From f538b4f925275528374f102af1bcc78871b0f892 Mon Sep 17 00:00:00 2001 From: Christian Richter Date: Wed, 15 Jun 2022 11:05:22 +0200 Subject: [PATCH 1/3] add missing descriptions Signed-off-by: Christian Richter --- extensions/audit/pkg/config/log.go | 8 +-- extensions/auth-machine/pkg/config/config.go | 2 + extensions/frontend/pkg/config/config.go | 38 ++++++------- extensions/groups/pkg/config/config.go | 1 + extensions/idp/pkg/config/config.go | 58 ++++++++++---------- extensions/ocdav/pkg/config/config.go | 4 +- extensions/proxy/pkg/config/config.go | 6 +- 7 files changed, 60 insertions(+), 57 deletions(-) diff --git a/extensions/audit/pkg/config/log.go b/extensions/audit/pkg/config/log.go index 97eb9b3974..51a0252ad7 100644 --- a/extensions/audit/pkg/config/log.go +++ b/extensions/audit/pkg/config/log.go @@ -2,8 +2,8 @@ package config // Log defines the available log configuration. type Log struct { - Level string `mapstructure:"level" env:"OCIS_LOG_LEVEL;AUDIT_LOG_LEVEL" desc:"The log level. Valid values are: \"panic\", \"fatal\", \"error\", \"warn\", \"info\", \"debug\", \"trace\"."` - Pretty bool `mapstructure:"pretty" env:"OCIS_LOG_PRETTY;AUDIT_LOG_PRETTY" desc:"Activates pretty log output."` - Color bool `mapstructure:"color" env:"OCIS_LOG_COLOR;AUDIT_LOG_COLOR" desc:"Activates colorized log output."` - File string `mapstructure:"file" env:"OCIS_LOG_FILE;AUDIT_LOG_FILE" desc:"The path to the log file. Activates logging to this file if set."` + Level string `yaml:"level" env:"OCIS_LOG_LEVEL;AUDIT_LOG_LEVEL" desc:"The log level. Valid values are: \"panic\", \"fatal\", \"error\", \"warn\", \"info\", \"debug\", \"trace\"."` + Pretty bool `yaml:"pretty" env:"OCIS_LOG_PRETTY;AUDIT_LOG_PRETTY" desc:"Activates pretty log output."` + Color bool `yaml:"color" env:"OCIS_LOG_COLOR;AUDIT_LOG_COLOR" desc:"Activates colorized log output."` + File string `yaml:"file" env:"OCIS_LOG_FILE;AUDIT_LOG_FILE" desc:"The path to the log file. Activates logging to this file if set."` } diff --git a/extensions/auth-machine/pkg/config/config.go b/extensions/auth-machine/pkg/config/config.go index e2a363c3e1..4e40a79e3c 100644 --- a/extensions/auth-machine/pkg/config/config.go +++ b/extensions/auth-machine/pkg/config/config.go @@ -20,6 +20,8 @@ type Config struct { SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"AUTH_MACHINE_SKIP_USER_GROUPS_IN_TOKEN" desc:"Skip storing all groups of a user in the jwt token."` + SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"AUTH_MACHINE_SKIP_USER_GROUPS_IN_TOKEN" desc:"Disables the encoding of the user's groupmember ships in the reva access token. To reduces token size, especially when users are members of a large number of groups."` + MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;AUTH_MACHINE_API_KEY" desc:"Machine auth API key used for validating requests from other services when impersonating users."` Supervised bool `yaml:"-"` diff --git a/extensions/frontend/pkg/config/config.go b/extensions/frontend/pkg/config/config.go index f77e041c86..5733220f6d 100644 --- a/extensions/frontend/pkg/config/config.go +++ b/extensions/frontend/pkg/config/config.go @@ -21,18 +21,18 @@ type Config struct { TokenManager *TokenManager `yaml:"token_manager"` Reva *Reva `yaml:"reva"` - MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;FRONTEND_MACHINE_AUTH_API_KEY" desc: "Machine auth API key used for accessing the 'auth-machine' service to impersonate users."` + MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;FRONTEND_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used for accessing the 'auth-machine' service."` - SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"FRONTEND_SKIP_USER_GROUPS_IN_TOKEN"` + SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"FRONTEND_SKIP_USER_GROUPS_IN_TOKEN" desc:"Disables the encoding of the user's groupmember ships in the reva access token. To reduces token size, especially when users are members of a large number of groups."