feat: protos refactoring

* start with user

* user first try done in all services

* user, org, idp for discussion

* remove unused stuff

* bla

* dockerbuild

* rename search, get multiple to list...

* add annotation

* update proto dependencies

* update proto dependencies

* change proto imports

* replace all old imports

* fix go out

* remove unused lines

* correct protoc flags

* grpc and openapi flags

* go out source path relative

* -p

* remove dead code

* sourcepath relative

* ls

* is onenapi the problem?

* hobla

* authoption output

* wrong field name

* gopf

* correct option, add correct flags

* small improvments

* SIMPLYFY

* relative path

* gopf bin ich en tubel

* correct path

* default policies in admin

* grpc generation in one file

* remove non ascii

* metadata on manipulations

* correct auth_option import

* fixes

* larry

* idp provider to idp

* fix generate

* admin and auth nearly done

* admin and auth nearly done

* gen

* healthz

* imports

* deleted too much imports

* fix org

* add import

* imports

* import

* naming

* auth_opt

* gopf

* management

* imports

* _TYPE_UNSPECIFIED

* improts

* auth opts

* management policies

* imports

* passwordlessType to MFAType

* auth_opt

* add user grant calls

* add missing messages

* result

* fix option

* improvements

* ids

* fix http

* imports

* fixes

* fields

* body

* add fields

* remove wrong member query

* fix request response

* fixes

* add copy files

* variable versions

* generate all files

* improvements

* add dependencies

* factors

* user session

* oidc information, iam

* remove unused file

* changes

* enums

* dockerfile

* fix build

* remove unused folder

* update readme for build

* move old server impl

* add event type to change

* some changes

* start admin

* remove wrong field

* admin only list calls missing

* fix proto numbers

* surprisingly it compiles

* service ts changes

* admin mgmt

* mgmt

* auth manipulation and gets done, lists missing

* validations and some field changes

* validations

* enum validations

* remove todo

* move proto files to proto/zitadel

* change proto path in dockerfile

* it compiles!

* add validate import

* remove duplicate import

* fix protos

* fix import

* tests

* cleanup

* remove unimplemented methods

* iam member multiple queries

* all auth and admin calls

* add initial password on crate human

* message names

* management user server

* machine done

* fix: todos (#1346)

* fix: pub sub in new eventstore

* fix: todos

* fix: todos

* fix: todos

* fix: todos

* fix: todos

* fix tests

* fix: search method domain

* admin service, user import type typescript

* admin changes

* admin changes

* fix: search method domain

* more user grpc and begin org, fix configs

* fix: return object details

* org grpc

* remove creation date add details

* app

* fix: return object details

* fix: return object details

* mgmt service, project members

* app

* fix: convert policies

* project, members, granted projects, searches

* fix: convert usergrants

* fix: convert usergrants

* auth user detail, user detail, mfa, second factor, auth

* fix: convert usergrants

* mfa, memberships, password, owned proj detail

* fix: convert usergrants

* project grant

* missing details

* changes, userview

* idp table, keys

* org list and user table filter

* unify rest paths (#1381)

