TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-29 01:51:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: replace Instance Settings with Default Settings in i18n and docs (#8143)

Browse Source 
# Which Problems Are Solved

- The console shows the Instance Settings title and a description.
Instance settings should be replaced with Default settings

# How the Problems Are Solved

- The DESCRIPTIONS.SETTINGS.INSTANCE.TITLE and
DESCRIPTIONS.SETTINGS.INSTANCE.DESCRIPTION have been replaced with
Default Settings and in the corresponding translation files.

Here's a screenshot:


![image](https://github.com/zitadel/zitadel/assets/30386061/b404f209-2043-414c-b06d-3291771d54fb)

# Additional Changes

- The docs have been updated to replace remaining texts mentioning
Instance Settings with Default Settings
- Two unused texts have been deleted from the translation files
- VSCode with Prettier have applied some markdown changes

# Additional Context

- Closes #7632

---------

Co-authored-by: Fabi <fabienne@zitadel.com>
This commit is contained in:
Miguel Cabrerizo
2024-06-25 11:18:06 +02:00
committed by GitHub
parent dc170dc46e
commit 88182f98ba
22 changed files with 143 additions and 197 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
docs/docs/apis/v3.mdx
View File

@@ -2,34 +2,35 @@
title: APIs V3 (Preview)
---
import DocCardList from '@theme/DocCardList';
import CodeBlock from '@theme/CodeBlock';
import ActionServiceProto from '!!raw-loader!./_v3_action_service.proto'
import ActionExecutionProto from '!!raw-loader!./_v3_action_execution.proto'
import ActionTargetProto from '!!raw-loader!./_v3_action_target.proto'
import ActionSearchProto from '!!raw-loader!./_v3_action_search.proto'
import IDPServiceProto from '!!raw-loader!./_v3_idp_service.proto'
import IDPProto from '!!raw-loader!./_v3_idp.proto'
import IDPSearchProto from '!!raw-loader!./_v3_idp_search.proto'
import IDPGitLabProto from '!!raw-loader!./_v3_idp_gitlab.proto'
import LanguageServiceProto from '!!raw-loader!./_v3_language_service.proto'
import LanguageProto from '!!raw-loader!./_v3_language.proto'
import ObjectProto from '!!raw-loader!./_v3_object.proto'
import ResourceObjectProto from '!!raw-loader!./_v3_resource_object.proto'
import SettingsObjectProto from '!!raw-loader!./_v3_settings_object.proto'
import DocCardList from "@theme/DocCardList";
import CodeBlock from "@theme/CodeBlock";
import ActionServiceProto from "!!raw-loader!./_v3_action_service.proto";
import ActionExecutionProto from "!!raw-loader!./_v3_action_execution.proto";
import ActionTargetProto from "!!raw-loader!./_v3_action_target.proto";
import ActionSearchProto from "!!raw-loader!./_v3_action_search.proto";
import IDPServiceProto from "!!raw-loader!./_v3_idp_service.proto";
import IDPProto from "!!raw-loader!./_v3_idp.proto";
import IDPSearchProto from "!!raw-loader!./_v3_idp_search.proto";
import IDPGitLabProto from "!!raw-loader!./_v3_idp_gitlab.proto";
import LanguageServiceProto from "!!raw-loader!./_v3_language_service.proto";
import LanguageProto from "!!raw-loader!./_v3_language.proto";
import ObjectProto from "!!raw-loader!./_v3_object.proto";
import ResourceObjectProto from "!!raw-loader!./_v3_resource_object.proto";
import SettingsObjectProto from "!!raw-loader!./_v3_settings_object.proto";
The APIs described in this section are currently either in *Preview* stage or not implemented, yet.
The APIs described in this section are currently either in _Preview_ stage or not implemented, yet.
Before using these APIs, pleases consider the [API release policy below](#api-release-policy)
## We Appreciate your Help
We invite you to...
- ... [discuss the concept with the ZITADEL community on GitHub](https://github.com/zitadel/zitadel/discussions/8125).
- ... try the implementations and provide feedback [by filing issues on GitHub](https://github.com/zitadel/zitadel/issues/new/choose).
## The Ideas behind the New V3 APIs
The current ZITADEL *GA* APIs are structured around contexts like System, Admin, Management, and Auth.