` - EnableFavorites bool `yaml:"enable_favorites" env:"FRONTEND_ENABLE_FAVORITES"` + EnableFavorites bool `yaml:"enable_favorites" env:"FRONTEND_ENABLE_FAVORITES" desc:"Disables the support for favorites in the frontend."` EnableProjectSpaces bool `yaml:"enable_project_spaces" env:"FRONTEND_ENABLE_PROJECT_SPACES" desc:"Indicates to clients that project spaces are supposed to be made available."` EnableShareJail bool `yaml:"enable_share_jail" env:"FRONTEND_ENABLE_SHARE_JAIL" desc:"Indicates to clients that the share jail is supposed to be used."` - UploadMaxChunkSize int `yaml:"upload_max_chunk_size" env:"FRONTEND_UPLOAD_MAX_CHUNK_SIZE"` - UploadHTTPMethodOverride string `yaml:"upload_http_method_override" env:"FRONTEND_UPLOAD_HTTP_METHOD_OVERRIDE"` - DefaultUploadProtocol string `yaml:"default_upload_protocol" env:"FRONTEND_DEFAULT_UPLOAD_PROTOCOL"` + UploadMaxChunkSize int `yaml:"upload_max_chunk_size" env:"FRONTEND_UPLOAD_MAX_CHUNK_SIZE" desc:"Sets the max chunk sizes for uploads via the frontent." ` + UploadHTTPMethodOverride string `yaml:"upload_http_method_override" env:"FRONTEND_UPLOAD_HTTP_METHOD_OVERRIDE" desc:"Advice TUS which to replace PATCH requests by POST requests."` + DefaultUploadProtocol string `yaml:"default_upload_protocol" env:"FRONTEND_DEFAULT_UPLOAD_PROTOCOL" desc:"The default upload protocol to use in the frontend (e.g. tus)."` - PublicURL string `yaml:"public_url" env:"OCIS_URL;FRONTEND_PUBLIC_URL"` + PublicURL string `yaml:"public_url" env:"OCIS_URL;FRONTEND_PUBLIC_URL" desc:"The public facing url of the ocis frontend."` AppHandler AppHandler `yaml:"app_handler"` Archiver Archiver `yaml:"archiver"` @@ -74,7 +74,7 @@ type HTTPConfig struct { Addr string `yaml:"addr" env:"FRONTEND_HTTP_ADDR" desc:"The address of the http service."` Namespace string `yaml:"-"` Protocol string `yaml:"protocol" env:"FRONTEND_HTTP_PROTOCOL" desc:"The transport protocol of the http service."` - Prefix string `yaml:"prefix" env:"FRONTEND_HTTP_PREFIX"` + Prefix string `yaml:"prefix" env:"FRONTEND_HTTP_PREFIX" desc:"The Path prefix where the frontend can be accesses (defaults to /)."` } // Middleware configures reva middlewares. @@ -89,14 +89,14 @@ type Auth struct { type AppHandler struct { Prefix string `yaml:"-"` - Insecure bool `yaml:"insecure" env:"OCIS_INSECURE;FRONTEND_APP_HANDLER_INSECURE"` + Insecure bool `yaml:"insecure" env:"OCIS_INSECURE;FRONTEND_APP_HANDLER_INSECURE" desc:"Allow insecure connections to the frontend."` } type Archiver struct { - MaxNumFiles int64 `yaml:"max_num_files" env:"FRONTEND_ARCHIVER_MAX_NUM_FILES"` - MaxSize int64 `yaml:"max_size" env:"FRONTEND_ARCHIVER_MAX_SIZE"` + MaxNumFiles int64 `yaml:"max_num_files" env:"FRONTEND_ARCHIVER_MAX_NUM_FILES" desc:"Max number of files that can be packed into an archive."` + MaxSize int64 `yaml:"max_size" env:"FRONTEND_ARCHIVER_MAX_SIZE" desc:"Max size of the zip archive the archiver can create."` Prefix string `yaml:"-"` - Insecure bool `yaml:"insecure" env:"OCIS_INSECURE;FRONTEND_ARCHIVER_INSECURE"` + Insecure bool `yaml:"insecure" env:"OCIS_INSECURE;FRONTEND_ARCHIVER_INSECURE" desc:"Allow insecure connections to the archiver."` } type DataGateway struct { @@ -104,11 +104,11 @@ type DataGateway struct { } type OCS struct { - Prefix string `yaml:"prefix" env:"FRONTEND_OCS_PREFIX"` - SharePrefix string `yaml:"share_prefix" env:"FRONTEND_OCS_SHARE_PREFIX"` - HomeNamespace string `yaml:"home_namespace" env:"FRONTEND_OCS_HOME_NAMESPACE"` - AdditionalInfoAttribute string `yaml:"additional_info_attribute" env:"FRONTEND_OCS_ADDITIONAL_INFO_ATTRIBUTE"` - ResourceInfoCacheTTL int `yaml:"resource_info_cache_ttl" env:"FRONTEND_OCS_RESOURCE_INFO_CACHE_TTL"` + Prefix string `yaml:"prefix" env:"FRONTEND_OCS_PREFIX" desc:"Path prefix for the ocs service"` + SharePrefix string `yaml:"share_prefix" env:"FRONTEND_OCS_SHARE_PREFIX" desc:"Path prefix for shares."