Merge branch 'v2-alpha' into v2-alpha-run-e2e-tests

README.md

@@ -41,7 +41,7 @@ With ZITADEL you rely on a battle tested, hardened and extensible turnkey soluti
 
 ## Get started
 
-### ZITADEL Cloud
+### ZITADEL Cloud (SaaS)
 
 The easiest way to get started with ZITADEL is to use our public cloud offering.
 Currently ZITADEL V2 Beta is available, head over to [https://zitadel.cloud](https://zitadel.cloud) and create your first ZITADEL instance for free.

cmd/start/config.go

@@ -22,6 +22,7 @@ import (
 	"github.com/zitadel/zitadel/internal/database"
 	"github.com/zitadel/zitadel/internal/query/projection"
 	static_config "github.com/zitadel/zitadel/internal/static/config"
+	metrics "github.com/zitadel/zitadel/internal/telemetry/metrics/config"
 	tracing "github.com/zitadel/zitadel/internal/telemetry/tracing/config"
 )
 
@@ -37,6 +38,7 @@ type Config struct {
 	WebAuthNName      string
 	Database          database.Config
 	Tracing           tracing.Config
+	Metrics           metrics.Config
 	Projections       projection.Config
 	Auth              auth_es.Config
 	Admin             admin_es.Config
@@ -77,11 +79,16 @@ func MustNewConfig(v *viper.Viper) *Config {
 			mapstructure.StringToSliceHookFunc(","),
 		)),
 	)
+	logging.OnError(err).Fatal("unable to read config")
+
 	err = config.Log.SetLogger()
 	logging.OnError(err).Fatal("unable to set logger")
 
 	err = config.Tracing.NewTracer()
 	logging.OnError(err).Fatal("unable to set tracer")
 
+	err = config.Metrics.NewMeter()
+	logging.OnError(err).Fatal("unable to set meter")
+
 	return config
 }

deploy/knative/zitadel-knative-service.yaml

@@ -7,7 +7,7 @@ spec:
   template:
     metadata:
       annotations:
-        client.knative.dev/user-image: ghcr.io/zitadel/zitadel:v2.0.0-v2-alpha.33-amd64
+        client.knative.dev/user-image: ghcr.io/zitadel/zitadel:v2.0.0-v2-alpha.39-amd64
       creationTimestamp: null
     spec:
       containerConcurrency: 0
@@ -30,7 +30,7 @@ spec:
           value: zitadel.default.127.0.0.1.sslip.io
         - name: ZITADEL_S3DEFAULTINSTANCE_CUSTOMDOMAIN
           value: zitadel.default.127.0.0.1.sslip.io
-        image: ghcr.io/zitadel/zitadel:v2.0.0-v2-alpha.33-amd64
+        image: ghcr.io/zitadel/zitadel:v2.0.0-v2-alpha.39-amd64
         name: user-container
         ports:
         - containerPort: 8080

docs/docs/apis/proto/admin.md

@@ -3642,6 +3642,7 @@ this is en empty request
 | ----- | ---- | ----------- | ----------- |
 | org |  SetUpOrgRequest.Org | - | message.required: true<br />  |
 | [**oneof**](https://developers.google.com/protocol-buffers/docs/proto3#oneof) user.human |  SetUpOrgRequest.Human | oneof field for the user managing the organisation |  |
+| roles | repeated string | specify Org Member Roles for the provided user (default is ORG_OWNER if roles are empty) |  |
 
 
 

docs/docs/guides/installation/configure/compose.mdx

@@ -1,10 +1,25 @@
+import CodeBlock from '@theme/CodeBlock';
+import DockerComposeSource from '!!raw-loader!./docker-compose.yaml'
+import ExampleZITADELConfigSource from '!!raw-loader!./example-zitadel-config.yaml'
+import ExampleZITADELSecretsSource from '!!raw-loader!./example-zitadel-secrets.yaml'
+import ExampleZITADELInitStepsSource from '!!raw-loader!./example-zitadel-init-steps.yaml'
+
 The docker compose example mounts the example zitadel configuration files to the ZITADEL container.
 
