mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-15 12:27:59 +00:00
6b3f5b984c
* refactor: switch from opencensus to opentelemetry * tempo works as designed nooooot * fix: log traceids * with grafana agent * fix: http tracing * fix: cleanup files * chore: remove todo * fix: bad test * fix: ignore methods in grpc interceptors * fix: remove test log * clean up * typo * fix(config): configure tracing endpoint * fix(span): add error id to span * feat: metrics package * feat: metrics package * fix: counter * fix: metric * try metrics * fix: coutner metrics * fix: active sessin counter * fix: active sessin counter * fix: change current Sequence table * fix: change current Sequence table * fix: current sequences * fix: spooler div metrics * fix: console view * fix: merge master * fix: Last spool run on search result instead of eventtimestamp * fix: go mod * Update console/src/assets/i18n/de.json Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: pr review * fix: map * update oidc pkg * fix: handlers * fix: value observer * fix: remove fmt * fix: handlers * fix: tests * fix: handler minimum cycle duration 1s * fix(spooler): handler channel buffer * fix interceptors Co-authored-by: adlerhurst <silvan.reusser@gmail.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com>
1141 lines
30 KiB
Protocol Buffer
1141 lines
30 KiB
Protocol Buffer
|
|
syntax = "proto3";
|
|
|
|
import "google/api/annotations.proto";
|
|
import "google/protobuf/empty.proto";
|
|
import "google/protobuf/timestamp.proto";
|
|
import "validate/validate.proto";
|
|
import "protoc-gen-swagger/options/annotations.proto";
|
|
import "authoption/options.proto";
|
|
|
|
package caos.zitadel.admin.api.v1;
|
|
|
|
option go_package ="github.com/caos/zitadel/pkg/grpc/admin";
|
|
|
|
option (grpc.gateway.protoc_gen_swagger.options.openapiv2_swagger) = {
|
|
info: {
|
|
title: "admin service";
|
|
version: "0.1";
|
|
contact:{
|
|
url: "https://github.com/caos/zitadel/pkg/admin"
|
|
};
|
|
};
|
|
|
|
schemes: HTTPS;
|
|
|
|
consumes: "application/json";
|
|
consumes: "application/grpc";
|
|
|
|
produces: "application/json";
|
|
produces: "application/grpc";
|
|
};
|
|
|
|
service AdminService {
|
|
// ---------
|
|
// Probes
|
|
// ---------
|
|
|
|
// Healthz returns status OK as soon as the service started
|
|
rpc Healthz(google.protobuf.Empty) returns (google.protobuf.Empty) {
|
|
option (google.api.http) = {
|
|
get: "/healthz"
|
|
};
|
|
}
|
|
|
|
//ORG
|
|
rpc IsOrgUnique(UniqueOrgRequest) returns (UniqueOrgResponse) {
|
|
option (google.api.http) = {
|
|
get: "/orgs/_isunique"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.read"
|
|
};
|
|
}
|
|
|
|
rpc GetOrgByID(OrgID) returns (Org) {
|
|
option (google.api.http) = {
|
|
get: "/orgs/{id}"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.read"
|
|
};
|
|
}
|
|
|
|
rpc SearchOrgs(OrgSearchRequest) returns (OrgSearchResponse) {
|
|
option (google.api.http) = {
|
|
post: "/orgs/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.read"
|
|
};
|
|
}
|
|
|
|
rpc SetUpOrg(OrgSetUpRequest) returns (OrgSetUpResponse) {
|
|
option (google.api.http) = {
|
|
post: "/orgs/_setup"
|
|
body: "*"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.write"
|
|
};
|
|
}
|
|
|
|
//ORG_IAM_POLICY
|
|
rpc GetDefaultOrgIamPolicy(google.protobuf.Empty) returns (OrgIamPolicyView) {
|
|
option (google.api.http) = {
|
|
get: "/orgs/default/policies/orgiam"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.policy.read"
|
|
};
|
|
}
|
|
|
|
rpc UpdateDefaultOrgIamPolicy(OrgIamPolicyRequest) returns (OrgIamPolicy) {
|
|
option (google.api.http) = {
|
|
put: "/orgs/default/policies/orgiam"
|
|
body: "*"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.policy.write"
