feat: protos refactoring

* start with user * user first try done in all services * user, org, idp for discussion * remove unused stuff * bla * dockerbuild * rename search, get multiple to list... * add annotation * update proto dependencies * update proto dependencies * change proto imports * replace all old imports * fix go out * remove unused lines * correct protoc flags * grpc and openapi flags * go out source path relative * -p * remove dead code * sourcepath relative * ls * is onenapi the problem? * hobla * authoption output * wrong field name * gopf * correct option, add correct flags * small improvments * SIMPLYFY * relative path * gopf bin ich en tubel * correct path * default policies in admin * grpc generation in one file * remove non ascii * metadata on manipulations * correct auth_option import * fixes * larry * idp provider to idp * fix generate * admin and auth nearly done * admin and auth nearly done * gen * healthz * imports * deleted too much imports * fix org * add import * imports * import * naming * auth_opt * gopf * management * imports * _TYPE_UNSPECIFIED * improts * auth opts * management policies * imports * passwordlessType to MFAType * auth_opt * add user grant calls * add missing messages * result * fix option * improvements * ids * fix http * imports * fixes * fields * body * add fields * remove wrong member query * fix request response * fixes * add copy files * variable versions * generate all files * improvements * add dependencies * factors * user session * oidc information, iam * remove unused file * changes * enums * dockerfile * fix build * remove unused folder * update readme for build * move old server impl * add event type to change * some changes * start admin * remove wrong field * admin only list calls missing * fix proto numbers * surprisingly it compiles * service ts changes * admin mgmt * mgmt * auth manipulation and gets done, lists missing * validations and some field changes * validations * enum validations * remove todo * move proto files to proto/zitadel * change proto path in dockerfile * it compiles! * add validate import * remove duplicate import * fix protos * fix import * tests * cleanup * remove unimplemented methods * iam member multiple queries * all auth and admin calls * add initial password on crate human * message names * management user server * machine done * fix: todos (#1346) * fix: pub sub in new eventstore * fix: todos * fix: todos * fix: todos * fix: todos * fix: todos * fix tests * fix: search method domain * admin service, user import type typescript * admin changes * admin changes * fix: search method domain * more user grpc and begin org, fix configs * fix: return object details * org grpc * remove creation date add details * app * fix: return object details * fix: return object details * mgmt service, project members * app * fix: convert policies * project, members, granted projects, searches * fix: convert usergrants * fix: convert usergrants * auth user detail, user detail, mfa, second factor, auth * fix: convert usergrants * mfa, memberships, password, owned proj detail * fix: convert usergrants * project grant * missing details * changes, userview * idp table, keys * org list and user table filter * unify rest paths (#1381) * unify rest paths * post for all searches, mfa to multi_factor, secondfactor to second_factor * remove v1 * fix tests * rename api client key to app key * machine keys, age policy * user list, machine keys, changes * fix: org states * add default flag to policy * second factor to type * idp id * app type * unify ListQuery, ListDetails, ObjectDetails field names * user grants, apps, memberships * fix type params * metadata to detail, linke idps * api create, membership, app detail, create * idp, app, policy * queries, multi -> auth factors and missing fields * update converters * provider to user, remove old mgmt refs * temp remove authfactor dialog, build finish Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com>