 By executing the commands below, you will download the following files:
-- [docker-compose.yaml](./docker-compose.yaml)
+
-- [example-zitadel-config.yaml](./example-zitadel-config.yaml)
+<details><summary>docker-compose.yaml</summary>
-- [example-zitadel-secrets.yaml](./example-zitadel-secrets.yaml)
+    <CodeBlock language="yaml">{DockerComposeSource}</CodeBlock>
-- [example-zitadel-init-steps.yaml](./example-zitadel-init-steps.yaml)
+</details>
+<details><summary>example-zitadel-config.yaml</summary>
+    <CodeBlock language="yaml">{ExampleZITADELConfigSource}</CodeBlock>
+</details>
+<details><summary>example-zitadel-secrets.yaml</summary>
+    <CodeBlock language="yaml">{ExampleZITADELSecretsSource}</CodeBlock>
+</details>
+<details><summary>example-zitadel-init-steps.yaml</summary>
+    <CodeBlock language="yaml">{ExampleZITADELInitStepsSource}</CodeBlock>
+</details>
 
 ```bash
 # Download the docker compose example configuration for a secure CockroachDB. For example:

docs/docs/guides/installation/configure/configure.mdx

@@ -35,13 +35,21 @@ All configuration properties are also configurable via environemnt variables.
 Prefix the key with *ZITADEL\_*, uppercase the propery and join sections by an underscore _.
 For example, if you want to configure the default ZITADEL IAM admin username and password, make sure the ZITADEL binary runtime has the variables *ZITADEL_S3DEFAULTINSTANCE_ORG_HUMAN_USERNAME* and *ZITADEL_S3DEFAULTINSTANCE_ORG_HUMAN_PASSWORD* set.
 
+## Masterkey
+
+The masterkey is used to AES256-encrypt other generated encryption keys.
+It needs to have 32 bytes.
+You can pass the masterkey in either of three possible ways to the zitadel binary:
+- By value: Use the flag `--masterkey My_Master_Key_Which_Has_32_Bytes`
+- By environment variable `ZITADEL_MASTERKEY`: Use the flag `--masterkeyFromEnv`
+- By file: Use the flag `--masterkeyFile /path/to/file`
+
 ## Passing the configuration
 
 <Tabs
     groupId="installation-target"
-    default="linux"
+    default="linuxunix"
     values={[
-        {'label': 'Linux', 'value': 'linux'},
         {'label': 'Linux and Unix', 'value': 'linuxunix'},
         {'label': 'Docker Compose', 'value': 'compose'},
         {'label': 'Kubernetes (Helm)', 'value': 'k8s'}

docs/docs/guides/installation/configure/docker-compose.yaml

@@ -6,7 +6,7 @@ services:
     restart: 'always'
     networks:
       - 'zitadel'
-    image: 'ghcr.io/zitadel/zitadel:v2.0.0-v2-alpha.33-amd64'
+    image: 'ghcr.io/zitadel/zitadel:v2.0.0-v2-alpha.39-amd64'
     command: 'start-from-init --config /example-zitadel-config.yaml --config /example-zitadel-secrets.yaml --steps /example-zitadel-init-steps.yaml --masterkey "${ZITADEL_MASTERKEY}" --tlsMode disabled'
     depends_on:
       chown:

docs/docs/guides/installation/configure/helm.mdx

@@ -1,11 +1,20 @@
+import CodeBlock from '@theme/CodeBlock';
+import ExampleZITADELValuesSource from '!!raw-loader!./example-zitadel-values.yaml'
+import ExampleZITADELValuesSecretsSource from '!!raw-loader!./example-zitadel-values-secrets.yaml'
+
 By default, the chart installs a secure ZITADEL and CockroachDB.
 The example files makes an insecure ZITADEL accessible by port forwarding the ZITADEL service to localhost.
 For more configuration options, [go to the chart repo descriptions](https://github.com/zitadel/zitadel-charts).
 For a secure installation with Docker Compose, [go to the loadbalancing example](/docs/guides/installation/loadbalancing-example)
 
 By executing the commands below, you will download the following files:
-- [example-zitadel-values.yaml](./example-zitadel-values.yaml)
+
-- [example-zitadel-values-secrets.yaml](./example-zitadel-values-secrets.yaml)
+<details><summary>example-zitadel-values.yaml</summary>
+    <CodeBlock language="yaml">{ExampleZITADELValuesSource}</CodeBlock>
+</details>
+<details><summary>example-zitadel-values-secrets.yaml</summary>
+    <CodeBlock language="yaml">{ExampleZITADELValuesSecretsSource}</CodeBlock>
+</details>
 
 ```bash
 # Download and adjust the example configuration file containing standard configuration

docs/docs/guides/installation/configure/linuxunix.mdx

@@ -1,9 +1,21 @@
+import CodeBlock from '@theme/CodeBlock';
+import ExampleZITADELConfigSource from '!!raw-loader!./example-zitadel-config.yaml'
+import ExampleZITADELSecretsSource from '!!raw-loader!./example-zitadel-secrets.yaml'
+import ExampleZITADELInitStepsSource from '!!raw-loader!./example-zitadel-init-steps.yaml'
+
 ### Configure by Files
 
