, error) {
app, err := s.project.ApplicationByID(ctx, req.ProjectId, req.AppId)
if err != nil {
return nil, err
}
return &mgmt_pb.GetAppByIDResponse{
App: project_grpc.AppToPb(app),
}, nil
}
func (s *Server) ListApps(ctx context.Context, req *mgmt_pb.ListAppsRequest) (*mgmt_pb.ListAppsResponse, error) {
queries, err := ListAppsRequestToModel(req)
if err != nil {
return nil, err
}
domains, err := s.project.SearchApplications(ctx, queries)
if err != nil {
return nil, err
}
return &mgmt_pb.ListAppsResponse{
Result: project_grpc.AppsToPb(domains.Result),
Details: object_grpc.ToListDetails(
domains.TotalResult,
domains.Sequence,
domains.Timestamp,
),
}, nil
}
func (s *Server) ListAppChanges(ctx context.Context, req *mgmt_pb.ListAppChangesRequest) (*mgmt_pb.ListAppChangesResponse, error) {
res, err := s.project.ApplicationChanges(ctx, req.ProjectId, req.AppId, req.Query.Offset, uint64(req.Query.Limit), req.Query.Asc)
if err != nil {
return nil, err
}
return &mgmt_pb.ListAppChangesResponse{
Result: change_grpc.AppChangesToPb(res.Changes),
}, nil
}
func (s *Server) AddOIDCApp(ctx context.Context, req *mgmt_pb.AddOIDCAppRequest) (*mgmt_pb.AddOIDCAppResponse, error) {
app, err := s.command.AddOIDCApplication(ctx, AddOIDCAppRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.AddOIDCAppResponse{
AppId: app.AppID,
Details: object_grpc.ToDetailsPb(app.Sequence, app.ChangeDate, app.ResourceOwner),
ClientId: app.ClientID,
ClientSecret: app.ClientSecretString,
NoneCompliant: app.Compliance.NoneCompliant,
ComplianceProblems: project_grpc.ComplianceProblemsToLocalizedMessages(app.Compliance.Problems),
}, nil
}
func (s *Server) AddAPIApp(ctx context.Context, req *mgmt_pb.AddAPIAppRequest) (*mgmt_pb.AddAPIAppResponse, error) {
app, err := s.command.AddAPIApplication(ctx, AddAPIAppRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.AddAPIAppResponse{
AppId: app.AppID,
Details: object_grpc.ToDetailsPb(app.Sequence, app.ChangeDate, app.ResourceOwner),
ClientId: app.ClientID,
ClientSecret: app.ClientSecretString,
}, nil
}
func (s *Server) UpdateApp(ctx context.Context, req *mgmt_pb.UpdateAppRequest) (*mgmt_pb.UpdateAppResponse, error) {
details, err := s.command.ChangeApplication(ctx, req.ProjectId, UpdateAppRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.UpdateAppResponse{
Details: object_grpc.DomainToDetailsPb(details),
}, nil
}
func (s *Server) UpdateOIDCAppConfig(ctx context.Context, req *mgmt_pb.UpdateOIDCAppConfigRequest) (*mgmt_pb.UpdateOIDCAppConfigResponse, error) {
config, err := s.command.ChangeOIDCApplication(ctx, UpdateOIDCAppConfigRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.UpdateOIDCAppConfigResponse{
Details: object_grpc.ToDetailsPb(
config.Sequence,
config.ChangeDate,
config.ResourceOwner,
),
}, nil
}
func (s *Server) UpdateAPIAppConfig(ctx context.Context, req *mgmt_pb.UpdateAPIAppConfigRequest) (*mgmt_pb.UpdateAPIAppConfigResponse, error) {
config, err := s.command.ChangeAPIApplication(ctx, UpdateAPIAppConfigRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.UpdateAPIAppConfigResponse{
Details: object_grpc.ToDetailsPb(
config.Sequence,
config.ChangeDate,
config.ResourceOwner,
),
}, nil
}
func (s *Server) DeactivateApp(ctx context.Context, req *mgmt_pb.DeactivateAppRequest) (*mgmt_pb.DeactivateAppResponse, error) {
details, err := s.command.DeactivateApplication(ctx, req.ProjectId, req.AppId, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.DeactivateAppResponse{
Details: object_grpc.DomainToDetailsPb(details),
}, nil
}
func (s *Server) ReactivateApp(ctx context.Context, req *mgmt_pb.ReactivateAppRequest) (*mgmt_pb.ReactivateAppResponse, error) {
details, err := s.command.ReactivateApplication(ctx, req.ProjectId, req.AppId, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.ReactivateAppResponse{
Details: object_grpc.DomainToDetailsPb(details),
}, nil
}
func (s *Server) RemoveApp(ctx context.Context, req *mgmt_pb.RemoveAppRequest) (*mgmt_pb.RemoveAppResponse, error) {
details, err := s.command.RemoveApplication(ctx, req.ProjectId, req.AppId, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.RemoveAppResponse{
Details: object_grpc.DomainToDetailsPb(details),
}, nil
}
func (s *Server) RegenerateOIDCClientSecret(ctx context.Context, req *mgmt_pb.RegenerateOIDCClientSecretRequest) (*mgmt_pb.RegenerateOIDCClientSecretResponse, error) {
config, err := s.command.ChangeOIDCApplicationSecret(ctx, req.ProjectId, req.AppId, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.RegenerateOIDCClientSecretResponse{
ClientSecret: config.ClientSecretString,
Details: object_grpc.ToDetailsPb(
config.Sequence,
config.ChangeDate,
config.ResourceOwner,
),
}, nil
}
func (s *Server) RegenerateAPIClientSecret(ctx context.Context, req *mgmt_pb.RegenerateAPIClientSecretRequest) (*mgmt_pb.RegenerateAPIClientSecretResponse, error) {
config, err := s.command.ChangeAPIApplicationSecret(ctx, req.ProjectId, req.AppId, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.RegenerateAPIClientSecretResponse{
ClientSecret: config.ClientSecretString,
Details: object_grpc.ToDetailsPb(
config.Sequence,
config.ChangeDate,
config.ResourceOwner,
),
}, nil
}
func (s *Server) GetAppKey(ctx context.Context, req *mgmt_pb.GetAppKeyRequest) (*mgmt_pb.GetAppKeyResponse, error) {
key, err := s.project.GetClientKey(ctx, req.ProjectId, req.AppId, req.KeyId)
if err != nil {
return nil, err
}
return &mgmt_pb.GetAppKeyResponse{
Key: authn_grpc.KeyToPb(key),
}, nil
}
func (s *Server) ListAppKeys(ctx context.Context, req *mgmt_pb.ListAppKeysRequest) (*mgmt_pb.ListAppKeysResponse, error) {
queries, err := ListAPIClientKeysRequestToModel(req)
if err != nil {
return nil, err
}
domains, err := s.project.SearchClientKeys(ctx, queries)
if err != nil {
return nil, err
}
return &mgmt_pb.ListAppKeysResponse{
Result: authn_grpc.KeyViewsToPb(domains.Result),
Details: object_grpc.ToListDetails(
domains.TotalResult,
domains.Sequence,
domains.Timestamp,
),
}, nil
}
func (s *Server) AddAppKey(ctx context.Context, req *mgmt_pb.AddAppKeyRequest) (*mgmt_pb.AddAppKeyResponse, error) {
key, err := s.command.AddApplicationKey(ctx, AddAPIClientKeyRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
keyDetails, err := key.Detail()
if err != nil {
return nil, err
}
return &mgmt_pb.AddAppKeyResponse{
Id: key.KeyID,
Details: object_grpc.ToDetailsPb(key.Sequence, key.ChangeDate, key.ResourceOwner),
KeyDetails: keyDetails,
}, nil
}
func (s *Server) RemoveAppKey(ctx context.Context, req *mgmt_pb.RemoveAppKeyRequest) (*mgmt_pb.RemoveAppKeyResponse, error) {
details, err := s.command.RemoveApplicationKey(ctx, req.ProjectId, req.AppId, req.KeyId, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.RemoveAppKeyResponse{
Details: object_grpc.DomainToDetailsPb(details),
}, nil
}

134
internal/api/grpc/management/project_application_converter.go Normal file
View File

@@ -0,0 +1,134 @@
package management
import (
"time"
authn_grpc "github.com/caos/zitadel/internal/api/grpc/authn"
app_grpc "github.com/caos/zitadel/internal/api/grpc/project"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/eventstore/v1/models"
key_model "github.com/caos/zitadel/internal/key/model"
proj_model "github.com/caos/zitadel/internal/project/model"
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
)
func ListAppsRequestToModel(req *mgmt_pb.ListAppsRequest) (*proj_model.ApplicationSearchRequest, error) {
queries, err := app_grpc.AppQueriesToModel(req.Queries)
if err != nil {
return nil, err
}
queries = append(queries, &proj_model.ApplicationSearchQuery{
Key: proj_model.AppSearchKeyProjectID,
Method: domain.SearchMethodEquals,
Value: req.ProjectId,
})
return &proj_model.ApplicationSearchRequest{
Offset: req.Query.Offset,
Limit: uint64(req.Query.Limit),
Asc: req.Query.Asc,
//SortingColumn: //TODO: sorting
Queries: queries,
}, nil
}
func AddOIDCAppRequestToDomain(req *mgmt_pb.AddOIDCAppRequest) *domain.OIDCApp {
return &domain.OIDCApp{
ObjectRoot: models.ObjectRoot{
AggregateID: req.ProjectId,
},
AppName: req.Name,
OIDCVersion: app_grpc.OIDCVersionToDomain(req.Version),
RedirectUris: req.RedirectUris,
ResponseTypes: app_grpc.OIDCResponseTypesToDomain(req.ResponseTypes),
GrantTypes: app_grpc.OIDCGrantTypesToDomain(req.GrantTypes),
ApplicationType: app_grpc.OIDCApplicationTypeToDomain(req.AppType),
AuthMethodType: app_grpc.OIDCAuthMethodTypeToDomain(req.AuthMethodType),
PostLogoutRedirectUris: req.PostLogoutRedirectUris,
DevMode: req.DevMode,
AccessTokenType: app_grpc.OIDCTokenTypeToDomain(req.AccessTokenType),
AccessTokenRoleAssertion: req.AccessTokenRoleAssertion,
IDTokenRoleAssertion: req.IdTokenRoleAssertion,
IDTokenUserinfoAssertion: req.IdTokenUserinfoAssertion,
ClockSkew: req.ClockSkew.AsDuration(),
}
}
func AddAPIAppRequestToDomain(app *mgmt_pb.AddAPIAppRequest) *domain.APIApp {
return &domain.APIApp{
ObjectRoot: models.ObjectRoot{
AggregateID: app.ProjectId,
},
AppName: app.Name,
AuthMethodType: app_grpc.APIAuthMethodTypeToDomain(app.AuthMethodType),
}
}
func UpdateAppRequestToDomain(app *mgmt_pb.UpdateAppRequest) domain.Application {
return &domain.ChangeApp{
AppID: app.AppId,
AppName: app.Name,
}
}
func UpdateOIDCAppConfigRequestToDomain(app *mgmt_pb.UpdateOIDCAppConfigRequest) *domain.OIDCApp {
return &domain.OIDCApp{
ObjectRoot: models.ObjectRoot{
AggregateID: app.ProjectId,
},
AppID: app.AppId,
RedirectUris: app.RedirectUris,
ResponseTypes: app_grpc.OIDCResponseTypesToDomain(app.ResponseTypes),
GrantTypes: app_grpc.OIDCGrantTypesToDomain(app.GrantTypes),
ApplicationType: app_grpc.OIDCApplicationTypeToDomain(app.AppType),
AuthMethodType: app_grpc.OIDCAuthMethodTypeToDomain(app.AuthMethodType),
PostLogoutRedirectUris: app.PostLogoutRedirectUris,
DevMode: app.DevMode,
AccessTokenType: app_grpc.OIDCTokenTypeToDomain(app.AccessTokenType),
AccessTokenRoleAssertion: app.AccessTokenRoleAssertion,
IDTokenRoleAssertion: app.IdTokenRoleAssertion,
IDTokenUserinfoAssertion: app.IdTokenUserinfoAssertion,
ClockSkew: app.ClockSkew.AsDuration(),
}
}
func UpdateAPIAppConfigRequestToDomain(app *mgmt_pb.UpdateAPIAppConfigRequest) *domain.APIApp {
return &domain.APIApp{
ObjectRoot: models.ObjectRoot{
AggregateID: app.ProjectId,
},
AppID: app.AppId,
AuthMethodType: app_grpc.APIAuthMethodTypeToDomain(app.AuthMethodType),
}
}
func AddAPIClientKeyRequestToDomain(key *mgmt_pb.AddAppKeyRequest) *domain.ApplicationKey {
expirationDate := time.Time{}
if key.ExpirationDate != nil {
expirationDate = key.ExpirationDate.AsTime()
}
return &domain.ApplicationKey{
ObjectRoot: models.ObjectRoot{
AggregateID: key.ProjectId,
},
ExpirationDate: expirationDate,
Type: authn_grpc.KeyTypeToDomain(key.Type),
ApplicationID: key.AppId,
}
}
func ListAPIClientKeysRequestToModel(req *mgmt_pb.ListAppKeysRequest) (*key_model.AuthNKeySearchRequest, error) {
queries := make([]*key_model.AuthNKeySearchQuery, 2)
queries = append(queries, &key_model.AuthNKeySearchQuery{
Key: key_model.AuthNKeyObjectID,
Method: domain.SearchMethodEquals,
Value: req.AppId,
})
return &key_model.AuthNKeySearchRequest{
Offset: req.Query.Offset,
Limit: uint64(req.Query.Limit),
Asc: req.Query.Asc,
//SortingColumn: //TODO: sorting
Queries: queries,
}, nil
}

