mirror of
https://github.com/zitadel/zitadel.git
synced 2025-01-12 11:53:39 +00:00
5abd5b0505
* feat(management): service accounts * chore: current go version * init * refactor: apis * feat(internal): start impl of service account * chore: start impl of machine/human users * code compiles * fix: tests * fix: tests * fix: add new event types to switches * chore: add cases to event types * fix(management): definitive proto messages * fix: machine/human * fix: add missing tables as todos * fix: remove unused permissions * fix: refactoring * fix: refactor * fix: human registered * fix: user id * fix: logid * fix: proto remove //equal * chore(management): remove no comment * fix: human mfas * fix: user subobjects * chore: rename existing to better name * fix: username in user (#634) * fix: username in user * fix: username * fix remove unused code * fix add validations * fix: use new user in all apis * fix: regexp for username in api * fix: fill user data for human and machine (#638) * fix: fill Display name grant/member handlers fix: add description to grant/member objects in api fix: check if user is human in login * fix: remove description from member and grant * chore: remove todos * feat: machine keys * fix: implement missing parts * feat: machine key management view * fix: remove keys from machine view * fix: set default expiration date * fix: get key by ids * feat: add machine keys in proto * feat: machine keys * fix: add migration * fix: mig * fix: correct method name * feat: user search * feat: user search * fix: log ids * fix partial authconfig prompt, domain c perm * membership read check * contributor refresh trigger, observe org write * fix: migrations * fix(console): machine build (#660) * frontend 1 * fix html bindings * trailing comma * user permissions, project deactivate * fix(console): human view (#661) * fix search user view, user detail form * rm log * feat(console): user services list and create (#663) * fix search user view, user detail form * rm log * machine list * generic table component * create user service * proove table for undefined values * tmp disable user link if machine * lint * lint styles * user table lint * Update console/src/assets/i18n/de.json Co-authored-by: Florian Forster <florian@caos.ch> * feat(console): service user detail view, keys cr_d, fix search user autocomplete (#664) * service users for sidenav, routing * i18n * back routes * machine detail form * update machine detail, fix svc user grants * keys table * add key dialog, timestamp creation * check permission on create, delete, fix selection * lint ts, scss * Update console/src/assets/i18n/de.json * Apply suggestions from code review Co-authored-by: Florian Forster <florian@caos.ch> * allow user grants for project.write * management service * fix mgmt service * feat: Machine keys (#655) * fix: memberships (#633) * feat: add iam members to memberships * fix: search project grants * fix: rename * feat: idp and login policy configurations (#619) * feat: oidc config * fix: oidc configurations * feat: oidc idp config * feat: add oidc config test * fix: tests * fix: tests * feat: translate new events * feat: idp eventstore * feat: idp eventstore * fix: tests * feat: command side idp * feat: query side idp * feat: idp config on org * fix: tests * feat: authz idp on org * feat: org idps * feat: login policy * feat: login policy * feat: login policy * feat: add idp func on login policy * feat: add validation to loginpolicy and idp provider * feat: add default login policy * feat: login policy on org * feat: login policy on org * fix: id config handlers * fix: id config handlers * fix: create idp on org * fix: create idp on org * fix: not existing idp config * fix: default login policy * fix: add login policy on org * fix: idp provider search on org * fix: test * fix: remove idp on org * fix: test * fix: test * fix: remove admin idp * fix: logo src as byte * fix: migration * fix: tests * Update internal/iam/repository/eventsourcing/iam.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/iam_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/iam_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/org/repository/eventsourcing/org_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix: pr comments * fix: tests * Update types.go * fix: merge request changes * fix: reduce optimization Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: reread user mfas, preferred loginname as otp account name (#636) * fix: reread user mfas * fix: use preferred login name as otp account name * fix: tests * fix: reduce (#635) * fix: management reduce optimization * fix: reduce optimization * fix: reduce optimization * fix: merge master * chore(deps): bump github.com/gorilla/schema from 1.1.0 to 1.2.0 (#627) Bumps [github.com/gorilla/schema](https://github.com/gorilla/schema) from 1.1.0 to 1.2.0. - [Release notes](https://github.com/gorilla/schema/releases) - [Commits](https://github.com/gorilla/schema/compare/v1.1.0...v1.2.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/gorilla/mux from 1.7.4 to 1.8.0 (#624) Bumps [github.com/gorilla/mux](https://github.com/gorilla/mux) from 1.7.4 to 1.8.0. - [Release notes](https://github.com/gorilla/mux/releases) - [Commits](https://github.com/gorilla/mux/compare/v1.7.4...v1.8.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/DATA-DOG/go-sqlmock from 1.4.1 to 1.5.0 (#591) Bumps [github.com/DATA-DOG/go-sqlmock](https://github.com/DATA-DOG/go-sqlmock) from 1.4.1 to 1.5.0. - [Release notes](https://github.com/DATA-DOG/go-sqlmock/releases) - [Commits](https://github.com/DATA-DOG/go-sqlmock/compare/v1.4.1...v1.5.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: auto assign issues and PR to ZTIADEL project board (#643) * Create main.yml * Update main.yml Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix(console): project grant members, update deps (#645) * fix: searchprojectgrantmembers * chore(deps-dev): bump @angular/cli from 10.0.6 to 10.0.7 in /console (#622) Bumps [@angular/cli](https://github.com/angular/angular-cli) from 10.0.6 to 10.0.7. - [Release notes](https://github.com/angular/angular-cli/releases) - [Commits](https://github.com/angular/angular-cli/compare/v10.0.6...v10.0.7) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @angular-devkit/build-angular in /console (#626) Bumps [@angular-devkit/build-angular](https://github.com/angular/angular-cli) from 0.1000.6 to 0.1000.7. - [Release notes](https://github.com/angular/angular-cli/releases) - [Commits](https://github.com/angular/angular-cli/commits) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Max Peintner <max@caos.ch> * chore(deps-dev): bump @types/jasmine from 3.5.12 to 3.5.13 in /console (#623) Bumps [@types/jasmine](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jasmine) from 3.5.12 to 3.5.13. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jasmine) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump ts-node from 8.10.2 to 9.0.0 in /console (#629) Bumps [ts-node](https://github.com/TypeStrong/ts-node) from 8.10.2 to 9.0.0. - [Release notes](https://github.com/TypeStrong/ts-node/releases) - [Commits](https://github.com/TypeStrong/ts-node/compare/v8.10.2...v9.0.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * update packlock Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: delete main.yml (#648) * fix: usergrant (#650) * fix(console): mfa refresh after verification, member eventemitter (#651) * refresh mfa * fix: detail link from contributors * lint * feat: add domain verification notification (#649) * fix: dont (re)generate client secret with auth type none * fix(cors): allow Origin from request * feat: add origin allow list and fix some core issues * rename migration * fix UserIDsByDomain * feat: send email to users after domain claim * username * check origin on userinfo * update oidc pkg * fix: add migration 1.6 * change username * change username * remove unique email aggregate * change username in mgmt * search global user by login name * fix test * change user search in angular * fix tests * merge * userview in angular * fix merge * Update pkg/grpc/management/proto/management.proto Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * Update internal/notification/static/i18n/de.yaml Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * fix Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * fix: translation (#647) * fix: translation * fix: translation * fix: translation * fix: remove unused code * fix: log err * fix: migration numbers (#652) * chore: issue / feature templates (#642) * feat: machine keys * fix: implement missing parts * feat: machine key management view * fix: remove keys from machine view * feat: global org read (#657) * fix: set default expiration date * fix: get key by ids * feat: add machine keys in proto * feat: machine keys * fix: add migration * fix: mig * fix: correct method name * feat: user search * feat: user search * fix: log ids * fix: migrations * fix(console): machine build (#660) * frontend 1 * fix html bindings * trailing comma * fix(console): human view (#661) * fix search user view, user detail form * rm log * feat(console): user services list and create (#663) * fix search user view, user detail form * rm log * machine list * generic table component * create user service * proove table for undefined values * tmp disable user link if machine * lint * lint styles * user table lint * Update console/src/assets/i18n/de.json Co-authored-by: Florian Forster <florian@caos.ch> * feat(console): service user detail view, keys cr_d, fix search user autocomplete (#664) * service users for sidenav, routing * i18n * back routes * machine detail form * update machine detail, fix svc user grants * keys table * add key dialog, timestamp creation * check permission on create, delete, fix selection * lint ts, scss * Update console/src/assets/i18n/de.json * Apply suggestions from code review Co-authored-by: Florian Forster <florian@caos.ch> * refactor: protos * fix(management): key expiration date * fix: check if user is human * fix: marshal key details * fix: correct generate login names * fix: logid Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com> Co-authored-by: Florian Forster <florian@caos.ch> * fix: naming * refactor: findings * fix: username * fix: mfa upper case * fix: tests * fix: add translations * reactivatemyorg req typeö * fix: projectType for console * fix: user changes * fix: translate events * fix: event type translation * fix: remove unused types Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This project is in a alpha state. The application will continue breaking until version 1.0.0 is released
What Is It
ZITADEL is a Cloud Native Identity and Access Management solution. All server side components are written in Go and the management interface, called Console, is written in Angular.
We optimized ZITADEL for the usage as service provider IAM. By service provider we think of companies who build services for e.g SaaS cases. Often these companies would like to use an IAM where they can register their application and grant other people or companies the right to self manage a set of roles within that application.
How Does It Work
We built ZITADEL around the idea that the IAM should be easy to deploy and scale. That's why we tried to reduce external systems as much as possible.
For example, ZITADEL is eventsourced but it does not rely on a pub/sub system to function. Instead we built all the functionality right into one binary.
ZITADEL only needs Kubernetes for orchestration and CockroachDB as storage.
Why Another IAM
In the past we already built a closed sourced IAM and tested multiple others. With most of them we had some issues, either technology, feature, pricing or transparency related in nature. For example we find the idea that security related features like MFA should not be hidden behind a paywall or a feature price.
One feature that we often missed, was a solid audit trail of all IAM resources. Most systems we saw so far either rely on simple log files or use a short retention for this.
How To Use It
Use our free tier
Stay tuned, we will publish how you can register an organisation in our cloud offering zitadel.ch soon.
Yes we have a free tier!
Run your own IAM
Stay tuned, we will soon publish a guide how you can deploy a hyperconverged system with our automation tooling called ORBOS.
With ORBOS you will be able to run ZITADEL on GCE or StaticProvider within 20 minutes. To achieve this, ORBOS will bootstrap and maintain a Kubernetes cluster, essential platform components (logging, metrics, ingress, ...), a secure CockroachDB cluster and ZITADEL itself.
The combination of the tools ORBOS and ZITADEL is what makes the operation easy and scalable.
See our progress here
Give me some docs
This is work in progess but will change soon.
How To Contribute
TBA
Security
See the policy here
License
See the exact licensing terms here
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.