` + HomeNamespace string `yaml:"home_namespace" env:"FRONTEND_OCS_HOME_NAMESPACE" desc:"Homespace namespace identifier."` + AdditionalInfoAttribute string `yaml:"additional_info_attribute" env:"FRONTEND_OCS_ADDITIONAL_INFO_ATTRIBUTE" desc:"Additional information attribute for the user (e.g. {{.Mail}}"` + ResourceInfoCacheTTL int `yaml:"resource_info_cache_ttl" env:"FRONTEND_OCS_RESOURCE_INFO_CACHE_TTL" desc:"Max TTL for the resource info cache"` CacheWarmupDriver string `yaml:"cache_warmup_driver,omitempty"` // not supported by the oCIS product, therefore not part of docs CacheWarmupDrivers CacheWarmupDrivers `yaml:"cache_warmup_drivers,omitempty"` // not supported by the oCIS product, therefore not part of docs } @@ -127,6 +127,6 @@ type CBOXDriver struct { } type Checksums struct { - SupportedTypes []string `yaml:"supported_types" env:"FRONTEND_CHECKSUMS_SUPPORTED_TYPES"` - PreferredUploadType string `yaml:"preferred_upload_type" env:"FRONTEND_CHECKSUMS_PREFERRED_UPLOAD_TYPES"` + SupportedTypes []string `yaml:"supported_types" env:"FRONTEND_CHECKSUMS_SUPPORTED_TYPES" desc:"Supported checksum types to be announced to the client (e.g. md5)"` + PreferredUploadType string `yaml:"preferred_upload_type" env:"FRONTEND_CHECKSUMS_PREFERRED_UPLOAD_TYPES" desc:"Prefered checksum types to be announced to the client for uploads (e.g. md5)"` } diff --git a/extensions/groups/pkg/config/config.go b/extensions/groups/pkg/config/config.go index b4784fe5e7..55d6dcf9ca 100644 --- a/extensions/groups/pkg/config/config.go +++ b/extensions/groups/pkg/config/config.go @@ -64,6 +64,7 @@ type Drivers struct { JSON JSONDriver `yaml:"json,omitempty"` // not supported by the oCIS product, therefore not part of docs REST RESTProvider `yaml:"rest,omitempty"` // not supported by the oCIS product, therefore not part of docs } + type LDAPDriver struct { URI string `yaml:"uri" env:"LDAP_URI;GROUPS_LDAP_URI" desc:"URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://'"` CACert string `yaml:"ca_cert" env:"LDAP_CACERT;GROUPS_LDAP_CACERT" desc:"Path to a CA certificate file for validating the LDAP server's TLS certificate. If empty the system default CA bundle will be used."` diff --git a/extensions/idp/pkg/config/config.go b/extensions/idp/pkg/config/config.go index e488056270..7726430244 100644 --- a/extensions/idp/pkg/config/config.go +++ b/extensions/idp/pkg/config/config.go @@ -32,28 +32,28 @@ type Config struct { // Ldap defines the available LDAP configuration. type Ldap struct { - URI string `yaml:"uri" env:"LDAP_URI;IDP_LDAP_URI"` - TLSCACert string `yaml:"cacert" env:"LDAP_CACERT;IDP_LDAP_TLS_CACERT"` + URI string `yaml:"uri" env:"LDAP_URI;IDP_LDAP_URI" desc:"Url of the LDAP service to use as idp."` + TLSCACert string `yaml:"cacert" env:"LDAP_CACERT;IDP_LDAP_TLS_CACERT" desc:"Path to the tls cert for the ldap service."` - BindDN string `yaml:"bind_dn" env:"LDAP_BIND_DN;IDP_LDAP_BIND_DN"` - BindPassword string `yaml:"bind_password" env:"LDAP_BIND_PASSWORD;IDP_LDAP_BIND_PASSWORD"` + BindDN string `yaml:"bind_dn" env:"LDAP_BIND_DN;IDP_LDAP_BIND_DN" desc:"LDAP DN to use for simple bind authentication with the target LDAP server."` + BindPassword string `yaml:"bind_password" env:"LDAP_BIND_PASSWORD;IDP_LDAP_BIND_PASSWORD" desc:"Password to use for authenticating the 'bind_dn'."` - BaseDN string `yaml:"base_dn" env:"LDAP_USER_BASE_DN;IDP_LDAP_BASE_DN"` - Scope string `yaml:"scope" env:"LDAP_USER_SCOPE;IDP_LDAP_SCOPE"` + BaseDN string `yaml:"base_dn" env:"LDAP_USER_BASE_DN;IDP_LDAP_BASE_DN" desc:"Search base DN for looking up LDAP users."