mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-01-05 19:59:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

[doc-only] Deprecate OCS related frontend envvars

Browse Source
This commit is contained in:
Martin Mattel
2024-11-25 12:39:55 +01:00
parent b336183771
commit 5d6f4de4a3
4 changed files with 97 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

151
docs/helpers/env_vars.yaml
View File

@@ -6222,10 +6222,10 @@ IDM_ADMIN_USER_ID:
removalVersion: ""
deprecationInfo: ""
IDM_CREATE_DEMO_USERS:
name: IDM_CREATE_DEMO_USERS
name: SETTINGS_SETUP_DEFAULT_ASSIGNMENTS;IDM_CREATE_DEMO_USERS
defaultValue: "false"
type: bool
description: Flag to enable or disable the creation of the demo users.
description: The default role assignments the demo users should be setup.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
@@ -8110,20 +8110,21 @@ OCIS_CACHE_TTL:
removalVersion: ""
deprecationInfo: ""
OCIS_CORS_ALLOW_CREDENTIALS:
name: OCIS_CORS_ALLOW_CREDENTIALS;STORAGE_USERS_CORS_ALLOW_CREDENTIALS
name: OCIS_CORS_ALLOW_CREDENTIALS;WEB_CORS_ALLOW_CREDENTIALS
defaultValue: "false"
type: bool
description: 'Allow credentials for CORS.See following chapter for more details:
description: 'Allow credentials for CORS. See following chapter for more details:
*Access-Control-Allow-Credentials* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.'
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_CORS_ALLOW_HEADERS:
name: OCIS_CORS_ALLOW_HEADERS;STORAGE_USERS_CORS_ALLOW_HEADERS
defaultValue: '[Authorization Origin X-Requested-With X-Request-Id X-HTTP-Method-Override
Content-Type Upload-Length Upload-Offset Tus-Resumable Upload-Metadata Upload-Defer-Length
Upload-Concat Upload-Incomplete Upload-Draft-Interop-Version]'
name: OCIS_CORS_ALLOW_HEADERS;WEB_CORS_ALLOW_HEADERS
defaultValue: '[Origin Accept Content-Type Depth Authorization Ocs-Apirequest If-None-Match
If-Match Destination Overwrite X-Request-Id X-Requested-With Tus-Resumable Tus-Checksum-Algorithm
Upload-Concat Upload-Length Upload-Metadata Upload-Defer-Length Upload-Expires
Upload-Checksum Upload-Offset X-HTTP-Method-Override]'
type: '[]string'
description: 'A list of allowed CORS headers. See following chapter for more details:
*Access-Control-Request-Headers* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers.
@@ -8133,8 +8134,9 @@ OCIS_CORS_ALLOW_HEADERS:
removalVersion: ""
deprecationInfo: ""
OCIS_CORS_ALLOW_METHODS:
name: OCIS_CORS_ALLOW_METHODS;STORAGE_USERS_CORS_ALLOW_METHODS
defaultValue: '[POST HEAD PATCH OPTIONS GET DELETE]'
name: OCIS_CORS_ALLOW_METHODS;WEB_CORS_ALLOW_METHODS
defaultValue: '[OPTIONS HEAD GET PUT PATCH POST DELETE MKCOL PROPFIND PROPPATCH
MOVE COPY REPORT SEARCH]'
type: '[]string'
description: 'A list of allowed CORS methods. See following chapter for more details:
*Access-Control-Request-Method* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method.
@@ -8144,7 +8146,7 @@ OCIS_CORS_ALLOW_METHODS:
removalVersion: ""
deprecationInfo: ""
OCIS_CORS_ALLOW_ORIGINS:
name: OCIS_CORS_ALLOW_ORIGINS;STORAGE_USERS_CORS_ALLOW_ORIGINS
name: OCIS_CORS_ALLOW_ORIGINS;WEB_CORS_ALLOW_ORIGINS
defaultValue: '[https://localhost:9200]'
type: '[]string'
description: 'A list of allowed CORS origins. See following chapter for more details:
@@ -8251,7 +8253,7 @@ OCIS_DISABLE_VERSIONING:
removalVersion: ""
deprecationInfo: ""
OCIS_EDITION:
name: OCIS_EDITION;OCDAV_EDITION
name: OCIS_EDITION;FRONTEND_EDITION
defaultValue: Community
type: string
description: Edition of oCIS. Used for branding purposes.
@@ -8420,7 +8422,7 @@ OCIS_INSECURE:
removalVersion: ""
deprecationInfo: ""
OCIS_JWT_SECRET:
name: OCIS_JWT_SECRET;STORAGE_USERS_JWT_SECRET
name: OCIS_JWT_SECRET;WEB_JWT_SECRET
defaultValue: ""
type: string
description: The secret to mint and validate jwt tokens.
@@ -8429,7 +8431,7 @@ OCIS_JWT_SECRET:
removalVersion: ""
deprecationInfo: ""
OCIS_KEYCLOAK_BASE_PATH:
name: OCIS_KEYCLOAK_BASE_PATH;INVITATIONS_KEYCLOAK_BASE_PATH
name: OCIS_KEYCLOAK_BASE_PATH;GRAPH_KEYCLOAK_BASE_PATH
defaultValue: ""
type: string
description: The URL to access keycloak.