 By executing the commands below, you will download the following files:
-- [example-zitadel-config.yaml](./example-zitadel-config.yaml)
+
-- [example-zitadel-secrets.yaml](./example-zitadel-secrets.yaml)
+<details><summary>example-zitadel-config.yaml</summary>
-- [example-zitadel-init-steps.yaml](./example-zitadel-init-steps.yaml)
+    <CodeBlock language="yaml">{ExampleZITADELConfigSource}</CodeBlock>
+</details>
+<details><summary>example-zitadel-secrets.yaml</summary>
+    <CodeBlock language="yaml">{ExampleZITADELSecretsSource}</CodeBlock>
+</details>
+<details><summary>example-zitadel-init-steps.yaml</summary>
+    <CodeBlock language="yaml">{ExampleZITADELInitStepsSource}</CodeBlock>
+</details>
 
 ```bash
 # Download and adjust the example configuration file containing standard configuration
@@ -44,5 +56,5 @@ export ZITADEL_S3DEFAULTINSTANCE_ORG_HUMAN_PASSWORD="RootPassword1!"
 export ZITADEL_MASTERKEY="$(tr -dc A-Za-z0-9 </dev/urandom | head -c 32)"
 
 # Let the zitadel binary read configuration from environment variables
-zitadel admin start-from-init --masterkey "${ZITADEL_MASTERKEY}"
+zitadel start-from-init --masterkey "${ZITADEL_MASTERKEY}" --tlsMode disabled
 ```

docs/docs/guides/installation/loadbalancing-example/docker-compose.yaml

@@ -15,7 +15,7 @@ services:
     restart: 'always'
     networks:
       - 'zitadel'
-    image: 'ghcr.io/zitadel/zitadel:v2.0.0-v2-alpha.33-amd64'
+    image: 'ghcr.io/zitadel/zitadel:v2.0.0-v2-alpha.39-amd64'
     command: 'start-from-init --config /example-zitadel-config.yaml --config /example-zitadel-secrets.yaml --steps /example-zitadel-init-steps.yaml --masterkey "${ZITADEL_MASTERKEY}" --tlsMode external'
     depends_on:
       chown:

docs/docs/guides/installation/loadbalancing-example/loadbalancing-example.mdx

@@ -2,6 +2,13 @@
 title: Load Balancing Example
 ---
 
+import CodeBlock from '@theme/CodeBlock';
+import DockerComposeSource from '!!raw-loader!./docker-compose.yaml'
+import ExampleTraefikSource from '!!raw-loader!./example-traefik.yaml'
+import ExampleZITADELConfigSource from '!!raw-loader!./example-zitadel-config.yaml'
+import ExampleZITADELSecretsSource from '!!raw-loader!./example-zitadel-secrets.yaml'
+import ExampleZITADELInitStepsSource from '!!raw-loader!./example-zitadel-init-steps.yaml'
+
 With this example configuration, you create a near production environment for ZITADEL with [Docker Compose](https://docs.docker.com/compose/).
 
 The stack consists of three long-running containers:
@@ -12,11 +19,22 @@ The stack consists of three long-running containers:
 The setup is tested against Docker version 20.10.17 and Docker Compose version v2.2.3
 
 By executing the commands below, you will download the following files:
-- [docker-compose.yaml](./docker-compose.yaml)
+
-- [example-traefik.yaml](./example-traefik.yaml)
+<details><summary>docker-compose.yaml</summary>
-- [example-zitadel-config.yaml](./example-zitadel-config.yaml)
+    <CodeBlock language="yaml">{DockerComposeSource}</CodeBlock>
-- [example-zitadel-secrets.yaml](./example-zitadel-secrets.yaml)
+</details>
-- [example-zitadel-init-steps.yaml](./example-zitadel-init-steps.yaml)
+<details><summary>example-traefik.yaml</summary>
+    <CodeBlock language="yaml">{ExampleTraefikSource}</CodeBlock>
+</details>
+<details><summary>example-zitadel-config.yaml</summary>
+    <CodeBlock language="yaml">{ExampleZITADELConfigSource}</CodeBlock>
+</details>
+<details><summary>example-zitadel-secrets.yaml</summary>
+    <CodeBlock language="yaml">{ExampleZITADELSecretsSource}</CodeBlock>
+</details>
+<details><summary>example-zitadel-init-steps.yaml</summary>
+    <CodeBlock language="yaml">{ExampleZITADELInitStepsSource}</CodeBlock>
+</details>
 
 ```bash
 # Download the docker compose example configuration. For example:

docs/docs/guides/installation/run/compose.mdx

@@ -1,6 +1,13 @@
+import CodeBlock from '@theme/CodeBlock';
+import DockerComposeSource from '!!raw-loader!./docker-compose.yaml'
+
 The setup is tested against Docker version 20.10.17 and Docker Compose version v2.2.3
 
-By executing the commands below, you will download the file [docker-compose.yaml](./docker-compose.yaml)
+By executing the commands below, you will download the following file:
+
+<details><summary>docker-compose.yaml</summary>
+    <CodeBlock language="yaml">{DockerComposeSource}</CodeBlock>
+</details>
 
