TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-07-13 11:58:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
zitadel/internal/api/grpc/project/v2beta/query.go
Livio Spring 9ebf2316c6
feat: exchange gRPC server implementation to connectRPC (#10145) 
# Which Problems Are Solved

The current maintained gRPC server in combination with a REST (grpc)
gateway is getting harder and harder to maintain. Additionally, there
have been and still are issues with supporting / displaying `oneOf`s
correctly.
We therefore decided to exchange the server implementation to
connectRPC, which apart from supporting connect as protocol, also also
"standard" gRCP clients as well as HTTP/1.1 / rest like clients, e.g.
curl directly call the server without any additional gateway.

# How the Problems Are Solved

- All v2 services are moved to connectRPC implementation. (v1 services
are still served as pure grpc servers)
- All gRPC server interceptors were migrated / copied to a corresponding
connectRPC interceptor.
- API.ListGrpcServices and API. ListGrpcMethods were changed to include
the connect services and endpoints.
- gRPC server reflection was changed to a `StaticReflector` using the
`ListGrpcServices` list.
- The `grpc.Server` interfaces was split into different combinations to
be able to handle the different cases (grpc server and prefixed gateway,
connect server with grpc gateway, connect server only, ...)
- Docs of services serving connectRPC only with no additional gateway
(instance, webkey, project, app, org v2 beta) are changed to expose that
- since the plugin is not yet available on buf, we download it using
`postinstall` hook of the docs

# Additional Changes

- WebKey service is added as v2 service (in addition to the current
v2beta)