@@ -8438,16 +8440,16 @@ OCIS_KEYCLOAK_BASE_PATH:
removalVersion: ""
deprecationInfo: ""
OCIS_KEYCLOAK_CLIENT_ID:
name: OCIS_KEYCLOAK_CLIENT_ID;INVITATIONS_KEYCLOAK_CLIENT_ID
name: OCIS_KEYCLOAK_CLIENT_ID;GRAPH_KEYCLOAK_CLIENT_ID
defaultValue: ""
type: string
description: The client ID to authenticate with keycloak.
description: The client id to authenticate with keycloak.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_KEYCLOAK_CLIENT_REALM:
name: OCIS_KEYCLOAK_CLIENT_REALM;INVITATIONS_KEYCLOAK_CLIENT_REALM
name: OCIS_KEYCLOAK_CLIENT_REALM;GRAPH_KEYCLOAK_CLIENT_REALM
defaultValue: ""
type: string
description: The realm the client is defined in.
@@ -8456,7 +8458,7 @@ OCIS_KEYCLOAK_CLIENT_REALM:
removalVersion: ""
deprecationInfo: ""
OCIS_KEYCLOAK_CLIENT_SECRET:
name: OCIS_KEYCLOAK_CLIENT_SECRET;INVITATIONS_KEYCLOAK_CLIENT_SECRET
name: OCIS_KEYCLOAK_CLIENT_SECRET;GRAPH_KEYCLOAK_CLIENT_SECRET
defaultValue: ""
type: string
description: The client secret to use in authentication.
@@ -8465,7 +8467,7 @@ OCIS_KEYCLOAK_CLIENT_SECRET:
removalVersion: ""
deprecationInfo: ""
OCIS_KEYCLOAK_INSECURE_SKIP_VERIFY:
name: OCIS_KEYCLOAK_INSECURE_SKIP_VERIFY;INVITATIONS_KEYCLOAK_INSECURE_SKIP_VERIFY
name: OCIS_KEYCLOAK_INSECURE_SKIP_VERIFY;GRAPH_KEYCLOAK_INSECURE_SKIP_VERIFY
defaultValue: "false"
type: bool
description: Disable TLS certificate validation for Keycloak connections. Do not
@@ -8475,7 +8477,7 @@ OCIS_KEYCLOAK_INSECURE_SKIP_VERIFY:
removalVersion: ""
deprecationInfo: ""
OCIS_KEYCLOAK_USER_REALM:
name: OCIS_KEYCLOAK_USER_REALM;INVITATIONS_KEYCLOAK_USER_REALM
name: OCIS_KEYCLOAK_USER_REALM;GRAPH_KEYCLOAK_USER_REALM
defaultValue: ""
type: string
description: The realm users are defined.
@@ -8514,20 +8516,20 @@ OCIS_LDAP_CACERT:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_DISABLE_USER_MECHANISM:
name: OCIS_LDAP_DISABLE_USER_MECHANISM;USERS_LDAP_DISABLE_USER_MECHANISM
name: OCIS_LDAP_DISABLE_USER_MECHANISM;GRAPH_DISABLE_USER_MECHANISM
defaultValue: attribute
type: string
description: An option to control the behavior for disabling users. Valid options
description: An option to control the behavior for disabling users. Supported options
are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API
will add the user to the configured group for disabled users, if set to 'attribute'
this will be done in the ldap user entry, if set to 'none' the disable request
is not processed.
is not processed. Default is 'attribute'.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_DISABLED_USERS_GROUP_DN:
name: OCIS_LDAP_DISABLED_USERS_GROUP_DN;USERS_LDAP_DISABLED_USERS_GROUP_DN
name: OCIS_LDAP_DISABLED_USERS_GROUP_DN;GRAPH_DISABLED_USERS_GROUP_DN
defaultValue: cn=DisabledUsersGroup,ou=groups,o=libregraph-idm
type: string
description: The distinguished name of the group to which added users will be classified
@@ -8674,10 +8676,10 @@ OCIS_LDAP_USER_BASE_DN:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_ENABLED_ATTRIBUTE:
name: OCIS_LDAP_USER_ENABLED_ATTRIBUTE;USERS_LDAP_USER_ENABLED_ATTRIBUTE
name: OCIS_LDAP_USER_ENABLED_ATTRIBUTE;IDP_USER_ENABLED_ATTRIBUTE
defaultValue: ownCloudUserEnabled
type: string
description: LDAP attribute to use as a flag telling if the user is enabled or disabled.