 ```bash
 # Download the docker compose example configuration. For example:

docs/docs/guides/installation/run/docker-compose.yaml

@@ -5,7 +5,7 @@ services:
     restart: 'always'
     networks:
       - 'zitadel'
-    image: 'ghcr.io/zitadel/zitadel:v2.0.0-v2-alpha.33-amd64'
+    image: 'ghcr.io/zitadel/zitadel:v2.0.0-v2-alpha.39-amd64'
     command: 'start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled'
     environment:
       - 'ZITADEL_DATABASE_HOST=db'

docs/docs/guides/installation/run/knative.mdx

@@ -6,16 +6,16 @@ Follow the [Knative quickstart guide](https://knative.dev/docs/getting-started/q
 It is basically 4 commands on Mac:
 
 ```bash
-#install knative
+# Install knative
 brew install knative/client/kn
 
-#install knative quickstart sandbox
+# Install knative quickstart sandbox
 brew install knative-sandbox/kn-plugins/quickstart
 
-#install kind
+# Install kind
 brew install kind
 
-#install quickstart cluster
+# Install quickstart cluster
 kn quickstart kind
 ```
 That will get you a ready to go knative/kubernetes environment.
@@ -29,13 +29,13 @@ kubectl apply -f https://raw.githubusercontent.com/zitadel/zitadel/v2-alpha/depl
 ```
 
 
-## Start ZITADEL with Knative 
+## Start ZITADEL with Knative
+
+Either use the kn binary...
+
 ```bash
-
-# start zitadel
-
 kn service create zitadel \
---image ghcr.io/zitadel/zitadel:v2.0.0-v2-alpha.33-amd64 \
+--image ghcr.io/zitadel/zitadel:v2.0.0-v2-alpha.39-amd64 \
 --port 8080 \
 --env ZITADEL_DATABASE_HOST=cockroachdb \
 --env ZITADEL_EXTERNALSECURE=false \
@@ -46,15 +46,17 @@ kn service create zitadel \
 --arg "start-from-init" --arg "--masterkey" --arg "MasterkeyNeedsToHave32Characters" 
 ```
 
-or use the knative service yaml
+... or use the knative service yaml
 
 ```bash
 kubectl apply -f https://raw.githubusercontent.com/zitadel/zitadel/v2-alpha/deploy/knative/zitadel-knative-service.yaml
 ```
 
-## Get started with ZIDATEL
+## Get started with ZITADEL
+
+Get ZITADEL URL
+
 ```bash
-#get ZIDATEL URL
 kn services list
 
 NAME      URL                                         LATEST          AGE   CONDITIONS   READY   REASON

docs/docs/guides/installation/run/linux.mdx

@@ -3,14 +3,16 @@
 Download a `cockroach` binary as described [in the CockroachDB docs](https://www.cockroachlabs.com/docs/v22.1/install-cockroachdb).
 ZITADEL is tested against CockroachDB v22.1.0 and Ubuntu 20.04.
 
-## Run CockroachDB and ZITADEL
+## Run CockroachDB
 
 ```bash
-# Run a CockroachDB instance
+cockroach start-single-node --insecure --background --http-addr :9090 --listen-addr=localhost
-cockroach start-single-node --insecure --background --http-addr :9090
+```
 
+## Run ZITADEL
+```bash
 # Download the zitadel binary
-curl -s https://api.github.com/repos/zitadel/zitadel/releases/tags/v2.0.0-v2-alpha.24 | grep "browser_download_url.*zitadel_Linux_$(uname -i).tar.gz" | cut -d '"' -f 4 | xargs wget -qO - | sudo tar --extract --gzip --overwrite --directory /usr/local/bin zitadel && sudo chown $(id -u):$(id -g) /usr/local/bin/zitadel
+curl -s https://api.github.com/repos/zitadel/zitadel/releases/tags/v2.0.0-v2-alpha.39 | grep "browser_download_url.*zitadel_Linux_$(uname -i).tar.gz" | cut -d '"' -f 4 | xargs wget -qO - | sudo tar --extract --gzip --overwrite --directory /usr/local/bin zitadel && sudo chown $(id -u):$(id -g) /usr/local/bin/zitadel
 
 # Run the zitadel binary
 ZITADEL_EXTERNALSECURE=false zitadel start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled

docs/docs/guides/installation/run/macos.mdx

@@ -8,7 +8,7 @@ ZITADEL is tested against CockroachDB v22.1.0.
 Run a CockroachDB instance
 
 ```bash
-cockroach start-single-node --insecure --background --http-addr :9090
+cockroach start-single-node --insecure --background --http-addr :9090 --listen-addr=localhost
 ```
 
 # Download and Install ZITADEL
@@ -23,7 +23,7 @@ brew install zitadel/tap/zitadel
 
