From ccd49b8f8d4a70b647b3bfbfff5b15a579e02795 Mon Sep 17 00:00:00 2001 From: Martin Mattel Date: Mon, 4 Nov 2024 17:18:54 +0100 Subject: [PATCH] [docs-only][chore] update env_vars.yaml --- docs/helpers/env_vars.yaml | 299 +++++++++++++++++++++++++------------ 1 file changed, 200 insertions(+), 99 deletions(-) diff --git a/docs/helpers/env_vars.yaml b/docs/helpers/env_vars.yaml index 050084d6ad..9678eb28a4 100644 --- a/docs/helpers/env_vars.yaml +++ b/docs/helpers/env_vars.yaml @@ -2941,6 +2941,76 @@ COLLABORATION_LOG_PRETTY: deprecationVersion: "" removalVersion: "" deprecationInfo: "" +COLLABORATION_STORE: + name: OCIS_PERSISTENT_STORE;COLLABORATION_STORE + defaultValue: nats-js-kv + type: string + description: 'The type of the store. Supported values are: ''memory'', ''nats-js-kv'', + ''redis-sentinel'', ''noop''. See the text description for details.' + introductionVersion: 7.0.0 + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +COLLABORATION_STORE_AUTH_PASSWORD: + name: OCIS_PERSISTENT_STORE_AUTH_PASSWORD;COLLABORATION_STORE_AUTH_PASSWORD + defaultValue: "" + type: string + description: The password to authenticate with the store. Only applies when store + type 'nats-js-kv' is configured. + introductionVersion: 7.0.0 + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +COLLABORATION_STORE_AUTH_USERNAME: + name: OCIS_PERSISTENT_STORE_AUTH_USERNAME;COLLABORATION_STORE_AUTH_USERNAME + defaultValue: "" + type: string + description: The username to authenticate with the store. Only applies when store + type 'nats-js-kv' is configured. + introductionVersion: 7.0.0 + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +COLLABORATION_STORE_DATABASE: + name: COLLABORATION_STORE_DATABASE + defaultValue: collaboration + type: string + description: The database name the configured store should use. + introductionVersion: 7.0.0 + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +COLLABORATION_STORE_NODES: + name: OCIS_PERSISTENT_STORE_NODES;COLLABORATION_STORE_NODES + defaultValue: '[127.0.0.1:9233]' + type: '[]string' + description: A list of nodes to access the configured store. This has no effect + when 'memory' store is configured. Note that the behaviour how nodes are used + is dependent on the library of the configured store. See the Environment Variable + Types description for more details. + introductionVersion: 7.0.0 + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +COLLABORATION_STORE_TABLE: + name: COLLABORATION_STORE_TABLE + defaultValue: "" + type: string + description: The database table the store should use. + introductionVersion: 7.0.0 + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +COLLABORATION_STORE_TTL: + name: OCIS_PERSISTENT_STORE_TTL;COLLABORATION_STORE_TTL + defaultValue: 30m0s + type: Duration + description: Time to live for events in the store. Defaults to '30m' (30 minutes). + See the Environment Variable Types description for more details. + introductionVersion: 7.0.0 + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" COLLABORATION_TRACING_COLLECTOR: name: OCIS_TRACING_COLLECTOR;COLLABORATION_TRACING_COLLECTOR defaultValue: "" @@ -3022,6 +3092,17 @@ COLLABORATION_WOPI_SECRET: deprecationVersion: "" removalVersion: "" deprecationInfo: "" +COLLABORATION_WOPI_SHORTTOKENS: + name: COLLABORATION_WOPI_SHORTTOKENS + defaultValue: "false" + type: bool + description: Use short access tokens for WOPI access. This is useful for office + packages, like Microsoft Office Online, which have URL length restrictions. If + enabled, a persistent store must be configured. + introductionVersion: 7.0.0 + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" COLLABORATION_WOPI_SRC: name: COLLABORATION_WOPI_SRC defaultValue: https://localhost:9300 @@ -7496,7 +7577,7 @@ NOTIFICATIONS_SMTP_ENCRYPTION: deprecationVersion: "" removalVersion: "" deprecationInfo: 'The NOTIFICATIONS_SMTP_ENCRYPTION values ''ssl'' and ''tls'' are - deprecated and will be removed in the future. | | | | | | | | ' + deprecated and will be removed in the future. | | | | | | | | | ' NOTIFICATIONS_SMTP_HOST: name: NOTIFICATIONS_SMTP_HOST defaultValue: "" @@ -8027,8 +8108,8 @@ OCIS_CACHE_TTL: removalVersion: "" deprecationInfo: "" OCIS_CORS_ALLOW_CREDENTIALS: - name: OCIS_CORS_ALLOW_CREDENTIALS;WEBFINGER_CORS_ALLOW_CREDENTIALS - defaultValue: "false" + name: OCIS_CORS_ALLOW_CREDENTIALS;SETTINGS_CORS_ALLOW_CREDENTIALS + defaultValue: "true" type: bool description: 'Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.' @@ -8037,8 +8118,8 @@ OCIS_CORS_ALLOW_CREDENTIALS: removalVersion: "" deprecationInfo: "" OCIS_CORS_ALLOW_HEADERS: - name: OCIS_CORS_ALLOW_HEADERS;WEBFINGER_CORS_ALLOW_HEADERS - defaultValue: '[]' + name: OCIS_CORS_ALLOW_HEADERS;SETTINGS_CORS_ALLOW_HEADERS + defaultValue: '[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id]' type: '[]string' description: 'A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. @@ -8048,8 +8129,8 @@ OCIS_CORS_ALLOW_HEADERS: removalVersion: "" deprecationInfo: "" OCIS_CORS_ALLOW_METHODS: - name: OCIS_CORS_ALLOW_METHODS;WEBFINGER_CORS_ALLOW_METHODS - defaultValue: '[]' + name: OCIS_CORS_ALLOW_METHODS;SETTINGS_CORS_ALLOW_METHODS + defaultValue: '[GET POST PUT PATCH DELETE OPTIONS]' type: '[]string' description: 'A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. @@ -8059,8 +8140,8 @@ OCIS_CORS_ALLOW_METHODS: removalVersion: "" deprecationInfo: "" OCIS_CORS_ALLOW_ORIGINS: - name: OCIS_CORS_ALLOW_ORIGINS;WEBFINGER_CORS_ALLOW_ORIGINS - defaultValue: '[https://localhost:9200]' + name: OCIS_CORS_ALLOW_ORIGINS;SETTINGS_CORS_ALLOW_ORIGINS + defaultValue: '[*]' type: '[]string' description: 'A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. @@ -8120,7 +8201,7 @@ OCIS_DEFAULT_LANGUAGE: type: string description: The default language used by services and the WebUI. If not defined, English will be used as default. See the documentation for more details. - introductionVersion: 7.0.0 + introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -8203,7 +8284,7 @@ OCIS_ENABLE_RESHARING: removalVersion: "" deprecationInfo: Resharing will be removed in the future. OCIS_EVENTS_AUTH_PASSWORD: - name: OCIS_EVENTS_AUTH_PASSWORD;AUDIT_EVENTS_AUTH_PASSWORD + name: OCIS_EVENTS_AUTH_PASSWORD;GRAPH_EVENTS_AUTH_PASSWORD defaultValue: "" type: string description: The password to authenticate with the events broker. The events broker @@ -8213,7 +8294,7 @@ OCIS_EVENTS_AUTH_PASSWORD: removalVersion: "" deprecationInfo: "" OCIS_EVENTS_AUTH_USERNAME: - name: OCIS_EVENTS_AUTH_USERNAME;AUDIT_EVENTS_AUTH_USERNAME + name: OCIS_EVENTS_AUTH_USERNAME;GRAPH_EVENTS_AUTH_USERNAME defaultValue: "" type: string description: The username to authenticate with the events broker. The events broker @@ -8223,18 +8304,17 @@ OCIS_EVENTS_AUTH_USERNAME: removalVersion: "" deprecationInfo: "" OCIS_EVENTS_CLUSTER: - name: OCIS_EVENTS_CLUSTER;AUDIT_EVENTS_CLUSTER + name: OCIS_EVENTS_CLUSTER;GRAPH_EVENTS_CLUSTER defaultValue: ocis-cluster type: string description: The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. - Mandatory when using NATS as event system. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_EVENTS_ENABLE_TLS: - name: OCIS_EVENTS_ENABLE_TLS;AUDIT_EVENTS_ENABLE_TLS + name: OCIS_EVENTS_ENABLE_TLS;GRAPH_EVENTS_ENABLE_TLS defaultValue: "false" type: bool description: Enable TLS for the connection to the events broker. The events broker @@ -8244,31 +8324,32 @@ OCIS_EVENTS_ENABLE_TLS: removalVersion: "" deprecationInfo: "" OCIS_EVENTS_ENDPOINT: - name: OCIS_EVENTS_ENDPOINT;AUDIT_EVENTS_ENDPOINT + name: OCIS_EVENTS_ENDPOINT;GRAPH_EVENTS_ENDPOINT defaultValue: 127.0.0.1:9233 type: string description: The address of the event system. The event system is the message queuing - service. It is used as message broker for the microservice architecture. + service. It is used as message broker for the microservice architecture. Set to + a empty string to disable emitting events. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE: - name: OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE;AUDIT_EVENTS_TLS_ROOT_CA_CERTIFICATE + name: OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE;GRAPH_EVENTS_TLS_ROOT_CA_CERTIFICATE defaultValue: "" type: string description: The root CA certificate used to validate the server's TLS certificate. - If provided AUDIT_EVENTS_TLS_INSECURE will be seen as false. + If provided GRAPH_EVENTS_TLS_INSECURE will be seen as false. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_GATEWAY_GRPC_ADDR: - name: OCIS_GATEWAY_GRPC_ADDR;STORAGE_USERS_GATEWAY_GRPC_ADDR + name: OCIS_GATEWAY_GRPC_ADDR;GATEWAY_GRPC_ADDR defaultValue: 127.0.0.1:9142 type: string - description: The bind address of the gateway GRPC address. - introductionVersion: "5.0" + description: The bind address of the GRPC service. + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -8296,7 +8377,7 @@ OCIS_GRPC_CLIENT_TLS_MODE: removalVersion: "" deprecationInfo: "" OCIS_GRPC_PROTOCOL: - name: OCIS_GRPC_PROTOCOL;AUTH_BASIC_GRPC_PROTOCOL + name: OCIS_GRPC_PROTOCOL;GROUPS_GRPC_PROTOCOL defaultValue: "" type: string description: The transport protocol of the GRPC service. @@ -8336,7 +8417,7 @@ OCIS_HTTP_TLS_KEY: removalVersion: "" deprecationInfo: "" OCIS_INSECURE: - name: OCIS_INSECURE;AUDIT_EVENTS_TLS_INSECURE + name: OCIS_INSECURE;GRAPH_EVENTS_TLS_INSECURE defaultValue: "false" type: bool description: Whether to verify the server TLS certificates. @@ -8345,7 +8426,7 @@ OCIS_INSECURE: removalVersion: "" deprecationInfo: "" OCIS_JWT_SECRET: - name: OCIS_JWT_SECRET;AUTH_BASIC_JWT_SECRET + name: OCIS_JWT_SECRET;SETTINGS_JWT_SECRET defaultValue: "" type: string description: The secret to mint and validate jwt tokens. @@ -8354,7 +8435,7 @@ OCIS_JWT_SECRET: removalVersion: "" deprecationInfo: "" OCIS_KEYCLOAK_BASE_PATH: - name: OCIS_KEYCLOAK_BASE_PATH;INVITATIONS_KEYCLOAK_BASE_PATH + name: OCIS_KEYCLOAK_BASE_PATH;GRAPH_KEYCLOAK_BASE_PATH defaultValue: "" type: string description: The URL to access keycloak. @@ -8363,16 +8444,16 @@ OCIS_KEYCLOAK_BASE_PATH: removalVersion: "" deprecationInfo: "" OCIS_KEYCLOAK_CLIENT_ID: - name: OCIS_KEYCLOAK_CLIENT_ID;INVITATIONS_KEYCLOAK_CLIENT_ID + name: OCIS_KEYCLOAK_CLIENT_ID;GRAPH_KEYCLOAK_CLIENT_ID defaultValue: "" type: string - description: The client ID to authenticate with keycloak. + description: The client id to authenticate with keycloak. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_KEYCLOAK_CLIENT_REALM: - name: OCIS_KEYCLOAK_CLIENT_REALM;INVITATIONS_KEYCLOAK_CLIENT_REALM + name: OCIS_KEYCLOAK_CLIENT_REALM;GRAPH_KEYCLOAK_CLIENT_REALM defaultValue: "" type: string description: The realm the client is defined in. @@ -8381,7 +8462,7 @@ OCIS_KEYCLOAK_CLIENT_REALM: removalVersion: "" deprecationInfo: "" OCIS_KEYCLOAK_CLIENT_SECRET: - name: OCIS_KEYCLOAK_CLIENT_SECRET;INVITATIONS_KEYCLOAK_CLIENT_SECRET + name: OCIS_KEYCLOAK_CLIENT_SECRET;GRAPH_KEYCLOAK_CLIENT_SECRET defaultValue: "" type: string description: The client secret to use in authentication. @@ -8390,7 +8471,7 @@ OCIS_KEYCLOAK_CLIENT_SECRET: removalVersion: "" deprecationInfo: "" OCIS_KEYCLOAK_INSECURE_SKIP_VERIFY: - name: OCIS_KEYCLOAK_INSECURE_SKIP_VERIFY;INVITATIONS_KEYCLOAK_INSECURE_SKIP_VERIFY + name: OCIS_KEYCLOAK_INSECURE_SKIP_VERIFY;GRAPH_KEYCLOAK_INSECURE_SKIP_VERIFY defaultValue: "false" type: bool description: Disable TLS certificate validation for Keycloak connections. Do not @@ -8400,7 +8481,7 @@ OCIS_KEYCLOAK_INSECURE_SKIP_VERIFY: removalVersion: "" deprecationInfo: "" OCIS_KEYCLOAK_USER_REALM: - name: OCIS_KEYCLOAK_USER_REALM;INVITATIONS_KEYCLOAK_USER_REALM + name: OCIS_KEYCLOAK_USER_REALM;GRAPH_KEYCLOAK_USER_REALM defaultValue: "" type: string description: The realm users are defined. @@ -8409,7 +8490,7 @@ OCIS_KEYCLOAK_USER_REALM: removalVersion: "" deprecationInfo: "" OCIS_LDAP_BIND_DN: - name: OCIS_LDAP_BIND_DN;AUTH_BASIC_LDAP_BIND_DN + name: OCIS_LDAP_BIND_DN;GROUPS_LDAP_BIND_DN defaultValue: uid=reva,ou=sysusers,o=libregraph-idm type: string description: LDAP DN to use for simple bind authentication with the target LDAP @@ -8419,7 +8500,7 @@ OCIS_LDAP_BIND_DN: removalVersion: "" deprecationInfo: "" OCIS_LDAP_BIND_PASSWORD: - name: OCIS_LDAP_BIND_PASSWORD;AUTH_BASIC_LDAP_BIND_PASSWORD + name: OCIS_LDAP_BIND_PASSWORD;GROUPS_LDAP_BIND_PASSWORD defaultValue: "" type: string description: Password to use for authenticating the 'bind_dn'. @@ -8428,7 +8509,7 @@ OCIS_LDAP_BIND_PASSWORD: removalVersion: "" deprecationInfo: "" OCIS_LDAP_CACERT: - name: OCIS_LDAP_CACERT;AUTH_BASIC_LDAP_CACERT + name: OCIS_LDAP_CACERT;GROUPS_LDAP_CACERT defaultValue: /var/lib/ocis/idm/ldap.crt type: string description: Path/File name for the root CA certificate (in PEM format) used to @@ -8439,20 +8520,20 @@ OCIS_LDAP_CACERT: removalVersion: "" deprecationInfo: "" OCIS_LDAP_DISABLE_USER_MECHANISM: - name: OCIS_LDAP_DISABLE_USER_MECHANISM;AUTH_BASIC_DISABLE_USER_MECHANISM + name: OCIS_LDAP_DISABLE_USER_MECHANISM;GRAPH_DISABLE_USER_MECHANISM defaultValue: attribute type: string - description: An option to control the behavior for disabling users. Valid options + description: An option to control the behavior for disabling users. Supported options are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API will add the user to the configured group for disabled users, if set to 'attribute' this will be done in the ldap user entry, if set to 'none' the disable request - is not processed. + is not processed. Default is 'attribute'. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_DISABLED_USERS_GROUP_DN: - name: OCIS_LDAP_DISABLED_USERS_GROUP_DN;AUTH_BASIC_DISABLED_USERS_GROUP_DN + name: OCIS_LDAP_DISABLED_USERS_GROUP_DN;GRAPH_DISABLED_USERS_GROUP_DN defaultValue: cn=DisabledUsersGroup,ou=groups,o=libregraph-idm type: string description: The distinguished name of the group to which added users will be classified @@ -8462,7 +8543,7 @@ OCIS_LDAP_DISABLED_USERS_GROUP_DN: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_BASE_DN: - name: OCIS_LDAP_GROUP_BASE_DN;AUTH_BASIC_LDAP_GROUP_BASE_DN + name: OCIS_LDAP_GROUP_BASE_DN;GROUPS_LDAP_GROUP_BASE_DN defaultValue: ou=groups,o=libregraph-idm type: string description: Search base DN for looking up LDAP groups. @@ -8471,7 +8552,7 @@ OCIS_LDAP_GROUP_BASE_DN: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_FILTER: - name: OCIS_LDAP_GROUP_FILTER;AUTH_BASIC_LDAP_GROUP_FILTER + name: OCIS_LDAP_GROUP_FILTER;GROUPS_LDAP_GROUP_FILTER defaultValue: "" type: string description: LDAP filter to add to the default filters for group searches. @@ -8480,7 +8561,7 @@ OCIS_LDAP_GROUP_FILTER: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_OBJECTCLASS: - name: OCIS_LDAP_GROUP_OBJECTCLASS;AUTH_BASIC_LDAP_GROUP_OBJECTCLASS + name: OCIS_LDAP_GROUP_OBJECTCLASS;GROUPS_LDAP_GROUP_OBJECTCLASS defaultValue: groupOfNames type: string description: The object class to use for groups in the default group search filter @@ -8490,7 +8571,7 @@ OCIS_LDAP_GROUP_OBJECTCLASS: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME: - name: OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME;AUTH_BASIC_LDAP_GROUP_SCHEMA_DISPLAYNAME + name: OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME;GROUPS_LDAP_GROUP_SCHEMA_DISPLAYNAME defaultValue: cn type: string description: LDAP Attribute to use for the displayname of groups (often the same @@ -8500,7 +8581,7 @@ OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_GROUPNAME: - name: OCIS_LDAP_GROUP_SCHEMA_GROUPNAME;AUTH_BASIC_LDAP_GROUP_SCHEMA_GROUPNAME + name: OCIS_LDAP_GROUP_SCHEMA_GROUPNAME;GROUPS_LDAP_GROUP_SCHEMA_GROUPNAME defaultValue: cn type: string description: LDAP Attribute to use for the name of groups. @@ -8509,28 +8590,28 @@ OCIS_LDAP_GROUP_SCHEMA_GROUPNAME: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_ID: - name: OCIS_LDAP_GROUP_SCHEMA_ID;AUTH_BASIC_LDAP_GROUP_SCHEMA_ID + name: OCIS_LDAP_GROUP_SCHEMA_ID;GROUPS_LDAP_GROUP_SCHEMA_ID defaultValue: ownclouduuid type: string description: LDAP Attribute to use as the unique id for groups. This should be a - stable globally unique id (e.g. a UUID). + stable globally unique ID like a UUID. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING: - name: OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING;AUTH_BASIC_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING + name: OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING;GROUPS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING defaultValue: "false" type: bool description: Set this to true if the defined 'id' attribute for groups is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute - of Active Directory for the group IDs. + of Active Directory for the group ID's. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_MAIL: - name: OCIS_LDAP_GROUP_SCHEMA_MAIL;AUTH_BASIC_LDAP_GROUP_SCHEMA_MAIL + name: OCIS_LDAP_GROUP_SCHEMA_MAIL;GROUPS_LDAP_GROUP_SCHEMA_MAIL defaultValue: mail type: string description: LDAP Attribute to use for the email address of groups (can be empty). @@ -8539,7 +8620,7 @@ OCIS_LDAP_GROUP_SCHEMA_MAIL: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_MEMBER: - name: OCIS_LDAP_GROUP_SCHEMA_MEMBER;AUTH_BASIC_LDAP_GROUP_SCHEMA_MEMBER + name: OCIS_LDAP_GROUP_SCHEMA_MEMBER;GROUPS_LDAP_GROUP_SCHEMA_MEMBER defaultValue: member type: string description: LDAP Attribute that is used for group members. @@ -8548,17 +8629,17 @@ OCIS_LDAP_GROUP_SCHEMA_MEMBER: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCOPE: - name: OCIS_LDAP_GROUP_SCOPE;AUTH_BASIC_LDAP_GROUP_SCOPE + name: OCIS_LDAP_GROUP_SCOPE;GROUPS_LDAP_GROUP_SCOPE defaultValue: sub type: string - description: LDAP search scope to use when looking up groups. Supported values are + description: LDAP search scope to use when looking up groups. Supported scopes are 'base', 'one' and 'sub'. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_INSECURE: - name: OCIS_LDAP_INSECURE;AUTH_BASIC_LDAP_INSECURE + name: OCIS_LDAP_INSECURE;GROUPS_LDAP_INSECURE defaultValue: "false" type: bool description: Disable TLS certificate validation for the LDAP connections. Do not @@ -8580,7 +8661,7 @@ OCIS_LDAP_SERVER_WRITE_ENABLED: removalVersion: "" deprecationInfo: "" OCIS_LDAP_URI: - name: OCIS_LDAP_URI;AUTH_BASIC_LDAP_URI + name: OCIS_LDAP_URI;GROUPS_LDAP_URI defaultValue: ldaps://localhost:9235 type: string description: URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' @@ -8590,7 +8671,7 @@ OCIS_LDAP_URI: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_BASE_DN: - name: OCIS_LDAP_USER_BASE_DN;AUTH_BASIC_LDAP_USER_BASE_DN + name: OCIS_LDAP_USER_BASE_DN;GROUPS_LDAP_USER_BASE_DN defaultValue: ou=users,o=libregraph-idm type: string description: Search base DN for looking up LDAP users. @@ -8599,16 +8680,16 @@ OCIS_LDAP_USER_BASE_DN: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_ENABLED_ATTRIBUTE: - name: OCIS_LDAP_USER_ENABLED_ATTRIBUTE;AUTH_BASIC_LDAP_USER_ENABLED_ATTRIBUTE + name: OCIS_LDAP_USER_ENABLED_ATTRIBUTE;GRAPH_USER_ENABLED_ATTRIBUTE defaultValue: ownCloudUserEnabled type: string - description: LDAP attribute to use as a flag telling if the user is enabled or disabled. + description: LDAP Attribute to use as a flag telling if the user is enabled or disabled. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_FILTER: - name: OCIS_LDAP_USER_FILTER;AUTH_BASIC_LDAP_USER_FILTER + name: OCIS_LDAP_USER_FILTER;GROUPS_LDAP_USER_FILTER defaultValue: "" type: string description: LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'. @@ -8617,7 +8698,7 @@ OCIS_LDAP_USER_FILTER: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_OBJECTCLASS: - name: OCIS_LDAP_USER_OBJECTCLASS;AUTH_BASIC_LDAP_USER_OBJECTCLASS + name: OCIS_LDAP_USER_OBJECTCLASS;GROUPS_LDAP_USER_OBJECTCLASS defaultValue: inetOrgPerson type: string description: The object class to use for users in the default user search filter @@ -8627,7 +8708,7 @@ OCIS_LDAP_USER_OBJECTCLASS: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_DISPLAYNAME: - name: OCIS_LDAP_USER_SCHEMA_DISPLAYNAME;AUTH_BASIC_LDAP_USER_SCHEMA_DISPLAYNAME + name: OCIS_LDAP_USER_SCHEMA_DISPLAYNAME;GROUPS_LDAP_USER_SCHEMA_DISPLAYNAME defaultValue: displayname type: string description: LDAP Attribute to use for the displayname of users. @@ -8636,28 +8717,28 @@ OCIS_LDAP_USER_SCHEMA_DISPLAYNAME: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_ID: - name: OCIS_LDAP_USER_SCHEMA_ID;AUTH_BASIC_LDAP_USER_SCHEMA_ID + name: OCIS_LDAP_USER_SCHEMA_ID;GROUPS_LDAP_USER_SCHEMA_ID defaultValue: ownclouduuid type: string - description: LDAP Attribute to use as the unique ID for users. This should be a - stable globally unique ID like a UUID. + description: LDAP Attribute to use as the unique id for users. This should be a + stable globally unique id like a UUID. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING: - name: OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING;AUTH_BASIC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING + name: OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING;GROUPS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING defaultValue: "false" type: bool description: Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute - of Active Directory for the user IDs. + of Active Directory for the user ID's. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_MAIL: - name: OCIS_LDAP_USER_SCHEMA_MAIL;AUTH_BASIC_LDAP_USER_SCHEMA_MAIL + name: OCIS_LDAP_USER_SCHEMA_MAIL;GROUPS_LDAP_USER_SCHEMA_MAIL defaultValue: mail type: string description: LDAP Attribute to use for the email address of users. @@ -8666,7 +8747,7 @@ OCIS_LDAP_USER_SCHEMA_MAIL: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_USER_TYPE: - name: OCIS_LDAP_USER_SCHEMA_USER_TYPE;USERS_LDAP_USER_TYPE_ATTRIBUTE + name: OCIS_LDAP_USER_SCHEMA_USER_TYPE;GRAPH_LDAP_USER_TYPE_ATTRIBUTE defaultValue: ownCloudUserType type: string description: LDAP Attribute to distinguish between 'Member' and 'Guest' users. Default @@ -8676,7 +8757,7 @@ OCIS_LDAP_USER_SCHEMA_USER_TYPE: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_USERNAME: - name: OCIS_LDAP_USER_SCHEMA_USERNAME;AUTH_BASIC_LDAP_USER_SCHEMA_USERNAME + name: OCIS_LDAP_USER_SCHEMA_USERNAME;GROUPS_LDAP_USER_SCHEMA_USERNAME defaultValue: uid type: string description: LDAP Attribute to use for username of users. @@ -8685,17 +8766,17 @@ OCIS_LDAP_USER_SCHEMA_USERNAME: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCOPE: - name: OCIS_LDAP_USER_SCOPE;AUTH_BASIC_LDAP_USER_SCOPE + name: OCIS_LDAP_USER_SCOPE;GROUPS_LDAP_USER_SCOPE defaultValue: sub type: string - description: LDAP search scope to use when looking up users. Supported values are + description: LDAP search scope to use when looking up users. Supported scopes are 'base', 'one' and 'sub'. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LOG_COLOR: - name: OCIS_LOG_COLOR;AUTH_BASIC_LOG_COLOR + name: OCIS_LOG_COLOR;SETTINGS_LOG_COLOR defaultValue: "false" type: bool description: Activates colorized log output. @@ -8704,7 +8785,7 @@ OCIS_LOG_COLOR: removalVersion: "" deprecationInfo: "" OCIS_LOG_FILE: - name: OCIS_LOG_FILE;AUTH_BASIC_LOG_FILE + name: OCIS_LOG_FILE;SETTINGS_LOG_FILE defaultValue: "" type: string description: The path to the log file. Activates logging to this file if set. @@ -8713,7 +8794,7 @@ OCIS_LOG_FILE: removalVersion: "" deprecationInfo: "" OCIS_LOG_LEVEL: - name: OCIS_LOG_LEVEL;AUTH_BASIC_LOG_LEVEL + name: OCIS_LOG_LEVEL;SETTINGS_LOG_LEVEL defaultValue: "" type: string description: 'The log level. Valid values are: ''panic'', ''fatal'', ''error'', @@ -8723,7 +8804,7 @@ OCIS_LOG_LEVEL: removalVersion: "" deprecationInfo: "" OCIS_LOG_PRETTY: - name: OCIS_LOG_PRETTY;AUTH_BASIC_LOG_PRETTY + name: OCIS_LOG_PRETTY;SETTINGS_LOG_PRETTY defaultValue: "false" type: bool description: Activates pretty log output. @@ -8753,11 +8834,11 @@ OCIS_OIDC_CLIENT_ID: removalVersion: "" deprecationInfo: "" OCIS_OIDC_ISSUER: - name: OCIS_URL;OCIS_OIDC_ISSUER;AUTH_BASIC_IDP_URL + name: OCIS_URL;OCIS_OIDC_ISSUER;GROUPS_IDP_URL defaultValue: https://localhost:9200 type: string - description: The identity provider value to set in the userids of the CS3 user objects - for users returned by this user provider. + description: The identity provider value to set in the group IDs of the CS3 group + objects for groups returned by this group provider. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -8933,17 +9014,19 @@ OCIS_REVA_GATEWAY_TLS_MODE: removalVersion: "" deprecationInfo: "" OCIS_SERVICE_ACCOUNT_ID: - name: OCIS_SERVICE_ACCOUNT_ID;AUTH_SERVICE_SERVICE_ACCOUNT_ID + name: SETTINGS_SERVICE_ACCOUNT_IDS;OCIS_SERVICE_ACCOUNT_ID defaultValue: "" - type: string - description: The ID of the service account the service should use. See the 'auth-service' - service description for more details. + type: '[]string' + description: 'The list of all service account IDs. These will be assigned the hidden + ''service-account'' role. Note: When using ''OCIS_SERVICE_ACCOUNT_ID'' this will + contain only one value while ''SETTINGS_SERVICE_ACCOUNT_IDS'' can have multiple. + See the ''auth-service'' service description for more details about service accounts.' introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_SERVICE_ACCOUNT_SECRET: - name: OCIS_SERVICE_ACCOUNT_SECRET;AUTH_SERVICE_SERVICE_ACCOUNT_SECRET + name: OCIS_SERVICE_ACCOUNT_SECRET;GRAPH_SERVICE_ACCOUNT_SECRET defaultValue: "" type: string description: The service account secret. @@ -8984,12 +9067,11 @@ OCIS_SHOW_USER_EMAIL_IN_RESULTS: removalVersion: "" deprecationInfo: "" OCIS_SPACES_MAX_QUOTA: - name: OCIS_SPACES_MAX_QUOTA;STORAGE_USERS_OCIS_MAX_QUOTA + name: OCIS_SPACES_MAX_QUOTA;FRONTEND_MAX_QUOTA defaultValue: "0" type: uint64 - description: Set a global max quota for spaces in bytes. A value of 0 equals unlimited. - If not using the global OCIS_SPACES_MAX_QUOTA, you must define the FRONTEND_MAX_QUOTA - in the frontend service. + description: Set the global max quota value in bytes. A value of 0 equals unlimited. + The value is provided via capabilities. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -9025,7 +9107,7 @@ OCIS_SYSTEM_USER_IDP: removalVersion: "" deprecationInfo: "" OCIS_TRACING_COLLECTOR: - name: OCIS_TRACING_COLLECTOR;AUTH_BASIC_TRACING_COLLECTOR + name: OCIS_TRACING_COLLECTOR;SETTINGS_TRACING_COLLECTOR defaultValue: "" type: string description: The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. @@ -9035,7 +9117,7 @@ OCIS_TRACING_COLLECTOR: removalVersion: "" deprecationInfo: "" OCIS_TRACING_ENABLED: - name: OCIS_TRACING_ENABLED;AUTH_BASIC_TRACING_ENABLED + name: OCIS_TRACING_ENABLED;SETTINGS_TRACING_ENABLED defaultValue: "false" type: bool description: Activates tracing. @@ -9044,7 +9126,7 @@ OCIS_TRACING_ENABLED: removalVersion: "" deprecationInfo: "" OCIS_TRACING_ENDPOINT: - name: OCIS_TRACING_ENDPOINT;AUTH_BASIC_TRACING_ENDPOINT + name: OCIS_TRACING_ENDPOINT;SETTINGS_TRACING_ENDPOINT defaultValue: "" type: string description: The endpoint of the tracing agent. @@ -9053,7 +9135,7 @@ OCIS_TRACING_ENDPOINT: removalVersion: "" deprecationInfo: "" OCIS_TRACING_TYPE: - name: OCIS_TRACING_TYPE;AUTH_BASIC_TRACING_TYPE + name: OCIS_TRACING_TYPE;SETTINGS_TRACING_TYPE defaultValue: "" type: string description: The type of tracing. Defaults to '', which is the same as 'jaeger'. @@ -9066,13 +9148,13 @@ OCIS_TRANSFER_SECRET: name: OCIS_TRANSFER_SECRET defaultValue: "" type: string - description: Transfer secret for signing file up- and download requests. + description: The storage transfer secret. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_TRANSLATION_PATH: - name: OCIS_TRANSLATION_PATH;ACTIVITYLOG_TRANSLATION_PATH + name: OCIS_TRANSLATION_PATH;GRAPH_TRANSLATION_PATH defaultValue: "" type: string description: (optional) Set this to a path with custom translations to overwrite @@ -9083,22 +9165,21 @@ OCIS_TRANSLATION_PATH: removalVersion: "" deprecationInfo: "" OCIS_URL: - name: OCIS_URL;OCIS_OIDC_ISSUER;AUTH_BASIC_IDP_URL + name: OCIS_URL;OCIS_OIDC_ISSUER;GROUPS_IDP_URL defaultValue: https://localhost:9200 type: string - description: The identity provider value to set in the userids of the CS3 user objects - for users returned by this user provider. + description: The identity provider value to set in the group IDs of the CS3 group + objects for groups returned by this group provider. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_WOPI_DISABLE_CHAT: - name: COLLABORATION_WOPI_DISABLE_CHAT;OCIS_WOPI_DISABLE_CHAT + name: APP_PROVIDER_WOPI_DISABLE_CHAT;OCIS_WOPI_DISABLE_CHAT defaultValue: "false" type: bool - description: Disable chat in the office web frontend. This feature applies to OnlyOffice - and Microsoft. - introductionVersion: 7.0.0 + description: Disable the chat functionality of the office app. + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -9474,6 +9555,16 @@ OCM_OCM_SHAREPROVIDER_JSON_FILE: deprecationVersion: "" removalVersion: "" deprecationInfo: "" +OCM_OCM_STORAGE_DATA_SERVER_URL: + name: OCM_OCM_STORAGE_DATA_SERVER_URL + defaultValue: http://localhost:9280/data + type: string + description: URL of the data server, needs to be reachable by the data gateway provided + by the frontend service or the user if directly exposed. + introductionVersion: 7.0.0 + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" OCM_OCM_STORAGE_PROVIDER_INSECURE: name: OCM_OCM_STORAGE_PROVIDER_INSECURE defaultValue: "false" @@ -12512,6 +12603,16 @@ SSE_JWT_SECRET: deprecationVersion: "" removalVersion: "" deprecationInfo: "" +SSE_KEEPALIVE_INTERVAL: + name: SSE_KEEPALIVE_INTERVAL + defaultValue: 0s + type: Duration + description: To prevent intermediate proxies from closing the SSE connection, send + periodic SSE comments to keep it open. + introductionVersion: "7.0" + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" SSE_LOG_COLOR: name: OCIS_LOG_COLOR;SSE_LOG_COLOR defaultValue: "false"