description: LDAP Attribute to use as a flag telling if the user is enabled or disabled.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
@@ -8741,7 +8743,7 @@ OCIS_LDAP_USER_SCHEMA_MAIL:
removalVersion: ""
deprecationInfo: ""
OCIS_LDAP_USER_SCHEMA_USER_TYPE:
name: OCIS_LDAP_USER_SCHEMA_USER_TYPE;USERS_LDAP_USER_TYPE_ATTRIBUTE
name: OCIS_LDAP_USER_SCHEMA_USER_TYPE;GRAPH_LDAP_USER_TYPE_ATTRIBUTE
defaultValue: ownCloudUserType
type: string
description: LDAP Attribute to distinguish between 'Member' and 'Guest' users. Default
@@ -8770,7 +8772,7 @@ OCIS_LDAP_USER_SCOPE:
removalVersion: ""
deprecationInfo: ""
OCIS_LOG_COLOR:
name: OCIS_LOG_COLOR;STORAGE_USERS_LOG_COLOR
name: OCIS_LOG_COLOR;WEB_LOG_COLOR
defaultValue: "false"
type: bool
description: Activates colorized log output.
@@ -8779,7 +8781,7 @@ OCIS_LOG_COLOR:
removalVersion: ""
deprecationInfo: ""
OCIS_LOG_FILE:
name: OCIS_LOG_FILE;STORAGE_USERS_LOG_FILE
name: OCIS_LOG_FILE;WEB_LOG_FILE
defaultValue: ""
type: string
description: The path to the log file. Activates logging to this file if set.
@@ -8788,7 +8790,7 @@ OCIS_LOG_FILE:
removalVersion: ""
deprecationInfo: ""
OCIS_LOG_LEVEL:
name: OCIS_LOG_LEVEL;STORAGE_USERS_LOG_LEVEL
name: OCIS_LOG_LEVEL;WEB_LOG_LEVEL
defaultValue: ""
type: string
description: 'The log level. Valid values are: ''panic'', ''fatal'', ''error'',
@@ -8798,7 +8800,7 @@ OCIS_LOG_LEVEL:
removalVersion: ""
deprecationInfo: ""
OCIS_LOG_PRETTY:
name: OCIS_LOG_PRETTY;STORAGE_USERS_LOG_PRETTY
name: OCIS_LOG_PRETTY;WEB_LOG_PRETTY
defaultValue: "false"
type: bool
description: Activates pretty log output.
@@ -8839,17 +8841,16 @@ OCIS_OIDC_CLIENT_ID:
removalVersion: ""
deprecationInfo: ""
OCIS_OIDC_ISSUER:
name: OCIS_URL;OCIS_OIDC_ISSUER;GROUPS_IDP_URL
name: OCIS_URL;OCIS_OIDC_ISSUER;WEB_OIDC_AUTHORITY
defaultValue: https://localhost:9200
type: string
description: The identity provider value to set in the group IDs of the CS3 group
objects for groups returned by this group provider.
description: URL of the OIDC issuer. It defaults to URL of the builtin IDP.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST:
name: OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST;FRONTEND_PASSWORD_POLICY_BANNED_PASSWORDS_LIST
name: OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST;SHARING_PASSWORD_POLICY_BANNED_PASSWORDS_LIST
defaultValue: ""
type: string
description: Path to the 'banned passwords list' file. This only impacts public
@@ -8859,7 +8860,7 @@ OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST:
removalVersion: ""
deprecationInfo: ""
OCIS_PASSWORD_POLICY_DISABLED:
name: OCIS_PASSWORD_POLICY_DISABLED;FRONTEND_PASSWORD_POLICY_DISABLED
name: OCIS_PASSWORD_POLICY_DISABLED;SHARING_PASSWORD_POLICY_DISABLED
defaultValue: "false"
type: bool
description: Disable the password policy. Defaults to false if not set.
@@ -8868,7 +8869,7 @@ OCIS_PASSWORD_POLICY_DISABLED:
removalVersion: ""
deprecationInfo: ""
OCIS_PASSWORD_POLICY_MIN_CHARACTERS:
name: OCIS_PASSWORD_POLICY_MIN_CHARACTERS;FRONTEND_PASSWORD_POLICY_MIN_CHARACTERS
name: OCIS_PASSWORD_POLICY_MIN_CHARACTERS;SHARING_PASSWORD_POLICY_MIN_CHARACTERS
defaultValue: "8"
type: int
description: Define the minimum password length. Defaults to 8 if not set.
@@ -8877,7 +8878,7 @@ OCIS_PASSWORD_POLICY_MIN_CHARACTERS:
removalVersion: ""
deprecationInfo: ""
OCIS_PASSWORD_POLICY_MIN_DIGITS:
name: OCIS_PASSWORD_POLICY_MIN_DIGITS;FRONTEND_PASSWORD_POLICY_MIN_DIGITS
name: OCIS_PASSWORD_POLICY_MIN_DIGITS;SHARING_PASSWORD_POLICY_MIN_DIGITS
defaultValue: "1"
type: int
description: Define the minimum number of digits. Defaults to 1 if not set.