|
|
};
|
|
}
|
|
|
|
rpc GetOrgIamPolicy(OrgIamPolicyID) returns (OrgIamPolicyView) {
|
|
option (google.api.http) = {
|
|
get: "/orgs/{org_id}/policies/orgiam"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.policy.read"
|
|
};
|
|
}
|
|
|
|
rpc CreateOrgIamPolicy(OrgIamPolicyRequest) returns (OrgIamPolicy) {
|
|
option (google.api.http) = {
|
|
post: "/orgs/{org_id}/policies/orgiam"
|
|
body: "*"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.policy.write"
|
|
};
|
|
}
|
|
|
|
rpc UpdateOrgIamPolicy(OrgIamPolicyRequest) returns (OrgIamPolicy) {
|
|
option (google.api.http) = {
|
|
put: "/orgs/{org_id}/policies/orgiam"
|
|
body: "*"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.policy.write"
|
|
};
|
|
}
|
|
|
|
rpc RemoveOrgIamPolicy(OrgIamPolicyID) returns (google.protobuf.Empty) {
|
|
option (google.api.http) = {
|
|
delete: "/orgs/{org_id}/policies/orgiam"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.policy.delete"
|
|
};
|
|
}
|
|
|
|
rpc GetIamMemberRoles(google.protobuf.Empty) returns (IamMemberRoles) {
|
|
option (google.api.http) = {
|
|
get: "/members/roles"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.member.read"
|
|
};
|
|
}
|
|
|
|
rpc AddIamMember(AddIamMemberRequest) returns (IamMember) {
|
|
option (google.api.http) = {
|
|
post: "/members"
|
|
body: "*"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.member.write"
|
|
};
|
|
}
|
|
|
|
rpc ChangeIamMember(ChangeIamMemberRequest) returns (IamMember) {
|
|
option (google.api.http) = {
|
|
put: "/members/{user_id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.member.write"
|
|
};
|
|
}
|
|
|
|
rpc RemoveIamMember(RemoveIamMemberRequest) returns (google.protobuf.Empty) {
|
|
option (google.api.http) = {
|
|
delete: "/members/{user_id}"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.member.delete"
|
|
};
|
|
}
|
|
|
|
rpc SearchIamMembers(IamMemberSearchRequest) returns (IamMemberSearchResponse) {
|
|
option (google.api.http) = {
|
|
post: "/members/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.member.read"
|
|
};
|
|
}
|
|
|
|
rpc GetViews(google.protobuf.Empty) returns (Views) {
|
|
option (google.api.http) = {
|
|
get: "/views"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.read"
|
|
};
|
|
}
|
|
|
|
rpc ClearView(ViewID) returns (google.protobuf.Empty) {
|
|
option (google.api.http) = {
|
|
post: "/views/{database}/{view_name}"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.write"
|
|
};
|
|
}
|
|
|
|
rpc GetFailedEvents(google.protobuf.Empty) returns (FailedEvents) {
|
|
option (google.api.http) = {
|
|
get: "/failedevents"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.read"
|
|
};
|
|
}
|
|
|
|
rpc RemoveFailedEvent(FailedEventID) returns (google.protobuf.Empty) {
|
|
option (google.api.http) = {
|
|
delete: "/failedevents/{database}/{view_name}/{failed_sequence}"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.write"
|
|
};
|
|
}
|
|
|
|
rpc IdpByID(IdpID) returns (IdpView) {
|
|
option (google.api.http) = {
|
|
get: "/idps/{id}"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.idp.read"
|
|
};
|
|
}
|
|
|
|
rpc CreateOidcIdp(OidcIdpConfigCreate) returns (Idp) {
|
|
option (google.api.http) = {
|
|
post: "/idps/oidc"
|
|
body: "*"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.idp.write"
|
|
};
|
|
}
|
|
|
|
rpc UpdateIdpConfig(IdpUpdate) returns (Idp) {
|
|
option (google.api.http) = {
|
|
put: "/idps/{id}"
|
|
body: "*"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.idp.write"
|
|
};
|
|
}
|
|
|
|
rpc DeactivateIdpConfig(IdpID) returns (Idp) {
|
|
option (google.api.http) = {
|
|
put: "/idps/{id}/_deactivate"
|
|
body: "*"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.idp.write"
|