 ```bash
 export MY_ARCHITECTURE="arm64 or amd64 depeding on your mac"
-curl -s https://api.github.com/repos/zitadel/zitadel/releases/tags/v2.0.0-v2-alpha.24 | grep "browser_download_url.*zitadel_Darwin_${MY_ARCHITECTURE}.tar.gz" | cut -d '"' -f 4 | xargs wget -qO - | sudo tar --extract --gzip --overwrite --directory /usr/local/bin zitadel && sudo chown $(id -u):$(id -g) /usr/local/bin/zitadel
+curl -s https://api.github.com/repos/zitadel/zitadel/releases/tags/v2.0.0-v2-alpha.39 | grep "browser_download_url.*zitadel_Darwin_${MY_ARCHITECTURE}.tar.gz" | cut -d '"' -f 4 | xargs wget -qO - | sudo tar --extract --gzip --overwrite --directory /usr/local/bin zitadel && sudo chown $(id -u):$(id -g) /usr/local/bin/zitadel
 ```
 
 Run ZITADEL

docs/docusaurus.config.js

@@ -19,7 +19,15 @@ module.exports = {
     },
   ],
   themeConfig: {
-    zoomSelector: ".markdown :not(em) > img",
+    zoom: {
+      selector: '.markdown :not(em) > img',
+      background: {
+        light: 'rgb(243, 244, 246)',
+        dark: 'rgb(55, 59, 82)'
+      },
+      // options you can specify via https://github.com/francoischalifour/medium-zoom#usage
+      config: {}
+    },
     announcementBar: {
       id: 'documentation',
       content:
@@ -170,5 +178,5 @@ module.exports = {
       },
     ],
   ],
-  plugins: [require.resolve("plugin-image-zoom")],
+  plugins: [require.resolve("docusaurus-plugin-image-zoom")],
 };

docs/package.json

@@ -82,6 +82,7 @@
     "cssnano": "5.1.7",
     "cssnano-preset-advanced": "5.3.3",
     "dns-packet": "5.3.1",
+    "docusaurus-plugin-image-zoom": "^0.1.1",
     "docusaurus-plugin-plausible": "^0.0.5",
     "eastasianwidth": "0.2.0",
     "enhanced-resolve": "5.9.3",
@@ -139,6 +140,7 @@
     "postcss-zindex": "5.1.0",
     "prismjs": "1.28.0",
     "raw-body": "2.5.1",
+    "raw-loader": "^4.0.2",
     "react": "^17.0.2",
     "react-dev-utils": "12.0.1",
     "react-dom": "^17.0.2",

docs/src/css/custom.css

@@ -72,14 +72,14 @@
 :root {
   --ifm-navbar-background-color: #ffffff;
   --ifm-footer-background-color: #f4f4f4;
-  --ifm-menu-color-background-active: #f2f5ff;
+  --ifm-menu-color-background-active: #7E21CE10;
-  --ifm-menu-color-active: #5469d4;
+  --ifm-menu-color-active: #7E21CE;
   --ifm-menu-color-background-hover: #f7fafc;
   --ifm-font-color-base: #6b7280;
   --ifm-link-color: #5469d4;
   --ifm-menu-color: #697386;
   --ifm-footer-link-color: #000000;
-  --ifm-color-primary: #5469d4;
+  --ifm-color-primary: #7E21CE;
   --ifm-color-primary-dark: #4d61cf;
   --ifm-color-primary-darker: #4356c9;
   --ifm-color-primary-darkest: #3a4cc3; /* 293bb9 */
@@ -161,7 +161,7 @@
 }
 
 :root[data-theme="dark"] .navbar:not(.navbar-sidebar--show) {
-  background-color: rgba(31, 41, 55, 0.5019607843137255);
+  background-color: #15173580;
   backdrop-filter: saturate(110%) blur(5px);
 }
 
@@ -238,8 +238,8 @@ h2 {
   --ifm-menu-color-background-active: #ffffff10;
   --ifm-menu-color-active: #ffffff;
   --ifm-menu-color-background-hover: #3c405850;
-  --ifm-font-color-base: #c1c9d2;
+  --ifm-font-color-base: #DDDDDD;
-  --ifm-menu-color: #a3acb9;
+  --ifm-menu-color: #DDDDDD;
   --ifm-link-color: #ff2069;
   --docsearch-searchbox-background: #454a66;
   --docsearch-searchbox-focus-background: #454a66;
@@ -258,9 +258,9 @@ h2 {
   --ifm-color-primary-lightest: #ff90b4;
   --ifm-background-color: #141735;
   --ifm-hero-background-color: #0f1022;
-  --ifm-hero-text-color: var(--ifm-font-color-base);
+  --ifm-hero-text-color: #ffffff;
   --get-started-bg: var(--ifm-font-color-base);
-  --get-started: #059669;
+  --get-started: #FF1F69;
   --ifm-footer-color: #ffffff50;
   --ifm-heading-color: #ffffff;
   --ifm-font-color-base: #c1c9d2;
@@ -285,7 +285,6 @@ h2 {
   --apisystembackground: linear-gradient(40deg, #6E695090, #6E695090);
   --apiassetbackground: linear-gradient(40deg, #3c4257, #3c4257);