@@ -8886,7 +8887,7 @@ OCIS_PASSWORD_POLICY_MIN_DIGITS:
removalVersion: ""
deprecationInfo: ""
OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS:
name: OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS;FRONTEND_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS
name: OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS;SHARING_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS
defaultValue: "1"
type: int
description: Define the minimum number of uppercase letters. Defaults to 1 if not
@@ -8896,7 +8897,7 @@ OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS:
removalVersion: ""
deprecationInfo: ""
OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS:
name: OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS;FRONTEND_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS
name: OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS;SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS
defaultValue: "1"
type: int
description: Define the minimum number of characters from the special characters
@@ -8906,7 +8907,7 @@ OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS:
removalVersion: ""
deprecationInfo: ""
OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS:
name: OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS;FRONTEND_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS
name: OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS;SHARING_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS
defaultValue: "1"
type: int
description: Define the minimum number of lowercase letters. Defaults to 1 if not
@@ -8916,17 +8917,17 @@ OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS:
removalVersion: ""
deprecationInfo: ""
OCIS_PERSISTENT_STORE:
name: OCIS_PERSISTENT_STORE;POSTPROCESSING_STORE
defaultValue: nats-js-kv
name: OCIS_PERSISTENT_STORE;USERLOG_STORE
defaultValue: memory
type: string
description: 'The type of the store. Supported values are: ''memory'', ''redis-sentinel'',
''nats-js-kv'', ''noop''. See the text description for details.'
description: 'The type of the store. Supported values are: ''memory'', ''nats-js-kv'',
''redis-sentinel'', ''noop''. See the text description for details.'
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_PERSISTENT_STORE_AUTH_PASSWORD:
name: OCIS_PERSISTENT_STORE_AUTH_PASSWORD;POSTPROCESSING_STORE_AUTH_PASSWORD
name: OCIS_PERSISTENT_STORE_AUTH_PASSWORD;USERLOG_STORE_AUTH_PASSWORD
defaultValue: ""
type: string
description: The password to authenticate with the store. Only applies when store
@@ -8936,7 +8937,7 @@ OCIS_PERSISTENT_STORE_AUTH_PASSWORD:
removalVersion: ""
deprecationInfo: ""
OCIS_PERSISTENT_STORE_AUTH_USERNAME:
name: OCIS_PERSISTENT_STORE_AUTH_USERNAME;POSTPROCESSING_STORE_AUTH_USERNAME
name: OCIS_PERSISTENT_STORE_AUTH_USERNAME;USERLOG_STORE_AUTH_USERNAME
defaultValue: ""
type: string
description: The username to authenticate with the store. Only applies when store
@@ -8946,8 +8947,8 @@ OCIS_PERSISTENT_STORE_AUTH_USERNAME:
removalVersion: ""
deprecationInfo: ""
OCIS_PERSISTENT_STORE_NODES:
name: OCIS_PERSISTENT_STORE_NODES;POSTPROCESSING_STORE_NODES
defaultValue: '[127.0.0.1:9233]'
name: OCIS_PERSISTENT_STORE_NODES;USERLOG_STORE_NODES
defaultValue: '[]'
type: '[]string'
description: A list of nodes to access the configured store. This has no effect
when 'memory' store is configured. Note that the behaviour how nodes are used
@@ -8969,11 +8970,11 @@ OCIS_PERSISTENT_STORE_SIZE:
removalVersion: ""
deprecationInfo: ""
OCIS_PERSISTENT_STORE_TTL:
name: OCIS_PERSISTENT_STORE_TTL;POSTPROCESSING_STORE_TTL
defaultValue: 0s
name: OCIS_PERSISTENT_STORE_TTL;USERLOG_STORE_TTL
defaultValue: 336h0m0s
type: Duration
description: Time to live for events in the store. See the Environment Variable
Types description for more details.
description: Time to live for events in the store. Defaults to '336h' (2 weeks).
See the Environment Variable Types description for more details.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
@@ -9038,7 +9039,7 @@ OCIS_SERVICE_ACCOUNT_SECRET:
removalVersion: ""
deprecationInfo: ""
OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD:
name: OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD;FRONTEND_OCS_PUBLIC_SHARE_MUST_HAVE_PASSWORD
name: OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD;SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD
defaultValue: "true"
type: bool
description: Set this to true if you want to enforce passwords on all public shares.
@@ -9047,11 +9048,13 @@ OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD:
removalVersion: ""
deprecationInfo: ""
OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD:
name: OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD;FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD
name: OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD;SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD
defaultValue: "false"
type: bool
description: Set this to true if you want to enforce passwords for writable shares.
Only effective if the setting for 'passwords on all public shares' is set to false.
description: Set this to true if you want to enforce passwords on Uploader, Editor
or Contributor shares. If not using the global OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD,
you must define the FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD (deprecated)
in the frontend service.
introductionVersion: "5.0"
deprecationVersion: ""
removalVersion: ""
@@ -9088,10 +9091,10 @@ OCIS_SYSTEM_USER_API_KEY:
removalVersion: ""
deprecationInfo: ""
OCIS_SYSTEM_USER_ID:
name: OCIS_SYSTEM_USER_ID;SETTINGS_SYSTEM_USER_ID
name: OCIS_SYSTEM_USER_ID
defaultValue: ""
type: string
description: ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID
description: ID of the oCIS storage-system system user. Admins need to set the ID
for the STORAGE-SYSTEM system user in this config option which is then used to
reference the user. Any reasonable long string is possible, preferably this would
be an UUIDv4 format.
