mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-12 02:54:20 +00:00
958362e6c9
* commander * commander * selber! * move to packages * fix(errors): implement Is interface * test: command * test: commands * add init steps * setup tenant * add default step yaml * possibility to set password * merge v2 into v2-commander * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: search query builder can filter events in memory * fix: filters for add member * fix(setup): add `ExternalSecure` to config * chore: name iam to instance * fix: matching * remove unsued func * base url * base url * test(command): filter funcs * test: commands * fix: rename orgiampolicy to domain policy * start from init * commands * config * fix indexes and add constraints * fixes * fix: merge conflicts * fix: protos * fix: md files * setup * add deprecated org iam policy again * typo * fix search query * fix filter * Apply suggestions from code review * remove custom org from org setup * add todos for verification * change apps creation * simplify package structure * fix error * move preparation helper for tests * fix unique constraints * fix config mapping in setup * fix error handling in encryption_keys.go * fix projection config * fix query from old views to projection * fix setup of mgmt api * set iam project and fix instance projection * fix tokens view * fix steps.yaml and defaults.yaml * fix projections * change instance context to interface * instance interceptors and additional events in setup * cleanup * tests for interceptors * fix label policy * add todo * single api endpoint in environment.json Co-authored-by: adlerhurst <silvan.reusser@gmail.com> Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
582 lines
15 KiB
YAML
582 lines
15 KiB
YAML
Log:
|
|
Level: debug
|
|
Formatter:
|
|
Format: text
|
|
|
|
Port: 8080
|
|
ExternalPort: 8080
|
|
ExternalDomain: localhost
|
|
ExternalSecure: true
|
|
HTTP2HostHeader: ":authority"
|
|
HTTP1HostHeader: "host"
|
|
|
|
Database:
|
|
Host: localhost
|
|
Port: 26257
|
|
Database: zitadel
|
|
MaxOpenConns: 20
|
|
MaxConnLifetime: 30m
|
|
MaxConnIdleTime: 30m
|
|
Options: ""
|
|
User:
|
|
Username: zitadel
|
|
Password: ""
|
|
SSL:
|
|
Mode: disable
|
|
RootCert: ""
|
|
Cert: ""
|
|
Key: ""
|
|
|
|
AdminUser:
|
|
Username: root
|
|
Password: ""
|
|
SSL:
|
|
Mode: disable
|
|
RootCert: ""
|
|
Cert: ""
|
|
Key: ""
|
|
|
|
Projections:
|
|
RequeueEvery: 10s
|
|
RetryFailedAfter: 1s
|
|
MaxFailureCount: 5
|
|
BulkLimit: 200
|
|
MaxIterators: 1
|
|
Customizations:
|
|
projects:
|
|
BulkLimit: 2000
|
|
|
|
AuthZ:
|
|
Repository:
|
|
Spooler:
|
|
ConcurrentWorkers: 1
|
|
BulkLimit: 10000
|
|
FailureCountUntilSkip: 5
|
|
|
|
Auth:
|
|
SearchLimit: 1000
|
|
Spooler:
|
|
ConcurrentWorkers: 1
|
|
BulkLimit: 10000
|
|
FailureCountUntilSkip: 5
|
|
|
|
Admin:
|
|
SearchLimit: 1000
|
|
Spooler:
|
|
ConcurrentWorkers: 1
|
|
BulkLimit: 10000
|
|
FailureCountUntilSkip: 5
|
|
|
|
UserAgentCookie:
|
|
Name: zitadel.useragent
|
|
MaxAge: 8760h #365*24h (1 year)
|
|
|
|
OIDC:
|
|
CodeMethodS256: true
|
|
AuthMethodPost: true
|