* unify rest paths

* post for all searches,
mfa to multi_factor,
secondfactor to second_factor

* remove v1

* fix tests

* rename api client key to app key

* machine keys, age policy

* user list, machine keys, changes

* fix: org states

* add default flag to policy

* second factor to type

* idp id

* app type

* unify ListQuery, ListDetails, ObjectDetails field names

* user grants, apps, memberships

* fix type params

* metadata to detail, linke idps

* api create, membership, app detail, create

* idp, app, policy

* queries, multi -> auth factors and missing fields

* update converters

* provider to user, remove old mgmt refs

* temp remove authfactor dialog, build finish

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com>

internal/api/grpc/project/application.go

@@ -0,0 +1,299 @@
+package project
+
+import (
+	"google.golang.org/protobuf/types/known/durationpb"
+
+	object_grpc "github.com/caos/zitadel/internal/api/grpc/object"
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/errors"
+	proj_model "github.com/caos/zitadel/internal/project/model"
+	app_pb "github.com/caos/zitadel/pkg/grpc/app"
+	message_pb "github.com/caos/zitadel/pkg/grpc/message"
+)
+
+func AppsToPb(apps []*proj_model.ApplicationView) []*app_pb.App {
+	a := make([]*app_pb.App, len(apps))
+	for i, app := range apps {
+		a[i] = AppToPb(app)
+	}
+	return a
+}
+
+func AppToPb(app *proj_model.ApplicationView) *app_pb.App {
+	return &app_pb.App{
+		Id:      app.ID,
+		Details: object_grpc.ToDetailsPb(app.Sequence, app.CreationDate, "app.ResourceOwner"), //TODO: RO
+		State:   AppStateToPb(app.State),
+		Name:    app.Name,
+		Config:  AppConfigToPb(app),
+	}
+}
+
+func AppConfigToPb(app *proj_model.ApplicationView) app_pb.AppConfig {
+	if app.IsOIDC {
+		return AppOIDCConfigToPb(app)
+	}
+	return AppAPIConfigToPb(app)
+}
+
+func AppOIDCConfigToPb(app *proj_model.ApplicationView) *app_pb.App_OidcConfig {
+	return &app_pb.App_OidcConfig{
+		OidcConfig: &app_pb.OIDCConfig{
+			RedirectUris:             app.OIDCRedirectUris,
+			ResponseTypes:            OIDCResponseTypesFromModel(app.OIDCResponseTypes),
+			GrantTypes:               OIDCGrantTypesFromModel(app.OIDCGrantTypes),
+			AppType:                  OIDCApplicationTypeToPb(domain.OIDCApplicationType(app.OIDCApplicationType)),
+			ClientId:                 app.OIDCClientID,
+			AuthMethodType:           OIDCAuthMethodTypeToPb(domain.OIDCAuthMethodType(app.OIDCAuthMethodType)),
+			PostLogoutRedirectUris:   app.OIDCPostLogoutRedirectUris,
+			Version:                  OIDCVersionToPb(domain.OIDCVersion(app.OIDCVersion)),
+			NoneCompliant:            app.NoneCompliant,
+			ComplianceProblems:       ComplianceProblemsToLocalizedMessages(app.ComplianceProblems),
+			DevMode:                  app.DevMode,
+			AccessTokenType:          oidcTokenTypeToPb(domain.OIDCTokenType(app.AccessTokenType)),
+			AccessTokenRoleAssertion: app.AccessTokenRoleAssertion,
+			IdTokenRoleAssertion:     app.IDTokenRoleAssertion,
+			IdTokenUserinfoAssertion: app.IDTokenUserinfoAssertion,
+			ClockSkew:                durationpb.New(app.ClockSkew),
+		},
+	}
+}
+
+func AppAPIConfigToPb(app *proj_model.ApplicationView) app_pb.AppConfig {
+	return &app_pb.App_ApiConfig{
+		ApiConfig: &app_pb.APIConfig{
+			ClientId:       app.OIDCClientID,
+			ClientSecret:   "", //TODO: remove from proto
+			AuthMethodType: APIAuthMethodeTypeToPb(domain.APIAuthMethodType(app.OIDCAuthMethodType)),
+		},
+	}
+}
+
+func AppStateToPb(state proj_model.AppState) app_pb.AppState {
+	switch state {
+	case proj_model.AppStateActive:
+		return app_pb.AppState_APP_STATE_ACTIVE
+	case proj_model.AppStateInactive:
+		return app_pb.AppState_APP_STATE_INACTIVE
+	default:
+		return app_pb.AppState_APP_STATE_UNSPECIFIED
+	}
+}
+
+func OIDCResponseTypesFromModel(responseTypes []proj_model.OIDCResponseType) []app_pb.OIDCResponseType {
+	oidcResponseTypes := make([]app_pb.OIDCResponseType, len(responseTypes))
