From e4fe097ec4a496a053277d617e5700b04b3eecb6 Mon Sep 17 00:00:00 2001 From: Silvan Date: Wed, 7 Apr 2021 08:23:47 +0200 Subject: [PATCH] fix: add api docs and http handler for openapi files (#1526) * tests * chore: set vars for platform in dockerfile * simplyfy generate * correct dockerfile * add openapi to gitignore * object files * protos * update protoc version * admin only secuity missing * texts * start secutiry * add handler * add description * add descriptions and remove adddress * default limit * add mapping for openapi * generate statik for openapi * remove address converter * executable * operator test Co-authored-by: Livio Amstutz --- .gitignore | 6 +- build/dockerfile | 33 +- build/zitadel/generate-grpc.sh | 19 +- build/zitadel/generate-openapi-static.sh | 5 + cmd/zitadel/main.go | 6 + internal/api/grpc/user/converter.go | 10 - openapi/handler.go | 19 + openapi/statik/generate.go | 3 + .../iam/zitadel/ambassador/adapt_test.go | 2 + .../iam/zitadel/ambassador/http/adapt.go | 25 + .../iam/zitadel/ambassador/http/adapt_test.go | 46 + proto/zitadel/admin.proto | 2158 +++++++++++++++-- proto/zitadel/app.proto | 161 +- proto/zitadel/auth.proto | 10 +- proto/zitadel/auth_n_key.proto | 20 +- proto/zitadel/change.proto | 55 +- proto/zitadel/idp.proto | 156 +- proto/zitadel/management.proto | 220 +- proto/zitadel/member.proto | 104 +- proto/zitadel/object.proto | 50 +- proto/zitadel/org.proto | 97 +- proto/zitadel/policy.proto | 148 +- proto/zitadel/project.proto | 161 +- proto/zitadel/user.proto | 656 ++++- 24 files changed, 3649 insertions(+), 521 deletions(-) create mode 100755 build/zitadel/generate-openapi-static.sh create mode 100644 openapi/handler.go create mode 100644 openapi/statik/generate.go diff --git a/.gitignore b/.gitignore index 59808a6f67..7eaea4f8ba 100644 --- a/.gitignore +++ b/.gitignore @@ -47,10 +47,8 @@ tmp/ console/src/app/proto/generated/ #generated filed -pkg/grpc/*/*.pb*.* -pkg/grpc/*/*.swagger.json -pkg/grpc/*/mock/*.mock.go **.pb.go **.proto.mock.go **.pb.*.go -**.gen.go \ No newline at end of file +**.gen.go +openapi/**/*.json diff --git a/build/dockerfile b/build/dockerfile index 98c3f59672..2f4b762e88 100644 --- a/build/dockerfile +++ b/build/dockerfile @@ -48,7 +48,7 @@ RUN curl https://raw.githubusercontent.com/envoyproxy/protoc-gen-validate/v0.4.1 && curl https://raw.githubusercontent.com/googleapis/googleapis/master/google/api/field_behavior.proto --create-dirs -o include/google/api/field_behavior.proto #zitadel protos -COPY /proto/ include/. +COPY proto/ include/. ####################### @@ -95,28 +95,38 @@ RUN npm run prodbuild ####################### FROM golang:${GO_VERSION} as go-dep RUN mkdir -p src/github.com/caos/zitadel -COPY . src/github.com/caos/zitadel/ -WORKDIR /go/src/github.com/caos/zitadel/ +# copy mod definitions +COPY tools src/github.com/caos/zitadel/tools +COPY ./go.* src/github.com/caos/zitadel +# install all dependencies +WORKDIR /go/src/github.com/caos/zitadel RUN go mod download RUN ./tools/install.sh +FROM go-dep AS go-gen +COPY --from=base /proto /proto +COPY --from=base /usr/local/bin /usr/local/bin/. +COPY build/zitadel/generate-grpc.sh build/zitadel/generate-grpc.sh +COPY internal/protoc internal/protoc +RUN build/zitadel/generate-grpc.sh + ####################### ## Go base build ####################### -FROM go-dep as go-base -COPY --from=base /proto /proto -COPY --from=base /usr/local/bin /usr/local/bin/. -RUN build/zitadel/generate-grpc.sh +FROM go-gen as go-base +# copy all zitadel files +COPY . . ####################### ## copy for local dev ####################### FROM scratch as go-copy -COPY --from=go-base /go/src/github.com/caos/zitadel/pkg/grpc ./pkg/grpc -COPY --from=go-base /go/src/github.com/caos/zitadel/internal/protoc/protoc-gen-authoption/templates.gen.go ./internal/protoc/protoc-gen-authoption/templates.gen.go -COPY --from=go-base /go/src/github.com/caos/zitadel/internal/protoc/protoc-gen-authoption/authoption/options.pb.go ./internal/protoc/protoc-gen-authoption/authoption/options.pb.go +COPY --from=go-gen /go/src/github.com/caos/zitadel/pkg/grpc ./pkg/grpc +COPY --from=go-gen /go/src/github.com/caos/zitadel/openapi/v2/zitadel ./openapi/v2/zitadel +COPY --from=go-gen /go/src/github.com/caos/zitadel/internal/protoc/protoc-gen-authoption/templates.gen.go ./internal/protoc/protoc-gen-authoption/templates.gen.go +COPY --from=go-gen /go/src/github.com/caos/zitadel/internal/protoc/protoc-gen-authoption/authoption/options.pb.go ./internal/protoc/protoc-gen-authoption/authoption/options.pb.go ####################### @@ -149,7 +159,8 @@ RUN go get github.com/rakyll/statik \ && ./build/console/generate-static.sh \ && ./build/login/generate-static.sh \ && ./build/notification/generate-static.sh \ - && ./build/zitadel/generate-static.sh + && ./build/zitadel/generate-static.sh \ + && ./build/zitadel/generate-openapi-static.sh RUN CGO_ENABLED=0 GOOS=linux GOARCH=${BUILDARCH} go build -a -installsuffix cgo -ldflags '-extldflags "-static"' -o zitadel-linux-${BUILDARCH} cmd/zitadel/main.go diff --git a/build/zitadel/generate-grpc.sh b/build/zitadel/generate-grpc.sh index d6e8c11345..17a2febeaf 100755 --- a/build/zitadel/generate-grpc.sh +++ b/build/zitadel/generate-grpc.sh @@ -9,27 +9,30 @@ ZITADEL_PATH=${GOPATH}/src/github.com/caos/zitadel GRPC_PATH=${ZITADEL_PATH}/pkg/grpc PROTO_PATH=/proto/include/zitadel +# generate go stub and grpc code for all files protoc \ -I=/proto/include/ \ --go_out $GOPATH/src \ --go-grpc_out $GOPATH/src \ - $(find ${PROTO_PATH} -iname *.proto | grep -v "management|admin|auth") + $(find ${PROTO_PATH} -iname *.proto) +# generate authoptions code from templates go-bindata \ -pkg main \ -prefix internal/protoc/protoc-gen-authoption \ -o ${ZITADEL_PATH}/internal/protoc/protoc-gen-authoption/templates.gen.go \ ${ZITADEL_PATH}/internal/protoc/protoc-gen-authoption/templates +# install authoption proto compiler go install ${ZITADEL_PATH}/internal/protoc/protoc-gen-authoption # output folder for openapi v2 mkdir -p ${OPENAPI_PATH} +# generate additional output + protoc \ -I=/proto/include \ - --go_out ${GOPATH}/src \ - --go-grpc_out ${GOPATH}/src \ --grpc-gateway_out ${GOPATH}/src \ --grpc-gateway_opt logtostderr=true \ --openapiv2_out ${OPENAPI_PATH} \ @@ -37,13 +40,13 @@ protoc \ --authoption_out ${GRPC_PATH}/admin \ --validate_out=lang=go:${GOPATH}/src \ ${PROTO_PATH}/admin.proto + +# authoptions are generated into the wrong folder mv ${ZITADEL_PATH}/pkg/grpc/admin/zitadel/* ${ZITADEL_PATH}/pkg/grpc/admin rm -r ${ZITADEL_PATH}/pkg/grpc/admin/zitadel protoc \ -I=/proto/include \ - --go_out $GOPATH/src \ - --go-grpc_out $GOPATH/src \ --grpc-gateway_out ${GOPATH}/src \ --grpc-gateway_opt logtostderr=true \ --grpc-gateway_opt allow_delete_body=true \ @@ -53,13 +56,13 @@ protoc \ --authoption_out ${GRPC_PATH}/management \ --validate_out=lang=go:${GOPATH}/src \ ${PROTO_PATH}/management.proto + +# authoptions are generated into the wrong folder mv ${ZITADEL_PATH}/pkg/grpc/management/zitadel/* ${ZITADEL_PATH}/pkg/grpc/management rm -r ${ZITADEL_PATH}/pkg/grpc/management/zitadel protoc \ -I=/proto/include \ - --go_out $GOPATH/src \ - --go-grpc_out $GOPATH/src \ --grpc-gateway_out ${GOPATH}/src \ --grpc-gateway_opt logtostderr=true \ --openapiv2_out ${OPENAPI_PATH} \ @@ -67,6 +70,8 @@ protoc \ --authoption_out=${GRPC_PATH}/auth \ --validate_out=lang=go:${GOPATH}/src \ ${PROTO_PATH}/auth.proto + +# authoptions are generated into the wrong folder mv ${ZITADEL_PATH}/pkg/grpc/auth/zitadel/* ${ZITADEL_PATH}/pkg/grpc/auth rm -r ${ZITADEL_PATH}/pkg/grpc/auth/zitadel diff --git a/build/zitadel/generate-openapi-static.sh b/build/zitadel/generate-openapi-static.sh new file mode 100755 index 0000000000..e1465cbb86 --- /dev/null +++ b/build/zitadel/generate-openapi-static.sh @@ -0,0 +1,5 @@ +#! /bin/sh + +set -eux + +go generate openapi/statik/generate.go \ No newline at end of file diff --git a/cmd/zitadel/main.go b/cmd/zitadel/main.go index 687a8d7ca5..976076c632 100644 --- a/cmd/zitadel/main.go +++ b/cmd/zitadel/main.go @@ -9,6 +9,7 @@ import ( "github.com/caos/zitadel/internal/eventstore" "github.com/caos/zitadel/internal/query" metrics "github.com/caos/zitadel/internal/telemetry/metrics/config" + "github.com/caos/zitadel/openapi" "github.com/caos/logging" @@ -177,6 +178,11 @@ func startAPI(ctx context.Context, conf *Config, authZRepo *authz_repo.EsReposit op := oidc.NewProvider(ctx, conf.API.OIDC, command, query, authRepo, conf.SystemDefaults.KeyConfig.EncryptionConfig, *localDevMode) apis.RegisterHandler("/oauth/v2", op.HttpHandler()) } + + openAPIHandler, err := openapi.Start() + logging.Log("ZITAD-8pRk1").OnError(err).Fatal("Unable to start openapi handler") + apis.RegisterHandler("/openapi/v2/swagger", openAPIHandler) + apis.Start(ctx) } diff --git a/internal/api/grpc/user/converter.go b/internal/api/grpc/user/converter.go index 01f717c55a..4740b62d23 100644 --- a/internal/api/grpc/user/converter.go +++ b/internal/api/grpc/user/converter.go @@ -114,16 +114,6 @@ func ModelPhoneToPb(phone *model.Phone) *user_pb.Phone { } } -func ModelAddressToPb(address *model.Address) *user_pb.Address { - return &user_pb.Address{ - Country: address.Country, - Locality: address.Locality, - PostalCode: address.PostalCode, - Region: address.Region, - StreetAddress: address.StreetAddress, - } -} - func GenderToDomain(gender user_pb.Gender) domain.Gender { switch gender { case user_pb.Gender_GENDER_DIVERSE: diff --git a/openapi/handler.go b/openapi/handler.go new file mode 100644 index 0000000000..a245826ebe --- /dev/null +++ b/openapi/handler.go @@ -0,0 +1,19 @@ +package openapi + +import ( + "net/http" + + "github.com/rakyll/statik/fs" + + _ "github.com/caos/zitadel/openapi/statik" +) + +func Start() (http.Handler, error) { + statikFS, err := fs.NewWithNamespace("swagger") + if err != nil { + return nil, err + } + handler := &http.ServeMux{} + handler.Handle("/", http.FileServer(statikFS)) + return handler, nil +} diff --git a/openapi/statik/generate.go b/openapi/statik/generate.go new file mode 100644 index 0000000000..44dcfb50a5 --- /dev/null +++ b/openapi/statik/generate.go @@ -0,0 +1,3 @@ +package statik + +//go:generate statik -src=../v2/zitadel -dest=.. -ns=swagger diff --git a/operator/zitadel/kinds/iam/zitadel/ambassador/adapt_test.go b/operator/zitadel/kinds/iam/zitadel/ambassador/adapt_test.go index 8aeb33045c..9c89b9b692 100644 --- a/operator/zitadel/kinds/iam/zitadel/ambassador/adapt_test.go +++ b/operator/zitadel/kinds/iam/zitadel/ambassador/adapt_test.go @@ -76,6 +76,8 @@ func SetMappingsHTTP( k8sClient.EXPECT().ApplyNamespacedCRDResource(group, version, kind, namespace, http.MgmtName, gomock.Any()).MinTimes(1).MaxTimes(1) SetReturnResourceVersion(k8sClient, group, version, kind, namespace, http.OauthName, "") k8sClient.EXPECT().ApplyNamespacedCRDResource(group, version, kind, namespace, http.OauthName, gomock.Any()).MinTimes(1).MaxTimes(1) + SetReturnResourceVersion(k8sClient, group, version, kind, namespace, http.OpenAPIName, "") + k8sClient.EXPECT().ApplyNamespacedCRDResource(group, version, kind, namespace, http.OpenAPIName, gomock.Any()).MinTimes(1).MaxTimes(1) } func SetMappingsGRPC( diff --git a/operator/zitadel/kinds/iam/zitadel/ambassador/http/adapt.go b/operator/zitadel/kinds/iam/zitadel/ambassador/http/adapt.go index e59cb1742c..eeda7faccc 100644 --- a/operator/zitadel/kinds/iam/zitadel/ambassador/http/adapt.go +++ b/operator/zitadel/kinds/iam/zitadel/ambassador/http/adapt.go @@ -5,6 +5,7 @@ import ( "github.com/caos/orbos/pkg/kubernetes" "github.com/caos/orbos/pkg/kubernetes/resources/ambassador/mapping" "github.com/caos/orbos/pkg/labels" + "github.com/caos/zitadel/operator" "github.com/caos/zitadel/operator/zitadel/kinds/iam/zitadel/configuration" ) @@ -17,6 +18,7 @@ const ( AuthorizeName = "authorize-v1" EndsessionName = "endsession-v1" IssuerName = "issuer-v1" + OpenAPIName = "openapi" ) func AdaptFunc( @@ -67,6 +69,11 @@ func AdaptFunc( return nil, nil, err } + destroySwagger, err := mapping.AdaptFuncToDestroy(namespace, OpenAPIName) + if err != nil { + return nil, nil, err + } + destroyers := []operator.DestroyFunc{ operator.ResourceDestroyToZitadelDestroy(destroyAdminR), operator.ResourceDestroyToZitadelDestroy(destroyMgmtRest), @@ -75,6 +82,7 @@ func AdaptFunc( operator.ResourceDestroyToZitadelDestroy(destroyAuthorize), operator.ResourceDestroyToZitadelDestroy(destroyEndsession), operator.ResourceDestroyToZitadelDestroy(destroyIssuer), + operator.ResourceDestroyToZitadelDestroy(destroySwagger), } return func(k8sClient kubernetes.ClientInt, queried map[string]interface{}) (operator.EnsureFunc, error) { @@ -208,6 +216,22 @@ func AdaptFunc( return nil, err } + queryOpenAPI, err := mapping.AdaptFuncToEnsure( + namespace, + labels.MustForName(componentLabels, OpenAPIName), + false, + apiDomain, + "/openapi/v2/swagger", + "", + httpUrl, + 30000, + 30000, + nil, + ) + if err != nil { + return nil, err + } + queriers := []operator.QueryFunc{ operator.ResourceQueryToZitadelQuery(queryAdminR), operator.ResourceQueryToZitadelQuery(queryMgmtRest), @@ -216,6 +240,7 @@ func AdaptFunc( operator.ResourceQueryToZitadelQuery(queryAuthorize), operator.ResourceQueryToZitadelQuery(queryEndsession), operator.ResourceQueryToZitadelQuery(queryIssuer), + operator.ResourceQueryToZitadelQuery(queryOpenAPI), } return operator.QueriersToEnsureFunc(internalMonitor, false, queriers, k8sClient, queried) diff --git a/operator/zitadel/kinds/iam/zitadel/ambassador/http/adapt_test.go b/operator/zitadel/kinds/iam/zitadel/ambassador/http/adapt_test.go index 5776e6b3a6..a615323d17 100644 --- a/operator/zitadel/kinds/iam/zitadel/ambassador/http/adapt_test.go +++ b/operator/zitadel/kinds/iam/zitadel/ambassador/http/adapt_test.go @@ -233,6 +233,29 @@ func TestHttp_Adapt(t *testing.T) { SetReturnResourceVersion(k8sClient, group, version, kind, namespace, AuthRName, "") k8sClient.EXPECT().ApplyNamespacedCRDResource(group, version, kind, namespace, AuthRName, authR).MinTimes(1).MaxTimes(1) + openAPIName := labels.MustForName(componentLabels, OpenAPIName) + openAPI := &unstructured.Unstructured{ + Object: map[string]interface{}{ + "apiVersion": group + "/" + version, + "kind": kind, + "metadata": map[string]interface{}{ + "labels": labels.MustK8sMap(openAPIName), + "name": openAPIName.Name(), + "namespace": namespace, + }, + "spec": map[string]interface{}{ + "connect_timeout_ms": 30000, + "host": ".", + "prefix": "/openapi/v2/swagger", + "rewrite": "", + "service": url, + "timeout_ms": 30000, + }, + }, + } + SetReturnResourceVersion(k8sClient, group, version, kind, namespace, OpenAPIName, "") + k8sClient.EXPECT().ApplyNamespacedCRDResource(group, version, kind, namespace, OpenAPIName, openAPI).MinTimes(1).MaxTimes(1) + query, _, err := AdaptFunc(monitor, componentLabels, namespace, url, dns) assert.NoError(t, err) queried := map[string]interface{}{} @@ -442,6 +465,29 @@ func TestHttp_Adapt2(t *testing.T) { SetReturnResourceVersion(k8sClient, group, version, kind, namespace, AuthRName, "") k8sClient.EXPECT().ApplyNamespacedCRDResource(group, version, kind, namespace, AuthRName, authR).MinTimes(1).MaxTimes(1) + openAPIName := labels.MustForName(componentLabels, OpenAPIName) + openAPI := &unstructured.Unstructured{ + Object: map[string]interface{}{ + "apiVersion": group + "/" + version, + "kind": kind, + "metadata": map[string]interface{}{ + "labels": labels.MustK8sMap(openAPIName), + "name": openAPIName.Name(), + "namespace": namespace, + }, + "spec": map[string]interface{}{ + "connect_timeout_ms": 30000, + "host": "api.domain", + "prefix": "/openapi/v2/swagger", + "rewrite": "", + "service": url, + "timeout_ms": 30000, + }, + }, + } + SetReturnResourceVersion(k8sClient, group, version, kind, namespace, OpenAPIName, "") + k8sClient.EXPECT().ApplyNamespacedCRDResource(group, version, kind, namespace, OpenAPIName, openAPI).MinTimes(1).MaxTimes(1) + query, _, err := AdaptFunc(monitor, componentLabels, namespace, url, dns) assert.NoError(t, err) queried := map[string]interface{}{} diff --git a/proto/zitadel/admin.proto b/proto/zitadel/admin.proto index ca26452758..362bc99095 100644 --- a/proto/zitadel/admin.proto +++ b/proto/zitadel/admin.proto @@ -23,156 +23,565 @@ option go_package ="github.com/caos/zitadel/pkg/grpc/admin"; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = { info: { - title: "admin service"; + title: "Administrator API for ZITADEL"; + description: "This API provides all functions to administrate ZITADEL."; version: "1.0"; - contact:{ - url: "https://github.com/caos/zitadel/api/admin" //TODO: should be swagger path + contact: { + name: "file an issue", + url: "https://github.com/caos/zitadel"; + }; + license: { + name: "Apache 2.0", + url: "https://github.com/caos/zitadel/blob/master/LICENSE"; }; }; schemes: HTTPS; + schemes: HTTP; consumes: "application/json"; consumes: "application/grpc"; produces: "application/json"; produces: "application/grpc"; -}; + host: "api.zitadel.io"; + base_path: "/admin/v1"; -service AdminService { - rpc Healthz(HealthzRequest) returns (HealthzResponse) { - option (google.api.http) = { - get: "/healthz" - }; + security_definitions: { + security: { + key: "BasicAuth"; + value: { + type: TYPE_BASIC; + } + } + security: { + key: "OAuth2"; + value: { + type: TYPE_OAUTH2; + flow: FLOW_ACCESS_CODE; + authorization_url: "https://accounts.zitadel.io/oauth/v2/authorize"; + token_url: "https://api.zitadel.io/oauth/v2/token"; + scopes: { + scope: { + key: "openid"; + value: "openid"; + } + scope: { + key: "urn:zitadel:iam:org:project:id:100992085158584780:aud"; + value: "urn:zitadel:iam:org:project:id:100992085158584780:aud"; + } + } + } + } + } + security: { + security_requirement: { + key: "OAuth2"; + value: { + scope: "openid"; + scope: "urn:zitadel:iam:org:project:id:100992085158584780:aud"; + } + } + } + responses: { + key: "403"; + value: { + description: "Returned when the user does not have permission to access the resource."; + schema: { + json_schema: { + ref: "#/definitions/rpcStatus"; + } + } + } + } + responses: { + key: "404"; + value: { + description: "Returned when the resource does not exist."; + schema: { + json_schema: { + ref: "#/definitions/rpcStatus"; + } + } + } } + extensions: { + key: "x-zitadel-orgid"; + value: { + string_value: "your-org-id"; + } + } +}; + +service AdminService { + //Indicates if ZITADEL is running. + // It respondes as soon as ZITADEL started + rpc Healthz(HealthzRequest) returns (HealthzResponse) { + option (google.api.http) = { + get: "/healthz"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "probes"; + responses: { + key: "200"; + value: { + description: "ZITADEL started"; + }; + } + responses: { + key: "default"; + value: { + description: "ZITADEL NOT started yet"; + }; + } + }; + } + + //Checks whether an organisation exists by the given parameters rpc IsOrgUnique(IsOrgUniqueRequest) returns (IsOrgUniqueResponse) { option (google.api.http) = { - get: "/orgs/_is_unique" + get: "/orgs/_is_unique"; }; option (zitadel.v1.auth_option) = { - permission: "iam.read" + permission: "iam.read"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "orgs"; + tags: "global"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#Organizations"; + description: "detailed information about organizations"; + }; + responses: { + key: "200"; + value: { + description: "ZITADEL started"; + }; + }; + responses: { + key: "default"; + value: { + description: "ZITADEL NOT started yet"; + }; + }; }; } rpc GetOrgByID(GetOrgByIDRequest) returns (GetOrgByIDResponse) { option (google.api.http) = { - get: "/orgs/{id}" + get: "/orgs/{id}"; }; option (zitadel.v1.auth_option) = { - permission: "iam.read" + permission: "iam.read"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "orgs"; + tags: "global"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#Organizations"; + description: "detailed information about organizations"; + }; + responses: { + key: "200"; + value: { + description: "requested org found"; + }; + }; }; } + //Returns all organisations matching the request + // all queries need to match (ANDed) rpc ListOrgs(ListOrgsRequest) returns (ListOrgsResponse) { option (google.api.http) = { - post: "/orgs/_search" - body: "*" + post: "/orgs/_search"; + body: "*"; }; option (zitadel.v1.auth_option) = { - permission: "iam.read" + permission: "iam.read"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "orgs"; + tags: "global"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#Organizations"; + description: "detailed information about organizations"; + }; + responses: { + key: "200"; + value: { + description: "list of organisations matching the query"; + }; + }; + responses: { + key: "400"; + value: { + description: "invalid list query"; + schema: { + json_schema: { + ref: "#/definitions/rpcStatus"; + }; + }; + }; + }; }; } + //Creates a new org and user + // and adds the user to the orgs members as ORG_OWNER rpc SetUpOrg(SetUpOrgRequest) returns (SetUpOrgResponse) { option (google.api.http) = { - post: "/orgs/_setup" - body: "*" + post: "/orgs/_setup"; + body: "*"; }; option (zitadel.v1.auth_option) = { - permission: "iam.write" + permission: "iam.write"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "orgs"; + tags: "global"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#Organizations"; + description: "detailed information about organizations"; + }; + responses: { + key: "200"; + value: { + description: "org, user and user membership were created successfully"; + }; + }; + responses: { + key: "400"; + value: { + description: "invalid org or user"; + schema: { + json_schema: { + ref: "#/definitions/rpcStatus"; + }; + }; + }; + }; }; } rpc GetIDPByID(GetIDPByIDRequest) returns (GetIDPByIDResponse) { option (google.api.http) = { - get: "/idps/{id}" + get: "/idps/{id}"; }; option (zitadel.v1.auth_option) = { - permission: "iam.idp.read" + permission: "iam.idp.read"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "identity provider"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#What_are_Identity_Providers"; + description: "detailed information about identity providers"; + }; + responses: { + key: "200"; + value: { + description: "idp found"; + }; + }; + responses: { + key: "400"; + value: { + description: "invalid argument"; + schema: { + json_schema: { + ref: "#/definitions/rpcStatus"; + }; + }; + }; + }; }; } rpc ListIDPs(ListIDPsRequest) returns (ListIDPsResponse) { option (google.api.http) = { - post: "/idps/_search" - body: "*" + post: "/idps/_search"; + body: "*"; }; option (zitadel.v1.auth_option) = { - permission: "iam.idp.read" + permission: "iam.idp.read"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "identity provider"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#What_are_Identity_Providers"; + description: "detailed information about identity providers"; + }; + responses: { + key: "200"; + value: { + description: "idps found"; + }; + }; + responses: { + key: "400"; + value: { + description: "invalid query"; + schema: { + json_schema: { + ref: "#/definitions/rpcStatus"; + }; + }; + }; + }; }; } rpc AddOIDCIDP(AddOIDCIDPRequest) returns (AddOIDCIDPResponse) { option (google.api.http) = { - post: "/idps/oidc" - body: "*" + post: "/idps/oidc"; + body: "*"; }; option (zitadel.v1.auth_option) = { - permission: "iam.idp.write" + permission: "iam.idp.write"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "identity provider"; + tags: "oidc"; + + external_docs: { + url: "https://docs.zitadel.ch/architecture#OpenID_Connect_1_0_and_OAuth_2_0"; + description: "detailed descriptions about oidc configuration"; + }; + responses: { + key: "200"; + value: { + description: "idp created"; + }; + }; + responses: { + key: "400"; + value: { + description: "invalid argument"; + schema: { + json_schema: { + ref: "#/definitions/rpcStatus"; + }; + }; + }; + }; }; } + //Updates the specified idp + // all fields are updated. If no value is provided the field will be empty afterwards. rpc UpdateIDP(UpdateIDPRequest) returns (UpdateIDPResponse) { option (google.api.http) = { - put: "/idps/{idp_id}" - body: "*" + put: "/idps/{idp_id}"; + body: "*"; }; option (zitadel.v1.auth_option) = { - permission: "iam.idp.write" + permission: "iam.idp.write"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "identity provider"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#What_are_Identity_Providers"; + description: "detailed information about identity providers"; + }; + responses: { + key: "200"; + value: { + description: "idp updated"; + }; + }; + responses: { + key: "400"; + value: { + description: "invalid argument"; + schema: { + json_schema: { + ref: "#/definitions/rpcStatus"; + }; + }; + }; + }; }; } + //Sets the state of the idp to IDP_STATE_INACTIVE + // the state MUST be IDP_STATE_ACTIVE for this call rpc DeactivateIDP(DeactivateIDPRequest) returns (DeactivateIDPResponse) { option (google.api.http) = { - post: "/idps/{idp_id}/_deactivate" + post: "/idps/{idp_id}/_deactivate"; }; option (zitadel.v1.auth_option) = { - permission: "iam.idp.write" + permission: "iam.idp.write"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "identity provider"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#What_are_Identity_Providers"; + description: "detailed information about identity providers"; + }; + responses: { + key: "200"; + value: { + description: "idp deactivated"; + }; + }; + responses: { + key: "400"; + value: { + description: "unable to deactivate idp"; + schema: { + json_schema: { + ref: "#/definitions/rpcStatus"; + }; + }; + }; + }; }; } + //Sets the state of the idp to IDP_STATE_ACTIVE + // the state MUST be IDP_STATE_INACTIVE for this call rpc ReactivateIDP(ReactivateIDPRequest) returns (ReactivateIDPResponse) { option (google.api.http) = { - post: "/idps/{idp_id}/_reactivate" + post: "/idps/{idp_id}/_reactivate"; }; option (zitadel.v1.auth_option) = { - permission: "iam.idp.write" + permission: "iam.idp.write"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "identity provider"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#What_are_Identity_Providers"; + description: "detailed information about identity providers"; + }; + responses: { + key: "200"; + value: { + description: "idp reactivated"; + }; + }; + responses: { + key: "400"; + value: { + description: "unable to reactivate idp"; + schema: { + json_schema: { + ref: "#/definitions/rpcStatus"; + }; + }; + }; + }; }; } + //RemoveIDP deletes the IDP permanetly rpc RemoveIDP(RemoveIDPRequest) returns (RemoveIDPResponse) { option (google.api.http) = { - delete: "/idps/{idp_id}" + delete: "/idps/{idp_id}"; }; option (zitadel.v1.auth_option) = { - permission: "iam.idp.write" + permission: "iam.idp.write"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "identity provider"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#What_are_Identity_Providers"; + description: "detailed information about identity providers"; + }; + responses: { + key: "200"; + value: { + description: "idp removed"; + }; + }; + responses: { + key: "400"; + value: { + description: "unable to remove idp"; + schema: { + json_schema: { + ref: "#/definitions/rpcStatus"; + }; + }; + }; + }; }; } + //Updates the oidc configuration of the specified idp + // all fields are updated. If no value is provided the field will be empty afterwards. rpc UpdateIDPOIDCConfig(UpdateIDPOIDCConfigRequest) returns (UpdateIDPOIDCConfigResponse) { option (google.api.http) = { - put: "/idps/{idp_id}/oidc_config" - body: "*" + put: "/idps/{idp_id}/oidc_config"; + body: "*"; }; option (zitadel.v1.auth_option) = { - permission: "iam.idp.write" + permission: "iam.idp.write"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "identity provider"; + tags: "oidc"; + external_docs: { + url: "https://docs.zitadel.ch/architecture#OpenID_Connect_1_0_and_OAuth_2_0"; + description: "detailed descriptions about oidc configuration"; + }; + responses: { + key: "200"; + value: { + description: "oidc config updated"; + }; + }; + responses: { + key: "400"; + value: { + description: "invalid argument"; + schema: { + json_schema: { + ref: "#/definitions/rpcStatus"; + }; + }; + }; + }; + responses: { + key: "409"; + value: { + description: "precondition failed"; + schema: { + json_schema: { + ref: "#/definitions/rpcStatus"; + }; + }; + }; + }; }; } - + rpc GetDefaultFeatures(GetDefaultFeaturesRequest) returns (GetDefaultFeaturesResponse) { option(google.api.http) = { get: "/features" @@ -225,358 +634,1043 @@ service AdminService { }; } + //Returns the IAM policy defined by the administrators of ZITADEL rpc GetOrgIAMPolicy(GetOrgIAMPolicyRequest) returns (GetOrgIAMPolicyResponse) { option (google.api.http) = { - get: "/policies/orgiam" + get: "/policies/orgiam"; }; option (zitadel.v1.auth_option) = { - permission: "iam.policy.read" + permission: "iam.policy.read"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "org iam policy"; + tags: "policy"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#IAM_Access_Preference"; + description: "detailed information about the org iam policy"; + }; + responses: { + key: "200"; + value: { + description: "default org iam policy"; + }; + }; }; } + //Updates the default IAM policy. + // it impacts all organisations without a customised policy rpc UpdateOrgIAMPolicy(UpdateOrgIAMPolicyRequest) returns (UpdateOrgIAMPolicyResponse) { option (google.api.http) = { - put: "/policies/orgiam" - body: "*" + put: "/policies/orgiam"; + body: "*"; }; option (zitadel.v1.auth_option) = { - permission: "iam.policy.write" + permission: "iam.policy.write"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "org iam policy"; + tags: "policy"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#IAM_Access_Preference"; + description: "detailed information about the org iam policy"; + }; + responses: { + key: "200"; + value: { + description: "default org iam policy updated"; + }; + }; }; } + //Returns the customised policy or the default if not customised rpc GetCustomOrgIAMPolicy(GetCustomOrgIAMPolicyRequest) returns (GetCustomOrgIAMPolicyResponse) { option (google.api.http) = { - get: "/orgs/{org_id}/policies/orgiam" + get: "/orgs/{org_id}/policies/orgiam"; }; option (zitadel.v1.auth_option) = { - permission: "iam.policy.read" + permission: "iam.policy.read"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "org iam policy"; + tags: "policy"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#IAM_Access_Preference"; + description: "detailed information about the org iam policy"; + }; + responses: { + key: "200"; + value: { + description: "org iam policy of the org or the default policy if not customized"; + }; + }; }; } + //Defines a custom ORGIAM policy as specified rpc AddCustomOrgIAMPolicy(AddCustomOrgIAMPolicyRequest) returns (AddCustomOrgIAMPolicyResponse) { option (google.api.http) = { - post: "/orgs/{org_id}/policies/orgiam" - body: "*" + post: "/orgs/{org_id}/policies/orgiam"; + body: "*"; }; option (zitadel.v1.auth_option) = { - permission: "iam.policy.write" + permission: "iam.policy.write"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "org iam policy"; + tags: "policy"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#IAM_Access_Preference"; + description: "detailed information about the org iam policy"; + }; + responses: { + key: "200"; + value: { + description: "org iam policy created"; + }; + }; }; } + //Updates a custom ORGIAM policy as specified rpc UpdateCustomOrgIAMPolicy(UpdateCustomOrgIAMPolicyRequest) returns (UpdateCustomOrgIAMPolicyResponse) { option (google.api.http) = { - put: "/orgs/{org_id}/policies/orgiam" - body: "*" + put: "/orgs/{org_id}/policies/orgiam"; + body: "*"; }; option (zitadel.v1.auth_option) = { - permission: "iam.policy.write" + permission: "iam.policy.write"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "org iam policy"; + tags: "policy"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#IAM_Access_Preference"; + description: "detailed information about the org iam policy"; + }; + responses: { + key: "200"; + value: { + description: "org iam policy updated"; + }; + }; }; } + //Resets the org iam policy of the organisation to default + // ZITADEL will fallback to the default policy defined by the ZITADEL administrators rpc ResetCustomOrgIAMPolicyToDefault(ResetCustomOrgIAMPolicyToDefaultRequest) returns (ResetCustomOrgIAMPolicyToDefaultResponse) { option (google.api.http) = { - delete: "/orgs/{org_id}/policies/orgiam" + delete: "/orgs/{org_id}/policies/orgiam"; }; option (zitadel.v1.auth_option) = { - permission: "iam.policy.delete" + permission: "iam.policy.delete"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "org iam policy"; + tags: "policy"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#IAM_Access_Preference"; + description: "detailed information about the org iam policy"; + }; + responses: { + key: "200"; + value: { + description: "resets the custom org iam policy to the default policy"; + }; + }; }; } + //Returns the label policy defined by the administrators of ZITADEL rpc GetLabelPolicy(GetLabelPolicyRequest) returns (GetLabelPolicyResponse) { option (google.api.http) = { - get: "/policies/label" + get: "/policies/label"; }; option (zitadel.v1.auth_option) = { - permission: "iam.policy.read" + permission: "iam.policy.read"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "label policy"; + tags: "policy"; + responses: { + key: "200"; + value: { + description: "default label policy"; + }; + }; }; } + //Updates the default label policy of ZITADEL + // it impacts all organisations without a customised policy rpc UpdateLabelPolicy(UpdateLabelPolicyRequest) returns (UpdateLabelPolicyResponse) { option (google.api.http) = { - put: "/policies/label" - body: "*" + put: "/policies/label"; + body: "*"; }; option (zitadel.v1.auth_option) = { - permission: "iam.policy.write" + permission: "iam.policy.write"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "label policy"; + tags: "policy"; + responses: { + key: "200"; + value: { + description: "default label policy updated"; + }; + }; }; } + //Returns the login policy defined by the administrators of ZITADEL rpc GetLoginPolicy(GetLoginPolicyRequest) returns (GetLoginPolicyResponse) { option (google.api.http) = { - get: "/policies/login" + get: "/policies/login"; }; option (zitadel.v1.auth_option) = { - permission: "iam.policy.read" + permission: "iam.policy.read"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "login policy"; + tags: "policy"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#Login_Options"; + description: "detailed information about the login policy"; + }; + responses: { + key: "200"; + value: { + description: "default login policy"; + }; + }; }; } - + + //Updates the default login policy of ZITADEL + // it impacts all organisations without a customised policy rpc UpdateLoginPolicy(UpdateLoginPolicyRequest) returns (UpdateLoginPolicyResponse) { option (google.api.http) = { - put: "/policies/login" - body: "*" + put: "/policies/login"; + body: "*"; }; option (zitadel.v1.auth_option) = { - permission: "iam.policy.write" + permission: "iam.policy.write"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "login policy"; + tags: "policy"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#Login_Options"; + description: "detailed information about the login policy"; + }; + responses: { + key: "200"; + value: { + description: "default login policy updated"; + }; + }; }; } + //Returns the idps linked to the default login policy, + // defined by the administrators of ZITADEL rpc ListLoginPolicyIDPs(ListLoginPolicyIDPsRequest) returns (ListLoginPolicyIDPsResponse) { option (google.api.http) = { - post: "/policies/login/idps/_search" - body: "*" + post: "/policies/login/idps/_search"; + body: "*"; }; option (zitadel.v1.auth_option) = { - permission: "iam.policy.read" + permission: "iam.policy.read"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "login policy"; + tags: "policy"; + tags: "identity provider"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#Identity_Providers"; + description: "detailed information about identity providers"; + }; + responses: { + key: "200"; + value: { + description: "identity poviders of default login policy"; + }; + }; }; } + //Adds the povided idp to the default login policy. + // It impacts all organisations without a customised policy rpc AddIDPToLoginPolicy(AddIDPToLoginPolicyRequest) returns (AddIDPToLoginPolicyResponse) { option (google.api.http) = { - post: "/policies/login/idps" - body: "*" + post: "/policies/login/idps"; + body: "*"; + }; + + option (zitadel.v1.auth_option) = { + permission: "iam.policy.write"; }; - option (zitadel.v1.auth_option) = { - permission: "iam.policy.write" + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "login policy"; + tags: "policy"; + tags: "identity provider"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#Identity_Providers"; + description: "detailed information about identity providers"; + }; + responses: { + key: "200"; + value: { + description: "identity poviders added to default login policy"; + }; + }; }; } + //Removes the povided idp from the default login policy. + // It impacts all organisations without