@@ -9100,7 +9103,7 @@ OCIS_SYSTEM_USER_ID:
removalVersion: ""
deprecationInfo: ""
OCIS_SYSTEM_USER_IDP:
name: OCIS_SYSTEM_USER_IDP;SETTINGS_SYSTEM_USER_IDP
name: OCIS_SYSTEM_USER_IDP;SHARING_PUBLIC_CS3_SYSTEM_USER_IDP
defaultValue: internal
type: string
description: IDP of the oCIS STORAGE-SYSTEM system user.
@@ -9109,7 +9112,7 @@ OCIS_SYSTEM_USER_IDP:
removalVersion: ""
deprecationInfo: ""
OCIS_TRACING_COLLECTOR:
name: OCIS_TRACING_COLLECTOR;STORAGE_USERS_TRACING_COLLECTOR
name: OCIS_TRACING_COLLECTOR;WEB_TRACING_COLLECTOR
defaultValue: ""
type: string
description: The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces.
@@ -9119,7 +9122,7 @@ OCIS_TRACING_COLLECTOR:
removalVersion: ""
deprecationInfo: ""
OCIS_TRACING_ENABLED:
name: OCIS_TRACING_ENABLED;STORAGE_USERS_TRACING_ENABLED
name: OCIS_TRACING_ENABLED;WEB_TRACING_ENABLED
defaultValue: "false"
type: bool
description: Activates tracing.
@@ -9128,7 +9131,7 @@ OCIS_TRACING_ENABLED:
removalVersion: ""
deprecationInfo: ""
OCIS_TRACING_ENDPOINT:
name: OCIS_TRACING_ENDPOINT;STORAGE_USERS_TRACING_ENDPOINT
name: OCIS_TRACING_ENDPOINT;WEB_TRACING_ENDPOINT
defaultValue: ""
type: string
description: The endpoint of the tracing agent.
@@ -9137,7 +9140,7 @@ OCIS_TRACING_ENDPOINT:
removalVersion: ""
deprecationInfo: ""
OCIS_TRACING_TYPE:
name: OCIS_TRACING_TYPE;STORAGE_USERS_TRACING_TYPE
name: OCIS_TRACING_TYPE;WEB_TRACING_TYPE
defaultValue: ""
type: string
description: The type of tracing. Defaults to '', which is the same as 'jaeger'.
@@ -9156,32 +9159,32 @@ OCIS_TRANSFER_SECRET:
removalVersion: ""
deprecationInfo: ""
OCIS_TRANSLATION_PATH:
name: OCIS_TRANSLATION_PATH;ACTIVITYLOG_TRANSLATION_PATH
name: OCIS_TRANSLATION_PATH;NOTIFICATIONS_TRANSLATION_PATH
defaultValue: ""
type: string
description: (optional) Set this to a path with custom translations to overwrite
the builtin translations. Note that file and folder naming rules apply, see the
documentation for more details.
introductionVersion: 7.0.0
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_URL:
name: OCIS_URL;OCIS_OIDC_ISSUER;GROUPS_IDP_URL
name: OCIS_URL;OCIS_OIDC_ISSUER;WEB_OIDC_AUTHORITY
defaultValue: https://localhost:9200
type: string
description: The identity provider value to set in the group IDs of the CS3 group
objects for groups returned by this group provider.
description: URL of the OIDC issuer. It defaults to URL of the builtin IDP.
introductionVersion: pre5.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
OCIS_WOPI_DISABLE_CHAT:
name: APP_PROVIDER_WOPI_DISABLE_CHAT;OCIS_WOPI_DISABLE_CHAT
name: COLLABORATION_WOPI_DISABLE_CHAT;OCIS_WOPI_DISABLE_CHAT
defaultValue: "false"
type: bool
description: Disable the chat functionality of the office app.
introductionVersion: pre5.0
description: Disable chat in the office web frontend. This feature applies to OnlyOffice
and Microsoft.
introductionVersion: 7.0.0
deprecationVersion: ""
removalVersion: ""
deprecationInfo: ""
@@ -12202,8 +12205,8 @@ SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD:
type: bool
description: Set this to true if you want to enforce passwords on Uploader, Editor
or Contributor shares. If not using the global OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD,
you must define the FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD in
the frontend service.
you must define the FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD (deprecated)
in the frontend service.
introductionVersion: "5.0"
deprecationVersion: ""
removalVersion: ""

6
services/frontend/README.md
View File

@@ -32,11 +32,11 @@ Aggregating share information is one of the most time consuming operations in OC
To save network trips the sharing implementation can cache the stat requests with an in memory cache or in Redis. It will shorten the response time by the network round-trip overhead at the cost of the API only eventually being updated.