|
};
|
|
}
|
|
|
|
rpc ReactivateIdpConfig(IdpID) returns (Idp) {
|
|
option (google.api.http) = {
|
|
put: "/idps/{id}/_reactivate"
|
|
body: "*"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.idp.write"
|
|
};
|
|
}
|
|
|
|
rpc RemoveIdpConfig(IdpID) returns (google.protobuf.Empty) {
|
|
option (google.api.http) = {
|
|
delete: "/idps/{id}"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.idp.write"
|
|
};
|
|
}
|
|
|
|
rpc UpdateOidcIdpConfig(OidcIdpConfigUpdate) returns (OidcIdpConfig) {
|
|
option (google.api.http) = {
|
|
put: "/idps/{idp_id}/oidcconfig"
|
|
body: "*"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.idp.write"
|
|
};
|
|
}
|
|
|
|
rpc SearchIdps(IdpSearchRequest) returns (IdpSearchResponse) {
|
|
option (google.api.http) = {
|
|
post: "/idps/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.idp.read"
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultLabelPolicy(google.protobuf.Empty) returns (DefaultLabelPolicyView) {
|
|
option (google.api.http) = {
|
|
get: "/policies/label"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.policy.read"
|
|
};
|
|
}
|
|
|
|
rpc UpdateDefaultLabelPolicy(DefaultLabelPolicyUpdate) returns (DefaultLabelPolicy) {
|
|
option (google.api.http) = {
|
|
put: "/policies/label"
|
|
body: "*"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.policy.write"
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultLoginPolicy(google.protobuf.Empty) returns (DefaultLoginPolicyView) {
|
|
option (google.api.http) = {
|
|
get: "/policies/login"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.policy.read"
|
|
};
|
|
}
|
|
|
|
rpc UpdateDefaultLoginPolicy(DefaultLoginPolicyRequest) returns (DefaultLoginPolicy) {
|
|
option (google.api.http) = {
|
|
put: "/policies/login"
|
|
body: "*"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.policy.write"
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultLoginPolicyIdpProviders(IdpProviderSearchRequest) returns (IdpProviderSearchResponse) {
|
|
option (google.api.http) = {
|
|
post: "/policies/login/idpproviders/_search"
|
|
body: "*"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.policy.read"
|
|
};
|
|
}
|
|
|
|
rpc AddIdpProviderToDefaultLoginPolicy(IdpProviderID) returns (IdpProviderID) {
|
|
option (google.api.http) = {
|
|
post: "/policies/login/idpproviders"
|
|
body: "*"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.policy.write"
|
|
};
|
|
}
|
|
|
|
rpc RemoveIdpProviderFromDefaultLoginPolicy(IdpProviderID) returns (google.protobuf.Empty) {
|
|
option (google.api.http) = {
|
|
delete: "/policies/login/idpproviders/{idp_config_id}"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.policy.write"
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultLoginPolicySecondFactors(google.protobuf.Empty) returns (SecondFactorsResult) {
|
|
option (google.api.http) = {
|
|
get: "/policies/login/secondfactors/_search"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.policy.read"
|
|
};
|
|
}
|
|
|
|
rpc AddSecondFactorToDefaultLoginPolicy(SecondFactor) returns (SecondFactor) {
|
|
option (google.api.http) = {
|
|
post: "/policies/login/secondfactors"
|
|
body: "*"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.policy.write"
|
|
};
|
|
}
|
|
|
|
rpc RemoveSecondFactorFromDefaultLoginPolicy(SecondFactor) returns (google.protobuf.Empty) {
|
|
option (google.api.http) = {
|
|
delete: "/policies/login/secondfactors/{second_factor}"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.policy.write"
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultLoginPolicyMultiFactors(google.protobuf.Empty) returns (MultiFactorsResult) {
|
|
option (google.api.http) = {
|
|
get: "/policies/login/multifactors/_search"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.policy.read"