` + Scope string `yaml:"scope" env:"LDAP_USER_SCOPE;IDP_LDAP_SCOPE" desc:"LDAP search scope to use when looking up users ('base', 'one', 'sub')."` - LoginAttribute string `yaml:"login_attribute" env:"IDP_LDAP_LOGIN_ATTRIBUTE"` - EmailAttribute string `yaml:"email_attribute" env:"LDAP_USER_SCHEMA_MAIL;IDP_LDAP_EMAIL_ATTRIBUTE"` - NameAttribute string `yaml:"name_attribute" env:"LDAP_USER_SCHEMA_USERNAME;IDP_LDAP_NAME_ATTRIBUTE"` - UUIDAttribute string `yaml:"uuid_attribute" env:"LDAP_USER_SCHEMA_ID;IDP_LDAP_UUID_ATTRIBUTE"` - UUIDAttributeType string `yaml:"uuid_attribute_type" env:"IDP_LDAP_UUID_ATTRIBUTE_TYPE"` + LoginAttribute string `yaml:"login_attribute" env:"IDP_LDAP_LOGIN_ATTRIBUTE" desc:"LDAP User attribute to use for login (e.g. uid)."` + EmailAttribute string `yaml:"email_attribute" env:"LDAP_USER_SCHEMA_MAIL;IDP_LDAP_EMAIL_ATTRIBUTE" desc:"LDAP User email attribute (e.g. mail)."` + NameAttribute string `yaml:"name_attribute" env:"LDAP_USER_SCHEMA_USERNAME;IDP_LDAP_NAME_ATTRIBUTE" desc:"LDAP User name attribute (e.g. displayName)."` + UUIDAttribute string `yaml:"uuid_attribute" env:"LDAP_USER_SCHEMA_ID;IDP_LDAP_UUID_ATTRIBUTE" desc:"LDAP User uuid attribute (e.g. uid)."` + UUIDAttributeType string `yaml:"uuid_attribute_type" env:"IDP_LDAP_UUID_ATTRIBUTE_TYPE" desc:"LDAP User uuid attribute type (e.g. text)."` - Filter string `yaml:"filter" env:"LDAP_USER_FILTER;IDP_LDAP_FILTER"` - ObjectClass string `yaml:"objectclass" env:"LDAP_USER_OBJECTCLASS;IDP_LDAP_OBJECTCLASS"` + Filter string `yaml:"filter" env:"LDAP_USER_FILTER;IDP_LDAP_FILTER" desc:"LDAP filter to add to the default filters for user search (e.g. '(objectclass=ownCloud)')."` + ObjectClass string `yaml:"objectclass" env:"LDAP_USER_OBJECTCLASS;IDP_LDAP_OBJECTCLASS" desc:"LDAP User ObjectClass (e.g. inetOrgPerson)."` } // Asset defines the available asset configuration. type Asset struct { - Path string `yaml:"asset" env:"IDP_ASSET_PATH"` + Path string `yaml:"asset" env:"IDP_ASSET_PATH" desc:"Defines the path for the IDP assets."` } type Client struct { @@ -74,13 +74,13 @@ type Settings struct { IdentityManager string `yaml:"identity_manager" env:"IDP_IDENTITY_MANAGER" desc:"The identity manager implementation to use, defaults to 'ldap', can be changed to 'cs3', 'kc', 'libregraph', 'cookie' or 'guest'."` - URIBasePath string `yaml:"uri_base_path" env:"IDP_URI_BASE_PATH"` + URIBasePath string `yaml:"uri_base_path" env:"IDP_URI_BASE_PATH" desc:"Idp uri base path (defaults to \"\")."` - SignInURI string `yaml:"sign_in_uri" env:"IDP_SIGN_IN_URI"` - SignedOutURI string `yaml:"signed_out_uri" env:"IDP_SIGN_OUT_URI"` + SignInURI string `yaml:"sign_in_uri" env:"IDP_SIGN_IN_URI" desc:"Idp sign-in url."` + SignedOutURI string `yaml:"signed_out_uri" env:"IDP_SIGN_OUT_URI" desc:"Idp sign-out url."` - AuthorizationEndpointURI string `yaml:"authorization_endpoint_uri" env:"IDP_ENDPOINT_URI"` - EndsessionEndpointURI string `yaml:"end_session_endpoint_uri" env:"IDP_ENDSESSION_ENDPOINT_URI"` + AuthorizationEndpointURI string `yaml:"authorization_endpoint_uri" env:"IDP_ENDPOINT_URI" desc:"Url of IDP endpoint."` + EndsessionEndpointURI string `yaml:"-"` // unused, not supported by lico-idp Insecure bool `yaml:"insecure" env:"LDAP_INSECURE;IDP_INSECURE" desc:"Allow insecure connections to the user backend (eg. LDAP, CS3 api, ...)."` @@ -90,29 +90,29 @@ type Settings struct { AllowClientGuests bool `yaml:"allow_client_guests" env:"IDP_ALLOW_CLIENT_GUESTS"` AllowDynamicClientRegistration bool `yaml:"allow_dynamic_client_registration" env:"IDP_ALLOW_DYNAMIC_CLIENT_REGISTRATION"` - EncryptionSecretFile string `yaml:"encrypt_secret_file" env:"IDP_ENCRYPTION_SECRET_FILE"` + EncryptionSecretFile string `yaml:"encrypt_secret_file" env:"IDP_ENCRYPTION_SECRET_FILE" desc:"Path to the encryption secret file, if unset, a new certificate will be autogenerated upon each restart, thous invalidating all existing sessions."