The current ZITADEL _GA_ APIs are structured around contexts like System, Admin, Management, and Auth.
This structure leads to duplicate methods and makes it hard to find the right API for the right task.
Especially interacting with resources from multiple organizations is cumbersome.
Also, the APIs evolved over time, which lead to inconsistencies and a lack of flexibility in development.
@@ -53,7 +54,7 @@ Also, it allows for faster development and independent versioning of the APIs.
To improve managing and reusing resources and settings in multitenancy scenarios, we define some rules for the new APIs:
- Single properties from instance settings are overridable (patchable) in organizations.
- Single properties from default settings are overridable (patchable) in organizations.
- Some settings support user-defined custom properties that are also overridable in organizations.
- Improved experience with reusing resources in multiple organizations and instances.
- Resources are searchable over all organizations with a single call by default.
@@ -61,6 +62,7 @@ To improve managing and reusing resources and settings in multitenancy scenarios
### HTTP and gRPC Consistency
To make the APIs more consistent and easier to use, we follow the same patterns in all Proto files.
- Patching is favored over updating resources and settings.
- HTTP calls are mapped so that query parameters can be used as much as possible. We avoid the annotation `body: "*"`.
- For search performance, we enforce query limits.
@@ -93,20 +95,20 @@ Reusable resources have the same behavior as standard resources with the followi
- Reusable resources can be created in a given context level (system, instance, org).
- For requests, that require a resource ID, no request context is needed.
- Reusable resources are available in child contexts, even if their state is *inactive*.
- Reusable resources are available in child contexts, even if their state is _inactive_.
- The child context can control if an inherited resource should be active or inactive for itself using a state policy.
- In child contexts, the state policy of a reused resource is *inherit* by default and can be changed to *activate*, *deactivate* or back to *inherit*.
- In child contexts, the state policy of a reused resource is _inherit_ by default and can be changed to _activate_, _deactivate_ or back to _inherit_.
- In child contexts, a reused resources configuration is read-only.
- Child contexts can read at least the following properties of reused resources:
- ID
- name
- description
- state
- the state policy in the child context
- sequence
- last changed date
- parent context
- state in the immediate parent context.
- ID
- name
- description
- state
- the state policy in the child context
- sequence
- last changed date
- parent context
- state in the immediate parent context.
- By default, search queries for reused resources return all resources from the given contexts, all inherited resources and all resources defined in all children contexts.
Typically, a new resource is first designed and implemented as a non-reusable resource.
@@ -135,19 +137,19 @@ Additional to the standard CRUD methods:
- ListAvailableExecutionFunctions
\<details><summary>action_service.proto</summary>
<CodeBlock language="protobuf">{ActionServiceProto}</CodeBlock>
<CodeBlock language="protobuf">{ActionServiceProto}</CodeBlock>
\</details>
\<details><summary>action_target.proto</summary>
<CodeBlock language="protobuf">{ActionTargetProto}</CodeBlock>
<CodeBlock language="protobuf">{ActionTargetProto}</CodeBlock>
\</details>
\<details><summary>action_execution.proto</summary>
<CodeBlock language="protobuf">{ActionExecutionProto}</CodeBlock>
<CodeBlock language="protobuf">{ActionExecutionProto}</CodeBlock>
\</details>
\<details><summary>action_query.proto</summary>
<CodeBlock language="protobuf">{ActionSearchProto}</CodeBlock>
<CodeBlock language="protobuf">{ActionSearchProto}</CodeBlock>
\</details>
### ZITADELUsers
@@ -164,27 +166,27 @@ Standard CRUD methods