371
internal/api/grpc/management/project_converter.go
View File

@@ -1,170 +1,50 @@
package management
import (
"encoding/json"
member_grpc "github.com/caos/zitadel/internal/api/grpc/member"
proj_grpc "github.com/caos/zitadel/internal/api/grpc/project"
"github.com/caos/zitadel/internal/domain"
"google.golang.org/protobuf/types/known/timestamppb"
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
"google.golang.org/protobuf/encoding/protojson"
"google.golang.org/protobuf/types/known/structpb"
"github.com/caos/zitadel/internal/eventstore/v1/models"
proj_model "github.com/caos/zitadel/internal/project/model"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/caos/zitadel/pkg/grpc/message"
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
)
func projectFromDomain(project *domain.Project) *management.Project {
return &management.Project{
Id: project.AggregateID,
State: projectStateFromDomain(project.State),
ChangeDate: timestamppb.New(project.ChangeDate),
Name: project.Name,
Sequence: project.Sequence,
ProjectRoleAssertion: project.ProjectRoleAssertion,
ProjectRoleCheck: project.ProjectRoleCheck,
}
}
func projectSearchResponseFromModel(response *proj_model.ProjectViewSearchResponse) *management.ProjectSearchResponse {
timestamp, err := ptypes.TimestampProto(response.Timestamp)
logging.Log("GRPC-iejs3").OnError(err).Debug("unable to parse timestamp")
return &management.ProjectSearchResponse{
Offset: response.Offset,
Limit: response.Limit,
TotalResult: response.TotalResult,
Result: projectViewsFromModel(response.Result),
ProcessedSequence: response.Sequence,
ViewTimestamp: timestamp,
}
}
func projectViewsFromModel(projects []*proj_model.ProjectView) []*management.ProjectView {
converted := make([]*management.ProjectView, len(projects))
for i, project := range projects {
converted[i] = projectViewFromModel(project)
}
return converted
}
func projectViewFromModel(project *proj_model.ProjectView) *management.ProjectView {
creationDate, err := ptypes.TimestampProto(project.CreationDate)
logging.Log("GRPC-dlso3").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(project.ChangeDate)
logging.Log("GRPC-sope3").OnError(err).Debug("unable to parse timestamp")
return &management.ProjectView{
ProjectId: project.ProjectID,
State: projectStateFromModel(project.State),
CreationDate: creationDate,
ChangeDate: changeDate,
Name: project.Name,
Sequence: project.Sequence,
ResourceOwner: project.ResourceOwner,
ProjectRoleAssertion: project.ProjectRoleAssertion,
ProjectRoleCheck: project.ProjectRoleCheck,
}
}
func projectRoleSearchResponseFromModel(response *proj_model.ProjectRoleSearchResponse) *management.ProjectRoleSearchResponse {
timestamp, err := ptypes.TimestampProto(response.Timestamp)
logging.Log("GRPC-Lps0c").OnError(err).Debug("unable to parse timestamp")
return &management.ProjectRoleSearchResponse{
Offset: response.Offset,
Limit: response.Limit,
TotalResult: response.TotalResult,
Result: projectRoleViewsFromModel(response.Result),
ProcessedSequence: response.Sequence,
ViewTimestamp: timestamp,
}
}
func projectRoleViewsFromModel(roles []*proj_model.ProjectRoleView) []*management.ProjectRoleView {
converted := make([]*management.ProjectRoleView, len(roles))
for i, role := range roles {
converted[i] = projectRoleViewFromModel(role)
}
return converted
}
func projectRoleViewFromModel(role *proj_model.ProjectRoleView) *management.ProjectRoleView {
creationDate, err := ptypes.TimestampProto(role.CreationDate)
logging.Log("GRPC-dlso3").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(role.ChangeDate)
logging.Log("MANAG-BRr8Y").OnError(err).Debug("unable to parse timestamp")
return &management.ProjectRoleView{
ProjectId: role.ProjectID,
CreationDate: creationDate,
ChangeDate: changeDate,
Key: role.Key,
Group: role.Group,
DisplayName: role.DisplayName,
Sequence: role.Sequence,
}
}
func projectStateFromDomain(state domain.ProjectState) management.ProjectState {
switch state {
case domain.ProjectStateActive:
return management.ProjectState_PROJECTSTATE_ACTIVE
case domain.ProjectStateInactive:
return management.ProjectState_PROJECTSTATE_INACTIVE
default:
return management.ProjectState_PROJECTSTATE_UNSPECIFIED
}
}
func projectStateFromModel(state proj_model.ProjectState) management.ProjectState {
switch state {
case proj_model.ProjectStateActive:
return management.ProjectState_PROJECTSTATE_ACTIVE
case proj_model.ProjectStateInactive:
return management.ProjectState_PROJECTSTATE_INACTIVE
default:
return management.ProjectState_PROJECTSTATE_UNSPECIFIED
}
}
func projectCreateToDomain(project *management.ProjectCreateRequest) *domain.Project {
func ProjectCreateToDomain(req *mgmt_pb.AddProjectRequest) *domain.Project {
return &domain.Project{
Name: project.Name,
ProjectRoleAssertion: project.ProjectRoleAssertion,
ProjectRoleCheck: project.ProjectRoleCheck,
Name: req.Name,
ProjectRoleAssertion: req.ProjectRoleAssertion,
ProjectRoleCheck: req.ProjectRoleCheck,
}
}
func projectUpdateToDomain(project *management.ProjectUpdateRequest) *domain.Project {
func ProjectUpdateToDomain(req *mgmt_pb.UpdateProjectRequest) *domain.Project {
return &domain.Project{
ObjectRoot: models.ObjectRoot{
AggregateID: project.Id,
AggregateID: req.Id,
},
Name: project.Name,
ProjectRoleAssertion: project.ProjectRoleAssertion,
ProjectRoleCheck: project.ProjectRoleCheck,
Name: req.Name,
ProjectRoleAssertion: req.ProjectRoleAssertion,
ProjectRoleCheck: req.ProjectRoleCheck,
}
}
func projectRoleFromDomain(role *domain.ProjectRole) *management.ProjectRole {
return &management.ProjectRole{
ChangeDate: timestamppb.New(role.ChangeDate),
Sequence: role.Sequence,
Key: role.Key,
DisplayName: role.DisplayName,
Group: role.Group,
func AddProjectRoleRequestToDomain(req *mgmt_pb.AddProjectRoleRequest) *domain.ProjectRole {
return &domain.ProjectRole{
ObjectRoot: models.ObjectRoot{
AggregateID: req.ProjectId,
},
Key: req.RoleKey,
DisplayName: req.DisplayName,
Group: req.Group,
}
}
func projectRoleAddBulkToDomain(bulk *management.ProjectRoleAddBulk) []*domain.ProjectRole {
roles := make([]*domain.ProjectRole, len(bulk.ProjectRoles))
for i, role := range bulk.ProjectRoles {
func BulkAddProjectRolesRequestToDomain(req *mgmt_pb.BulkAddProjectRolesRequest) []*domain.ProjectRole {
roles := make([]*domain.ProjectRole, len(req.Roles))
for i, role := range req.Roles {
roles[i] = &domain.ProjectRole{
ObjectRoot: models.ObjectRoot{
AggregateID: bulk.Id,
AggregateID: req.ProjectId,
},
Key: role.Key,
DisplayName: role.DisplayName,
@@ -174,154 +54,91 @@ func projectRoleAddBulkToDomain(bulk *management.ProjectRoleAddBulk) []*domain.P
return roles
}
func projectRoleAddToDomain(role *management.ProjectRoleAdd) *domain.ProjectRole {
func UpdateProjectRoleRequestToDomain(req *mgmt_pb.UpdateProjectRoleRequest) *domain.ProjectRole {
return &domain.ProjectRole{
ObjectRoot: models.ObjectRoot{
AggregateID: role.Id,
AggregateID: req.ProjectId,
},
Key: role.Key,
DisplayName: role.DisplayName,
Group: role.Group,
Key: req.RoleKey,
DisplayName: req.DisplayName,
Group: req.Group,
}
}
func projectRoleChangeToDomain(role *management.ProjectRoleChange) *domain.ProjectRole {
return &domain.ProjectRole{
ObjectRoot: models.ObjectRoot{
AggregateID: role.Id,
},
Key: role.Key,
DisplayName: role.DisplayName,
Group: role.Group,
func ProjectGrantsToIDs(projectGrants []*proj_model.ProjectGrantView) []string {
converted := make([]string, len(projectGrants))
for i, grant := range projectGrants {
converted[i] = grant.GrantID
}
return converted
}
func projectSearchRequestsToModel(project *management.ProjectSearchRequest) *proj_model.ProjectViewSearchRequest {
func AddProjectMemberRequestToDomain(req *mgmt_pb.AddProjectMemberRequest) *domain.Member {
return domain.NewMember(req.ProjectId, req.UserId, req.Roles...)
}
func UpdateProjectMemberRequestToDomain(req *mgmt_pb.UpdateProjectMemberRequest) *domain.Member {
return domain.NewMember(req.ProjectId, req.UserId, req.Roles...)
}
func ListProjectsRequestToModel(req *mgmt_pb.ListProjectsRequest) (*proj_model.ProjectViewSearchRequest, error) {
queries, err := proj_grpc.ProjectQueriesToModel(req.Queries)
if err != nil {
return nil, err
}
return &proj_model.ProjectViewSearchRequest{
Offset: project.Offset,
Limit: project.Limit,
Queries: projectSearchQueriesToModel(project.Queries),
}
Offset: req.Query.Offset,
Limit: uint64(req.Query.Limit),
Asc: req.Query.Asc,
//SortingColumn: //TODO: sorting
Queries: queries,
}, nil
}
func grantedProjectSearchRequestsToModel(request *management.GrantedProjectSearchRequest) *proj_model.ProjectGrantViewSearchRequest {
func ListGrantedProjectsRequestToModel(req *mgmt_pb.ListGrantedProjectsRequest) (*proj_model.ProjectGrantViewSearchRequest, error) {
queries, err := proj_grpc.GrantedProjectQueriesToModel(req.Queries)
if err != nil {
return nil, err
}
return &proj_model.ProjectGrantViewSearchRequest{
Offset: request.Offset,
Limit: request.Limit,
Queries: grantedPRojectSearchQueriesToModel(request.Queries),
}
Offset: req.Query.Offset,
Limit: uint64(req.Query.Limit),
Asc: req.Query.Asc,
//SortingColumn: //TODO: sorting
Queries: queries,
}, nil
}
func projectSearchQueriesToModel(queries []*management.ProjectSearchQuery) []*proj_model.ProjectViewSearchQuery {
converted := make([]*proj_model.ProjectViewSearchQuery, len(queries))
for i, q := range queries {
converted[i] = projectSearchQueryToModel(q)
func ListProjectRolesRequestToModel(req *mgmt_pb.ListProjectRolesRequest) (*proj_model.ProjectRoleSearchRequest, error) {
queries, err := proj_grpc.RoleQueriesToModel(req.Queries)
if err != nil {
return nil, err
}
return converted
}
func projectSearchQueryToModel(query *management.ProjectSearchQuery) *proj_model.ProjectViewSearchQuery {
return &proj_model.ProjectViewSearchQuery{
Key: projectSearchKeyToModel(query.Key),
Method: searchMethodToModel(query.Method),
Value: query.Value,
}
}
func projectSearchKeyToModel(key management.ProjectSearchKey) proj_model.ProjectViewSearchKey {
switch key {
case management.ProjectSearchKey_PROJECTSEARCHKEY_PROJECT_NAME:
return proj_model.ProjectViewSearchKeyName
default:
return proj_model.ProjectViewSearchKeyUnspecified
}
}
func grantedPRojectSearchQueriesToModel(queries []*management.ProjectSearchQuery) []*proj_model.ProjectGrantViewSearchQuery {
converted := make([]*proj_model.ProjectGrantViewSearchQuery, len(queries))
for i, q := range queries {
converted[i] = grantedProjectSearchQueryToModel(q)
}
return converted
}
func grantedProjectSearchQueryToModel(query *management.ProjectSearchQuery) *proj_model.ProjectGrantViewSearchQuery {
return &proj_model.ProjectGrantViewSearchQuery{
Key: projectGrantSearchKeyToModel(query.Key),
Method: searchMethodToModel(query.Method),
Value: query.Value,
}
}
func projectGrantSearchKeyToModel(key management.ProjectSearchKey) proj_model.ProjectGrantViewSearchKey {
switch key {
case management.ProjectSearchKey_PROJECTSEARCHKEY_PROJECT_NAME:
return proj_model.GrantedProjectSearchKeyName
default:
return proj_model.GrantedProjectSearchKeyUnspecified
}
}
func projectRoleSearchRequestsToModel(role *management.ProjectRoleSearchRequest) *proj_model.ProjectRoleSearchRequest {
queries = append(queries, &proj_model.ProjectRoleSearchQuery{
Key: proj_model.ProjectRoleSearchKeyProjectID,
Method: domain.SearchMethodEquals,
Value: req.ProjectId,
})
return &proj_model.ProjectRoleSearchRequest{
Offset: role.Offset,
Limit: role.Limit,
Queries: projectRoleSearchQueriesToModel(role.Queries),
}
Offset: req.Query.Offset,
Limit: uint64(req.Query.Limit),
Asc: req.Query.Asc,
//SortingColumn: //TODO: sorting
Queries: queries,
}, nil
}
func projectRoleSearchQueriesToModel(queries []*management.ProjectRoleSearchQuery) []*proj_model.ProjectRoleSearchQuery {
converted := make([]*proj_model.ProjectRoleSearchQuery, len(queries))
for i, q := range queries {
converted[i] = projectRoleSearchQueryToModel(q)
}
return converted
}
func projectRoleSearchQueryToModel(query *management.ProjectRoleSearchQuery) *proj_model.ProjectRoleSearchQuery {
return &proj_model.ProjectRoleSearchQuery{
Key: projectRoleSearchKeyToModel(query.Key),
Method: searchMethodToModel(query.Method),
Value: query.Value,
}
}
func projectRoleSearchKeyToModel(key management.ProjectRoleSearchKey) proj_model.ProjectRoleSearchKey {
switch key {
case management.ProjectRoleSearchKey_PROJECTROLESEARCHKEY_KEY:
return proj_model.ProjectRoleSearchKeyKey
case management.ProjectRoleSearchKey_PROJECTROLESEARCHKEY_DISPLAY_NAME:
return proj_model.ProjectRoleSearchKeyDisplayName
default:
return proj_model.ProjectRoleSearchKeyUnspecified
}
}
func projectChangesToResponse(response *proj_model.ProjectChanges, offset uint64, limit uint64) (_ *management.Changes) {
return &management.Changes{
Limit: limit,
Offset: offset,
Changes: projectChangesToMgtAPI(response),
}
}
func projectChangesToMgtAPI(changes *proj_model.ProjectChanges) (_ []*management.Change) {
result := make([]*management.Change, len(changes.Changes))
for i, change := range changes.Changes {
b, err := json.Marshal(change.Data)
data := &structpb.Struct{}
err = protojson.Unmarshal(b, data)
if err != nil {
}
result[i] = &management.Change{
ChangeDate: change.ChangeDate,
EventType: message.NewLocalizedEventType(change.EventType),
Sequence: change.Sequence,
Editor: change.ModifierName,
EditorId: change.ModifierId,
Data: data,
}
}
return result
func ListProjectMembersRequestToModel(req *mgmt_pb.ListProjectMembersRequest) (*proj_model.ProjectMemberSearchRequest, error) {
queries := member_grpc.MemberQueriesToProjectMember(req.Queries)
queries = append(queries, &proj_model.ProjectMemberSearchQuery{
Key: proj_model.ProjectMemberSearchKeyProjectID,
Method: domain.SearchMethodEquals,
Value: req.ProjectId,
})
return &proj_model.ProjectMemberSearchRequest{
Offset: req.Query.Offset,
Limit: uint64(req.Query.Limit),
Asc: req.Query.Asc,
//SortingColumn: //TODO: sorting
Queries: queries,
}, nil
}

176
internal/api/grpc/management/project_grant.go
View File

@@ -2,61 +2,163 @@ package management
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/pkg/grpc/management"
member_grpc "github.com/caos/zitadel/internal/api/grpc/member"
object_grpc "github.com/caos/zitadel/internal/api/grpc/object"
proj_grpc "github.com/caos/zitadel/internal/api/grpc/project"
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) SearchProjectGrants(ctx context.Context, in *management.ProjectGrantSearchRequest) (*management.ProjectGrantSearchResponse, error) {
request := projectGrantSearchRequestsToModel(in)
ctxData := authz.GetCtxData(ctx)
request.AppendMyResourceOwnerQuery(ctxData.OrgID)
response, err := s.project.SearchProjectGrants(ctx, request)
func (s *Server) GetProjectGrantByID(ctx context.Context, req *mgmt_pb.GetProjectGrantByIDRequest) (*mgmt_pb.GetProjectGrantByIDResponse, error) {
grant, err := s.project.ProjectGrantByID(ctx, req.GrantId)
if err != nil {
return nil, err
}
return projectGrantSearchResponseFromModel(response), nil
return &mgmt_pb.GetProjectGrantByIDResponse{
ProjectGrant: proj_grpc.GrantedProjectToPb(grant),
}, nil
}
func (s *Server) ProjectGrantByID(ctx context.Context, in *management.ProjectGrantID) (*management.ProjectGrantView, error) {
grant, err := s.project.ProjectGrantByID(ctx, in.Id)
func (s *Server) ListProjectGrants(ctx context.Context, req *mgmt_pb.ListProjectGrantsRequest) (*mgmt_pb.ListProjectGrantsResponse, error) {
queries, err := ListProjectGrantsRequestToModel(req)
if err != nil {
return nil, err
}
return projectGrantFromGrantedProjectModel(grant), nil
domains, err := s.project.SearchProjectGrants(ctx, queries)
if err != nil {
return nil, err
}
return &mgmt_pb.ListProjectGrantsResponse{
Result: proj_grpc.GrantedProjectsToPb(domains.Result),
Details: object_grpc.ToListDetails(
domains.TotalResult,
domains.Sequence,
domains.Timestamp,
),
}, nil
}
func (s *Server) CreateProjectGrant(ctx context.Context, in *management.ProjectGrantCreate) (*management.ProjectGrant, error) {
grant, err := s.command.AddProjectGrant(ctx, projectGrantCreateToDomain(in), authz.GetCtxData(ctx).OrgID)
func (s *Server) AddProjectGrant(ctx context.Context, req *mgmt_pb.AddProjectGrantRequest) (*mgmt_pb.AddProjectGrantResponse, error) {
grant, err := s.command.AddProjectGrant(ctx, AddProjectGrantRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return projectGrantFromDomain(grant), nil
}
func (s *Server) UpdateProjectGrant(ctx context.Context, in *management.ProjectGrantUpdate) (*management.ProjectGrant, error) {
userGrants, err := s.usergrant.UserGrantsByProjectAndGrantID(ctx, in.ProjectId, in.Id)
if err != nil {
return nil, err
}
grant, err := s.command.ChangeProjectGrant(ctx, projectGrantUpdateToDomain(in), authz.GetCtxData(ctx).OrgID, userGrantsToIDs(userGrants)...)
if err != nil {
return nil, err
}
return projectGrantFromDomain(grant), nil
}
func (s *Server) DeactivateProjectGrant(ctx context.Context, in *management.ProjectGrantID) (*empty.Empty, error) {
err := s.command.DeactivateProjectGrant(ctx, in.ProjectId, in.Id, authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
return &mgmt_pb.AddProjectGrantResponse{
GrantId: grant.GrantID,
Details: object_grpc.ToDetailsPb(
grant.Sequence,
grant.ChangeDate,
grant.ResourceOwner,
),
}, nil
}
func (s *Server) ReactivateProjectGrant(ctx context.Context, in *management.ProjectGrantID) (*empty.Empty, error) {
err := s.command.ReactivateProjectGrant(ctx, in.ProjectId, in.Id, authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
func (s *Server) UpdateProjectGrant(ctx context.Context, req *mgmt_pb.UpdateProjectGrantRequest) (*mgmt_pb.UpdateProjectGrantResponse, error) {
userGrants, err := s.usergrant.UserGrantsByProjectAndGrantID(ctx, req.ProjectId, req.GrantId)
if err != nil {
return nil, err
}
grant, err := s.command.ChangeProjectGrant(ctx, UpdateProjectGrantRequestToDomain(req), authz.GetCtxData(ctx).OrgID, userGrantsToIDs(userGrants)...)
if err != nil {
return nil, err
}
return &mgmt_pb.UpdateProjectGrantResponse{
Details: object_grpc.ToDetailsPb(
grant.Sequence,
grant.ChangeDate,
grant.ResourceOwner,
),
}, nil
}
func (s *Server) RemoveProjectGrant(ctx context.Context, in *management.ProjectGrantID) (*empty.Empty, error) {
err := s.command.RemoveProjectGrant(ctx, in.ProjectId, in.Id, authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
func (s *Server) DeactivateProjectGrant(ctx context.Context, req *mgmt_pb.DeactivateProjectGrantRequest) (*mgmt_pb.DeactivateProjectGrantResponse, error) {
details, err := s.command.DeactivateProjectGrant(ctx, req.ProjectId, req.GrantId, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.DeactivateProjectGrantResponse{
Details: object_grpc.DomainToDetailsPb(details),
}, nil
}
func (s *Server) ReactivateProjectGrant(ctx context.Context, req *mgmt_pb.ReactivateProjectGrantRequest) (*mgmt_pb.ReactivateProjectGrantResponse, error) {
details, err := s.command.ReactivateProjectGrant(ctx, req.ProjectId, req.GrantId, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.ReactivateProjectGrantResponse{
Details: object_grpc.DomainToDetailsPb(details),
}, nil
}
func (s *Server) RemoveProjectGrant(ctx context.Context, req *mgmt_pb.RemoveProjectGrantRequest) (*mgmt_pb.RemoveProjectGrantResponse, error) {
details, err := s.command.RemoveProjectGrant(ctx, req.ProjectId, req.GrantId, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.RemoveProjectGrantResponse{
Details: object_grpc.DomainToDetailsPb(details),
}, nil
}
func (s *Server) ListProjectGrantMemberRoles(ctx context.Context, req *mgmt_pb.ListProjectGrantMemberRolesRequest) (*mgmt_pb.ListProjectGrantMemberRolesResponse, error) {
roles := s.project.GetProjectGrantMemberRoles()
return &mgmt_pb.ListProjectGrantMemberRolesResponse{
Result: roles,
//TODO: metadata
}, nil
}
func (s *Server) ListProjectGrantMembers(ctx context.Context, req *mgmt_pb.ListProjectGrantMembersRequest) (*mgmt_pb.ListProjectGrantMembersResponse, error) {
response, err := s.project.SearchProjectGrantMembers(ctx, ListProjectGrantMembersRequestToModel(req))
if err != nil {
return nil, err
}
return &mgmt_pb.ListProjectGrantMembersResponse{
Result: member_grpc.ProjectGrantMembersToPb(response.Result),
Details: object_grpc.ToListDetails(
response.TotalResult,
response.Sequence,
response.Timestamp,
),
}, nil
}
func (s *Server) AddProjectGrantMember(ctx context.Context, req *mgmt_pb.AddProjectGrantMemberRequest) (*mgmt_pb.AddProjectGrantMemberResponse, error) {
member, err := s.command.AddProjectGrantMember(ctx, AddProjectGrantMemberRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.AddProjectGrantMemberResponse{
Details: object_grpc.ToDetailsPb(
member.Sequence,
member.ChangeDate,
member.ResourceOwner,
),
}, nil
}
func (s *Server) UpdateProjectGrantMember(ctx context.Context, req *mgmt_pb.UpdateProjectGrantMemberRequest) (*mgmt_pb.UpdateProjectGrantMemberResponse, error) {
member, err := s.command.ChangeProjectGrantMember(ctx, UpdateProjectGrantMemberRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.UpdateProjectGrantMemberResponse{
Details: object_grpc.ToDetailsPb(
member.Sequence,
member.ChangeDate,
member.ResourceOwner,
),
}, nil
}
func (s *Server) RemoveProjectGrantMember(ctx context.Context, req *mgmt_pb.RemoveProjectGrantMemberRequest) (*mgmt_pb.RemoveProjectGrantMemberResponse, error) {
details, err := s.command.RemoveProjectGrantMember(ctx, req.ProjectId, req.UserId, req.GrantId, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.RemoveProjectGrantMemberResponse{
Details: object_grpc.DomainToDetailsPb(details),
}, nil
}