Setting `FRONTEND_OCS_RESOURCE_INFO_CACHE_TTL=60` would cache the stat info for 60 seconds. Increasing this value makes sense for large deployments with thousands of active users that keep the cache up to date. Low frequency usage scenarios should not expect a noticeable improvement.
Setting `FRONTEND_OCS_RESOURCE_INFO_CACHE_TTL=60` (deprecated) would cache the stat info for 60 seconds. Increasing this value makes sense for large deployments with thousands of active users that keep the cache up to date. Low frequency usage scenarios should not expect a noticeable improvement.
## Scalability
While the frontend service does not persist any data, it does cache information about files and filesystem (`Stat()`) responses and user information. Therefore, multiple instances of this service can be spawned in a bigger deployment like when using container orchestration with Kubernetes, when configuring `FRONTEND_OCS_RESOURCE_INFO_CACHE_STORE` and the related config options.
While the frontend service does not persist any data, it does cache information about files and filesystem (`Stat()`) responses and user information. Therefore, multiple instances of this service can be spawned in a bigger deployment like when using container orchestration with Kubernetes, when configuring `FRONTEND_OCS_RESOURCE_INFO_CACHE_STORE` (deprecated) and the related config options.
## Define Read-Only Attributes
@@ -46,7 +46,7 @@ You can find more details regarding available attributes at the [libre-graph-api
## Caching
The `frontend` service can use a configured store via `FRONTEND_OCS_STAT_CACHE_STORE`. Possible stores are:
The `frontend` service can use a configured store via `FRONTEND_OCS_STAT_CACHE_STORE` (deprecated). Possible stores are:
- `memory`: Basic in-memory store and the default.
- `redis-sentinel`: Stores data in a configured Redis Sentinel cluster.
- `nats-js-kv`: Stores data using key-value-store feature of [nats jetstream](https://docs.nats.io/nats-concepts/jetstream/key-value-store)

32
services/frontend/pkg/config/config.go
View File

@@ -123,26 +123,26 @@ type DataGateway struct {
}
type OCS struct {
Prefix string `yaml:"prefix" env:"FRONTEND_OCS_PREFIX" desc:"URL path prefix for the OCS service. Note that the string must not start with '/'." introductionVersion:"pre5.0"`
SharePrefix string `yaml:"share_prefix" env:"FRONTEND_OCS_SHARE_PREFIX" desc:"Path prefix for shares as part of an ocis resource. Note that the path must start with '/'." introductionVersion:"pre5.0"`
HomeNamespace string `yaml:"home_namespace" env:"FRONTEND_OCS_PERSONAL_NAMESPACE" desc:"Home namespace identifier." introductionVersion:"pre5.0"`
AdditionalInfoAttribute string `yaml:"additional_info_attribute" env:"FRONTEND_OCS_ADDITIONAL_INFO_ATTRIBUTE" desc:"Additional information attribute for the user like {{.Mail}}." introductionVersion:"pre5.0"`
StatCacheType string `yaml:"stat_cache_type" env:"OCIS_CACHE_STORE;FRONTEND_OCS_STAT_CACHE_STORE" desc:"The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details." introductionVersion:"pre5.0"`
StatCacheNodes []string `yaml:"stat_cache_nodes" env:"OCIS_CACHE_STORE_NODES;FRONTEND_OCS_STAT_CACHE_STORE_NODES" desc:"A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details." introductionVersion:"pre5.0"`
Prefix string `yaml:"prefix" env:"FRONTEND_OCS_PREFIX" desc:"URL path prefix for the OCS service. Note that the string must not start with '/'." introductionVersion:"pre5.0" deprecationVersion:"7.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"The OCS API is deprecated" deprecationReplacement:""`
SharePrefix string `yaml:"share_prefix" env:"FRONTEND_OCS_SHARE_PREFIX" desc:"Path prefix for shares as part of an ocis resource. Note that the path must start with '/'." introductionVersion:"pre5.0" deprecationVersion:"7.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"The OCS API is deprecated" deprecationReplacement:""`
HomeNamespace string `yaml:"home_namespace" env:"FRONTEND_OCS_PERSONAL_NAMESPACE" desc:"Home namespace identifier." introductionVersion:"pre5.0" deprecationVersion:"7.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"The OCS API is deprecated" deprecationReplacement:""`
AdditionalInfoAttribute string `yaml:"additional_info_attribute" env:"FRONTEND_OCS_ADDITIONAL_INFO_ATTRIBUTE" desc:"Additional information attribute for the user like {{.Mail}}." introductionVersion:"pre5.0" deprecationVersion:"7.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"The OCS API is deprecated" deprecationReplacement:""`
StatCacheType string `yaml:"stat_cache_type" env:"OCIS_CACHE_STORE;FRONTEND_OCS_STAT_CACHE_STORE" desc:"The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details." introductionVersion:"pre5.0" deprecationVersion:"7.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"FRONTEND_OCS_STAT_CACHE_STORE, the OCS API is deprecated" deprecationReplacement:""`
