From 42f18ca5000e67fb82098057f96c3e069818d790 Mon Sep 17 00:00:00 2001 From: jkoberg Date: Wed, 23 Oct 2024 14:35:20 +0200 Subject: [PATCH 1/2] docs(ocis): pin NEXT version Signed-off-by: jkoberg --- services/activitylog/pkg/config/config.go | 4 +-- services/antivirus/pkg/config/config.go | 2 +- services/auth-app/pkg/config/config.go | 26 +++++++++---------- services/auth-app/pkg/config/reva.go | 2 +- services/auth-app/pkg/config/tracing.go | 8 +++--- services/collaboration/pkg/config/app.go | 2 +- services/collaboration/pkg/config/grpc.go | 2 +- services/collaboration/pkg/config/wopi.go | 6 ++--- services/gateway/pkg/config/config.go | 28 ++++++++++----------- services/graph/pkg/config/config.go | 2 +- services/graph/pkg/config/unified_roles.go | 2 +- services/proxy/pkg/config/config.go | 16 ++++++------ services/storage-users/pkg/config/config.go | 6 ++--- 13 files changed, 53 insertions(+), 53 deletions(-) diff --git a/services/activitylog/pkg/config/config.go b/services/activitylog/pkg/config/config.go index 1bfff92c8..4101ecbcd 100644 --- a/services/activitylog/pkg/config/config.go +++ b/services/activitylog/pkg/config/config.go @@ -26,8 +26,8 @@ type Config struct { HTTP HTTP `yaml:"http"` TokenManager *TokenManager `yaml:"token_manager"` - TranslationPath string `yaml:"translation_path" env:"OCIS_TRANSLATION_PATH;ACTIVITYLOG_TRANSLATION_PATH" desc:"(optional) Set this to a path with custom translations to overwrite the builtin translations. Note that file and folder naming rules apply, see the documentation for more details." introductionVersion:"%%NEXT%%"` - DefaultLanguage string `yaml:"default_language" env:"OCIS_DEFAULT_LANGUAGE" desc:"The default language used by services and the WebUI. If not defined, English will be used as default. See the documentation for more details." introductionVersion:"%%NEXT%%"` + TranslationPath string `yaml:"translation_path" env:"OCIS_TRANSLATION_PATH;ACTIVITYLOG_TRANSLATION_PATH" desc:"(optional) Set this to a path with custom translations to overwrite the builtin translations. Note that file and folder naming rules apply, see the documentation for more details." introductionVersion:"7.0.0"` + DefaultLanguage string `yaml:"default_language" env:"OCIS_DEFAULT_LANGUAGE" desc:"The default language used by services and the WebUI. If not defined, English will be used as default. See the documentation for more details." introductionVersion:"7.0.0"` ServiceAccount ServiceAccount `yaml:"service_account"` diff --git a/services/antivirus/pkg/config/config.go b/services/antivirus/pkg/config/config.go index 3d58dcc05..f2ffa6871 100644 --- a/services/antivirus/pkg/config/config.go +++ b/services/antivirus/pkg/config/config.go @@ -18,7 +18,7 @@ type Config struct { InfectedFileHandling string `yaml:"infected-file-handling" env:"ANTIVIRUS_INFECTED_FILE_HANDLING" desc:"Defines the behaviour when a virus has been found. Supported options are: 'delete', 'continue' and 'abort '. Delete will delete the file. Continue will mark the file as infected but continues further processing. Abort will keep the file in the uploads folder for further admin inspection and will not move it to its final destination." introductionVersion:"pre5.0"` Events Events - Workers int `yaml:"workers" env:"ANTIVIRUS_WORKERS" desc:"The number of concurrent go routines that fetch events from the event queue." introductionVersion:"%%NEXT%%"` + Workers int `yaml:"workers" env:"ANTIVIRUS_WORKERS" desc:"The number of concurrent go routines that fetch events from the event queue." introductionVersion:"7.0.0"` Scanner Scanner MaxScanSize string `yaml:"max-scan-size" env:"ANTIVIRUS_MAX_SCAN_SIZE" desc:"The maximum scan size the virus scanner can handle. Only this many bytes of a file will be scanned. 0 means unlimited and is the default. Usable common abbreviations: [KB, KiB, MB, MiB, GB, GiB, TB, TiB, PB, PiB, EB, EiB], example: 2GB." introductionVersion:"pre5.0"` diff --git a/services/auth-app/pkg/config/config.go b/services/auth-app/pkg/config/config.go index 0c484fa5f..2171c21a1 100644 --- a/services/auth-app/pkg/config/config.go +++ b/services/auth-app/pkg/config/config.go @@ -22,11 +22,11 @@ type Config struct { TokenManager *TokenManager `yaml:"token_manager"` Reva *shared.Reva `yaml:"reva"` - SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"AUTH_APP_SKIP_USER_GROUPS_IN_TOKEN" desc:"Disables the encoding of the user's group memberships in the access token. This reduces the token size, especially when users are members of a large number of groups." introductionVersion:"%%NEXT%%"` + SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"AUTH_APP_SKIP_USER_GROUPS_IN_TOKEN" desc:"Disables the encoding of the user's group memberships in the access token. This reduces the token size, especially when users are members of a large number of groups." introductionVersion:"7.0.0"` - MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;AUTH_APP_MACHINE_AUTH_API_KEY" desc:"The machine auth API key used to validate internal requests necessary to access resources from other services." introductionVersion:"%%NEXT%%"` + MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;AUTH_APP_MACHINE_AUTH_API_KEY" desc:"The machine auth API key used to validate internal requests necessary to access resources from other services." introductionVersion:"7.0.0"` - AllowImpersonation bool `yaml:"allow_impersonation" env:"AUTH_APP_ENABLE_IMPERSONATION" desc:"Allows admins to create app tokens for other users. Used for migration. Do NOT use in productive deployments." introductionVersion:"%%NEXT%%"` + AllowImpersonation bool `yaml:"allow_impersonation" env:"AUTH_APP_ENABLE_IMPERSONATION" desc:"Allows admins to create app tokens for other users. Used for migration. Do NOT use in productive deployments." introductionVersion:"7.0.0"` Supervised bool `yaml:"-"` Context context.Context `yaml:"-"` @@ -34,10 +34,10 @@ type Config struct { // Log defines the loging configuration type Log struct { - Level string `yaml:"level" env:"OCIS_LOG_LEVEL;AUTH_APP_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"%%NEXT%%"` - Pretty bool `yaml:"pretty" env:"OCIS_LOG_PRETTY;AUTH_APP_LOG_PRETTY" desc:"Activates pretty log output." introductionVersion:"%%NEXT%%"` - Color bool `yaml:"color" env:"OCIS_LOG_COLOR;AUTH_APP_LOG_COLOR" desc:"Activates colorized log output." introductionVersion:"%%NEXT%%"` - File string `yaml:"file" env:"OCIS_LOG_FILE;AUTH_APP_LOG_FILE" desc:"The path to the log file. Activates logging to this file if set." introductionVersion:"%%NEXT%%"` + Level string `yaml:"level" env:"OCIS_LOG_LEVEL;AUTH_APP_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"7.0.0"` + Pretty bool `yaml:"pretty" env:"OCIS_LOG_PRETTY;AUTH_APP_LOG_PRETTY" desc:"Activates pretty log output." introductionVersion:"7.0.0"` + Color bool `yaml:"color" env:"OCIS_LOG_COLOR;AUTH_APP_LOG_COLOR" desc:"Activates colorized log output." introductionVersion:"7.0.0"` + File string `yaml:"file" env:"OCIS_LOG_FILE;AUTH_APP_LOG_FILE" desc:"The path to the log file. Activates logging to this file if set." introductionVersion:"7.0.0"` } // Service defines the service configuration @@ -47,18 +47,18 @@ type Service struct { // Debug defines the debug configuration type Debug struct { - Addr string `yaml:"addr" env:"AUTH_APP_DEBUG_ADDR" desc:"Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed." introductionVersion:"%%NEXT%%"` - Token string `yaml:"token" env:"AUTH_APP_DEBUG_TOKEN" desc:"Token to secure the metrics endpoint." introductionVersion:"%%NEXT%%"` - Pprof bool `yaml:"pprof" env:"AUTH_APP_DEBUG_PPROF" desc:"Enables pprof, which can be used for profiling." introductionVersion:"%%NEXT%%"` - Zpages bool `yaml:"zpages" env:"AUTH_APP_DEBUG_ZPAGES" desc:"Enables zpages, which can be used for collecting and viewing traces in-memory." introductionVersion:"%%NEXT%%"` + Addr string `yaml:"addr" env:"AUTH_APP_DEBUG_ADDR" desc:"Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed." introductionVersion:"7.0.0"` + Token string `yaml:"token" env:"AUTH_APP_DEBUG_TOKEN" desc:"Token to secure the metrics endpoint." introductionVersion:"7.0.0"` + Pprof bool `yaml:"pprof" env:"AUTH_APP_DEBUG_PPROF" desc:"Enables pprof, which can be used for profiling." introductionVersion:"7.0.0"` + Zpages bool `yaml:"zpages" env:"AUTH_APP_DEBUG_ZPAGES" desc:"Enables zpages, which can be used for collecting and viewing traces in-memory." introductionVersion:"7.0.0"` } // GRPCConfig defines the GRPC configuration type GRPCConfig struct { - Addr string `yaml:"addr" env:"AUTH_APP_GRPC_ADDR" desc:"The bind address of the GRPC service." introductionVersion:"%%NEXT%%"` + Addr string `yaml:"addr" env:"AUTH_APP_GRPC_ADDR" desc:"The bind address of the GRPC service." introductionVersion:"7.0.0"` TLS *shared.GRPCServiceTLS `yaml:"tls"` Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"OCIS_GRPC_PROTOCOL;AUTH_APP_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service." introductionVersion:"%%NEXT%%"` + Protocol