219
internal/api/grpc/management/project_grant_converter.go
View File

@@ -1,189 +1,84 @@
package management
import (
"github.com/caos/logging"
member_grpc "github.com/caos/zitadel/internal/api/grpc/member"
proj_grpc "github.com/caos/zitadel/internal/api/grpc/project"
"github.com/caos/zitadel/internal/domain"
"google.golang.org/protobuf/types/known/timestamppb"
"github.com/golang/protobuf/ptypes"
"github.com/caos/zitadel/internal/eventstore/v1/models"
proj_model "github.com/caos/zitadel/internal/project/model"
"github.com/caos/zitadel/pkg/grpc/management"
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
)
func projectGrantFromDomain(grant *domain.ProjectGrant) *management.ProjectGrant {
return &management.ProjectGrant{
Id: grant.GrantID,
State: projectGrantStateFromDomain(grant.State),
CreationDate: timestamppb.New(grant.CreationDate),
ChangeDate: timestamppb.New(grant.ChangeDate),
GrantedOrgId: grant.GrantedOrgID,
RoleKeys: grant.RoleKeys,
Sequence: grant.Sequence,
ProjectId: grant.AggregateID,
}
}
func projectGrantFromModel(grant *proj_model.ProjectGrant) *management.ProjectGrant {
creationDate, err := ptypes.TimestampProto(grant.CreationDate)
logging.Log("GRPC-8d73s").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(grant.ChangeDate)
logging.Log("GRPC-dlso3").OnError(err).Debug("unable to parse timestamp")
return &management.ProjectGrant{
Id: grant.GrantID,
State: projectGrantStateFromModel(grant.State),
CreationDate: creationDate,
ChangeDate: changeDate,
GrantedOrgId: grant.GrantedOrgID,
RoleKeys: grant.RoleKeys,
Sequence: grant.Sequence,
ProjectId: grant.AggregateID,
}
}
func projectGrantCreateToDomain(grant *management.ProjectGrantCreate) *domain.ProjectGrant {
return &domain.ProjectGrant{
ObjectRoot: models.ObjectRoot{
AggregateID: grant.ProjectId,
},
GrantedOrgID: grant.GrantedOrgId,
RoleKeys: grant.RoleKeys,
}
}
func projectGrantUpdateToDomain(grant *management.ProjectGrantUpdate) *domain.ProjectGrant {
return &domain.ProjectGrant{
ObjectRoot: models.ObjectRoot{
AggregateID: grant.ProjectId,
},
GrantID: grant.Id,
RoleKeys: grant.RoleKeys,
}
}
func projectGrantSearchRequestsToModel(request *management.ProjectGrantSearchRequest) *proj_model.ProjectGrantViewSearchRequest {
return &proj_model.ProjectGrantViewSearchRequest{
Offset: request.Offset,
Limit: request.Limit,
Queries: projectGrantSearchQueriesToModel(request.ProjectId, request.Queries),
}
}
func projectGrantSearchQueriesToModel(projectId string, queries []*management.ProjectGrantSearchQuery) []*proj_model.ProjectGrantViewSearchQuery {
converted := make([]*proj_model.ProjectGrantViewSearchQuery, 0)
converted = append(converted, &proj_model.ProjectGrantViewSearchQuery{
func ListProjectGrantsRequestToModel(req *mgmt_pb.ListProjectGrantsRequest) (*proj_model.ProjectGrantViewSearchRequest, error) {
queries := proj_grpc.ProjectGrantQueriesToModel(req.Queries)
queries = append(queries, &proj_model.ProjectGrantViewSearchQuery{
Key: proj_model.GrantedProjectSearchKeyProjectID,
Method: domain.SearchMethodEquals,
Value: projectId,
Value: req.ProjectId,
})
for i, query := range queries {
converted[i] = projectGrantSearchQueryToModel(query)
}
return converted
return &proj_model.ProjectGrantViewSearchRequest{
Offset: req.Query.Offset,
Limit: uint64(req.Query.Limit),
Asc: req.Query.Asc,
//SortingColumn: //TODO: sorting
Queries: queries,
}, nil
}
func projectGrantSearchQueryToModel(query *management.ProjectGrantSearchQuery) *proj_model.ProjectGrantViewSearchQuery {
return &proj_model.ProjectGrantViewSearchQuery{
Key: projectGrantViewSearchKeyToModel(query.Key),
Method: searchMethodToModel(query.Method),
Value: query.Value,
func AddProjectGrantRequestToDomain(req *mgmt_pb.AddProjectGrantRequest) *domain.ProjectGrant {
return &domain.ProjectGrant{
ObjectRoot: models.ObjectRoot{
AggregateID: req.ProjectId,
},
GrantedOrgID: req.GrantedOrgId,
RoleKeys: req.RoleKeys,
}
}
func projectGrantViewSearchKeyToModel(key management.ProjectGrantSearchKey) proj_model.ProjectGrantViewSearchKey {
switch key {
case management.ProjectGrantSearchKey_PROJECTGRANTSEARCHKEY_PROJECT_NAME:
return proj_model.GrantedProjectSearchKeyProjectID
case management.ProjectGrantSearchKey_PROJECTGRANTSEARCHKEY_ROLE_KEY:
return proj_model.GrantedProjectSearchKeyRoleKeys
default:
return proj_model.GrantedProjectSearchKeyUnspecified
func UpdateProjectGrantRequestToDomain(req *mgmt_pb.UpdateProjectGrantRequest) *domain.ProjectGrant {
return &domain.ProjectGrant{
ObjectRoot: models.ObjectRoot{
AggregateID: req.ProjectId,
},
GrantID: req.GrantId,
RoleKeys: req.RoleKeys,
}
}
func projectGrantSearchResponseFromModel(response *proj_model.ProjectGrantViewSearchResponse) *management.ProjectGrantSearchResponse {
timestamp, err := ptypes.TimestampProto(response.Timestamp)
logging.Log("GRPC-MCjs7").OnError(err).Debug("unable to parse timestamp")
return &management.ProjectGrantSearchResponse{
Offset: response.Offset,
Limit: response.Limit,
TotalResult: response.TotalResult,
Result: projectGrantsFromGrantedProjectModel(response.Result),
ViewTimestamp: timestamp,
ProcessedSequence: response.Sequence,
func ListProjectGrantMembersRequestToModel(req *mgmt_pb.ListProjectGrantMembersRequest) *proj_model.ProjectGrantMemberSearchRequest {
queries := member_grpc.MemberQueriesToProjectGrantMember(req.Queries)
queries = append(queries, &proj_model.ProjectGrantMemberSearchQuery{
Key: proj_model.ProjectGrantMemberSearchKeyProjectID,
Method: domain.SearchMethodEquals,
Value: req.ProjectId,
})
return &proj_model.ProjectGrantMemberSearchRequest{
Offset: req.Query.Offset,
Limit: uint64(req.Query.Limit),
Asc: req.Query.Asc,
//SortingColumn: //TODO: sorting
Queries: queries,
}
}
func projectGrantsFromGrantedProjectModel(projects []*proj_model.ProjectGrantView) []*management.ProjectGrantView {
converted := make([]*management.ProjectGrantView, len(projects))
for i, project := range projects {
converted[i] = projectGrantFromGrantedProjectModel(project)
}
return converted
}
func projectGrantFromGrantedProjectModel(project *proj_model.ProjectGrantView) *management.ProjectGrantView {
creationDate, err := ptypes.TimestampProto(project.CreationDate)
logging.Log("GRPC-dlso3").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(project.ChangeDate)
logging.Log("GRPC-sope3").OnError(err).Debug("unable to parse timestamp")
return &management.ProjectGrantView{
ProjectId: project.ProjectID,
State: projectGrantStateFromProjectStateModel(project.State),
CreationDate: creationDate,
ChangeDate: changeDate,
ProjectName: project.Name,
Sequence: project.Sequence,
GrantedOrgId: project.OrgID,
GrantedOrgName: project.OrgName,
Id: project.GrantID,
RoleKeys: project.GrantedRoleKeys,
ResourceOwner: project.ResourceOwner,
ResourceOwnerName: project.ResourceOwnerName,
func AddProjectGrantMemberRequestToDomain(req *mgmt_pb.AddProjectGrantMemberRequest) *domain.ProjectGrantMember {
return &domain.ProjectGrantMember{
ObjectRoot: models.ObjectRoot{
AggregateID: req.ProjectId,
},
GrantID: req.GrantId,
UserID: req.UserId,
Roles: req.Roles,
}
}
func projectGrantStateFromDomain(state domain.ProjectGrantState) management.ProjectGrantState {
switch state {
case domain.ProjectGrantStateActive:
return management.ProjectGrantState_PROJECTGRANTSTATE_ACTIVE
case domain.ProjectGrantStateInactive:
return management.ProjectGrantState_PROJECTGRANTSTATE_INACTIVE
default:
return management.ProjectGrantState_PROJECTGRANTSTATE_UNSPECIFIED
func UpdateProjectGrantMemberRequestToDomain(req *mgmt_pb.UpdateProjectGrantMemberRequest) *domain.ProjectGrantMember {
return &domain.ProjectGrantMember{
ObjectRoot: models.ObjectRoot{
AggregateID: req.ProjectId,
},
GrantID: req.GrantId,
UserID: req.UserId,
Roles: req.Roles,
}
}
func projectGrantStateFromModel(state proj_model.ProjectGrantState) management.ProjectGrantState {
switch state {
case proj_model.ProjectGrantStateActive:
return management.ProjectGrantState_PROJECTGRANTSTATE_ACTIVE
case proj_model.ProjectGrantStateInactive:
return management.ProjectGrantState_PROJECTGRANTSTATE_INACTIVE
default:
return management.ProjectGrantState_PROJECTGRANTSTATE_UNSPECIFIED
}
}
func projectGrantStateFromProjectStateModel(state proj_model.ProjectState) management.ProjectGrantState {
switch state {
case proj_model.ProjectStateActive:
return management.ProjectGrantState_PROJECTGRANTSTATE_ACTIVE
case proj_model.ProjectStateInactive:
return management.ProjectGrantState_PROJECTGRANTSTATE_INACTIVE
default:
return management.ProjectGrantState_PROJECTGRANTSTATE_UNSPECIFIED
}
}
func projectGrantsToIDs(projectGrants []*proj_model.ProjectGrantView) []string {
converted := make([]string, len(projectGrants))
for i, grant := range projectGrants {
converted[i] = grant.GrantID
}
return converted
}

43
internal/api/grpc/management/project_grant_member.go
View File

@@ -1,43 +0,0 @@
package management
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) GetProjectGrantMemberRoles(ctx context.Context, _ *empty.Empty) (*management.ProjectGrantMemberRoles, error) {
return &management.ProjectGrantMemberRoles{Roles: s.project.GetProjectGrantMemberRoles()}, nil
}
func (s *Server) SearchProjectGrantMembers(ctx context.Context, in *management.ProjectGrantMemberSearchRequest) (*management.ProjectGrantMemberSearchResponse, error) {
response, err := s.project.SearchProjectGrantMembers(ctx, projectGrantMemberSearchRequestsToModel(in))
if err != nil {
return nil, err
}
return projectGrantMemberSearchResponseFromModel(response), nil
}
func (s *Server) AddProjectGrantMember(ctx context.Context, in *management.ProjectGrantMemberAdd) (*management.ProjectGrantMember, error) {
member, err := s.command.AddProjectGrantMember(ctx, projectGrantMemberAddToDomain(in), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return projectGrantMemberFromDomain(member), nil
}
func (s *Server) ChangeProjectGrantMember(ctx context.Context, in *management.ProjectGrantMemberChange) (*management.ProjectGrantMember, error) {
member, err := s.command.ChangeProjectGrantMember(ctx, projectGrantMemberChangeToDomain(in), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return projectGrantMemberFromDomain(member), nil
}
func (s *Server) RemoveProjectGrantMember(ctx context.Context, in *management.ProjectGrantMemberRemove) (*empty.Empty, error) {
err := s.command.RemoveProjectGrantMember(ctx, in.ProjectId, in.UserId, in.GrantId, authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
}

144
internal/api/grpc/management/project_grant_member_converter.go
View File

@@ -1,144 +0,0 @@
package management
import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/domain"
"github.com/golang/protobuf/ptypes"
"google.golang.org/protobuf/types/known/timestamppb"
"github.com/caos/zitadel/internal/eventstore/v1/models"
proj_model "github.com/caos/zitadel/internal/project/model"
"github.com/caos/zitadel/pkg/grpc/management"
)
func projectGrantMemberFromDomain(member *domain.ProjectGrantMember) *management.ProjectGrantMember {
return &management.ProjectGrantMember{
CreationDate: timestamppb.New(member.CreationDate),
ChangeDate: timestamppb.New(member.ChangeDate),
Sequence: member.Sequence,
UserId: member.UserID,
Roles: member.Roles,
}
}
func projectGrantMemberFromModel(member *proj_model.ProjectGrantMember) *management.ProjectGrantMember {
creationDate, err := ptypes.TimestampProto(member.CreationDate)
logging.Log("GRPC-7du3s").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(member.ChangeDate)
logging.Log("GRPC-8duew").OnError(err).Debug("unable to parse timestamp")
return &management.ProjectGrantMember{
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: member.Sequence,
UserId: member.UserID,
Roles: member.Roles,
}
}
func projectGrantMemberAddToDomain(member *management.ProjectGrantMemberAdd) *domain.ProjectGrantMember {
return &domain.ProjectGrantMember{
ObjectRoot: models.ObjectRoot{
AggregateID: member.ProjectId,
},
GrantID: member.GrantId,
UserID: member.UserId,
Roles: member.Roles,
}
}
func projectGrantMemberChangeToDomain(member *management.ProjectGrantMemberChange) *domain.ProjectGrantMember {
return &domain.ProjectGrantMember{
ObjectRoot: models.ObjectRoot{
AggregateID: member.ProjectId,
},
GrantID: member.GrantId,
UserID: member.UserId,
Roles: member.Roles,
}
}
func projectGrantMemberSearchRequestsToModel(memberSearch *management.ProjectGrantMemberSearchRequest) *proj_model.ProjectGrantMemberSearchRequest {
request := &proj_model.ProjectGrantMemberSearchRequest{
Offset: memberSearch.Offset,
Limit: memberSearch.Limit,
Queries: projectGrantMemberSearchQueriesToModel(memberSearch.Queries),
}
request.Queries = append(request.Queries, &proj_model.ProjectGrantMemberSearchQuery{Key: proj_model.ProjectGrantMemberSearchKeyProjectID, Method: domain.SearchMethodEquals, Value: memberSearch.ProjectId})
request.Queries = append(request.Queries, &proj_model.ProjectGrantMemberSearchQuery{Key: proj_model.ProjectGrantMemberSearchKeyGrantID, Method: domain.SearchMethodEquals, Value: memberSearch.GrantId})
return request
}
func projectGrantMemberSearchQueriesToModel(queries []*management.ProjectGrantMemberSearchQuery) []*proj_model.ProjectGrantMemberSearchQuery {
converted := make([]*proj_model.ProjectGrantMemberSearchQuery, len(queries))
for i, q := range queries {
converted[i] = projectGrantMemberSearchQueryToModel(q)
}
return converted
}
func projectGrantMemberSearchQueryToModel(query *management.ProjectGrantMemberSearchQuery) *proj_model.ProjectGrantMemberSearchQuery {
return &proj_model.ProjectGrantMemberSearchQuery{
Key: projectGrantMemberSearchKeyToModel(query.Key),
Method: searchMethodToModel(query.Method),
Value: query.Value,
}
}
func projectGrantMemberSearchKeyToModel(key management.ProjectGrantMemberSearchKey) proj_model.ProjectGrantMemberSearchKey {
switch key {
case management.ProjectGrantMemberSearchKey_PROJECTGRANTMEMBERSEARCHKEY_EMAIL:
return proj_model.ProjectGrantMemberSearchKeyEmail
case management.ProjectGrantMemberSearchKey_PROJECTGRANTMEMBERSEARCHKEY_FIRST_NAME:
return proj_model.ProjectGrantMemberSearchKeyFirstName
case management.ProjectGrantMemberSearchKey_PROJECTGRANTMEMBERSEARCHKEY_LAST_NAME:
return proj_model.ProjectGrantMemberSearchKeyLastName
case management.ProjectGrantMemberSearchKey_PROJECTGRANTMEMBERSEARCHKEY_USER_NAME:
return proj_model.ProjectGrantMemberSearchKeyUserName
default:
return proj_model.ProjectGrantMemberSearchKeyUnspecified
}
}
func projectGrantMemberSearchResponseFromModel(response *proj_model.ProjectGrantMemberSearchResponse) *management.ProjectGrantMemberSearchResponse {
timestamp, err := ptypes.TimestampProto(response.Timestamp)
logging.Log("GRPC-MSn6g").OnError(err).Debug("unable to parse timestamp")
return &management.ProjectGrantMemberSearchResponse{
Offset: response.Offset,
Limit: response.Limit,
TotalResult: response.TotalResult,
Result: projectGrantMemberViewsFromModel(response.Result),
ProcessedSequence: response.Sequence,
ViewTimestamp: timestamp,
}
}
func projectGrantMemberViewsFromModel(roles []*proj_model.ProjectGrantMemberView) []*management.ProjectGrantMemberView {
converted := make([]*management.ProjectGrantMemberView, len(roles))
for i, role := range roles {
converted[i] = projectGrantMemberViewFromModel(role)
}
return converted
}
func projectGrantMemberViewFromModel(member *proj_model.ProjectGrantMemberView) *management.ProjectGrantMemberView {
creationDate, err := ptypes.TimestampProto(member.CreationDate)
logging.Log("GRPC-los93").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(member.ChangeDate)
logging.Log("GRPC-ski4e").OnError(err).Debug("unable to parse timestamp")
return &management.ProjectGrantMemberView{
UserId: member.UserID,
UserName: member.UserName,
Email: member.Email,
FirstName: member.FirstName,
LastName: member.LastName,
DisplayName: member.DisplayName,
Roles: member.Roles,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: member.Sequence,
}
}