+	for i, responseType := range responseTypes {
+		switch responseType {
+		case proj_model.OIDCResponseTypeCode:
+			oidcResponseTypes[i] = app_pb.OIDCResponseType_OIDC_RESPONSE_TYPE_CODE
+		case proj_model.OIDCResponseTypeIDToken:
+			oidcResponseTypes[i] = app_pb.OIDCResponseType_OIDC_RESPONSE_TYPE_ID_TOKEN
+		case proj_model.OIDCResponseTypeIDTokenToken:
+			oidcResponseTypes[i] = app_pb.OIDCResponseType_OIDC_RESPONSE_TYPE_ID_TOKEN_TOKEN
+		}
+	}
+	return oidcResponseTypes
+}
+
+func OIDCResponseTypesToDomain(responseTypes []app_pb.OIDCResponseType) []domain.OIDCResponseType {
+	if responseTypes == nil || len(responseTypes) == 0 {
+		return []domain.OIDCResponseType{domain.OIDCResponseTypeCode}
+	}
+	oidcResponseTypes := make([]domain.OIDCResponseType, len(responseTypes))
+	for i, responseType := range responseTypes {
+		switch responseType {
+		case app_pb.OIDCResponseType_OIDC_RESPONSE_TYPE_CODE:
+			oidcResponseTypes[i] = domain.OIDCResponseTypeCode
+		case app_pb.OIDCResponseType_OIDC_RESPONSE_TYPE_ID_TOKEN:
+			oidcResponseTypes[i] = domain.OIDCResponseTypeIDToken
+		case app_pb.OIDCResponseType_OIDC_RESPONSE_TYPE_ID_TOKEN_TOKEN:
+			oidcResponseTypes[i] = domain.OIDCResponseTypeIDTokenToken
+		}
+	}
+	return oidcResponseTypes
+}
+
+func OIDCGrantTypesFromModel(grantTypes []proj_model.OIDCGrantType) []app_pb.OIDCGrantType {
+	oidcGrantTypes := make([]app_pb.OIDCGrantType, len(grantTypes))
+	for i, grantType := range grantTypes {
+		switch grantType {
+		case proj_model.OIDCGrantTypeAuthorizationCode:
+			oidcGrantTypes[i] = app_pb.OIDCGrantType_OIDC_GRANT_TYPE_AUTHORIZATION_CODE
+		case proj_model.OIDCGrantTypeImplicit:
+			oidcGrantTypes[i] = app_pb.OIDCGrantType_OIDC_GRANT_TYPE_IMPLICIT
+		case proj_model.OIDCGrantTypeRefreshToken:
+			oidcGrantTypes[i] = app_pb.OIDCGrantType_OIDC_GRANT_TYPE_REFRESH_TOKEN
+		}
+	}
+	return oidcGrantTypes
+}
+
+func OIDCGrantTypesToDomain(grantTypes []app_pb.OIDCGrantType) []domain.OIDCGrantType {
+	if grantTypes == nil || len(grantTypes) == 0 {
+		return []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode}
+	}
+	oidcGrantTypes := make([]domain.OIDCGrantType, len(grantTypes))
+	for i, grantType := range grantTypes {
+		switch grantType {
+		case app_pb.OIDCGrantType_OIDC_GRANT_TYPE_AUTHORIZATION_CODE:
+			oidcGrantTypes[i] = domain.OIDCGrantTypeAuthorizationCode
+		case app_pb.OIDCGrantType_OIDC_GRANT_TYPE_IMPLICIT:
+			oidcGrantTypes[i] = domain.OIDCGrantTypeImplicit
+		case app_pb.OIDCGrantType_OIDC_GRANT_TYPE_REFRESH_TOKEN:
+			oidcGrantTypes[i] = domain.OIDCGrantTypeRefreshToken
+		}
+	}
+	return oidcGrantTypes
+}
+
+func OIDCApplicationTypeToPb(appType domain.OIDCApplicationType) app_pb.OIDCAppType {
+	switch appType {
+	case domain.OIDCApplicationTypeWeb:
+		return app_pb.OIDCAppType_OIDC_APP_TYPE_WEB
+	case domain.OIDCApplicationTypeUserAgent:
+		return app_pb.OIDCAppType_OIDC_APP_TYPE_USER_AGENT
+	case domain.OIDCApplicationTypeNative:
+		return app_pb.OIDCAppType_OIDC_APP_TYPE_NATIVE
+	default:
+		return app_pb.OIDCAppType_OIDC_APP_TYPE_WEB
+	}
+}
+
+func OIDCApplicationTypeToDomain(appType app_pb.OIDCAppType) domain.OIDCApplicationType {
+	switch appType {
+	case app_pb.OIDCAppType_OIDC_APP_TYPE_WEB:
+		return domain.OIDCApplicationTypeWeb
+	case app_pb.OIDCAppType_OIDC_APP_TYPE_USER_AGENT:
+		return domain.OIDCApplicationTypeUserAgent
+	case app_pb.OIDCAppType_OIDC_APP_TYPE_NATIVE:
+		return domain.OIDCApplicationTypeNative
+	}
+	return domain.OIDCApplicationTypeWeb
+}
+
+func OIDCAuthMethodTypeToPb(authType domain.OIDCAuthMethodType) app_pb.OIDCAuthMethodType {
+	switch authType {
+	case domain.OIDCAuthMethodTypeBasic:
+		return app_pb.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_BASIC
+	case domain.OIDCAuthMethodTypePost:
+		return app_pb.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_POST
+	case domain.OIDCAuthMethodTypeNone:
+		return app_pb.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_NONE