|
AuthMethodPrivateKeyJWT: true
|
|
GrantTypeRefreshToken: true
|
|
RequestObjectSupported: true
|
|
SigningKeyAlgorithm: RS256
|
|
DefaultAccessTokenLifetime: 12h
|
|
DefaultIdTokenLifetime: 12h
|
|
DefaultRefreshTokenIdleExpiration: 720h #30d
|
|
DefaultRefreshTokenExpiration: 2160h #90d
|
|
Cache:
|
|
MaxAge: 12h
|
|
SharedMaxAge: 168h #7d
|
|
CustomEndpoints:
|
|
|
|
Login:
|
|
LanguageCookieName: zitadel.login.lang
|
|
CSRFCookieName: zitadel.login.csrf
|
|
Cache:
|
|
MaxAge: 12h
|
|
SharedMaxAge: 168h #7d
|
|
|
|
Console:
|
|
ConsoleOverwriteDir: ""
|
|
ShortCache:
|
|
MaxAge: 5m
|
|
SharedMaxAge: 15m
|
|
LongCache:
|
|
MaxAge: 12h
|
|
SharedMaxAge: 168h
|
|
|
|
Notification:
|
|
Repository:
|
|
Spooler:
|
|
ConcurrentWorkers: 1
|
|
BulkLimit: 10000
|
|
FailureCountUntilSkip: 5
|
|
Handlers:
|
|
|
|
EncryptionKeys:
|
|
DomainVerification:
|
|
EncryptionKeyID: "domainVerificationKey"
|
|
DecryptionKeyIDs:
|
|
IDPConfig:
|
|
EncryptionKeyID: "idpConfigKey"
|
|
DecryptionKeyIDs:
|
|
OIDC:
|
|
EncryptionKeyID: "oidcKey"
|
|
DecryptionKeyIDs:
|
|
OTP:
|
|
EncryptionKeyID: "otpKey"
|
|
DecryptionKeyIDs:
|
|
SMS:
|
|
EncryptionKeyID: "smsKey"
|
|
DecryptionKeyIDs:
|
|
SMTP:
|
|
EncryptionKeyID: "smtpKey"
|
|
DecryptionKeyIDs:
|
|
User:
|
|
EncryptionKeyID: "userKey"
|
|
DecryptionKeyIDs:
|
|
CSRFCookieKeyID: "csrfCookieKey"
|
|
UserAgentCookieKeyID: "userAgentCookieKey"
|
|
|
|
#TODO: configure as soon as possible
|
|
#AssetStorage:
|
|
# Type: $ZITADEL_ASSET_STORAGE_TYPE
|
|
# Config:
|
|
# Endpoint: $ZITADEL_ASSET_STORAGE_ENDPOINT
|
|
# AccessKeyID: $ZITADEL_ASSET_STORAGE_ACCESS_KEY_ID
|
|
# SecretAccessKey: $ZITADEL_ASSET_STORAGE_SECRET_ACCESS_KEY
|
|
# SSL: $ZITADEL_ASSET_STORAGE_SSL
|
|
# Location: $ZITADEL_ASSET_STORAGE_LOCATION
|
|
# BucketPrefix: $ZITADEL_ASSET_STORAGE_BUCKET_PREFIX
|
|
# MultiDelete: $ZITADEL_ASSET_STORAGE_MULTI_DELETE
|
|
|
|
#TODO: remove as soon as possible
|
|
SystemDefaults:
|
|
# DefaultLanguage: 'en'
|
|
Domain: $ZITADEL_DEFAULT_DOMAIN
|
|
ZitadelDocs:
|
|
Issuer: $ZITADEL_ISSUER
|
|
DiscoveryEndpoint: '$ZITADEL_ISSUER/.well-known/openid-configuration'
|
|
SecretGenerators:
|
|
PasswordSaltCost: 14
|
|
MachineKeySize: 2048
|
|
ApplicationKeySize: 2048
|
|
Multifactors:
|
|
OTP:
|
|
Issuer: 'ZITADEL'
|
|
DomainVerification:
|
|
VerificationGenerator:
|
|
Length: 32
|
|
IncludeLowerLetters: true
|
|
IncludeUpperLetters: true
|
|
IncludeDigits: true
|
|
IncludeSymbols: false
|
|
Notifications:
|
|
Endpoints:
|
|
InitCode: '$ZITADEL_ACCOUNTS/user/init?userID={{.UserID}}&code={{.Code}}&passwordset={{.PasswordSet}}'
|
|
PasswordReset: '$ZITADEL_ACCOUNTS/password/init?userID={{.UserID}}&code={{.Code}}'
|
|
VerifyEmail: '$ZITADEL_ACCOUNTS/mail/verification?userID={{.UserID}}&code={{.Code}}'
|
|
DomainClaimed: '$ZITADEL_ACCOUNTS/login'
|
|
PasswordlessRegistration: '$ZITADEL_ACCOUNTS/login/passwordless/init'
|
|
FileSystemPath: '.notifications/'
|
|
KeyConfig:
|
|
Size: 2048
|
|
PrivateKeyLifetime: 6h
|
|
PublicKeyLifetime: 30h
|
|
SigningKeyRotationCheck: 10s
|
|
SigningKeyGracefulPeriod: 10m
|
|
|
|