49
internal/api/grpc/management/project_member.go
View File

@@ -1,49 +0,0 @@
package management
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) GetProjectMemberRoles(ctx context.Context, _ *empty.Empty) (*management.ProjectMemberRoles, error) {
roles, err := s.project.GetProjectMemberRoles(ctx)
if err != nil {
return nil, err
}
return &management.ProjectMemberRoles{Roles: roles}, nil
}
func (s *Server) SearchProjectMembers(ctx context.Context, in *management.ProjectMemberSearchRequest) (*management.ProjectMemberSearchResponse, error) {
request := projectMemberSearchRequestsToModel(in)
request.AppendProjectQuery(in.ProjectId)
response, err := s.project.SearchProjectMembers(ctx, request)
if err != nil {
return nil, err
}
return projectMemberSearchResponseFromModel(response), nil
}
func (s *Server) AddProjectMember(ctx context.Context, in *management.ProjectMemberAdd) (*management.ProjectMember, error) {
member, err := s.command.AddProjectMember(ctx, projectMemberAddToDomain(in), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return projectMemberFromDomain(member), nil
}
func (s *Server) ChangeProjectMember(ctx context.Context, in *management.ProjectMemberChange) (*management.ProjectMember, error) {
member, err := s.command.ChangeProjectMember(ctx, projectMemberChangeToDomain(in), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return projectMemberFromDomain(member), nil
}
func (s *Server) RemoveProjectMember(ctx context.Context, in *management.ProjectMemberRemove) (*empty.Empty, error) {
err := s.command.RemoveProjectMember(ctx, in.Id, in.UserId, authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
}

123
internal/api/grpc/management/project_member_converter.go
View File

@@ -1,123 +0,0 @@
package management
import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/domain"
"github.com/golang/protobuf/ptypes"
"google.golang.org/protobuf/types/known/timestamppb"
"github.com/caos/zitadel/internal/eventstore/v1/models"
proj_model "github.com/caos/zitadel/internal/project/model"
"github.com/caos/zitadel/pkg/grpc/management"
)
func projectMemberFromDomain(member *domain.Member) *management.ProjectMember {
return &management.ProjectMember{
CreationDate: timestamppb.New(member.CreationDate),
ChangeDate: timestamppb.New(member.ChangeDate),
Sequence: member.Sequence,
UserId: member.UserID,
Roles: member.Roles,
}
}
func projectMemberAddToDomain(member *management.ProjectMemberAdd) *domain.Member {
return &domain.Member{
ObjectRoot: models.ObjectRoot{
AggregateID: member.Id,
},
UserID: member.UserId,
Roles: member.Roles,
}
}
func projectMemberChangeToDomain(member *management.ProjectMemberChange) *domain.Member {
return &domain.Member{
ObjectRoot: models.ObjectRoot{
AggregateID: member.Id,
},
UserID: member.UserId,
Roles: member.Roles,
}
}
func projectMemberSearchRequestsToModel(member *management.ProjectMemberSearchRequest) *proj_model.ProjectMemberSearchRequest {
return &proj_model.ProjectMemberSearchRequest{
Offset: member.Offset,
Limit: member.Limit,
Queries: projectMemberSearchQueriesToModel(member.Queries),
}
}
func projectMemberSearchQueriesToModel(queries []*management.ProjectMemberSearchQuery) []*proj_model.ProjectMemberSearchQuery {
converted := make([]*proj_model.ProjectMemberSearchQuery, len(queries))
for i, q := range queries {
converted[i] = projectMemberSearchQueryToModel(q)
}
return converted
}
func projectMemberSearchQueryToModel(query *management.ProjectMemberSearchQuery) *proj_model.ProjectMemberSearchQuery {
return &proj_model.ProjectMemberSearchQuery{
Key: projectMemberSearchKeyToModel(query.Key),
Method: searchMethodToModel(query.Method),
Value: query.Value,
}
}
func projectMemberSearchKeyToModel(key management.ProjectMemberSearchKey) proj_model.ProjectMemberSearchKey {
switch key {
case management.ProjectMemberSearchKey_PROJECTMEMBERSEARCHKEY_EMAIL:
return proj_model.ProjectMemberSearchKeyEmail
case management.ProjectMemberSearchKey_PROJECTMEMBERSEARCHKEY_FIRST_NAME:
return proj_model.ProjectMemberSearchKeyFirstName
case management.ProjectMemberSearchKey_PROJECTMEMBERSEARCHKEY_LAST_NAME:
return proj_model.ProjectMemberSearchKeyLastName
case management.ProjectMemberSearchKey_PROJECTMEMBERSEARCHKEY_USER_NAME:
return proj_model.ProjectMemberSearchKeyUserName
default:
return proj_model.ProjectMemberSearchKeyUnspecified
}
}
func projectMemberSearchResponseFromModel(response *proj_model.ProjectMemberSearchResponse) *management.ProjectMemberSearchResponse {
timestamp, err := ptypes.TimestampProto(response.Timestamp)
logging.Log("GRPC-LSo9j").OnError(err).Debug("unable to parse timestamp")
return &management.ProjectMemberSearchResponse{
Offset: response.Offset,
Limit: response.Limit,
TotalResult: response.TotalResult,
Result: projectMemberViewsFromModel(response.Result),
ViewTimestamp: timestamp,
ProcessedSequence: response.Sequence,
}
}
func projectMemberViewsFromModel(members []*proj_model.ProjectMemberView) []*management.ProjectMemberView {
converted := make([]*management.ProjectMemberView, len(members))
for i, member := range members {
converted[i] = projectMemberViewFromModel(member)
}
return converted
}
func projectMemberViewFromModel(member *proj_model.ProjectMemberView) *management.ProjectMemberView {
creationDate, err := ptypes.TimestampProto(member.CreationDate)
logging.Log("GRPC-sl9cs").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(member.ChangeDate)
logging.Log("GRPC-8iw2d").OnError(err).Debug("unable to parse timestamp")
return &management.ProjectMemberView{
UserId: member.UserID,
UserName: member.UserName,
Email: member.Email,
FirstName: member.FirstName,
LastName: member.LastName,
DisplayName: member.DisplayName,
Roles: member.Roles,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: member.Sequence,
}
}

1
internal/api/grpc/management/replacer.md Normal file
View File

@@ -0,0 +1 @@
` | sed -e "s/UnimplementedManagementServiceServer/s *Server/" -e "s/(context.Context, \*/(ctx context.Context, req *mgmt_pb./" -e "s/) (\*/) (*mgmt_pb./" -e "s/return .*/ return nil,nil/"`

31
internal/api/grpc/management/search_converter.go
View File

@@ -1,31 +0,0 @@
package management
import (
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/pkg/grpc/management"
)
func searchMethodToModel(method management.SearchMethod) domain.SearchMethod {
switch method {
case management.SearchMethod_SEARCHMETHOD_EQUALS:
return domain.SearchMethodEquals
case management.SearchMethod_SEARCHMETHOD_CONTAINS:
return domain.SearchMethodContains
case management.SearchMethod_SEARCHMETHOD_STARTS_WITH:
return domain.SearchMethodStartsWith
case management.SearchMethod_SEARCHMETHOD_EQUALS_IGNORE_CASE:
return domain.SearchMethodEqualsIgnoreCase
case management.SearchMethod_SEARCHMETHOD_CONTAINS_IGNORE_CASE:
return domain.SearchMethodContainsIgnoreCase
case management.SearchMethod_SEARCHMETHOD_STARTS_WITH_IGNORE_CASE:
return domain.SearchMethodStartsWithIgnoreCase
case management.SearchMethod_SEARCHMETHOD_NOT_EQUALS:
return domain.SearchMethodNotEquals
case management.SearchMethod_SEARCHMETHOD_IS_ONE_OF:
return domain.SearchMethodIsOneOf
case management.SearchMethod_SEARCHMETHOD_LIST_CONTAINS:
return domain.SearchMethodListContains
default:
return domain.SearchMethodEquals
}
}

8
internal/api/grpc/management/server.go
View File

@@ -1,16 +1,15 @@
package management
import (
"github.com/caos/zitadel/internal/command"
"github.com/caos/zitadel/internal/query"
"google.golang.org/grpc"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/api/grpc/server"
"github.com/caos/zitadel/internal/command"
"github.com/caos/zitadel/internal/config/systemdefaults"
"github.com/caos/zitadel/internal/management/repository"
"github.com/caos/zitadel/internal/management/repository/eventsourcing"
"github.com/caos/zitadel/internal/query"
"github.com/caos/zitadel/pkg/grpc/management"
"google.golang.org/grpc"
)
const (
@@ -20,6 +19,7 @@ const (
var _ management.ManagementServiceServer = (*Server)(nil)
type Server struct {
management.UnimplementedManagementServiceServer
command *command.Commands
query *query.Queries
project repository.ProjectRepository