a customised policy rpc RemoveIDPFromLoginPolicy(RemoveIDPFromLoginPolicyRequest) returns (RemoveIDPFromLoginPolicyResponse) { option (google.api.http) = { - delete: "/policies/login/idps/{idp_id}" + delete: "/policies/login/idps/{idp_id}"; }; option (zitadel.v1.auth_option) = { - permission: "iam.policy.write" + permission: "iam.policy.write"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "login policy"; + tags: "policy"; + tags: "identity provider"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#Identity_Providers"; + description: "detailed information about identity providers"; + }; + responses: { + key: "200"; + value: { + description: "identity poviders removed from default login policy"; + }; + }; }; } + //Returns the available second factors defined by the administrators of ZITADEL rpc ListLoginPolicySecondFactors(ListLoginPolicySecondFactorsRequest) returns (ListLoginPolicySecondFactorsResponse) { option (google.api.http) = { - post: "/policies/login/second_factors/_search" + post: "/policies/login/second_factors/_search"; }; option (zitadel.v1.auth_option) = { - permission: "iam.policy.read" + permission: "iam.policy.read"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "second factor"; + tags: "policy"; + tags: "identity provider"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#Identity_Providers"; + description: "detailed information about identity providers"; + }; + responses: { + key: "200"; + value: { + description: "second factors of default login policy"; + }; + }; }; } + //Adds a second factor to the default login policy. + // It impacts all organisations without a customised policy rpc AddSecondFactorToLoginPolicy(AddSecondFactorToLoginPolicyRequest) returns (AddSecondFactorToLoginPolicyResponse) { option (google.api.http) = { - post: "/policies/login/second_factors" - body: "*" + post: "/policies/login/second_factors"; + body: "*"; }; option (zitadel.v1.auth_option) = { - permission: "iam.policy.write" + permission: "iam.policy.write"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "second factor"; + tags: "policy"; + tags: "identity provider"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#Identity_Providers"; + description: "detailed information about identity providers"; + }; + responses: { + key: "200"; + value: { + description: "second factor added to default login policy"; + }; + }; + responses: { + key: "400"; + value: { + description: "invalid second factor type"; + schema: { + json_schema: { + ref: "#/definitions/rpcStatus"; + }; + }; + }; + }; }; } + //Removes a second factor from the default login policy. + // It impacts all organisations without a customised policy rpc RemoveSecondFactorFromLoginPolicy(RemoveSecondFactorFromLoginPolicyRequest) returns (RemoveSecondFactorFromLoginPolicyResponse) { option (google.api.http) = { - delete: "/policies/login/second_factors/{type}" + delete: "/policies/login/second_factors/{type}"; }; option (zitadel.v1.auth_option) = { - permission: "iam.policy.write" + permission: "iam.policy.write"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "second factor"; + tags: "policy"; + tags: "identity provider"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#Identity_Providers"; + description: "detailed information about identity providers"; + }; + responses: { + key: "200"; + value: { + description: "second factor removed from default login policy"; + }; + }; + responses: { + key: "400"; + value: { + description: "invalid second factor type"; + schema: { + json_schema: { + ref: "#/definitions/rpcStatus"; + }; + }; + }; + }; }; } + //Returns the available multi factors defined by the administrators of ZITADEL rpc ListLoginPolicyMultiFactors(ListLoginPolicyMultiFactorsRequest) returns (ListLoginPolicyMultiFactorsResponse) { option (google.api.http) = { - post: "/policies/login/multi_factors/_search" + post: "/policies/login/multi_factors/_search"; }; option (zitadel.v1.auth_option) = { - permission: "iam.policy.read" + permission: "iam.policy.read"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "multi factor"; + tags: "policy"; + tags: "identity provider"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#Identity_Providers"; + description: "detailed information about identity providers"; + }; + responses: { + key: "200"; + value: { + description: "multi factors of default login policy"; + }; + }; }; } + //Adds a multi factor to the default login policy. + // It impacts all organisations without a customised policy rpc AddMultiFactorToLoginPolicy(AddMultiFactorToLoginPolicyRequest) returns (AddMultiFactorToLoginPolicyResponse) { option (google.api.http) = { - post: "/policies/login/multi_factors" - body: "*" + post: "/policies/login/multi_factors"; + body: "*"; }; option (zitadel.v1.auth_option) = { - permission: "iam.policy.write" + permission: "iam.policy.write"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "multi factor"; + tags: "policy"; + tags: "identity provider"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#Identity_Providers"; + description: "detailed information about identity providers"; + }; + responses: { + key: "200"; + value: { + description: "multi factor added to default login policy"; + }; + }; + responses: { + key: "400"; + value: { + description: "invalid multi factor type"; + schema: { + json_schema: { + ref: "#/definitions/rpcStatus"; + }; + }; + }; + }; }; } + //Removes a multi factor from the default login policy. + // It impacts all organisations without a customised policy rpc RemoveMultiFactorFromLoginPolicy(RemoveMultiFactorFromLoginPolicyRequest) returns (RemoveMultiFactorFromLoginPolicyResponse) { option (google.api.http) = { - delete: "/policies/login/multi_factors/{type}" + delete: "/policies/login/multi_factors/{type}"; }; option (zitadel.v1.auth_option) = { - permission: "iam.policy.write" + permission: "iam.policy.write"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "multi factor"; + tags: "policy"; + tags: "identity provider"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#Identity_Providers"; + description: "detailed information about identity providers"; + }; + responses: { + key: "200"; + value: { + description: "second factor removed from default login policy"; + }; + }; + responses: { + key: "400"; + value: { + description: "multi factor type not defined on policy"; + schema: { + json_schema: { + ref: "#/definitions/rpcStatus"; + }; + }; + }; + }; }; } + //Returns the password complexity policy defined by the administrators of ZITADEL rpc GetPasswordComplexityPolicy(GetPasswordComplexityPolicyRequest) returns (GetPasswordComplexityPolicyResponse) { option (google.api.http) = { - get: "/policies/password/complexity" + get: "/policies/password/complexity"; }; option (zitadel.v1.auth_option) = { - permission: "iam.policy.read" + permission: "iam.policy.read"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "policy"; + tags: "password policy"; + tags: "password complexity"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#Password_complexity"; + description: "detailed information about the password complexity policy"; + }; + responses: { + key: "200"; + value: { + description: "default password complexity policy"; + }; + }; }; } + //Updates the default password complexity policy of ZITADEL + // it impacts all organisations without a customised policy rpc UpdatePasswordComplexityPolicy(UpdatePasswordComplexityPolicyRequest) returns (UpdatePasswordComplexityPolicyResponse) { option (google.api.http) = { - put: "/policies/password/complexity" - body: "*" + put: "/policies/password/complexity"; + body: "*"; }; option (zitadel.v1.auth_option) = { - permission: "iam.policy.write" + permission: "iam.policy.write"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "policy"; + tags: "password policy"; + tags: "password complexity"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#Password_complexity"; + description: "detailed information about the password complexity policy"; + }; + responses: { + key: "200"; + value: { + description: "default password complexity policy updated"; + }; + }; + responses: { + key: "400"; + value: { + description: "invalid argument"; + schema: { + json_schema: { + ref: "#/definitions/rpcStatus"; + }; + }; + }; + }; }; } + //Returns the password age policy defined by the administrators of ZITADEL rpc GetPasswordAgePolicy(GetPasswordAgePolicyRequest) returns (GetPasswordAgePolicyResponse) { option (google.api.http) = { - get: "/policies/password/age" + get: "/policies/password/age"; }; option (zitadel.v1.auth_option) = { - permission: "iam.policy.read" + permission: "iam.policy.read"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "policy"; + tags: "password policy"; + tags: "password age"; + responses: { + key: "200"; + value: { + description: "default password age policy"; + }; + }; }; } - + + //Updates the default password age policy of ZITADEL + // it impacts all organisations without a customised policy rpc UpdatePasswordAgePolicy(UpdatePasswordAgePolicyRequest) returns (UpdatePasswordAgePolicyResponse) { option (google.api.http) = { - put: "/policies/password/age" - body: "*" + put: "/policies/password/age"; + body: "*"; }; option (zitadel.v1.auth_option) = { - permission: "iam.policy.write" + permission: "iam.policy.write"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "policy"; + tags: "password policy"; + tags: "password age"; + responses: { + key: "200"; + value: { + description: "default password age policy updated"; + }; + }; + responses: { + key: "400"; + value: { + description: "invalid argument"; + schema: { + json_schema: { + ref: "#/definitions/rpcStatus"; + }; + }; + }; + }; }; } + //Returns the password lockout policy defined by the administrators of ZITADEL rpc GetPasswordLockoutPolicy(GetPasswordLockoutPolicyRequest) returns (GetPasswordLockoutPolicyResponse) { option (google.api.http) = { - get: "/policies/password/lockout" + get: "/policies/password/lockout"; }; option (zitadel.v1.auth_option) = { - permission: "iam.policy.read" + permission: "iam.policy.read"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "policy"; + tags: "password policy"; + tags: "password lockout policy"; + responses: { + key: "200"; + value: { + description: "default password lockout policy"; + }; + }; }; } - + + //Updates the default password lockout policy of ZITADEL + // it impacts all organisations without a customised policy rpc UpdatePasswordLockoutPolicy(UpdatePasswordLockoutPolicyRequest) returns (UpdatePasswordLockoutPolicyResponse) { option (google.api.http) = { - put: "/policies/password/lockout" - body: "*" + put: "/policies/password/lockout"; + body: "*"; }; option (zitadel.v1.auth_option) = { - permission: "iam.policy.write" + permission: "iam.policy.write"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "policy"; + tags: "password policy"; + tags: "password lockout policy"; + responses: { + key: "200"; + value: { + description: "default password lockout policy updated"; + }; + }; + responses: { + key: "400"; + value: { + description: "invalid argument"; + schema: { + json_schema: { + ref: "#/definitions/rpcStatus"; + }; + }; + }; + }; }; } + //Returns the IAM roles visible for the requested user rpc ListIAMMemberRoles(ListIAMMemberRolesRequest) returns (ListIAMMemberRolesResponse) { option (google.api.http) = { - post: "/members/roles/_search" + post: "/members/roles/_search"; }; option (zitadel.v1.auth_option) = { - permission: "iam.member.read" + permission: "iam.member.read"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "iam"; + tags: "member"; + tags: "roles"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#ZITADEL_s_management_roles"; + description: "detailed information about the IAM member roles"; + }; + responses: { + key: "200"; + value: { + description: "roles on the IAM of the user"; + }; + }; }; } + //Returns all members matching the request + // all queries need to match (ANDed) rpc ListIAMMembers(ListIAMMembersRequest) returns (ListIAMMembersResponse) { option (google.api.http) = { - post: "/members/_search" - body: "*" + post: "/members/_search"; + body: "*"; }; option (zitadel.v1.auth_option) = { - permission: "iam.member.read" + permission: "iam.member.read"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "iam"; + tags: "member"; + tags: "iam member"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#ZITADEL_s_management_roles"; + description: "detailed information about the IAM member roles"; + }; + responses: { + key: "200"; + value: { + description: "members of the IAM"; + }; + }; }; } + //Adds a user to the membership list of ZITADEL with the given roles + // undefined roles will be dropped rpc AddIAMMember(AddIAMMemberRequest) returns (AddIAMMemberResponse) { option (google.api.http) = { - post: "/members" - body: "*" + post: "/members"; + body: "*"; }; option (zitadel.v1.auth_option) = { - permission: "iam.member.write" + permission: "iam.member.write"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "iam"; + tags: "member"; + tags: "iam member"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#ZITADEL_s_management_roles"; + description: "detailed information about the IAM member roles"; + }; + responses: { + key: "200"; + value: { + description: "Member added to the IAM"; + }; + }; + responses: { + key: "400"; + value: { + description: "user not found or invalid roles"; + schema: { + json_schema: { + ref: "#/definitions/rpcStatus"; + }; + }; + }; + }; }; } + //Sets the given roles on a member. + // The member has only roles provided by this call rpc UpdateIAMMember(UpdateIAMMemberRequest) returns (UpdateIAMMemberResponse) { option (google.api.http) = { - put: "/members/{user_id}" - body: "*" + put: "/members/{user_id}"; + body: "*"; }; option (zitadel.v1.auth_option) = { - permission: "iam.member.write" + permission: "iam.member.write"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "iam"; + tags: "member"; + tags: "iam member"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#ZITADEL_s_management_roles"; + description: "detailed information about the IAM member roles"; + }; + responses: { + key: "200"; + value: { + description: "Member of the IAM updated"; + }; + }; + responses: { + key: "400"; + value: { + description: "invalid user or roles"; + schema: { + json_schema: { + ref: "#/definitions/rpcStatus"; + }; + }; + }; + }; }; } + //Removes the user from the membership list of ZITADEL rpc RemoveIAMMember(RemoveIAMMemberRequest) returns (RemoveIAMMemberResponse) { option (google.api.http) = { - delete: "/members/{user_id}" + delete: "/members/{user_id}"; }; option (zitadel.v1.auth_option) = { - permission: "iam.member.delete" + permission: "iam.member.delete"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "iam"; + tags: "member"; + tags: "iam member"; + external_docs: { + url: "https://docs.zitadel.ch/administrate#ZITADEL_s_management_roles"; + description: "detailed information about the IAM member roles"; + }; + responses: { + key: "200"; + value: { + description: "Member of the IAM removed"; + }; + }; + responses: { + key: "400"; + value: { + description: "invalid user"; + schema: { + json_schema: { + ref: "#/definitions/rpcStatus"; + }; + }; + }; + }; }; } + //Returns all stored read models of ZITADEL + // views are used for search optimisation and optimise request latencies + // they represent the delta of the event happend on the objects rpc ListViews(ListViewsRequest) returns (ListViewsResponse) { option (google.api.http) = { - post: "/views/_search" + post: "/views/_search"; }; option (zitadel.v1.auth_option) = { - permission: "iam.read" + permission: "iam.read"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "views"; + external_docs: { + url: "https://docs.zitadel.ch/architecture#Software_Architecture"; + description: "details of ZITADEL's event driven software architecture"; + }; + responses: { + key: "200"; + value: { + description: "Views for query operations"; + }; + }; }; } + //Truncates the delta of the change stream + // be carefull with this function because ZITADEL has to + // recompute the deltas after they got cleared. + // Search requests will return wrong results until all deltas are recomputed rpc ClearView(ClearViewRequest) returns (ClearViewResponse) { option (google.api.http) = { - post: "/views/{database}/{view_name}" + post: "/views/{database}/{view_name}"; }; option (zitadel.v1.auth_option) = { - permission: "iam.write" + permission: "iam.write"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "views"; + external_docs: { + url: "https://docs.zitadel.ch/architecture#Software_Architecture"; + description: "details of ZITADEL's event driven software architecture"; + }; + responses: { + key: "200"; + value: { + description: "View cleared"; + }; + }; }; } + //Returns event descriptions which cannot be processed. + // It's possible that some events need some retries. + // For example if the SMTP-API wasn't able to send an email at the first time rpc ListFailedEvents(ListFailedEventsRequest) returns (ListFailedEventsResponse) { option (google.api.http) = { - post: "/failedevents/_search" + post: "/failedevents/_search"; }; option (zitadel.v1.auth_option) = { - permission: "iam.read" + permission: "iam.read"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "failed events"; + external_docs: { + url: "https://docs.zitadel.ch/architecture#Software_Architecture"; + description: "details of ZITADEL's event driven software architecture"; + }; + responses: { + key: "200"; + value: { + description: "Events which were not processed by the views"; + }; + }; }; } + //Deletes the event from failed events view. + // the event is not removed from the change stream + // This call is usefull if the system was able to process the event later. + // e.g. if the second try of sending an email was successful. the first try produced a + // failed event. You can find out if it worked on the `failure_count` rpc RemoveFailedEvent(RemoveFailedEventRequest) returns (RemoveFailedEventResponse) { option (google.api.http) = { - delete: "/failedevents/{database}/{view_name}/{failed_sequence}" + delete: "/failedevents/{database}/{view_name}/{failed_sequence}"; }; option (zitadel.v1.auth_option) = { - permission: "iam.write" + permission: "iam.write"; + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "failed events"; + external_docs: { + url: "https://docs.zitadel.ch/architecture#Software_Architecture"; + description: "details of ZITADEL's event driven software architecture"; + }; + responses: { + key: "200"; + value: { + description: "Events removed from the