2025-08-11 21:07:31 +00:00 · 2021-03-09 10:30:11 +01:00
parent 9f417f3957
commit dabd5920dc
372 changed files with 17881 additions and 22036 deletions
--- a/internal/api/grpc/project/application.go
+++ b/internal/api/grpc/project/application.go
@@ -0,0 +1,299 @@
+package project
+
+import (
+	"google.golang.org/protobuf/types/known/durationpb"
+
+	object_grpc "github.com/caos/zitadel/internal/api/grpc/object"
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/errors"
+	proj_model "github.com/caos/zitadel/internal/project/model"
+	app_pb "github.com/caos/zitadel/pkg/grpc/app"
+	message_pb "github.com/caos/zitadel/pkg/grpc/message"
+)
+
+func AppsToPb(apps []*proj_model.ApplicationView) []*app_pb.App {
+	a := make([]*app_pb.App, len(apps))
+	for i, app := range apps {
+		a[i] = AppToPb(app)
+	}
+	return a
+}
+
+func AppToPb(app *proj_model.ApplicationView) *app_pb.App {
+	return &app_pb.App{
+		Id:      app.ID,
+		Details: object_grpc.ToDetailsPb(app.Sequence, app.CreationDate, "app.ResourceOwner"), //TODO: RO
+		State:   AppStateToPb(app.State),
+		Name:    app.Name,
+		Config:  AppConfigToPb(app),
+	}
+}
+
+func AppConfigToPb(app *proj_model.ApplicationView) app_pb.AppConfig {
+	if app.IsOIDC {
+		return AppOIDCConfigToPb(app)
+	}
+	return AppAPIConfigToPb(app)
+}
+
+func AppOIDCConfigToPb(app *proj_model.ApplicationView) *app_pb.App_OidcConfig {
+	return &app_pb.App_OidcConfig{
+		OidcConfig: &app_pb.OIDCConfig{
+			RedirectUris:             app.OIDCRedirectUris,
+			ResponseTypes:            OIDCResponseTypesFromModel(app.OIDCResponseTypes),
+			GrantTypes:               OIDCGrantTypesFromModel(app.OIDCGrantTypes),
+			AppType:                  OIDCApplicationTypeToPb(domain.OIDCApplicationType(app.OIDCApplicationType)),
+			ClientId:                 app.OIDCClientID,
+			AuthMethodType:           OIDCAuthMethodTypeToPb(domain.OIDCAuthMethodType(app.OIDCAuthMethodType)),
+			PostLogoutRedirectUris:   app.OIDCPostLogoutRedirectUris,
+			Version:                  OIDCVersionToPb(domain.OIDCVersion(app.OIDCVersion)),
+			NoneCompliant:            app.NoneCompliant,
+			ComplianceProblems:       ComplianceProblemsToLocalizedMessages(app.ComplianceProblems),
+			DevMode:                  app.DevMode,
+			AccessTokenType:          oidcTokenTypeToPb(domain.OIDCTokenType(app.AccessTokenType)),
+			AccessTokenRoleAssertion: app.AccessTokenRoleAssertion,
+			IdTokenRoleAssertion:     app.IDTokenRoleAssertion,
+			IdTokenUserinfoAssertion: app.IDTokenUserinfoAssertion,
+			ClockSkew:                durationpb.New(app.ClockSkew),
+		},
+	}
+}
+
+func AppAPIConfigToPb(app *proj_model.ApplicationView) app_pb.AppConfig {
+	return &app_pb.App_ApiConfig{
+		ApiConfig: &app_pb.APIConfig{
+			ClientId:       app.OIDCClientID,
+			ClientSecret:   "", //TODO: remove from proto
+			AuthMethodType: APIAuthMethodeTypeToPb(domain.APIAuthMethodType(app.OIDCAuthMethodType)),
+		},
+	}
+}
+
+func AppStateToPb(state proj_model.AppState) app_pb.AppState {
+	switch state {
+	case proj_model.AppStateActive:
+		return app_pb.AppState_APP_STATE_ACTIVE
+	case proj_model.AppStateInactive:
+		return app_pb.AppState_APP_STATE_INACTIVE
+	default:
+		return app_pb.AppState_APP_STATE_UNSPECIFIED
+	}
+}
+
+func OIDCResponseTypesFromModel(responseTypes []proj_model.OIDCResponseType) []app_pb.OIDCResponseType {
+	oidcResponseTypes := make([]app_pb.OIDCResponseType, len(responseTypes))
+	for i, responseType := range responseTypes {
+		switch responseType {
+		case proj_model.OIDCResponseTypeCode:
+			oidcResponseTypes[i] = app_pb.OIDCResponseType_OIDC_RESPONSE_TYPE_CODE
+		case proj_model.OIDCResponseTypeIDToken:
+			oidcResponseTypes[i] = app_pb.OIDCResponseType_OIDC_RESPONSE_TYPE_ID_TOKEN
+		case proj_model.OIDCResponseTypeIDTokenToken:
+			oidcResponseTypes[i] = app_pb.OIDCResponseType_OIDC_RESPONSE_TYPE_ID_TOKEN_TOKEN
+		}
+	}
+	return oidcResponseTypes
+}
+
+func OIDCResponseTypesToDomain(responseTypes []app_pb.OIDCResponseType) []domain.OIDCResponseType {
+	if responseTypes == nil || len(responseTypes) == 0 {
+		return []domain.OIDCResponseType{domain.OIDCResponseTypeCode}
+	}
+	oidcResponseTypes := make([]domain.OIDCResponseType, len(responseTypes))
+	for i, responseType := range responseTypes {
+		switch responseType {
+		case app_pb.OIDCResponseType_OIDC_RESPONSE_TYPE_CODE:
+			oidcResponseTypes[i] = domain.OIDCResponseTypeCode
+		case app_pb.OIDCResponseType_OIDC_RESPONSE_TYPE_ID_TOKEN:
+			oidcResponseTypes[i] = domain.OIDCResponseTypeIDToken
+		case app_pb.OIDCResponseType_OIDC_RESPONSE_TYPE_ID_TOKEN_TOKEN:
+			oidcResponseTypes[i] = domain.OIDCResponseTypeIDTokenToken
+		}
+	}
+	return oidcResponseTypes
+}
+
+func OIDCGrantTypesFromModel(grantTypes []proj_model.OIDCGrantType) []app_pb.OIDCGrantType {
+	oidcGrantTypes := make([]app_pb.OIDCGrantType, len(grantTypes))
+	for i, grantType := range grantTypes {
+		switch grantType {
+		case proj_model.OIDCGrantTypeAuthorizationCode:
+			oidcGrantTypes[i] = app_pb.OIDCGrantType_OIDC_GRANT_TYPE_AUTHORIZATION_CODE
+		case proj_model.OIDCGrantTypeImplicit:
+			oidcGrantTypes[i] = app_pb.OIDCGrantType_OIDC_GRANT_TYPE_IMPLICIT
+		case proj_model.OIDCGrantTypeRefreshToken:
+			oidcGrantTypes[i] = app_pb.OIDCGrantType_OIDC_GRANT_TYPE_REFRESH_TOKEN
+		}
+	}
+	return oidcGrantTypes
+}
+
+func OIDCGrantTypesToDomain(grantTypes []app_pb.OIDCGrantType) []domain.OIDCGrantType {
+	if grantTypes == nil || len(grantTypes) == 0 {
+		return []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode}
+	}
+	oidcGrantTypes := make([]domain.OIDCGrantType, len(grantTypes))
+	for i, grantType := range grantTypes {
+		switch grantType {
+		case app_pb.OIDCGrantType_OIDC_GRANT_TYPE_AUTHORIZATION_CODE:
+			oidcGrantTypes[i] = domain.OIDCGrantTypeAuthorizationCode
+		case app_pb.OIDCGrantType_OIDC_GRANT_TYPE_IMPLICIT:
+			oidcGrantTypes[i] = domain.OIDCGrantTypeImplicit
+		case app_pb.OIDCGrantType_OIDC_GRANT_TYPE_REFRESH_TOKEN:
+			oidcGrantTypes[i] = domain.OIDCGrantTypeRefreshToken
+		}
+	}
+	return oidcGrantTypes
+}
+
+func OIDCApplicationTypeToPb(appType domain.OIDCApplicationType) app_pb.OIDCAppType {
+	switch appType {
+	case domain.OIDCApplicationTypeWeb:
+		return app_pb.OIDCAppType_OIDC_APP_TYPE_WEB
+	case domain.OIDCApplicationTypeUserAgent:
+		return app_pb.OIDCAppType_OIDC_APP_TYPE_USER_AGENT
+	case domain.OIDCApplicationTypeNative:
+		return app_pb.OIDCAppType_OIDC_APP_TYPE_NATIVE
+	default:
+		return app_pb.OIDCAppType_OIDC_APP_TYPE_WEB
+	}
+}
+
+func OIDCApplicationTypeToDomain(appType app_pb.OIDCAppType) domain.OIDCApplicationType {
+	switch appType {
+	case app_pb.OIDCAppType_OIDC_APP_TYPE_WEB:
+		return domain.OIDCApplicationTypeWeb
+	case app_pb.OIDCAppType_OIDC_APP_TYPE_USER_AGENT:
+		return domain.OIDCApplicationTypeUserAgent
+	case app_pb.OIDCAppType_OIDC_APP_TYPE_NATIVE:
+		return domain.OIDCApplicationTypeNative
+	}
+	return domain.OIDCApplicationTypeWeb
+}
+
+func OIDCAuthMethodTypeToPb(authType domain.OIDCAuthMethodType) app_pb.OIDCAuthMethodType {
+	switch authType {
+	case domain.OIDCAuthMethodTypeBasic:
+		return app_pb.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_BASIC
+	case domain.OIDCAuthMethodTypePost:
+		return app_pb.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_POST
+	case domain.OIDCAuthMethodTypeNone:
+		return app_pb.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_NONE
+	case domain.OIDCAuthMethodTypePrivateKeyJWT:
+		return app_pb.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT
+	default:
+		return app_pb.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_BASIC
+	}
+}
+
+func OIDCAuthMethodTypeToDomain(authType app_pb.OIDCAuthMethodType) domain.OIDCAuthMethodType {
+	switch authType {
+	case app_pb.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_BASIC:
+		return domain.OIDCAuthMethodTypeBasic
+	case app_pb.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_POST:
+		return domain.OIDCAuthMethodTypePost
+	case app_pb.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_NONE:
+		return domain.OIDCAuthMethodTypeNone
+	case app_pb.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT:
+		return domain.OIDCAuthMethodTypePrivateKeyJWT
+	default:
+		return domain.OIDCAuthMethodTypeBasic
+	}
+}
+
+func OIDCVersionToPb(version domain.OIDCVersion) app_pb.OIDCVersion {
+	switch version {
+	case domain.OIDCVersionV1:
+		return app_pb.OIDCVersion_OIDC_VERSION_1_0
+	}
+	return app_pb.OIDCVersion_OIDC_VERSION_1_0
+}
+
+func OIDCVersionToDomain(version app_pb.OIDCVersion) domain.OIDCVersion {
+	switch version {
+	case app_pb.OIDCVersion_OIDC_VERSION_1_0:
+		return domain.OIDCVersionV1
+	}
+	return domain.OIDCVersionV1
+}
+
+func oidcTokenTypeToPb(tokenType domain.OIDCTokenType) app_pb.OIDCTokenType {
+	switch tokenType {
+	case domain.OIDCTokenTypeBearer:
+		return app_pb.OIDCTokenType_OIDC_TOKEN_TYPE_BEARER
+	case domain.OIDCTokenTypeJWT:
+		return app_pb.OIDCTokenType_OIDC_TOKEN_TYPE_JWT
+	default:
+		return app_pb.OIDCTokenType_OIDC_TOKEN_TYPE_BEARER
+	}
+}
+
+func OIDCTokenTypeToDomain(tokenType app_pb.OIDCTokenType) domain.OIDCTokenType {
+	switch tokenType {
+	case app_pb.OIDCTokenType_OIDC_TOKEN_TYPE_BEARER:
+		return domain.OIDCTokenTypeBearer
+	case app_pb.OIDCTokenType_OIDC_TOKEN_TYPE_JWT:
+		return domain.OIDCTokenTypeJWT
+	default:
+		return domain.OIDCTokenTypeBearer
+	}
+}
+
+func ComplianceProblemsToLocalizedMessages(problems []string) []*message_pb.LocalizedMessage {
+	converted := make([]*message_pb.LocalizedMessage, len(problems))
+	for i, p := range problems {
+		converted[i] = message_pb.NewLocalizedMessage(p)
+	}
+	return converted
+
+}
+
+func APIAuthMethodeTypeToPb(methodType domain.APIAuthMethodType) app_pb.APIAuthMethodType {
+	switch methodType {
+	case domain.APIAuthMethodTypeBasic:
+		return app_pb.APIAuthMethodType_API_AUTH_METHOD_TYPE_BASIC
+	case domain.APIAuthMethodTypePrivateKeyJWT:
+		return app_pb.APIAuthMethodType_API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT
+	default:
+		return app_pb.APIAuthMethodType_API_AUTH_METHOD_TYPE_BASIC
+	}
+}
+
+func APIAuthMethodTypeToDomain(authType app_pb.APIAuthMethodType) domain.APIAuthMethodType {
+	switch authType {
+	case app_pb.APIAuthMethodType_API_AUTH_METHOD_TYPE_BASIC:
+		return domain.APIAuthMethodTypeBasic
+	case app_pb.APIAuthMethodType_API_AUTH_METHOD_TYPE_PRIVATE_KEY_JWT:
+		return domain.APIAuthMethodTypePrivateKeyJWT
+	default:
+		return domain.APIAuthMethodTypeBasic
+	}
+}
+
+func AppQueriesToModel(queries []*app_pb.AppQuery) (_ []*proj_model.ApplicationSearchQuery, err error) {
+	q := make([]*proj_model.ApplicationSearchQuery, len(queries))
+	for i, query := range queries {
+		q[i], err = AppQueryToModel(query)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return q, nil
+}
+
+func AppQueryToModel(query *app_pb.AppQuery) (*proj_model.ApplicationSearchQuery, error) {
+	switch q := query.Query.(type) {
+	case *app_pb.AppQuery_NameQuery:
+		return AppQueryNameToModel(q.NameQuery), nil
+	default:
+		return nil, errors.ThrowInvalidArgument(nil, "APP-Add46", "List.Query.Invalid")
+	}
+}
+
+func AppQueryNameToModel(query *app_pb.AppNameQuery) *proj_model.ApplicationSearchQuery {
+	return &proj_model.ApplicationSearchQuery{
+		Key:    proj_model.AppSearchKeyName,
+		Method: object_grpc.TextMethodToModel(query.Method),
+		Value:  query.Name,
+	}
+}