- Resources have additional properties for reusability capabilities.
\<details><summary>idp_service.proto</summary>
<CodeBlock language="protobuf">{IDPServiceProto}</CodeBlock>
<CodeBlock language="protobuf">{IDPServiceProto}</CodeBlock>
\</details>
\<details><summary>idp.proto</summary>
<CodeBlock language="protobuf">{IDPProto}</CodeBlock>
<CodeBlock language="protobuf">{IDPProto}</CodeBlock>
\</details>
\<details><summary>idp_search.proto</summary>
<CodeBlock language="protobuf">{IDPSearchProto}</CodeBlock>
<CodeBlock language="protobuf">{IDPSearchProto}</CodeBlock>
\</details>
\<details><summary>idp_gitlab.proto</summary>
<CodeBlock language="protobuf">{IDPGitLabProto}</CodeBlock>
<CodeBlock language="protobuf">{IDPGitLabProto}</CodeBlock>
\</details>
\<details><summary>object.proto</summary>
<CodeBlock language="protobuf">{ObjectProto}</CodeBlock>
<CodeBlock language="protobuf">{ObjectProto}</CodeBlock>
\</details>
\<details><summary>resource_object.proto</summary>
<CodeBlock language="protobuf">{ResourceObjectProto}</CodeBlock>
<CodeBlock language="protobuf">{ResourceObjectProto}</CodeBlock>
\</details>
### ZITADELInstances
@@ -252,7 +254,7 @@ These properties are inherited to from parent-contexts (instance) to child-conte
Settings behave like this:
- Setting and retrieving settings is always context-aware. By default, the context is the instance discovered by the requests *Host* header.
- Setting and retrieving settings is always context-aware. By default, the context is the instance discovered by the requests _Host_ header.
- All settings properties can be partially overridden in child-contexts.
- All settings properties can be partially reset in child-contexts, so their values default to the parent contexts property values.
- All settings properties returned by queries contain the value and if it is inherited, the context where it is inherited from.
@@ -266,19 +268,19 @@ For a full proto example, have a look at the [ZITADELLanguageSettings service](#
Default language, restricted languages, supported languages
\<details><summary>language_service.proto</summary>
<CodeBlock language="protobuf">{LanguageServiceProto}</CodeBlock>
<CodeBlock language="protobuf">{LanguageServiceProto}</CodeBlock>
\</details>
\<details><summary>language.proto</summary>
<CodeBlock language="protobuf">{LanguageProto}</CodeBlock>
<CodeBlock language="protobuf">{LanguageProto}</CodeBlock>
\</details>
\<details><summary>object.proto</summary>
<CodeBlock language="protobuf">{ObjectProto}</CodeBlock>
<CodeBlock language="protobuf">{ObjectProto}</CodeBlock>
\</details>
\<details><summary>settings_object.proto</summary>
<CodeBlock language="protobuf">{SettingsObjectProto}</CodeBlock>
<CodeBlock language="protobuf">{SettingsObjectProto}</CodeBlock>
\</details>
### ZITADELTextSettings
@@ -326,9 +328,9 @@ Replaces secret generators
## API Release Policy
- Defined but not yet implemented APIs are subject to change without further notice.
- Once an API definition is implemented, it is released as *Preview* and is available for testing.
- When a *Preview* API is tested enough so the concepts are proven to work, a new *Beta* API is released.
- When an API is feature-complete and stable enough, a new *GA* (General Availability) API is released.
- Once an API definition is implemented, it is released as _Preview_ and is available for testing.
- When a _Preview_ API is tested enough so the concepts are proven to work, a new _Beta_ API is released.
- When an API is feature-complete and stable enough, a new _GA_ (General Availability) API is released.
- In all stages, changes to already implemented APIs are done in a backwards-compatible way, if possible.
- When we release a new stage for an API, we deprecate the previous stage and keep it available for a smooth transition.
@@ -337,4 +339,4 @@ Replaces secret generators
These APIs are ready for testing and feedback.
Beware, they don't yet follow all the rules defined above.
<DocCardList />
<DocCardList />

