mirror of
https://github.com/zitadel/zitadel.git
synced 2025-12-06 02:12:06 +00:00
ff6d593922
# Which Problems Are Solved
Actions v2 is not a feature flag anymore, include functionality on
executions is not used and json tags of proto messages are handled
incorrectly.
# How the Problems Are Solved
- Remove actions from the feature flags on system and instance level
- Remove include type on executions, only in the API, later maybe in the
handling logic as well
- Use protojson in request and response handling of actions v2
# Additional Changes
- Correct integration tests for request and response handling
- Use json.RawMessage for events, so that the event payload is not
base64 encoded
- Added separate context for async webhook calls, that executions are
not cancelled when called async
# Additional Context
Related to #9759
Closes #9710
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
(cherry picked from commit b8ba7bd5ba)
133 lines
6.2 KiB
Protocol Buffer
133 lines
6.2 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
package zitadel.feature.v2beta;
|
|
|
|
import "protoc-gen-openapiv2/options/annotations.proto";
|
|
import "validate/validate.proto";
|
|
|
|
import "zitadel/object/v2beta/object.proto";
|
|
import "zitadel/feature/v2beta/feature.proto";
|
|
|
|
option go_package = "github.com/zitadel/zitadel/pkg/grpc/feature/v2beta;feature";
|
|
|
|
message SetSystemFeaturesRequest{
|
|
reserved 6;
|
|
reserved "actions";
|
|
optional bool login_default_org = 1 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "The login UI will use the settings of the default org (and not from the instance) if no organization context is set";
|
|
}
|
|
];
|
|
|
|
optional bool oidc_trigger_introspection_projections = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "Enable projection triggers during an introspection request. This can act as workaround if there are noticeable consistency issues in the introspection response but can have an impact on performance. We are planning to remove triggers for introspection requests in the future. Please raise an issue if you needed to enable this feature.";
|
|
}
|
|
];
|
|
|
|
optional bool oidc_legacy_introspection = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "We have recently refactored the introspection endpoint for performance reasons. This feature can be used to rollback to the legacy implementation if unexpected bugs arise. Please raise an issue if you needed to enable this feature.";
|
|
}
|
|
];
|
|
|
|
optional bool user_schema = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "User Schemas allow to manage data schemas of user. If the flag is enabled, you'll be able to use the new API and its features. Note that it is still in an early stage.";
|
|
}
|
|
];
|
|
|
|
optional bool oidc_token_exchange = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "Enable the experimental `urn:ietf:params:oauth:grant-type:token-exchange` grant type for the OIDC token endpoint. Token exchange can be used to request tokens with a lesser scope or impersonate other users. See the security policy to allow impersonation on an instance.";
|
|
}
|
|
];
|
|
|
|
repeated ImprovedPerformance improved_performance = 7 [
|
|
(validate.rules).repeated.unique = true,
|
|
(validate.rules).repeated.items.enum = {defined_only: true, not_in: [0]},
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[1]";
|
|
description: "Improves performance of specified execution paths.";
|
|
}
|
|
];
|
|
|
|
optional bool oidc_single_v1_session_termination = 8 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "If the flag is enabled, you'll be able to terminate a single session from the login UI by providing an id_token with a `sid` claim as id_token_hint on the end_session endpoint. Note that currently all sessions from the same user agent (browser) are terminated in the login UI. Sessions managed through the Session API already allow the termination of single sessions.";
|
|
}
|
|
];
|
|
}
|
|
|
|
message SetSystemFeaturesResponse {
|
|
zitadel.object.v2beta.Details details = 1;
|
|
}
|
|
|
|
message ResetSystemFeaturesRequest {}
|
|
|
|
message ResetSystemFeaturesResponse {
|
|
zitadel.object.v2beta.Details details = 1;
|
|
}
|
|
|
|
message GetSystemFeaturesRequest {}
|
|
|
|
message GetSystemFeaturesResponse {
|
|
reserved 7;
|
|
reserved "actions";
|
|
zitadel.object.v2beta.Details details = 1;
|
|
FeatureFlag login_default_org = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "The login UI will use the settings of the default org (and not from the instance) if no organization context is set";
|
|
}
|
|
];
|
|
|
|
FeatureFlag oidc_trigger_introspection_projections = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "Enable projection triggers during an introspection request. This can act as workaround if there are noticeable consistency issues in the introspection response but can have an impact on performance. We are planning to remove triggers for introspection requests in the future. Please raise an issue if you needed to enable this feature.";
|
|
}
|
|
];
|
|
|
|
FeatureFlag oidc_legacy_introspection = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "We have recently refactored the introspection endpoint for performance reasons. This feature can be used to rollback to the legacy implementation if unexpected bugs arise. Please raise an issue if you needed to enable this feature.";
|
|
}
|
|
];
|
|
|
|
FeatureFlag user_schema = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "User Schemas allow to manage data schemas of user. If the flag is enabled, you'll be able to use the new API and its features. Note that it is still in an early stage.";
|
|
}
|
|
];
|
|
|
|
FeatureFlag oidc_token_exchange = 6 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "Enable the experimental `urn:ietf:params:oauth:grant-type:token-exchange` grant type for the OIDC token endpoint. Token exchange can be used to request tokens with a lesser scope or impersonate other users. See the security policy to allow impersonation on an instance.";
|
|
}
|
|
];
|
|
|
|
ImprovedPerformanceFeatureFlag improved_performance = 8 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "[1]";
|
|
description: "Improves performance of specified execution paths.";
|
|
}
|
|
];
|
|
|
|
FeatureFlag oidc_single_v1_session_termination = 9 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "true";
|
|
description: "If the flag is enabled, you'll be able to terminate a single session from the login UI by providing an id_token with a `sid` claim as id_token_hint on the end_session endpoint. Note that currently all sessions from the same user agent (browser) are terminated in the login UI. Sessions managed through the Session API already allow the termination of single sessions.";
|
|
}
|
|
];
|
|
}
|