|
|
};
|
|
}
|
|
|
|
rpc AddMultiFactorToDefaultLoginPolicy(MultiFactor) returns (MultiFactor) {
|
|
option (google.api.http) = {
|
|
post: "/policies/login/multifactors"
|
|
body: "*"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.policy.write"
|
|
};
|
|
}
|
|
|
|
rpc RemoveMultiFactorFromDefaultLoginPolicy(MultiFactor) returns (google.protobuf.Empty) {
|
|
option (google.api.http) = {
|
|
delete: "/policies/login/multifactors/{multi_factor}"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.policy.write"
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultPasswordComplexityPolicy(google.protobuf.Empty) returns (DefaultPasswordComplexityPolicyView) {
|
|
option (google.api.http) = {
|
|
get: "/policies/password/complexity"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.policy.read"
|
|
};
|
|
}
|
|
|
|
rpc UpdateDefaultPasswordComplexityPolicy(DefaultPasswordComplexityPolicyRequest) returns (DefaultPasswordComplexityPolicy) {
|
|
option (google.api.http) = {
|
|
put: "/policies/password/complexity"
|
|
body: "*"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.policy.write"
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultPasswordAgePolicy(google.protobuf.Empty) returns (DefaultPasswordAgePolicyView) {
|
|
option (google.api.http) = {
|
|
get: "/policies/password/age"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.policy.read"
|
|
};
|
|
}
|
|
|
|
rpc UpdateDefaultPasswordAgePolicy(DefaultPasswordAgePolicyRequest) returns (DefaultPasswordAgePolicy) {
|
|
option (google.api.http) = {
|
|
put: "/policies/password/age"
|
|
body: "*"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.policy.write"
|
|
};
|
|
}
|
|
|
|
rpc GetDefaultPasswordLockoutPolicy(google.protobuf.Empty) returns (DefaultPasswordLockoutPolicyView) {
|
|
option (google.api.http) = {
|
|
get: "/policies/password/lockout"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.policy.read"
|
|
};
|
|
}
|
|
|
|
rpc UpdateDefaultPasswordLockoutPolicy(DefaultPasswordLockoutPolicyRequest) returns (DefaultPasswordLockoutPolicy) {
|
|
option (google.api.http) = {
|
|
put: "/policies/password/lockout"
|
|
body: "*"
|
|
};
|
|
|
|
option (caos.zitadel.utils.v1.auth_option) = {
|
|
permission: "iam.policy.write"
|
|
};
|
|
}
|
|
}
|
|
|
|
message OrgID {
|
|
string id = 1 [(validate.rules).string = {min_len: 1}];
|
|
}
|
|
|
|
message UniqueOrgRequest {
|
|
string name = 1 [(validate.rules).string.min_len = 1];
|
|
string domain = 2 [(validate.rules).string.min_len = 1];
|
|
}
|
|
|
|
message UniqueOrgResponse {
|
|
bool is_unique = 1;
|
|
}
|
|
|
|
message Org {
|
|
string id = 1;
|
|
OrgState state = 2;
|
|
google.protobuf.Timestamp creation_date = 3;
|
|
google.protobuf.Timestamp change_date = 4;
|
|
string name = 5;
|
|
string domain = 6;
|
|
}
|
|
|
|
enum OrgState {
|
|
ORGSTATE_UNSPECIFIED = 0;
|
|
ORGSTATE_ACTIVE = 1;
|
|
ORGSTATE_INACTIVE = 2;
|
|
}
|
|
|
|
message OrgSearchRequest {
|
|
uint64 offset = 1;
|
|
uint64 limit = 2;
|
|
OrgSearchKey sorting_column = 3 [(validate.rules).enum = {not_in: [0]}];;
|
|
bool asc = 4;
|
|
repeated OrgSearchQuery queries = 5;
|
|
}
|
|
|
|
message OrgSearchQuery {
|
|
OrgSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}];;
|
|
OrgSearchMethod method = 2;
|
|
string value = 3;
|
|
}
|
|
|
|
enum OrgSearchKey {
|
|
ORGSEARCHKEY_UNSPECIFIED = 0;
|
|
ORGSEARCHKEY_NAME = 1;
|
|
ORGSEARCHKEY_DOMAIN = 2;
|
|
ORGSEARCHKEY_STATE = 3;
|
|
}
|
|
|
|
message OrgSearchResponse {
|
|
uint64 offset = 1;
|
|
uint64 limit = 2;
|
|
uint64 total_result = 3;
|
|
repeated Org result = 4;
|
|
uint64 processed_sequence = 5;
|
|
google.protobuf.Timestamp view_timestamp = 6;
|
|
}
|
|
|
|