string `yaml:"protocol" env:"OCIS_GRPC_PROTOCOL;AUTH_APP_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service." introductionVersion:"7.0.0"` } // HTTP defines the available http configuration. diff --git a/services/auth-app/pkg/config/reva.go b/services/auth-app/pkg/config/reva.go index 45c0e1637..53c6486a7 100644 --- a/services/auth-app/pkg/config/reva.go +++ b/services/auth-app/pkg/config/reva.go @@ -2,5 +2,5 @@ package config // TokenManager is the config for using the reva token manager type TokenManager struct { - JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;AUTH_APP_JWT_SECRET" desc:"The secret to mint and validate jwt tokens." introductionVersion:"%%NEXT%%"` + JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;AUTH_APP_JWT_SECRET" desc:"The secret to mint and validate jwt tokens." introductionVersion:"7.0.0"` } diff --git a/services/auth-app/pkg/config/tracing.go b/services/auth-app/pkg/config/tracing.go index 3a39cae67..f082a4c82 100644 --- a/services/auth-app/pkg/config/tracing.go +++ b/services/auth-app/pkg/config/tracing.go @@ -4,10 +4,10 @@ import "github.com/owncloud/ocis/v2/ocis-pkg/tracing" // Tracing defines the tracing configuration. type Tracing struct { - Enabled bool `yaml:"enabled" env:"OCIS_TRACING_ENABLED;AUTH_APP_TRACING_ENABLED" desc:"Activates tracing." introductionVersion:"%%NEXT%%"` - Type string `yaml:"type" env:"OCIS_TRACING_TYPE;AUTH_APP_TRACING_TYPE" desc:"The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now." introductionVersion:"%%NEXT%%"` - Endpoint string `yaml:"endpoint" env:"OCIS_TRACING_ENDPOINT;AUTH_APP_TRACING_ENDPOINT" desc:"The endpoint of the tracing agent." introductionVersion:"%%NEXT%%"` - Collector string `yaml:"collector" env:"OCIS_TRACING_COLLECTOR;AUTH_APP_TRACING_COLLECTOR" desc:"The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset." introductionVersion:"%%NEXT%%"` + Enabled bool `yaml:"enabled" env:"OCIS_TRACING_ENABLED;AUTH_APP_TRACING_ENABLED" desc:"Activates tracing." introductionVersion:"7.0.0"` + Type string `yaml:"type" env:"OCIS_TRACING_TYPE;AUTH_APP_TRACING_TYPE" desc:"The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now." introductionVersion:"7.0.0"` + Endpoint string `yaml:"endpoint" env:"OCIS_TRACING_ENDPOINT;AUTH_APP_TRACING_ENDPOINT" desc:"The endpoint of the tracing agent." introductionVersion:"7.0.0"` + Collector string `yaml:"collector" env:"OCIS_TRACING_COLLECTOR;AUTH_APP_TRACING_COLLECTOR" desc:"The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset." introductionVersion:"7.0.0"` } // Convert Tracing to the tracing package's Config struct. diff --git a/services/collaboration/pkg/config/app.go b/services/collaboration/pkg/config/app.go index d5b4aa80f..a2b2f7bb1 100644 --- a/services/collaboration/pkg/config/app.go +++ b/services/collaboration/pkg/config/app.go @@ -11,7 +11,7 @@ type App struct { Insecure bool `yaml:"insecure" env:"COLLABORATION_APP_INSECURE" desc:"Skip TLS certificate verification when connecting to the WOPI app" introductionVersion:"6.0.0"` ProofKeys ProofKeys `yaml:"proofkeys"` - LicenseCheckEnable bool `yaml:"licensecheckenable" env:"COLLABORATION_APP_LICENSE_CHECK_ENABLE" desc:"Enable license checking to edit files. Needs to be enabled when using Microsoft365 with the business flow." introductionVersion:"%%NEXT%%"` + LicenseCheckEnable bool `yaml:"licensecheckenable" env:"COLLABORATION_APP_LICENSE_CHECK_ENABLE" desc:"Enable license checking to edit files. Needs to be enabled when using Microsoft365 with the business flow." introductionVersion:"7.0.0"` } type ProofKeys struct { diff --git a/services/collaboration/pkg/config/grpc.go b/services/collaboration/pkg/config/grpc.go index e8fd1e25b..ea3b5b6c5 100644 --- a/services/collaboration/pkg/config/grpc.go +++ b/services/collaboration/pkg/config/grpc.go @@ -3,7 +3,7 @@ package config // GRPC defines the available grpc configuration. type GRPC struct { Addr string `yaml:"addr" env:"COLLABORATION_GRPC_ADDR" desc:"The bind address of the GRPC service." introductionVersion:"6.0.0"` - Protocol string `yaml:"protocol" env:"OCIS_GRPC_PROTOCOL;COLLABORATION_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service." introductionVersion:"%%NEXT%%"` + Protocol string `yaml:"protocol" env:"OCIS_GRPC_PROTOCOL;COLLABORATION_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service." introductionVersion:"7.0.0"` Namespace string `yaml:"-"` } diff --git a/services/collaboration/pkg/config/wopi.go b/services/collaboration/pkg/config/wopi.go index 58d95e3ba..428c7f5b9 100644 --- a/services/collaboration/pkg/config/wopi.go +++ b/services/collaboration/pkg/config/wopi.go @@ -4,7 +4,7 @@ package config type Wopi struct { WopiSrc string `yaml:"wopisrc" env:"COLLABORATION_WOPI_SRC" desc:"The WOPI source base URL containing schema, host and port. Set this to the schema and domain where the collaboration service is reachable for the wopi app, such as https://office.owncloud.test." introductionVersion:"6.0.0"` Secret string `yaml:"secret" env:"COLLABORATION_WOPI_SECRET" desc:"Used to mint and verify WOPI JWT tokens and encrypt and decrypt the REVA JWT token embedded in the WOPI JWT token." introductionVersion:"6.0.0"` - DisableChat bool `yaml:"disable_chat" env:"COLLABORATION_WOPI_DISABLE_CHAT;OCIS_WOPI_DISABLE_CHAT" desc:"Disable chat in the office web frontend. This feature applies to OnlyOffice and Microsoft." introductionVersion:"%%NEXT%%"` - ProxyURL string `yaml:"proxy_url" env:"COLLABORATION_WOPI_PROXY_URL" desc:"The URL to the ownCloud Office365 WOPI proxy. Optional. To use this feature, you need an office365 proxy subscription. If you become part of the Microsoft CSP program (https://learn.microsoft.com/en-us/partner-center/enroll/csp-overview), you can use WebOffice without a proxy." introductionVersion:"%%NEXT%%"` - ProxySecret string `yaml:"proxy_secret" env:"COLLABORATION_WOPI_PROXY_SECRET" desc:"Optional, the secret to authenticate against the ownCloud Office365 WOPI proxy. This secret can be obtained from ownCloud via the office365 proxy subscription." introductionVersion:"%%NEXT%%"` + DisableChat bool `yaml:"disable_chat" env:"COLLABORATION_WOPI_DISABLE_CHAT;OCIS_WOPI_DISABLE_CHAT" desc:"Disable chat in the office web frontend. This feature applies to OnlyOffice and Microsoft." introductionVersion:"7.0.0"` + ProxyURL string `yaml:"proxy_url" env:"COLLABORATION_WOPI_PROXY_URL" desc:"The URL to the ownCloud Office365 WOPI proxy. Optional. To use this feature, you need an office365 proxy subscription. If you become part of the Microsoft CSP program (https://learn.microsoft.com/en-us/partner-center/enroll/csp-overview), you can use WebOffice without a proxy." introductionVersion:"7.0.0"` + ProxySecret string `yaml:"proxy_secret" env:"COLLABORATION_WOPI_PROXY_SECRET" desc:"Optional, the secret to authenticate against the ownCloud Office365 WOPI proxy. This secret can be obtained from ownCloud via the office365 proxy subscription." introductionVersion:"7.0.0"` } diff --git a/services/gateway/pkg/config/config.go b/services/gateway/pkg/config/config.go index 91047cebd..081e05421 100644 --- a/services/gateway/pkg/config/config.go +++ b/services/gateway/pkg/config/config.go @@ -31,20 +31,20 @@ type Config struct { FrontendPublicURL string `yaml:"frontend_public_url" env:"OCIS_URL;GATEWAY_FRONTEND_PUBLIC_URL" desc:"The public facing URL of the oCIS frontend." introductionVersion:"pre5.0"` - UsersEndpoint string `yaml:"users_endpoint" env:"GATEWAY_USERS_ENDPOINT" desc:"The endpoint of the users service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"%%NEXT%%"` - GroupsEndpoint string `yaml:"groups_endpoint" env:"GATEWAY_GROUPS_ENDPOINT" desc:"The endpoint of the groups service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"%%NEXT%%"` - PermissionsEndpoint string `yaml:"permissions_endpoint" env:"GATEWAY_PERMISSIONS_ENDPOINT" desc:"The endpoint of the permissions service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"%%NEXT%%"` - SharingEndpoint string `yaml:"sharing_endpoint" env:"GATEWAY_SHARING_ENDPOINT" desc:"The endpoint of the shares service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"%%NEXT%%"` - AuthAppEndpoint string `yaml:"auth_app_endpoint" env:"GATEWAY_AUTH_APP_ENDPOINT" desc:"The endpoint of the auth-app service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"%%NEXT%%"` - AuthBasicEndpoint string `yaml:"auth_basic_endpoint" env:"GATEWAY_AUTH_BASIC_ENDPOINT" desc:"The endpoint of the auth-basic service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"%%NEXT%%"` - AuthBearerEndpoint string `yaml:"auth_bearer_endpoint" env:"GATEWAY_AUTH_BEARER_ENDPOINT" desc:"The endpoint of the auth-bearer service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"%%NEXT%%"` - AuthMachineEndpoint string `yaml:"auth_machine_endpoint" env:"GATEWAY_AUTH_MACHINE_ENDPOINT" desc:"The endpoint of the auth-machine service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"%%NEXT%%"` - AuthServiceEndpoint