feat(api): new settings service (#5775)

* feat: add v2alpha policies service * feat: add v2alpha policies service * fix: rename of attributes and messages in v2alpha api * fix: rename of attributes and messages in v2alpha api * fix: linter corrections * fix: review corrections * fix: review corrections * fix: review corrections * fix: review corrections * fix grpc * refactor: rename to settings and more * Apply suggestions from code review Co-authored-by: Fabi <fabienne.gerschwiler@gmail.com> * add service to docs and rename legal settings * unit tests for converters * go mod tidy * ensure idp name and return list details * fix: use correct resource owner for active idps * change query to join --------- Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Fabi <fabienne.gerschwiler@gmail.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
zitadel · May 11, 2023 · 8d13f17 · 8d13f17 · vercel · May 11, 2023
1 parent c07411e
commit 8d13f17
Show file tree

Hide file tree

Showing 22 changed files with 1,720 additions and 39 deletions.
diff --git a/build/zitadel/generate-grpc.sh b/build/zitadel/generate-grpc.sh
@@ -96,4 +96,16 @@ protoc \
   --validate_out=lang=go:${GOPATH}/src \
   ${PROTO_PATH}/session/v2alpha/session_service.proto
 
+protoc \
+  -I=/proto/include \
+  --grpc-gateway_out ${GOPATH}/src \
+  --grpc-gateway_opt logtostderr=true \
+  --grpc-gateway_opt allow_delete_body=true \
+  --openapiv2_out ${OPENAPI_PATH} \
+  --openapiv2_opt logtostderr=true \
+  --openapiv2_opt allow_delete_body=true \
+  --zitadel_out=${GOPATH}/src \
+  --validate_out=lang=go:${GOPATH}/src \
+  ${PROTO_PATH}/settings/v2alpha/settings_service.proto
+
 echo "done generating grpc"
diff --git a/cmd/start/start.go b/cmd/start/start.go
@@ -33,6 +33,7 @@ import (
 	"github.com/zitadel/zitadel/internal/api/grpc/auth"
 	"github.com/zitadel/zitadel/internal/api/grpc/management"
 	"github.com/zitadel/zitadel/internal/api/grpc/session/v2"
+	"github.com/zitadel/zitadel/internal/api/grpc/settings/v2"
 	"github.com/zitadel/zitadel/internal/api/grpc/system"
 	"github.com/zitadel/zitadel/internal/api/grpc/user/v2"
 	http_util "github.com/zitadel/zitadel/internal/api/http"
@@ -337,6 +338,9 @@ func startAPIs(
 	if err := apis.RegisterService(ctx, session.CreateServer(commands, queries, permissionCheck)); err != nil {
 		return err
 	}
+	if err := apis.RegisterService(ctx, settings.CreateServer(commands, queries, config.ExternalSecure)); err != nil {
+		return err
+	}
 	instanceInterceptor := middleware.InstanceInterceptor(queries, config.HTTP1HostHeader, login.IgnoreInstanceEndpoints...)
 	assetsCache := middleware.AssetsCacheInterceptor(config.AssetStorage.Cache.MaxAge, config.AssetStorage.Cache.SharedMaxAge)
 	apis.RegisterHandlerOnPrefix(assets.HandlerPrefix, assets.NewHandler(commands, verifier, config.InternalAuthZ, id.SonyFlakeGenerator(), store, queries, middleware.CallDurationHandler, instanceInterceptor.Handler, assetsCache.Handler, limitingAccessInterceptor.Handle))

diff --git a/docs/docusaurus.config.js b/docs/docusaurus.config.js
@@ -273,6 +273,13 @@ module.exports = {
             sidebarOptions: {
               groupPathsBy: "tag",
             },
+          },
+          settings: {
+            specPath: ".artifacts/openapi/zitadel/settings/v2alpha/settings_service.swagger.json",
+            outputDir: "docs/apis/settings_service",
+            sidebarOptions: {
+              groupPathsBy: "tag",
+            },
           }
         }
       },

diff --git a/docs/sidebars.js b/docs/sidebars.js
@@ -426,6 +426,20 @@ module.exports = {
           },
           items: require("./docs/apis/session_service/sidebar.js"),
         },
+        {
+          type: "category",
+          label: "Settings Lifecycle (Alpha)",
+          link: {
+            type: "generated-index",
+            title: "Settings Service API (Alpha)",
+            slug: "/apis/settings_service",
+            description:
+              "This API is intended to manage settings in a ZITADEL instance.\n"+
+              "\n"+
+              "This project is in alpha state. It can AND will continue breaking until the services provide the same functionality as the current login.",
+          },
+          items: require("./docs/apis/settings_service/sidebar.js"),
+        },
         {
           type: "category",
           label: "Assets",

diff --git a/internal/api/grpc/object/v2/converter.go b/internal/api/grpc/object/v2/converter.go
@@ -1,8 +1,11 @@
 package object
 
 import (
+	"context"
+
 	"google.golang.org/protobuf/types/known/timestamppb"
 