enum OrgSearchMethod {
|
|
ORGSEARCHMETHOD_EQUALS = 0;
|
|
ORGSEARCHMETHOD_STARTS_WITH = 1;
|
|
ORGSEARCHMETHOD_CONTAINS = 2;
|
|
}
|
|
|
|
message OrgSetUpRequest {
|
|
CreateOrgRequest org = 1 [(validate.rules).message.required = true];
|
|
CreateUserRequest user = 2 [(validate.rules).message.required = true];
|
|
}
|
|
|
|
message OrgSetUpResponse {
|
|
Org org = 1;
|
|
UserResponse user = 2;
|
|
}
|
|
|
|
message CreateUserRequest {
|
|
string user_name = 1 [(validate.rules).string.pattern = "^[^[:space:]]{1,200}$"];
|
|
|
|
oneof user {
|
|
option (validate.required) = true;
|
|
|
|
CreateHumanRequest human = 2;
|
|
CreateMachineRequest machine = 3;
|
|
}
|
|
}
|
|
|
|
message CreateHumanRequest {
|
|
string first_name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string last_name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string nick_name = 3 [(validate.rules).string = {max_len: 200}];
|
|
string preferred_language = 4 [(validate.rules).string = {max_len: 200}];
|
|
Gender gender = 5;
|
|
string email = 6 [(validate.rules).string = {min_len: 1, max_len: 200, email: true}];
|
|
bool is_email_verified = 7;
|
|
string phone = 8 [(validate.rules).string = {max_len: 20}];
|
|
bool is_phone_verified = 9;
|
|
string country = 10 [(validate.rules).string = {max_len: 200}];
|
|
string locality = 11 [(validate.rules).string = {max_len: 200}];
|
|
string postal_code = 12 [(validate.rules).string = {max_len: 200}];
|
|
string region = 13 [(validate.rules).string = {max_len: 200}];
|
|
string street_address = 14 [(validate.rules).string = {max_len: 200}];
|
|
string password = 15 [(validate.rules).string = {max_len: 72}];
|
|
}
|
|
|
|
message CreateMachineRequest {
|
|
string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string description = 2 [(validate.rules).string = {max_len: 500}];
|
|
}
|
|
|
|
message UserResponse {
|
|
string id = 1;
|
|
UserState state = 2;
|
|
google.protobuf.Timestamp creation_date = 3;
|
|
google.protobuf.Timestamp change_date = 4;
|
|
uint64 sequence = 5;
|
|
string user_name = 6;
|
|
|
|
oneof user {
|
|
option (validate.required) = true;
|
|
|
|
HumanResponse human = 7;
|
|
MachineResponse machine = 8;
|
|
}
|
|
}
|
|
|
|
enum UserState {
|
|
USERSTATE_UNSPECIFIED = 0;
|
|
USERSTATE_ACTIVE = 1;
|
|
USERSTATE_INACTIVE = 2;
|
|
USERSTATE_DELETED = 3;
|
|
USERSTATE_LOCKED = 4;
|
|
USERSTATE_SUSPEND = 5;
|
|
USERSTATE_INITIAL= 6;
|
|
}
|
|
|
|
enum Gender {
|
|
GENDER_UNSPECIFIED = 0;
|
|
GENDER_FEMALE = 1;
|
|
GENDER_MALE = 2;
|
|
GENDER_DIVERSE = 3;
|
|
}
|
|
|
|
message HumanResponse {
|
|
string first_name = 1;
|
|
string last_name = 2;
|
|
string display_name = 3;
|
|
string nick_name = 4;
|
|
string preferred_language = 5;
|
|
Gender gender = 6;
|
|
string email = 7;
|
|
bool is_email_verified = 8;
|
|
string phone = 9;
|
|
bool is_phone_verified = 10;
|
|
string country = 11;
|
|
string locality = 12;
|
|
string postal_code = 13;
|
|
string region = 14;
|
|
string street_address = 15;
|
|
}
|
|
|
|
message MachineResponse {
|
|
string name = 1;
|
|
string description = 2;
|
|
repeated MachineKeyResponse keys = 3;
|
|
}
|
|
|
|
message MachineKeyResponse {
|
|
string id = 1;
|
|
MachineKeyType type = 2;
|
|
uint64 sequence = 3;
|
|
|
|
google.protobuf.Timestamp creation_date = 4;
|
|
google.protobuf.Timestamp expiration_date = 5;
|
|
}
|
|
|
|
enum MachineKeyType {
|
|
MACHINEKEY_UNSPECIFIED = 0;
|
|
MACHINEKEY_JSON = 1;
|
|
}
|
|
|
|
message CreateOrgRequest {
|
|
string name = 1 [(validate.rules).string.min_len = 1];
|
|
string domain = 2;
|
|
}
|
|
|
|
message OrgIamPolicy {
|
|
string org_id = 1;
|
|
bool user_login_must_be_domain = 2;
|
|
bool default = 3;
|
|
uint64 sequence = 4;
|
|
google.protobuf.Timestamp creation_date = 5;