list"; + }; + }; + responses: { + key: "400"; + value: { + description: "failed event not found"; + schema: { + json_schema: { + ref: "#/definitions/rpcStatus"; + }; + }; + }; + }; }; } } @@ -585,9 +1679,31 @@ message HealthzRequest {} message HealthzResponse {} +// parameters are ORed message IsOrgUniqueRequest { - string name = 1 [(validate.rules).string.min_len = 1]; - string domain = 2 [(validate.rules).string.min_len = 1]; + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + description: "All unique fields of an organisation"; + required: ["name", "domain"] + }; + }; + + string name = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"CAOS AG\""; + min_length: 1; + max_length: 200; + } + ]; + string domain = 2 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"caos.ch\""; + min_length: 1; + max_length: 200; + } + ]; } message IsOrgUniqueResponse { @@ -595,7 +1711,14 @@ message IsOrgUniqueResponse { } message GetOrgByIDRequest { - string id = 1 [(validate.rules).string.min_len = 1]; + string id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\""; + min_length: 1; + max_length: 200; + } + ]; } message GetOrgByIDResponse { @@ -603,8 +1726,18 @@ message GetOrgByIDResponse { } message ListOrgsRequest { + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + description: "Search query for lists"; + required: ["query"] + }; + }; + + //list limitations and ordering zitadel.v1.ListQuery query = 1; + // the field the result is sorted zitadel.org.v1.OrgFieldName sorting_column = 2; + //criterias the client is looking for repeated zitadel.org.v1.OrgQuery queries = 3; } @@ -615,40 +1748,157 @@ message ListOrgsResponse { } message SetUpOrgRequest { + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + description: "Request to set up an organisation. User is required"; + required: ["org", "user"] + }; + }; + message Org { - string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; - string domain = 2; + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + required: ["name"] + }; + }; + string name = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"CAOS AG\""; + } + ]; + string domain = 2 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "ZITADEL generates a domain (.zitadel.ch) for an organisation, the field is not required"; + max_length: 200; + example: "\"caos.ch\""; + } + ]; } + message Human { + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + required: ["user_name", "profile", "email", "password"]; + }; + }; + message Profile { - string first_name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; - string last_name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; - string nick_name = 3 [(validate.rules).string = {max_len: 200}]; - string display_name = 4 [(validate.rules).string = {max_len: 200}]; - string preferred_language = 5 [(validate.rules).string = {max_len: 10}]; + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + required: ["first_name", "last_name"]; + }; + }; + + string first_name = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"Gigi\""; + } + ]; + string last_name = 2 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"Giraffe\""; + } + ]; + string nick_name = 3 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + max_length: 200; + example: "\"long_neck\""; + } + ]; + string display_name = 4 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "a user can set his display name, if nothing is set ZITADEL computes \"first_name last_name\""; + max_length: 200; + example: "\"Gigi Giraffe\""; + } + ]; + string preferred_language = 5 [ + (validate.rules).string = {max_len: 10}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "language tag analog https://tools.ietf.org/html/rfc3066"; + max_length: 10; + example: "\"en\""; + } + ]; zitadel.user.v1.Gender gender = 6; } message Email { - string email = 1 [(validate.rules).string.email = true]; //TODO: check if no value is allowed + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + required: ["email"]; + }; + }; + + string email = 1 [ + (validate.rules).string.email = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "email address of the user. (spec: https://tools.ietf.org/html/rfc2822#section-3.4.1)"; + min_length: 1; + example: "\"gigi@caos.ch\""; + } + ]; //TODO: check if no value is allowed bool is_email_verified = 2; } message Phone { + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + required: ["phone"]; + }; + }; // has to be a global number - string phone = 1 [(validate.rules).string = {min_len: 1, max_len: 50, prefix: "+"}]; + string phone = 1 [ + (validate.rules).string = {min_len: 1, max_len: 50, prefix: "+"}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "mobile phone number of the user. (use global pattern of spec https://tools.ietf.org/html/rfc3966)"; + min_length: 1; + max_length: 50; + example: "\"+41 71 000 00 00\""; + } + ]; bool is_phone_verified = 2; } - - string user_name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; - + + string user_name = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"mr_long_neck\""; + } + ]; + Profile profile = 2 [(validate.rules).message.required = true]; Email email = 3 [(validate.rules).message.required = true]; Phone phone = 4; - string password = 5 [(validate.rules).string = {min_len: 1, max_len: 72}]; + string password = 5 [ + (validate.rules).string = {min_len: 1, max_len: 72}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "the initial password of the user"; + min_length: 1; + max_length: 72; + example: "\"my_53cr3t-P4$$w0rd\""; + } + ]; } - Org org = 1 [(validate.rules).message.required = true]; + Org org = 1 [ + (validate.rules).message.required = true + ]; oneof user { option (validate.required) = true; + // oneof field for the user managing the organisation Human human = 2; } } @@ -660,7 +1910,14 @@ message SetUpOrgResponse { } message GetIDPByIDRequest { - string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; + string id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"69234230193872955\""; + } + ]; } message GetIDPByIDResponse { @@ -668,8 +1925,11 @@ message GetIDPByIDResponse { } message ListIDPsRequest { + //list limitations and ordering zitadel.v1.ListQuery query = 1; + // the field the result is sorted zitadel.idp.v1.IDPFieldName sorting_column = 2; + //criterias the client is looking for repeated IDPQuery queries = 3; } @@ -687,15 +1947,69 @@ message ListIDPsResponse { } message AddOIDCIDPRequest { - string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; - zitadel.idp.v1.IDPStylingType styling_type = 2 [(validate.rules).enum = {defined_only: true}]; + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + required: ["name", "client_id", "client_secret", "issuer"] + }; + }; - string client_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}]; - string client_secret = 4 [(validate.rules).string = {min_len: 1, max_len: 200}]; - string issuer = 5 [(validate.rules).string = {min_len: 1, max_len: 200}]; - repeated string scopes = 6; - zitadel.idp.v1.OIDCMappingField display_name_mapping = 7 [(validate.rules).enum = {defined_only: true}]; - zitadel.idp.v1.OIDCMappingField username_mapping = 8 [(validate.rules).enum = {defined_only: true}]; + string name = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"google\""; + min_length: 1; + max_length: 200; + } + ]; + zitadel.idp.v1.IDPStylingType styling_type = 2 [ + (validate.rules).enum = {defined_only: true}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "some identity providers specify the styling of the button to their login"; + } + ]; + string client_id = 3 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "client id generated by the identity provider"; + min_length: 1; + max_length: 200; + } + ]; + string client_secret = 4 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "client secret generated by the identity provider"; + min_length: 1; + max_length: 200; + } + ]; + string issuer = 5 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"https://accounts.google.com\""; + description: "the oidc issuer of the identity provider"; + min_length: 1; + max_length: 200; + } + ]; + repeated string scopes = 6 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"openid\", \"profile\", \"email\"]"; + description: "the scopes requested by ZITADEL during the request on the identity provider"; + } + ]; + zitadel.idp.v1.OIDCMappingField display_name_mapping = 7 [ + (validate.rules).enum = {defined_only: true}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "definition which field is mapped to the display name of the user"; + } + ]; + zitadel.idp.v1.OIDCMappingField username_mapping = 8 [ + (validate.rules).enum = {defined_only: true}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "definition which field is mapped to the email of the user"; + } + ]; } message AddOIDCIDPResponse { @@ -704,9 +2018,28 @@ message AddOIDCIDPResponse { } message UpdateIDPRequest { + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + description: "Updates fields of an idp"; + required: ["idp_id", "name"] + }; + }; + string idp_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; - string name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; - zitadel.idp.v1.IDPStylingType styling_type = 3 [(validate.rules).enum = {defined_only: true}]; + string name = 2 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"google\""; + min_length: 1; + max_length: 200; + } + ]; + zitadel.idp.v1.IDPStylingType styling_type = 3 [ + (validate.rules).enum = {defined_only: true}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "some identity providers specify the styling of the button to their login"; + } + ]; } message UpdateIDPResponse { @@ -714,7 +2047,19 @@ message UpdateIDPResponse { } message DeactivateIDPRequest { - string idp_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + required: ["idp_id"] + }; + }; + string idp_id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\""; + min_length: 1; + max_length: 200; + } + ]; } message DeactivateIDPResponse { @@ -722,7 +2067,19 @@ message DeactivateIDPResponse { } message ReactivateIDPRequest { - string idp_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + required: ["idp_id"] + }; + }; + string idp_id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\""; + min_length: 1; + max_length: 200; + } + ]; } message ReactivateIDPResponse { @@ -730,7 +2087,20 @@ message ReactivateIDPResponse { } message RemoveIDPRequest { - string idp_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + required: ["idp_id"] + }; + }; + + string idp_id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\""; + min_length: 1; + max_length: 200; + } + ]; } message RemoveIDPResponse { @@ -738,13 +2108,62 @@ message RemoveIDPResponse { } message UpdateIDPOIDCConfigRequest { - string idp_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; - string issuer = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; - string client_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}]; - string client_secret = 4 [(validate.rules).string = {max_len: 200}]; - repeated string scopes = 5; - zitadel.idp.v1.OIDCMappingField display_name_mapping = 6 [(validate.rules).enum = {defined_only: true}]; - zitadel.idp.v1.OIDCMappingField username_mapping = 7 [(validate.rules).enum = {defined_only: true}]; + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + required: ["idp_id", "issuer", "client_id"] + }; + }; + + string idp_id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\""; + min_length: 1; + max_length: 200; + } + ]; + string issuer = 2 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"https://accounts.google.com\""; + description: "the oidc issuer of the identity provider"; + min_length: 1; + max_length: 200; + } + ]; + string client_id = 3 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "client id generated by the identity provider"; + min_length: 1; + max_length: 200; + } + ]; + string client_secret = 4 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "client secret generated by the identity provider. If empty the secret is not overwritten"; + max_length: 200; + } + ]; + repeated string scopes = 5 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"openid\", \"profile\", \"email\"]"; + description: "the scopes requested by ZITADEL during the request on the identity provider"; + } + ]; + zitadel.idp.v1.OIDCMappingField display_name_mapping = 6 [ + (validate.rules).enum = {defined_only: true}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "definition which field is mapped to the display name of the user"; + } + ]; + zitadel.idp.v1.OIDCMappingField username_mapping = 7 [ + (validate.rules).enum = {defined_only: true}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "definition which field is mapped to the email of the user"; + } + ]; } message UpdateIDPOIDCConfigResponse { @@ -826,7 +2245,19 @@ message UpdateOrgIAMPolicyResponse { } message GetCustomOrgIAMPolicyRequest { - string org_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + required: ["org_id"] + }; + }; + string org_id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"#69629023906488334\""; + min_length: 1; + max_length: 200; + } + ]; } message GetCustomOrgIAMPolicyResponse { @@ -835,8 +2266,25 @@ message GetCustomOrgIAMPolicyResponse { } message AddCustomOrgIAMPolicyRequest { - string org_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; - bool user_login_must_be_domain = 2; + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + required: ["org_id"] + }; + }; + + string org_id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"#69629023906488334\""; + min_length: 1; + max_length: 200; + } + ]; + bool user_login_must_be_domain = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "the username has to end with the domain of it's organisation" + } + ]; } message AddCustomOrgIAMPolicyResponse { @@ -844,8 +2292,25 @@ message AddCustomOrgIAMPolicyResponse { } message UpdateCustomOrgIAMPolicyRequest { - string org_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; - bool user_login_must_be_domain = 2; + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + required: ["org_id"] + }; + }; + + string org_id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\""; + min_length: 1; + max_length: 200; + } + ]; + bool user_login_must_be_domain = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "the username has to end with the domain of it's organisation" + } + ]; } message UpdateCustomOrgIAMPolicyResponse { @@ -853,7 +2318,20 @@ message UpdateCustomOrgIAMPolicyResponse { } message ResetCustomOrgIAMPolicyToDefaultRequest { - string org_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + required: ["org_id"] + }; + }; + + string org_id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\""; + min_length: 1; + max_length: 200; + } + ]; } message ResetCustomOrgIAMPolicyToDefaultResponse { @@ -867,9 +2345,35 @@ message GetLabelPolicyResponse { } message UpdateLabelPolicyRequest { - string primary_color = 1 [(validate.rules).string = {min_len: 1, max_len: 50}]; - string secondary_color = 2 [(validate.rules).string = {min_len: 1, max_len: 50}]; - bool hide_login_name_suffix = 3; + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + required: ["primary_color", "secondary_color"] + }; + }; + + string primary_color = 1 [ + (validate.rules).string = {min_len: 1, max_len: 50}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "respresents a color scheme" + example: "\"#353535\""; + min_length: 1; + max_length: 50; + } + ]; + string secondary_color = 2 [ + (validate.rules).string = {min_len: 1, max_len: 50}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "respresents a color scheme"; + example: "\"#707070\""; + min_length: 1; + max_length: 50; + } + ]; + bool hide_login_name_suffix = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "hides the org suffix on the login form if the scope \"urn:zitadel:iam:org:domain:primary:{domainname}\" is set. Details about this scope in https://docs.zitadel.ch/architecture#Reserved_Scopes"; + } + ]; } message UpdateLabelPolicyResponse { @@ -883,11 +2387,31 @@ message GetLoginPolicyResponse { } message UpdateLoginPolicyRequest { - bool allow_username_password = 1; - bool allow_register = 2; - bool allow_external_idp = 3; - bool force_mfa = 4; - zitadel.policy.v1.PasswordlessType passwordless_type = 5 [(validate.rules).enum = {defined_only: true}]; + bool allow_username_password = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines if a user is allowed to login with his username and password" + } + ]; + bool allow_register = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines if a person is allowed to register a user on this organisation" + } + ]; + bool allow_external_idp = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines if a user is allowed to add a defined identity provider. E.g. Google auth" + } + ]; + bool force_mfa = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines if a user MUST use a multi factor to log in" + } + ]; + zitadel.policy.v1.PasswordlessType passwordless_type = 5 [ + (validate.rules).enum = {defined_only: true}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines if passwordless is allowed for users" + }]; } message UpdateLoginPolicyResponse { @@ -895,6 +2419,7 @@ message UpdateLoginPolicyResponse { } message ListLoginPolicyIDPsRequest { + //list limitations and ordering zitadel.v1.ListQuery query = 1; } @@ -904,7 +2429,20 @@ message ListLoginPolicyIDPsResponse { } message AddIDPToLoginPolicyRequest { - string idp_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + required: ["org_id"] + }; + }; + + string idp_id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\""; + min_length: 1; + max_length: 200; + } + ]; } message AddIDPToLoginPolicyResponse { @@ -912,7 +2450,20 @@ message AddIDPToLoginPolicyResponse { } message RemoveIDPFromLoginPolicyRequest { - string idp_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + required: ["idp_id"] + }; + }; + + string idp_id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\""; + min_length: 1; + max_length: 200; + } + ]; } message RemoveIDPFromLoginPolicyResponse { @@ -927,6 +2478,12 @@ message ListLoginPolicySecondFactorsResponse { } message AddSecondFactorToLoginPolicyRequest { + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + required: ["type"] + }; + }; + zitadel.policy.v1.SecondFactorType type = 1 [(validate.rules).enum = {defined_only: true, not_in: [0]}]; } @@ -935,6 +2492,12 @@ message AddSecondFactorToLoginPolicyResponse { } message RemoveSecondFactorFromLoginPolicyRequest { + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + required: ["type"] + }; + }; + zitadel.policy.v1.SecondFactorType type = 1 [(validate.rules).enum = {defined_only: true, not_in: [0]}]; } @@ -950,6 +2513,12 @@ message ListLoginPolicyMultiFactorsResponse { } message AddMultiFactorToLoginPolicyRequest { + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + required: ["type"] + }; + }; + zitadel.policy.v1.MultiFactorType type = 1 [(validate.rules).enum = {defined_only: true, not_in: [0]}]; } @@ -958,6 +2527,12 @@ message AddMultiFactorToLoginPolicyResponse { } message RemoveMultiFactorFromLoginPolicyRequest { + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + required: ["type"] + }; + }; + zitadel.policy.v1.MultiFactorType type = 1 [(validate.rules).enum = {defined_only: true, not_in: [0]}]; } @@ -972,11 +2547,31 @@ message GetPasswordComplexityPolicyResponse { } message UpdatePasswordComplexityPolicyRequest { - uint32 min_length = 1; - bool has_uppercase = 2; - bool has_lowercase = 3; - bool has_number = 4; - bool has_symbol = 5; + uint32 min_length = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"8\"" + } + ]; + bool has_uppercase = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines if the password MUST contain an upper case letter" + } + ]; + bool has_lowercase = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines if the password MUST contain a lower case letter" + } + ]; + bool has_number = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines if the password MUST contain a numer" + } + ]; + bool has_symbol = 5 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines if the password MUST contain a symbol. E.g. \"$\"" + } + ]; } message UpdatePasswordComplexityPolicyResponse { @@ -990,8 +2585,18 @@ message GetPasswordAgePolicyResponse { } message UpdatePasswordAgePolicyRequest { - uint32 max_age_days = 1; - uint32 expire_warn_days = 2; + uint32 max_age_days = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Maximum days since last password change" + example: "\"365\"" + } + ]; + uint32 expire_warn_days = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Days before the password expiry the user gets notified to change the password" + example: "\"10\"" + } + ]; } message UpdatePasswordAgePolicyResponse { @@ -1005,7 +2610,14 @@ message GetPasswordLockoutPolicyResponse { } message UpdatePasswordLockoutPolicyRequest { - uint32 max_attempts = 1; + // failed attempts until a user gets locked + uint32 max_attempts = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Maximum attempts before the account gets locked. Attempts are reset as soon as the password is entered correct or the password is reset." + example: "\"10\"" + } + ]; + // TODO: how to describe? bool show_lockout_failure = 2; } @@ -1014,7 +2626,21 @@ message UpdatePasswordLockoutPolicyResponse { } message AddIAMMemberRequest { - string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + required: ["user_id"] + }; + }; + + string user_id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\""; + min_length: 1; + max_length: 200; + } + ]; + //if no roles provided the user won't have any rights repeated string roles = 2; } @@ -1023,7 +2649,21 @@ message AddIAMMemberResponse { } message UpdateIAMMemberRequest { - string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + required: ["user_id"] + }; + }; + + string user_id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\""; + min_length: 1; + max_length: 200; + } + ]; + //if no roles provided the user won't have any rights repeated string roles = 2; } @@ -1032,7 +2672,20 @@ message UpdateIAMMemberResponse { } message RemoveIAMMemberRequest { - string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + required: ["user_id"] + }; + }; + + string user_id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\""; + min_length: 1; + max_length: 200; + } + ]; } message RemoveIAMMemberResponse { @@ -1047,7 +2700,9 @@ message ListIAMMemberRolesResponse { } message ListIAMMembersRequest { + //list limitations and ordering zitadel.v1.ListQuery query = 1; + //criterias the client is looking for repeated zitadel.member.v1.SearchQuery queries = 2; } @@ -1059,13 +2714,33 @@ message ListIAMMembersResponse { message ListViewsRequest {} message ListViewsResponse { - //TODO: search + //TODO: list details repeated View result = 1; } message ClearViewRequest { - string database = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; - string view_name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + required: ["database", "view_name"] + }; + }; + + string database = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"adminapi\""; + min_length: 1; + max_length: 200; + } + ]; + string view_name = 2 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"iam_members\""; + min_length: 1; + max_length: 200; + } + ]; } message ClearViewResponse {} @@ -1073,30 +2748,95 @@ message ClearViewResponse {} message ListFailedEventsRequest {} message ListFailedEventsResponse { - //TODO: search + //TODO: list details repeated FailedEvent result = 1; } message RemoveFailedEventRequest { - string database = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; - string view_name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; - uint64 failed_sequence = 3; + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = { + json_schema: { + required: ["database", "view_name", "failed_sequence"] + }; + }; + + string database = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"adminapi\""; + min_length: 1; + max_length: 200; + } + ]; + string view_name = 2 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"iam_members\""; + min_length: 1; + max_length: 200; + } + ]; + uint64 failed_sequence = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"9823758\""; + } + ]; } message RemoveFailedEventResponse {} message View { - string database = 1; - string view_name = 2; - uint64 processed_sequence = 3; - google.protobuf.Timestamp event_timestamp = 4; - google.protobuf.Timestamp last_successful_spooler_run = 5; + string database = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"adminapi\""; + } + ]; + string view_name = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"iam_members\""; + } + ]; + uint64 processed_sequence = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"9823758\""; + } + ]; + google.protobuf.Timestamp event_timestamp = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"2019-04-01T08:45:00.000000Z\""; + description: "The timestamp the event occured"; + } + ]; + google.protobuf.Timestamp last_successful_spooler_run = 5 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "The timestamp the event occured"; + } + ]; } message FailedEvent { - string database = 1; - string view_name = 2; - uint64 failed_sequence = 3; - uint64 failure_count = 4; - string error_message = 5; + string database = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"adminapi\""; + } + ]; + string view_name = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"iam_members\""; + } + ]; + uint64 failed_sequence = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"9823759\""; + } + ]; + uint64 failure_count = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"5\""; + } + ]; + string error_message = 5 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"ID=EXAMP-ID3ER Message=Example message\""; + } + ]; } \ No newline at end of file diff --git a/proto/zitadel/app.proto b/proto/zitadel/app.proto index 808985e84b..20d9093a43 100644 --- a/proto/zitadel/app.proto +++ b/proto/zitadel/app.proto @@ -4,16 +4,29 @@ import "zitadel/object.proto"; import "zitadel/message.proto"; import "google/protobuf/duration.proto"; import "validate/validate.proto"; +import "protoc-gen-openapiv2/options/annotations.proto"; package zitadel.app.v1; option go_package ="github.com/caos/zitadel/pkg/grpc/app"; message App { - string id = 1; + string id = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\""; + } + ]; zitadel.v1.ObjectDetails details = 2; - AppState state = 3; - string name = 4; + AppState state = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "current state of the application"; + } + ]; + string name = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Console\""; + } + ]; oneof config { OIDCConfig oidc_config = 5; APIConfig api_config = 6; @@ -35,28 +48,112 @@ message AppQuery { } message AppNameQuery { - string name = 1 [(validate.rules).string = {max_len: 200}]; - zitadel.v1.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; + string name = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Conso\"" + } + ]; + zitadel.v1.TextQueryMethod method = 2 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines which text equality method is used" + } + ]; } message OIDCConfig { - repeated string redirect_uris = 1; - repeated OIDCResponseType response_types = 2; - repeated OIDCGrantType grant_types = 3; - OIDCAppType app_type = 4; - string client_id = 5; - string client_secret = 6; - OIDCAuthMethodType auth_method_type = 7; - repeated string post_logout_redirect_uris = 8; - OIDCVersion version = 9; - bool none_compliant = 10; - repeated zitadel.v1.LocalizedMessage compliance_problems = 11; - bool dev_mode = 12; - OIDCTokenType access_token_type = 13; - bool access_token_role_assertion = 14; - bool id_token_role_assertion = 15; - bool id_token_userinfo_assertion = 16; - google.protobuf.Duration clock_skew = 17; + repeated string redirect_uris = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"console.zitadel.ch/authorized\"]"; + description: "Callback URI of the authorization request where the code or tokens will be sent to"; + } + ]; + repeated OIDCResponseType response_types = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Determines whether a code, id_token token or just id_token will be returned" + } + ]; + repeated OIDCGrantType grant_types = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "The flow type the application uses to gain access"; + } + ]; + OIDCAppType app_type = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "determines the paradigm of the application"; + } + ]; + string client_id = 5 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334@ZITADEL\""; + description: "generated oauth2/oidc client id"; + } + ]; + string client_secret = 6 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"gjöq34589uasgh\""; + description: "generated secret for this config"; + } + ]; + OIDCAuthMethodType auth_method_type = 7 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines how the application passes login credentials"; + } + ]; + repeated string post_logout_redirect_uris = 8 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"console.zitadel.ch/logout\"]"; + description: "ZITADEL will redirect to this link after a successful logout"; + } + ]; + OIDCVersion version = 9 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "the oidc version used by the application"; + } + ]; + bool none_compliant = 10 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "specifies wheter the config is oidc compliant. A production configuration SHOULD be compliant"; + } + ]; + repeated zitadel.v1.LocalizedMessage compliance_problems = 11 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "lists the problems for non compliancy"; + } + ]; + bool dev_mode = 12 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "used for development"; + } + ]; + OIDCTokenType access_token_type = 13 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "type of the access token returned from ZITADEL"; + } + ]; + bool access_token_role_assertion = 14 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "adds roles to the claims of the access token (only if type == jwt) even if they are not requested by scopes"; + } + ]; + bool id_token_role_assertion = 15 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "adds roles to the claims of the id token even if they are not requested by scopes"; + } + ]; + bool id_token_userinfo_assertion = 16 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "claims of profile, email, address and phone scopes are added to the id token even if an access token is issued. Attention this violates the oidc specification"; + } + ]; + google.protobuf.Duration clock_skew = 17 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Used to compensate time difference of servers. Duration added to the \"exp\" claim and substracted from \"iat\", \"auth_time\" and \"nbf\" claims"; + // min: "0s"; + // max: "5s"; + } + ]; } enum OIDCResponseType { @@ -99,7 +196,21 @@ enum APIAuthMethodType { } message APIConfig { - string client_id = 1; - string client_secret = 2; - APIAuthMethodType auth_method_type = 3; + string client_id = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334@ZITADEL\""; + description: "generated oauth2/oidc client_id"; + } + ]; + string client_secret = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"gjöq34589uasgh\""; + description: "generated secret for this config"; + } + ]; + APIAuthMethodType auth_method_type = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines how the api passes the login credentials"; + } + ]; } diff --git a/proto/zitadel/auth.proto b/proto/zitadel/auth.proto index 86a0df1678..9beffbb76a 100644 --- a/proto/zitadel/auth.proto +++ b/proto/zitadel/auth.proto @@ -416,7 +416,11 @@ message GetMyUserRequest {} message GetMyUserResponse { zitadel.user.v1.User user = 1; - google.protobuf.Timestamp last_login = 2; + google.protobuf.Timestamp last_login = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "The timestamp of the last successful login"; + } + ]; } message ListMyUserChangesRequest { @@ -542,6 +546,7 @@ message RemoveMyPhoneResponse { } message ListMyLinkedIDPsRequest { + //list limitations and ordering zitadel.v1.ListQuery query = 1; //PLANNED: queries for idp name and login name } @@ -641,6 +646,7 @@ message RemoveMyPasswordlessResponse { } message ListMyUserGrantsRequest { + //list limitations and ordering zitadel.v1.ListQuery query = 1; } @@ -659,7 +665,9 @@ message UserGrant { } message ListMyProjectOrgsRequest { + //list limitations and ordering zitadel.v1.ListQuery query = 1; + //criterias the client is looking for repeated zitadel.org.v1.OrgQuery queries = 2; } diff --git a/proto/zitadel/auth_n_key.proto b/proto/zitadel/auth_n_key.proto index 15f6f7f9da..8577da7b04 100644 --- a/proto/zitadel/auth_n_key.proto +++ b/proto/zitadel/auth_n_key.proto @@ -2,16 +2,30 @@ syntax = "proto3"; import "zitadel/object.proto"; import "google/protobuf/timestamp.proto"; +import "protoc-gen-openapiv2/options/annotations.proto"; package zitadel.authn.v1; option go_package ="github.com/caos/zitadel/pkg/grpc/authn"; message Key { - string id = 1; + string id = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\""; + } + ]; zitadel.v1.ObjectDetails details = 2; - KeyType type = 3; - google.protobuf.Timestamp expiration_date = 4; + KeyType type = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "the file type of the key"; + } + ]; + google.protobuf.Timestamp expiration_date = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "the date a key will expire"; + example: "\"3019-04-01T08:45:00.000000Z\""; + } + ]; } enum KeyType { diff --git a/proto/zitadel/change.proto b/proto/zitadel/change.proto index b0f869bc04..a3e5de8821 100644 --- a/proto/zitadel/change.proto +++ b/proto/zitadel/change.proto @@ -2,22 +2,61 @@ syntax = "proto3"; import "google/protobuf/timestamp.proto"; import "zitadel/message.proto"; +import "protoc-gen-openapiv2/options/annotations.proto"; package zitadel.change.v1; option go_package ="github.com/caos/zitadel/pkg/grpc/change"; message Change { - google.protobuf.Timestamp change_date = 1; + google.protobuf.Timestamp change_date = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "the creation date of an event"; + example: "\"2019-04-01T08:45:00.000000Z\""; + } + ]; zitadel.v1.LocalizedMessage event_type = 2; - uint64 sequence = 3; - string editor_id = 4; - string editor_display_name = 5; - string resource_owner_id = 6; + uint64 sequence = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"2\""; + } + ]; + string editor_id = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "the id of the user who created the event"; + example: "\"69629023906488334\""; + } + ]; + string editor_display_name = 5 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "the display name of the editor"; + example: "\"Gigi Giraffe\""; + } + ]; + string resource_owner_id = 6 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "the organisation the event belongs to"; + example: "\"69629023906488334\""; + } + ]; } message ChangeQuery { - uint64 sequence = 1; - uint32 limit = 2; - bool asc = 3; + //sequence represents the order of events. It's always upcounting + uint64 sequence = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"2\""; + } + ]; + uint32 limit = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "20"; + description: "Maximum amount of events returned. Default is set to 1000 in https://github.com/caos/zitadel/blob/new-eventstore/cmd/zitadel/startup.yaml. If no limit is set or the limit exeeds the maximum configured ZITADEL will throw an error. If no limit is present the default is taken."; + } + ]; + bool asc = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "default is descending" + } + ]; } \ No newline at end of file diff --git a/proto/zitadel/idp.proto b/proto/zitadel/idp.proto index d14eb8e94d..d6fb1a6884 100644 --- a/proto/zitadel/idp.proto +++ b/proto/zitadel/idp.proto @@ -2,36 +2,100 @@ syntax = "proto3"; import "zitadel/object.proto"; import "validate/validate.proto"; +import "protoc-gen-openapiv2/options/annotations.proto"; package zitadel.idp.v1; option go_package ="github.com/caos/zitadel/pkg/grpc/idp"; message IDP { - string id = 1; + string id = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\""; + } + ]; zitadel.v1.ObjectDetails details = 2; - IDPState state = 3; - string name = 4; - IDPStylingType styling_type = 5; - IDPOwnerType owner = 6; + IDPState state = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "the state of the identity provider"; + } + ]; + string name = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"google\""; + } + ]; + IDPStylingType styling_type = 5 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "some identity providers specify the styling of the button to their login"; + } + ]; + IDPOwnerType owner = 6 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "the administrator of this identity provider"; + } + ]; oneof config { OIDCConfig oidc_config = 7; } } message IDPUserLink { - string user_id = 1; - string idp_id = 2; - string idp_name = 3; - string provided_user_id = 