524
internal/api/grpc/management/user.go
View File

@@ -3,249 +3,481 @@ package management
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/caos/zitadel/internal/api/grpc/authn"
change_grpc "github.com/caos/zitadel/internal/api/grpc/change"
idp_grpc "github.com/caos/zitadel/internal/api/grpc/idp"
"github.com/caos/zitadel/internal/api/grpc/object"
obj_grpc "github.com/caos/zitadel/internal/api/grpc/object"
"github.com/caos/zitadel/internal/api/grpc/user"
user_grpc "github.com/caos/zitadel/internal/api/grpc/user"
grant_model "github.com/caos/zitadel/internal/usergrant/model"
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) GetUserByID(ctx context.Context, id *management.UserID) (*management.UserView, error) {
user, err := s.user.UserByID(ctx, id.Id)
func (s *Server) GetUserByID(ctx context.Context, req *mgmt_pb.GetUserByIDRequest) (*mgmt_pb.GetUserByIDResponse, error) {
user, err := s.user.UserByID(ctx, req.Id)
if err != nil {
return nil, err
}
return userViewFromModel(user), nil
return &mgmt_pb.GetUserByIDResponse{
User: user_grpc.UserToPb(user),
}, nil
}
func (s *Server) GetUserByLoginNameGlobal(ctx context.Context, loginName *management.LoginName) (*management.UserView, error) {
user, err := s.user.GetUserByLoginNameGlobal(ctx, loginName.LoginName)
func (s *Server) GetUserByLoginNameGlobal(ctx context.Context, req *mgmt_pb.GetUserByLoginNameGlobalRequest) (*mgmt_pb.GetUserByLoginNameGlobalResponse, error) {
user, err := s.user.GetUserByLoginNameGlobal(ctx, req.LoginName)
if err != nil {
return nil, err
}
return userViewFromModel(user), nil
return &mgmt_pb.GetUserByLoginNameGlobalResponse{
User: user_grpc.UserToPb(user),
}, nil
}
func (s *Server) SearchUsers(ctx context.Context, in *management.UserSearchRequest) (*management.UserSearchResponse, error) {
request := userSearchRequestsToModel(in)
request.AppendMyOrgQuery(authz.GetCtxData(ctx).OrgID)
response, err := s.user.SearchUsers(ctx, request)
func (s *Server) ListUsers(ctx context.Context, req *mgmt_pb.ListUsersRequest) (*mgmt_pb.ListUsersResponse, error) {
r := ListUsersRequestToModel(ctx, req)
res, err := s.user.SearchUsers(ctx, r)
if err != nil {
return nil, err
}
return userSearchResponseFromModel(response), nil
return &mgmt_pb.ListUsersResponse{
Result: user_grpc.UsersToPb(res.Result),
Details: obj_grpc.ToListDetails(
res.TotalResult,
res.Sequence,
res.Timestamp,
),
}, nil
}
func (s *Server) UserChanges(ctx context.Context, changesRequest *management.ChangeRequest) (*management.Changes, error) {
response, err := s.user.UserChanges(ctx, changesRequest.Id, changesRequest.SequenceOffset, changesRequest.Limit, changesRequest.Asc)
func (s *Server) ListUserChanges(ctx context.Context, req *mgmt_pb.ListUserChangesRequest) (*mgmt_pb.ListUserChangesResponse, error) {
res, err := s.user.UserChanges(ctx, req.UserId, req.Query.Offset, uint64(req.Query.Limit), req.Query.Asc)
if err != nil {
return nil, err
}
return userChangesToResponse(response, changesRequest.GetSequenceOffset(), changesRequest.GetLimit()), nil
return &mgmt_pb.ListUserChangesResponse{
Result: change_grpc.UserChangesToPb(res.Changes),
}, nil
}
func (s *Server) IsUserUnique(ctx context.Context, request *management.UniqueUserRequest) (*management.UniqueUserResponse, error) {
unique, err := s.user.IsUserUnique(ctx, request.UserName, request.Email)
func (s *Server) IsUserUnique(ctx context.Context, req *mgmt_pb.IsUserUniqueRequest) (*mgmt_pb.IsUserUniqueResponse, error) {
unique, err := s.user.IsUserUnique(ctx, req.UserName, req.Email)
if err != nil {
return nil, err
}
return &management.UniqueUserResponse{IsUnique: unique}, nil
return &mgmt_pb.IsUserUniqueResponse{
IsUnique: unique,
}, nil
}
func (s *Server) CreateUser(ctx context.Context, in *management.CreateUserRequest) (*management.UserResponse, error) {
human, machine := userCreateToDomain(in)
if human != nil {
h, err := s.command.AddHuman(ctx, authz.GetCtxData(ctx).OrgID, human)
if err != nil {
return nil, err
}
return userHumanFromDomain(h), nil
}
m, err := s.command.AddMachine(ctx, authz.GetCtxData(ctx).OrgID, machine)
func (s *Server) AddHumanUser(ctx context.Context, req *mgmt_pb.AddHumanUserRequest) (*mgmt_pb.AddHumanUserResponse, error) {
human, err := s.command.AddHuman(ctx, authz.GetCtxData(ctx).OrgID, AddHumanUserRequestToDomain(req))
if err != nil {
return nil, err
}
return userMachineFromDomain(m), nil
return &mgmt_pb.AddHumanUserResponse{
UserId: human.AggregateID,
Details: obj_grpc.ToDetailsPb(
human.Sequence,
human.ChangeDate,
human.ResourceOwner,
),
}, nil
}
func (s *Server) DeactivateUser(ctx context.Context, in *management.UserID) (*empty.Empty, error) {
err := s.command.DeactivateUser(ctx, in.Id, authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
}
func (s *Server) ReactivateUser(ctx context.Context, in *management.UserID) (*empty.Empty, error) {
err := s.command.ReactivateUser(ctx, in.Id, authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
}
func (s *Server) LockUser(ctx context.Context, in *management.UserID) (*empty.Empty, error) {
err := s.command.LockUser(ctx, in.Id, authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
}
func (s *Server) UnlockUser(ctx context.Context, in *management.UserID) (*empty.Empty, error) {
err := s.command.UnlockUser(ctx, in.Id, authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
}
func (s *Server) DeleteUser(ctx context.Context, in *management.UserID) (*empty.Empty, error) {
grants, err := s.usergrant.UserGrantsByUserID(ctx, in.Id)
if err != nil {
return &empty.Empty{}, err
}
err = s.command.RemoveUser(ctx, in.Id, authz.GetCtxData(ctx).OrgID, userGrantsToIDs(grants)...)
return &empty.Empty{}, err
}
func (s *Server) UpdateUserMachine(ctx context.Context, in *management.UpdateMachineRequest) (*management.MachineResponse, error) {
machine, err := s.command.ChangeMachine(ctx, updateMachineToDomain(authz.GetCtxData(ctx), in))
func (s *Server) AddMachineUser(ctx context.Context, req *mgmt_pb.AddMachineUserRequest) (*mgmt_pb.AddMachineUserResponse, error) {
machine, err := s.command.AddMachine(ctx, authz.GetCtxData(ctx).OrgID, AddMachineUserRequestToDomain(req))
if err != nil {
return nil, err
}
return machineFromDomain(machine), nil
return &mgmt_pb.AddMachineUserResponse{
UserId: machine.AggregateID,
Details: obj_grpc.ToDetailsPb(
machine.Sequence,
machine.ChangeDate,
machine.ResourceOwner,
),
}, nil
}
func (s *Server) GetUserProfile(ctx context.Context, in *management.UserID) (*management.UserProfileView, error) {
profile, err := s.user.ProfileByID(ctx, in.Id)
func (s *Server) DeactivateUser(ctx context.Context, req *mgmt_pb.DeactivateUserRequest) (*mgmt_pb.DeactivateUserResponse, error) {
objectDetails, err := s.command.DeactivateUser(ctx, req.Id, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return profileViewFromModel(profile), nil
return &mgmt_pb.DeactivateUserResponse{
Details: obj_grpc.DomainToDetailsPb(objectDetails),
}, nil
}
func (s *Server) ChangeUserUserName(ctx context.Context, request *management.UpdateUserUserNameRequest) (*empty.Empty, error) {
return &empty.Empty{}, s.command.ChangeUsername(ctx, authz.GetCtxData(ctx).OrgID, request.Id, request.UserName)
}
func (s *Server) UpdateUserProfile(ctx context.Context, request *management.UpdateUserProfileRequest) (*management.UserProfile, error) {
profile, err := s.command.ChangeHumanProfile(ctx, updateProfileToDomain(request))
func (s *Server) ReactivateUser(ctx context.Context, req *mgmt_pb.ReactivateUserRequest) (*mgmt_pb.ReactivateUserResponse, error) {
objectDetails, err := s.command.ReactivateUser(ctx, req.Id, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return profileFromDomain(profile), nil
return &mgmt_pb.ReactivateUserResponse{
Details: obj_grpc.DomainToDetailsPb(objectDetails),
}, nil
}
func (s *Server) GetUserEmail(ctx context.Context, in *management.UserID) (*management.UserEmailView, error) {
email, err := s.user.EmailByID(ctx, in.Id)
func (s *Server) LockUser(ctx context.Context, req *mgmt_pb.LockUserRequest) (*mgmt_pb.LockUserResponse, error) {
objectDetails, err := s.command.LockUser(ctx, req.Id, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return emailViewFromModel(email), nil
return &mgmt_pb.LockUserResponse{
Details: obj_grpc.DomainToDetailsPb(objectDetails),
}, nil
}
func (s *Server) ChangeUserEmail(ctx context.Context, request *management.UpdateUserEmailRequest) (*management.UserEmail, error) {
email, err := s.command.ChangeHumanEmail(ctx, updateEmailToDomain(request))
func (s *Server) UnlockUser(ctx context.Context, req *mgmt_pb.UnlockUserRequest) (*mgmt_pb.UnlockUserResponse, error) {
objectDetails, err := s.command.UnlockUser(ctx, req.Id, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return emailFromDomain(email), nil
return &mgmt_pb.UnlockUserResponse{
Details: obj_grpc.DomainToDetailsPb(objectDetails),
}, nil
}
func (s *Server) ResendEmailVerificationMail(ctx context.Context, in *management.UserID) (*empty.Empty, error) {
err := s.command.CreateHumanEmailVerificationCode(ctx, in.Id, authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
}
func (s *Server) GetUserPhone(ctx context.Context, in *management.UserID) (*management.UserPhoneView, error) {
phone, err := s.user.PhoneByID(ctx, in.Id)
func (s *Server) RemoveUser(ctx context.Context, req *mgmt_pb.RemoveUserRequest) (*mgmt_pb.RemoveUserResponse, error) {
grants, err := s.usergrant.UserGrantsByUserID(ctx, req.Id)
if err != nil {
return nil, err
}
return phoneViewFromModel(phone), nil
}
func (s *Server) ChangeUserPhone(ctx context.Context, request *management.UpdateUserPhoneRequest) (*management.UserPhone, error) {
phone, err := s.command.ChangeHumanPhone(ctx, updatePhoneToDomain(request))
objectDetails, err := s.command.RemoveUser(ctx, req.Id, authz.GetCtxData(ctx).OrgID, userGrantsToIDs(grants)...)
if err != nil {
return nil, err
}
return phoneFromDomain(phone), nil
return &mgmt_pb.RemoveUserResponse{
Details: obj_grpc.DomainToDetailsPb(objectDetails),
}, nil
}
func (s *Server) RemoveUserPhone(ctx context.Context, userID *management.UserID) (*empty.Empty, error) {
err := s.command.RemoveHumanPhone(ctx, userID.Id, authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
func userGrantsToIDs(userGrants []*grant_model.UserGrantView) []string {
converted := make([]string, len(userGrants))
for i, grant := range userGrants {
converted[i] = grant.ID
}
return converted
}
func (s *Server) ResendPhoneVerificationCode(ctx context.Context, in *management.UserID) (*empty.Empty, error) {
err := s.command.CreateHumanPhoneVerificationCode(ctx, in.Id, authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
}
func (s *Server) GetUserAddress(ctx context.Context, in *management.UserID) (*management.UserAddressView, error) {
address, err := s.user.AddressByID(ctx, in.Id)
func (s *Server) UpdateUserName(ctx context.Context, req *mgmt_pb.UpdateUserNameRequest) (*mgmt_pb.UpdateUserNameResponse, error) {
objectDetails, err := s.command.ChangeUsername(ctx, authz.GetCtxData(ctx).OrgID, req.UserId, req.UserName)
if err != nil {
return nil, err
}
return addressViewFromModel(address), nil
return &mgmt_pb.UpdateUserNameResponse{
Details: obj_grpc.DomainToDetailsPb(objectDetails),
}, nil
}
func (s *Server) UpdateUserAddress(ctx context.Context, request *management.UpdateUserAddressRequest) (*management.UserAddress, error) {
address, err := s.command.ChangeHumanAddress(ctx, updateAddressToDomain(authz.GetCtxData(ctx), request))
func (s *Server) GetHumanProfile(ctx context.Context, req *mgmt_pb.GetHumanProfileRequest) (*mgmt_pb.GetHumanProfileResponse, error) {
profile, err := s.user.ProfileByID(ctx, req.UserId)
if err != nil {
return nil, err
}
return addressFromDomain(address), nil
return &mgmt_pb.GetHumanProfileResponse{
Profile: user_grpc.ProfileToPb(profile),
Details: obj_grpc.ToDetailsPb(
profile.Sequence,
profile.ChangeDate,
profile.ResourceOwner,
),
}, nil
}
func (s *Server) SendSetPasswordNotification(ctx context.Context, request *management.SetPasswordNotificationRequest) (*empty.Empty, error) {
err := s.command.RequestSetPassword(ctx, request.Id, authz.GetCtxData(ctx).OrgID, notifyTypeToDomain(request.Type))
return &empty.Empty{}, err
}
func (s *Server) SetInitialPassword(ctx context.Context, request *management.PasswordRequest) (*empty.Empty, error) {
return &empty.Empty{}, s.command.SetOneTimePassword(ctx, authz.GetCtxData(ctx).OrgID, request.Id, request.Password)
}
func (s *Server) ResendInitialMail(ctx context.Context, request *management.InitialMailRequest) (*empty.Empty, error) {
return &empty.Empty{}, s.command.ResendInitialMail(ctx, request.Id, request.Email, authz.GetCtxData(ctx).OrgID)
}
func (s *Server) SearchUserExternalIDPs(ctx context.Context, request *management.ExternalIDPSearchRequest) (*management.ExternalIDPSearchResponse, error) {
externalIDP, err := s.user.SearchExternalIDPs(ctx, externalIDPSearchRequestToModel(request))
func (s *Server) UpdateHumanProfile(ctx context.Context, req *mgmt_pb.UpdateHumanProfileRequest) (*mgmt_pb.UpdateHumanProfileResponse, error) {
profile, err := s.command.ChangeHumanProfile(ctx, UpdateHumanProfileRequestToDomain(req))
if err != nil {
return nil, err
}
return externalIDPSearchResponseFromModel(externalIDP), nil
return &mgmt_pb.UpdateHumanProfileResponse{
Details: obj_grpc.ToDetailsPb(
profile.Sequence,
profile.ChangeDate,
profile.ResourceOwner,
),
}, nil
}
func (s *Server) RemoveExternalIDP(ctx context.Context, request *management.ExternalIDPRemoveRequest) (*empty.Empty, error) {
return &empty.Empty{}, s.command.RemoveHumanExternalIDP(ctx, externalIDPRemoveToDomain(authz.GetCtxData(ctx), request))
}
func (s *Server) GetUserMfas(ctx context.Context, userID *management.UserID) (*management.UserMultiFactors, error) {
mfas, err := s.user.UserMFAs(ctx, userID.Id)
func (s *Server) GetHumanEmail(ctx context.Context, req *mgmt_pb.GetHumanEmailRequest) (*mgmt_pb.GetHumanEmailResponse, error) {
email, err := s.user.EmailByID(ctx, req.UserId)
if err != nil {
return nil, err
}
return &management.UserMultiFactors{Mfas: mfasFromModel(mfas)}, nil
return &mgmt_pb.GetHumanEmailResponse{
Email: user_grpc.EmailToPb(email),
Details: obj_grpc.ToDetailsPb(
email.Sequence,
email.ChangeDate,
email.ResourceOwner,
),
}, nil
}
func (s *Server) RemoveMfaOTP(ctx context.Context, userID *management.UserID) (*empty.Empty, error) {
return &empty.Empty{}, s.command.HumanRemoveOTP(ctx, userID.Id, authz.GetCtxData(ctx).OrgID)
}
func (s *Server) RemoveMfaU2F(ctx context.Context, webAuthNTokenID *management.WebAuthNTokenID) (*empty.Empty, error) {
return &empty.Empty{}, s.command.HumanRemoveU2F(ctx, webAuthNTokenID.UserId, webAuthNTokenID.Id, authz.GetCtxData(ctx).OrgID)
}
func (s *Server) GetPasswordless(ctx context.Context, userID *management.UserID) (_ *management.WebAuthNTokens, err error) {
tokens, err := s.user.GetPasswordless(ctx, userID.Id)
func (s *Server) UpdateHumanEmail(ctx context.Context, req *mgmt_pb.UpdateHumanEmailRequest) (*mgmt_pb.UpdateHumanEmailResponse, error) {
email, err := s.command.ChangeHumanEmail(ctx, UpdateHumanEmailRequestToDomain(req))
if err != nil {
return nil, err
}
return webAuthNTokensFromModel(tokens), err
return &mgmt_pb.UpdateHumanEmailResponse{
Details: obj_grpc.ToDetailsPb(
email.Sequence,
email.ChangeDate,
email.ResourceOwner,
),
}, nil
}
func (s *Server) RemovePasswordless(ctx context.Context, id *management.WebAuthNTokenID) (*empty.Empty, error) {
return &empty.Empty{}, s.command.HumanRemovePasswordless(ctx, id.UserId, id.Id, authz.GetCtxData(ctx).OrgID)
func (s *Server) ResendHumanInitialization(ctx context.Context, req *mgmt_pb.ResendHumanInitializationRequest) (*mgmt_pb.ResendHumanInitializationResponse, error) {
details, err := s.command.ResendInitialMail(ctx, req.UserId, req.Email, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.ResendHumanInitializationResponse{
Details: obj_grpc.DomainToDetailsPb(details),
}, nil
}
func (s *Server) SearchUserMemberships(ctx context.Context, in *management.UserMembershipSearchRequest) (*management.UserMembershipSearchResponse, error) {
request := userMembershipSearchRequestsToModel(in)
request.AppendUserIDQuery(in.UserId)
func (s *Server) ResendHumanEmailVerification(ctx context.Context, req *mgmt_pb.ResendHumanEmailVerificationRequest) (*mgmt_pb.ResendHumanEmailVerificationResponse, error) {
objectDetails, err := s.command.CreateHumanEmailVerificationCode(ctx, req.UserId, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.ResendHumanEmailVerificationResponse{
Details: obj_grpc.DomainToDetailsPb(objectDetails),
}, nil
}
func (s *Server) GetHumanPhone(ctx context.Context, req *mgmt_pb.GetHumanPhoneRequest) (*mgmt_pb.GetHumanPhoneResponse, error) {
phone, err := s.user.PhoneByID(ctx, req.UserId)
if err != nil {
return nil, err
}
return &mgmt_pb.GetHumanPhoneResponse{
Phone: user_grpc.PhoneToPb(phone),
Details: obj_grpc.ToDetailsPb(
phone.Sequence,
phone.ChangeDate,
phone.ResourceOwner,
),
}, nil
}
func (s *Server) UpdateHumanPhone(ctx context.Context, req *mgmt_pb.UpdateHumanPhoneRequest) (*mgmt_pb.UpdateHumanPhoneResponse, error) {
phone, err := s.command.ChangeHumanPhone(ctx, UpdateHumanPhoneRequestToDomain(req))
if err != nil {
return nil, err
}
return &mgmt_pb.UpdateHumanPhoneResponse{
Details: obj_grpc.ToDetailsPb(
phone.Sequence,
phone.ChangeDate,
phone.ResourceOwner,
),
}, nil
}
func (s *Server) RemoveHumanPhone(ctx context.Context, req *mgmt_pb.RemoveHumanPhoneRequest) (*mgmt_pb.RemoveHumanPhoneResponse, error) {
objectDetails, err := s.command.RemoveHumanPhone(ctx, req.UserId, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.RemoveHumanPhoneResponse{
Details: obj_grpc.DomainToDetailsPb(objectDetails),
}, nil
}
func (s *Server) ResendHumanPhoneVerification(ctx context.Context, req *mgmt_pb.ResendHumanPhoneVerificationRequest) (*mgmt_pb.ResendHumanPhoneVerificationResponse, error) {
objectDetails, err := s.command.CreateHumanPhoneVerificationCode(ctx, req.UserId, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.ResendHumanPhoneVerificationResponse{
Details: obj_grpc.DomainToDetailsPb(objectDetails),
}, nil
}
func (s *Server) SetHumanInitialPassword(ctx context.Context, req *mgmt_pb.SetHumanInitialPasswordRequest) (*mgmt_pb.SetHumanInitialPasswordResponse, error) {
objectDetails, err := s.command.SetOneTimePassword(ctx, authz.GetCtxData(ctx).OrgID, req.UserId, req.Password)
if err != nil {
return nil, err
}
return &mgmt_pb.SetHumanInitialPasswordResponse{
Details: obj_grpc.DomainToDetailsPb(objectDetails),
}, nil
}
func (s *Server) SendHumanResetPasswordNotification(ctx context.Context, req *mgmt_pb.SendHumanResetPasswordNotificationRequest) (*mgmt_pb.SendHumanResetPasswordNotificationResponse, error) {
objectDetails, err := s.command.RequestSetPassword(ctx, req.UserId, authz.GetCtxData(ctx).OrgID, notifyTypeToDomain(req.Type))
if err != nil {
return nil, err
}
return &mgmt_pb.SendHumanResetPasswordNotificationResponse{
Details: obj_grpc.DomainToDetailsPb(objectDetails),
}, nil
}
func (s *Server) ListHumanAuthFactors(ctx context.Context, req *mgmt_pb.ListHumanAuthFactorsRequest) (*mgmt_pb.ListHumanAuthFactorsResponse, error) {
mfas, err := s.user.UserMFAs(ctx, req.UserId)
if err != nil {
return nil, err
}
return &mgmt_pb.ListHumanAuthFactorsResponse{
Result: user_grpc.AuthFactorsToPb(mfas),
}, nil
}
func (s *Server) RemoveHumanAuthFactorOTP(ctx context.Context, req *mgmt_pb.RemoveHumanAuthFactorOTPRequest) (*mgmt_pb.RemoveHumanAuthFactorOTPResponse, error) {
objectDetails, err := s.command.HumanRemoveOTP(ctx, req.UserId, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.RemoveHumanAuthFactorOTPResponse{
Details: obj_grpc.DomainToDetailsPb(objectDetails),
}, nil
}
func (s *Server) RemoveHumanAuthFactorU2F(ctx context.Context, req *mgmt_pb.RemoveHumanAuthFactorU2FRequest) (*mgmt_pb.RemoveHumanAuthFactorU2FResponse, error) {
objectDetails, err := s.command.HumanRemoveU2F(ctx, req.UserId, req.TokenId, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.RemoveHumanAuthFactorU2FResponse{
Details: obj_grpc.DomainToDetailsPb(objectDetails),
}, nil
}
func (s *Server) ListHumanPasswordless(ctx context.Context, req *mgmt_pb.ListHumanPasswordlessRequest) (*mgmt_pb.ListHumanPasswordlessResponse, error) {
tokens, err := s.user.GetPasswordless(ctx, req.UserId)
if err != nil {
return nil, err
}
return &mgmt_pb.ListHumanPasswordlessResponse{
Result: user.WebAuthNTokensViewToPb(tokens),
}, nil
}
func (s *Server) RemoveHumanPasswordless(ctx context.Context, req *mgmt_pb.RemoveHumanPasswordlessRequest) (*mgmt_pb.RemoveHumanPasswordlessResponse, error) {
objectDetails, err := s.command.HumanRemovePasswordless(ctx, req.UserId, req.TokenId, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.RemoveHumanPasswordlessResponse{
Details: obj_grpc.DomainToDetailsPb(objectDetails),
}, nil
}
func (s *Server) UpdateMachine(ctx context.Context, req *mgmt_pb.UpdateMachineRequest) (*mgmt_pb.UpdateMachineResponse, error) {
machine, err := s.command.ChangeMachine(ctx, UpdateMachineRequestToDomain(ctx, req))
if err != nil {
return nil, err
}
return &mgmt_pb.UpdateMachineResponse{
Details: obj_grpc.ToDetailsPb(
machine.Sequence,
machine.ChangeDate,
machine.ResourceOwner,
),
}, nil
}
func (s *Server) GetMachineKeyByIDs(ctx context.Context, req *mgmt_pb.GetMachineKeyByIDsRequest) (*mgmt_pb.GetMachineKeyByIDsResponse, error) {
key, err := s.user.GetMachineKey(ctx, req.UserId, req.KeyId)
if err != nil {
return nil, err
}
return &mgmt_pb.GetMachineKeyByIDsResponse{
Key: authn.KeyToPb(key),
}, nil
}
func (s *Server) ListMachineKeys(ctx context.Context, req *mgmt_pb.ListMachineKeysRequest) (*mgmt_pb.ListMachineKeysResponse, error) {
result, err := s.user.SearchMachineKeys(ctx, ListMachineKeysRequestToModel(req))
if err != nil {
return nil, err
}
return &mgmt_pb.ListMachineKeysResponse{
Result: authn.KeyViewsToPb(result.Result),
Details: obj_grpc.ToListDetails(
result.TotalResult,
result.Sequence,
result.Timestamp,
),
}, nil
}
func (s *Server) AddMachineKey(ctx context.Context, req *mgmt_pb.AddMachineKeyRequest) (*mgmt_pb.AddMachineKeyResponse, error) {
key, err := s.command.AddUserMachineKey(ctx, AddMachineKeyRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
keyDetails, err := key.Detail()
if err != nil {
return nil, err
}
return &mgmt_pb.AddMachineKeyResponse{
KeyId: key.KeyID,
KeyDetails: keyDetails,
Details: object.ToDetailsPb(
key.Sequence,
key.ChangeDate,
key.ResourceOwner,
),
}, nil
}
func (s *Server) RemoveMachineKey(ctx context.Context, req *mgmt_pb.RemoveMachineKeyRequest) (*mgmt_pb.RemoveMachineKeyResponse, error) {
objectDetails, err := s.command.RemoveUserMachineKey(ctx, req.UserId, req.KeyId, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.RemoveMachineKeyResponse{
Details: obj_grpc.DomainToDetailsPb(objectDetails),
}, nil
}
func (s *Server) ListHumanLinkedIDPs(ctx context.Context, req *mgmt_pb.ListHumanLinkedIDPsRequest) (*mgmt_pb.ListHumanLinkedIDPsResponse, error) {
res, err := s.user.SearchExternalIDPs(ctx, ListHumanLinkedIDPsRequestToModel(req))
if err != nil {
return nil, err
}
return &mgmt_pb.ListHumanLinkedIDPsResponse{
Result: idp_grpc.IDPsToUserLinkPb(res.Result),
Details: obj_grpc.ToListDetails(
res.TotalResult,
res.Sequence,
res.Timestamp,
),
}, nil
}
func (s *Server) RemoveHumanLinkedIDP(ctx context.Context, req *mgmt_pb.RemoveHumanLinkedIDPRequest) (*mgmt_pb.RemoveHumanLinkedIDPResponse, error) {
objectDetails, err := s.command.RemoveHumanExternalIDP(ctx, RemoveHumanLinkedIDPRequestToDomain(ctx, req))
if err != nil {
return nil, err
}
return &mgmt_pb.RemoveHumanLinkedIDPResponse{
Details: obj_grpc.DomainToDetailsPb(objectDetails),
}, nil
}
func (s *Server) ListUserMemberships(ctx context.Context, req *mgmt_pb.ListUserMembershipsRequest) (*mgmt_pb.ListUserMembershipsResponse, error) {
request, err := ListUserMembershipsRequestToModel(req)
if err != nil {
return nil, err
}
response, err := s.user.SearchUserMemberships(ctx, request)
if err != nil {
return nil, err
}
return userMembershipSearchResponseFromModel(response), nil
return &mgmt_pb.ListUserMembershipsResponse{
Result: user_grpc.MembershipsToMembershipsPb(response.Result),
Details: obj_grpc.ToListDetails(
response.TotalResult,
response.Sequence,
response.Timestamp,
),
}, nil
}