+	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/query"
 	object "github.com/zitadel/zitadel/pkg/grpc/object/v2alpha"
@@ -36,3 +39,13 @@ func ListQueryToQuery(query *object.ListQuery) (offset, limit uint64, asc bool)
 	}
 	return query.Offset, uint64(query.Limit), query.Asc
 }
+
+func ResourceOwnerFromReq(ctx context.Context, req *object.RequestContext) string {
+	if req.GetInstance() {
+		return authz.GetInstance(ctx).InstanceID()
+	}
+	if req.GetOrgId() != "" {
+		return req.GetOrgId()
+	}
+	return authz.GetCtxData(ctx).OrgID
+}
diff --git a/internal/api/grpc/settings/v2/server.go b/internal/api/grpc/settings/v2/server.go
@@ -0,0 +1,57 @@
+package settings
+
+import (
+	"context"
+
+	"google.golang.org/grpc"
+
+	"github.com/zitadel/zitadel/internal/api/assets"
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/api/grpc/server"
+	"github.com/zitadel/zitadel/internal/command"
+	"github.com/zitadel/zitadel/internal/query"
+	settings "github.com/zitadel/zitadel/pkg/grpc/settings/v2alpha"
+)
+
+var _ settings.SettingsServiceServer = (*Server)(nil)
+
+type Server struct {
+	settings.UnimplementedSettingsServiceServer
+	command         *command.Commands
+	query           *query.Queries
+	assetsAPIDomain func(context.Context) string
+}
+
+type Config struct{}
+
+func CreateServer(
+	command *command.Commands,
+	query *query.Queries,
+	externalSecure bool,
+) *Server {
+	return &Server{
+		command:         command,
+		query:           query,
+		assetsAPIDomain: assets.AssetAPI(externalSecure),
+	}
+}
+
+func (s *Server) RegisterServer(grpcServer *grpc.Server) {
+	settings.RegisterSettingsServiceServer(grpcServer, s)
+}
+
+func (s *Server) AppName() string {
+	return settings.SettingsService_ServiceDesc.ServiceName
+}
+
+func (s *Server) MethodPrefix() string {
+	return settings.SettingsService_ServiceDesc.ServiceName
+}
+
+func (s *Server) AuthMethods() authz.MethodMapping {
+	return settings.SettingsService_AuthMethods
+}
+
+func (s *Server) RegisterGateway() server.RegisterGatewayFunc {
+	return settings.RegisterSettingsServiceHandler
+}
diff --git a/internal/api/grpc/settings/v2/settings.go b/internal/api/grpc/settings/v2/settings.go
@@ -0,0 +1,129 @@
+package settings
+
+import (
+	"context"
+
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/api/grpc/object/v2"
+	"github.com/zitadel/zitadel/internal/api/grpc/text"
+	"github.com/zitadel/zitadel/internal/query"
+	object_pb "github.com/zitadel/zitadel/pkg/grpc/object/v2alpha"
+	"github.com/zitadel/zitadel/pkg/grpc/settings/v2alpha"
+)
+
+func (s *Server) GetLoginSettings(ctx context.Context, req *settings.GetLoginSettingsRequest) (*settings.GetLoginSettingsResponse, error) {
+	current, err := s.query.LoginPolicyByID(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
+	if err != nil {
+		return nil, err
+	}
+	return &settings.GetLoginSettingsResponse{
+		Settings: loginSettingsToPb(current),
+		Details: &object_pb.Details{
+			Sequence:      current.Sequence,
+			ChangeDate:    timestamppb.New(current.ChangeDate),
+			ResourceOwner: current.OrgID,
+		},
+	}, nil
+}
+
+func (s *Server) GetPasswordComplexitySettings(ctx context.Context, req *settings.GetPasswordComplexitySettingsRequest) (*settings.GetPasswordComplexitySettingsResponse, error) {
+	current, err := s.query.PasswordComplexityPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
+	if err != nil {
+		return nil, err
+	}
+	return &settings.GetPasswordComplexitySettingsResponse{
+		Settings: passwordSettingsToPb(current),