4; - string provided_user_name = 5; - IDPType idp_type = 6; + string user_id = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\""; + description: "the id of the user" + } + ]; + string idp_id = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\""; + description: "the id of the identity provider"; + } + ]; + string idp_name = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"google\""; + description: "the name of the identity provider"; + } + ]; + string provided_user_id = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"as-12-df-89\""; + description: "the id of the user provided by the identity provider"; + } + ]; + string provided_user_name = 5 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"gigi.long-neck@gmail.com\""; + description: "the id of the identity provider"; + } + ]; + IDPType idp_type = 6 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "the authorization framework of the identity provider"; + } + ]; } message IDPLoginPolicyLink { - string idp_id = 1; - string idp_name = 2; - IDPType idp_type = 3; + string idp_id = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\""; + description: "the id of the identity provider" + } + ]; + string idp_name = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"google\""; + description: "the name of the identity provider" + } + ]; + IDPType idp_type = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "the authorization framework of the identity provider"; + } + ]; } enum IDPState { @@ -45,24 +109,50 @@ enum IDPStylingType { STYLING_TYPE_GOOGLE = 1; } +// authorization framework of the identity provider enum IDPType { IDP_TYPE_UNSPECIFIED = 0; IDP_TYPE_OIDC = 1; //PLANNED: IDP_TYPE_SAML } +// the owner of the identity provider. enum IDPOwnerType { IDP_OWNER_TYPE_UNSPECIFIED = 0; + // system is managed by the ZITADEL administrators IDP_OWNER_TYPE_SYSTEM = 1; + // org is managed by de organisation administrators IDP_OWNER_TYPE_ORG = 2; } message OIDCConfig { - string client_id = 1; - string issuer = 2; - repeated string scopes = 3; - OIDCMappingField display_name_mapping = 4; - OIDCMappingField username_mapping = 5; + string client_id = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "client id generated by the identity provider"; + } + ]; + string issuer = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"https://accounts.google.com\""; + description: "the oidc issuer of the identity provider"; + } + ]; + repeated string scopes = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"openid\", \"profile\", \"email\"]"; + description: "the scopes requested by ZITADEL during the request on the identity provider"; + } + ]; + OIDCMappingField display_name_mapping = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "definition which field is mapped to the display name of the user"; + } + ]; + OIDCMappingField username_mapping = 5 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "definition which field is mapped to the email of the user"; + } + ]; } enum OIDCMappingField { @@ -72,16 +162,36 @@ enum OIDCMappingField { } message IDPIDQuery { - string id = 1 [(validate.rules).string = {max_len: 200}]; + string id = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\""; + } + ]; } message IDPNameQuery { - string name = 1 [(validate.rules).string = {max_len: 200}]; - zitadel.v1.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; + string name = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"google\""; + } + ]; + zitadel.v1.TextQueryMethod method = 2 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines which text equality method is used"; + } + ]; } message IDPOwnerTypeQuery { - IDPOwnerType owner_type = 1 [(validate.rules).enum = {defined_only: true}]; + IDPOwnerType owner_type = 1 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "search for custom or global identity providers"; + } + ]; } enum IDPFieldName { diff --git a/proto/zitadel/management.proto b/proto/zitadel/management.proto index bff418d5c9..a48cf26055 100644 --- a/proto/zitadel/management.proto +++ b/proto/zitadel/management.proto @@ -1857,8 +1857,11 @@ message GetUserByLoginNameGlobalResponse { } message ListUsersRequest { + //list limitations and ordering zitadel.v1.ListQuery query = 1; + // the field the result is sorted zitadel.user.v1.UserFieldName sorting_column = 2; + //criterias the client is looking for repeated zitadel.user.v1.SearchQuery queries = 3; } @@ -1869,6 +1872,7 @@ message ListUsersResponse { } message ListUserChangesRequest { + //list limitations and ordering zitadel.change.v1.ChangeQuery query = 1; string user_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; } @@ -2196,6 +2200,7 @@ message GetMachineKeyByIDsResponse { message ListMachineKeysRequest { string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; + //list limitations and ordering zitadel.v1.ListQuery query = 2; } @@ -2207,7 +2212,12 @@ message ListMachineKeysResponse { message AddMachineKeyRequest { string user_id = 1 [(validate.rules).string.min_len = 1]; zitadel.authn.v1.KeyType type = 2 [(validate.rules).enum = {defined_only: true, not_in: [0]}]; - google.protobuf.Timestamp expiration_date = 3; + google.protobuf.Timestamp expiration_date = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"2519-04-01T08:45:00.000000Z\""; + description: "The date the key will expire and no logins will be possible"; + } + ]; } message AddMachineKeyResponse { @@ -2227,6 +2237,7 @@ message RemoveMachineKeyResponse { message ListHumanLinkedIDPsRequest { string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; + //list limitations and ordering zitadel.v1.ListQuery query = 2; } @@ -2246,8 +2257,11 @@ message RemoveHumanLinkedIDPResponse { } message ListUserMembershipsRequest { + //list limitations and ordering string user_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; + //the field the result is sorted zitadel.v1.ListQuery query = 2; + //criterias the client is looking for repeated zitadel.user.v1.MembershipQuery queries = 3; } @@ -2267,6 +2281,7 @@ message GetOrgByDomainGlobalRequest { } message ListOrgChangesRequest { + //list limitations and ordering zitadel.change.v1.ChangeQuery query = 1; } @@ -2301,7 +2316,9 @@ message ReactivateOrgResponse { } message ListOrgDomainsRequest { + //list limitations and ordering zitadel.v1.ListQuery query = 1; + //criterias the client is looking for repeated zitadel.org.v1.DomainSearchQuery queries = 2; } @@ -2359,12 +2376,16 @@ message ListOrgMemberRolesResponse { } message ListOrgMembersRequest { + //list limitations and ordering zitadel.v1.ListQuery query = 1; + //criterias the client is looking for repeated zitadel.member.v1.SearchQuery queries = 2; } message ListOrgMembersResponse { + //list limitations and ordering zitadel.v1.ListDetails details = 1; + //criterias the client is looking for repeated zitadel.member.v1.Member result = 2; } @@ -2411,7 +2432,9 @@ message GetGrantedProjectByIDResponse { } message ListProjectsRequest { + //list limitations and ordering zitadel.v1.ListQuery query = 1; + //criterias the client is looking for repeated zitadel.project.v1.ProjectQuery queries = 2; } @@ -2421,7 +2444,9 @@ message ListProjectsResponse { } message ListGrantedProjectsRequest { + //list limitations and ordering zitadel.v1.ListQuery query = 1; + //criterias the client is looking for repeated zitadel.project.v1.ProjectQuery queries = 2; } @@ -2431,6 +2456,7 @@ message ListGrantedProjectsResponse { } message ListProjectChangesRequest { + //list limitations and ordering zitadel.change.v1.ChangeQuery query = 1; string project_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; } @@ -2541,7 +2567,9 @@ message RemoveProjectRoleResponse { message ListProjectRolesRequest { string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; + //list limitations and ordering zitadel.v1.ListQuery query = 2; + //criterias the client is looking for repeated zitadel.project.v1.RoleQuery queries = 3; } @@ -2552,7 +2580,9 @@ message ListProjectRolesResponse { message ListProjectMembersRequest { string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; + //list limitations and ordering zitadel.v1.ListQuery query = 2; + //criterias the client is looking for repeated zitadel.member.v1.SearchQuery queries = 3; } @@ -2601,7 +2631,9 @@ message GetAppByIDResponse { message ListAppsRequest { string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; + //list limitations and ordering zitadel.v1.ListQuery query = 2; + //criterias the client is looking for repeated zitadel.app.v1.AppQuery queries = 3; } @@ -2611,6 +2643,7 @@ message ListAppsResponse { } message ListAppChangesRequest { + //list limitations and ordering zitadel.change.v1.ChangeQuery query = 1; string project_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; string app_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}]; @@ -2642,8 +2675,18 @@ message AddOIDCAppRequest { message AddOIDCAppResponse { string app_id = 1; zitadel.v1.ObjectDetails details = 2; - string client_id = 3; - string client_secret = 4; + string client_id = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"gjöq34589uasgh\""; + description: "generated secret for this config"; + } + ]; + string client_secret = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"gjöq34589uasgh\""; + description: "generated secret for this config"; + } + ]; bool none_compliant = 5; repeated zitadel.v1.LocalizedMessage compliance_problems = 6; } @@ -2657,8 +2700,18 @@ message AddAPIAppRequest { message AddAPIAppResponse { string app_id = 1; zitadel.v1.ObjectDetails details = 2; - string client_id = 3; - string client_secret = 4; + string client_id = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"gjöq34589uasgh\""; + description: "generated secret for this config"; + } + ]; + string client_secret = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"gjöq34589uasgh\""; + description: "generated secret for this config"; + } + ]; } message UpdateAppRequest { @@ -2736,7 +2789,12 @@ message RegenerateOIDCClientSecretRequest { } message RegenerateOIDCClientSecretResponse { - string client_secret = 1; + string client_secret = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"gjöq34589uasgh\""; + description: "generated secret for the client"; + } + ]; zitadel.v1.ObjectDetails details = 2; } @@ -2761,6 +2819,7 @@ message GetAppKeyResponse { } message ListAppKeysRequest { + //list limitations and ordering zitadel.v1.ListQuery query = 1; string app_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; string project_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}]; @@ -2774,7 +2833,12 @@ message AddAppKeyRequest { string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; string app_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; zitadel.authn.v1.KeyType type = 3 [(validate.rules).enum = {defined_only: true, not_in: [0]}]; - google.protobuf.Timestamp expiration_date = 4; + google.protobuf.Timestamp expiration_date = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"2519-04-01T08:45:00.000000Z\""; + description: "The date the key will expire and no logins will be possible"; + } + ]; } message AddAppKeyResponse { @@ -2804,7 +2868,9 @@ message GetProjectGrantByIDResponse { message ListProjectGrantsRequest { string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; + //list limitations and ordering zitadel.v1.ListQuery query = 2; + //criterias the client is looking for repeated zitadel.project.v1.ProjectGrantQuery queries = 3; } @@ -2872,7 +2938,9 @@ message ListProjectGrantMemberRolesResponse { message ListProjectGrantMembersRequest { string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; string grant_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; + //list limitations and ordering zitadel.v1.ListQuery query = 3; + //criterias the client is looking for repeated zitadel.member.v1.SearchQuery queries = 4; } @@ -2923,7 +2991,9 @@ message GetUserGrantByIDResponse { } message ListUserGrantRequest { + //list limitations and ordering zitadel.v1.ListQuery query = 1; + //criterias the client is looking for repeated zitadel.user.v1.UserGrantQuery queries = 2; } @@ -3246,7 +3316,11 @@ message GetDefaultLabelPolicyResponse { message AddCustomLabelPolicyRequest { string primary_color = 1 [(validate.rules).string = {min_len: 1, max_len: 50}]; string secondary_color = 2 [(validate.rules).string = {min_len: 1, max_len: 50}]; - bool hide_login_name_suffix = 3; + bool hide_login_name_suffix = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "hides the org suffix on the login form if the scope \"urn:zitadel:iam:org:domain:primary:{domainname}\" is set. Details about this scope in https://docs.zitadel.ch/architecture#Reserved_Scopes"; + } + ]; } message AddCustomLabelPolicyResponse { @@ -3256,7 +3330,11 @@ message AddCustomLabelPolicyResponse { message UpdateCustomLabelPolicyRequest { string primary_color = 1 [(validate.rules).string = {min_len: 1, max_len: 50}]; string secondary_color = 2 [(validate.rules).string = {min_len: 1, max_len: 50}]; - bool hide_login_name_suffix = 3; + bool hide_login_name_suffix = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "hides the org suffix on the login form if the scope \"urn:zitadel:iam:org:domain:primary:{domainname}\" is set. Details about this scope in https://docs.zitadel.ch/architecture#Reserved_Scopes"; + } + ]; } message UpdateCustomLabelPolicyResponse { @@ -3278,8 +3356,11 @@ message GetOrgIDPByIDResponse { } message ListOrgIDPsRequest { + //list limitations and ordering zitadel.v1.ListQuery query = 1; + //the field the result is sorted zitadel.idp.v1.IDPFieldName sorting_column = 2; + //criterias the client is looking for repeated IDPQuery queries = 3; } @@ -3300,15 +3381,56 @@ message ListOrgIDPsResponse { } message AddOrgOIDCIDPRequest { - string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; - zitadel.idp.v1.IDPStylingType styling_type = 2 [(validate.rules).enum = {defined_only: true}]; + string name = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"google\""; + } + ]; + zitadel.idp.v1.IDPStylingType styling_type = 2 [ + (validate.rules).enum = {defined_only: true}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "some identity providers specify the styling of the button to their login"; + } + ]; - string client_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}]; - string client_secret = 4 [(validate.rules).string = {min_len: 1, max_len: 200}]; - string issuer = 5 [(validate.rules).string = {min_len: 1, max_len: 200}]; - repeated string scopes = 6; - zitadel.idp.v1.OIDCMappingField display_name_mapping = 7 [(validate.rules).enum = {defined_only: true}]; - zitadel.idp.v1.OIDCMappingField username_mapping = 8 [(validate.rules).enum = {defined_only: true}]; + string client_id = 3 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "client id generated by the identity provider"; + } + ]; + string client_secret = 4 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "client secret generated by the identity provider"; + } + ]; + string issuer = 5 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"https://accounts.google.com\""; + description: "the oidc issuer of the identity provider"; + } + ]; + repeated string scopes = 6 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"openid\", \"profile\", \"email\"]"; + description: "the scopes requested by ZITADEL during the request on the identity provider"; + } + ]; + zitadel.idp.v1.OIDCMappingField display_name_mapping = 7 [ + (validate.rules).enum = {defined_only: true}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "definition which field is mapped to the display name of the user"; + } + ]; + zitadel.idp.v1.OIDCMappingField username_mapping = 8 [ + (validate.rules).enum = {defined_only: true}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "definition which field is mapped to the email of the user"; + } + ]; } message AddOrgOIDCIDPResponse { @@ -3340,8 +3462,18 @@ message RemoveOrgIDPResponse {} message UpdateOrgIDPRequest { string idp_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; - string name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; - zitadel.idp.v1.IDPStylingType styling_type = 3 [(validate.rules).enum = {defined_only: true}]; + string name = 2 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"google\""; + } + ]; + zitadel.idp.v1.IDPStylingType styling_type = 3 [ + (validate.rules).enum = {defined_only: true}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "some identity providers specify the styling of the button to their login"; + } + ]; } message UpdateOrgIDPResponse { @@ -3349,14 +3481,50 @@ message UpdateOrgIDPResponse { } message UpdateOrgIDPOIDCConfigRequest { - string idp_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; + string idp_id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\""; + } + ]; - string client_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; - string client_secret = 3 [(validate.rules).string = {max_len: 200}]; - string issuer = 4 [(validate.rules).string = {min_len: 1, max_len: 200}]; - repeated string scopes = 5; - zitadel.idp.v1.OIDCMappingField display_name_mapping = 6 [(validate.rules).enum = {defined_only: true}]; - zitadel.idp.v1.OIDCMappingField username_mapping = 7 [(validate.rules).enum = {defined_only: true}]; + string client_id = 2 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "client id generated by the identity provider"; + } + ]; + string client_secret = 3 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "client secret generated by the identity provider. If empty the secret is not overwritten"; + } + ]; + string issuer = 4 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"https://accounts.google.com\""; + description: "the oidc issuer of the identity provider"; + } + ]; + repeated string scopes = 5 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"openid\", \"profile\", \"email\"]"; + description: "the scopes requested by ZITADEL during the request on the identity provider"; + } + ]; + zitadel.idp.v1.OIDCMappingField display_name_mapping = 6 [ + (validate.rules).enum = {defined_only: true}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "definition which field is mapped to the display name of the user"; + } + ]; + zitadel.idp.v1.OIDCMappingField username_mapping = 7 [ + (validate.rules).enum = {defined_only: true}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "definition which field is mapped to the email of the user"; + } + ]; } message UpdateOrgIDPOIDCConfigResponse { diff --git a/proto/zitadel/member.proto b/proto/zitadel/member.proto index b59d26b7b5..51b69d1cb8 100644 --- a/proto/zitadel/member.proto +++ b/proto/zitadel/member.proto @@ -2,20 +2,55 @@ syntax = "proto3"; import "zitadel/object.proto"; import "validate/validate.proto"; +import "protoc-gen-openapiv2/options/annotations.proto"; package zitadel.member.v1; option go_package ="github.com/caos/zitadel/pkg/grpc/member"; message Member { - string user_id = 1; + string user_id = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\""; + } + ]; zitadel.v1.ObjectDetails details = 2; - repeated string roles = 3; - string preferred_login_name = 4; - string email = 5; - string first_name = 6; - string last_name = 7; - string display_name = 8; + repeated string roles = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"role.super.man\"]"; + description: "the role keys granted to the user" + } + ]; + string preferred_login_name = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"gigi@caos.ch\""; + description: "preferred login name of the user" + } + ]; + string email = 5 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"gigi@caos.ch\""; + description: "preferred login name of the user" + } + ]; + string first_name = 6 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Gigi\""; + description: "first name of the user" + } + ]; + string last_name = 7 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Giraffe\""; + description: "last name of the user" + } + ]; + string display_name = 8 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "display name of the user" + example: "\"Gigi Giraffe\""; + } + ]; } message SearchQuery { @@ -30,20 +65,61 @@ message SearchQuery { } message FirstNameQuery { - string first_name = 1 [(validate.rules).string = {max_len: 200}]; - zitadel.v1.