737
internal/api/grpc/management/user_converter.go
View File

@@ -1,653 +1,200 @@
package management
import (
"encoding/json"
"context"
"time"
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
"golang.org/x/text/language"
"google.golang.org/protobuf/encoding/protojson"
"google.golang.org/protobuf/types/known/structpb"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/api/grpc/authn"
user_grpc "github.com/caos/zitadel/internal/api/grpc/user"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/eventstore/v1/models"
usr_model "github.com/caos/zitadel/internal/user/model"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/caos/zitadel/pkg/grpc/message"
key_model "github.com/caos/zitadel/internal/key/model"
user_model "github.com/caos/zitadel/internal/user/model"
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
user_pb "github.com/caos/zitadel/pkg/grpc/user"
)
func userMachineFromDomain(machine *domain.Machine) *management.UserResponse {
changeDate, err := ptypes.TimestampProto(machine.ChangeDate)
logging.Log("GRPC-ckoe3d").OnError(err).Debug("unable to parse timestamp")
userResp := &management.UserResponse{
Id: machine.AggregateID,
State: userStateFromDomain(machine.GetState()),
ChangeDate: changeDate,
Sequence: machine.Sequence,
UserName: machine.GetUsername(),
}
userResp.User = &management.UserResponse_Machine{Machine: machineFromDomain(machine)}
return userResp
}
func userHumanFromDomain(human *domain.Human) *management.UserResponse {
changeDate, err := ptypes.TimestampProto(human.ChangeDate)
logging.Log("GRPC-ckoe3d").OnError(err).Debug("unable to parse timestamp")
userResp := &management.UserResponse{
Id: human.AggregateID,
State: userStateFromDomain(human.GetState()),
ChangeDate: changeDate,
Sequence: human.Sequence,
UserName: human.GetUsername(),
}
userResp.User = &management.UserResponse_Human{Human: humanFromDomain(human)}
return userResp
}
func userCreateToDomain(user *management.CreateUserRequest) (*domain.Human, *domain.Machine) {
if h := user.GetHuman(); h != nil {
human := humanCreateToDomain(h)
human.Username = user.UserName
return human, nil
}
if m := user.GetMachine(); m != nil {
machine := machineCreateToDomain(m)
machine.Username = user.UserName
return nil, machine
}
return nil, nil
}
func passwordRequestToModel(r *management.PasswordRequest) *usr_model.Password {
return &usr_model.Password{
ObjectRoot: models.ObjectRoot{AggregateID: r.Id},
SecretString: r.Password,
}
}
func externalIDPSearchRequestToModel(request *management.ExternalIDPSearchRequest) *usr_model.ExternalIDPSearchRequest {
return &usr_model.ExternalIDPSearchRequest{
Limit: request.Limit,
Offset: request.Offset,
Queries: []*usr_model.ExternalIDPSearchQuery{{Key: usr_model.ExternalIDPSearchKeyUserID, Method: domain.SearchMethodEquals, Value: request.UserId}},
}
}
func externalIDPRemoveToDomain(ctxData authz.CtxData, idp *management.ExternalIDPRemoveRequest) *domain.ExternalIDP {
return &domain.ExternalIDP{
ObjectRoot: models.ObjectRoot{
AggregateID: idp.UserId,
ResourceOwner: ctxData.ResourceOwner,
func ListUsersRequestToModel(ctx context.Context, req *mgmt_pb.ListUsersRequest) *user_model.UserSearchRequest {
req.Queries = append(req.Queries, &user_pb.SearchQuery{
Query: &user_pb.SearchQuery_ResourceOwner{
ResourceOwner: &user_pb.ResourceOwnerQuery{
OrgID: authz.GetCtxData(ctx).OrgID,
},
},
IDPConfigID: idp.IdpConfigId,
ExternalUserID: idp.ExternalUserId,
})
return &user_model.UserSearchRequest{
Offset: req.Query.Offset,
Limit: uint64(req.Query.Limit),
Asc: req.Query.Asc,
Queries: user_grpc.UserQueriesToModel(req.Queries),
}
}
func externalIDPSearchResponseFromModel(response *usr_model.ExternalIDPSearchResponse) *management.ExternalIDPSearchResponse {
viewTimestamp, err := ptypes.TimestampProto(response.Timestamp)
logging.Log("GRPC-3h8is").OnError(err).Debug("unable to parse timestamp")
return &management.ExternalIDPSearchResponse{
Offset: response.Offset,
Limit: response.Limit,
TotalResult: response.TotalResult,
ProcessedSequence: response.Sequence,
ViewTimestamp: viewTimestamp,
Result: externalIDPViewsFromModel(response.Result),
func AddHumanUserRequestToDomain(req *mgmt_pb.AddHumanUserRequest) *domain.Human {
h := &domain.Human{
Username: req.UserName,
}
}
func externalIDPViewsFromModel(externalIDPs []*usr_model.ExternalIDPView) []*management.ExternalIDPView {
converted := make([]*management.ExternalIDPView, len(externalIDPs))
for i, externalIDP := range externalIDPs {
converted[i] = externalIDPViewFromModel(externalIDP)
}
return converted
}
func externalIDPViewFromModel(externalIDP *usr_model.ExternalIDPView) *management.ExternalIDPView {
creationDate, err := ptypes.TimestampProto(externalIDP.CreationDate)
logging.Log("GRPC-Fdu8s").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(externalIDP.ChangeDate)
logging.Log("GRPC-Was7u").OnError(err).Debug("unable to parse timestamp")
return &management.ExternalIDPView{
UserId: externalIDP.UserID,
IdpConfigId: externalIDP.IDPConfigID,
ExternalUserId: externalIDP.ExternalUserID,
ExternalUserDisplayName: externalIDP.UserDisplayName,
IdpName: externalIDP.IDPName,
CreationDate: creationDate,
ChangeDate: changeDate,
}
}
func userSearchRequestsToModel(project *management.UserSearchRequest) *usr_model.UserSearchRequest {
return &usr_model.UserSearchRequest{
Offset: project.Offset,
Limit: project.Limit,
Queries: userSearchQueriesToModel(project.Queries),
}
}
func userSearchQueriesToModel(queries []*management.UserSearchQuery) []*usr_model.UserSearchQuery {
converted := make([]*usr_model.UserSearchQuery, len(queries))
for i, q := range queries {
converted[i] = userSearchQueryToModel(q)
}
return converted
}
func userSearchQueryToModel(query *management.UserSearchQuery) *usr_model.UserSearchQuery {
return &usr_model.UserSearchQuery{
Key: userSearchKeyToModel(query.Key),
Method: searchMethodToModel(query.Method),
Value: query.Value,
}
}
func userSearchKeyToModel(key management.UserSearchKey) usr_model.UserSearchKey {
switch key {
case management.UserSearchKey_USERSEARCHKEY_USER_NAME:
return usr_model.UserSearchKeyUserName
case management.UserSearchKey_USERSEARCHKEY_FIRST_NAME:
return usr_model.UserSearchKeyFirstName
case management.UserSearchKey_USERSEARCHKEY_LAST_NAME:
return usr_model.UserSearchKeyLastName
case management.UserSearchKey_USERSEARCHKEY_NICK_NAME:
return usr_model.UserSearchKeyNickName
case management.UserSearchKey_USERSEARCHKEY_DISPLAY_NAME:
return usr_model.UserSearchKeyDisplayName
case management.UserSearchKey_USERSEARCHKEY_EMAIL:
return usr_model.UserSearchKeyEmail
case management.UserSearchKey_USERSEARCHKEY_STATE:
return usr_model.UserSearchKeyState
case management.UserSearchKey_USERSEARCHKEY_TYPE:
return usr_model.UserSearchKeyType
default:
return usr_model.UserSearchKeyUnspecified
}
}
func userMembershipSearchRequestsToModel(request *management.UserMembershipSearchRequest) *usr_model.UserMembershipSearchRequest {
return &usr_model.UserMembershipSearchRequest{
Offset: request.Offset,
Limit: request.Limit,
Queries: userMembershipSearchQueriesToModel(request.Queries),
}
}
func userMembershipSearchQueriesToModel(queries []*management.UserMembershipSearchQuery) []*usr_model.UserMembershipSearchQuery {
converted := make([]*usr_model.UserMembershipSearchQuery, len(queries))
for i, q := range queries {
converted[i] = userMembershipSearchQueryToModel(q)
}
return converted
}
func userMembershipSearchQueryToModel(query *management.UserMembershipSearchQuery) *usr_model.UserMembershipSearchQuery {
return &usr_model.UserMembershipSearchQuery{
Key: userMembershipSearchKeyToModel(query.Key),
Method: searchMethodToModel(query.Method),
Value: query.Value,
}
}
func userMembershipSearchKeyToModel(key management.UserMembershipSearchKey) usr_model.UserMembershipSearchKey {
switch key {
case management.UserMembershipSearchKey_USERMEMBERSHIPSEARCHKEY_TYPE:
return usr_model.UserMembershipSearchKeyMemberType
case management.UserMembershipSearchKey_USERMEMBERSHIPSEARCHKEY_OBJECT_ID:
return usr_model.UserMembershipSearchKeyObjectID
default:
return usr_model.UserMembershipSearchKeyUnspecified
}
}
func profileFromDomain(profile *domain.Profile) *management.UserProfile {
changeDate, err := ptypes.TimestampProto(profile.ChangeDate)
logging.Log("GRPC-ski8d").OnError(err).Debug("unable to parse timestamp")
return &management.UserProfile{
Id: profile.AggregateID,
ChangeDate: changeDate,
Sequence: profile.Sequence,
FirstName: profile.FirstName,
LastName: profile.LastName,
DisplayName: profile.DisplayName,
NickName: profile.NickName,
PreferredLanguage: profile.PreferredLanguage.String(),
Gender: management.Gender(profile.Gender),
}
}
func profileViewFromModel(profile *usr_model.Profile) *management.UserProfileView {
creationDate, err := ptypes.TimestampProto(profile.CreationDate)
logging.Log("GRPC-sk8sk").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(profile.ChangeDate)
logging.Log("GRPC-s30Ks'").OnError(err).Debug("unable to parse timestamp")
return &management.UserProfileView{
Id: profile.AggregateID,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: profile.Sequence,
FirstName: profile.FirstName,
LastName: profile.LastName,
DisplayName: profile.DisplayName,
NickName: profile.NickName,
PreferredLanguage: profile.PreferredLanguage.String(),
Gender: management.Gender(profile.Gender),
LoginNames: profile.LoginNames,
PreferredLoginName: profile.PreferredLoginName,
}
}
func updateProfileToDomain(u *management.UpdateUserProfileRequest) *domain.Profile {
preferredLanguage, err := language.Parse(u.PreferredLanguage)
logging.Log("GRPC-d8k2s").OnError(err).Debug("language malformed")
return &domain.Profile{
ObjectRoot: models.ObjectRoot{AggregateID: u.Id},
FirstName: u.FirstName,
LastName: u.LastName,
NickName: u.NickName,
preferredLanguage, err := language.Parse(req.Profile.PreferredLanguage)
logging.Log("MANAG-3GUFJ").OnError(err).Debug("language malformed")
h.Profile = &domain.Profile{
FirstName: req.Profile.FirstName,
LastName: req.Profile.LastName,
NickName: req.Profile.NickName,
DisplayName: req.Profile.DisplayName,
PreferredLanguage: preferredLanguage,
Gender: genderToDomain(u.Gender),
Gender: user_grpc.GenderToDomain(req.Profile.Gender),
}
h.Email = &domain.Email{
EmailAddress: req.Email.Email,
IsEmailVerified: req.Email.IsEmailVerified,
}
if req.Phone != nil {
h.Phone = &domain.Phone{
PhoneNumber: req.Phone.Phone,
IsPhoneVerified: req.Phone.IsPhoneVerified,
}
}
if req.InitialPassword != "" {
h.Password = &domain.Password{SecretString: req.InitialPassword}
}
return h
}
func AddMachineUserRequestToDomain(req *mgmt_pb.AddMachineUserRequest) *domain.Machine {
return &domain.Machine{
Username: req.UserName,
Name: req.Name,
Description: req.Description,
}
}
func emailFromDomain(email *domain.Email) *management.UserEmail {
changeDate, err := ptypes.TimestampProto(email.ChangeDate)
logging.Log("GRPC-s0dkw").OnError(err).Debug("unable to parse timestamp")
return &management.UserEmail{
Id: email.AggregateID,
ChangeDate: changeDate,
Sequence: email.Sequence,
Email: email.EmailAddress,
IsEmailVerified: email.IsEmailVerified,
func UpdateHumanProfileRequestToDomain(req *mgmt_pb.UpdateHumanProfileRequest) *domain.Profile {
preferredLanguage, err := language.Parse(req.PreferredLanguage)
logging.Log("MANAG-GPcYv").OnError(err).Debug("language malformed")
return &domain.Profile{
ObjectRoot: models.ObjectRoot{AggregateID: req.UserId},
FirstName: req.FirstName,
LastName: req.LastName,
NickName: req.NickName,
DisplayName: req.DisplayName,
PreferredLanguage: preferredLanguage,
Gender: user_grpc.GenderToDomain(req.Gender),
}
}
func emailViewFromModel(email *usr_model.Email) *management.UserEmailView {
creationDate, err := ptypes.TimestampProto(email.CreationDate)
logging.Log("GRPC-sKefs").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(email.ChangeDate)
logging.Log("GRPC-0isjD").OnError(err).Debug("unable to parse timestamp")
return &management.UserEmailView{
Id: email.AggregateID,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: email.Sequence,
Email: email.EmailAddress,
IsEmailVerified: email.IsEmailVerified,
}
}
func updateEmailToDomain(e *management.UpdateUserEmailRequest) *domain.Email {
func UpdateHumanEmailRequestToDomain(req *mgmt_pb.UpdateHumanEmailRequest) *domain.Email {
return &domain.Email{
ObjectRoot: models.ObjectRoot{AggregateID: e.Id},
EmailAddress: e.Email,
IsEmailVerified: e.IsEmailVerified,
EmailAddress: req.Email,
IsEmailVerified: req.IsEmailVerified,
}
}
func phoneFromDomain(phone *domain.Phone) *management.UserPhone {
changeDate, err := ptypes.TimestampProto(phone.ChangeDate)
logging.Log("GRPC-09ewq").OnError(err).Debug("unable to parse timestamp")
return &management.UserPhone{
Id: phone.AggregateID,
ChangeDate: changeDate,
Sequence: phone.Sequence,
Phone: phone.PhoneNumber,
IsPhoneVerified: phone.IsPhoneVerified,
}
}
func phoneViewFromModel(phone *usr_model.Phone) *management.UserPhoneView {
creationDate, err := ptypes.TimestampProto(phone.CreationDate)
logging.Log("GRPC-6gSj").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(phone.ChangeDate)
logging.Log("GRPC-lKs8f").OnError(err).Debug("unable to parse timestamp")
return &management.UserPhoneView{
Id: phone.AggregateID,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: phone.Sequence,
Phone: phone.PhoneNumber,
IsPhoneVerified: phone.IsPhoneVerified,
}
}
func updatePhoneToDomain(e *management.UpdateUserPhoneRequest) *domain.Phone {
func UpdateHumanPhoneRequestToDomain(req *mgmt_pb.UpdateHumanPhoneRequest) *domain.Phone {
return &domain.Phone{
ObjectRoot: models.ObjectRoot{AggregateID: e.Id},
PhoneNumber: e.Phone,
IsPhoneVerified: e.IsPhoneVerified,
PhoneNumber: req.Phone,
IsPhoneVerified: req.IsPhoneVerified,
}
}
func addressFromDomain(address *domain.Address) *management.UserAddress {
changeDate, err := ptypes.TimestampProto(address.ChangeDate)
logging.Log("GRPC-si9ws").OnError(err).Debug("unable to parse timestamp")
return &management.UserAddress{
Id: address.AggregateID,
ChangeDate: changeDate,
Sequence: address.Sequence,
Country: address.Country,
StreetAddress: address.StreetAddress,
Region: address.Region,
PostalCode: address.PostalCode,
Locality: address.Locality,
}
}
func addressViewFromModel(address *usr_model.Address) *management.UserAddressView {
creationDate, err := ptypes.TimestampProto(address.CreationDate)
logging.Log("GRPC-67stC").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(address.ChangeDate)
logging.Log("GRPC-0jSfs").OnError(err).Debug("unable to parse timestamp")
return &management.UserAddressView{
Id: address.AggregateID,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: address.Sequence,
Country: address.Country,
StreetAddress: address.StreetAddress,
Region: address.Region,
PostalCode: address.PostalCode,
Locality: address.Locality,
}
}
func updateAddressToDomain(ctxData authz.CtxData, address *management.UpdateUserAddressRequest) *domain.Address {
return &domain.Address{
ObjectRoot: models.ObjectRoot{
AggregateID: address.Id,
ResourceOwner: ctxData.OrgID,
},
Country: address.Country,
StreetAddress: address.StreetAddress,
Region: address.Region,
PostalCode: address.PostalCode,
Locality: address.Locality,
}
}
func userSearchResponseFromModel(response *usr_model.UserSearchResponse) *management.UserSearchResponse {
timestamp, err := ptypes.TimestampProto(response.Timestamp)
logging.Log("GRPC-aBezr").OnError(err).Debug("unable to parse timestamp")
return &management.UserSearchResponse{
Offset: response.Offset,
Limit: response.Limit,
TotalResult: response.TotalResult,
Result: userViewsFromModel(response.Result),
ProcessedSequence: response.Sequence,
ViewTimestamp: timestamp,
}
}
func userViewsFromModel(users []*usr_model.UserView) []*management.UserView {
converted := make([]*management.UserView, len(users))
for i, user := range users {
converted[i] = userViewFromModel(user)
}
return converted
}
func userViewFromModel(user *usr_model.UserView) *management.UserView {
creationDate, err := ptypes.TimestampProto(user.CreationDate)
logging.Log("GRPC-dl9we").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(user.ChangeDate)
logging.Log("GRPC-lpsg5").OnError(err).Debug("unable to parse timestamp")
lastLogin, err := ptypes.TimestampProto(user.LastLogin)
logging.Log("GRPC-dksi3").OnError(err).Debug("unable to parse timestamp")
userView := &management.UserView{
Id: user.ID,
State: management.UserState(user.State),
CreationDate: creationDate,
ChangeDate: changeDate,
LastLogin: lastLogin,
Sequence: user.Sequence,
ResourceOwner: user.ResourceOwner,
LoginNames: user.LoginNames,
PreferredLoginName: user.PreferredLoginName,
UserName: user.UserName,
}
if user.HumanView != nil {
userView.User = &management.UserView_Human{Human: humanViewFromModel(user.HumanView)}
}
if user.MachineView != nil {
userView.User = &management.UserView_Machine{Machine: machineViewFromModel(user.MachineView)}
}
return userView
}
func userMembershipSearchResponseFromModel(response *usr_model.UserMembershipSearchResponse) *management.UserMembershipSearchResponse {
timestamp, err := ptypes.TimestampProto(response.Timestamp)
logging.Log("GRPC-Hs8jd").OnError(err).Debug("unable to parse timestamp")
return &management.UserMembershipSearchResponse{
Offset: response.Offset,
Limit: response.Limit,
TotalResult: response.TotalResult,
Result: userMembershipViewsFromModel(response.Result),
ProcessedSequence: response.Sequence,
ViewTimestamp: timestamp,
}
}
func userMembershipViewsFromModel(memberships []*usr_model.UserMembershipView) []*management.UserMembershipView {
converted := make([]*management.UserMembershipView, len(memberships))
for i, membership := range memberships {
converted[i] = userMembershipViewFromModel(membership)
}
return converted
}
func userMembershipViewFromModel(membership *usr_model.UserMembershipView) *management.UserMembershipView {
creationDate, err := ptypes.TimestampProto(membership.CreationDate)
logging.Log("GRPC-Msnu8").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(membership.ChangeDate)
logging.Log("GRPC-Slco9").OnError(err).Debug("unable to parse timestamp")
return &management.UserMembershipView{
UserId: membership.UserID,
AggregateId: membership.AggregateID,
ObjectId: membership.ObjectID,
MemberType: memberTypeFromModel(membership.MemberType),
DisplayName: membership.DisplayName,
Roles: membership.Roles,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: membership.Sequence,
ResourceOwner: membership.ResourceOwner,
}
}
func mfasFromModel(mfas []*usr_model.MultiFactor) []*management.UserMultiFactor {
converted := make([]*management.UserMultiFactor, len(mfas))
for i, mfa := range mfas {
converted[i] = mfaFromModel(mfa)
}
return converted
}
func mfaFromModel(mfa *usr_model.MultiFactor) *management.UserMultiFactor {
return &management.UserMultiFactor{
State: mfaStateFromModel(mfa.State),
Type: mfaTypeFromModel(mfa.Type),
Attribute: mfa.Attribute,
Id: mfa.ID,
}
}
func notifyTypeToDomain(state management.NotificationType) domain.NotificationType {
func notifyTypeToDomain(state mgmt_pb.SendHumanResetPasswordNotificationRequest_Type) domain.NotificationType {
switch state {
case management.NotificationType_NOTIFICATIONTYPE_EMAIL:
case mgmt_pb.SendHumanResetPasswordNotificationRequest_TYPE_EMAIL:
return domain.NotificationTypeEmail
case management.NotificationType_NOTIFICATIONTYPE_SMS:
case mgmt_pb.SendHumanResetPasswordNotificationRequest_TYPE_SMS:
return domain.NotificationTypeSms
default:
return domain.NotificationTypeEmail
}
}
func userStateFromDomain(state domain.UserState) management.UserState {
switch state {
case domain.UserStateActive:
return management.UserState_USERSTATE_ACTIVE
case domain.UserStateInactive:
return management.UserState_USERSTATE_INACTIVE
case domain.UserStateLocked:
return management.UserState_USERSTATE_LOCKED
case domain.UserStateInitial:
return management.UserState_USERSTATE_INITIAL
case domain.UserStateSuspend:
return management.UserState_USERSTATE_SUSPEND
default:
return management.UserState_USERSTATE_UNSPECIFIED
func UpdateMachineRequestToDomain(ctx context.Context, req *mgmt_pb.UpdateMachineRequest) *domain.Machine {
return &domain.Machine{
ObjectRoot: models.ObjectRoot{
AggregateID: req.UserId,
ResourceOwner: authz.GetCtxData(ctx).OrgID,
},
Name: req.Name,
Description: req.Description,
}
}
func genderFromDomain(gender domain.Gender) management.Gender {
switch gender {
case domain.GenderFemale:
return management.Gender_GENDER_FEMALE
case domain.GenderMale:
return management.Gender_GENDER_MALE
case domain.GenderDiverse:
return management.Gender_GENDER_DIVERSE
default:
return management.Gender_GENDER_UNSPECIFIED
func ListMachineKeysRequestToModel(req *mgmt_pb.ListMachineKeysRequest) *key_model.AuthNKeySearchRequest {
return &key_model.AuthNKeySearchRequest{
Offset: req.Query.Offset,
Limit: uint64(req.Query.Limit),
Asc: req.Query.Asc,
Queries: []*key_model.AuthNKeySearchQuery{
{
Key: key_model.AuthNKeyObjectType,
Method: domain.SearchMethodEquals,
Value: key_model.AuthNKeyObjectTypeUser,
}, {
Key: key_model.AuthNKeyObjectID,
Method: domain.SearchMethodEquals,
Value: req.UserId,
},
},
}
}
func genderFromModel(gender usr_model.Gender) management.Gender {
switch gender {
case usr_model.GenderFemale:
return management.Gender_GENDER_FEMALE
case usr_model.GenderMale:
return management.Gender_GENDER_MALE
case usr_model.GenderDiverse:
return management.Gender_GENDER_DIVERSE
default:
return management.Gender_GENDER_UNSPECIFIED
func AddMachineKeyRequestToDomain(req *mgmt_pb.AddMachineKeyRequest) *domain.MachineKey {
expDate := time.Time{}
if req.ExpirationDate != nil {
var err error
expDate, err = ptypes.Timestamp(req.ExpirationDate)
logging.Log("MANAG-iNshR").OnError(err).Debug("unable to parse expiration date")
}
return &domain.MachineKey{
ObjectRoot: models.ObjectRoot{
AggregateID: req.UserId,
},
ExpirationDate: expDate,
Type: authn.KeyTypeToDomain(req.Type),
}
}
func memberTypeFromModel(memberType usr_model.MemberType) management.MemberType {
switch memberType {
case usr_model.MemberTypeOrganisation:
return management.MemberType_MEMBERTYPE_ORGANISATION
case usr_model.MemberTypeProject:
return management.MemberType_MEMBERTYPE_PROJECT
case usr_model.MemberTypeProjectGrant:
return management.MemberType_MEMBERTYPE_PROJECT_GRANT
default:
return management.MemberType_MEMBERTYPE_UNSPECIFIED
func RemoveHumanLinkedIDPRequestToDomain(ctx context.Context, req *mgmt_pb.RemoveHumanLinkedIDPRequest) *domain.ExternalIDP {
return &domain.ExternalIDP{
ObjectRoot: models.ObjectRoot{
AggregateID: req.UserId,
ResourceOwner: authz.GetCtxData(ctx).OrgID,
},
IDPConfigID: req.IdpId,
ExternalUserID: req.LinkedUserId,
}
}
func genderToDomain(gender management.Gender) domain.Gender {
switch gender {
case management.Gender_GENDER_FEMALE:
return domain.GenderFemale
case management.Gender_GENDER_MALE:
return domain.GenderMale
case management.Gender_GENDER_DIVERSE:
return domain.GenderDiverse
default:
return domain.GenderUnspecified
func ListHumanLinkedIDPsRequestToModel(req *mgmt_pb.ListHumanLinkedIDPsRequest) *user_model.ExternalIDPSearchRequest {
return &user_model.ExternalIDPSearchRequest{
Limit: uint64(req.Query.Limit),
Offset: req.Query.Offset,
Queries: []*user_model.ExternalIDPSearchQuery{{Key: user_model.ExternalIDPSearchKeyUserID, Method: domain.SearchMethodEquals, Value: req.UserId}},
}
}
func mfaTypeFromModel(mfatype usr_model.MFAType) management.MfaType {
switch mfatype {
case usr_model.MFATypeOTP:
return management.MfaType_MFATYPE_OTP
case usr_model.MFATypeU2F:
return management.MfaType_MFATYPE_U2F
default:
return management.MfaType_MFATYPE_UNSPECIFIED
}
}
func mfaStateFromModel(state usr_model.MFAState) management.MFAState {
switch state {
case usr_model.MFAStateReady:
return management.MFAState_MFASTATE_READY
case usr_model.MFAStateNotReady:
return management.MFAState_MFASTATE_NOT_READY
default:
return management.MFAState_MFASTATE_UNSPECIFIED
}
}
func userChangesToResponse(response *usr_model.UserChanges, offset uint64, limit uint64) (_ *management.Changes) {
return &management.Changes{
Limit: limit,
Offset: offset,
Changes: userChangesToMgtAPI(response),
}
}
func userChangesToMgtAPI(changes *usr_model.UserChanges) (_ []*management.Change) {
result := make([]*management.Change, len(changes.Changes))
for i, change := range changes.Changes {
var data *structpb.Struct
changedData, err := json.Marshal(change.Data)
if err == nil {
data = new(structpb.Struct)
err = protojson.Unmarshal(changedData, data)
logging.Log("GRPC-a7F54").OnError(err).Debug("unable to marshal changed data to struct")
}
result[i] = &management.Change{
ChangeDate: change.ChangeDate,
EventType: message.NewLocalizedEventType(change.EventType),
Sequence: change.Sequence,
Data: data,
EditorId: change.ModifierID,
Editor: change.ModifierName,
}
}
return result
}
func webAuthNTokensFromModel(tokens []*usr_model.WebAuthNView) *management.WebAuthNTokens {
result := make([]*management.WebAuthNToken, len(tokens))
for i, token := range tokens {
result[i] = webAuthNTokenFromModel(token)
}
return &management.WebAuthNTokens{Tokens: result}
}
func webAuthNTokenFromModel(token *usr_model.WebAuthNView) *management.WebAuthNToken {
return &management.WebAuthNToken{
Id: token.TokenID,
Name: token.Name,
State: mfaStateFromModel(token.State),
func ListUserMembershipsRequestToModel(req *mgmt_pb.ListUserMembershipsRequest) (*user_model.UserMembershipSearchRequest, error) {
queries, err := user_grpc.MembershipQueriesToModel(req.Queries)
if err != nil {
return nil, err
}
queries = append(queries, &user_model.UserMembershipSearchQuery{
Key: user_model.UserMembershipSearchKeyUserID,
Method: domain.SearchMethodEquals,
Value: req.UserId,
})
return &user_model.UserMembershipSearchRequest{
Offset: req.Query.Offset,
Limit: uint64(req.Query.Limit),
Asc: req.Query.Asc,
//SortingColumn: //TODO: sorting
Queries: queries,
}, nil
}