InternalAuthZ:
|
|
RolePermissionMappings:
|
|
- Role: 'IAM_OWNER'
|
|
Permissions:
|
|
- "iam.read"
|
|
- "iam.write"
|
|
- "iam.features.read"
|
|
- "iam.features.write"
|
|
- "iam.policy.read"
|
|
- "iam.policy.write"
|
|
- "iam.policy.delete"
|
|
- "iam.member.read"
|
|
- "iam.member.write"
|
|
- "iam.member.delete"
|
|
- "iam.idp.read"
|
|
- "iam.idp.write"
|
|
- "iam.idp.delete"
|
|
- "iam.action.read"
|
|
- "iam.action.write"
|
|
- "iam.action.delete"
|
|
- "iam.flow.read"
|
|
- "iam.flow.write"
|
|
- "iam.flow.delete"
|
|
- "org.read"
|
|
- "org.global.read"
|
|
- "org.create"
|
|
- "org.write"
|
|
- "org.member.read"
|
|
- "org.member.write"
|
|
- "org.member.delete"
|
|
- "org.idp.read"
|
|
- "org.idp.write"
|
|
- "org.idp.delete"
|
|
- "org.action.read"
|
|
- "org.action.write"
|
|
- "org.action.delete"
|
|
- "org.flow.read"
|
|
- "org.flow.write"
|
|
- "org.flow.delete"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.write"
|
|
- "user.delete"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "user.membership.read"
|
|
- "user.credential.write"
|
|
- "features.read"
|
|
- "policy.read"
|
|
- "policy.write"
|
|
- "policy.delete"
|
|
- "project.read"
|
|
- "project.create"
|
|
- "project.write"
|
|
- "project.delete"
|
|
- "project.member.read"
|
|
- "project.member.write"
|
|
- "project.member.delete"
|
|
- "project.role.read"
|
|
- "project.role.write"
|
|
- "project.role.delete"
|
|
- "project.app.read"
|
|
- "project.app.write"
|
|
- "project.app.delete"
|
|
- "project.grant.read"
|
|
- "project.grant.write"
|
|
- "project.grant.delete"
|
|
- "project.grant.member.read"
|
|
- "project.grant.member.write"
|
|
- "project.grant.member.delete"
|
|
- Role: 'IAM_OWNER_VIEWER'
|
|
Permissions:
|
|
- "iam.read"
|
|
- "iam.features.read"
|
|
- "iam.policy.read"
|
|
- "iam.member.read"
|
|
- "iam.idp.read"
|
|
- "iam.action.read"
|
|
- "iam.flow.read"
|
|
- "org.read"
|
|
- "org.member.read"
|
|
- "org.idp.read"
|
|
- "org.action.read"
|
|
- "org.flow.read"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.membership.read"
|
|
- "features.read"
|
|
- "policy.read"
|
|
- "project.read"
|
|
- "project.member.read"
|
|
- "project.role.read"
|
|
- "project.app.read"
|
|
- "project.grant.read"
|
|
- "project.grant.member.read"
|
|
- Role: 'IAM_ORG_MANAGER'
|
|
Permissions:
|
|
- "org.read"
|
|
- "org.global.read"
|
|
- "org.create"
|
|
- "org.write"
|
|
- "org.member.read"
|
|
- "org.member.write"
|
|
- "org.member.delete"
|
|
- "org.idp.read"
|
|
- "org.idp.write"
|
|
- "org.idp.delete"
|
|
- "org.action.read"
|
|
- "org.action.write"
|
|
- "org.action.delete"
|
|
- "org.flow.read"
|
|
- "org.flow.write"
|
|
- "org.flow.delete"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.write"
|
|
- "user.delete"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "user.membership.read"
|
|
- "user.credential.write"
|
|
- "features.read"
|
|
- "policy.read"
|
|
- "policy.write"
|
|
- "policy.delete"
|
|
- "project.read"
|
|
- "project.create"
|
|
- "project.write"
|
|
- "project.delete"
|
|
- "project.member.read"
|
|
- "project.member.write"