` Listen string - IdentifierClientDisabled bool `yaml:"identifier_client_disabled" env:"IDP_DISABLE_IDENTIFIER_WEBAPP"` + IdentifierClientDisabled bool `yaml:"-"` // unused IdentifierClientPath string `yaml:"-"` IdentifierRegistrationConf string `yaml:"-"` - IdentifierScopesConf string `yaml:"identifier_scopes_conf" env:"IDP_IDENTIFIER_SCOPES_CONF"` + IdentifierScopesConf string `yaml:"-"` // unused IdentifierDefaultBannerLogo string IdentifierDefaultSignInPageText string IdentifierDefaultUsernameHintText string IdentifierUILocales []string - SigningKid string `yaml:"signing_kid" env:"IDP_SIGNING_KID"` - SigningMethod string `yaml:"signing_method" env:"IDP_SIGNING_METHOD"` - SigningPrivateKeyFiles []string `yaml:"signing_private_key_files" env:"IDP_SIGNING_PRIVATE_KEY_FILES"` - ValidationKeysPath string `yaml:"validation_keys_path" env:"IDP_VALIDATION_KEYS_PATH"` + SigningKid string `yaml:"signing_kid" env:"IDP_SIGNING_KID" desc:"Value of kid field to use in created tokens (uniquely identifying the signing-private-key)."` + SigningMethod string `yaml:"signing_method" env:"IDP_SIGNING_METHOD" desc:"Signing method of idp requests (e.g. PS256)"` + SigningPrivateKeyFiles []string `yaml:"signing_private_key_files" env:"IDP_SIGNING_PRIVATE_KEY_FILES" desc:"Private key files for signing idp requests."` + ValidationKeysPath string `yaml:"validation_keys_path" env:"IDP_VALIDATION_KEYS_PATH" desc:"Path to validation keys for idp requests."` CookieBackendURI string CookieNames []string - AccessTokenDurationSeconds uint64 `yaml:"access_token_duration_seconds" env:"IDP_ACCESS_TOKEN_EXPIRATION"` - IDTokenDurationSeconds uint64 `yaml:"id_token_duration_seconds" env:"IDP_ID_TOKEN_EXPIRATION"` - RefreshTokenDurationSeconds uint64 `yaml:"refresh_token_duration_seconds" env:"IDP_REFRESH_TOKEN_EXPIRATION"` + AccessTokenDurationSeconds uint64 `yaml:"access_token_duration_seconds" env:"IDP_ACCESS_TOKEN_EXPIRATION" desc:"Expiration time for idp access token (in seconds)."` + IDTokenDurationSeconds uint64 `yaml:"id_token_duration_seconds" env:"IDP_ID_TOKEN_EXPIRATION" desc:"Expiration time for idp id tokens (in seconds)."` + RefreshTokenDurationSeconds uint64 `yaml:"refresh_token_duration_seconds" env:"IDP_REFRESH_TOKEN_EXPIRATION" desc:"Expiration time for refresh tokens (in seconds)."` DyamicClientSecretDurationSeconds uint64 `yaml:"dynamic_client_secret_duration_seconds" env:""` } diff --git a/extensions/ocdav/pkg/config/config.go b/extensions/ocdav/pkg/config/config.go index 57cade0056..5b89dce37b 100644 --- a/extensions/ocdav/pkg/config/config.go +++ b/extensions/ocdav/pkg/config/config.go @@ -18,7 +18,7 @@ type Config struct { TokenManager *TokenManager `yaml:"token_manager"` Reva *Reva `yaml:"reva"` - SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"OCDAV_SKIP_USER_GROUPS_IN_TOKEN"` + SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"OCDAV_SKIP_USER_GROUPS_IN_TOKEN" desc:"Disables the encoding of the user's groupmember ships in the reva access token. To reduces token size, especially when users are members of a large number of groups."` WebdavNamespace string `yaml:"webdav_namespace" env:"OCDAV_WEBDAV_NAMESPACE" desc:"Jail requests to /dav/webdav into this CS3 namespace. Supports template layouting with CS3 User properties."` FilesNamespace string `yaml:"files_namespace" env:"OCDAV_FILES_NAMESPACE" desc:"Jail requests to /dav/files/{username} into this CS3 namespace. Supports template layouting with CS3 User properties."` @@ -29,7 +29,7 @@ type Config struct { // Insecure certificates allowed when making requests to the gateway Insecure bool `yaml:"insecure" env:"OCIS_INSECURE;OCDAV_INSECURE"` // Timeout in seconds when making requests to the gateway - Timeout int64 `yaml:"gateway_request_timeout" env:"OCDAV_GATEWAY_REQUEST_TIMEOUT"` + Timeout int64 `yaml:"gateway_request_timeout" env:"OCDAV_GATEWAY_REQUEST_TIMEOUT" desc:"Request timeout for ocdav gateway.