diff --git a/docs/helpers/env_vars.yaml b/docs/helpers/env_vars.yaml index 8c3f1f49de..8a82187c26 100644 --- a/docs/helpers/env_vars.yaml +++ b/docs/helpers/env_vars.yaml @@ -635,7 +635,7 @@ APP_PROVIDER_GRPC_ADDR: removalVersion: "" deprecationInfo: "" APP_PROVIDER_GRPC_PROTOCOL: - name: APP_PROVIDER_GRPC_PROTOCOL + name: OCIS_GRPC_PROTOCOL;APP_PROVIDER_GRPC_PROTOCOL defaultValue: tcp type: string description: The transport protocol of the GPRC service. @@ -901,7 +901,7 @@ APP_REGISTRY_GRPC_ADDR: removalVersion: "" deprecationInfo: "" APP_REGISTRY_GRPC_PROTOCOL: - name: APP_REGISTRY_GRPC_PROTOCOL + name: OCIS_GRPC_PROTOCOL;APP_REGISTRY_GRPC_PROTOCOL defaultValue: tcp type: string description: The transport protocol of the GRPC service. @@ -1316,7 +1316,7 @@ AUTH_APP_GRPC_ADDR: removalVersion: "" deprecationInfo: "" AUTH_APP_GRPC_PROTOCOL: - name: AUTH_APP_GRPC_PROTOCOL + name: OCIS_GRPC_PROTOCOL;AUTH_APP_GRPC_PROTOCOL defaultValue: tcp type: string description: The transport protocol of the GRPC service. @@ -1528,7 +1528,7 @@ AUTH_BASIC_GRPC_ADDR: removalVersion: "" deprecationInfo: "" AUTH_BASIC_GRPC_PROTOCOL: - name: AUTH_BASIC_GRPC_PROTOCOL + name: OCIS_GRPC_PROTOCOL;AUTH_BASIC_GRPC_PROTOCOL defaultValue: tcp type: string description: The transport protocol of the GRPC service. @@ -2022,7 +2022,7 @@ AUTH_BEARER_GRPC_ADDR: removalVersion: "" deprecationInfo: "" AUTH_BEARER_GRPC_PROTOCOL: - name: AUTH_BEARER_GRPC_PROTOCOL + name: OCIS_GRPC_PROTOCOL;AUTH_BEARER_GRPC_PROTOCOL defaultValue: tcp type: string description: The transport protocol of the GRPC service. @@ -2228,7 +2228,7 @@ AUTH_MACHINE_GRPC_ADDR: removalVersion: "" deprecationInfo: "" AUTH_MACHINE_GRPC_PROTOCOL: - name: AUTH_MACHINE_GRPC_PROTOCOL + name: OCIS_GRPC_PROTOCOL;AUTH_MACHINE_GRPC_PROTOCOL defaultValue: tcp type: string description: The transport protocol of the GRPC service. @@ -2379,7 +2379,7 @@ AUTH_SERVICE_GRPC_ADDR: removalVersion: "" deprecationInfo: "" AUTH_SERVICE_GRPC_PROTOCOL: - name: AUTH_SERVICE_GRPC_PROTOCOL + name: OCIS_GRPC_PROTOCOL;AUTH_SERVICE_GRPC_PROTOCOL defaultValue: tcp type: string description: The transport protocol of the GRPC service. @@ -2746,6 +2746,16 @@ COLLABORATION_APP_INSECURE: deprecationVersion: "" removalVersion: "" deprecationInfo: "" +COLLABORATION_APP_LICENSE_CHECK_ENABLE: + name: COLLABORATION_APP_LICENSE_CHECK_ENABLE + defaultValue: "false" + type: bool + description: Enable license checking to edit files. Needs to be enabled when using + Microsoft365 with the business flow. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" COLLABORATION_APP_LOCKNAME: name: COLLABORATION_APP_LOCKNAME defaultValue: com.github.owncloud.collaboration @@ -2849,6 +2859,15 @@ COLLABORATION_GRPC_ADDR: deprecationVersion: "" removalVersion: "" deprecationInfo: "" +COLLABORATION_GRPC_PROTOCOL: + name: OCIS_GRPC_PROTOCOL;COLLABORATION_GRPC_PROTOCOL + defaultValue: tcp + type: string + description: The transport protocol of the GRPC service. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" COLLABORATION_HTTP_ADDR: name: COLLABORATION_HTTP_ADDR defaultValue: 127.0.0.1:9300 @@ -2946,7 +2965,31 @@ COLLABORATION_WOPI_DISABLE_CHAT: name: COLLABORATION_WOPI_DISABLE_CHAT;OCIS_WOPI_DISABLE_CHAT defaultValue: "false" type: bool - description: Disable chat in the frontend. + description: Disable chat in the office web frontend. This feature applies to OnlyOffice + and Microsoft. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +COLLABORATION_WOPI_PROXY_SECRET: + name: COLLABORATION_WOPI_PROXY_SECRET + defaultValue: "" + type: string + description: Optional, the secret to authenticate against the ownCloud Office365 + WOPI proxy. This secret can be obtained from ownCloud via the office365 proxy + subscription. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +COLLABORATION_WOPI_PROXY_URL: + name: COLLABORATION_WOPI_PROXY_URL + defaultValue: "" + type: string + description: The URL to the ownCloud Office365 WOPI proxy. Optional. To use this + feature, you need an office365 proxy subscription. If you become part of the Microsoft + CSP program (https://learn.microsoft.com/en-us/partner-center/enroll/csp-overview), + you can use WebOffice without a proxy. introductionVersion: '%%NEXT%%' deprecationVersion: "" removalVersion: "" @@ -2965,9 +3008,9 @@ COLLABORATION_WOPI_SRC: name: COLLABORATION_WOPI_SRC defaultValue: https://localhost:9300 type: string - description: The WOPISrc base URL containing schema, host and port. Set this to - the schema and domain where the collaboration service is reachable for the wopi - app, such as https://office.owncloud.test. + description: The WOPI source base URL containing schema, host and port. Set this + to the schema and domain where the collaboration service is reachable for the + wopi app, such as https://office.owncloud.test. introductionVersion: 6.0.0 deprecationVersion: "" removalVersion: "" @@ -4032,6 +4075,66 @@ FRONTEND_UPLOAD_MAX_CHUNK_SIZE: deprecationVersion: "" removalVersion: "" deprecationInfo: "" +GATEWAY_APP_REGISTRY_ENDPOINT: + name: GATEWAY_APP_REGISTRY_ENDPOINT + defaultValue: com.owncloud.api.app-registry + type: string + description: The endpoint of the app-registry service. Can take a service name or + a gRPC URI with the dns, kubernetes or unix protocol. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +GATEWAY_AUTH_APP_ENDPOINT: + name: GATEWAY_AUTH_APP_ENDPOINT + defaultValue: com.owncloud.api.auth-app + type: string + description: The endpoint of the auth-app service. Can take a service name or a + gRPC URI with the dns, kubernetes or unix protocol. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +GATEWAY_AUTH_BASIC_ENDPOINT: + name: GATEWAY_AUTH_BASIC_ENDPOINT + defaultValue: com.owncloud.api.auth-basic + type: string + description: The endpoint of the auth-basic service. Can take a service name or + a gRPC URI with the dns, kubernetes or unix protocol. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +GATEWAY_AUTH_BEARER_ENDPOINT: + name: GATEWAY_AUTH_BEARER_ENDPOINT + defaultValue: "" + type: string + description: The endpoint of the auth-bearer service. Can take a service name or + a gRPC URI with the dns, kubernetes or unix protocol. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +GATEWAY_AUTH_MACHINE_ENDPOINT: + name: GATEWAY_AUTH_MACHINE_ENDPOINT + defaultValue: com.owncloud.api.auth-machine + type: string + description: The endpoint of the auth-machine service. Can take a service name or + a gRPC URI with the dns, kubernetes or unix protocol. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +GATEWAY_AUTH_SERVICE_ENDPOINT: + name: GATEWAY_AUTH_SERVICE_ENDPOINT + defaultValue: com.owncloud.api.auth-service + type: string + description: The endpoint of the auth-service service. Can take a service name or + a gRPC URI with the dns, kubernetes or unix protocol. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" GATEWAY_COMMIT_SHARE_TO_STORAGE_GRANT: name: GATEWAY_COMMIT_SHARE_TO_STORAGE_GRANT defaultValue: "true" @@ -4172,6 +4275,16 @@ GATEWAY_FRONTEND_PUBLIC_URL: deprecationVersion: "" removalVersion: "" deprecationInfo: "" +GATEWAY_GROUPS_ENDPOINT: + name: GATEWAY_GROUPS_ENDPOINT + defaultValue: com.owncloud.api.groups + type: string + description: The endpoint of the groups service. Can take a service name or a gRPC + URI with the dns, kubernetes or unix protocol. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" GATEWAY_GRPC_ADDR: name: OCIS_GATEWAY_GRPC_ADDR;GATEWAY_GRPC_ADDR defaultValue: 127.0.0.1:9142 @@ -4182,7 +4295,7 @@ GATEWAY_GRPC_ADDR: removalVersion: "" deprecationInfo: "" GATEWAY_GRPC_PROTOCOL: - name: GATEWAY_GRPC_PROTOCOL + name: OCIS_GRPC_PROTOCOL;GATEWAY_GRPC_PROTOCOL defaultValue: tcp type: string description: The transport protocol of the GRPC service. @@ -4236,6 +4349,26 @@ GATEWAY_LOG_PRETTY: deprecationVersion: "" removalVersion: "" deprecationInfo: "" +GATEWAY_OCM_ENDPOINT: + name: GATEWAY_OCM_ENDPOINT + defaultValue: com.owncloud.api.ocm + type: string + description: The endpoint of the ocm service. Can take a service name or a gRPC + URI with the dns, kubernetes or unix protocol. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +GATEWAY_PERMISSIONS_ENDPOINT: + name: GATEWAY_PERMISSIONS_ENDPOINT + defaultValue: com.owncloud.api.settings + type: string + description: The endpoint of the permissions service. Can take a service name or + a gRPC URI with the dns, kubernetes or unix protocol. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" GATEWAY_PROVIDER_CACHE_AUTH_PASSWORD: name: OCIS_CACHE_AUTH_PASSWORD;GATEWAY_PROVIDER_CACHE_AUTH_PASSWORD defaultValue: "" @@ -4319,6 +4452,16 @@ GATEWAY_SHARE_FOLDER_NAME: deprecationVersion: "" removalVersion: "" deprecationInfo: "" +GATEWAY_SHARING_ENDPOINT: + name: GATEWAY_SHARING_ENDPOINT + defaultValue: com.owncloud.api.sharing + type: string + description: The endpoint of the shares service. Can take a service name or a gRPC + URI with the dns, kubernetes or unix protocol. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" GATEWAY_SKIP_USER_GROUPS_IN_TOKEN: name: GATEWAY_SKIP_USER_GROUPS_IN_TOKEN defaultValue: "false" @@ -4329,6 +4472,16 @@ GATEWAY_SKIP_USER_GROUPS_IN_TOKEN: deprecationVersion: "" removalVersion: "" deprecationInfo: "" +GATEWAY_STORAGE_PUBLIC_LINK_ENDPOINT: + name: GATEWAY_STORAGE_PUBLIC_LINK_ENDPOINT + defaultValue: com.owncloud.api.storage-publiclink + type: string + description: The endpoint of the storage-publiclink service. Can take a service + name or a gRPC URI with the dns, kubernetes or unix protocol. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" GATEWAY_STORAGE_REGISTRY_CONFIG_JSON: name: GATEWAY_STORAGE_REGISTRY_CONFIG_JSON defaultValue: "" @@ -4357,6 +4510,26 @@ GATEWAY_STORAGE_REGISTRY_RULES: deprecationVersion: "" removalVersion: "" deprecationInfo: "" +GATEWAY_STORAGE_SHARES_ENDPOINT: + name: GATEWAY_STORAGE_SHARES_ENDPOINT + defaultValue: com.owncloud.api.storage-shares + type: string + description: The endpoint of the storage-shares service. Can take a service name + or a gRPC URI with the dns, kubernetes or unix protocol. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +GATEWAY_STORAGE_USERS_ENDPOINT: + name: GATEWAY_STORAGE_USERS_ENDPOINT + defaultValue: com.owncloud.api.storage-users + type: string + description: The endpoint of the storage-users service. Can take a service name + or a gRPC URI with the dns, kubernetes or unix protocol. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" GATEWAY_STORAGE_USERS_MOUNT_ID: name: GATEWAY_STORAGE_USERS_MOUNT_ID defaultValue: "" @@ -4415,6 +4588,16 @@ GATEWAY_TRANSFER_EXPIRES: deprecationVersion: "" removalVersion: "" deprecationInfo: "" +GATEWAY_USERS_ENDPOINT: + name: GATEWAY_USERS_ENDPOINT + defaultValue: com.owncloud.api.users + type: string + description: The endpoint of the users service. Can take a service name or a gRPC + URI with the dns, kubernetes or unix protocol. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" GRAPH_APPLICATION_DISPLAYNAME: name: GRAPH_APPLICATION_DISPLAYNAME defaultValue: ownCloud Infinite Scale @@ -4446,6 +4629,17 @@ GRAPH_ASSIGN_DEFAULT_USER_ROLE: deprecationVersion: "" removalVersion: "" deprecationInfo: "" +GRAPH_AVAILABLE_ROLES: + name: GRAPH_AVAILABLE_ROLES + defaultValue: '[b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5 a8d5fe5e-96e3-418d-825b-534dbdf22b99 + fb6c3e19-e378-47e5-b277-9732f9de6e21 58c63c02-1d89-4572-916a-870abc5a1b7d 2d00ce52-1fc2-4dbc-8b95-a73b73395f5a + 1c996275-f1c9-4e71-abdf-a42f6495e960 312c0871-5ef7-4b3a-85b6-0e4074c64049]' + type: '[]string' + description: A comma separated list of roles that are available for assignment. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" GRAPH_CACHE_AUTH_PASSWORD: name: OCIS_CACHE_AUTH_PASSWORD;GRAPH_CACHE_AUTH_PASSWORD defaultValue: "" @@ -5368,6 +5562,17 @@ GRAPH_TRACING_TYPE: deprecationVersion: "" removalVersion: "" deprecationInfo: "" +GRAPH_TRANSLATION_PATH: + name: OCIS_TRANSLATION_PATH;GRAPH_TRANSLATION_PATH + defaultValue: "" + type: string + description: (optional) Set this to a path with custom translations to overwrite + the builtin translations. Note that file and folder naming rules apply, see the + documentation for more details. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" GRAPH_USER_ENABLED_ATTRIBUTE: name: OCIS_LDAP_USER_ENABLED_ATTRIBUTE;GRAPH_USER_ENABLED_ATTRIBUTE defaultValue: ownCloudUserEnabled @@ -5447,7 +5652,7 @@ GROUPS_GRPC_ADDR: removalVersion: "" deprecationInfo: "" GROUPS_GRPC_PROTOCOL: - name: GROUPS_GRPC_PROTOCOL + name: OCIS_GRPC_PROTOCOL;GROUPS_GRPC_PROTOCOL defaultValue: tcp type: string description: The transport protocol of the GRPC service. @@ -7272,7 +7477,7 @@ NOTIFICATIONS_SMTP_ENCRYPTION: 'ssl', 'ssltls', 'tls' and 'none'. introductionVersion: pre5.0 deprecationVersion: 5.0.0 - removalVersion: 7.0.0 + removalVersion: '%%NEXT_PRODUCTION_VERSION%%' deprecationInfo: The NOTIFICATIONS_SMTP_ENCRYPTION values 'ssl' and 'tls' are deprecated and will be removed in the future. NOTIFICATIONS_SMTP_HOST: @@ -7803,8 +8008,8 @@ OCIS_CACHE_TTL: removalVersion: "" deprecationInfo: "" OCIS_CORS_ALLOW_CREDENTIALS: - name: OCIS_CORS_ALLOW_CREDENTIALS;FRONTEND_CORS_ALLOW_CREDENTIALS - defaultValue: "false" + name: OCIS_CORS_ALLOW_CREDENTIALS;WEBDAV_CORS_ALLOW_CREDENTIALS + defaultValue: "true" type: bool description: 'Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.' @@ -7813,11 +8018,9 @@ OCIS_CORS_ALLOW_CREDENTIALS: removalVersion: "" deprecationInfo: "" OCIS_CORS_ALLOW_HEADERS: - name: OCIS_CORS_ALLOW_HEADERS;FRONTEND_CORS_ALLOW_HEADERS - defaultValue: '[Origin Accept Content-Type Depth Authorization Ocs-Apirequest If-None-Match - If-Match Destination Overwrite X-Request-Id X-Requested-With Tus-Resumable Tus-Checksum-Algorithm - Upload-Concat Upload-Length Upload-Metadata Upload-Defer-Length Upload-Expires - Upload-Checksum Upload-Offset X-HTTP-Method-Override Cache-Control]' + name: OCIS_CORS_ALLOW_HEADERS;WEBDAV_CORS_ALLOW_HEADERS + defaultValue: '[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id + Cache-Control]' type: '[]string' description: 'A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. @@ -7827,9 +8030,8 @@ OCIS_CORS_ALLOW_HEADERS: removalVersion: "" deprecationInfo: "" OCIS_CORS_ALLOW_METHODS: - name: OCIS_CORS_ALLOW_METHODS;FRONTEND_CORS_ALLOW_METHODS - defaultValue: '[OPTIONS HEAD GET PUT POST PATCH DELETE MKCOL PROPFIND PROPPATCH - MOVE COPY REPORT SEARCH]' + name: OCIS_CORS_ALLOW_METHODS;WEBDAV_CORS_ALLOW_METHODS + defaultValue: '[GET POST PUT PATCH DELETE OPTIONS]' type: '[]string' description: 'A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. @@ -7839,8 +8041,8 @@ OCIS_CORS_ALLOW_METHODS: removalVersion: "" deprecationInfo: "" OCIS_CORS_ALLOW_ORIGINS: - name: OCIS_CORS_ALLOW_ORIGINS;FRONTEND_CORS_ALLOW_ORIGINS - defaultValue: '[https://localhost:9200]' + name: OCIS_CORS_ALLOW_ORIGINS;WEBDAV_CORS_ALLOW_ORIGINS + defaultValue: '[*]' type: '[]string' description: 'A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. @@ -7983,7 +8185,7 @@ OCIS_ENABLE_RESHARING: removalVersion: "" deprecationInfo: Resharing will be removed in the future. OCIS_EVENTS_AUTH_PASSWORD: - name: OCIS_EVENTS_AUTH_PASSWORD;FRONTEND_EVENTS_AUTH_PASSWORD + name: OCIS_EVENTS_AUTH_PASSWORD;SSE_EVENTS_AUTH_PASSWORD defaultValue: "" type: string description: The password to authenticate with the events broker. The events broker @@ -7993,7 +8195,7 @@ OCIS_EVENTS_AUTH_PASSWORD: removalVersion: "" deprecationInfo: "" OCIS_EVENTS_AUTH_USERNAME: - name: OCIS_EVENTS_AUTH_USERNAME;FRONTEND_EVENTS_AUTH_USERNAME + name: OCIS_EVENTS_AUTH_USERNAME;SSE_EVENTS_AUTH_USERNAME defaultValue: "" type: string description: The username to authenticate with the events broker. The events broker @@ -8003,7 +8205,7 @@ OCIS_EVENTS_AUTH_USERNAME: removalVersion: "" deprecationInfo: "" OCIS_EVENTS_CLUSTER: - name: OCIS_EVENTS_CLUSTER;FRONTEND_EVENTS_CLUSTER + name: OCIS_EVENTS_CLUSTER;SSE_EVENTS_CLUSTER defaultValue: ocis-cluster type: string description: The clusterID of the event system. The event system is the message @@ -8014,17 +8216,17 @@ OCIS_EVENTS_CLUSTER: removalVersion: "" deprecationInfo: "" OCIS_EVENTS_ENABLE_TLS: - name: OCIS_EVENTS_ENABLE_TLS;NATS_EVENTS_ENABLE_TLS + name: OCIS_EVENTS_ENABLE_TLS;SSE_EVENTS_ENABLE_TLS defaultValue: "false" type: bool description: Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services. - introductionVersion: pre5.0 + introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_EVENTS_ENDPOINT: - name: OCIS_EVENTS_ENDPOINT;FRONTEND_EVENTS_ENDPOINT + name: OCIS_EVENTS_ENDPOINT;SSE_EVENTS_ENDPOINT defaultValue: 127.0.0.1:9233 type: string description: The address of the event system. The event system is the message queuing @@ -8034,12 +8236,12 @@ OCIS_EVENTS_ENDPOINT: removalVersion: "" deprecationInfo: "" OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE: - name: OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE;ANTIVIRUS_EVENTS_TLS_ROOT_CA_CERTIFICATE + name: OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE;SSE_EVENTS_TLS_ROOT_CA_CERTIFICATE defaultValue: "" type: string description: The root CA certificate used to validate the server's TLS certificate. - If provided