+	case domain.OIDCAuthMethodTypePrivateKeyJWT:
+		return app_pb.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT
+	default:
+		return app_pb.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_BASIC
+	}
+}
+
+func OIDCAuthMethodTypeToDomain(authType app_pb.OIDCAuthMethodType) domain.OIDCAuthMethodType {
+	switch authType {
+	case app_pb.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_BASIC:
+		return domain.OIDCAuthMethodTypeBasic
+	case app_pb.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_POST:
+		return domain.OIDCAuthMethodTypePost
+	case app_pb.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_NONE:
+		return domain.OIDCAuthMethodTypeNone
+	case app_pb.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT:
+		return domain.OIDCAuthMethodTypePrivateKeyJWT
+	default:
+		return domain.OIDCAuthMethodTypeBasic
+	}
+}
+
+func OIDCVersionToPb(version domain.OIDCVersion) app_pb.OIDCVersion {
+	switch version {
+	case domain.OIDCVersionV1:
+		return app_pb.OIDCVersion_OIDC_VERSION_1_0
+	}
+	return app_pb.OIDCVersion_OIDC_VERSION_1_0
+}
+
+func OIDCVersionToDomain(version app_pb.OIDCVersion) domain.OIDCVersion {
+	switch version {
+	case app_pb.OIDCVersion_OIDC_VERSION_1_0:
+		return domain.OIDCVersionV1
+	}
+	return domain.OIDCVersionV1
+}
+
+func oidcTokenTypeToPb(tokenType domain.OIDCTokenType) app_pb.OIDCTokenType {
+	switch tokenType {
+	case domain.OIDCTokenTypeBearer:
+		return app_pb.OIDCTokenType_OIDC_TOKEN_TYPE_BEARER
+	case domain.OIDCTokenTypeJWT:
+		return app_pb.OIDCTokenType_OIDC_TOKEN_TYPE_JWT
+	default:
+		return app_pb.OIDCTokenType_OIDC_TOKEN_TYPE_BEARER
+	}
+}
+
+func OIDCTokenTypeToDomain(tokenType app_pb.OIDCTokenType) domain.OIDCTokenType {
+	switch tokenType {
+	case app_pb.OIDCTokenType_OIDC_TOKEN_TYPE_BEARER:
+		return domain.OIDCTokenTypeBearer
+	case app_pb.OIDCTokenType_OIDC_TOKEN_TYPE_JWT:
+		return domain.OIDCTokenTypeJWT
+	default:
+		return domain.OIDCTokenTypeBearer
+	}
+}
+
+func ComplianceProblemsToLocalizedMessages(problems []string) []*message_pb.LocalizedMessage {
+	converted := make([]*message_pb.LocalizedMessage, len(problems))
+	for i, p := range problems {
+		converted[i] = message_pb.NewLocalizedMessage(p)
+	}
+	return converted
+
+}
+
+func APIAuthMethodeTypeToPb(methodType domain.APIAuthMethodType) app_pb.APIAuthMethodType {
+	switch methodType {
+	case domain.APIAuthMethodTypeBasic:
+		return app_pb.APIAuthMethodType_API_AUTH_METHOD_TYPE_BASIC
+	case domain.APIAuthMethodTypePrivateKeyJWT:
+		return app_pb.APIAuthMethodType_API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT
+	default:
+		return app_pb.APIAuthMethodType_API_AUTH_METHOD_TYPE_BASIC
+	}
+}
+
+func APIAuthMethodTypeToDomain(authType app_pb.APIAuthMethodType) domain.APIAuthMethodType {
+	switch authType {
+	case app_pb.APIAuthMethodType_API_AUTH_METHOD_TYPE_BASIC:
+		return domain.APIAuthMethodTypeBasic
+	case app_pb.APIAuthMethodType_API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT:
+		return domain.APIAuthMethodTypePrivateKeyJWT
+	default:
+		return domain.APIAuthMethodTypeBasic
+	}
+}
+
+func AppQueriesToModel(queries []*app_pb.AppQuery) (_ []*proj_model.ApplicationSearchQuery, err error) {
+	q := make([]*proj_model.ApplicationSearchQuery, len(queries))
+	for i, query := range queries {
+		q[i], err = AppQueryToModel(query)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return q, nil
+}
+
+func AppQueryToModel(query *app_pb.AppQuery) (*proj_model.ApplicationSearchQuery, error) {
+	switch q := query.Query.(type) {
+	case *app_pb.AppQuery_NameQuery:
+		return AppQueryNameToModel(q.NameQuery), nil
+	default:
+		return nil, errors.ThrowInvalidArgument(nil, "APP-Add46", "List.Query.Invalid")
+	}
+}
+
+func AppQueryNameToModel(query *app_pb.AppNameQuery) *proj_model.ApplicationSearchQuery {
+	return &proj_model.ApplicationSearchQuery{
+		Key:    proj_model.AppSearchKeyName,
+		Method: object_grpc.TextMethodToModel(query.Method),
+		Value:  query.Name,
+	}
+}