2
docs/docs/concepts/features/audit-trail.md
View File

@@ -36,7 +36,7 @@ The same view is available on several other objects such as organization or proj
### Event View
Administrators can see all events across an instance and filter them directly in [Console](/docs/guides/manage/console/overview).
Go to your instance settings and then click on the Tab **Events** to open the Event Viewer or browse to $CUSTOM-DOMAIN/ui/console/events
Go to your default settings and then click on the Tab **Events** to open the Event Viewer or browse to $CUSTOM-DOMAIN/ui/console/events
![Event viewer](/img/concepts/audit-trail/event-viewer.png)

2
docs/docs/guides/integrate/login-ui/typescript-repo.mdx
View File

@@ -132,7 +132,7 @@ After your domain has been verified, you can reconfigure your DNS settings in or
To deploy your own version on Vercel, navigate to your instance and create a service user.
Copy its id from the overview and set it as `ZITADEL_SERVICE_USER_ID`.
Then create a personal access token (PAT), copy and set it as `ZITADEL_SERVICE_USER_TOKEN`, then navigate to your instance settings and make sure it gets `IAM_OWNER` permissions.
Then create a personal access token (PAT), copy and set it as `ZITADEL_SERVICE_USER_TOKEN`, then navigate to Default settings and make sure it gets `IAM_OWNER` permissions.
Finally set your instance url as `ZITADEL_API_URL`. Make sure to set it without trailing slash.
![Deploy to Vercel](/img/deploy-to-vercel.png)

2
docs/docs/guides/manage/console/default-settings.mdx
View File

@@ -366,4 +366,4 @@ The following secrets can be configured:
width="400px"
/>
If your done with your instance settings, you can proceed setting up your organizations. Again, make sure you get an understanding on how your project is structured and then continue.
If your done with your default settings, you can proceed setting up your organizations. Again, make sure you get an understanding on how your project is structured and then continue.

10
docs/docs/guides/manage/console/organizations.mdx
View File

@@ -71,7 +71,7 @@ ZITADEL will notify users affected by this change.
## Verify your domain name
:::info
You can also disable domain verification with DNS challenge in the [instance settings](/docs/guides/manage/console/default-settings#domain-settings).
You can also disable domain verification with DNS challenge in the [default settings](/docs/guides/manage/console/default-settings#domain-settings).
:::
1. Browse to your organization settings
@@ -100,10 +100,10 @@ Do not delete the verification code, as ZITADEL will re-check the ownership of y
## Organization Settings
In organizations you also have settings that have higher priority then on your instance, and therefore override its instance.
Those settings are the same as on your instance.
In organizations you also have settings that have higher priority than on your default settings, and therefore override them.
Those settings are the same as your default settings.
> Note: that the following links, redirect to instance settings to omit redundancy.
> Note: that the following links, redirect to default settings to omit redundancy.
- [**Login Behavior and Access**](./default-settings#login-behaviour-and-access): Multifactor Authentication Options and Enforcement, Define whether Passwordless authentication methods are allowed or not, Set Login Lifetimes and advanced behavour for the login interface.
- [**Identity Providers**](./default-settings#identity-providers): Define IDPs which are available for all organizations
@@ -135,7 +135,7 @@ Read more about the [scopes](/docs/apis/openidoauth/scopes#reserved-scopes) or t
## Default organization
On the instance settings page ($YOUR_DOMAIN//ui/console/orgs) you can set an organization as default organization.
On the Default settings page ($YOUR_DOMAIN//ui/console/orgs) you can set an organization as default organization.
Click the "..." on the right hand side of the table and select "Set as default organization".
The current default organization is marked by a label "Default".

4
docs/docs/guides/manage/console/overview.mdx
View File

@@ -21,9 +21,9 @@ Depending on your use case, multiple organizations can be created (B2B) or you c
width="400px"
/>
If your new to console, you'll probably want to set some settings initially. Continue reading instance settings on the next page.
If your new to console, you'll probably want to set some settings initially. Continue reading Default settings on the next page.
## Prevent console access
In some use cases you want to prevent users from accessing the ZITADEL management console.
Please follow this [guide](/docs/guides/solution-scenarios/restrict-console) to achieve that.
Please follow this [guide](/docs/guides/solution-scenarios/restrict-console) to achieve that.