|
|
google.protobuf.Timestamp change_date = 6;
|
|
}
|
|
|
|
message OrgIamPolicyView {
|
|
string org_id = 1;
|
|
bool user_login_must_be_domain = 2;
|
|
bool default = 3;
|
|
uint64 sequence = 4;
|
|
google.protobuf.Timestamp creation_date = 5;
|
|
google.protobuf.Timestamp change_date = 6;
|
|
}
|
|
|
|
message OrgIamPolicyRequest {
|
|
string org_id = 1 [(validate.rules).string = {min_len: 1}];
|
|
string description = 2;
|
|
bool user_login_must_be_domain = 3;
|
|
}
|
|
|
|
message OrgIamPolicyID {
|
|
string org_id = 1 [(validate.rules).string = {min_len: 1}];
|
|
}
|
|
|
|
message IamMemberRoles {
|
|
repeated string roles = 1;
|
|
}
|
|
|
|
message IamMember {
|
|
string user_id = 1;
|
|
repeated string roles = 2;
|
|
google.protobuf.Timestamp change_date = 3;
|
|
google.protobuf.Timestamp creation_date = 4;
|
|
uint64 sequence = 5;
|
|
}
|
|
|
|
message AddIamMemberRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1}];
|
|
repeated string roles = 2;
|
|
}
|
|
|
|
message ChangeIamMemberRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1}];
|
|
repeated string roles = 2;
|
|
}
|
|
|
|
message RemoveIamMemberRequest {
|
|
string user_id = 1 [(validate.rules).string = {min_len: 1}];
|
|
}
|
|
|
|
message IamMemberSearchResponse {
|
|
uint64 offset = 1;
|
|
uint64 limit = 2;
|
|
uint64 total_result = 3;
|
|
repeated IamMemberView result = 4;
|
|
uint64 processed_sequence = 5;
|
|
google.protobuf.Timestamp view_timestamp = 6;
|
|
}
|
|
|
|
message IamMemberView {
|
|
string user_id = 1;
|
|
repeated string roles = 2;
|
|
google.protobuf.Timestamp change_date = 3;
|
|
google.protobuf.Timestamp creation_date = 4;
|
|
uint64 sequence = 5;
|
|
string user_name = 6;
|
|
string email = 7;
|
|
string first_name = 8;
|
|
string last_name = 9;
|
|
string display_name = 10;
|
|
}
|
|
|
|
message IamMemberSearchRequest {
|
|
uint64 offset = 1;
|
|
uint64 limit = 2;
|
|
repeated IamMemberSearchQuery queries = 3;
|
|
}
|
|
|
|
message IamMemberSearchQuery {
|
|
IamMemberSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}];
|
|
SearchMethod method = 2;
|
|
string value = 3;
|
|
}
|
|
|
|
enum IamMemberSearchKey {
|
|
IAMMEMBERSEARCHKEY_UNSPECIFIED = 0;
|
|
IAMMEMBERSEARCHKEY_FIRST_NAME = 1;
|
|
IAMMEMBERSEARCHKEY_LAST_NAME = 2;
|
|
IAMMEMBERSEARCHKEY_EMAIL = 3;
|
|
IAMMEMBERSEARCHKEY_USER_ID = 4;
|
|
}
|
|
|
|
enum SearchMethod {
|
|
SEARCHMETHOD_EQUALS = 0;
|
|
SEARCHMETHOD_STARTS_WITH = 1;
|
|
SEARCHMETHOD_CONTAINS = 2;
|
|
SEARCHMETHOD_EQUALS_IGNORE_CASE = 3;
|
|
SEARCHMETHOD_STARTS_WITH_IGNORE_CASE = 4;
|
|
SEARCHMETHOD_CONTAINS_IGNORE_CASE = 5;
|
|
SEARCHMETHOD_NOT_EQUALS = 6;
|
|
SEARCHMETHOD_GREATER_THAN = 7;
|
|
SEARCHMETHOD_LESS_THAN = 8;
|
|
SEARCHMETHOD_IS_ONE_OF = 9;
|
|
SEARCHMETHOD_LIST_CONTAINS = 10;
|
|
}
|
|
|
|
message FailedEventID {
|
|
string database = 1 [(validate.rules).string = {min_len: 1}];
|
|
string view_name = 2 [(validate.rules).string = {min_len: 1}];
|
|
uint64 failed_sequence = 3;
|
|
}
|
|
|
|
message FailedEvents {
|
|
repeated FailedEvent failed_events = 1;
|
|
}
|
|
|
|
message FailedEvent {
|
|
string database = 1;
|
|
string view_name = 2;
|
|
uint64 failed_sequence = 3;
|
|
uint64 failure_count = 4;
|
|
string error_message = 5;
|
|
}
|
|
|
|
message ViewID {
|
|
string database = 1 [(validate.rules).string = {min_len: 1}];
|
|
string view_name = 2 [(validate.rules).string = {min_len: 1}];
|
|
}
|
|
|
|
message Views {
|
|
repeated View views = 1;
|
|
}
|
|
|
|
message View {
|
|
string database = 1;
|
|
string view_name = 2;
|
|
uint64 processed_sequence = 3;
|
|
google.protobuf.Timestamp event_timestamp = 4;
|
|
google.protobuf.Timestamp last_successful_spooler_run = 5;
|
|
}
|
|
|
|
message IdpID {
|
|