103
internal/api/grpc/management/user_grant.go
View File

@@ -2,61 +2,104 @@ package management
import (
"context"
"github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/pkg/grpc/management"
obj_grpc "github.com/caos/zitadel/internal/api/grpc/object"
"github.com/caos/zitadel/internal/api/grpc/user"
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
)
func (s *Server) SearchUserGrants(ctx context.Context, in *management.UserGrantSearchRequest) (*management.UserGrantSearchResponse, error) {
request := userGrantSearchRequestsToModel(in)
request.AppendMyOrgQuery(authz.GetCtxData(ctx).OrgID)
response, err := s.usergrant.SearchUserGrants(ctx, request)
func (s *Server) GetUserGrantByID(ctx context.Context, req *mgmt_pb.GetUserGrantByIDRequest) (*mgmt_pb.GetUserGrantByIDResponse, error) {
grant, err := s.usergrant.UserGrantByID(ctx, req.GrantId)
if err != nil {
return nil, err
}
return userGrantSearchResponseFromModel(response), nil
return &mgmt_pb.GetUserGrantByIDResponse{
UserGrant: user.UserGrantToPb(grant),
}, nil
}
func (s *Server) UserGrantByID(ctx context.Context, request *management.UserGrantID) (*management.UserGrantView, error) {
user, err := s.usergrant.UserGrantByID(ctx, request.Id)
func (s *Server) ListUserGrants(ctx context.Context, req *mgmt_pb.ListUserGrantRequest) (*mgmt_pb.ListUserGrantResponse, error) {
r := ListUserGrantsRequestToModel(ctx, req)
res, err := s.usergrant.SearchUserGrants(ctx, r)
if err != nil {
return nil, err
}
return userGrantViewFromModel(user), nil
return &mgmt_pb.ListUserGrantResponse{
Result: user.UserGrantsToPb(res.Result),
Details: obj_grpc.ToListDetails(
res.TotalResult,
res.Sequence,
res.Timestamp,
),
}, nil
}
func (s *Server) CreateUserGrant(ctx context.Context, in *management.UserGrantCreate) (*management.UserGrant, error) {
user, err := s.command.AddUserGrant(ctx, userGrantCreateToDomain(in), authz.GetCtxData(ctx).OrgID)
func (s *Server) AddUserGrant(ctx context.Context, req *mgmt_pb.AddUserGrantRequest) (*mgmt_pb.AddUserGrantResponse, error) {
grant, err := s.command.AddUserGrant(ctx, AddUserGrantRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return userGrantFromDomain(user), nil
return &mgmt_pb.AddUserGrantResponse{
UserGrantId: grant.AggregateID,
Details: obj_grpc.ToDetailsPb(
grant.Sequence,
grant.ChangeDate,
grant.ResourceOwner,
),
}, nil
}
func (s *Server) UpdateUserGrant(ctx context.Context, in *management.UserGrantUpdate) (*management.UserGrant, error) {
user, err := s.command.ChangeUserGrant(ctx, userGrantUpdateToDomain(in), authz.GetCtxData(ctx).OrgID)
func (s *Server) UpdateUserGrant(ctx context.Context, req *mgmt_pb.UpdateUserGrantRequest) (*mgmt_pb.UpdateUserGrantResponse, error) {
grant, err := s.command.ChangeUserGrant(ctx, UpdateUserGrantRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return userGrantFromDomain(user), nil
return &mgmt_pb.UpdateUserGrantResponse{
Details: obj_grpc.ToDetailsPb(
grant.Sequence,
grant.ChangeDate,
grant.ResourceOwner,
),
}, nil
}
func (s *Server) DeactivateUserGrant(ctx context.Context, in *management.UserGrantID) (*empty.Empty, error) {
err := s.command.DeactivateUserGrant(ctx, in.Id, authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
}
func (s *Server) ReactivateUserGrant(ctx context.Context, in *management.UserGrantID) (*empty.Empty, error) {
err := s.command.ReactivateUserGrant(ctx, in.Id, authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
func (s *Server) DeactivateUserGrant(ctx context.Context, req *mgmt_pb.DeactivateUserGrantRequest) (*mgmt_pb.DeactivateUserGrantResponse, error) {
objectDetails, err := s.command.DeactivateUserGrant(ctx, req.GrantId, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.DeactivateUserGrantResponse{
Details: obj_grpc.DomainToDetailsPb(objectDetails),
}, nil
}
func (s *Server) RemoveUserGrant(ctx context.Context, in *management.UserGrantID) (*empty.Empty, error) {
err := s.command.RemoveUserGrant(ctx, in.Id, authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
func (s *Server) ReactivateUserGrant(ctx context.Context, req *mgmt_pb.ReactivateUserGrantRequest) (*mgmt_pb.ReactivateUserGrantResponse, error) {
objectDetails, err := s.command.ReactivateUserGrant(ctx, req.GrantId, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.ReactivateUserGrantResponse{
Details: obj_grpc.DomainToDetailsPb(objectDetails),
}, nil
}
func (s *Server) BulkRemoveUserGrant(ctx context.Context, in *management.UserGrantRemoveBulk) (*empty.Empty, error) {
err := s.command.BulkRemoveUserGrant(ctx, userGrantRemoveBulkToModel(in), authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
func (s *Server) RemoveUserGrant(ctx context.Context, req *mgmt_pb.RemoveUserGrantRequest) (*mgmt_pb.RemoveUserGrantResponse, error) {
objectDetails, err := s.command.RemoveUserGrant(ctx, req.GrantId, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.RemoveUserGrantResponse{
Details: obj_grpc.DomainToDetailsPb(objectDetails),
}, nil
}
func (s *Server) BulkRemoveUserGrant(ctx context.Context, req *mgmt_pb.BulkRemoveUserGrantRequest) (*mgmt_pb.BulkRemoveUserGrantResponse, error) {
err := s.command.BulkRemoveUserGrant(ctx, req.GrantId, authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return &mgmt_pb.BulkRemoveUserGrantResponse{
//TODO: Do we need details here?
}, nil
}