   --overlaycolor: #ffffff15;
-  --ifm-hero-text-color: #023c2a;
 }
 
 .get-started:hover {

docs/yarn.lock

@@ -3855,6 +3855,13 @@ dns-packet@5.3.1, dns-packet@^5.2.2:
   dependencies:
     "@leichtgewicht/ip-codec" "^2.0.1"
 
+docusaurus-plugin-image-zoom@^0.1.1:
+  version "0.1.1"
+  resolved "https://registry.yarnpkg.com/docusaurus-plugin-image-zoom/-/docusaurus-plugin-image-zoom-0.1.1.tgz#f5e16ae568f7b74e8a357ee67ea7922521f64539"
+  integrity sha512-cJXo5TKh9OR1gE4B5iS5ovLWYYDFwatqRm00iXFPOaShZG99l5tgkDKgbQPAwSL9wg4I+wz3aMwkOtDhMIpKDQ==
+  dependencies:
+    medium-zoom "^1.0.6"
+
 docusaurus-plugin-plausible@^0.0.5:
   version "0.0.5"
   resolved "https://registry.yarnpkg.com/docusaurus-plugin-plausible/-/docusaurus-plugin-plausible-0.0.5.tgz#d113f7d82c09a3945e88227265b599ba1904bfb9"
@@ -5573,7 +5580,7 @@ media-typer@0.3.0:
   resolved "https://registry.yarnpkg.com/media-typer/-/media-typer-0.3.0.tgz#8710d7af0aa626f8fffa1ce00168545263255748"
   integrity sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g=
 
-medium-zoom@^1.0.4:
+medium-zoom@^1.0.4, medium-zoom@^1.0.6:
   version "1.0.6"
   resolved "https://registry.yarnpkg.com/medium-zoom/-/medium-zoom-1.0.6.tgz#9247f21ca9313d8bbe9420aca153a410df08d027"
   integrity sha512-UdiUWfvz9fZMg1pzf4dcuqA0W079o0mpqbTnOz5ip4VGYX96QjmbM+OgOU/0uOzAytxC0Ny4z+VcYQnhdifimg==
@@ -6571,6 +6578,14 @@ raw-body@2.5.1:
     iconv-lite "0.4.24"
     unpipe "1.0.0"
 
+raw-loader@^4.0.2:
+  version "4.0.2"
+  resolved "https://registry.yarnpkg.com/raw-loader/-/raw-loader-4.0.2.tgz#1aac6b7d1ad1501e66efdac1522c73e59a584eb6"
+  integrity sha512-ZnScIV3ag9A4wPX/ZayxL/jZH+euYb6FcUinPcgiQW0+UBtEv0O6Q3lGd3cqJ+GHH+rksEv3Pj99oxJ3u3VIKA==
+  dependencies:
+    loader-utils "^2.0.0"
+    schema-utils "^3.0.0"
+
 rc@^1.2.8:
   version "1.2.8"
   resolved "https://registry.yarnpkg.com/rc/-/rc-1.2.8.tgz#cd924bf5200a075b83c188cd6b9e211b7fc0d3ed"

internal/api/api.go

@@ -17,6 +17,7 @@ import (
 	http_util "github.com/zitadel/zitadel/internal/api/http"
 	"github.com/zitadel/zitadel/internal/errors"
 	"github.com/zitadel/zitadel/internal/query"
+	"github.com/zitadel/zitadel/internal/telemetry/metrics"
 	"github.com/zitadel/zitadel/internal/telemetry/tracing"
 )
 
@@ -132,6 +133,7 @@ func (a *API) healthHandler() http.Handler {
 	handler.HandleFunc("/healthz", handleHealth)
 	handler.HandleFunc("/ready", handleReadiness(checks))
 	handler.HandleFunc("/validate", handleValidate(checks))
+	handler.Handle("/metrics", metricsExporter())
 
 	return handler
 }
@@ -175,3 +177,11 @@ func validate(ctx context.Context, validations []ValidationFunction) []error {
 	}
 	return errs
 }
+
+func metricsExporter() http.Handler {
+	exporter := metrics.GetExporter()
+	if exporter == nil {
+		return http.NotFoundHandler()
+	}
+	return exporter
+}

internal/api/grpc/admin/org.go

@@ -66,6 +66,7 @@ func (s *Server) SetUpOrg(ctx context.Context, req *admin_pb.SetUpOrgRequest) (*
 		Name:         req.Org.Name,
 		CustomDomain: req.Org.Domain,
 		Human:        human,
+		Roles:        req.Roles,
 	}, userIDs...)
 	if err != nil {
 		return nil, err

internal/command/org.go

@@ -19,6 +19,7 @@ type OrgSetup struct {
 	Name         string
 	CustomDomain string
 	Human        AddHuman
+	Roles        []string
 }
 
 func (c *Commands) SetUpOrg(ctx context.Context, o *OrgSetup, userIDs ...string) (string, *domain.ObjectDetails, error) {
@@ -35,10 +36,15 @@ func (c *Commands) SetUpOrg(ctx context.Context, o *OrgSetup, userIDs ...string)
 	orgAgg := org.NewAggregate(orgID)
 	userAgg := user_repo.NewAggregate(userID, orgID)
 
+	roles := []string{domain.RoleOrgOwner}
+	if len(o.Roles) > 0 {
+		roles = o.Roles
+	}
+
 	validations := []preparation.Validation{
 		AddOrgCommand(ctx, orgAgg, o.Name, userIDs...),
 		AddHumanCommand(userAgg, &o.Human, c.userPasswordAlg, c.userEncryption),
