This PR adds the functionality to manage user schemas through the new user schema service.
It includes the possibility to create a basic JSON schema and also provides a way on defining permissions (read, write) for owner and self context with an annotation.
Further annotations for OIDC claims and SAML attribute mappings will follow.
A guide on how to create a schema and assign permissions has been started. It will be extended though out the process of implementing the schema and users based on those.
Note:
This feature is in an early stage and therefore not enabled by default. To test it out, please enable the UserSchema feature flag on your instance / system though the feature service.
* docs(api): describe which flow and trigger types word together
* docs(actions): describe which flow and trigger types work together
* Update management.proto
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
* docs: rename instance settings to default settings
* docs: correct local reference to docs
* docs: correct local reference to docs
---------
Co-authored-by: Max Peintner <max@caos.ch>
* docs: describe DefaultInstance vs FirstInstance
* link to docs
* add better searchable tip to the docs
* add better searchable tip to the docs
* add link
* feat: improve instance not found error
* unit tests
* check if is templatable
* lint
* assert
* compile tests
* remove error templates
* link to instance not found page
* fmt
* cleanup
* lint
* partial work done
* test IAM membership roles
* org membership tests
* console :(, translations and docs
* fix integration test
* fix tests
* add EnableImpersonation to security policy API
* fix integration test timestamp checking
* add security policy tests and fix projections
* add impersonation setting in console
* add security settings to the settings v2 API
* fix typo
* move impersonation to instance
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
* feat(api): feature API proto definitions
* update proto based on discussion with @livio-a
* cleanup old feature flag stuff
* authz instance queries
* align defaults
* projection definitions
* define commands and event reducers
* implement system and instance setter APIs
* api getter implementation
* unit test repository package
* command unit tests
* unit test Get queries
* grpc converter unit tests
* migrate the V1 features
* migrate oidc to dynamic features
* projection unit test
* fix instance by host
* fix instance by id data type in sql
* fix linting errors
* add system projection test
* fix behavior inversion
* resolve proto file comments
* rename SystemDefaultLoginInstanceEventType to SystemLoginDefaultOrgEventType so it's consistent with the instance level event
* use write models and conditional set events
* system features integration tests
* instance features integration tests
* error on empty request
* documentation entry
* typo in feature.proto
* fix start unit tests
* solve linting error on key case switch
* remove system defaults after discussion with @eliobischof
* fix system feature projection
* resolve comments in defaults.yaml
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
* docs: first attempt to restructure the sdks and examples to make it better understandable
* docs: first attempt to restructure the sdks and examples to make it better understandable
* docs: first attempt to restructure the sdks and examples to make it better understandable
* docs: first attempt to restructure the sdks and examples to make it better understandable
* docs: first attempt to restructure the sdks and examples to make it better understandable
* docs: first attempt to restructure the sdks and examples to make it better understandable
* docs: adding more example pages
* docs: adding more example pages
* docs: add all sdk/examples
* docs: add tile component
* docs: introduction page
* docs: introduction page
* docs: add react
* docs: remove old sdk and example pages
* docs: fix broken links
* docs: fix broken links
* styles
* Update docs/docs/sdk-examples/introduction.mdx
Co-authored-by: Livio Spring <livio.a@gmail.com>
* Update docs/docs/sdk-examples/java.mdx
Co-authored-by: Livio Spring <livio.a@gmail.com>
* Update docs/docs/sdk-examples/python.mdx
Co-authored-by: Livio Spring <livio.a@gmail.com>
* Update docs/docs/sdk-examples/python.mdx
Co-authored-by: Livio Spring <livio.a@gmail.com>
* docs: review changes
* docs: smaller tiles
* docs: changes from go and java review
* docs: correct python description
* Update docs/docs/sdk-examples/python.mdx
Co-authored-by: Livio Spring <livio.a@gmail.com>
* Update docs/docs/sdk-examples/introduction.mdx
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
* Update docs/docs/sdk-examples/python.mdx
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
* docs: flask logo
* flask, rust imgs
* docs: flask logo
* Update go.mdx
* Update java.mdx
* Update docs/docs/sdk-examples/flutter.mdx
Co-authored-by: Livio Spring <livio.a@gmail.com>
* Update docs/src/css/tile.module.css
Co-authored-by: Livio Spring <livio.a@gmail.com>
* docs: sidebar alphabetic
* docs: sidebar alphabetic
* docs: django logo
---------
Co-authored-by: peintnermax <max@caos.ch>
Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
Co-authored-by: Stefan Benz <stefan@caos.ch>
Even though this is a feature it's released as fix so that we can back port to earlier revisions.
As reported by multiple users startup of ZITADEL after leaded to downtime and worst case rollbacks to the previously deployed version.
The problem starts rising when there are too many events to process after the start of ZITADEL. The root cause are changes on projections (database tables) which must be recomputed. This PR solves this problem by adding a new step to the setup phase which prefills the projections. The step can be enabled by adding the `--init-projections`-flag to `setup`, `start-from-init` and `start-from-setup`. Setting this flag results in potentially longer duration of the setup phase but reduces the risk of the problems mentioned in the paragraph above.