199
internal/api/grpc/management/user_grant_converter.go
View File

@@ -1,187 +1,46 @@
package management
import (
"github.com/caos/logging"
"context"
"github.com/caos/zitadel/internal/api/authz"
user_grpc "github.com/caos/zitadel/internal/api/grpc/user"
"github.com/caos/zitadel/internal/domain"
"github.com/golang/protobuf/ptypes"
"google.golang.org/protobuf/types/known/timestamppb"
"github.com/caos/zitadel/internal/eventstore/v1/models"
grant_model "github.com/caos/zitadel/internal/usergrant/model"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/caos/zitadel/internal/usergrant/model"
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
)
func userGrantFromDomain(grant *domain.UserGrant) *management.UserGrant {
return &management.UserGrant{
Id: grant.AggregateID,
UserId: grant.UserID,
State: usergrantStateFromDomain(grant.State),
ChangeDate: timestamppb.New(grant.ChangeDate),
Sequence: grant.Sequence,
ProjectId: grant.ProjectID,
RoleKeys: grant.RoleKeys,
func ListUserGrantsRequestToModel(ctx context.Context, req *mgmt_pb.ListUserGrantRequest) *model.UserGrantSearchRequest {
request := &model.UserGrantSearchRequest{
Offset: req.Query.Offset,
Limit: uint64(req.Query.Limit),
Asc: req.Query.Asc,
Queries: user_grpc.UserGrantQueriesToModel(req.Queries),
}
request.Queries = append(request.Queries, &model.UserGrantSearchQuery{
Key: model.UserGrantSearchKeyResourceOwner,
Method: domain.SearchMethodEquals,
Value: authz.GetCtxData(ctx).OrgID,
})
return request
}
func userGrantCreateToDomain(u *management.UserGrantCreate) *domain.UserGrant {
func AddUserGrantRequestToDomain(req *mgmt_pb.AddUserGrantRequest) *domain.UserGrant {
return &domain.UserGrant{
ObjectRoot: models.ObjectRoot{AggregateID: u.UserId},
UserID: u.UserId,
ProjectID: u.ProjectId,
RoleKeys: u.RoleKeys,
ProjectGrantID: u.GrantId,
UserID: req.UserId,
ProjectID: req.ProjectId,
ProjectGrantID: req.ProjectGrantId,
RoleKeys: req.RoleKeys,
}
}
func userGrantUpdateToDomain(u *management.UserGrantUpdate) *domain.UserGrant {
func UpdateUserGrantRequestToDomain(req *mgmt_pb.UpdateUserGrantRequest) *domain.UserGrant {
return &domain.UserGrant{
ObjectRoot: models.ObjectRoot{AggregateID: u.Id},
RoleKeys: u.RoleKeys,
ObjectRoot: models.ObjectRoot{
AggregateID: req.GrantId,
},
UserID: req.UserId,
RoleKeys: req.RoleKeys,
}
}
func userGrantRemoveBulkToModel(u *management.UserGrantRemoveBulk) []string {
ids := make([]string, len(u.Ids))
for i, id := range u.Ids {
ids[i] = id
}
return ids
}
func userGrantSearchRequestsToModel(project *management.UserGrantSearchRequest) *grant_model.UserGrantSearchRequest {
return &grant_model.UserGrantSearchRequest{
Offset: project.Offset,
Limit: project.Limit,
Queries: userGrantSearchQueriesToModel(project.Queries),
}
}
func userGrantSearchQueriesToModel(queries []*management.UserGrantSearchQuery) []*grant_model.UserGrantSearchQuery {
converted := make([]*grant_model.UserGrantSearchQuery, len(queries))
for i, q := range queries {
converted[i] = userGrantSearchQueryToModel(q)
}
return converted
}
func userGrantSearchQueryToModel(query *management.UserGrantSearchQuery) *grant_model.UserGrantSearchQuery {
return &grant_model.UserGrantSearchQuery{
Key: userGrantSearchKeyToModel(query.Key),
Method: searchMethodToModel(query.Method),
Value: query.Value,
}
}
func userGrantSearchKeyToModel(key management.UserGrantSearchKey) grant_model.UserGrantSearchKey {
switch key {
case management.UserGrantSearchKey_USERGRANTSEARCHKEY_WITH_GRANTED:
return grant_model.UserGrantSearchKeyWithGranted
case management.UserGrantSearchKey_USERGRANTSEARCHKEY_PROJECT_ID:
return grant_model.UserGrantSearchKeyProjectID
case management.UserGrantSearchKey_USERGRANTSEARCHKEY_USER_ID:
return grant_model.UserGrantSearchKeyUserID
case management.UserGrantSearchKey_USERGRANTSEARCHKEY_ROLE_KEY:
return grant_model.UserGrantSearchKeyRoleKey
case management.UserGrantSearchKey_USERGRANTSEARCHKEY_GRANT_ID:
return grant_model.UserGrantSearchKeyGrantID
case management.UserGrantSearchKey_USERGRANTSEARCHKEY_USER_NAME:
return grant_model.UserGrantSearchKeyUserName
case management.UserGrantSearchKey_USERGRANTSEARCHKEY_FIRST_NAME:
return grant_model.UserGrantSearchKeyFirstName
case management.UserGrantSearchKey_USERGRANTSEARCHKEY_LAST_NAME:
return grant_model.UserGrantSearchKeyLastName
case management.UserGrantSearchKey_USERGRANTSEARCHKEY_EMAIL:
return grant_model.UserGrantSearchKeyEmail
case management.UserGrantSearchKey_USERGRANTSEARCHKEY_ORG_NAME:
return grant_model.UserGrantSearchKeyOrgName
case management.UserGrantSearchKey_USERGRANTSEARCHKEY_ORG_DOMAIN:
return grant_model.UserGrantSearchKeyOrgDomain
case management.UserGrantSearchKey_USERGRANTSEARCHKEY_PROJECT_NAME:
return grant_model.UserGrantSearchKeyProjectName
case management.UserGrantSearchKey_USERGRANTSEARCHKEY_DISPLAY_NAME:
return grant_model.UserGrantSearchKeyDisplayName
default:
return grant_model.UserGrantSearchKeyUnspecified
}
}
func userGrantSearchResponseFromModel(response *grant_model.UserGrantSearchResponse) *management.UserGrantSearchResponse {
timestamp, err := ptypes.TimestampProto(response.Timestamp)
logging.Log("GRPC-Wd7hs").OnError(err).Debug("unable to parse timestamp")
return &management.UserGrantSearchResponse{
Offset: response.Offset,
Limit: response.Limit,
TotalResult: response.TotalResult,
Result: userGrantViewsFromModel(response.Result),
ProcessedSequence: response.Sequence,
ViewTimestamp: timestamp,
}
}
func userGrantViewsFromModel(users []*grant_model.UserGrantView) []*management.UserGrantView {
converted := make([]*management.UserGrantView, len(users))
for i, user := range users {
converted[i] = userGrantViewFromModel(user)
}
return converted
}
func userGrantViewFromModel(grant *grant_model.UserGrantView) *management.UserGrantView {
creationDate, err := ptypes.TimestampProto(grant.CreationDate)
logging.Log("GRPC-dl9we").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(grant.ChangeDate)
logging.Log("GRPC-lpsg5").OnError(err).Debug("unable to parse timestamp")
return &management.UserGrantView{
Id: grant.ID,
State: usergrantStateFromModel(grant.State),
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: grant.Sequence,
ResourceOwner: grant.ResourceOwner,
UserName: grant.UserName,
FirstName: grant.FirstName,
LastName: grant.LastName,
Email: grant.Email,
ProjectName: grant.ProjectName,
OrgName: grant.OrgName,
OrgDomain: grant.OrgPrimaryDomain,
RoleKeys: grant.RoleKeys,
UserId: grant.UserID,
ProjectId: grant.ProjectID,
OrgId: grant.ResourceOwner,
DisplayName: grant.DisplayName,
GrantId: grant.GrantID,
}
}
func usergrantStateFromModel(state grant_model.UserGrantState) management.UserGrantState {
switch state {
case grant_model.UserGrantStateActive:
return management.UserGrantState_USERGRANTSTATE_ACTIVE
case grant_model.UserGrantStateInactive:
return management.UserGrantState_USERGRANTSTATE_INACTIVE
default:
return management.UserGrantState_USERGRANTSTATE_UNSPECIFIED
}
}
func usergrantStateFromDomain(state domain.UserGrantState) management.UserGrantState {
switch state {
case domain.UserGrantStateActive:
return management.UserGrantState_USERGRANTSTATE_ACTIVE
case domain.UserGrantStateInactive:
return management.UserGrantState_USERGRANTSTATE_INACTIVE
default:
return management.UserGrantState_USERGRANTSTATE_UNSPECIFIED
}
}
func userGrantsToIDs(userGrants []*grant_model.UserGrantView) []string {
converted := make([]string, len(userGrants))
for i, grant := range userGrants {
converted[i] = grant.ID
}
return converted
}

95
internal/api/grpc/management/user_human_converter.go
View File

@@ -1,95 +0,0 @@
package management
import (
"github.com/caos/logging"
"github.com/caos/zitadel/internal/domain"
usr_model "github.com/caos/zitadel/internal/user/model"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/golang/protobuf/ptypes"
"golang.org/x/text/language"
)
func humanFromDomain(user *domain.Human) *management.HumanResponse {
human := &management.HumanResponse{
FirstName: user.FirstName,
LastName: user.LastName,
DisplayName: user.DisplayName,
NickName: user.NickName,
PreferredLanguage: user.PreferredLanguage.String(),
Gender: genderFromDomain(user.Gender),
}
if user.Email != nil {
human.Email = user.EmailAddress
human.IsEmailVerified = user.IsEmailVerified
}
if user.Phone != nil {
human.Phone = user.PhoneNumber
human.IsPhoneVerified = user.IsPhoneVerified
}
if user.Address != nil {
human.Country = user.Country
human.Locality = user.Locality
human.PostalCode = user.PostalCode
human.Region = user.Region
human.StreetAddress = user.StreetAddress
}
return human
}
func humanViewFromModel(user *usr_model.HumanView) *management.HumanView {
passwordChanged, err := ptypes.TimestampProto(user.PasswordChanged)
logging.Log("MANAG-h4ByY").OnError(err).Debug("unable to parse date")
return &management.HumanView{
FirstName: user.FirstName,
LastName: user.LastName,
DisplayName: user.DisplayName,
NickName: user.NickName,
PreferredLanguage: user.PreferredLanguage,
Gender: genderFromModel(user.Gender),
Email: user.Email,
IsEmailVerified: user.IsEmailVerified,
Phone: user.Phone,
IsPhoneVerified: user.IsPhoneVerified,
Country: user.Country,
Locality: user.Locality,
PostalCode: user.PostalCode,
Region: user.Region,
StreetAddress: user.StreetAddress,
PasswordChanged: passwordChanged,
}
}
func humanCreateToDomain(u *management.CreateHumanRequest) *domain.Human {
preferredLanguage, err := language.Parse(u.PreferredLanguage)
logging.Log("GRPC-cK5k2").OnError(err).Debug("language malformed")
human := &domain.Human{
Profile: &domain.Profile{
FirstName: u.FirstName,
LastName: u.LastName,
NickName: u.NickName,
PreferredLanguage: preferredLanguage,
Gender: genderToDomain(u.Gender),
},
Email: &domain.Email{
EmailAddress: u.Email,
IsEmailVerified: u.IsEmailVerified,
},
Address: &domain.Address{
Country: u.Country,
Locality: u.Locality,
PostalCode: u.PostalCode,
Region: u.Region,
StreetAddress: u.StreetAddress,
},
}
if u.Password != "" {
human.Password = &domain.Password{SecretString: u.Password}
}
if u.Phone != "" {
human.Phone = &domain.Phone{PhoneNumber: u.Phone, IsPhoneVerified: u.IsPhoneVerified}
}
return human
}

38
internal/api/grpc/management/user_machine.go
View File

@@ -1,38 +0,0 @@
package management
import (
"context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/golang/protobuf/ptypes/empty"
)
func (s *Server) AddMachineKey(ctx context.Context, req *management.AddMachineKeyRequest) (*management.AddMachineKeyResponse, error) {
key, err := s.command.AddUserMachineKey(ctx, addMachineKeyToDomain(req), authz.GetCtxData(ctx).OrgID)
if err != nil {
return nil, err
}
return addMachineKeyFromDomain(key), nil
}
func (s *Server) DeleteMachineKey(ctx context.Context, req *management.MachineKeyIDRequest) (*empty.Empty, error) {
err := s.command.RemoveUserMachineKey(ctx, req.UserId, req.KeyId, authz.GetCtxData(ctx).OrgID)
return &empty.Empty{}, err
}
func (s *Server) GetMachineKey(ctx context.Context, req *management.MachineKeyIDRequest) (*management.MachineKeyView, error) {
key, err := s.user.GetMachineKey(ctx, req.UserId, req.KeyId)
if err != nil {
return nil, err
}
return machineKeyViewFromModel(key), nil
}
func (s *Server) SearchMachineKeys(ctx context.Context, req *management.MachineKeySearchRequest) (*management.MachineKeySearchResponse, error) {
result, err := s.user.SearchMachineKeys(ctx, machineKeySearchRequestToModel(req))
if err != nil {
return nil, err
}
return machineKeySearchResponseFromModel(result), nil
}

176
internal/api/grpc/management/user_machine_converter.go
View File

@@ -1,176 +0,0 @@
package management
import (
"encoding/json"
"google.golang.org/protobuf/types/known/timestamppb"
"time"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/logging"
"github.com/golang/protobuf/ptypes"
"github.com/caos/zitadel/internal/eventstore/v1/models"
key_model "github.com/caos/zitadel/internal/key/model"
usr_model "github.com/caos/zitadel/internal/user/model"
"github.com/caos/zitadel/pkg/grpc/management"
)
func machineCreateToDomain(machine *management.CreateMachineRequest) *domain.Machine {
return &domain.Machine{
Name: machine.Name,
Description: machine.Description,
}
}
func updateMachineToDomain(ctxData authz.CtxData, machine *management.UpdateMachineRequest) *domain.Machine {
return &domain.Machine{
ObjectRoot: models.ObjectRoot{
AggregateID: machine.Id,
ResourceOwner: ctxData.ResourceOwner,
},
Name: machine.Name,
Description: machine.Description,
}
}
func machineFromDomain(account *domain.Machine) *management.MachineResponse {
return &management.MachineResponse{
Name: account.Name,
Description: account.Description,
}
}
func machineViewFromModel(machine *usr_model.MachineView) *management.MachineView {
lastKeyAdded, err := ptypes.TimestampProto(machine.LastKeyAdded)
logging.Log("MANAG-wGcAQ").OnError(err).Debug("unable to parse date")
return &management.MachineView{
Description: machine.Description,
Name: machine.Name,
LastKeyAdded: lastKeyAdded,
}
}
func authnKeyViewsFromModel(keys ...*key_model.AuthNKeyView) []*management.MachineKeyView {
keyViews := make([]*management.MachineKeyView, len(keys))
for i, key := range keys {
keyViews[i] = machineKeyViewFromModel(key)
}
return keyViews
}
func machineKeyViewFromModel(key *key_model.AuthNKeyView) *management.MachineKeyView {
creationDate, err := ptypes.TimestampProto(key.CreationDate)
logging.Log("MANAG-gluk7").OnError(err).Debug("unable to parse timestamp")
expirationDate, err := ptypes.TimestampProto(key.ExpirationDate)
logging.Log("MANAG-gluk7").OnError(err).Debug("unable to parse timestamp")
return &management.MachineKeyView{
Id: key.ID,
CreationDate: creationDate,
ExpirationDate: expirationDate,
Sequence: key.Sequence,
Type: machineKeyTypeFromModel(key.Type),
}
}
func addMachineKeyToDomain(key *management.AddMachineKeyRequest) *domain.MachineKey {
expirationDate := time.Time{}
if key.ExpirationDate != nil {
var err error
expirationDate, err = ptypes.Timestamp(key.ExpirationDate)
logging.Log("MANAG-iNshR").OnError(err).Debug("unable to parse expiration date")
}
return &domain.MachineKey{
ExpirationDate: expirationDate,
Type: machineKeyTypeToDomain(key.Type),
ObjectRoot: models.ObjectRoot{AggregateID: key.UserId},
}
}
func addMachineKeyFromDomain(key *domain.MachineKey) *management.AddMachineKeyResponse {
detail, err := json.Marshal(struct {
Type string `json:"type"`
KeyID string `json:"keyId"`
Key string `json:"key"`
UserID string `json:"userId"`
}{
Type: "serviceaccount",
KeyID: key.KeyID,
Key: string(key.PrivateKey),
UserID: key.AggregateID,
})
logging.Log("MANAG-lFQ2g").OnError(err).Warn("unable to marshall key")
return &management.AddMachineKeyResponse{
Id: key.KeyID,
CreationDate: timestamppb.New(key.CreationDate),
ExpirationDate: timestamppb.New(key.ExpirationDate),
Sequence: key.Sequence,
KeyDetails: detail,
Type: machineKeyTypeFromDomain(key.Type),
}
}
func machineKeyTypeToDomain(typ management.MachineKeyType) domain.AuthNKeyType {
switch typ {
case management.MachineKeyType_MACHINEKEY_JSON:
return domain.AuthNKeyTypeJSON
default:
return domain.AuthNKeyTypeNONE
}
}
func machineKeyTypeFromDomain(typ domain.AuthNKeyType) management.MachineKeyType {
switch typ {
case domain.AuthNKeyTypeJSON:
return management.MachineKeyType_MACHINEKEY_JSON
default:
return management.MachineKeyType_MACHINEKEY_UNSPECIFIED
}
}
func machineKeyTypeFromModel(typ key_model.AuthNKeyType) management.MachineKeyType {
switch typ {
case key_model.AuthNKeyTypeJSON:
return management.MachineKeyType_MACHINEKEY_JSON
default:
return management.MachineKeyType_MACHINEKEY_UNSPECIFIED
}
}
func machineKeySearchRequestToModel(req *management.MachineKeySearchRequest) *key_model.AuthNKeySearchRequest {
return &key_model.AuthNKeySearchRequest{
Offset: req.Offset,
Limit: req.Limit,
Asc: req.Asc,
Queries: []*key_model.AuthNKeySearchQuery{
{
Key: key_model.AuthNKeyObjectType,
Method: domain.SearchMethodEquals,
Value: key_model.AuthNKeyObjectTypeUser,
}, {
Key: key_model.AuthNKeyObjectID,
Method: domain.SearchMethodEquals,
Value: req.UserId,
},
},
}
}
func machineKeySearchResponseFromModel(req *key_model.AuthNKeySearchResponse) *management.MachineKeySearchResponse {
viewTimestamp, err := ptypes.TimestampProto(req.Timestamp)
logging.Log("MANAG-Sk9ds").OnError(err).Debug("unable to parse cretaion date")
return &management.MachineKeySearchResponse{
Offset: req.Offset,
Limit: req.Limit,
TotalResult: req.TotalResult,
ProcessedSequence: req.Sequence,
ViewTimestamp: viewTimestamp,
Result: authnKeyViewsFromModel(req.Result...),
}
}

14
internal/api/grpc/management/zitadel_docs.go
View File

@@ -1,14 +0,0 @@
package management
import (
"context"
"github.com/caos/zitadel/pkg/grpc/management"
"github.com/golang/protobuf/ptypes/empty"
)
func (s *Server) GetZitadelDocs(ctx context.Context, _ *empty.Empty) (*management.ZitadelDocs, error) {
return &management.ZitadelDocs{
Issuer: s.systemDefaults.ZitadelDocs.Issuer,
DiscoveryEndpoint: s.systemDefaults.ZitadelDocs.DiscoveryEndpoint,
}, nil
}