internal/api/grpc/project/converter.go

@@ -0,0 +1,183 @@
+package project
+
+import (
+	object_grpc "github.com/caos/zitadel/internal/api/grpc/object"
+	"github.com/caos/zitadel/internal/errors"
+	proj_model "github.com/caos/zitadel/internal/project/model"
+	proj_pb "github.com/caos/zitadel/pkg/grpc/project"
+)
+
+func ProjectToPb(project *proj_model.ProjectView) *proj_pb.Project {
+	return &proj_pb.Project{
+		Id:                   project.ProjectID,
+		Details:              object_grpc.ToDetailsPb(project.Sequence, project.ChangeDate, project.ResourceOwner),
+		Name:                 project.Name,
+		State:                projectStateToPb(project.State),
+		ProjectRoleAssertion: project.ProjectRoleAssertion,
+		ProjectRoleCheck:     project.ProjectRoleCheck,
+	}
+}
+
+func GrantedProjectToPb(project *proj_model.ProjectGrantView) *proj_pb.GrantedProject {
+	return &proj_pb.GrantedProject{
+		GrantId:          project.GrantID,
+		ProjectId:        project.ProjectID,
+		Details:          object_grpc.ToDetailsPb(project.Sequence, project.ChangeDate, project.ResourceOwner),
+		ProjectName:      project.Name,
+		State:            grantedProjectStateToPb(project.State),
+		ProjectOwnerId:   project.ResourceOwner,
+		ProjectOwnerName: project.ResourceOwnerName,
+		GrantedOrgId:     project.OrgID,
+		GrantedOrgName:   project.OrgName,
+		GrantedRoleKeys:  project.GrantedRoleKeys,
+	}
+}
+
+func ProjectsToPb(projects []*proj_model.ProjectView) []*proj_pb.Project {
+	p := make([]*proj_pb.Project, len(projects))
+	for i, project := range projects {
+		p[i] = ProjectToPb(project)
+	}
+	return p
+}
+
+func GrantedProjectsToPb(projects []*proj_model.ProjectGrantView) []*proj_pb.GrantedProject {
+	p := make([]*proj_pb.GrantedProject, len(projects))
+	for i, project := range projects {
+		p[i] = GrantedProjectToPb(project)
+	}
+	return p
+}
+
+func projectStateToPb(state proj_model.ProjectState) proj_pb.ProjectState {
+	switch state {
+	case proj_model.ProjectStateActive:
+		return proj_pb.ProjectState_PROJECT_STATE_ACTIVE
+	case proj_model.ProjectStateInactive:
+		return proj_pb.ProjectState_PROJECT_STATE_INACTIVE
+	default:
+		return proj_pb.ProjectState_PROJECT_STATE_UNSPECIFIED
+	}
+}
+
+func grantedProjectStateToPb(state proj_model.ProjectState) proj_pb.ProjectGrantState {
+	switch state {
+	case proj_model.ProjectStateActive:
+		return proj_pb.ProjectGrantState_PROJECT_GRANT_STATE_ACTIVE
+	case proj_model.ProjectStateInactive:
+		return proj_pb.ProjectGrantState_PROJECT_GRANT_STATE_INACTIVE
+	default:
+		return proj_pb.ProjectGrantState_PROJECT_GRANT_STATE_UNSPECIFIED
+	}
+}
+
+func ProjectQueriesToModel(queries []*proj_pb.ProjectQuery) (_ []*proj_model.ProjectViewSearchQuery, err error) {
+	q := make([]*proj_model.ProjectViewSearchQuery, len(queries))
+	for i, query := range queries {
+		q[i], err = ProjectQueryToModel(query)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return q, nil
+}
+
+func ProjectQueryToModel(query *proj_pb.ProjectQuery) (*proj_model.ProjectViewSearchQuery, error) {
+	switch q := query.Query.(type) {
+	case *proj_pb.ProjectQuery_NameQuery:
+		return ProjectQueryNameToModel(q.NameQuery), nil