string id = 1 [(validate.rules).string = {min_len: 1}];
|
|
}
|
|
|
|
message Idp {
|
|
string id = 1;
|
|
IdpState state = 2;
|
|
google.protobuf.Timestamp creation_date = 3;
|
|
google.protobuf.Timestamp change_date = 4;
|
|
string name = 5;
|
|
IdpStylingType styling_type = 6;
|
|
oneof idp_config {
|
|
OidcIdpConfig oidc_config = 7;
|
|
}
|
|
uint64 sequence = 8;
|
|
}
|
|
|
|
message IdpUpdate {
|
|
string id = 1 [(validate.rules).string = {min_len: 1}];
|
|
string name = 2;
|
|
IdpStylingType styling_type = 3;
|
|
}
|
|
|
|
message OidcIdpConfig {
|
|
string client_id = 1;
|
|
string client_secret = 2;
|
|
string issuer = 3;
|
|
repeated string scopes = 4;
|
|
}
|
|
|
|
enum IdpStylingType {
|
|
IDPSTYLINGTYPE_UNSPECIFIED = 0;
|
|
IDPSTYLINGTYPE_GOOGLE = 1;
|
|
}
|
|
|
|
enum IdpState {
|
|
IDPCONFIGSTATE_UNSPECIFIED = 0;
|
|
IDPCONFIGSTATE_ACTIVE = 1;
|
|
IDPCONFIGSTATE_INACTIVE = 2;
|
|
}
|
|
|
|
enum OIDCMappingField {
|
|
OIDCMAPPINGFIELD_UNSPECIFIED = 0;
|
|
OIDCMAPPINGFIELD_PREFERRED_USERNAME = 1;
|
|
OIDCMAPPINGFIELD_EMAIL = 2;
|
|
}
|
|
|
|
message OidcIdpConfigCreate {
|
|
string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
IdpStylingType styling_type = 2;
|
|
string client_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string client_secret = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string issuer = 5 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
repeated string scopes = 6;
|
|
OIDCMappingField idp_display_name_mapping = 7;
|
|
OIDCMappingField username_mapping = 8;
|
|
}
|
|
|
|
message OidcIdpConfigUpdate {
|
|
string idp_id = 1 [(validate.rules).string = {min_len: 1}];
|
|
string client_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
string client_secret = 3;
|
|
string issuer = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
|
|
repeated string scopes = 5;
|
|
OIDCMappingField idp_display_name_mapping = 6;
|
|
OIDCMappingField username_mapping = 7;
|
|
}
|
|
|
|
message IdpSearchResponse {
|
|
uint64 offset = 1;
|
|
uint64 limit = 2;
|
|
uint64 total_result = 3;
|
|
repeated IdpView result = 4;
|
|
uint64 processed_sequence = 5;
|
|
google.protobuf.Timestamp view_timestamp = 6;
|
|
}
|
|
|
|
message IdpView {
|
|
string id = 1;
|
|
IdpState state = 2;
|
|
google.protobuf.Timestamp creation_date = 3;
|
|
google.protobuf.Timestamp change_date = 4;
|
|
string name = 5;
|
|
IdpStylingType styling_type = 6;
|
|
oneof idp_config_view {
|
|
OidcIdpConfigView oidc_config = 7;
|
|
}
|
|
uint64 sequence = 8;
|
|
}
|
|
|
|
message OidcIdpConfigView {
|
|
string client_id = 1;
|
|
string issuer = 2;
|
|
repeated string scopes = 3;
|
|
OIDCMappingField idp_display_name_mapping = 4;
|
|
OIDCMappingField username_mapping = 5;
|
|
}
|
|
|
|
message IdpSearchRequest {
|
|
uint64 offset = 1;
|
|
uint64 limit = 2;
|
|
repeated IdpSearchQuery queries = 3;
|
|
}
|
|
|
|
message IdpSearchQuery {
|
|
IdpSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}];
|
|
SearchMethod method = 2;
|
|
string value = 3;
|
|
}
|
|
|
|
enum IdpSearchKey {
|
|
IDPSEARCHKEY_UNSPECIFIED = 0;
|
|
IDPSEARCHKEY_IDP_CONFIG_ID = 1;
|
|
IDPSEARCHKEY_NAME = 2;
|
|
}
|
|
|
|
message DefaultLabelPolicy {
|
|
string primary_color = 1;
|
|
string secondary_color = 2;
|
|
google.protobuf.Timestamp creation_date = 3;
|
|
google.protobuf.Timestamp change_date = 4;
|
|
}
|
|
|
|
message DefaultLabelPolicyUpdate {
|
|
string primary_color = 1;
|
|
string secondary_color = 2;
|
|
}
|
|
|
|
message DefaultLabelPolicyView {
|
|
string primary_color = 1;
|
|
string secondary_color = 2;
|
|
google.protobuf.Timestamp creation_date = 3;
|
|
google.protobuf.Timestamp change_date = 4;
|
|
}
|
|
|
|
message DefaultLoginPolicy {
|
|
bool allow_username_password = 1;
|
|