StatCacheNodes []string `yaml:"stat_cache_nodes" env:"OCIS_CACHE_STORE_NODES;FRONTEND_OCS_STAT_CACHE_STORE_NODES" desc:"A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details." introductionVersion:"pre5.0" deprecationVersion:"7.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"FRONTEND_OCS_STAT_CACHE_STORE_NODES, the OCS API is deprecated" deprecationReplacement:""`
StatCacheDatabase string `yaml:"stat_cache_database" env:"OCIS_CACHE_DATABASE" desc:"The database name the configured store should use." introductionVersion:"pre5.0"`
StatCacheTable string `yaml:"stat_cache_table" env:"FRONTEND_OCS_STAT_CACHE_TABLE" desc:"The database table the store should use." introductionVersion:"pre5.0"`
StatCacheTTL time.Duration `yaml:"stat_cache_ttl" env:"OCIS_CACHE_TTL;FRONTEND_OCS_STAT_CACHE_TTL" desc:"Default time to live for user info in the cache. Only applied when access tokens has no expiration. See the Environment Variable Types description for more details." introductionVersion:"pre5.0"`
StatCacheDisablePersistence bool `yaml:"stat_cache_disable_persistence" env:"OCIS_CACHE_DISABLE_PERSISTENCE;FRONTEND_OCS_STAT_CACHE_DISABLE_PERSISTENCE" desc:"Disable persistence of the cache. Only applies when using the 'nats-js-kv' store type. Defaults to false." introductionVersion:"5.0"`
StatCacheAuthUsername string `yaml:"stat_cache_auth_username" env:"OCIS_CACHE_AUTH_USERNAME;FRONTEND_OCS_STAT_CACHE_AUTH_USERNAME" desc:"The username to use for authentication. Only applies when using the 'nats-js-kv' store type." introductionVersion:"5.0"`
StatCacheAuthPassword string `yaml:"stat_cache_auth_password" env:"OCIS_CACHE_AUTH_PASSWORD;FRONTEND_OCS_STAT_CACHE_AUTH_PASSWORD" desc:"The password to use for authentication. Only applies when using the 'nats-js-kv' store type." introductionVersion:"5.0"`
StatCacheTable string `yaml:"stat_cache_table" env:"FRONTEND_OCS_STAT_CACHE_TABLE" desc:"The database table the store should use." introductionVersion:"pre5.0" deprecationVersion:"7.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"The OCS API is deprecated" deprecationReplacement:""`
StatCacheTTL time.Duration `yaml:"stat_cache_ttl" env:"OCIS_CACHE_TTL;FRONTEND_OCS_STAT_CACHE_TTL" desc:"Default time to live for user info in the cache. Only applied when access tokens has no expiration. See the Environment Variable Types description for more details." introductionVersion:"pre5.0" deprecationVersion:"7.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"FRONTEND_OCS_STAT_CACHE_TTL, the OCS API is deprecated" deprecationReplacement:""`
StatCacheDisablePersistence bool `yaml:"stat_cache_disable_persistence" env:"OCIS_CACHE_DISABLE_PERSISTENCE;FRONTEND_OCS_STAT_CACHE_DISABLE_PERSISTENCE" desc:"Disable persistence of the cache. Only applies when using the 'nats-js-kv' store type. Defaults to false." introductionVersion:"5.0" deprecationVersion:"7.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"FRONTEND_OCS_STAT_CACHE_DISABLE_PERSISTENCE, the OCS API is deprecated" deprecationReplacement:""`
StatCacheAuthUsername string `yaml:"stat_cache_auth_username" env:"OCIS_CACHE_AUTH_USERNAME;FRONTEND_OCS_STAT_CACHE_AUTH_USERNAME" desc:"The username to use for authentication. Only applies when using the 'nats-js-kv' store type." introductionVersion:"5.0" deprecationVersion:"7.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"FRONTEND_OCS_STAT_CACHE_AUTH_USERNAME, the OCS API is deprecated" deprecationReplacement:""`
StatCacheAuthPassword string `yaml:"stat_cache_auth_password" env:"OCIS_CACHE_AUTH_PASSWORD;FRONTEND_OCS_STAT_CACHE_AUTH_PASSWORD" desc:"The password to use for authentication. Only applies when using the 'nats-js-kv' store type." introductionVersion:"5.0" deprecationVersion:"7.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"FRONTEND_OCS_STAT_CACHE_AUTH_PASSWORD, the OCS API is deprecated" deprecationReplacement:""`
CacheWarmupDriver string `yaml:"cache_warmup_driver,omitempty"` // not supported by the oCIS product, therefore not part of docs
CacheWarmupDrivers CacheWarmupDrivers `yaml:"cache_warmup_drivers,omitempty"` // not supported by the oCIS product, therefore not part of docs
EnableDenials bool `yaml:"enable_denials" env:"FRONTEND_OCS_ENABLE_DENIALS" desc:"EXPERIMENTAL: enable the feature to deny access on folders." introductionVersion:"pre5.0"`
ListOCMShares bool `yaml:"list_ocm_shares" env:"OCIS_ENABLE_OCM;FRONTEND_OCS_LIST_OCM_SHARES" desc:"Include OCM shares when listing shares. See the OCM service documentation for more details." introductionVersion:"5.0"`
IncludeOCMSharees bool `yaml:"include_ocm_sharees" env:"OCIS_ENABLE_OCM;FRONTEND_OCS_INCLUDE_OCM_SHAREES" desc:"Include OCM sharees when listing sharees." introductionVersion:"5.0"`
PublicShareMustHavePassword bool `yaml:"public_sharing_share_must_have_password" env:"OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD;FRONTEND_OCS_PUBLIC_SHARE_MUST_HAVE_PASSWORD" desc:"Set this to true if you want to enforce passwords on all public shares." introductionVersion:"5.0"`