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; + string first_name = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + max_length: 200; + example: "\"Gigi\""; + } + ]; + zitadel.v1.TextQueryMethod method = 2 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines which text equality method is used"; + } + ]; } message LastNameQuery { - string last_name = 1 [(validate.rules).string = {max_len: 200}]; - zitadel.v1.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; + string last_name = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + max_length: 200; + example: "\"Giraffe\""; + } + ]; + zitadel.v1.TextQueryMethod method = 2 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines which text equality method is used"; + } + ]; } message EmailQuery { - string email = 1 [(validate.rules).string = {max_len: 200}]; - zitadel.v1.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; + string email = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "email address of the user. (spec: https://tools.ietf.org/html/rfc2822#section-3.4.1)" + max_length: 200; + example: "\"gigi@caos.ch\""; + } + ]; + zitadel.v1.TextQueryMethod method = 2 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines which text equality method is used"; + } + ]; } message UserIDQuery { - string user_id = 1 [(validate.rules).string = {max_len: 200}]; + string user_id = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "the id of the user" + max_length: 200; + example: "\"69629023906488334\""; + } + ]; } diff --git a/proto/zitadel/object.proto b/proto/zitadel/object.proto index c007a39cba..c709b58d33 100644 --- a/proto/zitadel/object.proto +++ b/proto/zitadel/object.proto @@ -1,6 +1,7 @@ syntax = "proto3"; import "google/protobuf/timestamp.proto"; +import "protoc-gen-openapiv2/options/annotations.proto"; package zitadel.v1; @@ -12,7 +13,11 @@ message ObjectDetails { // on read: the sequence of the last event reduced by the projection // // on manipulation: the timestamp of the event(s) added by the manipulation - uint64 sequence = 1; + uint64 sequence = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"2\""; + } + ]; //creation_date is the timestamp where the first operation on the object was made // // on read: the timestamp of the first event of the object @@ -26,19 +31,48 @@ message ObjectDetails { // on manipulation: the google.protobuf.Timestamp change_date = 3; //resource_owner is the organisation an object belongs to - string resource_owner = 4; + string resource_owner = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\""; + } + ]; } message ListQuery { - uint64 offset = 1; - uint32 limit = 2; - bool asc = 3; + uint64 offset = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"10\""; + } + ]; + uint32 limit = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "20"; + description: "Maximum amount of events returned. Default is set to 1000 in https://github.com/caos/zitadel/blob/new-eventstore/cmd/zitadel/startup.yaml. If limit exeeds the maximum configured ZITADEL will throw an error. If no limit is present the default is taken."; + } + ]; + bool asc = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "default is descending" + } + ]; } message ListDetails { - uint64 total_result = 1; - uint64 processed_sequence = 2; - google.protobuf.Timestamp view_timestamp = 3; + uint64 total_result = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"2\""; + } + ]; + uint64 processed_sequence = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"267831\""; + } + ]; + google.protobuf.Timestamp view_timestamp = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "the last time the view got updated" + } + ]; } enum TextQueryMethod { diff --git a/proto/zitadel/org.proto b/proto/zitadel/org.proto index 1d2f8c3ae9..cbfad44e7c 100644 --- a/proto/zitadel/org.proto +++ b/proto/zitadel/org.proto @@ -2,17 +2,34 @@ syntax = "proto3"; import "zitadel/object.proto"; import "validate/validate.proto"; +import "protoc-gen-openapiv2/options/annotations.proto"; package zitadel.org.v1; option go_package ="github.com/caos/zitadel/pkg/grpc/org"; message Org { - string id = 1; + string id = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\"" + } + ]; zitadel.v1.ObjectDetails details = 2; - OrgState state = 3; - string name = 4; - string primary_domain = 5; + OrgState state = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "current state of the organisation"; + } + ]; + string name = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"CAOS AG\""; + } + ]; + string primary_domain = 5 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"caos.ch\""; + } + ]; } enum OrgState { @@ -22,12 +39,32 @@ enum OrgState { } message Domain { - string org_id = 1; + string org_id = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\"" + } + ]; zitadel.v1.ObjectDetails details = 2; - string domain_name = 3; - bool is_verified = 4; - bool is_primary = 5; - DomainValidationType validation_type = 6; + string domain_name = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"caos.ch\""; + } + ]; + bool is_verified = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines if the domain is verified" + } + ]; + bool is_primary = 5 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines if the domain is the primary domain" + } + ]; + DomainValidationType validation_type = 6 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines the protocol the domain was validated with"; + } + ]; } enum DomainValidationType { @@ -46,13 +83,33 @@ message OrgQuery { } message OrgNameQuery { - string name = 1 [(validate.rules).string = {max_len: 200}]; - zitadel.v1.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; + string name = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"caos ag\""; + } + ]; + zitadel.v1.TextQueryMethod method = 2 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines which text equality method is used"; + } + ]; } message OrgDomainQuery { - string domain = 1 [(validate.rules).string = {max_len: 200}]; - zitadel.v1.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; + string domain = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"CAOS.C\""; + } + ]; + zitadel.v1.TextQueryMethod method = 2 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines which text equality method is used"; + } + ]; } enum OrgFieldName { @@ -69,6 +126,16 @@ message DomainSearchQuery { } message DomainNameQuery { - string name = 1 [(validate.rules).string = {max_len: 200}]; - zitadel.v1.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; + string name = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"caos.ch\""; + } + ]; + zitadel.v1.TextQueryMethod method = 2 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines which text equality method is used"; + } + ]; } diff --git a/proto/zitadel/policy.proto b/proto/zitadel/policy.proto index 8bea68ba9d..67aa148daf 100644 --- a/proto/zitadel/policy.proto +++ b/proto/zitadel/policy.proto @@ -1,6 +1,7 @@ syntax = "proto3"; import "zitadel/object.proto"; +import "protoc-gen-openapiv2/options/annotations.proto"; package zitadel.policy.v1; @@ -8,26 +9,74 @@ option go_package ="github.com/caos/zitadel/pkg/grpc/policy"; message OrgIAMPolicy { zitadel.v1.ObjectDetails details = 1; - bool user_login_must_be_domain = 2; - bool is_default = 3; + bool user_login_must_be_domain = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "the username has to end with the domain of it's organisation" + } + ]; + bool is_default = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines if the organisation's admin changed the policy" + } + ]; } message LabelPolicy { zitadel.v1.ObjectDetails details = 1; - string primary_color = 2; - string secondary_color = 3; - bool is_default = 4; - bool hide_login_name_suffix = 5; + string primary_color = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "hex value for primary color" + } + ]; + string secondary_color = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "hex value for secondary color" + } + ]; + bool is_default = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines if the organisation's admin changed the policy" + } + ]; + bool hide_login_name_suffix = 5 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "hides the org suffix on the login form if the scope \"urn:zitadel:iam:org:domain:primary:{domainname}\" is set. Details about this scope in https://docs.zitadel.ch/architecture#Reserved_Scopes"; + } + ]; } message LoginPolicy { zitadel.v1.ObjectDetails details = 1; - bool allow_username_password = 2; - bool allow_register = 3; - bool allow_external_idp = 4; - bool force_mfa = 5; - PasswordlessType passwordless_type = 6; - bool is_default = 7; + bool allow_username_password = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines if a user is allowed to login with his username and password" + } + ]; + bool allow_register = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines if a person is allowed to register a user on this organisation" + } + ]; + bool allow_external_idp = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines if a user is allowed to add a defined identity provider. E.g. Google auth" + } + ]; + bool force_mfa = 5 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines if a user MUST use a multi factor to log in" + } + ]; + PasswordlessType passwordless_type = 6 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines if passwordless is allowed for users" + } + ]; + bool is_default = 7 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines if the organisation's admin changed the policy" + } + ]; } enum SecondFactorType { @@ -49,24 +98,75 @@ enum PasswordlessType { message PasswordComplexityPolicy { zitadel.v1.ObjectDetails details = 1; - uint64 min_length = 2; - bool has_uppercase = 3; - bool has_lowercase = 4; - bool has_number = 5; - bool has_symbol = 6; - bool is_default = 7; + uint64 min_length = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"8\"" + } + ]; + bool has_uppercase = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines if the password MUST contain an upper case letter" + } + ]; + bool has_lowercase = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines if the password MUST contain a lower case letter" + } + ]; + bool has_number = 5 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines if the password MUST contain a number" + } + ]; + bool has_symbol = 6 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines if the password MUST contain a symbol. E.g. \"$\"" + } + ]; + bool is_default = 7 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines if the organisation's admin changed the policy" + } + ]; } message PasswordAgePolicy { zitadel.v1.ObjectDetails details = 1; - uint64 max_age_days = 2; - uint64 expire_warn_days = 3; - bool is_default = 4; + uint64 max_age_days = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Maximum days since last password change" + example: "\"365\"" + } + ]; + uint64 expire_warn_days = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Days before the password expiry the user gets notified to change the password" + example: "\"10\"" + } + ]; + bool is_default = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines if the organisation's admin changed the policy" + } + ]; } message PasswordLockoutPolicy { zitadel.v1.ObjectDetails details = 1; - uint64 max_attempts = 2; - bool show_lockout_failure = 3; - bool is_default = 4; + uint64 max_attempts = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Maximum attempts before the account gets locked. Attempts are reset as soon as the password is entered correct or the password is reset." + example: "\"10\"" + } + ]; + bool show_lockout_failure = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Enables if the failure should be shown to de user, sometimes for security issues the user should not get to much information" + } + ]; + bool is_default = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines if the organisation's admin changed the policy" + } + ]; } \ No newline at end of file diff --git a/proto/zitadel/project.proto b/proto/zitadel/project.proto index e018aa334e..ecda3a2a62 100644 --- a/proto/zitadel/project.proto +++ b/proto/zitadel/project.proto @@ -2,16 +2,29 @@ syntax = "proto3"; import "zitadel/object.proto"; import "validate/validate.proto"; +import "protoc-gen-openapiv2/options/annotations.proto"; package zitadel.project.v1; option go_package ="github.com/caos/zitadel/pkg/grpc/project"; message Project { - string id = 1; + string id = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\"" + } + ]; zitadel.v1.ObjectDetails details = 2; - string name = 3; - ProjectState state = 4; + string name = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"ZITADEL\"" + } + ]; + ProjectState state = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "current state of the project"; + } + ]; // describes if roles of user should be added in token bool project_role_assertion = 5; // ZITADEL checks if the user has at least one on this project @@ -19,16 +32,52 @@ message Project { } message GrantedProject { - string grant_id = 1; - string granted_org_id = 2; - string granted_org_name = 3; - repeated string granted_role_keys = 4; - ProjectGrantState state = 5; + string grant_id = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\"" + } + ]; + string granted_org_id = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\"" + } + ]; + string granted_org_name = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Some Organisation\"" + } + ]; + repeated string granted_role_keys = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"role.super.man\"]" + } + ]; + ProjectGrantState state = 5 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "current state of the project grant"; + } + ]; - string project_id = 6; - string project_name = 7; - string project_owner_id = 8; - string project_owner_name = 9; + string project_id = 6 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\"" + } + ]; + string project_name = 7 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"ZITADEL\"" + } + ]; + string project_owner_id = 8 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\"" + } + ]; + string project_owner_name = 9 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"CAOS AG\"" + } + ]; zitadel.v1.ObjectDetails details = 10; } @@ -54,15 +103,37 @@ message ProjectQuery { } message ProjectNameQuery { - string name = 1 [(validate.rules).string = {max_len: 200}]; - zitadel.v1.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; + string name = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"ZITADEL\"" + } + ]; + zitadel.v1.TextQueryMethod method = 2 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines which text equality method is used" + } + ]; } message Role { - string key = 1; + string key = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"role.super.man\"" + } + ]; zitadel.v1.ObjectDetails details = 2; - string display_name = 3; - string group = 4; + string display_name = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Super man\"" + } + ]; + string group = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"people\"" + } + ]; } message RoleQuery { @@ -75,13 +146,33 @@ message RoleQuery { } message RoleKeyQuery { - string key = 1 [(validate.rules).string = {max_len: 200}]; - zitadel.v1.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; + string key = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"role.super.man\"" + } + ]; + zitadel.v1.TextQueryMethod method = 2 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines which text equality method is used" + } + ]; } message RoleDisplayNameQuery { - string display_name = 1 [(validate.rules).string = {max_len: 200}]; - zitadel.v1.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; + string display_name = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"SUPER\"" + } + ]; + zitadel.v1.TextQueryMethod method = 2 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines which text equality method is used" + } + ]; } message ProjectGrantQuery { @@ -94,11 +185,31 @@ message ProjectGrantQuery { } message GrantProjectNameQuery { - string name = 1 [(validate.rules).string = {max_len: 200}]; - zitadel.v1.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; + string name = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"ZITADEL\"" + } + ]; + zitadel.v1.TextQueryMethod method = 2 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines which text equality method is used" + } + ]; } message GrantRoleKeyQuery { - string role_key = 1 [(validate.rules).string = {max_len: 200}]; - zitadel.v1.