# Additional Context

closes #9483

---------

Co-authored-by: Elio Bischof <elio@zitadel.com>
2025-07-04 14:06:20 +00:00

430 lines
16 KiB
Go
Raw Blame History

package project
import (
"context"
"connectrpc.com/connect"
"google.golang.org/protobuf/types/known/timestamppb"
filter "github.com/zitadel/zitadel/internal/api/grpc/filter/v2beta"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/query"
"github.com/zitadel/zitadel/internal/zerrors"
filter_pb "github.com/zitadel/zitadel/pkg/grpc/filter/v2beta"
project_pb "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"
)
func (s *Server) GetProject(ctx context.Context, req *connect.Request[project_pb.GetProjectRequest]) (*connect.Response[project_pb.GetProjectResponse], error) {
project, err := s.query.GetProjectByIDWithPermission(ctx, true, req.Msg.GetId(), s.checkPermission)
if err != nil {
return nil, err
}
return connect.NewResponse(&project_pb.GetProjectResponse{
Project: projectToPb(project),
}), nil
}
func (s *Server) ListProjects(ctx context.Context, req *connect.Request[project_pb.ListProjectsRequest]) (*connect.Response[project_pb.ListProjectsResponse], error) {
queries, err := s.listProjectRequestToModel(req.Msg)
if err != nil {
return nil, err
}
resp, err := s.query.SearchGrantedProjects(ctx, queries, s.checkPermission)
if err != nil {
return nil, err
}
return connect.NewResponse(&project_pb.ListProjectsResponse{
Projects: grantedProjectsToPb(resp.GrantedProjects),
Pagination: filter.QueryToPaginationPb(queries.SearchRequest, resp.SearchResponse),
}), nil
}
func (s *Server) listProjectRequestToModel(req *project_pb.ListProjectsRequest) (*query.ProjectAndGrantedProjectSearchQueries, error) {
offset, limit, asc, err := filter.PaginationPbToQuery(s.systemDefaults, req.Pagination)
if err != nil {
return nil, err
}
queries, err := projectFiltersToQuery(req.Filters)
if err != nil {
return nil, err
}
return &query.ProjectAndGrantedProjectSearchQueries{
SearchRequest: query.SearchRequest{
Offset: offset,
Limit: limit,
Asc: asc,
SortingColumn: grantedProjectFieldNameToSortingColumn(req.SortingColumn),
},
Queries: queries,
}, nil
}
func grantedProjectFieldNameToSortingColumn(field *project_pb.ProjectFieldName) query.Column {
if field == nil {
return query.GrantedProjectColumnCreationDate
}
switch *field {
case project_pb.ProjectFieldName_PROJECT_FIELD_NAME_CREATION_DATE:
return query.GrantedProjectColumnCreationDate
case project_pb.ProjectFieldName_PROJECT_FIELD_NAME_ID:
return query.GrantedProjectColumnID
case project_pb.ProjectFieldName_PROJECT_FIELD_NAME_NAME:
return query.GrantedProjectColumnName
case project_pb.ProjectFieldName_PROJECT_FIELD_NAME_CHANGE_DATE:
return query.GrantedProjectColumnChangeDate
case project_pb.ProjectFieldName_PROJECT_FIELD_NAME_UNSPECIFIED:
return query.GrantedProjectColumnCreationDate
default:
return query.GrantedProjectColumnCreationDate
}
}
func projectFiltersToQuery(queries []*project_pb.ProjectSearchFilter) (_ []query.SearchQuery, err error) {
q := make([]query.SearchQuery, len(queries))
for i, qry := range queries {
q[i], err = projectFilterToModel(qry)
if err != nil {
return nil, err
}
}
return q, nil
}
func projectFilterToModel(filter *project_pb.ProjectSearchFilter) (query.SearchQuery, error) {
switch q := filter.Filter.(type) {
case *project_pb.ProjectSearchFilter_ProjectNameFilter:
return projectNameFilterToQuery(q.ProjectNameFilter)
case *project_pb.ProjectSearchFilter_InProjectIdsFilter:
return projectInIDsFilterToQuery(q.InProjectIdsFilter)
case *project_pb.ProjectSearchFilter_ProjectResourceOwnerFilter:
return projectResourceOwnerFilterToQuery(q.ProjectResourceOwnerFilter)
case *project_pb.ProjectSearchFilter_ProjectOrganizationIdFilter:
return projectOrganizationIDFilterToQuery(q.ProjectOrganizationIdFilter)
case *project_pb.ProjectSearchFilter_ProjectGrantResourceOwnerFilter:
return projectGrantResourceOwnerFilterToQuery(q.ProjectGrantResourceOwnerFilter)
default:
return nil, zerrors.ThrowInvalidArgument(nil, "ORG-vR9nC", "List.Query.Invalid")