string `yaml:"auth_service_endpoint" env:"GATEWAY_AUTH_SERVICE_ENDPOINT" desc:"The endpoint of the auth-service service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"%%NEXT%%"` - StoragePublicLinkEndpoint string `yaml:"storage_public_link_endpoint" env:"GATEWAY_STORAGE_PUBLIC_LINK_ENDPOINT" desc:"The endpoint of the storage-publiclink service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"%%NEXT%%"` - StorageUsersEndpoint string `yaml:"storage_users_endpoint" env:"GATEWAY_STORAGE_USERS_ENDPOINT" desc:"The endpoint of the storage-users service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"%%NEXT%%"` - StorageSharesEndpoint string `yaml:"storage_shares_endpoint" env:"GATEWAY_STORAGE_SHARES_ENDPOINT" desc:"The endpoint of the storage-shares service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"%%NEXT%%"` - AppRegistryEndpoint string `yaml:"app_registry_endpoint" env:"GATEWAY_APP_REGISTRY_ENDPOINT" desc:"The endpoint of the app-registry service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"%%NEXT%%"` - OCMEndpoint string `yaml:"ocm_endpoint" env:"GATEWAY_OCM_ENDPOINT" desc:"The endpoint of the ocm service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"%%NEXT%%"` + UsersEndpoint string `yaml:"users_endpoint" env:"GATEWAY_USERS_ENDPOINT" desc:"The endpoint of the users service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"7.0.0"` + GroupsEndpoint string `yaml:"groups_endpoint" env:"GATEWAY_GROUPS_ENDPOINT" desc:"The endpoint of the groups service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"7.0.0"` + PermissionsEndpoint string `yaml:"permissions_endpoint" env:"GATEWAY_PERMISSIONS_ENDPOINT" desc:"The endpoint of the permissions service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"7.0.0"` + SharingEndpoint string `yaml:"sharing_endpoint" env:"GATEWAY_SHARING_ENDPOINT" desc:"The endpoint of the shares service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"7.0.0"` + AuthAppEndpoint string `yaml:"auth_app_endpoint" env:"GATEWAY_AUTH_APP_ENDPOINT" desc:"The endpoint of the auth-app service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"7.0.0"` + AuthBasicEndpoint string `yaml:"auth_basic_endpoint" env:"GATEWAY_AUTH_BASIC_ENDPOINT" desc:"The endpoint of the auth-basic service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"7.0.0"` + AuthBearerEndpoint string `yaml:"auth_bearer_endpoint" env:"GATEWAY_AUTH_BEARER_ENDPOINT" desc:"The endpoint of the auth-bearer service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"7.0.0"` + AuthMachineEndpoint string `yaml:"auth_machine_endpoint" env:"GATEWAY_AUTH_MACHINE_ENDPOINT" desc:"The endpoint of the auth-machine service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"7.0.0"` + AuthServiceEndpoint string `yaml:"auth_service_endpoint" env:"GATEWAY_AUTH_SERVICE_ENDPOINT" desc:"The endpoint of the auth-service service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"7.0.0"` + StoragePublicLinkEndpoint string `yaml:"storage_public_link_endpoint" env:"GATEWAY_STORAGE_PUBLIC_LINK_ENDPOINT" desc:"The endpoint of the storage-publiclink service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"7.0.0"` + StorageUsersEndpoint string `yaml:"storage_users_endpoint" env:"GATEWAY_STORAGE_USERS_ENDPOINT" desc:"The endpoint of the storage-users service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"7.0.0"` + StorageSharesEndpoint string `yaml:"storage_shares_endpoint" env:"GATEWAY_STORAGE_SHARES_ENDPOINT" desc:"The endpoint of the storage-shares service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"7.0.0"` + AppRegistryEndpoint string `yaml:"app_registry_endpoint" env:"GATEWAY_APP_REGISTRY_ENDPOINT" desc:"The endpoint of the app-registry service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"7.0.0"` + OCMEndpoint string `yaml:"ocm_endpoint" env:"GATEWAY_OCM_ENDPOINT" desc:"The endpoint of the ocm service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol." introductionVersion:"7.0.0"` StorageRegistry StorageRegistry `yaml:"storage_registry"` // TODO: should we even support switching this? diff --git a/services/graph/pkg/config/config.go b/services/graph/pkg/config/config.go index b5ef945c1..dc482c6de 100644 --- a/services/graph/pkg/config/config.go +++ b/services/graph/pkg/config/config.go @@ -47,7 +47,7 @@ type Spaces struct { GroupsCacheTTL int `yaml:"groups_cache_ttl" env:"GRAPH_SPACES_GROUPS_CACHE_TTL" desc:"Max TTL in seconds for the spaces groups cache." introductionVersion:"pre5.0"` StorageUsersAddress string `yaml:"storage_users_address" env:"GRAPH_SPACES_STORAGE_USERS_ADDRESS" desc:"The address of the storage-users service." introductionVersion:"5.0"` DefaultLanguage string `yaml:"default_language" env:"OCIS_DEFAULT_LANGUAGE" desc:"The default language used by services and the WebUI. If not defined, English will be used as default. See the documentation for more details." introductionVersion:"5.0"` - TranslationPath string `yaml:"translation_path" env:"OCIS_TRANSLATION_PATH;GRAPH_TRANSLATION_PATH" desc:"(optional) Set this to a path with custom translations to overwrite the builtin translations. Note that file and folder naming rules apply, see the documentation for more details." introductionVersion:"%%NEXT%%"` + TranslationPath string `yaml:"translation_path" env:"OCIS_TRANSLATION_PATH;GRAPH_TRANSLATION_PATH" desc:"(optional) Set this to a path with custom translations to overwrite the builtin translations. Note that file and folder naming rules apply, see the documentation for more details." introductionVersion:"7.0.0"` } type LDAP struct { diff --git a/services/graph/pkg/config/unified_roles.go b/services/graph/pkg/config/unified_roles.go index 0919e4d5f..034dc4dcb 100644 --- a/services/graph/pkg/config/unified_roles.go +++ b/services/graph/pkg/config/unified_roles.go @@ -2,5 +2,5 @@ package config // UnifiedRoles contains all settings related to unified roles. type UnifiedRoles struct { - AvailableRoles []string `yaml:"available_roles" env:"GRAPH_AVAILABLE_ROLES" desc:"A comma separated list of roles that are available for assignment." introductionVersion:"%%NEXT%%"` + AvailableRoles []string `yaml:"available_roles" env:"GRAPH_AVAILABLE_ROLES" desc:"A comma separated list of roles that are available for assignment." introductionVersion:"7.0.0"` } diff --git a/services/proxy/pkg/config/config.go b/services/proxy/pkg/config/config.go index 21a54d08c..574cbbe70 100644 --- a/services/proxy/pkg/config/config.go +++ b/services/proxy/pkg/config/config.go @@ -91,7 +91,7 @@ var ( // AuthMiddleware configures the proxy http auth middleware. type AuthMiddleware struct { CredentialsByUserAgent map[string]string `yaml:"credentials_by_user_agent"` - AllowAppAuth bool `yaml:"allow_app_auth" env:"PROXY_ENABLE_APP_AUTH" desc:"Allow app authentication. This can be used to authenticate 3rd party applications. Note that auth-app service must be running for this feature to work." introductionVersion:"%%NEXT%%"` + AllowAppAuth bool `yaml:"allow_app_auth" env:"PROXY_ENABLE_APP_AUTH" desc:"Allow app authentication. This can be used to authenticate 3rd party applications. Note that auth-app service must be running for this feature to work." introductionVersion:"7.0.0"` } // PoliciesMiddleware configures the proxy's policies middleware. @@ -222,11 +222,11 @@ type ServiceAccount struct { // Events combines the configuration options for the event bus. type Events struct { - Endpoint string `yaml:"endpoint" env:"OCIS_EVENTS_ENDPOINT;PROXY_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Set to a empty string to disable emitting events." introductionVersion:"%%NEXT%%"` - Cluster string `yaml:"cluster" env:"OCIS_EVENTS_CLUSTER;PROXY_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"%%NEXT%%"` - TLSInsecure bool `yaml:"tls_insecure" env:"OCIS_INSECURE;PROXY_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"%%NEXT%%"` - TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE;PROXY_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided PROXY_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"%%NEXT%%"` - EnableTLS bool `yaml:"enable_tls" env:"OCIS_EVENTS_ENABLE_TLS;PROXY_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services." introductionVersion:"%%NEXT%%"` - AuthUsername string `yaml:"username" env:"OCIS_EVENTS_AUTH_USERNAME;PROXY_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the ocis service which receives and delivers events between the services." introductionVersion:"%%NEXT%%"` - AuthPassword string `yaml:"password" env:"OCIS_EVENTS_AUTH_PASSWORD;PROXY_EVENTS_AUTH_PASSWORD" desc:"The password to authenticate with the events broker. The events broker is the ocis service which receives and delivers events between the services." introductionVersion:"%%NEXT%%"` + Endpoint string `yaml:"endpoint" env:"OCIS_EVENTS_ENDPOINT;PROXY_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Set to a empty string to disable emitting events." introductionVersion:"7.0.0"` + Cluster