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; + string role_key = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"role.super.man\"" + } + ]; + zitadel.v1.TextQueryMethod method = 2 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines which text equality method is used" + } + ]; } \ No newline at end of file diff --git a/proto/zitadel/user.proto b/proto/zitadel/user.proto index 29dfb223f9..71d152f0be 100644 --- a/proto/zitadel/user.proto +++ b/proto/zitadel/user.proto @@ -3,20 +3,50 @@ syntax = "proto3"; import "zitadel/object.proto"; import "validate/validate.proto"; +import "protoc-gen-openapiv2/options/annotations.proto"; + package zitadel.user.v1; option go_package ="github.com/caos/zitadel/pkg/grpc/user"; message User { - string id = 1; + string id = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\""; + } + ]; zitadel.v1.ObjectDetails details = 2; - UserState state = 3; - string user_name = 4; - repeated string login_names = 5; - string preferred_login_name = 6; + UserState state = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "current state of the user"; + } + ]; + string user_name = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"mr_long_neck\""; + } + ]; + repeated string login_names = 5 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"gigi@caos.ch\", \"gigi@caos-ag.zitadel.ch\"]"; + } + ]; + string preferred_login_name = 6 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"gigi@caos.ch\""; + } + ]; oneof type { - Human human = 7; - Machine machine = 8; + Human human = 7 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "one of type use human or machine" + } + ]; + Machine machine = 8 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "one of type use human or machine" + } + ]; } } @@ -34,39 +64,82 @@ message Human { Profile profile = 1; Email email = 2; Phone phone = 3; - Address address = 4; } message Machine { - string name = 1; - string description = 2; + string name = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"zitadel\""; + } + ]; + string description = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"The one and only IAM\""; + } + ]; } message Profile { - string first_name = 1; - string last_name = 2; - string nick_name = 3; - string display_name = 4; - string preferred_language = 5; - Gender gender = 6; + string first_name = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Gigi\""; + } + ]; + string last_name = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Giraffe\""; + } + ]; + string nick_name = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"long_neck\""; + } + ]; + string display_name = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "a user can set his display name, if nothing is set ZITADEL computes \"first_name last_name\"" + example: "\"Gigi Giraffe\""; + } + ]; + string preferred_language = 5 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "language tag analog https://tools.ietf.org/html/rfc3066" + example: "\"en\""; + } + ]; + Gender gender = 6 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "the gender of the human"; + } + ]; } message Email { - string email = 1; - bool is_email_verified = 2; + string email = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "email address of the user. (spec: https://tools.ietf.org/html/rfc2822#section-3.4.1)" + example: "\"gigi@caos.ch\""; + } + ]; + bool is_email_verified = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Is true if the user verified his email or if the email is managed outside ZITADEL" + } + ]; } message Phone { - string phone = 1; - bool is_phone_verified = 2; -} - -message Address { - string country = 1; - string locality = 2; - string postal_code = 3; - string region = 4; - string street_address = 5; + string phone = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "mobile phone number of the user. (use global pattern of spec https://tools.ietf.org/html/rfc3966)" + example: "\"+41 71 000 00 00\""; + } + ]; + bool is_phone_verified = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "Is true if the user verified his phone or if the phone is managed outside ZITADEL" + } + ]; } enum Gender { @@ -92,43 +165,114 @@ message SearchQuery { } message UserNameQuery { - string user_name = 1 [(validate.rules).string = {max_len: 200}]; - zitadel.v1.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; + string user_name = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + max_length: 200; + example: "\"mr_long_neck\""; + } + ]; + zitadel.v1.TextQueryMethod method = 2 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines which text equality method is used"; + } + ]; } message FirstNameQuery { - string first_name = 1 [(validate.rules).string = {max_len: 200}]; - zitadel.v1.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; + string first_name = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + max_length: 200; + example: "\"Gigi\""; + } + ]; + zitadel.v1.TextQueryMethod method = 2 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines which text equality method is used"; + } + ]; } message LastNameQuery { - string last_name = 1 [(validate.rules).string = {max_len: 200}]; - zitadel.v1.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; + string last_name = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + max_length: 200; + example: "\"Giraffe\""; + } + ]; + zitadel.v1.TextQueryMethod method = 2 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines which text equality method is used"; + } + ]; } message NickNameQuery { string nick_name = 1 [(validate.rules).string = {max_len: 200}]; - zitadel.v1.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; + zitadel.v1.TextQueryMethod method = 2 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines which text equality method is used"; + } + ]; } message DisplayNameQuery { - string display_name = 1 [(validate.rules).string = {max_len: 200}]; - zitadel.v1.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; + string display_name = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + max_length: 200; + example: "\"Gigi Giraffe\""; + } + ]; + zitadel.v1.TextQueryMethod method = 2 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines which text equality method is used"; + } + ]; } message EmailQuery { - string email_address = 1 [(validate.rules).string = {max_len: 200}]; - zitadel.v1.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; + string email_address = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "email address of the user. (spec: https://tools.ietf.org/html/rfc2822#section-3.4.1)" + max_length: 200; + example: "\"gigi@caos.ch\""; + } + ]; + zitadel.v1.TextQueryMethod method = 2 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines which text equality method is used"; + } + ]; } //UserStateQuery is always equals message StateQuery { - UserState state = 1 [(validate.rules).enum.defined_only = true]; + UserState state = 1 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "current state of the user"; + } + ]; } //UserTypeQuery is always equals message TypeQuery { - Type type = 1 [(validate.rules).enum.defined_only = true]; + Type type = 1 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "the type of the user"; + } + ]; } enum Type { @@ -150,10 +294,22 @@ enum UserFieldName { } message AuthFactor { - AuthFactorState state = 1; + AuthFactorState state = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "current state of the auth factor"; + } + ]; oneof type { - AuthFactorOTP otp = 2; - AuthFactorU2F u2f = 3; + AuthFactorOTP otp = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "one of type use otp or u2f" + } + ]; + AuthFactorU2F u2f = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "one of type use otp or u2f" + } + ]; } } @@ -167,35 +323,105 @@ enum AuthFactorState { message AuthFactorOTP {} message AuthFactorU2F { - string id = 1; - string name = 2; + string id = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\"" + } + ]; + string name = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"fido key\"" + } + ]; } message WebAuthNKey { - bytes public_key = 1; + bytes public_key = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "json representation of public key credential creation options used by the webauthn client" + } + ]; } message WebAuthNVerification { - bytes public_key_credential = 1 [(validate.rules).bytes.min_len = 50]; //TODO: define correct min and max len - string token_name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}]; + bytes public_key_credential = 1 [ + (validate.rules).bytes.min_len = 55, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "json representation of public key credential issued by the webauthn client"; + min_length: 55; + max_length: 1048576; //1 mb + //TODO: add example validate max + } + ]; + string token_name = 2 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"fido key\"" + } + ]; } message WebAuthNToken { - string id = 1; - AuthFactorState state = 2; - string name = 3; + string id = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\"" + } + ]; + AuthFactorState state = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "current state of the token"; + } + ]; + string name = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"fido key\"" + } + ]; } message Membership { - string user_id = 1; + string user_id = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\"" + } + ]; zitadel.v1.ObjectDetails details = 2; - repeated string roles = 3; - string display_name = 4; + repeated string roles = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"IAM_OWNER\"]" + } + ]; + string display_name = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "display name of the user" + example: "\"Gigi Giraffe\""; + } + ]; oneof type { - bool iam = 5; - string org_id = 6; - string project_id = 7; - string project_grant_id = 8; + bool iam = 5 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "one of type use iam, org id, project id or project grant id" + } + ]; + string org_id = 6 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "one of type use iam, org id, project id or project grant id" + } + ]; + string project_id = 7 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "one of type use iam, org id, project id or project grant id" + } + ]; + string project_grant_id = 8 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "one of type use iam, org id, project id or project grant id" + } + ]; } } @@ -210,30 +436,78 @@ message MembershipQuery { } } +// this query is always equals message MembershipOrgQuery { - string org_id = 1 [(validate.rules).string = {max_len: 200}]; + string org_id = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\"" + } + ]; } +// this query is always equals message MembershipProjectQuery { - string project_id = 1 [(validate.rules).string = {max_len: 200}]; + string project_id = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\"" + } + ]; } +// this query is always equals message MembershipProjectGrantQuery { - string project_grant_id = 1 [(validate.rules).string = {max_len: 200}]; + string project_grant_id = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\"" + } + ]; } +// this query is always equals message MembershipIAMQuery { bool iam = 1; } message Session { - string session_id = 1; - string agent_id = 2; - SessionState auth_state = 3; - string user_id = 4; - string user_name = 5; - string login_name = 7; - string display_name = 8; + string session_id = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\"" + } + ]; + string agent_id = 2 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\"" + } + ]; + SessionState auth_state = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "current state of the session"; + } + ]; + string user_id = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\"" + } + ]; + string user_name = 5 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"mr_long_neck\""; + } + ]; + string login_name = 7 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"gigi@caos.ch\""; + } + ]; + string display_name = 8 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "the display name of the user" + example: "\"Gigi Giraffe\""; + } + ]; zitadel.v1.ObjectDetails details = 9; } @@ -244,25 +518,87 @@ enum SessionState { } message UserGrant { - string id = 1; + string id = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\"" + } + ]; zitadel.v1.ObjectDetails details = 2; - repeated string role_keys = 3; - UserGrantState state = 4; + repeated string role_keys = 3 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "[\"role.super.man\"]" + } + ]; + UserGrantState state = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "current state of the user"; + } + ]; - string user_id = 5; - string user_name = 6; - string first_name = 7; - string last_name = 8; - string email = 9; - string display_name = 10; - - string org_id = 11; - string org_name = 12; - string org_domain = 13; - - string project_id = 14; - string project_name = 15; - string project_grant_id = 16; + string user_id = 5 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\"" + } + ]; + string user_name = 6 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"mr_long_neck\""; + } + ]; + string first_name = 7 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Gigi\""; + } + ]; + string last_name = 8 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Giraffe\""; + } + ]; + string email = 9 [ + (validate.rules).string.email = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "email address of the user. (spec: https://tools.ietf.org/html/rfc2822#section-3.4.1)" + example: "\"gigi@caos.ch\""; + } + ]; + string display_name = 10 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "display name of the user" + example: "\"Gigi Giraffe\""; + } + ]; + string org_id = 11 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\"" + } + ]; + string org_name = 12 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"CAOS AG\""; + } + ]; + string org_domain = 13 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"caos.ch\""; + } + ]; + string project_id = 14 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\"" + } + ]; + string project_name = 15 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"ZITADEL\""; + } + ]; + string project_grant_id = 16 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\"" + } + ]; } enum UserGrantState { @@ -292,11 +628,21 @@ message UserGrantQuery { } message UserGrantProjectIDQuery { - string project_id = 1 [(validate.rules).string = {max_len: 200}]; + string project_id = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\"" + } + ]; } message UserGrantUserIDQuery { - string user_id = 1 [(validate.rules).string = {max_len: 200}]; + string user_id = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\"" + } + ]; } message UserGrantWithGrantedQuery { @@ -304,53 +650,147 @@ message UserGrantWithGrantedQuery { } message UserGrantRoleKeyQuery { - string role_key = 1 [(validate.rules).string = {max_len: 200}]; - zitadel.v1.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; + string role_key = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"role.super.man\"" + } + ]; + zitadel.v1.TextQueryMethod method = 2 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines which text equality method is used" + } + ]; } message UserGrantProjectGrantIDQuery { - string project_grant_id = 1 [(validate.rules).string = {max_len: 200}]; + string project_grant_id = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"69629023906488334\"" + } + ]; } message UserGrantUserNameQuery { - string user_name = 1 [(validate.rules).string = {max_len: 200}]; - zitadel.v1.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; + string user_name = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"mr_long_neck\"" + } + ]; + zitadel.v1.TextQueryMethod method = 2 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines which text equality method is used" + } + ]; } message UserGrantFirstNameQuery { - string first_name = 1 [(validate.rules).string = {max_len: 200}]; - zitadel.v1.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; + string first_name = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Gigi\"" + } + ]; + zitadel.v1.TextQueryMethod method = 2 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines which text equality method is used" + } + ]; } message UserGrantLastNameQuery { - string last_name = 1 [(validate.rules).string = {max_len: 200}]; - zitadel.v1.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; + string last_name = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"Giraffe\"" + } + ]; + zitadel.v1.TextQueryMethod method = 2 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines which text equality method is used" + } + ]; } message UserGrantEmailQuery { - string email = 1 [(validate.rules).string = {max_len: 200}]; - zitadel.v1.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; + string email = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"gigi@caos.ch\"" + } + ]; + zitadel.v1.TextQueryMethod method = 2 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines which text equality method is used" + } + ]; } message UserGrantOrgNameQuery { - string org_name = 1 [(validate.rules).string = {max_len: 200}]; - zitadel.v1.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; + string org_name = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"cao\"" + } + ]; + zitadel.v1.TextQueryMethod method = 2 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines which text equality method is used" + } + ]; } message UserGrantOrgDomainQuery { - string org_domain = 1 [(validate.rules).string = {max_len: 200}]; - zitadel.v1.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; + string org_domain = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"OS AG\"" + } + ]; + zitadel.v1.TextQueryMethod method = 2 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines which text equality method is used" + } + ]; } message UserGrantProjectNameQuery { - string project_name = 1 [(validate.rules).string = {max_len: 200}]; - zitadel.v1.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; + string project_name = 1 [ + (validate.rules).string = {max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "\"ITADE\"" + } + ]; + zitadel.v1.TextQueryMethod method = 2 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + example: "3" + } + ]; } -//TODO: needed as you can search first and last name? message UserGrantDisplayNameQuery { - string display_name = 1; - zitadel.v1.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; + string display_name = 1 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "display name of a user" + example: "\"Gigi Giraffe\""; + } + ]; + zitadel.v1.TextQueryMethod method = 2 [ + (validate.rules).enum.defined_only = true, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "defines which equality method is used"; + } + ]; } //PLANNED: login name query \ No newline at end of file