ANTIVIRUS_EVENTS_TLS_INSECURE will be seen as false. - introductionVersion: pre5.0 + If provided SSE_EVENTS_TLS_INSECURE will be seen as false. + introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -8075,6 +8277,15 @@ OCIS_GRPC_CLIENT_TLS_MODE: deprecationVersion: "" removalVersion: "" deprecationInfo: "" +OCIS_GRPC_PROTOCOL: + name: OCIS_GRPC_PROTOCOL;AUTH_BEARER_GRPC_PROTOCOL + defaultValue: "" + type: string + description: The transport protocol of the GRPC service. + introductionVersion: pre5.0 + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" OCIS_HTTP_TLS_CERTIFICATE: name: OCIS_HTTP_TLS_CERTIFICATE defaultValue: "" @@ -8107,17 +8318,16 @@ OCIS_HTTP_TLS_KEY: removalVersion: "" deprecationInfo: "" OCIS_INSECURE: - name: OCIS_INSECURE;NATS_TLS_SKIP_VERIFY_CLIENT_CERT + name: OCIS_INSECURE;AUTH_BEARER_OIDC_INSECURE defaultValue: "false" type: bool - description: Whether the NATS server should skip the client certificate verification - during the TLS handshake. + description: Allow insecure connections to the OIDC issuer. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_JWT_SECRET: - name: OCIS_JWT_SECRET;GROUPS_JWT_SECRET + name: OCIS_JWT_SECRET;AUTH_BEARER_JWT_SECRET defaultValue: "" type: string description: The secret to mint and validate jwt tokens. @@ -8126,7 +8336,7 @@ OCIS_JWT_SECRET: removalVersion: "" deprecationInfo: "" OCIS_KEYCLOAK_BASE_PATH: - name: OCIS_KEYCLOAK_BASE_PATH;GRAPH_KEYCLOAK_BASE_PATH + name: OCIS_KEYCLOAK_BASE_PATH;INVITATIONS_KEYCLOAK_BASE_PATH defaultValue: "" type: string description: The URL to access keycloak. @@ -8135,16 +8345,16 @@ OCIS_KEYCLOAK_BASE_PATH: removalVersion: "" deprecationInfo: "" OCIS_KEYCLOAK_CLIENT_ID: - name: OCIS_KEYCLOAK_CLIENT_ID;GRAPH_KEYCLOAK_CLIENT_ID + name: OCIS_KEYCLOAK_CLIENT_ID;INVITATIONS_KEYCLOAK_CLIENT_ID defaultValue: "" type: string - description: The client id to authenticate with keycloak. + description: The client ID to authenticate with keycloak. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_KEYCLOAK_CLIENT_REALM: - name: OCIS_KEYCLOAK_CLIENT_REALM;GRAPH_KEYCLOAK_CLIENT_REALM + name: OCIS_KEYCLOAK_CLIENT_REALM;INVITATIONS_KEYCLOAK_CLIENT_REALM defaultValue: "" type: string description: The realm the client is defined in. @@ -8153,7 +8363,7 @@ OCIS_KEYCLOAK_CLIENT_REALM: removalVersion: "" deprecationInfo: "" OCIS_KEYCLOAK_CLIENT_SECRET: - name: OCIS_KEYCLOAK_CLIENT_SECRET;GRAPH_KEYCLOAK_CLIENT_SECRET + name: OCIS_KEYCLOAK_CLIENT_SECRET;INVITATIONS_KEYCLOAK_CLIENT_SECRET defaultValue: "" type: string description: The client secret to use in authentication. @@ -8162,7 +8372,7 @@ OCIS_KEYCLOAK_CLIENT_SECRET: removalVersion: "" deprecationInfo: "" OCIS_KEYCLOAK_INSECURE_SKIP_VERIFY: - name: OCIS_KEYCLOAK_INSECURE_SKIP_VERIFY;GRAPH_KEYCLOAK_INSECURE_SKIP_VERIFY + name: OCIS_KEYCLOAK_INSECURE_SKIP_VERIFY;INVITATIONS_KEYCLOAK_INSECURE_SKIP_VERIFY defaultValue: "false" type: bool description: Disable TLS certificate validation for Keycloak connections. Do not @@ -8172,7 +8382,7 @@ OCIS_KEYCLOAK_INSECURE_SKIP_VERIFY: removalVersion: "" deprecationInfo: "" OCIS_KEYCLOAK_USER_REALM: - name: OCIS_KEYCLOAK_USER_REALM;GRAPH_KEYCLOAK_USER_REALM + name: OCIS_KEYCLOAK_USER_REALM;INVITATIONS_KEYCLOAK_USER_REALM defaultValue: "" type: string description: The realm users are defined. @@ -8181,7 +8391,7 @@ OCIS_KEYCLOAK_USER_REALM: removalVersion: "" deprecationInfo: "" OCIS_LDAP_BIND_DN: - name: OCIS_LDAP_BIND_DN;GROUPS_LDAP_BIND_DN + name: OCIS_LDAP_BIND_DN;AUTH_BASIC_LDAP_BIND_DN defaultValue: uid=reva,ou=sysusers,o=libregraph-idm type: string description: LDAP DN to use for simple bind authentication with the target LDAP @@ -8191,7 +8401,7 @@ OCIS_LDAP_BIND_DN: removalVersion: "" deprecationInfo: "" OCIS_LDAP_BIND_PASSWORD: - name: OCIS_LDAP_BIND_PASSWORD;GROUPS_LDAP_BIND_PASSWORD + name: OCIS_LDAP_BIND_PASSWORD;AUTH_BASIC_LDAP_BIND_PASSWORD defaultValue: "" type: string description: Password to use for authenticating the 'bind_dn'. @@ -8200,7 +8410,7 @@ OCIS_LDAP_BIND_PASSWORD: removalVersion: "" deprecationInfo: "" OCIS_LDAP_CACERT: - name: OCIS_LDAP_CACERT;GROUPS_LDAP_CACERT + name: OCIS_LDAP_CACERT;AUTH_BASIC_LDAP_CACERT defaultValue: /var/lib/ocis/idm/ldap.crt type: string description: Path/File name for the root CA certificate (in PEM format) used to @@ -8211,20 +8421,20 @@ OCIS_LDAP_CACERT: removalVersion: "" deprecationInfo: "" OCIS_LDAP_DISABLE_USER_MECHANISM: - name: OCIS_LDAP_DISABLE_USER_MECHANISM;GRAPH_DISABLE_USER_MECHANISM + name: OCIS_LDAP_DISABLE_USER_MECHANISM;AUTH_BASIC_DISABLE_USER_MECHANISM defaultValue: attribute type: string - description: An option to control the behavior for disabling users. Supported options + description: An option to control the behavior for disabling users. Valid options are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API will add the user to the configured group for disabled users, if set to 'attribute' this will be done in the ldap user entry, if set to 'none' the disable request - is not processed. Default is 'attribute'. + is not processed. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_DISABLED_USERS_GROUP_DN: - name: OCIS_LDAP_DISABLED_USERS_GROUP_DN;GRAPH_DISABLED_USERS_GROUP_DN + name: OCIS_LDAP_DISABLED_USERS_GROUP_DN;AUTH_BASIC_DISABLED_USERS_GROUP_DN defaultValue: cn=DisabledUsersGroup,ou=groups,o=libregraph-idm type: string description: The distinguished name of the group to which added users will be classified @@ -8234,7 +8444,7 @@ OCIS_LDAP_DISABLED_USERS_GROUP_DN: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_BASE_DN: - name: OCIS_LDAP_GROUP_BASE_DN;GROUPS_LDAP_GROUP_BASE_DN + name: OCIS_LDAP_GROUP_BASE_DN;AUTH_BASIC_LDAP_GROUP_BASE_DN defaultValue: ou=groups,o=libregraph-idm type: string description: Search base DN for looking up LDAP groups. @@ -8243,7 +8453,7 @@ OCIS_LDAP_GROUP_BASE_DN: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_FILTER: - name: OCIS_LDAP_GROUP_FILTER;GROUPS_LDAP_GROUP_FILTER + name: OCIS_LDAP_GROUP_FILTER;AUTH_BASIC_LDAP_GROUP_FILTER defaultValue: "" type: string description: LDAP filter to add to the default filters for group searches. @@ -8252,7 +8462,7 @@ OCIS_LDAP_GROUP_FILTER: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_OBJECTCLASS: - name: OCIS_LDAP_GROUP_OBJECTCLASS;GROUPS_LDAP_GROUP_OBJECTCLASS + name: OCIS_LDAP_GROUP_OBJECTCLASS;AUTH_BASIC_LDAP_GROUP_OBJECTCLASS defaultValue: groupOfNames type: string description: The object class to use for groups in the default group search filter @@ -8262,7 +8472,7 @@ OCIS_LDAP_GROUP_OBJECTCLASS: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME: - name: OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME;GROUPS_LDAP_GROUP_SCHEMA_DISPLAYNAME + name: OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME;AUTH_BASIC_LDAP_GROUP_SCHEMA_DISPLAYNAME defaultValue: cn type: string description: LDAP Attribute to use for the displayname of groups (often the same @@ -8272,7 +8482,7 @@ OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_GROUPNAME: - name: OCIS_LDAP_GROUP_SCHEMA_GROUPNAME;GROUPS_LDAP_GROUP_SCHEMA_GROUPNAME + name: OCIS_LDAP_GROUP_SCHEMA_GROUPNAME;AUTH_BASIC_LDAP_GROUP_SCHEMA_GROUPNAME defaultValue: cn type: string description: LDAP Attribute to use for the name of groups. @@ -8281,28 +8491,28 @@ OCIS_LDAP_GROUP_SCHEMA_GROUPNAME: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_ID: - name: OCIS_LDAP_GROUP_SCHEMA_ID;GROUPS_LDAP_GROUP_SCHEMA_ID + name: OCIS_LDAP_GROUP_SCHEMA_ID;AUTH_BASIC_LDAP_GROUP_SCHEMA_ID defaultValue: ownclouduuid type: string description: LDAP Attribute to use as the unique id for groups. This should be a - stable globally unique ID like a UUID. + stable globally unique id (e.g. a UUID). introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING: - name: OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING;GROUPS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING + name: OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING;AUTH_BASIC_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING defaultValue: "false" type: bool description: Set this to true if the defined 'id' attribute for groups is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute - of Active Directory for the group ID's. + of Active Directory for the group IDs. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_MAIL: - name: OCIS_LDAP_GROUP_SCHEMA_MAIL;GROUPS_LDAP_GROUP_SCHEMA_MAIL + name: OCIS_LDAP_GROUP_SCHEMA_MAIL;AUTH_BASIC_LDAP_GROUP_SCHEMA_MAIL defaultValue: mail type: string description: LDAP Attribute to use for the email address of groups (can be empty). @@ -8311,7 +8521,7 @@ OCIS_LDAP_GROUP_SCHEMA_MAIL: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_MEMBER: - name: OCIS_LDAP_GROUP_SCHEMA_MEMBER;GROUPS_LDAP_GROUP_SCHEMA_MEMBER + name: OCIS_LDAP_GROUP_SCHEMA_MEMBER;AUTH_BASIC_LDAP_GROUP_SCHEMA_MEMBER defaultValue: member type: string description: LDAP Attribute that is used for group members. @@ -8320,17 +8530,17 @@ OCIS_LDAP_GROUP_SCHEMA_MEMBER: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCOPE: - name: OCIS_LDAP_GROUP_SCOPE;GROUPS_LDAP_GROUP_SCOPE + name: OCIS_LDAP_GROUP_SCOPE;AUTH_BASIC_LDAP_GROUP_SCOPE defaultValue: sub type: string - description: LDAP search scope to use when looking up groups. Supported scopes are + description: LDAP search scope to use when looking up groups. Supported values are 'base', 'one' and 'sub'. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_INSECURE: - name: OCIS_LDAP_INSECURE;GROUPS_LDAP_INSECURE + name: OCIS_LDAP_INSECURE;AUTH_BASIC_LDAP_INSECURE defaultValue: "false" type: bool description: Disable TLS certificate validation for the LDAP connections. Do not @@ -8352,7 +8562,7 @@ OCIS_LDAP_SERVER_WRITE_ENABLED: removalVersion: "" deprecationInfo: "" OCIS_LDAP_URI: - name: OCIS_LDAP_URI;GROUPS_LDAP_URI + name: OCIS_LDAP_URI;AUTH_BASIC_LDAP_URI defaultValue: ldaps://localhost:9235 type: string description: URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' @@ -8362,7 +8572,7 @@ OCIS_LDAP_URI: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_BASE_DN: - name: OCIS_LDAP_USER_BASE_DN;GROUPS_LDAP_USER_BASE_DN + name: OCIS_LDAP_USER_BASE_DN;AUTH_BASIC_LDAP_USER_BASE_DN defaultValue: ou=users,o=libregraph-idm type: string description: Search base DN for looking up LDAP users. @@ -8371,16 +8581,16 @@ OCIS_LDAP_USER_BASE_DN: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_ENABLED_ATTRIBUTE: - name: OCIS_LDAP_USER_ENABLED_ATTRIBUTE;GRAPH_USER_ENABLED_ATTRIBUTE + name: OCIS_LDAP_USER_ENABLED_ATTRIBUTE;AUTH_BASIC_LDAP_USER_ENABLED_ATTRIBUTE defaultValue: ownCloudUserEnabled type: string - description: LDAP Attribute to use as a flag telling if the user is enabled or disabled. + description: LDAP attribute to use as a flag telling if the user is enabled or disabled. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_FILTER: - name: OCIS_LDAP_USER_FILTER;GROUPS_LDAP_USER_FILTER + name: OCIS_LDAP_USER_FILTER;AUTH_BASIC_LDAP_USER_FILTER defaultValue: "" type: string description: LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'. @@ -8389,7 +8599,7 @@ OCIS_LDAP_USER_FILTER: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_OBJECTCLASS: - name: OCIS_LDAP_USER_OBJECTCLASS;GROUPS_LDAP_USER_OBJECTCLASS + name: OCIS_LDAP_USER_OBJECTCLASS;AUTH_BASIC_LDAP_USER_OBJECTCLASS defaultValue: inetOrgPerson type: string description: The object class to use for users in the default user search filter @@ -8399,7 +8609,7 @@ OCIS_LDAP_USER_OBJECTCLASS: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_DISPLAYNAME: - name: OCIS_LDAP_USER_SCHEMA_DISPLAYNAME;GROUPS_LDAP_USER_SCHEMA_DISPLAYNAME + name: OCIS_LDAP_USER_SCHEMA_DISPLAYNAME;AUTH_BASIC_LDAP_USER_SCHEMA_DISPLAYNAME defaultValue: displayname type: string description: LDAP Attribute to use for the displayname of users. @@ -8408,28 +8618,28 @@ OCIS_LDAP_USER_SCHEMA_DISPLAYNAME: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_ID: - name: OCIS_LDAP_USER_SCHEMA_ID;GROUPS_LDAP_USER_SCHEMA_ID + name: OCIS_LDAP_USER_SCHEMA_ID;AUTH_BASIC_LDAP_USER_SCHEMA_ID defaultValue: ownclouduuid type: string - description: LDAP Attribute to use as the unique id for users. This should be a - stable globally unique id like a UUID. + description: LDAP Attribute to use as the unique ID for users. This should be a + stable globally unique ID like a UUID. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING: - name: OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING;GROUPS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING + name: OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING;AUTH_BASIC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING defaultValue: "false" type: bool description: Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute - of Active Directory for the user ID's. + of Active Directory for the user IDs. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_MAIL: - name: OCIS_LDAP_USER_SCHEMA_MAIL;GROUPS_LDAP_USER_SCHEMA_MAIL + name: OCIS_LDAP_USER_SCHEMA_MAIL;AUTH_BASIC_LDAP_USER_SCHEMA_MAIL defaultValue: mail type: string description: LDAP Attribute to use for the email address of users. @@ -8438,7 +8648,7 @@ OCIS_LDAP_USER_SCHEMA_MAIL: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_USER_TYPE: - name: OCIS_LDAP_USER_SCHEMA_USER_TYPE;GRAPH_LDAP_USER_TYPE_ATTRIBUTE + name: OCIS_LDAP_USER_SCHEMA_USER_TYPE;USERS_LDAP_USER_TYPE_ATTRIBUTE defaultValue: ownCloudUserType type: string description: LDAP Attribute to distinguish between 'Member' and 'Guest' users. Default @@ -8448,7 +8658,7 @@ OCIS_LDAP_USER_SCHEMA_USER_TYPE: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_USERNAME: - name: OCIS_LDAP_USER_SCHEMA_USERNAME;GROUPS_LDAP_USER_SCHEMA_USERNAME + name: OCIS_LDAP_USER_SCHEMA_USERNAME;AUTH_BASIC_LDAP_USER_SCHEMA_USERNAME defaultValue: uid type: string description: LDAP Attribute to use for username of users. @@ -8457,17 +8667,17 @@ OCIS_LDAP_USER_SCHEMA_USERNAME: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCOPE: - name: OCIS_LDAP_USER_SCOPE;GROUPS_LDAP_USER_SCOPE + name: OCIS_LDAP_USER_SCOPE;AUTH_BASIC_LDAP_USER_SCOPE defaultValue: sub type: string - description: LDAP search scope to use when looking up users. Supported scopes are + description: LDAP search scope to use when looking up users. Supported values are 'base', 'one' and 'sub'. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LOG_COLOR: - name: OCIS_LOG_COLOR;NATS_LOG_COLOR + name: OCIS_LOG_COLOR;AUTH_BEARER_LOG_COLOR defaultValue: "false" type: bool description: Activates colorized log output. @@ -8476,7 +8686,7 @@ OCIS_LOG_COLOR: removalVersion: "" deprecationInfo: "" OCIS_LOG_FILE: - name: OCIS_LOG_FILE;NATS_LOG_FILE + name: OCIS_LOG_FILE;AUTH_BEARER_LOG_FILE defaultValue: "" type: string description: The path to the log file. Activates logging to this file if set. @@ -8485,7 +8695,7 @@ OCIS_LOG_FILE: removalVersion: "" deprecationInfo: "" OCIS_LOG_LEVEL: - name: OCIS_LOG_LEVEL;NATS_LOG_LEVEL + name: OCIS_LOG_LEVEL;AUTH_BEARER_LOG_LEVEL defaultValue: "" type: string description: 'The log level. Valid values are: ''panic'', ''fatal'', ''error'', @@ -8495,7 +8705,7 @@ OCIS_LOG_LEVEL: removalVersion: "" deprecationInfo: "" OCIS_LOG_PRETTY: - name: OCIS_LOG_PRETTY;NATS_LOG_PRETTY + name: OCIS_LOG_PRETTY;AUTH_BEARER_LOG_PRETTY defaultValue: "false" type: bool description: Activates pretty log output. @@ -8525,11 +8735,10 @@ OCIS_OIDC_CLIENT_ID: removalVersion: "" deprecationInfo: "" OCIS_OIDC_ISSUER: - name: OCIS_URL;OCIS_OIDC_ISSUER;GROUPS_IDP_URL + name: OCIS_URL;OCIS_OIDC_ISSUER;AUTH_BEARER_OIDC_ISSUER defaultValue: https://localhost:9200 type: string - description: The identity provider value to set in the group IDs of the CS3 group - objects for groups returned by this group provider. + description: URL of the OIDC issuer. It defaults to URL of the builtin IDP. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -8602,8 +8811,8 @@ OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS: removalVersion: "" deprecationInfo: "" OCIS_PERSISTENT_STORE: - name: OCIS_PERSISTENT_STORE;POSTPROCESSING_STORE - defaultValue: nats-js-kv + name: OCIS_PERSISTENT_STORE;USERLOG_STORE + defaultValue: memory type: string description: 'The type of the store. Supported values are: ''memory'', ''ocmem'', ''etcd'', ''redis'', ''redis-sentinel'', ''nats-js'', ''noop''. See the text description @@ -8613,7 +8822,7 @@ OCIS_PERSISTENT_STORE: removalVersion: "" deprecationInfo: "" OCIS_PERSISTENT_STORE_AUTH_PASSWORD: - name: OCIS_PERSISTENT_STORE_AUTH_PASSWORD;POSTPROCESSING_STORE_AUTH_PASSWORD + name: OCIS_PERSISTENT_STORE_AUTH_PASSWORD;USERLOG_STORE_AUTH_PASSWORD defaultValue: "" type: string description: The password to authenticate with the store. Only applies when store @@ -8623,7 +8832,7 @@ OCIS_PERSISTENT_STORE_AUTH_PASSWORD: removalVersion: "" deprecationInfo: "" OCIS_PERSISTENT_STORE_AUTH_USERNAME: - name: OCIS_PERSISTENT_STORE_AUTH_USERNAME;POSTPROCESSING_STORE_AUTH_USERNAME + name: OCIS_PERSISTENT_STORE_AUTH_USERNAME;USERLOG_STORE_AUTH_USERNAME defaultValue: "" type: string description: The username to authenticate with the store. Only applies when store @@ -8633,8 +8842,8 @@ OCIS_PERSISTENT_STORE_AUTH_USERNAME: removalVersion: "" deprecationInfo: "" OCIS_PERSISTENT_STORE_NODES: - name: OCIS_PERSISTENT_STORE_NODES;POSTPROCESSING_STORE_NODES - defaultValue: '[127.0.0.1:9233]' + name: OCIS_PERSISTENT_STORE_NODES;USERLOG_STORE_NODES + defaultValue: '[]' type: '[]string' description: A list of nodes to access the configured store. This has no effect when 'memory' or 'ocmem' stores are configured. Note that the behaviour how nodes @@ -8645,7 +8854,7 @@ OCIS_PERSISTENT_STORE_NODES: removalVersion: "" deprecationInfo: "" OCIS_PERSISTENT_STORE_SIZE: - name: OCIS_PERSISTENT_STORE_SIZE;POSTPROCESSING_STORE_SIZE + name: OCIS_PERSISTENT_STORE_SIZE;USERLOG_STORE_SIZE defaultValue: "0" type: int description: The maximum quantity of items in the store. Only applies when store @@ -8656,11 +8865,11 @@ OCIS_PERSISTENT_STORE_SIZE: removalVersion: "" deprecationInfo: "" OCIS_PERSISTENT_STORE_TTL: - name: OCIS_PERSISTENT_STORE_TTL;POSTPROCESSING_STORE_TTL - defaultValue: 0s + name: OCIS_PERSISTENT_STORE_TTL;USERLOG_STORE_TTL + defaultValue: 336h0m0s type: Duration - description: Time to live for events in the store. See the Environment Variable - Types description for more details. + description: Time to live for events in the store. Defaults to '336h' (2 weeks). + See the Environment Variable Types description for more details. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -8774,10 +8983,10 @@ OCIS_SYSTEM_USER_API_KEY: removalVersion: "" deprecationInfo: "" OCIS_SYSTEM_USER_ID: - name: OCIS_SYSTEM_USER_ID + name: OCIS_SYSTEM_USER_ID;SETTINGS_SYSTEM_USER_ID defaultValue: "" type: string - description: ID of the oCIS storage-system system user. Admins need to set the ID + description: ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format. @@ -8786,7 +8995,7 @@ OCIS_SYSTEM_USER_ID: removalVersion: "" deprecationInfo: "" OCIS_SYSTEM_USER_IDP: - name: OCIS_SYSTEM_USER_IDP;SHARING_PUBLIC_CS3_SYSTEM_USER_IDP + name: OCIS_SYSTEM_USER_IDP;SETTINGS_SYSTEM_USER_IDP defaultValue: internal type: string description: IDP of the oCIS STORAGE-SYSTEM system user. @@ -8795,7 +9004,7 @@ OCIS_SYSTEM_USER_IDP: removalVersion: "" deprecationInfo: "" OCIS_TRACING_COLLECTOR: - name: OCIS_TRACING_COLLECTOR;NATS_TRACING_COLLECTOR + name: OCIS_TRACING_COLLECTOR;AUTH_BEARER_TRACING_COLLECTOR defaultValue: "" type: string description: The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. @@ -8805,7 +9014,7 @@ OCIS_TRACING_COLLECTOR: removalVersion: "" deprecationInfo: "" OCIS_TRACING_ENABLED: - name: OCIS_TRACING_ENABLED;NATS_TRACING_ENABLED + name: OCIS_TRACING_ENABLED;AUTH_BEARER_TRACING_ENABLED defaultValue: "false" type: bool description: Activates tracing. @@ -8814,7 +9023,7 @@ OCIS_TRACING_ENABLED: removalVersion: "" deprecationInfo: "" OCIS_TRACING_ENDPOINT: - name: OCIS_TRACING_ENDPOINT;NATS_TRACING_ENDPOINT + name: OCIS_TRACING_ENDPOINT;AUTH_BEARER_TRACING_ENDPOINT defaultValue: "" type: string description: The endpoint of the tracing agent. @@ -8823,7 +9032,7 @@ OCIS_TRACING_ENDPOINT: removalVersion: "" deprecationInfo: "" OCIS_TRACING_TYPE: - name: OCIS_TRACING_TYPE;NATS_TRACING_TYPE + name: OCIS_TRACING_TYPE;AUTH_BEARER_TRACING_TYPE defaultValue: "" type: string description: The type of tracing. Defaults to '', which is the same as 'jaeger'. @@ -8853,11 +9062,10 @@ OCIS_TRANSLATION_PATH: removalVersion: "" deprecationInfo: "" OCIS_URL: - name: OCIS_URL;OCIS_OIDC_ISSUER;GROUPS_IDP_URL + name: OCIS_URL;OCIS_OIDC_ISSUER;AUTH_BEARER_OIDC_ISSUER defaultValue: https://localhost:9200 type: string - description: The identity provider value to set in the group IDs of the CS3 group - objects for groups returned by this group provider. + description: URL of the OIDC issuer. It defaults to URL of the builtin IDP. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -8866,7 +9074,8 @@ OCIS_WOPI_DISABLE_CHAT: name: COLLABORATION_WOPI_DISABLE_CHAT;OCIS_WOPI_DISABLE_CHAT defaultValue: "false" type: bool - description: Disable chat in the frontend. + description: Disable chat in the office web frontend. This feature applies to OnlyOffice + and Microsoft. introductionVersion: '%%NEXT%%' deprecationVersion: "" removalVersion: "" @@ -8956,6 +9165,76 @@ OCM_DEBUG_ZPAGES: deprecationVersion: "" removalVersion: "" deprecationInfo: "" +OCM_EVENTS_AUTH_PASSWORD: + name: OCIS_EVENTS_AUTH_PASSWORD;OCM_EVENTS_AUTH_PASSWORD + defaultValue: "" + type: string + description: The password to authenticate with the events broker. The events broker + is the ocis service which receives and delivers events between the services. + introductionVersion: "5.0" + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +OCM_EVENTS_AUTH_USERNAME: + name: OCIS_EVENTS_AUTH_USERNAME;OCM_EVENTS_AUTH_USERNAME + defaultValue: "" + type: string + description: The username to authenticate with the events broker. The events broker + is the ocis service which receives and delivers events between the services. + introductionVersion: "5.0" + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +OCM_EVENTS_CLUSTER: + name: OCIS_EVENTS_CLUSTER;OCM_EVENTS_CLUSTER + defaultValue: ocis-cluster + type: string + description: The clusterID of the event system. The event system is the message + queuing service. It is used as message broker for the microservice architecture. + Mandatory when using NATS as event system. + introductionVersion: pre5.0 + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +OCM_EVENTS_ENABLE_TLS: + name: OCIS_EVENTS_ENABLE_TLS;OCM_EVENTS_ENABLE_TLS + defaultValue: "false" + type: bool + description: Enable TLS for the connection to the events broker. The events broker + is the ocis service which receives and delivers events between the services. + introductionVersion: pre5.0 + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +OCM_EVENTS_ENDPOINT: + name: OCIS_EVENTS_ENDPOINT;OCM_EVENTS_ENDPOINT + defaultValue: 127.0.0.1:9233 + type: string + description: The address of the event system. The event system is the message queuing + service. It is used as message broker for the microservice architecture. + introductionVersion: pre5.0 + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +OCM_EVENTS_TLS_INSECURE: + name: OCIS_INSECURE;OCM_EVENTS_TLS_INSECURE + defaultValue: "false" + type: bool + description: Whether to verify the server TLS certificates. + introductionVersion: pre5.0 + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +OCM_EVENTS_TLS_ROOT_CA_CERTIFICATE: + name: OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE;OCM_EVENTS_TLS_ROOT_CA_CERTIFICATE + defaultValue: "" + type: string + description: The root CA certificate used to validate the server's TLS certificate. + If provided OCM_EVENTS_TLS_INSECURE will be seen as false. + introductionVersion: pre5.0 + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" OCM_GRPC_ADDR: name: OCM_GRPC_ADDR defaultValue: 127.0.0.1:9282 @@ -8966,7 +9245,7 @@ OCM_GRPC_ADDR: removalVersion: "" deprecationInfo: "" OCM_GRPC_PROTOCOL: - name: OCM_GRPC_PROTOCOL + name: OCIS_GRPC_PROTOCOL;OCM_GRPC_PROTOCOL defaultValue: "" type: string description: The transport protocol of the GRPC service. @@ -9089,8 +9368,9 @@ OCM_OCM_INVITE_MANAGER_JSON_FILE: name: OCM_OCM_INVITE_MANAGER_JSON_FILE defaultValue: /var/lib/ocis/storage/ocm/ocminvites.json type: string - description: Path to the JSON file where OCM invite data will be stored. If not - defined, the root directory derives from $OCIS_BASE_DATA_PATH:/storage. + description: Path to the JSON file where OCM invite data will be stored. This file + is maintained by the instance and must not be changed manually. If not defined, + the root directory derives from $OCIS_BASE_DATA_PATH:/storage/ocm. introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" @@ -11536,7 +11816,7 @@ SHARING_GRPC_ADDR: removalVersion: "" deprecationInfo: "" SHARING_GRPC_PROTOCOL: - name: SHARING_GRPC_PROTOCOL + name: OCIS_GRPC_PROTOCOL;SHARING_GRPC_PROTOCOL defaultValue: tcp type: string description: The transport protocol of the GRPC service. @@ -12315,7 +12595,7 @@ STORAGE_PUBLICLINK_GRPC_ADDR: removalVersion: "" deprecationInfo: "" STORAGE_PUBLICLINK_GRPC_PROTOCOL: - name: STORAGE_PUBLICLINK_GRPC_PROTOCOL + name: OCIS_GRPC_PROTOCOL;STORAGE_PUBLICLINK_GRPC_PROTOCOL defaultValue: tcp type: string description: The transport protocol of the GRPC service. @@ -12476,7 +12756,7 @@ STORAGE_SHARES_GRPC_ADDR: removalVersion: "" deprecationInfo: "" STORAGE_SHARES_GRPC_PROTOCOL: - name: STORAGE_SHARES_GRPC_PROTOCOL + name: OCIS_GRPC_PROTOCOL;STORAGE_SHARES_GRPC_PROTOCOL defaultValue: tcp type: string description: The transport protocol of the GRPC service. @@ -12748,7 +13028,7 @@ STORAGE_SYSTEM_GRPC_ADDR: removalVersion: "" deprecationInfo: "" STORAGE_SYSTEM_GRPC_PROTOCOL: - name: STORAGE_SYSTEM_GRPC_PROTOCOL + name: OCIS_GRPC_PROTOCOL;STORAGE_SYSTEM_GRPC_PROTOCOL defaultValue: tcp type: string description: The transport protocol of the GPRC service. @@ -13269,7 +13549,7 @@ STORAGE_USERS_GRPC_ADDR: removalVersion: "" deprecationInfo: "" STORAGE_USERS_GRPC_PROTOCOL: - name: STORAGE_USERS_GRPC_PROTOCOL + name: OCIS_GRPC_PROTOCOL;STORAGE_USERS_GRPC_PROTOCOL defaultValue: tcp type: string description: The transport protocol of the GPRC service. @@ -14984,7 +15264,7 @@ USERS_GRPC_ADDR: removalVersion: "" deprecationInfo: "" USERS_GRPC_PROTOCOL: - name: USERS_GRPC_PROTOCOL + name: OCIS_GRPC_PROTOCOL;USERS_GRPC_PROTOCOL defaultValue: tcp type: string description: The transport protocol of the GPRC service. @@ -15501,7 +15781,7 @@ WEB_ASSET_PATH: the builtin assets. introductionVersion: pre5.0 deprecationVersion: 5.1.0 - removalVersion: 7.0.0 + removalVersion: '%%NEXT_PRODUCTION_VERSION%%' deprecationInfo: The WEB_ASSET_PATH is deprecated and will be removed in the future. WEB_ASSET_THEMES_PATH: name: OCIS_ASSET_THEMES_PATH;WEB_ASSET_THEMES_PATH diff --git a/services/gateway/pkg/config/config.go b/services/gateway/pkg/config/config.go index 46ed4044ab..3cdde5bc76 100644 --- a/services/gateway/pkg/config/config.go +++ b/services/gateway/pkg/config/config.go @@ -42,7 +42,7 @@ type Config struct { AuthServiceEndpoint string `yaml:"auth_service_endpoint" env:"GATEWAY_AUTH_SERVICE_ENDPOINT" desc:"The endpoint of the auth-service service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"%%NEXT%%"` StoragePublicLinkEndpoint string `yaml:"storage_public_link_endpoint" env:"GATEWAY_STORAGE_PUBLIC_LINK_ENDPOINT" desc:"The endpoint of the storage-publiclink service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"%%NEXT%%"` StorageUsersEndpoint string `yaml:"storage_users_endpoint" env:"GATEWAY_STORAGE_USERS_ENDPOINT" desc:"The endpoint of the storage-users service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"%%NEXT%%"` - StorageSharesEndpoint string `yaml:"storage_shares_endpoint" env:"GATEWAY_STORAGE_SHARES_ENDPOINT" desc:"The endpoint of the storag-shares service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"%%NEXT%%"` + StorageSharesEndpoint string `yaml:"storage_shares_endpoint" env:"GATEWAY_STORAGE_SHARES_ENDPOINT" desc:"The endpoint of the storage-shares service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"%%NEXT%%"` AppRegistryEndpoint string `yaml:"app_registry_endpoint" env:"GATEWAY_APP_REGISTRY_ENDPOINT" desc:"The endpoint of the app-registry service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"%%NEXT%%"` OCMEndpoint string `yaml:"ocm_endpoint" env:"GATEWAY_OCM_ENDPOINT" desc:"The endpoint of the ocm service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"%%NEXT%%"`