|
|
- "project.member.delete"
|
|
- "project.role.read"
|
|
- "project.role.write"
|
|
- "project.role.delete"
|
|
- "project.app.read"
|
|
- "project.app.write"
|
|
- "project.app.delete"
|
|
- "project.grant.read"
|
|
- "project.grant.write"
|
|
- "project.grant.delete"
|
|
- "project.grant.member.read"
|
|
- "project.grant.member.write"
|
|
- "project.grant.member.delete"
|
|
- Role: 'IAM_USER_MANAGER'
|
|
Permissions:
|
|
- "org.read"
|
|
- "org.global.read"
|
|
- "org.member.read"
|
|
- "org.member.delete"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.write"
|
|
- "user.delete"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "user.membership.read"
|
|
- "features.read"
|
|
- "project.read"
|
|
- "project.member.read"
|
|
- "project.role.read"
|
|
- "project.app.read"
|
|
- "project.grant.read"
|
|
- "project.grant.write"
|
|
- "project.grant.delete"
|
|
- "project.grant.member.read"
|
|
- Role: 'ORG_OWNER'
|
|
Permissions:
|
|
- "org.read"
|
|
- "org.global.read"
|
|
- "org.create"
|
|
- "org.write"
|
|
- "org.member.read"
|
|
- "org.member.write"
|
|
- "org.member.delete"
|
|
- "org.idp.read"
|
|
- "org.idp.write"
|
|
- "org.idp.delete"
|
|
- "org.action.read"
|
|
- "org.action.write"
|
|
- "org.action.delete"
|
|
- "org.flow.read"
|
|
- "org.flow.write"
|
|
- "org.flow.delete"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.write"
|
|
- "user.delete"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "user.membership.read"
|
|
- "user.credential.write"
|
|
- "features.read"
|
|
- "policy.read"
|
|
- "policy.write"
|
|
- "policy.delete"
|
|
- "project.read"
|
|
- "project.create"
|
|
- "project.write"
|
|
- "project.delete"
|
|
- "project.member.read"
|
|
- "project.member.write"
|
|
- "project.member.delete"
|
|
- "project.role.read"
|
|
- "project.role.write"
|
|
- "project.role.delete"
|
|
- "project.app.read"
|
|
- "project.app.write"
|
|
- "project.grant.read"
|
|
- "project.grant.write"
|
|
- "project.grant.delete"
|
|
- "project.grant.member.read"
|
|
- "project.grant.member.write"
|
|
- "project.grant.member.delete"
|
|
- Role: 'ORG_USER_MANAGER'
|
|
Permissions:
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.write"
|
|
- "user.delete"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "user.membership.read"
|
|
- "project.read"
|
|
- "project.role.read"
|
|
- Role: 'ORG_OWNER_VIEWER'
|
|
Permissions:
|
|
- "org.read"
|
|
- "org.member.read"
|
|
- "org.idp.read"
|
|
- "org.action.read"
|
|
- "org.flow.read"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.membership.read"
|
|
- "features.read"
|
|
- "policy.read"
|
|
- "project.read"
|
|
- "project.member.read"
|
|
- "project.role.read"
|
|
- "project.app.read"
|
|
- "project.grant.read"
|
|
- "project.grant.member.read"
|
|
- "project.grant.user.grant.read"
|
|
- Role: 'ORG_USER_PERMISSION_EDITOR'
|
|
Permissions:
|
|
- "org.read"
|
|
- "org.member.read"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "policy.read"
|
|
- "project.read"
|
|
- "project.member.read"
|
|
- "project.role.read"
|
|
- "project.app.read"
|
|