-		c.AddOrgMemberCommand(orgAgg, userID, domain.RoleOrgOwner),
+		c.AddOrgMemberCommand(orgAgg, userID, roles...),
 	}
 	if o.CustomDomain != "" {
 		validations = append(validations, AddOrgDomain(orgAgg, o.CustomDomain))

internal/config/options/defaults.yaml

@@ -3,6 +3,11 @@ Log:
   Formatter:
     Format: text
 
+# Exposes metrics on /debug/metrics
+Metrics:
+  # Select type otel (OpenTelemetry) or none (disables collection and endpoint)
+  Type: otel
+
 # Port ZITADEL will listen on
 Port: 8080
 # Port ZITADEL is exposed on, it can differ from port e.g. if you proxy the traffic
@@ -686,6 +691,17 @@ InternalAuthZ:
         - "project.grant.read"
         - "project.grant.member.read"
         - "project.grant.user.grant.read"
+    - Role: "ORG_SETTINGS_MANAGER"
+      Permissions:
+        - "org.read"
+        - "org.write"
+        - "org.member.read"
+        - "org.idp.read"
+        - "org.idp.write"
+        - "org.idp.delete"
+        - "policy.read"
+        - "policy.write"
+        - "policy.delete"
     - Role: "ORG_USER_PERMISSION_EDITOR"
       Permissions:
         - "org.read"

internal/query/user.go

@@ -295,6 +295,7 @@ var (
 func (q *Queries) GetUserByID(ctx context.Context, shouldTriggerBulk bool, userID string, queries ...SearchQuery) (*User, error) {
 	if shouldTriggerBulk {
 		projection.UserProjection.TriggerBulk(ctx)
+		projection.LoginNameProjection.TriggerBulk(ctx)
 	}
 
 	instanceID := authz.GetInstance(ctx).InstanceID()
@@ -317,6 +318,7 @@ func (q *Queries) GetUserByID(ctx context.Context, shouldTriggerBulk bool, userI
 func (q *Queries) GetUser(ctx context.Context, shouldTriggerBulk bool, queries ...SearchQuery) (*User, error) {
 	if shouldTriggerBulk {
 		projection.UserProjection.TriggerBulk(ctx)
+		projection.LoginNameProjection.TriggerBulk(ctx)
 	}
 
 	instanceID := authz.GetInstance(ctx).InstanceID()
@@ -389,6 +391,7 @@ func (q *Queries) GetHumanPhone(ctx context.Context, userID string, queries ...S
 func (q *Queries) GeNotifyUser(ctx context.Context, shouldTriggered bool, userID string, queries ...SearchQuery) (*NotifyUser, error) {
 	if shouldTriggered {
 		projection.UserProjection.TriggerBulk(ctx)
+		projection.LoginNameProjection.TriggerBulk(ctx)
 	}
 
 	instanceID := authz.GetInstance(ctx).InstanceID()

internal/telemetry/metrics/config/config.go

@@ -1,65 +1,30 @@
 package config
 
 import (
-	"encoding/json"
-
 	"github.com/zitadel/zitadel/internal/errors"
-	"github.com/zitadel/zitadel/internal/telemetry/metrics"
 	"github.com/zitadel/zitadel/internal/telemetry/metrics/otel"
 )
 
-type MetricsConfig struct {
+type Config struct {
 	Type   string
-	Config metrics.Config
+	Config map[string]interface{} `mapstructure:",remain"`
 }
 
-var meter = map[string]func() metrics.Config{
+var meter = map[string]func(map[string]interface{}) error{
-	"otel": func() metrics.Config { return &otel.Config{} },
+	"otel": otel.NewTracerFromConfig,
-	"none": func() metrics.Config { return &NoMetrics{} },
+	"none": NoMetrics,
-	"":     func() metrics.Config { return &NoMetrics{} },
+	"":     NoMetrics,
 }
 
-func (c *MetricsConfig) UnmarshalJSON(data []byte) error {
+func (c *Config) NewMeter() error {
-	var rc struct {
+	t, ok := meter[c.Type]
-		Type   string
-		Config json.RawMessage
-	}
-
-	if err := json.Unmarshal(data, &rc); err != nil {
-		return errors.ThrowInternal(err, "METER-4M9so", "error parsing config")
-	}
-
-	c.Type = rc.Type
-
-	var err error
-	c.Config, err = newMetricsConfig(c.Type, rc.Config)
-	if err != nil {
-		return err
-	}
-
-	return c.Config.NewMetrics()
-}
-
-func newMetricsConfig(tracerType string, configData []byte) (metrics.Config, error) {
-	t, ok := meter[tracerType]
 	if !ok {
-		return nil, errors.ThrowInternalf(nil, "METER-3M0ps", "config type %s not supported", tracerType)