* chore: remove crdb from third party sub-processors
* remove clickhouse
* add hubspot
* fix: google end-user data flag
---------
Co-authored-by: mffap <mpa@zitadel.com>
* feat: return 404 or 409 if org reg disallowed
* fix: system limit permissions
* feat: add iam limits api
* feat: disallow public org registrations on default instance
* add integration test
* test: integration
* fix test
* docs: describe public org registrations
* avoid updating docs deps
* fix system limits integration test
* silence integration tests
* fix linting
* ignore strange linter complaints
* review
* improve reset properties naming
* redefine the api
* use restrictions aggregate
* test query
* simplify and test projection
* test commands
* fix unit tests
* move integration test
* support restrictions on default instance
* also test GetRestrictions
* self review
* lint
* abstract away resource owner
* fix tests
* configure supported languages
* fix allowed languages
* fix tests
* default lang must not be restricted
* preferred language must be allowed
* change preferred languages
* check languages everywhere
* lint
* test command side
* lint
* add integration test
* add integration test
* restrict supported ui locales
* lint
* lint
* cleanup
* lint
* allow undefined preferred language
* fix integration tests
* update main
* fix env var
* ignore linter
* ignore linter
* improve integration test config
* reduce cognitive complexity
* compile
* fix(console): switch back to saved language
* feat(API): get allowed languages
* fix(console): only make allowed languages selectable
* warn when editing not allowed languages
* feat: manage restrictions in console
* check for duplicates
* remove useless restriction checks
* review
* revert restriction renaming
* manage languages
* fix language restrictions
* lint
* generate
* allow custom texts for supported langs for now
* fix tests
* cleanup
* cleanup
* cleanup
* lint
* unsupported preferred lang is allowed
* fix integration test
* allow unsupported preferred languages
* lint
* fix languages lists
* simplify default language selection
* translate
* discard
* lint
* load languages for tests
* load languages
* lint
* cleanup
* lint
* cleanup
* get allowed only on admin
* cleanup
* reduce flakiness on very limited postgres
* simplify langSvc
* refactor according to suggestions in pr
* lint
* improve ux
* update central allowed languages
* set first allowed language as default
* readd lost translations
* disable sorting disallowed languages
* fix permissions
* lint
* selectionchange for language in msg texts
* initialize login texts
* init message texts
* lint
* fix drag and drop list styles
* start from 1
* cleanup
* prettier
* correct orgdefaultlabel
* unsubscribe
* lint
* docs: describe language settings
---------
Co-authored-by: peintnermax <max@caos.ch>
Update _postgres.mdx
Added MaxIdleConns since this option is missing in the Postgres database settings.
My implementation was slow, because this setting wasn't set and I found it after checking the larger config files. Might have value to show that this value can be set in the database specific page.
Co-authored-by: Silvan <silvan.reusser@gmail.com>
* feat: return 404 or 409 if org reg disallowed
* fix: system limit permissions
* feat: add iam limits api
* feat: disallow public org registrations on default instance
* add integration test
* test: integration
* fix test
* docs: describe public org registrations
* avoid updating docs deps
* fix system limits integration test
* silence integration tests
* fix linting
* ignore strange linter complaints
* review
* improve reset properties naming
* redefine the api
* use restrictions aggregate
* test query
* simplify and test projection
* test commands
* fix unit tests
* move integration test
* support restrictions on default instance
* also test GetRestrictions
* self review
* lint
* abstract away resource owner
* fix tests
* configure supported languages
* fix allowed languages
* fix tests
* default lang must not be restricted
* preferred language must be allowed
* change preferred languages
* check languages everywhere
* lint
* test command side
* lint
* add integration test
* add integration test
* restrict supported ui locales
* lint
* lint
* cleanup
* lint
* allow undefined preferred language
* fix integration tests
* update main
* fix env var
* ignore linter
* ignore linter
* improve integration test config
* reduce cognitive complexity
* compile
* check for duplicates
* remove useless restriction checks
* review
* revert restriction renaming
* fix language restrictions
* lint
* generate
* allow custom texts for supported langs for now
* fix tests
* cleanup
* cleanup
* cleanup
* lint
* unsupported preferred lang is allowed
* fix integration test
* finish reverting to old property name
* finish reverting to old property name
* load languages
* refactor(i18n): centralize translators and fs
* lint
* amplify no validations on preferred languages
* fix integration test
* lint
* fix resetting allowed languages
* test unchanged restrictions
* define roles and permissions
* support system user memberships
* don't limit system users
* cleanup permissions
* restrict memberships to aggregates
* default to SYSTEM_OWNER
* update unit tests
* test: system user token test (#6778)
* update unit tests
* refactor: make authz testable
* move session constants
* cleanup
* comment
* comment
* decode member type string to enum (#6780)
* decode member type string to enum
* handle all membership types
* decode enums where necessary
* decode member type in steps config
* update system api docs
* add technical advisory
* tweak docs a bit
* comment in comment
* lint
* extract token from Bearer header prefix
* review changes
* fix tests
* fix: add fix for activityhandler
* add isSystemUser
* remove IsSystemUser from activity info
* fix: add fix for activityhandler
---------
Co-authored-by: Stefan Benz <stefan@caos.ch>