104
docs/docs/guides/migrate/sources/zitadel.md
View File

@@ -5,22 +5,22 @@ sidebar_label: From ZITADEL
This guide explains how to migrate from ZITADEL, this includes
* ZITADEL Cloud to self-hosted
* ZITADEL self-hosted to ZITADEL Cloud
* ZITADEL v1 (deprecated) to ZITADEL v2.x
- ZITADEL Cloud to self-hosted
- ZITADEL self-hosted to ZITADEL Cloud
- ZITADEL v1 (deprecated) to ZITADEL v2.x
## Considerations
The following scripts don't include:
* Global policies
* IAM members
* Global IDPs
* Global second/multi factors
* Machine keys
* Personal Access Tokens
* Application keys
* Passwordless authentication
- Global policies
- IAM members
- Global IDPs
- Global second/multi factors
- Machine keys
- Personal Access Tokens
- Application keys
- Passwordless authentication
Which results in that if you want to import, and you have no defined organization-specific custom policies, the experience for your users will not be exactly like in your old instance.
@@ -37,7 +37,7 @@ You need a PAT from a service user with IAM Owner permissions in both the source
1. Go to your default organization
2. Create a service user "import_user" with Access Token Type "Bearer"
3. Create a [personal access token](/docs/guides/integrate/service-users/personal-access-token)
4. Go to the global instance settings
4. Go to the Default settings
5. Add the import_user as [manager](/docs/guides/manage/console/managers) with the role "IAM Owner"
Save the PAT to the environment variabel `PAT_EXPORT_TOKEN` and the source domain as `ZITADEL_EXPORT_DOMAIN` to run the following scripts.
@@ -47,7 +47,7 @@ Save the PAT to the environment variabel `PAT_EXPORT_TOKEN` and the source domai
1. Go to your default organization
2. Create a service user "export_user" with Access Token Type "Bearer"
3. Create a [personal access token](/docs/guides/integrate/service-users/personal-access-token)
4. Go to the global instance settings
4. Go to the Default settings
5. Add the export_user as [manager](/docs/guides/manage/console/managers) with the role "IAM Owner"
Save the PAT to the environment variabel `PAT_IMPORT_TOKEN` and the source domain as `ZITADEL_IMPORT_DOMAIN` to run the following scripts.
@@ -68,8 +68,8 @@ curl --request POST \
--url $ZITADEL_EXPORT_DOMAIN/admin/v1/export \
--header "Authorization: Bearer $PAT_EXPORT_TOKEN" \
--header 'Content-Type: application/json' \
--data '{
"org_ids": [ ],
--data '{
"org_ids": [ ],
"excluded_org_ids": [ ],
"with_passwords": true,
"with_otp": true,
@@ -78,14 +78,14 @@ curl --request POST \
}' -o export.json
```
| Field | Type | Description |
| --- | --- | --- |
| org_ids | list of strings | provide a list of organizationIDs to select which organizations should be exported (eg, `[ "70669144072186707", "70671105999825752" ]`); leave empty to export all |
| excluded_org_ids | list of strings | to exclude several organization, if for example no organizations are selected |
| with_passwords | bool | to include the hashed_passwords of the users in the export |
| with_otp | bool | to include the OTP-code of the users in the export |
| timeout | duration string | timeout of the call to export the data |
| response_output | bool | to output the export as response to the call |
| Field | Type | Description |
| ---------------- | --------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| org_ids | list of strings | provide a list of organizationIDs to select which organizations should be exported (eg, `[ "70669144072186707", "70671105999825752" ]`); leave empty to export all |
| excluded_org_ids | list of strings | to exclude several organization, if for example no organizations are selected |
| with_passwords | bool | to include the hashed_passwords of the users in the export |
| with_otp | bool | to include the OTP-code of the users in the export |
| timeout | duration string | timeout of the call to export the data |
| response_output | bool | to output the export as response to the call |
### Import from file
@@ -106,16 +106,16 @@ curl --request POST \
}'
```
| Field | Type | Description |
| --- | --- | --- |
| timeout | duration string | timeout of the call to import the data |