WriteablePublicShareMustHavePassword bool `yaml:"public_sharing_writeableshare_must_have_password" env:"OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD;FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD" desc:"Set this to true if you want to enforce passwords for writable shares. Only effective if the setting for 'passwords on all public shares' is set to false." introductionVersion:"5.0"`
EnableDenials bool `yaml:"enable_denials" env:"FRONTEND_OCS_ENABLE_DENIALS" desc:"EXPERIMENTAL: enable the feature to deny access on folders." introductionVersion:"pre5.0" deprecationVersion:"7.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"The OCS API is deprecated" deprecationReplacement:""`
ListOCMShares bool `yaml:"list_ocm_shares" env:"OCIS_ENABLE_OCM;FRONTEND_OCS_LIST_OCM_SHARES" desc:"Include OCM shares when listing shares. See the OCM service documentation for more details." introductionVersion:"5.0" deprecationVersion:"7.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"FRONTEND_OCS_LIST_OCM_SHARES, the OCS API is deprecated" deprecationReplacement:""`
IncludeOCMSharees bool `yaml:"include_ocm_sharees" env:"OCIS_ENABLE_OCM;FRONTEND_OCS_INCLUDE_OCM_SHAREES" desc:"Include OCM sharees when listing sharees." introductionVersion:"5.0" deprecationVersion:"7.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"FRONTEND_OCS_INCLUDE_OCM_SHAREES, the OCS API is deprecated" deprecationReplacement:""`
PublicShareMustHavePassword bool `yaml:"public_sharing_share_must_have_password" env:"OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD;FRONTEND_OCS_PUBLIC_SHARE_MUST_HAVE_PASSWORD" desc:"Set this to true if you want to enforce passwords on all public shares." introductionVersion:"5.0" deprecationVersion:"7.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"FRONTEND_OCS_PUBLIC_SHARE_MUST_HAVE_PASSWORD, the OCS API is deprecated" deprecationReplacement:""`
WriteablePublicShareMustHavePassword bool `yaml:"public_sharing_writeableshare_must_have_password" env:"OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD;FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD" desc:"Set this to true if you want to enforce passwords for writable shares. Only effective if the setting for 'passwords on all public shares' is set to false." introductionVersion:"5.0" deprecationVersion:"7.0.0" removalVersion:"%%NEXT_PRODUCTION_VERSION%%" deprecationInfo:"FRONTEND_OCS_PUBLIC_WRITABLE_SHARE_MUST_HAVE_PASSWORD, the OCS API is deprecated" deprecationReplacement:""`
ShowUserEmailInResults bool `yaml:"show_email_in_results" env:"OCIS_SHOW_USER_EMAIL_IN_RESULTS" desc:"Include user email addresses in responses. If absent or set to false emails will be omitted from results. Please note that admin users can always see all email addresses." introductionVersion:"6.0.0"`
}

2
services/sharing/pkg/config/config.go
View File

@@ -25,7 +25,7 @@ type Config struct {
UserSharingDrivers UserSharingDrivers `yaml:"user_sharing_drivers"`
PublicSharingDriver string `yaml:"public_sharing_driver" env:"SHARING_PUBLIC_DRIVER" desc:"Driver to be used to persist public shares. Supported values are 'jsoncs3', 'json' and 'cs3' (deprecated)." introductionVersion:"pre5.0"`
PublicSharingDrivers PublicSharingDrivers `yaml:"public_sharing_drivers"`
WriteableShareMustHavePassword bool `yaml:"public_sharing_writeableshare_must_have_password" env:"OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD;SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD" desc:"Set this to true if you want to enforce passwords on Uploader, Editor or Contributor shares. If not using the global OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD, you must define the FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD in the frontend service." introductionVersion:"5.0"`
WriteableShareMustHavePassword bool `yaml:"public_sharing_writeableshare_must_have_password" env:"OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD;SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD" desc:"Set this to true if you want to enforce passwords on Uploader, Editor or Contributor shares. If not using the global OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD, you must define the FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD (deprecated) in the frontend service." introductionVersion:"5.0"`
PublicShareMustHavePassword bool `yaml:"public_sharing_share_must_have_password" env:"OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD;SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD" desc:"Set this to true if you want to enforce passwords on all public shares." introductionVersion:"5.0"`
EnableExpiredSharesCleanup bool `yaml:"enable_expired_shares_cleanup"`
PasswordPolicy PasswordPolicy `yaml:"password_policy"`