string `yaml:"cluster" env:"OCIS_EVENTS_CLUSTER;PROXY_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"7.0.0"` + TLSInsecure bool `yaml:"tls_insecure" env:"OCIS_INSECURE;PROXY_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"7.0.0"` + TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE;PROXY_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided PROXY_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"7.0.0"` + EnableTLS bool `yaml:"enable_tls" env:"OCIS_EVENTS_ENABLE_TLS;PROXY_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services." introductionVersion:"7.0.0"` + AuthUsername string `yaml:"username" env:"OCIS_EVENTS_AUTH_USERNAME;PROXY_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the ocis service which receives and delivers events between the services." introductionVersion:"7.0.0"` + AuthPassword string `yaml:"password" env:"OCIS_EVENTS_AUTH_PASSWORD;PROXY_EVENTS_AUTH_PASSWORD" desc:"The password to authenticate with the events broker. The events broker is the ocis service which receives and delivers events between the services." introductionVersion:"7.0.0"` } diff --git a/services/storage-users/pkg/config/config.go b/services/storage-users/pkg/config/config.go index 7e76559e4..690e94806 100644 --- a/services/storage-users/pkg/config/config.go +++ b/services/storage-users/pkg/config/config.go @@ -59,7 +59,7 @@ type Log struct { // Service holds general service configuration type Service struct { - Name string `yaml:"-" env:"STORAGE_USERS_SERVICE_NAME" desc:"Service name to use. Change this when starting an additional storage provider with a custom configuration to prevent it from colliding with the default 'storage-users' service." introductionVersion:"%%NEXT%%"` + Name string `yaml:"-" env:"STORAGE_USERS_SERVICE_NAME" desc:"Service name to use. Change this when starting an additional storage provider with a custom configuration to prevent it from colliding with the default 'storage-users' service." introductionVersion:"7.0.0"` } // Debug is the configuration for the debug server @@ -137,7 +137,7 @@ type OCISDriver struct { MaxConcurrency int `yaml:"max_concurrency" env:"STORAGE_USERS_OCIS_MAX_CONCURRENCY" desc:"Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value will be used." introductionVersion:"pre5.0"` AsyncUploads bool `yaml:"async_uploads" env:"OCIS_ASYNC_UPLOADS" desc:"Enable asynchronous file uploads." introductionVersion:"pre5.0"` MaxQuota uint64 `yaml:"max_quota" env:"OCIS_SPACES_MAX_QUOTA;STORAGE_USERS_OCIS_MAX_QUOTA" desc:"Set a global max quota for spaces in bytes. A value of 0 equals unlimited. If not using the global OCIS_SPACES_MAX_QUOTA, you must define the FRONTEND_MAX_QUOTA in the frontend service." introductionVersion:"pre5.0"` - DisableVersioning bool `yaml:"disable_versioning" env:"OCIS_DISABLE_VERSIONING" desc:"Disables versioning of files. When set to true, new uploads with the same filename will overwrite existing files instead of creating a new version." introductionVersion:"%%NEXT%%"` + DisableVersioning bool `yaml:"disable_versioning" env:"OCIS_DISABLE_VERSIONING" desc:"Disables versioning of files. When set to true, new uploads with the same filename will overwrite existing files instead of creating a new version." introductionVersion:"7.0.0"` } // S3NGDriver is the storage driver configuration when using 's3ng' storage driver @@ -172,7 +172,7 @@ type S3NGDriver struct { MaxAcquireLockCycles int `yaml:"max_acquire_lock_cycles" env:"STORAGE_USERS_S3NG_MAX_ACQUIRE_LOCK_CYCLES" desc:"When trying to lock files, ocis will try this amount of times to acquire the lock before failing. After each try it will wait for an increasing amount of time. Values of 0 or below will be ignored and the default value of 20 will be used." introductionVersion:"pre5.0"` LockCycleDurationFactor int `yaml:"lock_cycle_duration_factor" env:"STORAGE_USERS_S3NG_LOCK_CYCLE_DURATION_FACTOR" desc:"When trying to lock files, ocis will multiply the cycle with this factor and use it as a millisecond timeout. Values of 0 or below will be ignored and the default value of 30 will be used." introductionVersion:"pre5.0"` MaxConcurrency int `yaml:"max_concurrency" env:"STORAGE_USERS_S3NG_MAX_CONCURRENCY" desc:"Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value of 100 will be used." introductionVersion:"pre5.0"` - DisableVersioning bool `yaml:"disable_versioning" env:"OCIS_DISABLE_VERSIONING" desc:"Disables versioning of files. When set to true, new uploads with the same filename will overwrite existing files instead of creating a new version." introductionVersion:"%%NEXT%%"` + DisableVersioning bool `yaml:"disable_versioning" env:"OCIS_DISABLE_VERSIONING" desc:"Disables versioning of files. When set to true, new uploads with the same filename will overwrite existing files instead of creating a new version." introductionVersion:"7.0.0"` } // OwnCloudSQLDriver is the storage driver configuration when using 'owncloudsql' storage driver From cbd9addc0f931a8b81c723994a115431906928b7 Mon Sep 17 00:00:00 2001 From: jkoberg Date: Wed, 23 Oct 2024 14:36:13 +0200 Subject: [PATCH 2/2] docs(ocis): make docs generate Signed-off-by: jkoberg --- docs/helpers/env_vars.yaml | 368 +++++++++++++++++++------------------ 1 file changed, 192 insertions(+), 176 deletions(-) diff --git a/docs/helpers/env_vars.yaml b/docs/helpers/env_vars.yaml index a1084a4a0..050084d6a 100644 --- a/docs/helpers/env_vars.yaml +++ b/docs/helpers/env_vars.yaml @@ -289,7 +289,7 @@ ACTIVITYLOG_TRANSLATION_PATH: description: (optional) Set this to a path with custom translations to overwrite the builtin translations. Note that file and folder naming rules apply, see the documentation for more details. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -576,6 +576,16 @@ ANTIVIRUS_TRACING_TYPE: deprecationVersion: "" removalVersion: "" deprecationInfo: "" +ANTIVIRUS_WORKERS: + name: ANTIVIRUS_WORKERS + defaultValue: "10" + type: int + description: The number of concurrent go routines that fetch events from the event + queue. + introductionVersion: 7.0.0 + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" APP_PROVIDER_DEBUG_ADDR: name: APP_PROVIDER_DEBUG_ADDR defaultValue: 127.0.0.1:9165 @@ -1272,7 +1282,7 @@ AUTH_APP_DEBUG_ADDR: type: string description: Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -1281,7 +1291,7 @@ AUTH_APP_DEBUG_PPROF: defaultValue: "false" type: bool description: Enables pprof, which can be used for profiling. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -1290,7 +1300,7 @@ AUTH_APP_DEBUG_TOKEN: defaultValue: "" type: string description: Token to secure the metrics endpoint. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -1300,7 +1310,7 @@ AUTH_APP_DEBUG_ZPAGES: type: bool description: Enables zpages, which can be used for collecting and viewing traces in-memory. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -1310,7 +1320,7 @@ AUTH_APP_ENABLE_IMPERSONATION: type: bool description: Allows admins to create app tokens for other users. Used for migration. Do NOT use in productive deployments. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -1319,7 +1329,7 @@ AUTH_APP_GRPC_ADDR: defaultValue: 127.0.0.1:9246 type: string description: The bind address of the GRPC service. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -1328,7 +1338,7 @@ AUTH_APP_GRPC_PROTOCOL: defaultValue: tcp type: string description: The transport protocol of the GRPC service. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -1355,7 +1365,7 @@ AUTH_APP_JWT_SECRET: defaultValue: "" type: string description: The secret to mint and validate jwt tokens. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -1364,7 +1374,7 @@ AUTH_APP_LOG_COLOR: defaultValue: "false" type: bool description: Activates colorized log output. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -1373,7 +1383,7 @@ AUTH_APP_LOG_FILE: defaultValue: "" type: string description: The path to the log file. Activates logging to this file if set. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -1383,7 +1393,7 @@ AUTH_APP_LOG_LEVEL: type: string description: 'The log level. Valid values are: ''panic'', ''fatal'', ''error'', ''warn'', ''info'', ''debug'', ''trace''.' - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -1392,7 +1402,7 @@ AUTH_APP_LOG_PRETTY: defaultValue: "false" type: bool description: Activates pretty log output. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -1402,7 +1412,7 @@ AUTH_APP_MACHINE_AUTH_API_KEY: type: string description: The machine auth API key used to validate internal requests necessary to access resources from other services. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -1413,7 +1423,7 @@ AUTH_APP_SKIP_USER_GROUPS_IN_TOKEN: description: Disables the encoding of the user's group memberships in the access token. This reduces the token size, especially when users are members of a large number of groups. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -1423,7 +1433,7 @@ AUTH_APP_TRACING_COLLECTOR: type: string description: The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -1432,7 +1442,7 @@ AUTH_APP_TRACING_ENABLED: defaultValue: "false" type: bool description: Activates tracing. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -1441,7 +1451,7 @@ AUTH_APP_TRACING_ENDPOINT: defaultValue: "" type: string description: The endpoint of the tracing agent. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -1451,7 +1461,7 @@ AUTH_APP_TRACING_TYPE: type: string description: The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -2760,7 +2770,7 @@ COLLABORATION_APP_LICENSE_CHECK_ENABLE: type: bool description: Enable license checking to edit files. Needs to be enabled when using Microsoft365 with the business flow. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -2872,7 +2882,7 @@ COLLABORATION_GRPC_PROTOCOL: defaultValue: tcp type: string description: The transport protocol of the GRPC service. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -2975,7 +2985,7 @@ COLLABORATION_WOPI_DISABLE_CHAT: type: bool description: Disable chat in the office web frontend. This feature applies to OnlyOffice and Microsoft. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -2986,7 +2996,7 @@ COLLABORATION_WOPI_PROXY_SECRET: description: Optional, the secret to authenticate against the ownCloud Office365 WOPI proxy. This secret can be obtained from ownCloud via the office365 proxy subscription. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -2998,7 +3008,7 @@ COLLABORATION_WOPI_PROXY_URL: feature, you need an office365 proxy subscription. If you become part of the Microsoft CSP program (https://learn.microsoft.com/en-us/partner-center/enroll/csp-overview), you can use WebOffice without a proxy. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -4088,7 +4098,7 @@ GATEWAY_APP_REGISTRY_ENDPOINT: type: string description: The endpoint of the app-registry service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -4098,7 +4108,7 @@ GATEWAY_AUTH_APP_ENDPOINT: type: string description: The endpoint of the auth-app service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -4108,7 +4118,7 @@ GATEWAY_AUTH_BASIC_ENDPOINT: type: string description: The endpoint of the auth-basic service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -4118,7 +4128,7 @@ GATEWAY_AUTH_BEARER_ENDPOINT: type: string description: The endpoint of the auth-bearer service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -4128,7 +4138,7 @@ GATEWAY_AUTH_MACHINE_ENDPOINT: type: string description: The endpoint of the auth-machine service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -4138,7 +4148,7 @@ GATEWAY_AUTH_SERVICE_ENDPOINT: type: string description: The endpoint of the auth-service service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -4288,7 +4298,7 @@ GATEWAY_GROUPS_ENDPOINT: type: string description: The endpoint of the groups service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -4362,7 +4372,7 @@ GATEWAY_OCM_ENDPOINT: type: string description: The endpoint of the ocm service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -4372,7 +4382,7 @@ GATEWAY_PERMISSIONS_ENDPOINT: type: string description: The endpoint of the permissions service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -4465,7 +4475,7 @@ GATEWAY_SHARING_ENDPOINT: type: string description: The endpoint of the shares service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -4485,7 +4495,7 @@ GATEWAY_STORAGE_PUBLIC_LINK_ENDPOINT: type: string description: The endpoint of the storage-publiclink service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -4523,7 +4533,7 @@ GATEWAY_STORAGE_SHARES_ENDPOINT: type: string description: The endpoint of the storage-shares service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -4533,7 +4543,7 @@ GATEWAY_STORAGE_USERS_ENDPOINT: type: string description: The endpoint of the storage-users service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -4601,7 +4611,7 @@ GATEWAY_USERS_ENDPOINT: type: string description: The endpoint of the users service. Can take a service name or a gRPC URI with the dns, kubernetes or unix protocol. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -4643,7 +4653,7 @@ GRAPH_AVAILABLE_ROLES: 1c996275-f1c9-4e71-abdf-a42f6495e960 312c0871-5ef7-4b3a-85b6-0e4074c64049]' type: '[]string' description: A comma separated list of roles that are available for assignment. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -5576,7 +5586,7 @@ GRAPH_TRANSLATION_PATH: description: (optional) Set this to a path with custom translations to overwrite the builtin translations. Note that file and folder naming rules apply, see the documentation for more details. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -7486,7 +7496,7 @@ NOTIFICATIONS_SMTP_ENCRYPTION: deprecationVersion: "" removalVersion: "" deprecationInfo: 'The NOTIFICATIONS_SMTP_ENCRYPTION values ''ssl'' and ''tls'' are - deprecated and will be removed in the future. | | | | | | | ' + deprecated and will be removed in the future. | | | | | | | | ' NOTIFICATIONS_SMTP_HOST: name: NOTIFICATIONS_SMTP_HOST defaultValue: "" @@ -7727,7 +7737,7 @@ OCDAV_GATEWAY_REQUEST_TIMEOUT: deprecationInfo: "" OCDAV_HTTP_ADDR: name: OCDAV_HTTP_ADDR - defaultValue: 127.0.0.1:19163 + defaultValue: 127.0.0.1:9350 type: string description: The bind address of the HTTP service. introductionVersion: pre5.0 @@ -7934,20 +7944,20 @@ OCIS_ASYNC_UPLOADS: removalVersion: "" deprecationInfo: "" OCIS_CACHE_AUTH_PASSWORD: - name: OCIS_CACHE_AUTH_PASSWORD;OCS_PRESIGNEDURL_SIGNING_KEYS_STORE_AUTH_PASSWORD + name: OCIS_CACHE_AUTH_PASSWORD;SETTINGS_CACHE_AUTH_PASSWORD defaultValue: "" type: string - description: The password to authenticate with the store. Only applies when store + description: The password to authenticate with the cache. Only applies when store type 'nats-js-kv' is configured. introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CACHE_AUTH_USERNAME: - name: OCIS_CACHE_AUTH_USERNAME;OCS_PRESIGNEDURL_SIGNING_KEYS_STORE_AUTH_USERNAME + name: OCIS_CACHE_AUTH_USERNAME;SETTINGS_CACHE_AUTH_USERNAME defaultValue: "" type: string - description: The username to authenticate with the store. Only applies when store + description: The username to authenticate with the cache. Only applies when store type 'nats-js-kv' is configured. introductionVersion: "5.0" deprecationVersion: "" @@ -7984,33 +7994,35 @@ OCIS_CACHE_SIZE: removalVersion: "" deprecationInfo: "" OCIS_CACHE_STORE: - name: OCIS_CACHE_STORE;OCS_PRESIGNEDURL_SIGNING_KEYS_STORE - defaultValue: nats-js-kv + name: OCIS_CACHE_STORE;SETTINGS_CACHE_STORE + defaultValue: memory type: string - description: 'The type of the signing key store. Supported values are: ''redis-sentinel'' - and ''nats-js-kv''. See the text description for details.' - introductionVersion: "5.0" + description: 'The type of the cache store. Supported values are: ''memory'', ''redis-sentinel'', + ''nats-js-kv'', ''noop''. See the text description for details.' + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CACHE_STORE_NODES: - name: OCIS_CACHE_STORE_NODES;OCS_PRESIGNEDURL_SIGNING_KEYS_STORE_NODES + name: OCIS_CACHE_STORE_NODES;SETTINGS_CACHE_STORE_NODES defaultValue: '[127.0.0.1:9233]' type: '[]string' - description: A list of nodes to access the configured store. Note that the behaviour - how nodes are used is dependent on the library of the configured store. See the - Environment Variable Types description for more details. - introductionVersion: "5.0" + description: A list of nodes to access the configured store. This has no effect + when 'memory' store is configured. Note that the behaviour how nodes are used + is dependent on the library of the configured store. See the Environment Variable + Types description for more details. + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CACHE_TTL: - name: OCIS_CACHE_TTL;OCS_PRESIGNEDURL_SIGNING_KEYS_STORE_TTL - defaultValue: 12h0m0s + name: OCIS_CACHE_TTL;SETTINGS_CACHE_TTL + defaultValue: 10m0s type: Duration - description: Default time to live for signing keys. See the Environment Variable - Types description for more details. - introductionVersion: "5.0" + description: Default time to live for entries in the cache. Only applied when access + tokens has no expiration. See the Environment Variable Types description for more + details. + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -8108,7 +8120,7 @@ OCIS_DEFAULT_LANGUAGE: type: string description: The default language used by services and the WebUI. If not defined, English will be used as default. See the documentation for more details. - introductionVersion: "5.0" + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -8149,7 +8161,7 @@ OCIS_DISABLE_VERSIONING: type: bool description: Disables versioning of files. When set to true, new uploads with the same filename will overwrite existing files instead of creating a new version. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -8172,10 +8184,10 @@ OCIS_EMAIL_TEMPLATE_PATH: removalVersion: "" deprecationInfo: "" OCIS_ENABLE_OCM: - name: OCIS_ENABLE_OCM;FRONTEND_OCS_INCLUDE_OCM_SHAREES + name: OCIS_ENABLE_OCM;GRAPH_INCLUDE_OCM_SHAREES defaultValue: "false" type: bool - description: Include OCM sharees when listing sharees. + description: Include OCM sharees when listing users. introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" @@ -8191,7 +8203,7 @@ OCIS_ENABLE_RESHARING: removalVersion: "" deprecationInfo: Resharing will be removed in the future. OCIS_EVENTS_AUTH_PASSWORD: - name: OCIS_EVENTS_AUTH_PASSWORD;USERLOG_EVENTS_AUTH_PASSWORD + name: OCIS_EVENTS_AUTH_PASSWORD;AUDIT_EVENTS_AUTH_PASSWORD defaultValue: "" type: string description: The password to authenticate with the events broker. The events broker @@ -8201,7 +8213,7 @@ OCIS_EVENTS_AUTH_PASSWORD: removalVersion: "" deprecationInfo: "" OCIS_EVENTS_AUTH_USERNAME: - name: OCIS_EVENTS_AUTH_USERNAME;USERLOG_EVENTS_AUTH_USERNAME + name: OCIS_EVENTS_AUTH_USERNAME;AUDIT_EVENTS_AUTH_USERNAME defaultValue: "" type: string description: The username to authenticate with the events broker. The events broker @@ -8211,7 +8223,7 @@ OCIS_EVENTS_AUTH_USERNAME: removalVersion: "" deprecationInfo: "" OCIS_EVENTS_CLUSTER: - name: OCIS_EVENTS_CLUSTER;USERLOG_EVENTS_CLUSTER + name: OCIS_EVENTS_CLUSTER;AUDIT_EVENTS_CLUSTER defaultValue: ocis-cluster type: string description: The clusterID of the event system. The event system is the message @@ -8222,7 +8234,7 @@ OCIS_EVENTS_CLUSTER: removalVersion: "" deprecationInfo: "" OCIS_EVENTS_ENABLE_TLS: - name: OCIS_EVENTS_ENABLE_TLS;USERLOG_EVENTS_ENABLE_TLS + name: OCIS_EVENTS_ENABLE_TLS;AUDIT_EVENTS_ENABLE_TLS defaultValue: "false" type: bool description: Enable TLS for the connection to the events broker. The events broker @@ -8232,7 +8244,7 @@ OCIS_EVENTS_ENABLE_TLS: removalVersion: "" deprecationInfo: "" OCIS_EVENTS_ENDPOINT: - name: OCIS_EVENTS_ENDPOINT;USERLOG_EVENTS_ENDPOINT + name: OCIS_EVENTS_ENDPOINT;AUDIT_EVENTS_ENDPOINT defaultValue: 127.0.0.1:9233 type: string description: The address of the event system. The event system is the message queuing @@ -8242,11 +8254,11 @@ OCIS_EVENTS_ENDPOINT: removalVersion: "" deprecationInfo: "" OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE: - name: OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE;USERLOG_EVENTS_TLS_ROOT_CA_CERTIFICATE + name: OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE;AUDIT_EVENTS_TLS_ROOT_CA_CERTIFICATE defaultValue: "" type: string description: The root CA certificate used to validate the server's TLS certificate. - If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false. + If provided AUDIT_EVENTS_TLS_INSECURE will be seen as false. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -8284,7 +8296,7 @@ OCIS_GRPC_CLIENT_TLS_MODE: removalVersion: "" deprecationInfo: "" OCIS_GRPC_PROTOCOL: - name: OCIS_GRPC_PROTOCOL;APP_REGISTRY_GRPC_PROTOCOL + name: OCIS_GRPC_PROTOCOL;AUTH_BASIC_GRPC_PROTOCOL defaultValue: "" type: string description: The transport protocol of the GRPC service. @@ -8324,16 +8336,16 @@ OCIS_HTTP_TLS_KEY: removalVersion: "" deprecationInfo: "" OCIS_INSECURE: - name: OCIS_INSECURE;WEBFINGER_INSECURE + name: OCIS_INSECURE;AUDIT_EVENTS_TLS_INSECURE defaultValue: "false" type: bool - description: Allow insecure connections to the WEBFINGER service. + description: Whether to verify the server TLS certificates. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_JWT_SECRET: - name: OCIS_JWT_SECRET;APP_REGISTRY_JWT_SECRET + name: OCIS_JWT_SECRET;AUTH_BASIC_JWT_SECRET defaultValue: "" type: string description: The secret to mint and validate jwt tokens. @@ -8397,8 +8409,8 @@ OCIS_KEYCLOAK_USER_REALM: removalVersion: "" deprecationInfo: "" OCIS_LDAP_BIND_DN: - name: OCIS_LDAP_BIND_DN;IDP_LDAP_BIND_DN - defaultValue: uid=idp,ou=sysusers,o=libregraph-idm + name: OCIS_LDAP_BIND_DN;AUTH_BASIC_LDAP_BIND_DN + defaultValue: uid=reva,ou=sysusers,o=libregraph-idm type: string description: LDAP DN to use for simple bind authentication with the target LDAP server. @@ -8407,7 +8419,7 @@ OCIS_LDAP_BIND_DN: removalVersion: "" deprecationInfo: "" OCIS_LDAP_BIND_PASSWORD: - name: OCIS_LDAP_BIND_PASSWORD;IDP_LDAP_BIND_PASSWORD + name: OCIS_LDAP_BIND_PASSWORD;AUTH_BASIC_LDAP_BIND_PASSWORD defaultValue: "" type: string description: Password to use for authenticating the 'bind_dn'. @@ -8416,31 +8428,31 @@ OCIS_LDAP_BIND_PASSWORD: removalVersion: "" deprecationInfo: "" OCIS_LDAP_CACERT: - name: OCIS_LDAP_CACERT;IDP_LDAP_TLS_CACERT + name: OCIS_LDAP_CACERT;AUTH_BASIC_LDAP_CACERT defaultValue: /var/lib/ocis/idm/ldap.crt type: string description: Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root - directory derives from $OCIS_BASE_DATA_PATH/idp. + directory derives from $OCIS_BASE_DATA_PATH/idm. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_DISABLE_USER_MECHANISM: - name: OCIS_LDAP_DISABLE_USER_MECHANISM;GRAPH_DISABLE_USER_MECHANISM + name: OCIS_LDAP_DISABLE_USER_MECHANISM;AUTH_BASIC_DISABLE_USER_MECHANISM defaultValue: attribute type: string - description: An option to control the behavior for disabling users. Supported options + description: An option to control the behavior for disabling users. Valid options are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API will add the user to the configured group for disabled users, if set to 'attribute' this will be done in the ldap user entry, if set to 'none' the disable request - is not processed. Default is 'attribute'. + is not processed. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_DISABLED_USERS_GROUP_DN: - name: OCIS_LDAP_DISABLED_USERS_GROUP_DN;GRAPH_DISABLED_USERS_GROUP_DN + name: OCIS_LDAP_DISABLED_USERS_GROUP_DN;AUTH_BASIC_DISABLED_USERS_GROUP_DN defaultValue: cn=DisabledUsersGroup,ou=groups,o=libregraph-idm type: string description: The distinguished name of the group to which added users will be classified @@ -8450,7 +8462,7 @@ OCIS_LDAP_DISABLED_USERS_GROUP_DN: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_BASE_DN: - name: OCIS_LDAP_GROUP_BASE_DN;GRAPH_LDAP_GROUP_BASE_DN + name: OCIS_LDAP_GROUP_BASE_DN;AUTH_BASIC_LDAP_GROUP_BASE_DN defaultValue: ou=groups,o=libregraph-idm type: string description: Search base DN for looking up LDAP groups. @@ -8459,7 +8471,7 @@ OCIS_LDAP_GROUP_BASE_DN: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_FILTER: - name: OCIS_LDAP_GROUP_FILTER;GRAPH_LDAP_GROUP_FILTER + name: OCIS_LDAP_GROUP_FILTER;AUTH_BASIC_LDAP_GROUP_FILTER defaultValue: "" type: string description: LDAP filter to add to the default filters for group searches. @@ -8468,7 +8480,7 @@ OCIS_LDAP_GROUP_FILTER: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_OBJECTCLASS: - name: OCIS_LDAP_GROUP_OBJECTCLASS;GRAPH_LDAP_GROUP_OBJECTCLASS + name: OCIS_LDAP_GROUP_OBJECTCLASS;AUTH_BASIC_LDAP_GROUP_OBJECTCLASS defaultValue: groupOfNames type: string description: The object class to use for groups in the default group search filter @@ -8478,7 +8490,7 @@ OCIS_LDAP_GROUP_OBJECTCLASS: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME: - name: OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME;GROUPS_LDAP_GROUP_SCHEMA_DISPLAYNAME + name: OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME;AUTH_BASIC_LDAP_GROUP_SCHEMA_DISPLAYNAME defaultValue: cn type: string description: LDAP Attribute to use for the displayname of groups (often the same @@ -8488,7 +8500,7 @@ OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_GROUPNAME: - name: OCIS_LDAP_GROUP_SCHEMA_GROUPNAME;GRAPH_LDAP_GROUP_NAME_ATTRIBUTE + name: OCIS_LDAP_GROUP_SCHEMA_GROUPNAME;AUTH_BASIC_LDAP_GROUP_SCHEMA_GROUPNAME defaultValue: cn type: string description: LDAP Attribute to use for the name of groups. @@ -8497,28 +8509,28 @@ OCIS_LDAP_GROUP_SCHEMA_GROUPNAME: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_ID: - name: OCIS_LDAP_GROUP_SCHEMA_ID;GRAPH_LDAP_GROUP_ID_ATTRIBUTE - defaultValue: owncloudUUID + name: OCIS_LDAP_GROUP_SCHEMA_ID;AUTH_BASIC_LDAP_GROUP_SCHEMA_ID + defaultValue: ownclouduuid type: string description: LDAP Attribute to use as the unique id for groups. This should be a - stable globally unique ID like a UUID. + stable globally unique id (e.g. a UUID). introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING: - name: OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING;GRAPH_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING + name: OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING;AUTH_BASIC_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING defaultValue: "false" type: bool - description: Set this to true if the defined 'ID' attribute for groups is of the - 'OCTETSTRING' syntax. This is required when using the 'objectGUID' attribute of - Active Directory for the group ID's. + description: Set this to true if the defined 'id' attribute for groups is of the + 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute + of Active Directory for the group IDs. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_MAIL: - name: OCIS_LDAP_GROUP_SCHEMA_MAIL;GROUPS_LDAP_GROUP_SCHEMA_MAIL + name: OCIS_LDAP_GROUP_SCHEMA_MAIL;AUTH_BASIC_LDAP_GROUP_SCHEMA_MAIL defaultValue: mail type: string description: LDAP Attribute to use for the email address of groups (can be empty). @@ -8527,7 +8539,7 @@ OCIS_LDAP_GROUP_SCHEMA_MAIL: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_MEMBER: - name: OCIS_LDAP_GROUP_SCHEMA_MEMBER;GRAPH_LDAP_GROUP_MEMBER_ATTRIBUTE + name: OCIS_LDAP_GROUP_SCHEMA_MEMBER;AUTH_BASIC_LDAP_GROUP_SCHEMA_MEMBER defaultValue: member type: string description: LDAP Attribute that is used for group members. @@ -8536,17 +8548,17 @@ OCIS_LDAP_GROUP_SCHEMA_MEMBER: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCOPE: - name: OCIS_LDAP_GROUP_SCOPE;GRAPH_LDAP_GROUP_SEARCH_SCOPE + name: OCIS_LDAP_GROUP_SCOPE;AUTH_BASIC_LDAP_GROUP_SCOPE defaultValue: sub type: string - description: LDAP search scope to use when looking up groups. Supported scopes are + description: LDAP search scope to use when looking up groups. Supported values are 'base', 'one' and 'sub'. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_INSECURE: - name: OCIS_LDAP_INSECURE;IDP_INSECURE + name: OCIS_LDAP_INSECURE;AUTH_BASIC_LDAP_INSECURE defaultValue: "false" type: bool description: Disable TLS certificate validation for the LDAP connections. Do not @@ -8556,7 +8568,7 @@ OCIS_LDAP_INSECURE: removalVersion: "" deprecationInfo: "" OCIS_LDAP_SERVER_WRITE_ENABLED: - name: OCIS_LDAP_SERVER_WRITE_ENABLED;FRONTEND_LDAP_SERVER_WRITE_ENABLED + name: OCIS_LDAP_SERVER_WRITE_ENABLED;GRAPH_LDAP_SERVER_WRITE_ENABLED defaultValue: "true" type: bool description: Allow creating, modifying and deleting LDAP users via the GRAPH API. @@ -8568,16 +8580,17 @@ OCIS_LDAP_SERVER_WRITE_ENABLED: removalVersion: "" deprecationInfo: "" OCIS_LDAP_URI: - name: OCIS_LDAP_URI;IDP_LDAP_URI + name: OCIS_LDAP_URI;AUTH_BASIC_LDAP_URI defaultValue: ldaps://localhost:9235 type: string - description: Url of the LDAP service to use as IDP. + description: URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' + and 'ldap://' introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_BASE_DN: - name: OCIS_LDAP_USER_BASE_DN;IDP_LDAP_BASE_DN + name: OCIS_LDAP_USER_BASE_DN;AUTH_BASIC_LDAP_USER_BASE_DN defaultValue: ou=users,o=libregraph-idm type: string description: Search base DN for looking up LDAP users. @@ -8586,16 +8599,16 @@ OCIS_LDAP_USER_BASE_DN: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_ENABLED_ATTRIBUTE: - name: OCIS_LDAP_USER_ENABLED_ATTRIBUTE;IDP_USER_ENABLED_ATTRIBUTE + name: OCIS_LDAP_USER_ENABLED_ATTRIBUTE;AUTH_BASIC_LDAP_USER_ENABLED_ATTRIBUTE defaultValue: ownCloudUserEnabled type: string - description: LDAP Attribute to use as a flag telling if the user is enabled or disabled. + description: LDAP attribute to use as a flag telling if the user is enabled or disabled. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_FILTER: - name: OCIS_LDAP_USER_FILTER;IDP_LDAP_FILTER + name: OCIS_LDAP_USER_FILTER;AUTH_BASIC_LDAP_USER_FILTER defaultValue: "" type: string description: LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'. @@ -8604,54 +8617,56 @@ OCIS_LDAP_USER_FILTER: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_OBJECTCLASS: - name: OCIS_LDAP_USER_OBJECTCLASS;IDP_LDAP_OBJECTCLASS + name: OCIS_LDAP_USER_OBJECTCLASS;AUTH_BASIC_LDAP_USER_OBJECTCLASS defaultValue: inetOrgPerson type: string - description: LDAP User ObjectClass like 'inetOrgPerson'. + description: The object class to use for users in the default user search filter + ('inetOrgPerson'). introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_DISPLAYNAME: - name: OCIS_LDAP_USER_SCHEMA_DISPLAYNAME;LDAP_USER_SCHEMA_DISPLAY_NAME;GRAPH_LDAP_USER_DISPLAYNAME_ATTRIBUTE - defaultValue: displayName + name: OCIS_LDAP_USER_SCHEMA_DISPLAYNAME;AUTH_BASIC_LDAP_USER_SCHEMA_DISPLAYNAME + defaultValue: displayname type: string - description: LDAP Attribute to use for the display name of users. + description: LDAP Attribute to use for the displayname of users. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_ID: - name: OCIS_LDAP_USER_SCHEMA_ID;IDP_LDAP_UUID_ATTRIBUTE - defaultValue: ownCloudUUID + name: OCIS_LDAP_USER_SCHEMA_ID;AUTH_BASIC_LDAP_USER_SCHEMA_ID + defaultValue: ownclouduuid type: string - description: LDAP User UUID attribute like 'uid'. + description: LDAP Attribute to use as the unique ID for users. This should be a + stable globally unique ID like a UUID. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING: - name: OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING;GRAPH_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING + name: OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING;AUTH_BASIC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING defaultValue: "false" type: bool description: Set this to true if the defined 'ID' attribute for users is of the - 'OCTETSTRING' syntax. This is required when using the 'objectGUID' attribute of - Active Directory for the user ID's. + 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute + of Active Directory for the user IDs. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_MAIL: - name: OCIS_LDAP_USER_SCHEMA_MAIL;IDP_LDAP_EMAIL_ATTRIBUTE + name: OCIS_LDAP_USER_SCHEMA_MAIL;AUTH_BASIC_LDAP_USER_SCHEMA_MAIL defaultValue: mail type: string - description: LDAP User email attribute like 'mail'. + description: LDAP Attribute to use for the email address of users. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_USER_TYPE: - name: OCIS_LDAP_USER_SCHEMA_USER_TYPE;GRAPH_LDAP_USER_TYPE_ATTRIBUTE + name: OCIS_LDAP_USER_SCHEMA_USER_TYPE;USERS_LDAP_USER_TYPE_ATTRIBUTE defaultValue: ownCloudUserType type: string description: LDAP Attribute to distinguish between 'Member' and 'Guest' users. Default @@ -8661,26 +8676,26 @@ OCIS_LDAP_USER_SCHEMA_USER_TYPE: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_USERNAME: - name: OCIS_LDAP_USER_SCHEMA_USERNAME;IDP_LDAP_NAME_ATTRIBUTE - defaultValue: displayName + name: OCIS_LDAP_USER_SCHEMA_USERNAME;AUTH_BASIC_LDAP_USER_SCHEMA_USERNAME + defaultValue: uid type: string - description: LDAP User name attribute like 'displayName'. + description: LDAP Attribute to use for username of users. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCOPE: - name: OCIS_LDAP_USER_SCOPE;IDP_LDAP_SCOPE + name: OCIS_LDAP_USER_SCOPE;AUTH_BASIC_LDAP_USER_SCOPE defaultValue: sub type: string - description: LDAP search scope to use when looking up users. Supported scopes are + description: LDAP search scope to use when looking up users. Supported values are 'base', 'one' and 'sub'. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LOG_COLOR: - name: OCIS_LOG_COLOR;APP_REGISTRY_LOG_COLOR + name: OCIS_LOG_COLOR;AUTH_BASIC_LOG_COLOR defaultValue: "false" type: bool description: Activates colorized log output. @@ -8689,7 +8704,7 @@ OCIS_LOG_COLOR: removalVersion: "" deprecationInfo: "" OCIS_LOG_FILE: - name: OCIS_LOG_FILE;APP_REGISTRY_LOG_FILE + name: OCIS_LOG_FILE;AUTH_BASIC_LOG_FILE defaultValue: "" type: string description: The path to the log file. Activates logging to this file if set. @@ -8698,7 +8713,7 @@ OCIS_LOG_FILE: removalVersion: "" deprecationInfo: "" OCIS_LOG_LEVEL: - name: OCIS_LOG_LEVEL;APP_REGISTRY_LOG_LEVEL + name: OCIS_LOG_LEVEL;AUTH_BASIC_LOG_LEVEL defaultValue: "" type: string description: 'The log level. Valid values are: ''panic'', ''fatal'', ''error'', @@ -8708,7 +8723,7 @@ OCIS_LOG_LEVEL: removalVersion: "" deprecationInfo: "" OCIS_LOG_PRETTY: - name: OCIS_LOG_PRETTY;APP_REGISTRY_LOG_PRETTY + name: OCIS_LOG_PRETTY;AUTH_BASIC_LOG_PRETTY defaultValue: "false" type: bool description: Activates pretty log output. @@ -8717,7 +8732,7 @@ OCIS_LOG_PRETTY: removalVersion: "" deprecationInfo: "" OCIS_MACHINE_AUTH_API_KEY: - name: OCIS_MACHINE_AUTH_API_KEY;OCDAV_MACHINE_AUTH_API_KEY + name: OCIS_MACHINE_AUTH_API_KEY;IDP_MACHINE_AUTH_API_KEY defaultValue: "" type: string description: Machine auth API key used to validate internal requests necessary for @@ -8738,10 +8753,11 @@ OCIS_OIDC_CLIENT_ID: removalVersion: "" deprecationInfo: "" OCIS_OIDC_ISSUER: - name: OCIS_URL;OCIS_OIDC_ISSUER;WEBFINGER_OIDC_ISSUER + name: OCIS_URL;OCIS_OIDC_ISSUER;AUTH_BASIC_IDP_URL defaultValue: https://localhost:9200 type: string - description: The identity provider href for the openid-discovery relation. + description: The identity provider value to set in the userids of the CS3 user objects + for users returned by this user provider. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -8814,8 +8830,8 @@ OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS: removalVersion: "" deprecationInfo: "" OCIS_PERSISTENT_STORE: - name: OCIS_PERSISTENT_STORE;USERLOG_STORE - defaultValue: memory + name: OCIS_PERSISTENT_STORE;ACTIVITYLOG_STORE + defaultValue: nats-js-kv type: string description: 'The type of the store. Supported values are: ''memory'', ''nats-js-kv'', ''redis-sentinel'', ''noop''. See the text description for details.' @@ -8824,7 +8840,7 @@ OCIS_PERSISTENT_STORE: removalVersion: "" deprecationInfo: "" OCIS_PERSISTENT_STORE_AUTH_PASSWORD: - name: OCIS_PERSISTENT_STORE_AUTH_PASSWORD;USERLOG_STORE_AUTH_PASSWORD + name: OCIS_PERSISTENT_STORE_AUTH_PASSWORD;ACTIVITYLOG_STORE_AUTH_PASSWORD defaultValue: "" type: string description: The password to authenticate with the store. Only applies when store @@ -8834,7 +8850,7 @@ OCIS_PERSISTENT_STORE_AUTH_PASSWORD: removalVersion: "" deprecationInfo: "" OCIS_PERSISTENT_STORE_AUTH_USERNAME: - name: OCIS_PERSISTENT_STORE_AUTH_USERNAME;USERLOG_STORE_AUTH_USERNAME + name: OCIS_PERSISTENT_STORE_AUTH_USERNAME;ACTIVITYLOG_STORE_AUTH_USERNAME defaultValue: "" type: string description: The username to authenticate with the store. Only applies when store @@ -8844,8 +8860,8 @@ OCIS_PERSISTENT_STORE_AUTH_USERNAME: removalVersion: "" deprecationInfo: "" OCIS_PERSISTENT_STORE_NODES: - name: OCIS_PERSISTENT_STORE_NODES;USERLOG_STORE_NODES - defaultValue: '[]' + name: OCIS_PERSISTENT_STORE_NODES;ACTIVITYLOG_STORE_NODES + defaultValue: '[127.0.0.1:9233]' type: '[]string' description: A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used @@ -8867,11 +8883,11 @@ OCIS_PERSISTENT_STORE_SIZE: removalVersion: "" deprecationInfo: "" OCIS_PERSISTENT_STORE_TTL: - name: OCIS_PERSISTENT_STORE_TTL;USERLOG_STORE_TTL - defaultValue: 336h0m0s + name: OCIS_PERSISTENT_STORE_TTL;ACTIVITYLOG_STORE_TTL + defaultValue: 0s type: Duration - description: Time to live for events in the store. Defaults to '336h' (2 weeks). - See the Environment Variable Types description for more details. + description: Time to live for events in the store. See the Environment Variable + Types description for more details. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -8917,7 +8933,7 @@ OCIS_REVA_GATEWAY_TLS_MODE: removalVersion: "" deprecationInfo: "" OCIS_SERVICE_ACCOUNT_ID: - name: OCIS_SERVICE_ACCOUNT_ID;USERLOG_SERVICE_ACCOUNT_ID + name: OCIS_SERVICE_ACCOUNT_ID;AUTH_SERVICE_SERVICE_ACCOUNT_ID defaultValue: "" type: string description: The ID of the service account the service should use. See the 'auth-service' @@ -8927,7 +8943,7 @@ OCIS_SERVICE_ACCOUNT_ID: removalVersion: "" deprecationInfo: "" OCIS_SERVICE_ACCOUNT_SECRET: - name: OCIS_SERVICE_ACCOUNT_SECRET;USERLOG_SERVICE_ACCOUNT_SECRET + name: OCIS_SERVICE_ACCOUNT_SECRET;AUTH_SERVICE_SERVICE_ACCOUNT_SECRET defaultValue: "" type: string description: The service account secret. @@ -8968,17 +8984,18 @@ OCIS_SHOW_USER_EMAIL_IN_RESULTS: removalVersion: "" deprecationInfo: "" OCIS_SPACES_MAX_QUOTA: - name: OCIS_SPACES_MAX_QUOTA;FRONTEND_MAX_QUOTA + name: OCIS_SPACES_MAX_QUOTA;STORAGE_USERS_OCIS_MAX_QUOTA defaultValue: "0" type: uint64 - description: Set the global max quota value in bytes. A value of 0 equals unlimited. - The value is provided via capabilities. + description: Set a global max quota for spaces in bytes. A value of 0 equals unlimited. + If not using the global OCIS_SPACES_MAX_QUOTA, you must define the FRONTEND_MAX_QUOTA + in the frontend service. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_SYSTEM_USER_API_KEY: - name: OCIS_SYSTEM_USER_API_KEY;SHARING_PUBLIC_CS3_SYSTEM_USER_API_KEY + name: OCIS_SYSTEM_USER_API_KEY defaultValue: "" type: string description: API key for the STORAGE-SYSTEM system user. @@ -8987,7 +9004,7 @@ OCIS_SYSTEM_USER_API_KEY: removalVersion: "" deprecationInfo: "" OCIS_SYSTEM_USER_ID: - name: OCIS_SYSTEM_USER_ID;SHARING_PUBLIC_CS3_SYSTEM_USER_ID + name: OCIS_SYSTEM_USER_ID;SETTINGS_SYSTEM_USER_ID defaultValue: "" type: string description: ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID @@ -8999,7 +9016,7 @@ OCIS_SYSTEM_USER_ID: removalVersion: "" deprecationInfo: "" OCIS_SYSTEM_USER_IDP: - name: OCIS_SYSTEM_USER_IDP;SHARING_PUBLIC_CS3_SYSTEM_USER_IDP + name: OCIS_SYSTEM_USER_IDP;SETTINGS_SYSTEM_USER_IDP defaultValue: internal type: string description: IDP of the oCIS STORAGE-SYSTEM system user. @@ -9008,7 +9025,7 @@ OCIS_SYSTEM_USER_IDP: removalVersion: "" deprecationInfo: "" OCIS_TRACING_COLLECTOR: - name: OCIS_TRACING_COLLECTOR;APP_REGISTRY_TRACING_COLLECTOR + name: OCIS_TRACING_COLLECTOR;AUTH_BASIC_TRACING_COLLECTOR defaultValue: "" type: string description: The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. @@ -9018,7 +9035,7 @@ OCIS_TRACING_COLLECTOR: removalVersion: "" deprecationInfo: "" OCIS_TRACING_ENABLED: - name: OCIS_TRACING_ENABLED;APP_REGISTRY_TRACING_ENABLED + name: OCIS_TRACING_ENABLED;AUTH_BASIC_TRACING_ENABLED defaultValue: "false" type: bool description: Activates tracing. @@ -9027,7 +9044,7 @@ OCIS_TRACING_ENABLED: removalVersion: "" deprecationInfo: "" OCIS_TRACING_ENDPOINT: - name: OCIS_TRACING_ENDPOINT;APP_REGISTRY_TRACING_ENDPOINT + name: OCIS_TRACING_ENDPOINT;AUTH_BASIC_TRACING_ENDPOINT defaultValue: "" type: string description: The endpoint of the tracing agent. @@ -9036,7 +9053,7 @@ OCIS_TRACING_ENDPOINT: removalVersion: "" deprecationInfo: "" OCIS_TRACING_TYPE: - name: OCIS_TRACING_TYPE;APP_REGISTRY_TRACING_TYPE + name: OCIS_TRACING_TYPE;AUTH_BASIC_TRACING_TYPE defaultValue: "" type: string description: The type of tracing. Defaults to '', which is the same as 'jaeger'. @@ -9055,34 +9072,33 @@ OCIS_TRANSFER_SECRET: removalVersion: "" deprecationInfo: "" OCIS_TRANSLATION_PATH: - name: OCIS_TRANSLATION_PATH;USERLOG_TRANSLATION_PATH + name: OCIS_TRANSLATION_PATH;ACTIVITYLOG_TRANSLATION_PATH defaultValue: "" type: string description: (optional) Set this to a path with custom translations to overwrite the builtin translations. Note that file and folder naming rules apply, see the documentation for more details. - introductionVersion: pre5.0 + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_URL: - name: OCIS_URL;WEBFINGER_OWNCLOUD_SERVER_INSTANCE_URL + name: OCIS_URL;OCIS_OIDC_ISSUER;AUTH_BASIC_IDP_URL defaultValue: https://localhost:9200 type: string - description: The URL for the legacy ownCloud server instance relation (not to be - confused with the product ownCloud Server). It defaults to the OCIS_URL but can - be overridden to support some reverse proxy corner cases. To shard the deployment, - multiple instances can be configured in the configuration file. + description: The identity provider value to set in the userids of the CS3 user objects + for users returned by this user provider. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_WOPI_DISABLE_CHAT: - name: APP_PROVIDER_WOPI_DISABLE_CHAT;OCIS_WOPI_DISABLE_CHAT + name: COLLABORATION_WOPI_DISABLE_CHAT;OCIS_WOPI_DISABLE_CHAT defaultValue: "false" type: bool - description: Disable the chat functionality of the office app. - introductionVersion: pre5.0 + description: Disable chat in the office web frontend. This feature applies to OnlyOffice + and Microsoft. + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -10472,7 +10488,7 @@ PROXY_ENABLE_APP_AUTH: type: bool description: Allow app authentication. This can be used to authenticate 3rd party applications. Note that auth-app service must be running for this feature to work. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -10500,7 +10516,7 @@ PROXY_EVENTS_AUTH_PASSWORD: type: string description: The password to authenticate with the events broker. The events broker is the ocis service which receives and delivers events between the services. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -10510,7 +10526,7 @@ PROXY_EVENTS_AUTH_USERNAME: type: string description: The username to authenticate with the events broker. The events broker is the ocis service which receives and delivers events between the services. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -10520,7 +10536,7 @@ PROXY_EVENTS_CLUSTER: type: string description: The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -10530,7 +10546,7 @@ PROXY_EVENTS_ENABLE_TLS: type: bool description: Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -10541,7 +10557,7 @@ PROXY_EVENTS_ENDPOINT: description: The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Set to a empty string to disable emitting events. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -10550,7 +10566,7 @@ PROXY_EVENTS_TLS_INSECURE: defaultValue: "false" type: bool description: Whether to verify the server TLS certificates. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -10560,7 +10576,7 @@ PROXY_EVENTS_TLS_ROOT_CA_CERTIFICATE: type: string description: The root CA certificate used to validate the server's TLS certificate. If provided PROXY_EVENTS_TLS_INSECURE will be seen as false. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -14376,7 +14392,7 @@ STORAGE_USERS_SERVICE_NAME: description: Service name to use. Change this when starting an additional storage provider with a custom configuration to prevent it from colliding with the default 'storage-users' service. - introductionVersion: '%%NEXT%%' + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: ""