| data_orgsv1 | string | data which was exported from ZITADEL V1 |
| Field | Type | Description |
| ----------- | --------------- | --------------------------------------- |
| timeout | duration string | timeout of the call to import the data |
| data_orgsv1 | string | data which was exported from ZITADEL V1 |
## Use Google Cloud Storage
### Export to GCS
:::note
:::note
To use this requests you have to have an access token with enough permissions to export and import.
The used serviceaccount has to have at least the role "Storage Object Creator" to create objects on GCS
:::
@@ -127,8 +127,8 @@ curl --request POST \
--url $ZITADEL_EXPORT_DOMAIN/admin/v1/export \
--header "Authorization: Bearer $PAT_EXPORT_TOKEN" \
--header 'Content-Type: application/json' \
--data '{
"org_ids": [ ],
--data '{
"org_ids": [ ],
"excluded_org_ids": [ ],
"with_passwords": true,
"with_otp": true,
@@ -141,21 +141,21 @@ curl --request POST \
}' -o export.json
```
| Field | Type | Description |
| --- | --- | --- |
| org_ids | list of strings | provide a list of organizationIDs to select which organizations should be exported (eg, `[ "70669144072186707", "70671105999825752" ]`); leave empty to export all |
| excluded_org_ids | list of strings | to exclude several organization, if for example no organizations are selected |
| with_passwords | bool | to include the hashed_passwords of the users in the export |
| with_otp | bool | to include the OTP-code of the users in the export |
| timeout | duration string | timeout of the call to export the data |
| gcs_output | object(data_orgsv1_gcs) | to write a file into GCS as output to the call |
| Field | Type | Description |
| ---------------- | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| org_ids | list of strings | provide a list of organizationIDs to select which organizations should be exported (eg, `[ "70669144072186707", "70671105999825752" ]`); leave empty to export all |
| excluded_org_ids | list of strings | to exclude several organization, if for example no organizations are selected |
| with_passwords | bool | to include the hashed_passwords of the users in the export |
| with_otp | bool | to include the OTP-code of the users in the export |
| timeout | duration string | timeout of the call to export the data |
| gcs_output | object(data_orgsv1_gcs) | to write a file into GCS as output to the call |
data_orgsv1_gcs object:
data_orgsv1_gcs object:
| Field | Type | Description |
| --- | --- | --- |
| path | string | path to the output file on GCS |
| bucket | string | used bucket for output on GCS |
| Field | Type | Description |
| ------------------- | ------ | ----------------------------------------------------------------- |
| path | string | path to the output file on GCS |
| bucket | string | used bucket for output on GCS |
| serviceaccount_json | string | base64-encoded serviceaccount.json used to output the file on GCS |
### Import to GCS
@@ -182,15 +182,15 @@ curl --request POST \
}'
```
| Field | Type | Description |
| --- | --- | --- |
| timeout | duration string | timeout of the call to import the data |
| data_orgsv1_gcs | object(data_orgsv1_gcs) | to read the export from GCS directly |
| Field | Type | Description |
| --------------- | ----------------------- | -------------------------------------- |
| timeout | duration string | timeout of the call to import the data |
| data_orgsv1_gcs | object(data_orgsv1_gcs) | to read the export from GCS directly |
data_orgsv1_gcs object:
| Field | Type | Description |
| --- | --- | --- |
| path | string | path to the exported file on GCS |
| bucket | string | used bucket to read from GCS |
| serviceaccount_json | string | base64-encoded serviceaccount.json used to read the file from GCS|
| Field | Type | Description |
| ------------------- | ------ | ----------------------------------------------------------------- |
| path | string | path to the exported file on GCS |
| bucket | string | used bucket to read from GCS |
| serviceaccount_json | string | base64-encoded serviceaccount.json used to read the file from GCS |