}
}
func projectNameFilterToQuery(q *project_pb.ProjectNameFilter) (query.SearchQuery, error) {
return query.NewGrantedProjectNameSearchQuery(filter.TextMethodPbToQuery(q.Method), q.GetProjectName())
}
func projectInIDsFilterToQuery(q *filter_pb.InIDsFilter) (query.SearchQuery, error) {
return query.NewGrantedProjectIDSearchQuery(q.Ids)
}
func projectResourceOwnerFilterToQuery(q *filter_pb.IDFilter) (query.SearchQuery, error) {
return query.NewGrantedProjectResourceOwnerSearchQuery(q.Id)
}
func projectOrganizationIDFilterToQuery(q *filter_pb.IDFilter) (query.SearchQuery, error) {
return query.NewGrantedProjectOrganizationIDSearchQuery(q.Id)
}
func projectGrantResourceOwnerFilterToQuery(q *filter_pb.IDFilter) (query.SearchQuery, error) {
return query.NewGrantedProjectGrantResourceOwnerSearchQuery(q.Id)
}
func grantedProjectsToPb(projects []*query.GrantedProject) []*project_pb.Project {
o := make([]*project_pb.Project, len(projects))
for i, org := range projects {
o[i] = grantedProjectToPb(org)
}
return o
}
func projectToPb(project *query.Project) *project_pb.Project {
return &project_pb.Project{
Id: project.ID,
OrganizationId: project.ResourceOwner,
CreationDate: timestamppb.New(project.CreationDate),
ChangeDate: timestamppb.New(project.ChangeDate),
State: projectStateToPb(project.State),
Name: project.Name,
PrivateLabelingSetting: privateLabelingSettingToPb(project.PrivateLabelingSetting),
ProjectAccessRequired: project.HasProjectCheck,
ProjectRoleAssertion: project.ProjectRoleAssertion,
AuthorizationRequired: project.ProjectRoleCheck,
}
}
func grantedProjectToPb(project *query.GrantedProject) *project_pb.Project {
var grantedOrganizationID, grantedOrganizationName *string
if project.GrantedOrgID != "" {
grantedOrganizationID = &project.GrantedOrgID
}
if project.OrgName != "" {
grantedOrganizationName = &project.OrgName
}
return &project_pb.Project{
Id: project.ProjectID,
OrganizationId: project.ResourceOwner,
CreationDate: timestamppb.New(project.CreationDate),
ChangeDate: timestamppb.New(project.ChangeDate),
State: projectStateToPb(project.ProjectState),
Name: project.ProjectName,
PrivateLabelingSetting: privateLabelingSettingToPb(project.PrivateLabelingSetting),
ProjectAccessRequired: project.HasProjectCheck,
ProjectRoleAssertion: project.ProjectRoleAssertion,
AuthorizationRequired: project.ProjectRoleCheck,
GrantedOrganizationId: grantedOrganizationID,
GrantedOrganizationName: grantedOrganizationName,
GrantedState: grantedProjectStateToPb(project.ProjectGrantState),
}
}
func projectStateToPb(state domain.ProjectState) project_pb.ProjectState {
switch state {
case domain.ProjectStateActive:
return project_pb.ProjectState_PROJECT_STATE_ACTIVE
case domain.ProjectStateInactive:
return project_pb.ProjectState_PROJECT_STATE_INACTIVE
case domain.ProjectStateUnspecified, domain.ProjectStateRemoved:
return project_pb.ProjectState_PROJECT_STATE_UNSPECIFIED
default:
return project_pb.ProjectState_PROJECT_STATE_UNSPECIFIED
}
}
func grantedProjectStateToPb(state domain.ProjectGrantState) project_pb.GrantedProjectState {
switch state {
case domain.ProjectGrantStateActive:
return project_pb.GrantedProjectState_GRANTED_PROJECT_STATE_ACTIVE
case domain.ProjectGrantStateInactive:
return project_pb.GrantedProjectState_GRANTED_PROJECT_STATE_INACTIVE
case domain.ProjectGrantStateUnspecified, domain.ProjectGrantStateRemoved:
return project_pb.GrantedProjectState_GRANTED_PROJECT_STATE_UNSPECIFIED
default:
return project_pb.GrantedProjectState_GRANTED_PROJECT_STATE_UNSPECIFIED
}
}
func privateLabelingSettingToPb(setting domain.PrivateLabelingSetting) project_pb.PrivateLabelingSetting {
switch setting {
case domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy:
return project_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_ALLOW_LOGIN_USER_RESOURCE_OWNER_POLICY
case domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy:
return project_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_ENFORCE_PROJECT_RESOURCE_OWNER_POLICY