` Middleware Middleware `yaml:"middleware"` Context context.Context `yaml:"-"` diff --git a/extensions/proxy/pkg/config/config.go b/extensions/proxy/pkg/config/config.go index b5f4bf80f5..3246660dcd 100644 --- a/extensions/proxy/pkg/config/config.go +++ b/extensions/proxy/pkg/config/config.go @@ -90,8 +90,8 @@ type OIDC struct { // UserinfoCache is a TTL cache configuration. type UserinfoCache struct { - Size int `yaml:"size" env:"PROXY_OIDC_USERINFO_CACHE_SIZE"` - TTL int `yaml:"ttl" env:"PROXY_OIDC_USERINFO_CACHE_TTL"` + Size int `yaml:"size" env:"PROXY_OIDC_USERINFO_CACHE_SIZE" desc:"Cache size for oidc user info."` + TTL int `yaml:"ttl" env:"PROXY_OIDC_USERINFO_CACHE_TTL" desc:"Max TTL for the oidc user info cache."` } // PolicySelector is the toplevel-configuration for different selectors @@ -114,7 +114,7 @@ type TokenManager struct { // PreSignedURL is the config for the presigned url middleware type PreSignedURL struct { AllowedHTTPMethods []string `yaml:"allowed_http_methods"` - Enabled bool `yaml:"enabled" env:"PROXY_ENABLE_PRESIGNEDURLS"` + Enabled bool `yaml:"enabled" env:"PROXY_ENABLE_PRESIGNEDURLS" desc:"Allow ocs to get a signing key to sign requests."` } // ClaimsSelectorConf is the config for the claims-selector From 7de8135c0d08f4ca1a6f35a413013c093cf45366 Mon Sep 17 00:00:00 2001 From: Martin Date: Thu, 16 Jun 2022 20:08:19 +0200 Subject: [PATCH 2/3] Apply suggestions from code review Co-authored-by: Phil Davis --- extensions/auth-machine/pkg/config/config.go | 4 +++- extensions/frontend/pkg/config/config.go | 10 +++++----- extensions/idp/pkg/config/config.go | 2 +- extensions/ocdav/pkg/config/config.go | 2 +- 4 files changed, 10 insertions(+), 8 deletions(-) diff --git a/extensions/auth-machine/pkg/config/config.go b/extensions/auth-machine/pkg/config/config.go index 4e40a79e3c..eee4a9c340 100644 --- a/extensions/auth-machine/pkg/config/config.go +++ b/extensions/auth-machine/pkg/config/config.go @@ -20,7 +20,9 @@ type Config struct { SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"AUTH_MACHINE_SKIP_USER_GROUPS_IN_TOKEN" desc:"Skip storing all groups of a user in the jwt token."` - SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"AUTH_MACHINE_SKIP_USER_GROUPS_IN_TOKEN" desc:"Disables the encoding of the user's groupmember ships in the reva access token. To reduces token size, especially when users are members of a large number of groups."` + SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"AUTH_MACHINE_SKIP_USER_GROUPS_IN_TOKEN" desc:"Disables the encoding of the user's group memberships in the reva access token. This reduces token size, especially when users are members of a large number of groups."` + + Did you intend to duplicate `SkipUserGroupsInToken` that is already at line 21? MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;AUTH_MACHINE_API_KEY" desc:"Machine auth API key used for validating requests from other services when impersonating users."` diff --git a/extensions/frontend/pkg/config/config.go b/extensions/frontend/pkg/config/config.go index 5733220f6d..4f2d6acfe1 100644 --- a/extensions/frontend/pkg/config/config.go +++ b/extensions/frontend/pkg/config/config.go @@ -23,13 +23,13 @@ type Config struct { Reva *Reva `yaml:"reva"` MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;FRONTEND_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used for accessing the 'auth-machine' service."` - SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"FRONTEND_SKIP_USER_GROUPS_IN_TOKEN" desc:"Disables the encoding of the user's groupmember ships in the reva access token. To reduces token size, especially when users are members of a large number of groups."` + SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"FRONTEND_SKIP_USER_GROUPS_IN_TOKEN" desc:"Disables the encoding of the user's group memberships in the reva access token. This reduces token size, especially when users are members of a large number of groups."` EnableFavorites bool `yaml:"enable_favorites" env:"FRONTEND_ENABLE_FAVORITES" desc:"Disables the support for favorites in the frontend."` EnableProjectSpaces bool `yaml:"enable_project_spaces" env:"FRONTEND_ENABLE_PROJECT_SPACES" desc:"Indicates to clients that project spaces are supposed to be made available."` EnableShareJail bool `yaml:"enable_share_jail" env:"FRONTEND_ENABLE_SHARE_JAIL" desc:"Indicates to clients that the share jail is supposed to be used."` - UploadMaxChunkSize int `yaml:"upload_max_chunk_size" env:"FRONTEND_UPLOAD_MAX_CHUNK_SIZE" desc:"Sets the max chunk sizes for uploads via the frontent." ` - UploadHTTPMethodOverride string `yaml:"upload_http_method_override" env:"FRONTEND_UPLOAD_HTTP_METHOD_OVERRIDE" desc:"Advice TUS which to replace PATCH requests by POST requests."` + UploadMaxChunkSize int `yaml:"upload_max_chunk_size" env:"FRONTEND_UPLOAD_MAX_CHUNK_SIZE" desc:"Sets the max chunk sizes for uploads via the frontend." ` + UploadHTTPMethodOverride string `yaml:"upload_http_method_override" env:"FRONTEND_UPLOAD_HTTP_METHOD_OVERRIDE" desc:"Advise TUS to replace PATCH requests by POST requests."` DefaultUploadProtocol string `yaml:"default_upload_protocol" env:"FRONTEND_DEFAULT_UPLOAD_PROTOCOL" desc:"The default upload protocol to use in the frontend (e.g. tus)."` PublicURL string `yaml:"public_url" env:"OCIS_URL;FRONTEND_PUBLIC_URL" desc:"The public facing url of the ocis frontend."` @@ -74,7 +74,7 @@ type HTTPConfig struct { Addr string `yaml:"addr" env:"FRONTEND_HTTP_ADDR" desc:"The address of the http service."` Namespace string `yaml:"-"` Protocol string `yaml:"protocol" env:"FRONTEND_HTTP_PROTOCOL" desc:"The transport protocol of the http service."` - Prefix string `yaml:"prefix" env:"FRONTEND_HTTP_PREFIX" desc:"The Path prefix where the frontend can be accesses (defaults to /)."` + Prefix string `yaml:"prefix" env:"FRONTEND_HTTP_PREFIX" desc:"The Path prefix where the frontend can be accessed (defaults to /)."` } // Middleware configures reva middlewares. @@ -128,5 +128,5 @@ type CBOXDriver struct { type Checksums struct { SupportedTypes []string `yaml:"supported_types" env:"FRONTEND_CHECKSUMS_SUPPORTED_TYPES" desc:"Supported checksum types to be announced to the client (e.g. md5)"` - PreferredUploadType string `yaml:"preferred_upload_type" env:"FRONTEND_CHECKSUMS_PREFERRED_UPLOAD_TYPES" desc:"Prefered checksum types to be announced to the client for uploads (e.g. md5)"` + PreferredUploadType string `yaml:"preferred_upload_type" env:"FRONTEND_CHECKSUMS_PREFERRED_UPLOAD_TYPES" desc:"Preferred checksum types to be announced to the client for uploads (e.g. md5)"` } diff --git a/extensions/idp/pkg/config/config.go b/extensions/idp/pkg/config/config.go index 7726430244..e08b32ba76 100644 --- a/extensions/idp/pkg/config/config.go +++ b/extensions/idp/pkg/config/config.go @@ -90,7 +90,7 @@ type Settings struct { AllowClientGuests bool `yaml:"allow_client_guests" env:"IDP_ALLOW_CLIENT_GUESTS"` AllowDynamicClientRegistration bool `yaml:"allow_dynamic_client_registration" env:"IDP_ALLOW_DYNAMIC_CLIENT_REGISTRATION"` - EncryptionSecretFile string `yaml:"encrypt_secret_file" env:"IDP_ENCRYPTION_SECRET_FILE" desc:"Path to the encryption secret file, if unset, a new certificate will be autogenerated upon each restart, thous invalidating all existing sessions."` + EncryptionSecretFile string `yaml:"encrypt_secret_file" env:"IDP_ENCRYPTION_SECRET_FILE" desc:"Path to the encryption secret file, if unset, a new certificate will be autogenerated upon each restart, thus invalidating all existing sessions."