syntax = "proto3"; import "google/api/annotations.proto"; import "google/protobuf/empty.proto"; import "google/protobuf/timestamp.proto"; import "google/protobuf/struct.proto"; import "validate/validate.proto"; import "protoc-gen-swagger/options/annotations.proto"; import "authoption/options.proto"; package caos.zitadel.admin.api.v1; option go_package ="github.com/caos/zitadel/pkg/grpc/admin"; option (grpc.gateway.protoc_gen_swagger.options.openapiv2_swagger) = { info: { title: "admin service"; version: "0.1"; contact:{ url: "https://github.com/caos/zitadel/pkg/admin" }; }; schemes: HTTPS; consumes: "application/json"; consumes: "application/grpc"; produces: "application/json"; produces: "application/grpc"; }; service AdminService { // --------- // Probes // --------- // Healthz returns status OK as soon as the service started rpc Healthz(google.protobuf.Empty) returns (google.protobuf.Empty) { option (google.api.http) = { get: "/healthz" }; } // Ready returns status OK as soon as all dependent services are available rpc Ready(google.protobuf.Empty) returns (google.protobuf.Empty) { option (google.api.http) = { get: "/ready" }; } rpc Validate(google.protobuf.Empty) returns (google.protobuf.Struct) { option (google.api.http) = { get: "/validate" }; } //ORG rpc IsOrgUnique(UniqueOrgRequest) returns (UniqueOrgResponse) { option (google.api.http) = { get: "/orgs/_isunique" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.read" }; } rpc GetOrgByID(OrgID) returns (Org) { option (google.api.http) = { get: "/orgs/{id}" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.read" }; } rpc SearchOrgs(OrgSearchRequest) returns (OrgSearchResponse) { option (google.api.http) = { post: "/orgs/_search" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.read" }; } rpc SetUpOrg(OrgSetUpRequest) returns (OrgSetUpResponse) { option (google.api.http) = { post: "/orgs/_setup" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.write" }; } //ORG_IAM_POLICY rpc GetOrgIamPolicy(OrgIamPolicyID) returns (OrgIamPolicy) { option (google.api.http) = { get: "/orgs/{org_id}/iampolicy" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.policy.read" }; } rpc CreateOrgIamPolicy(OrgIamPolicyRequest) returns (OrgIamPolicy) { option (google.api.http) = { post: "/orgs/{org_id}/iampolicy" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.policy.write" }; } rpc UpdateOrgIamPolicy(OrgIamPolicyRequest) returns (OrgIamPolicy) { option (google.api.http) = { put: "/orgs/{org_id}/iampolicy" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.policy.write" }; } rpc DeleteOrgIamPolicy(OrgIamPolicyID) returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/orgs/{org_id}/iampolicy" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.policy.delete" }; } rpc GetIamMemberRoles(google.protobuf.Empty) returns (IamMemberRoles) { option (google.api.http) = { get: "/members/roles" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.member.read" }; } rpc AddIamMember(AddIamMemberRequest) returns (IamMember) { option (google.api.http) = { post: "/members" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.member.write" }; } rpc ChangeIamMember(ChangeIamMemberRequest) returns (IamMember) { option (google.api.http) = { put: "/members/{user_id}" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.member.write" }; } rpc RemoveIamMember(RemoveIamMemberRequest) returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/members/{user_id}" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.member.delete" }; } rpc SearchIamMembers(IamMemberSearchRequest) returns (IamMemberSearchResponse) { option (google.api.http) = { post: "/members/_search" body: "*" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.member.read" }; } rpc GetViews(google.protobuf.Empty) returns (Views) { option (google.api.http) = { get: "/views" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.read" }; } rpc ClearView(ViewID) returns (google.protobuf.Empty) { option (google.api.http) = { post: "/views/{database}/{view_name}" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.write" }; } rpc GetFailedEvents(google.protobuf.Empty) returns (FailedEvents) { option (google.api.http) = { get: "/failedevents" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.read" }; } rpc RemoveFailedEvent(FailedEventID) returns (google.protobuf.Empty) { option (google.api.http) = { delete: "/failedevents/{database}/{view_name}/{failed_sequence}" }; option (caos.zitadel.utils.v1.auth_option) = { permission: "iam.write" }; } } message OrgID { string id = 1; } message UniqueOrgRequest { string name = 1 [(validate.rules).string.min_len = 1]; string domain = 2 [(validate.rules).string.min_len = 1]; } message UniqueOrgResponse { bool is_unique = 1; } message Org { string id = 1; OrgState state = 2; google.protobuf.Timestamp creation_date = 3; google.protobuf.Timestamp change_date = 4; string name = 5; string domain = 6; } enum OrgState { ORGSTATE_UNSPECIFIED = 0; ORGSTATE_ACTIVE = 1; ORGSTATE_INACTIVE = 2; } message OrgSearchRequest { uint64 offset = 1; uint64 limit = 2; OrgSearchKey sorting_column = 3 [(validate.rules).enum = {not_in: [0]}];; bool asc = 4; repeated OrgSearchQuery queries = 5; } message OrgSearchQuery { OrgSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}];; OrgSearchMethod method = 2; string value = 3; } enum OrgSearchKey { ORGSEARCHKEY_UNSPECIFIED = 0; ORGSEARCHKEY_ORG_NAME = 1; ORGSEARCHKEY_DOMAIN = 2; ORGSEARCHKEY_STATE = 3; } message OrgSearchResponse { uint64 offset = 1; uint64 limit = 2; uint64 total_result = 3; repeated Org result = 4; } enum OrgSearchMethod { ORGSEARCHMETHOD_EQUALS = 0; ORGSEARCHMETHOD_STARTS_WITH = 1; ORGSEARCHMETHOD_CONTAINS = 2; } message OrgSetUpRequest { CreateOrgRequest org = 1; CreateUserRequest user = 2; } message OrgSetUpResponse { Org org = 1; User user = 2; } message CreateUserRequest { string user_name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; string first_name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; string last_name = 3 [(validate.rules).string = {min_len: 1, max_len: 200}]; string nick_name = 4 [(validate.rules).string = {max_len: 200}]; string preferred_language = 5 [(validate.rules).string = {max_len: 200}]; Gender gender = 6; string email = 7 [(validate.rules).string = {min_len: 1, max_len: 200, email: true}]; bool is_email_verified = 8; string phone = 9 [(validate.rules).string = {max_len: 20}]; bool is_phone_verified = 10; string country = 11 [(validate.rules).string = {max_len: 200}]; string locality = 12 [(validate.rules).string = {max_len: 200}]; string postal_code = 13 [(validate.rules).string = {max_len: 200}]; string region = 14 [(validate.rules).string = {max_len: 200}]; string street_address = 15 [(validate.rules).string = {max_len: 200}]; string password = 16 [(validate.rules).string = {max_len: 72}]; } message User { string id = 1; UserState state = 2; google.protobuf.Timestamp creation_date = 3; google.protobuf.Timestamp change_date = 4; string user_name = 5; string first_name = 6; string last_name = 7; string nick_name = 8; string display_name = 9; string preferred_language = 10; Gender gender = 11; string email = 12; bool isEmailVerified = 13; string phone = 14; bool isPhoneVerified = 15; string country = 16; string locality = 17; string postal_code = 18; string region = 19; string street_address = 20; uint64 sequence = 21; } enum UserState { USERSTATE_UNSPECIFIED = 0; USERSTATE_ACTIVE = 1; USERSTATE_INACTIVE = 2; USERSTATE_DELETED = 3; USERSTATE_LOCKED = 4; USERSTATE_SUSPEND = 5; USERSTATE_INITIAL= 6; } enum Gender { GENDER_UNSPECIFIED = 0; GENDER_FEMALE = 1; GENDER_MALE = 2; GENDER_DIVERSE = 3; } message CreateOrgRequest { string name = 1 [(validate.rules).string.min_len = 1]; string domain = 2; } message OrgIamPolicy { string org_id = 1; string description = 2; bool user_login_must_be_domain = 3; bool default = 4; uint64 sequence = 5; google.protobuf.Timestamp creation_date = 6; google.protobuf.Timestamp change_date = 7; } message OrgIamPolicyRequest { string org_id = 1; string description = 2; bool user_login_must_be_domain = 3; } message OrgIamPolicyID { string org_id = 1; } message IamMemberRoles { repeated string roles = 1; } message IamMember { string user_id = 1; repeated string roles = 2; google.protobuf.Timestamp change_date = 3; google.protobuf.Timestamp creation_date = 4; uint64 sequence = 5; } message AddIamMemberRequest { string user_id = 1; repeated string roles = 2; } message ChangeIamMemberRequest { string user_id = 1; repeated string roles = 2; } message RemoveIamMemberRequest { string user_id = 1; } message IamMemberSearchResponse { uint64 offset = 1; uint64 limit = 2; uint64 total_result = 3; repeated IamMemberView result = 4; } message IamMemberView { string user_id = 1; repeated string roles = 2; google.protobuf.Timestamp change_date = 3; google.protobuf.Timestamp creation_date = 4; uint64 sequence = 5; string user_name = 6; string email = 7; string first_name = 8; string last_name = 9; } message IamMemberSearchRequest { uint64 offset = 1; uint64 limit = 2; repeated IamMemberSearchQuery queries = 3; } message IamMemberSearchQuery { IamMemberSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}]; SearchMethod method = 2; string value = 3; } enum IamMemberSearchKey { IAMMEMBERSEARCHKEY_UNSPECIFIED = 0; IAMMEMBERSEARCHKEY_FIRST_NAME = 1; IAMMEMBERSEARCHKEY_LAST_NAME = 2; IAMMEMBERSEARCHKEY_EMAIL = 3; IAMMEMBERSEARCHKEY_USER_ID = 4; } enum SearchMethod { SEARCHMETHOD_EQUALS = 0; SEARCHMETHOD_STARTS_WITH = 1; SEARCHMETHOD_CONTAINS = 2; SEARCHMETHOD_EQUALS_IGNORE_CASE = 3; SEARCHMETHOD_STARTS_WITH_IGNORE_CASE = 4; SEARCHMETHOD_CONTAINS_IGNORE_CASE = 5; SEARCHMETHOD_NOT_EQUALS = 6; SEARCHMETHOD_GREATER_THAN = 7; SEARCHMETHOD_LESS_THAN = 8; SEARCHMETHOD_IS_ONE_OF = 9; SEARCHMETHOD_LIST_CONTAINS = 10; } message FailedEventID { string database = 1; string view_name = 2; uint64 failed_sequence = 3; } message FailedEvents { repeated FailedEvent failed_events = 1; } message FailedEvent { string database = 1; string view_name = 2; uint64 failed_sequence = 3; uint64 failure_count = 4; string error_message = 5; } message ViewID { string database = 1; string view_name = 2; } message Views { repeated View views = 1; } message View { string database = 1; string view_name = 2; uint64 sequence = 3; }