bool allow_register = 2;
|
|
bool allow_external_idp = 3;
|
|
google.protobuf.Timestamp creation_date = 4;
|
|
google.protobuf.Timestamp change_date = 5;
|
|
bool force_mfa = 6;
|
|
}
|
|
|
|
message DefaultLoginPolicyRequest {
|
|
bool allow_username_password = 1;
|
|
bool allow_register = 2;
|
|
bool allow_external_idp = 3;
|
|
bool force_mfa = 4;
|
|
}
|
|
|
|
message IdpProviderID {
|
|
string idp_config_id = 1 [(validate.rules).string = {min_len: 1}];
|
|
}
|
|
|
|
message DefaultLoginPolicyView {
|
|
bool allow_username_password = 1;
|
|
bool allow_register = 2;
|
|
bool allow_external_idp = 3;
|
|
google.protobuf.Timestamp creation_date = 4;
|
|
google.protobuf.Timestamp change_date = 5;
|
|
bool force_mfa = 6;
|
|
}
|
|
|
|
message IdpProviderView {
|
|
string idp_config_id = 1;
|
|
string name = 2;
|
|
IdpType type = 3;
|
|
}
|
|
|
|
enum IdpType {
|
|
IDPTYPE_UNSPECIFIED = 0;
|
|
IDPTYPE_OIDC = 1;
|
|
IDPTYPE_SAML = 2;
|
|
}
|
|
|
|
message IdpProviderSearchResponse {
|
|
uint64 offset = 1;
|
|
uint64 limit = 2;
|
|
uint64 total_result = 3;
|
|
repeated IdpProviderView result = 4;
|
|
uint64 processed_sequence = 5;
|
|
google.protobuf.Timestamp view_timestamp = 6;
|
|
}
|
|
|
|
message IdpProviderSearchRequest {
|
|
uint64 offset = 1;
|
|
uint64 limit = 2;
|
|
}
|
|
|
|
message SecondFactorsResult {
|
|
repeated SecondFactorType second_factors = 1;
|
|
}
|
|
|
|
message SecondFactor {
|
|
SecondFactorType second_factor = 1;
|
|
}
|
|
|
|
enum SecondFactorType {
|
|
SECONDFACTORTYPE_UNSPECIFIED = 0;
|
|
SECONDFACTORTYPE_OTP = 1;
|
|
SECONDFACTORTYPE_U2F = 2;
|
|
}
|
|
|
|
message MultiFactorsResult {
|
|
repeated MultiFactorType multi_factors = 1;
|
|
}
|
|
|
|
message MultiFactor {
|
|
MultiFactorType multi_factor = 1;
|
|
}
|
|
|
|
enum MultiFactorType {
|
|
MULTIFACTORTYPE_UNSPECIFIED = 0;
|
|
MULTIFACTORTYPE_U2F_WITH_PIN = 1;
|
|
}
|
|
|
|
message DefaultPasswordComplexityPolicy {
|
|
uint64 min_length = 1;
|
|
bool has_uppercase = 2;
|
|
bool has_lowercase = 3;
|
|
bool has_number = 4;
|
|
bool has_symbol = 5;
|
|
google.protobuf.Timestamp creation_date = 6;
|
|
google.protobuf.Timestamp change_date = 7;
|
|
}
|
|
|
|
message DefaultPasswordComplexityPolicyRequest {
|
|
uint64 min_length = 1;
|
|
bool has_uppercase = 2;
|
|
bool has_lowercase = 3;
|
|
bool has_number = 4;
|
|
bool has_symbol = 5;
|
|
}
|
|
|
|
message DefaultPasswordComplexityPolicyView {
|
|
uint64 min_length = 1;
|
|
bool has_uppercase = 2;
|
|
bool has_lowercase = 3;
|
|
bool has_number = 4;
|
|
bool has_symbol = 5;
|
|
google.protobuf.Timestamp creation_date = 6;
|
|
google.protobuf.Timestamp change_date = 7;
|
|
}
|
|
|
|
message DefaultPasswordAgePolicy {
|
|
uint64 max_age_days = 1;
|
|
uint64 expire_warn_days = 2;
|
|
google.protobuf.Timestamp creation_date = 3;
|
|
google.protobuf.Timestamp change_date = 4;
|
|
}
|
|
|
|
message DefaultPasswordAgePolicyRequest {
|
|
uint64 max_age_days = 1;
|
|
uint64 expire_warn_days = 2;
|
|
}
|
|
|
|
message DefaultPasswordAgePolicyView {
|
|
uint64 max_age_days = 1;
|
|
uint64 expire_warn_days = 2;
|
|
google.protobuf.Timestamp creation_date = 3;
|
|
google.protobuf.Timestamp change_date = 4;
|
|
}
|
|
|
|
message DefaultPasswordLockoutPolicy {
|
|
uint64 max_attempts = 1;
|
|
bool show_lockout_failure = 2;
|
|
google.protobuf.Timestamp creation_date = 3;
|
|
google.protobuf.Timestamp change_date = 4;
|
|
}
|
|
|
|
message DefaultPasswordLockoutPolicyRequest {
|
|
uint64 max_attempts = 1;
|
|
bool show_lockout_failure = 2;
|
|
}
|
|
|
|
message DefaultPasswordLockoutPolicyView {
|
|
uint64 max_attempts = 1;
|
|
bool show_lockout_failure = 2;
|
|
google.protobuf.Timestamp creation_date = 3;
|
|
google.protobuf.Timestamp change_date = 4;
|
|
} |