` Listen string diff --git a/extensions/ocdav/pkg/config/config.go b/extensions/ocdav/pkg/config/config.go index 5b89dce37b..4bf2d76995 100644 --- a/extensions/ocdav/pkg/config/config.go +++ b/extensions/ocdav/pkg/config/config.go @@ -18,7 +18,7 @@ type Config struct { TokenManager *TokenManager `yaml:"token_manager"` Reva *Reva `yaml:"reva"` - SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"OCDAV_SKIP_USER_GROUPS_IN_TOKEN" desc:"Disables the encoding of the user's groupmember ships in the reva access token. To reduces token size, especially when users are members of a large number of groups."` + SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"OCDAV_SKIP_USER_GROUPS_IN_TOKEN" desc:"Disables the encoding of the user's group memberships in the reva access token. This reduces token size, especially when users are members of a large number of groups."` WebdavNamespace string `yaml:"webdav_namespace" env:"OCDAV_WEBDAV_NAMESPACE" desc:"Jail requests to /dav/webdav into this CS3 namespace. Supports template layouting with CS3 User properties."` FilesNamespace string `yaml:"files_namespace" env:"OCDAV_FILES_NAMESPACE" desc:"Jail requests to /dav/files/{username} into this CS3 namespace. Supports template layouting with CS3 User properties."` From 49c7159acbe772229ed6365dbe1f6c8dfeca2498 Mon Sep 17 00:00:00 2001 From: Christian Richter Date: Fri, 17 Jun 2022 09:13:08 +0200 Subject: [PATCH 3/3] describe what KID in IDP_SIGNING_KID means Signed-off-by: Christian Richter --- extensions/auth-machine/pkg/config/config.go | 4 ---- extensions/idp/pkg/config/config.go | 2 +- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/extensions/auth-machine/pkg/config/config.go b/extensions/auth-machine/pkg/config/config.go index eee4a9c340..e2a363c3e1 100644 --- a/extensions/auth-machine/pkg/config/config.go +++ b/extensions/auth-machine/pkg/config/config.go @@ -20,10 +20,6 @@ type Config struct { SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"AUTH_MACHINE_SKIP_USER_GROUPS_IN_TOKEN" desc:"Skip storing all groups of a user in the jwt token."` - SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"AUTH_MACHINE_SKIP_USER_GROUPS_IN_TOKEN" desc:"Disables the encoding of the user's group memberships in the reva access token. This reduces token size, especially when users are members of a large number of groups."` - - Did you intend to duplicate `SkipUserGroupsInToken` that is already at line 21? - MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;AUTH_MACHINE_API_KEY" desc:"Machine auth API key used for validating requests from other services when impersonating users."` Supervised bool `yaml:"-"` diff --git a/extensions/idp/pkg/config/config.go b/extensions/idp/pkg/config/config.go index e08b32ba76..df25ff68bd 100644 --- a/extensions/idp/pkg/config/config.go +++ b/extensions/idp/pkg/config/config.go @@ -103,7 +103,7 @@ type Settings struct { IdentifierDefaultUsernameHintText string IdentifierUILocales []string - SigningKid string `yaml:"signing_kid" env:"IDP_SIGNING_KID" desc:"Value of kid field to use in created tokens (uniquely identifying the signing-private-key)."` + SigningKid string `yaml:"signing_kid" env:"IDP_SIGNING_KID" desc:"Value of the KID (Key ID) field which is used in created tokens to uniquely identify the signing-private-key."` SigningMethod string `yaml:"signing_method" env:"IDP_SIGNING_METHOD" desc:"Signing method of idp requests (e.g. PS256)"` SigningPrivateKeyFiles []string `yaml:"signing_private_key_files" env:"IDP_SIGNING_PRIVATE_KEY_FILES" desc:"Private key files for signing idp requests."` ValidationKeysPath string `yaml:"validation_keys_path" env:"IDP_VALIDATION_KEYS_PATH" desc:"Path to validation keys for idp requests."`