case domain.PrivateLabelingSettingUnspecified:
return project_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_UNSPECIFIED
default:
return project_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_UNSPECIFIED
}
}
func (s *Server) ListProjectGrants(ctx context.Context, req *connect.Request[project_pb.ListProjectGrantsRequest]) (*connect.Response[project_pb.ListProjectGrantsResponse], error) {
queries, err := s.listProjectGrantsRequestToModel(req.Msg)
if err != nil {
return nil, err
}
resp, err := s.query.SearchProjectGrants(ctx, queries, s.checkPermission)
if err != nil {
return nil, err
}
return connect.NewResponse(&project_pb.ListProjectGrantsResponse{
ProjectGrants: projectGrantsToPb(resp.ProjectGrants),
Pagination: filter.QueryToPaginationPb(queries.SearchRequest, resp.SearchResponse),
}), nil
}
func (s *Server) listProjectGrantsRequestToModel(req *project_pb.ListProjectGrantsRequest) (*query.ProjectGrantSearchQueries, error) {
offset, limit, asc, err := filter.PaginationPbToQuery(s.systemDefaults, req.Pagination)
if err != nil {
return nil, err
}
queries, err := projectGrantFiltersToModel(req.Filters)
if err != nil {
return nil, err
}
return &query.ProjectGrantSearchQueries{
SearchRequest: query.SearchRequest{
Offset: offset,
Limit: limit,
Asc: asc,
SortingColumn: projectGrantFieldNameToSortingColumn(req.SortingColumn),
},
Queries: queries,
}, nil
}
func projectGrantFieldNameToSortingColumn(field *project_pb.ProjectGrantFieldName) query.Column {
if field == nil {
return query.ProjectGrantColumnCreationDate
}
switch *field {
case project_pb.ProjectGrantFieldName_PROJECT_GRANT_FIELD_NAME_PROJECT_ID:
return query.ProjectGrantColumnProjectID
case project_pb.ProjectGrantFieldName_PROJECT_GRANT_FIELD_NAME_CREATION_DATE:
return query.ProjectGrantColumnCreationDate
case project_pb.ProjectGrantFieldName_PROJECT_GRANT_FIELD_NAME_CHANGE_DATE:
return query.ProjectGrantColumnChangeDate
case project_pb.ProjectGrantFieldName_PROJECT_GRANT_FIELD_NAME_UNSPECIFIED:
return query.ProjectGrantColumnCreationDate
default:
return query.ProjectGrantColumnCreationDate
}
}
func projectGrantFiltersToModel(queries []*project_pb.ProjectGrantSearchFilter) (_ []query.SearchQuery, err error) {
q := make([]query.SearchQuery, len(queries))
for i, qry := range queries {
q[i], err = projectGrantFilterToModel(qry)
if err != nil {
return nil, err
}
}
return q, nil
}
func projectGrantFilterToModel(filter *project_pb.ProjectGrantSearchFilter) (query.SearchQuery, error) {
switch q := filter.Filter.(type) {
case *project_pb.ProjectGrantSearchFilter_ProjectNameFilter:
return projectNameFilterToQuery(q.ProjectNameFilter)
case *project_pb.ProjectGrantSearchFilter_RoleKeyFilter:
return query.NewProjectGrantRoleKeySearchQuery(q.RoleKeyFilter.Key)
case *project_pb.ProjectGrantSearchFilter_InProjectIdsFilter:
return query.NewProjectGrantProjectIDsSearchQuery(q.InProjectIdsFilter.Ids)
case *project_pb.ProjectGrantSearchFilter_ProjectResourceOwnerFilter:
return query.NewProjectGrantResourceOwnerSearchQuery(q.ProjectResourceOwnerFilter.Id)
case *project_pb.ProjectGrantSearchFilter_ProjectGrantResourceOwnerFilter:
return query.NewProjectGrantGrantedOrgIDSearchQuery(q.ProjectGrantResourceOwnerFilter.Id)
default:
return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-M099f", "List.Query.Invalid")
}
}
func projectGrantsToPb(projects []*query.ProjectGrant) []*project_pb.ProjectGrant {
p := make([]*project_pb.ProjectGrant, len(projects))
for i, project := range projects {
p[i] = projectGrantToPb(project)
}
return p
}
func projectGrantToPb(project *query.ProjectGrant) *project_pb.ProjectGrant {
return &project_pb.ProjectGrant{
OrganizationId: project.ResourceOwner,
CreationDate: timestamppb.New(project.CreationDate),
ChangeDate: timestamppb.New(project.ChangeDate),
GrantedOrganizationId: project.GrantedOrgID,
GrantedOrganizationName: project.OrgName,
GrantedRoleKeys: project.GrantedRoleKeys,