+		Details: &object_pb.Details{
+			Sequence:      current.Sequence,
+			ChangeDate:    timestamppb.New(current.ChangeDate),
+			ResourceOwner: current.ResourceOwner,
+		},
+	}, nil
+}
+
+func (s *Server) GetBrandingSettings(ctx context.Context, req *settings.GetBrandingSettingsRequest) (*settings.GetBrandingSettingsResponse, error) {
+	current, err := s.query.ActiveLabelPolicyByOrg(ctx, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
+	if err != nil {
+		return nil, err
+	}
+	return &settings.GetBrandingSettingsResponse{
+		Settings: brandingSettingsToPb(current, s.assetsAPIDomain(ctx)),
+		Details: &object_pb.Details{
+			Sequence:      current.Sequence,
+			ChangeDate:    timestamppb.New(current.ChangeDate),
+			ResourceOwner: current.ResourceOwner,
+		},
+	}, nil
+}
+
+func (s *Server) GetDomainSettings(ctx context.Context, req *settings.GetDomainSettingsRequest) (*settings.GetDomainSettingsResponse, error) {
+	current, err := s.query.DomainPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
+	if err != nil {
+		return nil, err
+	}
+	return &settings.GetDomainSettingsResponse{
+		Settings: domainSettingsToPb(current),
+		Details: &object_pb.Details{
+			Sequence:      current.Sequence,
+			ChangeDate:    timestamppb.New(current.ChangeDate),
+			ResourceOwner: current.ResourceOwner,
+		},
+	}, nil
+}
+
+func (s *Server) GetLegalAndSupportSettings(ctx context.Context, req *settings.GetLegalAndSupportSettingsRequest) (*settings.GetLegalAndSupportSettingsResponse, error) {
+	current, err := s.query.PrivacyPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
+	if err != nil {
+		return nil, err
+	}
+	return &settings.GetLegalAndSupportSettingsResponse{
+		Settings: legalAndSupportSettingsToPb(current),
+		Details: &object_pb.Details{
+			Sequence:      current.Sequence,
+			ChangeDate:    timestamppb.New(current.ChangeDate),
+			ResourceOwner: current.ResourceOwner,
+		},
+	}, nil
+}
+
+func (s *Server) GetLockoutSettings(ctx context.Context, req *settings.GetLockoutSettingsRequest) (*settings.GetLockoutSettingsResponse, error) {
+	current, err := s.query.LockoutPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
+	if err != nil {
+		return nil, err
+	}
+	return &settings.GetLockoutSettingsResponse{
+		Settings: lockoutSettingsToPb(current),
+		Details: &object_pb.Details{
+			Sequence:      current.Sequence,
+			ChangeDate:    timestamppb.New(current.ChangeDate),
+			ResourceOwner: current.ResourceOwner,
+		},
+	}, nil
+}
+
+func (s *Server) GetActiveIdentityProviders(ctx context.Context, req *settings.GetActiveIdentityProvidersRequest) (*settings.GetActiveIdentityProvidersResponse, error) {
+	links, err := s.query.IDPLoginPolicyLinks(ctx, object.ResourceOwnerFromReq(ctx, req.GetCtx()), &query.IDPLoginPolicyLinksSearchQuery{}, false)
+	if err != nil {
+		return nil, err
+	}
+
+	return &settings.GetActiveIdentityProvidersResponse{
+		Details:           object.ToListDetails(links.SearchResponse),
+		IdentityProviders: identityProvidersToPb(links.Links),
+	}, nil
+}
+
+func (s *Server) GetGeneralSettings(ctx context.Context, _ *settings.GetGeneralSettingsRequest) (*settings.GetGeneralSettingsResponse, error) {
+	langs, err := s.query.Languages(ctx)
+	if err != nil {
+		return nil, err
+	}
+	instance := authz.GetInstance(ctx)
+	return &settings.GetGeneralSettingsResponse{
+		SupportedLanguages: text.LanguageTagsToStrings(langs),
+		DefaultOrgId:       instance.DefaultOrganisationID(),
+		DefaultLanguage:    instance.DefaultLanguage().String(),
+	}, nil
+}