- "project.grant.read"
|
|
- "project.grant.member.read"
|
|
- Role: 'ORG_PROJECT_PERMISSION_EDITOR'
|
|
Permissions:
|
|
- "org.read"
|
|
- "org.member.read"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "policy.read"
|
|
- "project.read"
|
|
- "project.member.read"
|
|
- "project.role.read"
|
|
- "project.app.read"
|
|
- "project.grant.read"
|
|
- "project.grant.write"
|
|
- "project.grant.delete"
|
|
- "project.grant.member.read"
|
|
- Role: 'ORG_PROJECT_CREATOR'
|
|
Permissions:
|
|
- "user.global.read"
|
|
- "policy.read"
|
|
- "project.read:self"
|
|
- "project.create"
|
|
- Role: 'PROJECT_OWNER'
|
|
Permissions:
|
|
- "org.global.read"
|
|
- "policy.read"
|
|
- "project.read"
|
|
- "project.write"
|
|
- "project.delete"
|
|
- "project.member.read"
|
|
- "project.member.write"
|
|
- "project.member.delete"
|
|
- "project.role.read"
|
|
- "project.role.write"
|
|
- "project.role.delete"
|
|
- "project.app.read"
|
|
- "project.app.write"
|
|
- "project.app.delete"
|
|
- "project.grant.read"
|
|
- "project.grant.write"
|
|
- "project.grant.delete"
|
|
- "project.grant.member.read"
|
|
- "project.grant.member.write"
|
|
- "project.grant.member.delete"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "user.membership.read"
|
|
- Role: 'PROJECT_OWNER_VIEWER'
|
|
Permissions:
|
|
- "policy.read"
|
|
- "project.read"
|
|
- "project.member.read"
|
|
- "project.role.read"
|
|
- "project.app.read"
|
|
- "project.grant.read"
|
|
- "project.grant.member.read"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.membership.read"
|
|
- Role: 'SELF_MANAGEMENT_GLOBAL'
|
|
Permissions:
|
|
- "org.create"
|
|
- "policy.read"
|
|
- "user.self.delete"
|
|
- Role: 'PROJECT_OWNER_GLOBAL'
|
|
Permissions:
|
|
- "org.global.read"
|
|
- "policy.read"
|
|
- "project.read"
|
|
- "project.write"
|
|
- "project.delete"
|
|
- "project.member.read"
|
|
- "project.member.write"
|
|
- "project.member.delete"
|
|
- "project.role.read"
|
|
- "project.role.write"
|
|
- "project.role.delete"
|
|
- "project.app.read"
|
|
- "project.app.write"
|
|
- "project.app.delete"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "user.membership.read"
|
|
- Role: 'PROJECT_OWNER_VIEWER_GLOBAL'
|
|
Permissions:
|
|
- "policy.read"
|
|
- "project.read"
|
|
- "project.member.read"
|
|
- "project.role.read"
|
|
- "project.app.read"
|
|
- "project.grant.read"
|
|
- "project.grant.member.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.membership.read"
|
|
- Role: 'PROJECT_GRANT_OWNER'
|
|
Permissions:
|
|
- "policy.read"
|
|
- "org.global.read"
|
|
- "project.read"
|
|
- "project.grant.read"
|
|
- "project.grant.member.read"
|
|
- "project.grant.member.write"
|
|
- "project.grant.member.delete"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.grant.write"
|
|
- "user.grant.delete"
|
|
- "user.membership.read"
|
|
- Role: 'PROJECT_GRANT_OWNER_VIEWER'
|
|
Permissions:
|
|
- "policy.read"
|
|
- "project.read"
|
|
- "project.grant.read"
|
|
- "project.grant.member.read"
|
|
- "user.read"
|
|
- "user.global.read"
|
|
- "user.grant.read"
|
|
- "user.membership.read"
|