ProjectId: project.ProjectID,
ProjectName: project.ProjectName,
State: projectGrantStateToPb(project.State),
}
}
func projectGrantStateToPb(state domain.ProjectGrantState) project_pb.ProjectGrantState {
switch state {
case domain.ProjectGrantStateActive:
return project_pb.ProjectGrantState_PROJECT_GRANT_STATE_ACTIVE
case domain.ProjectGrantStateInactive:
return project_pb.ProjectGrantState_PROJECT_GRANT_STATE_INACTIVE
case domain.ProjectGrantStateUnspecified, domain.ProjectGrantStateRemoved:
return project_pb.ProjectGrantState_PROJECT_GRANT_STATE_UNSPECIFIED
default:
return project_pb.ProjectGrantState_PROJECT_GRANT_STATE_UNSPECIFIED
}
}
func (s *Server) ListProjectRoles(ctx context.Context, req *connect.Request[project_pb.ListProjectRolesRequest]) (*connect.Response[project_pb.ListProjectRolesResponse], error) {
queries, err := s.listProjectRolesRequestToModel(req.Msg)
if err != nil {
return nil, err
}
err = queries.AppendProjectIDQuery(req.Msg.GetProjectId())
if err != nil {
return nil, err
}
roles, err := s.query.SearchProjectRoles(ctx, true, queries, s.checkPermission)
if err != nil {
return nil, err
}
return connect.NewResponse(&project_pb.ListProjectRolesResponse{
ProjectRoles: roleViewsToPb(roles.ProjectRoles),
Pagination: filter.QueryToPaginationPb(queries.SearchRequest, roles.SearchResponse),
}), nil
}
func (s *Server) listProjectRolesRequestToModel(req *project_pb.ListProjectRolesRequest) (*query.ProjectRoleSearchQueries, error) {
offset, limit, asc, err := filter.PaginationPbToQuery(s.systemDefaults, req.Pagination)
if err != nil {
return nil, err
}
queries, err := roleQueriesToModel(req.Filters)
if err != nil {
return nil, err
}
return &query.ProjectRoleSearchQueries{
SearchRequest: query.SearchRequest{
Offset: offset,
Limit: limit,
Asc: asc,
SortingColumn: projectRoleFieldNameToSortingColumn(req.SortingColumn),
},
Queries: queries,
}, nil
}
func projectRoleFieldNameToSortingColumn(field *project_pb.ProjectRoleFieldName) query.Column {
if field == nil {
return query.ProjectRoleColumnCreationDate
}
switch *field {
case project_pb.ProjectRoleFieldName_PROJECT_ROLE_FIELD_NAME_KEY:
return query.ProjectRoleColumnKey
case project_pb.ProjectRoleFieldName_PROJECT_ROLE_FIELD_NAME_CREATION_DATE:
return query.ProjectRoleColumnCreationDate
case project_pb.ProjectRoleFieldName_PROJECT_ROLE_FIELD_NAME_CHANGE_DATE:
return query.ProjectRoleColumnChangeDate
case project_pb.ProjectRoleFieldName_PROJECT_ROLE_FIELD_NAME_UNSPECIFIED:
return query.ProjectRoleColumnCreationDate
default:
return query.ProjectRoleColumnCreationDate
}
}
func roleQueriesToModel(queries []*project_pb.ProjectRoleSearchFilter) (_ []query.SearchQuery, err error) {
q := make([]query.SearchQuery, len(queries))
for i, query := range queries {
q[i], err = roleQueryToModel(query)
if err != nil {
return nil, err
}
}
return q, nil
}
func roleQueryToModel(apiQuery *project_pb.ProjectRoleSearchFilter) (query.SearchQuery, error) {
switch q := apiQuery.Filter.(type) {
case *project_pb.ProjectRoleSearchFilter_RoleKeyFilter:
return query.NewProjectRoleKeySearchQuery(filter.TextMethodPbToQuery(q.RoleKeyFilter.Method), q.RoleKeyFilter.Key)
case *project_pb.ProjectRoleSearchFilter_DisplayNameFilter:
return query.NewProjectRoleDisplayNameSearchQuery(filter.TextMethodPbToQuery(q.DisplayNameFilter.Method), q.DisplayNameFilter.DisplayName)
default:
return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-fms0e", "List.Query.Invalid")
}
}
func roleViewsToPb(roles []*query.ProjectRole) []*project_pb.ProjectRole {
o := make([]*project_pb.ProjectRole, len(roles))
for i, org := range roles {
o[i] = roleViewToPb(org)
}
return o
}
func roleViewToPb(role *query.ProjectRole) *project_pb.ProjectRole {
return &project_pb.ProjectRole{
ProjectId: role.ProjectID,
Key: role.Key,
CreationDate: timestamppb.New(role.CreationDate),
ChangeDate: timestamppb.New(role.ChangeDate),
DisplayName: role.DisplayName,
Group: role.Group,
}
}
Reference in New Issue View Git Blame Copy Permalink