+	default:
+		return nil, errors.ThrowInvalidArgument(nil, "ORG-Ags42", "List.Query.Invalid")
+	}
+}
+
+func ProjectQueryNameToModel(query *proj_pb.ProjectNameQuery) *proj_model.ProjectViewSearchQuery {
+	return &proj_model.ProjectViewSearchQuery{
+		Key:    proj_model.ProjectViewSearchKeyName,
+		Method: object_grpc.TextMethodToModel(query.Method),
+		Value:  query.Name,
+	}
+}
+
+func GrantedProjectQueriesToModel(queries []*proj_pb.ProjectQuery) (_ []*proj_model.ProjectGrantViewSearchQuery, err error) {
+	q := make([]*proj_model.ProjectGrantViewSearchQuery, len(queries))
+	for i, query := range queries {
+		q[i], err = GrantedProjectQueryToModel(query)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return q, nil
+}
+
+func GrantedProjectQueryToModel(query *proj_pb.ProjectQuery) (*proj_model.ProjectGrantViewSearchQuery, error) {
+	switch q := query.Query.(type) {
+	case *proj_pb.ProjectQuery_NameQuery:
+		return GrantedProjectQueryNameToModel(q.NameQuery), nil
+	default:
+		return nil, errors.ThrowInvalidArgument(nil, "ORG-Ags42", "List.Query.Invalid")
+	}
+}
+
+func GrantedProjectQueryNameToModel(query *proj_pb.ProjectNameQuery) *proj_model.ProjectGrantViewSearchQuery {
+	return &proj_model.ProjectGrantViewSearchQuery{
+		Key:    proj_model.GrantedProjectSearchKeyName,
+		Method: object_grpc.TextMethodToModel(query.Method),
+		Value:  query.Name,
+	}
+}
+
+func RoleQueriesToModel(queries []*proj_pb.RoleQuery) (_ []*proj_model.ProjectRoleSearchQuery, err error) {
+	q := make([]*proj_model.ProjectRoleSearchQuery, len(queries))
+	for i, query := range queries {
+		q[i], err = RoleQueryToModel(query)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return q, nil
+}
+
+func RoleQueryToModel(query *proj_pb.RoleQuery) (*proj_model.ProjectRoleSearchQuery, error) {
+	switch q := query.Query.(type) {
+	case *proj_pb.RoleQuery_KeyQuery:
+		return RoleQueryKeyToModel(q.KeyQuery), nil
+	case *proj_pb.RoleQuery_DisplayNameQuery:
+		return RoleQueryDisplayNameToModel(q.DisplayNameQuery), nil
+	default:
+		return nil, errors.ThrowInvalidArgument(nil, "ORG-Ags42", "List.Query.Invalid")
+	}
+}
+
+func RoleQueryKeyToModel(query *proj_pb.RoleKeyQuery) *proj_model.ProjectRoleSearchQuery {
+	return &proj_model.ProjectRoleSearchQuery{
+		Key:    proj_model.ProjectRoleSearchKeyKey,
+		Method: object_grpc.TextMethodToModel(query.Method),
+		Value:  query.Key,
+	}
+}
+
+func RoleQueryDisplayNameToModel(query *proj_pb.RoleDisplayNameQuery) *proj_model.ProjectRoleSearchQuery {
+	return &proj_model.ProjectRoleSearchQuery{
+		Key:    proj_model.ProjectRoleSearchKeyDisplayName,
+		Method: object_grpc.TextMethodToModel(query.Method),
+		Value:  query.DisplayName,
+	}
+}
+
+func RolesToPb(roles []*proj_model.ProjectRoleView) []*proj_pb.Role {
+	r := make([]*proj_pb.Role, len(roles))
+	for i, role := range roles {
+		r[i] = RoleToPb(role)
+	}
+	return r
+}
+
+func RoleToPb(role *proj_model.ProjectRoleView) *proj_pb.Role {
+	return &proj_pb.Role{
+		Key:         role.Key,
+		Details:     object_grpc.ToDetailsPb(role.Sequence, role.ChangeDate, role.ResourceOwner),
+		DisplayName: role.DisplayName,
+		Group:       role.Group,
+	}
+}

