mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-14 11:17:47 +00:00
e4fe097ec4
* tests * chore: set vars for platform in dockerfile * simplyfy generate * correct dockerfile * add openapi to gitignore * object files * protos * update protoc version * admin only secuity missing * texts * start secutiry * add handler * add description * add descriptions and remove adddress * default limit * add mapping for openapi * generate statik for openapi * remove address converter * executable * operator test Co-authored-by: Livio Amstutz <livio.a@gmail.com>
172 lines
6.1 KiB
Protocol Buffer
172 lines
6.1 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
import "zitadel/object.proto";
|
|
import "protoc-gen-openapiv2/options/annotations.proto";
|
|
|
|
package zitadel.policy.v1;
|
|
|
|
option go_package ="github.com/caos/zitadel/pkg/grpc/policy";
|
|
|
|
message OrgIAMPolicy {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
bool user_login_must_be_domain = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "the username has to end with the domain of it's organisation"
|
|
}
|
|
];
|
|
bool is_default = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if the organisation's admin changed the policy"
|
|
}
|
|
];
|
|
}
|
|
|
|
message LabelPolicy {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
string primary_color = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "hex value for primary color"
|
|
}
|
|
];
|
|
string secondary_color = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "hex value for secondary color"
|
|
}
|
|
];
|
|
bool is_default = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if the organisation's admin changed the policy"
|
|
}
|
|
];
|
|
bool hide_login_name_suffix = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "hides the org suffix on the login form if the scope \"urn:zitadel:iam:org:domain:primary:{domainname}\" is set. Details about this scope in https://docs.zitadel.ch/architecture#Reserved_Scopes";
|
|
}
|
|
];
|
|
}
|
|
|
|
message LoginPolicy {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
bool allow_username_password = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if a user is allowed to login with his username and password"
|
|
}
|
|
];
|
|
bool allow_register = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if a person is allowed to register a user on this organisation"
|
|
}
|
|
];
|
|
bool allow_external_idp = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if a user is allowed to add a defined identity provider. E.g. Google auth"
|
|
}
|
|
];
|
|
bool force_mfa = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if a user MUST use a multi factor to log in"
|
|
}
|
|
];
|
|
PasswordlessType passwordless_type = 6 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if passwordless is allowed for users"
|
|
}
|
|
];
|
|
bool is_default = 7 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if the organisation's admin changed the policy"
|
|
}
|
|
];
|
|
}
|
|
|
|
enum SecondFactorType {
|
|
SECOND_FACTOR_TYPE_UNSPECIFIED = 0;
|
|
SECOND_FACTOR_TYPE_OTP = 1;
|
|
SECOND_FACTOR_TYPE_U2F = 2;
|
|
}
|
|
|
|
enum MultiFactorType {
|
|
MULTI_FACTOR_TYPE_UNSPECIFIED = 0;
|
|
MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION = 1; //TODO: what does livio think after the weekend? :D
|
|
}
|
|
|
|
enum PasswordlessType {
|
|
PASSWORDLESS_TYPE_NOT_ALLOWED = 0;
|
|
PASSWORDLESS_TYPE_ALLOWED = 1;
|
|
//PLANNED: PASSWORDLESS_TYPE_WITH_CERT
|
|
}
|
|
|
|
message PasswordComplexityPolicy {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
uint64 min_length = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
example: "\"8\""
|
|
}
|
|
];
|
|
bool has_uppercase = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if the password MUST contain an upper case letter"
|
|
}
|
|
];
|
|
bool has_lowercase = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if the password MUST contain a lower case letter"
|
|
}
|
|
];
|
|
bool has_number = 5 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if the password MUST contain a number"
|
|
}
|
|
];
|
|
bool has_symbol = 6 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if the password MUST contain a symbol. E.g. \"$\""
|
|
}
|
|
];
|
|
bool is_default = 7 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if the organisation's admin changed the policy"
|
|
}
|
|
];
|
|
}
|
|
|
|
message PasswordAgePolicy {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
uint64 max_age_days = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Maximum days since last password change"
|
|
example: "\"365\""
|
|
}
|
|
];
|
|
uint64 expire_warn_days = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Days before the password expiry the user gets notified to change the password"
|
|
example: "\"10\""
|
|
}
|
|
];
|
|
bool is_default = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if the organisation's admin changed the policy"
|
|
}
|
|
];
|
|
}
|
|
|
|
message PasswordLockoutPolicy {
|
|
zitadel.v1.ObjectDetails details = 1;
|
|
uint64 max_attempts = 2 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Maximum attempts before the account gets locked. Attempts are reset as soon as the password is entered correct or the password is reset."
|
|
example: "\"10\""
|
|
}
|
|
];
|
|
bool show_lockout_failure = 3 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "Enables if the failure should be shown to de user, sometimes for security issues the user should not get to much information"
|
|
}
|
|
];
|
|
bool is_default = 4 [
|
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
|
description: "defines if the organisation's admin changed the policy"
|
|
}
|
|
];
|
|
} |