+		return errors.ThrowInternalf(nil, "METER-Dfqsx", "config type %s not supported", c.Type)
 	}
 
-	metricsConfig := t()
+	return t(c.Config)
-	if len(configData) == 0 {
-		return metricsConfig, nil
-	}
-
-	if err := json.Unmarshal(configData, metricsConfig); err != nil {
-		return nil, errors.ThrowInternal(err, "METER-4M9sf", "Could not read config: %v")
-	}
-
-	return metricsConfig, nil
 }
 
-type NoMetrics struct{}
+func NoMetrics(_ map[string]interface{}) error {
-
-func (_ *NoMetrics) NewMetrics() error {
 	return nil
 }

internal/telemetry/metrics/metrics.go

@@ -26,10 +26,6 @@ type Metrics interface {
 	RegisterValueObserver(name, description string, callbackFunc metric.Int64ObserverFunc) error
 }
 
-type Config interface {
-	NewMetrics() error
-}
-
 var M Metrics
 
 func GetExporter() http.Handler {

internal/telemetry/metrics/otel/config.go

@@ -8,6 +8,12 @@ type Config struct {
 	MeterName string
 }
 
+func NewTracerFromConfig(rawConfig map[string]interface{}) (err error) {
+	c := new(Config)
+	c.MeterName, _ = rawConfig["metername"].(string)
+	return c.NewMetrics()
+}
+
 func (c *Config) NewMetrics() (err error) {
 	metrics.M, err = NewMetrics(c.MeterName)
 	return err

internal/telemetry/metrics/otel/open_telemetry.go

@@ -15,6 +15,7 @@ import (
 
 	caos_errs "github.com/zitadel/zitadel/internal/errors"
 	"github.com/zitadel/zitadel/internal/telemetry/metrics"
+	otel_resource "github.com/zitadel/zitadel/internal/telemetry/otel"
 )
 
 type Metrics struct {
@@ -26,6 +27,10 @@ type Metrics struct {
 }
 
 func NewMetrics(meterName string) (metrics.Metrics, error) {
+	resource, err := otel_resource.ResourceWithService()
+	if err != nil {
+		return nil, err
+	}
 	exporter, err := prometheus.New(
 		prometheus.Config{},
 		controller.New(
@@ -34,6 +39,7 @@ func NewMetrics(meterName string) (metrics.Metrics, error) {
 				aggregation.CumulativeTemporalitySelector(),
 				processor.WithMemory(true),
 			),
+			controller.WithResource(resource),
 		),
 	)
 	if err != nil {

internal/telemetry/otel/resource.go

@@ -0,0 +1,25 @@
+package otel
+
+import (
+	"go.opentelemetry.io/otel/attribute"
+	"go.opentelemetry.io/otel/sdk/resource"
+	semconv "go.opentelemetry.io/otel/semconv/v1.7.0"
+
+	"github.com/zitadel/zitadel/cmd/build"
+)
+
+func ResourceWithService() (*resource.Resource, error) {
+	attributes := []attribute.KeyValue{
+		semconv.ServiceNameKey.String("ZITADEL"),
+	}
+	if build.Version() != "" {
+		attributes = append(attributes, semconv.ServiceVersionKey.String(build.Version()))
+	}
+	return resource.Merge(
+		resource.Default(),
+		resource.NewWithAttributes(
+			semconv.SchemaURL,
+			attributes...,
+		),
+	)
+}

internal/telemetry/tracing/otel/open_telemetry.go

@@ -6,11 +6,10 @@ import (
 
 	"go.opentelemetry.io/otel"
 	"go.opentelemetry.io/otel/propagation"
-	"go.opentelemetry.io/otel/sdk/resource"
 	sdk_trace "go.opentelemetry.io/otel/sdk/trace"
-	semconv "go.opentelemetry.io/otel/semconv/v1.7.0"
 	api_trace "go.opentelemetry.io/otel/trace"
 
+	otel_resource "github.com/zitadel/zitadel/internal/telemetry/otel"
 	"github.com/zitadel/zitadel/internal/telemetry/tracing"
 )
 
@@ -20,13 +19,7 @@ type Tracer struct {
 }
 
 func NewTracer(sampler sdk_trace.Sampler, exporter sdk_trace.SpanExporter) (*Tracer, error) {
-	resource, err := resource.Merge(
+	resource, err := otel_resource.ResourceWithService()
-		resource.Default(),
-		resource.NewWithAttributes(
-			semconv.SchemaURL,
-			semconv.ServiceNameKey.String("ZITADEL"),
-		),
-	)
 	if err != nil {
 		return nil, err
 	}

proto/zitadel/admin.proto

@@ -3099,6 +3099,8 @@ message SetUpOrgRequest {
         // oneof field for the user managing the organisation
         Human human = 2;
     }
+    // specify Org Member Roles for the provided user (default is ORG_OWNER if roles are empty)
+    repeated string roles = 3;
 }
 
 message SetUpOrgResponse {