internal/api/grpc/project/project_grant.go

@@ -0,0 +1,43 @@
+package project
+
+import (
+	object_grpc "github.com/caos/zitadel/internal/api/grpc/object"
+	proj_model "github.com/caos/zitadel/internal/project/model"
+	"github.com/caos/zitadel/pkg/grpc/project"
+	proj_pb "github.com/caos/zitadel/pkg/grpc/project"
+)
+
+func ProjectGrantQueriesToModel(queries []*project.ProjectGrantQuery) []*proj_model.ProjectGrantViewSearchQuery {
+	q := make([]*proj_model.ProjectGrantViewSearchQuery, len(queries))
+	for i, query := range queries {
+		q[i] = ProjectGrantQueryToModel(query)
+	}
+	return q
+}
+
+func ProjectGrantQueryToModel(query *project.ProjectGrantQuery) *proj_model.ProjectGrantViewSearchQuery {
+	switch q := query.Query.(type) {
+	case *proj_pb.ProjectGrantQuery_ProjectNameQuery:
+		return ProjectGrantNameToProjectQuery(q.ProjectNameQuery)
+	case *proj_pb.ProjectGrantQuery_RoleKeyQuery:
+		return ProjectGrantRoleToProjectQuery(q.RoleKeyQuery)
+	default:
+		return nil
+	}
+}
+
+func ProjectGrantNameToProjectQuery(query *proj_pb.GrantProjectNameQuery) *proj_model.ProjectGrantViewSearchQuery {
+	return &proj_model.ProjectGrantViewSearchQuery{
+		Key:    proj_model.GrantedProjectSearchKeyName,
+		Method: object_grpc.TextMethodToModel(query.Method),
+		Value:  query.Name,
+	}
+}
+
+func ProjectGrantRoleToProjectQuery(query *proj_pb.GrantRoleKeyQuery) *proj_model.ProjectGrantViewSearchQuery {
+	return &proj_model.ProjectGrantViewSearchQuery{
+		Key:    proj_model.GrantedProjectSearchKeyRoleKeys,
+		Method: object_grpc.TextMethodToModel(query.Method),
+		Value:  query.RoleKey,
+	}
+}