From c99934a0606cd4b4f4b2191c3751d4ecb5a9ca91 Mon Sep 17 00:00:00 2001 From: mmattel Date: Thu, 1 Aug 2024 11:51:40 +0200 Subject: [PATCH] [docs-only] [chore] update env_vars.yaml --- docs/helpers/env_vars.yaml | 553 +++++++++++++++++++++++++++---------- 1 file changed, 406 insertions(+), 147 deletions(-) diff --git a/docs/helpers/env_vars.yaml b/docs/helpers/env_vars.yaml index 8f360fec3c..5131e64aca 100644 --- a/docs/helpers/env_vars.yaml +++ b/docs/helpers/env_vars.yaml @@ -1203,6 +1203,167 @@ AUDIT_TRACING_TYPE: deprecationVersion: "" removalVersion: "" deprecationInfo: "" +AUTH_APP_DEBUG_ADDR: + name: AUTH_APP_DEBUG_ADDR + defaultValue: 127.0.0.1:9245 + type: string + description: Bind address of the debug server, where metrics, health, config and + debug endpoints will be exposed. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +AUTH_APP_DEBUG_PPROF: + name: AUTH_APP_DEBUG_PPROF + defaultValue: "false" + type: bool + description: Enables pprof, which can be used for profiling. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +AUTH_APP_DEBUG_TOKEN: + name: AUTH_APP_DEBUG_TOKEN + defaultValue: "" + type: string + description: Token to secure the metrics endpoint. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +AUTH_APP_DEBUG_ZPAGES: + name: AUTH_APP_DEBUG_ZPAGES + defaultValue: "false" + type: bool + description: Enables zpages, which can be used for collecting and viewing traces + in-memory. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +AUTH_APP_GRPC_ADDR: + name: AUTH_APP_GRPC_ADDR + defaultValue: 127.0.0.1:9246 + type: string + description: The bind address of the GRPC service. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +AUTH_APP_GRPC_PROTOCOL: + name: AUTH_APP_GRPC_PROTOCOL + defaultValue: tcp + type: string + description: The transport protocol of the GRPC service. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +AUTH_APP_JWT_SECRET: + name: OCIS_JWT_SECRET;AUTH_APP_JWT_SECRET + defaultValue: "" + type: string + description: The secret to mint and validate jwt tokens. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +AUTH_APP_LOG_COLOR: + name: OCIS_LOG_COLOR;AUTH_APP_LOG_COLOR + defaultValue: "false" + type: bool + description: Activates colorized log output. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +AUTH_APP_LOG_FILE: + name: OCIS_LOG_FILE;AUTH_APP_LOG_FILE + defaultValue: "" + type: string + description: The path to the log file. Activates logging to this file if set. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +AUTH_APP_LOG_LEVEL: + name: OCIS_LOG_LEVEL;AUTH_APP_LOG_LEVEL + defaultValue: "" + type: string + description: 'The log level. Valid values are: ''panic'', ''fatal'', ''error'', + ''warn'', ''info'', ''debug'', ''trace''.' + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +AUTH_APP_LOG_PRETTY: + name: OCIS_LOG_PRETTY;AUTH_APP_LOG_PRETTY + defaultValue: "false" + type: bool + description: Activates pretty log output. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +AUTH_APP_MACHINE_AUTH_API_KEY: + name: OCIS_MACHINE_AUTH_API_KEY;AUTH_APP_MACHINE_AUTH_API_KEY + defaultValue: "" + type: string + description: The machine auth API key used to validate internal requests necessary + to access resources from other services. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +AUTH_APP_SKIP_USER_GROUPS_IN_TOKEN: + name: AUTH_APP_SKIP_USER_GROUPS_IN_TOKEN + defaultValue: "false" + type: bool + description: Disables the encoding of the user's group memberships in the access + token. This reduces the token size, especially when users are members of a large + number of groups. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +AUTH_APP_TRACING_COLLECTOR: + name: OCIS_TRACING_COLLECTOR;AUTH_APP_TRACING_COLLECTOR + defaultValue: "" + type: string + description: The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. + Only used if the tracing endpoint is unset. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +AUTH_APP_TRACING_ENABLED: + name: OCIS_TRACING_ENABLED;AUTH_APP_TRACING_ENABLED + defaultValue: "false" + type: bool + description: Activates tracing. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +AUTH_APP_TRACING_ENDPOINT: + name: OCIS_TRACING_ENDPOINT;AUTH_APP_TRACING_ENDPOINT + defaultValue: "" + type: string + description: The endpoint of the tracing agent. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +AUTH_APP_TRACING_TYPE: + name: OCIS_TRACING_TYPE;AUTH_APP_TRACING_TYPE + defaultValue: "" + type: string + description: The type of tracing. Defaults to '', which is the same as 'jaeger'. + Allowed tracing types are 'jaeger' and '' as of now. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" AUTH_BASIC_AUTH_MANAGER: name: AUTH_BASIC_AUTH_MANAGER defaultValue: ldap @@ -2515,7 +2676,27 @@ COLLABORATION_APP_NAME: name: COLLABORATION_APP_NAME defaultValue: Collabora type: string - description: The name of the app, either Collabora, OnlyOffice or Microsoft365 + description: The name of the app, either Collabora, OnlyOffice, Microsoft365 or + MicrosoftOfficeOnline + introductionVersion: 6.0.0 + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +COLLABORATION_APP_PROOF_DISABLE: + name: COLLABORATION_APP_PROOF_DISABLE + defaultValue: "false" + type: bool + description: Disable the proof keys verification + introductionVersion: 6.0.0 + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +COLLABORATION_APP_PROOF_DURATION: + name: COLLABORATION_APP_PROOF_DURATION + defaultValue: 12h + type: string + description: Duration for the proof keys to be cached in memory, using time.ParseDuration + format. If the duration can't be parsed, we'll use the default 12h as duration introductionVersion: 6.0.0 deprecationVersion: "" removalVersion: "" @@ -7428,12 +7609,12 @@ OCDAV_WEBDAV_NAMESPACE: removalVersion: "" deprecationInfo: "" OCIS_ADMIN_USER_ID: - name: OCIS_ADMIN_USER_ID;IDM_ADMIN_USER_ID + name: OCIS_ADMIN_USER_ID;STORAGE_USERS_PURGE_TRASH_BIN_USER_ID defaultValue: "" type: string - description: ID of the user that should receive admin privileges. Consider that - the UUID can be encoded in some LDAP deployment configurations like in .ldif files. - These need to be decoded beforehand. + description: ID of the user who collects all necessary information for deletion. + Consider that the UUID can be encoded in some LDAP deployment configurations like + in .ldif files. These need to be decoded beforehand. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -7449,7 +7630,7 @@ OCIS_ASSET_THEMES_PATH: removalVersion: "" deprecationInfo: "" OCIS_ASYNC_UPLOADS: - name: OCIS_ASYNC_UPLOADS;SEARCH_EVENTS_ASYNC_UPLOADS + name: OCIS_ASYNC_UPLOADS defaultValue: "true" type: bool description: Enable asynchronous file uploads. @@ -7458,20 +7639,20 @@ OCIS_ASYNC_UPLOADS: removalVersion: "" deprecationInfo: "" OCIS_CACHE_AUTH_PASSWORD: - name: OCIS_CACHE_AUTH_PASSWORD;GRAPH_CACHE_AUTH_PASSWORD + name: OCIS_CACHE_AUTH_PASSWORD;PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE_AUTH_PASSWORD defaultValue: "" type: string - description: The password to authenticate with the cache. Only applies when store + description: The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured. introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CACHE_AUTH_USERNAME: - name: OCIS_CACHE_AUTH_USERNAME;GRAPH_CACHE_AUTH_USERNAME + name: OCIS_CACHE_AUTH_USERNAME;PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE_AUTH_USERNAME defaultValue: "" type: string - description: The username to authenticate with the cache. Only applies when store + description: The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured. introductionVersion: "5.0" deprecationVersion: "" @@ -7479,7 +7660,7 @@ OCIS_CACHE_AUTH_USERNAME: deprecationInfo: "" OCIS_CACHE_DATABASE: name: OCIS_CACHE_DATABASE - defaultValue: cache-createhome + defaultValue: cache-userinfo type: string description: The database name the configured store should use. introductionVersion: pre5.0 @@ -7487,61 +7668,61 @@ OCIS_CACHE_DATABASE: removalVersion: "" deprecationInfo: "" OCIS_CACHE_DISABLE_PERSISTENCE: - name: OCIS_CACHE_DISABLE_PERSISTENCE;GRAPH_CACHE_DISABLE_PERSISTENCE - defaultValue: "false" + name: OCIS_CACHE_DISABLE_PERSISTENCE;PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE_DISABLE_PERSISTENCE + defaultValue: "true" type: bool - description: Disables persistence of the cache. Only applies when store type 'nats-js-kv' - is configured. Defaults to false. + description: Disables persistence of the store. Only applies when store type 'nats-js-kv' + is configured. Defaults to true. introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CACHE_SIZE: - name: OCIS_CACHE_SIZE;GRAPH_CACHE_SIZE + name: OCIS_CACHE_SIZE;PROXY_OIDC_USERINFO_CACHE_SIZE defaultValue: "0" type: int - description: The maximum quantity of items in the store. Only applies when store - type 'ocmem' is configured. Defaults to 512 which is derived from the ocmem package - though not explicitly set as default. + description: The maximum quantity of items in the user info cache. Only applies + when store type 'ocmem' is configured. Defaults to 512 which is derived from the + ocmem package though not explicitly set as default. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CACHE_STORE: - name: OCIS_CACHE_STORE;GRAPH_CACHE_STORE - defaultValue: memory + name: OCIS_CACHE_STORE;PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE + defaultValue: nats-js-kv type: string - description: 'The type of the cache store. Supported values are: ''memory'', ''redis-sentinel'', - ''nats-js-kv'', ''noop''. See the text description for details.' - introductionVersion: pre5.0 + description: 'The type of the signing key store. Supported values are: ''redis-sentinel'', + ''nats-js-kv'' and ''ocisstoreservice'' (deprecated). See the text description + for details.' + introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CACHE_STORE_NODES: - name: OCIS_CACHE_STORE_NODES;GRAPH_CACHE_STORE_NODES + name: OCIS_CACHE_STORE_NODES;PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE_NODES defaultValue: '[127.0.0.1:9233]' type: '[]string' - description: A list of nodes to access the configured store. This has no effect - when 'memory' or 'ocmem' stores are configured. Note that the behaviour how nodes - are used is dependent on the library of the configured store. See the Environment - Variable Types description for more details. - introductionVersion: pre5.0 + description: A list of nodes to access the configured store. Note that the behaviour + how nodes are used is dependent on the library of the configured store. See the + Environment Variable Types description for more details. + introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CACHE_TTL: - name: OCIS_CACHE_TTL;GRAPH_CACHE_TTL - defaultValue: 336h0m0s + name: OCIS_CACHE_TTL;PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE_TTL + defaultValue: 12h0m0s type: Duration - description: Time to live for cache records in the graph. Defaults to '336h' (2 - weeks). See the Environment Variable Types description for more details. - introductionVersion: pre5.0 + description: Default time to live for signing keys. See the Environment Variable + Types description for more details. + introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CORS_ALLOW_CREDENTIALS: - name: OCIS_CORS_ALLOW_CREDENTIALS;OCDAV_CORS_ALLOW_CREDENTIALS - defaultValue: "false" + name: OCIS_CORS_ALLOW_CREDENTIALS;WEBDAV_CORS_ALLOW_CREDENTIALS + defaultValue: "true" type: bool description: 'Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.' @@ -7550,11 +7731,9 @@ OCIS_CORS_ALLOW_CREDENTIALS: removalVersion: "" deprecationInfo: "" OCIS_CORS_ALLOW_HEADERS: - name: OCIS_CORS_ALLOW_HEADERS;OCDAV_CORS_ALLOW_HEADERS - defaultValue: '[Origin Accept Content-Type Depth Authorization Ocs-Apirequest If-None-Match - If-Match Destination Overwrite X-Request-Id X-Requested-With Tus-Resumable Tus-Checksum-Algorithm - Upload-Concat Upload-Length Upload-Metadata Upload-Defer-Length Upload-Expires - Upload-Checksum Upload-Offset X-HTTP-Method-Override Cache-Control]' + name: OCIS_CORS_ALLOW_HEADERS;WEBDAV_CORS_ALLOW_HEADERS + defaultValue: '[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id + Cache-Control]' type: '[]string' description: 'A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. @@ -7564,9 +7743,8 @@ OCIS_CORS_ALLOW_HEADERS: removalVersion: "" deprecationInfo: "" OCIS_CORS_ALLOW_METHODS: - name: OCIS_CORS_ALLOW_METHODS;OCDAV_CORS_ALLOW_METHODS - defaultValue: '[OPTIONS HEAD GET PUT POST DELETE MKCOL PROPFIND PROPPATCH MOVE COPY - REPORT SEARCH]' + name: OCIS_CORS_ALLOW_METHODS;WEBDAV_CORS_ALLOW_METHODS + defaultValue: '[GET POST PUT PATCH DELETE OPTIONS]' type: '[]string' description: 'A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. @@ -7576,8 +7754,8 @@ OCIS_CORS_ALLOW_METHODS: removalVersion: "" deprecationInfo: "" OCIS_CORS_ALLOW_ORIGINS: - name: OCIS_CORS_ALLOW_ORIGINS;OCDAV_CORS_ALLOW_ORIGINS - defaultValue: '[https://localhost:9200]' + name: OCIS_CORS_ALLOW_ORIGINS;WEBDAV_CORS_ALLOW_ORIGINS + defaultValue: '[*]' type: '[]string' description: 'A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. @@ -7611,7 +7789,7 @@ OCIS_CORS_MAX_AGE: removalVersion: "" deprecationInfo: "" OCIS_DECOMPOSEDFS_METADATA_BACKEND: - name: OCIS_DECOMPOSEDFS_METADATA_BACKEND;STORAGE_SYSTEM_OCIS_METADATA_BACKEND + name: OCIS_DECOMPOSEDFS_METADATA_BACKEND;STORAGE_USERS_OCIS_METADATA_BACKEND defaultValue: messagepack type: string description: The backend to use for storing metadata. Supported values are 'messagepack' @@ -7642,13 +7820,12 @@ OCIS_DEFAULT_LANGUAGE: removalVersion: "" deprecationInfo: "" OCIS_DISABLE_PREVIEWS: - name: OCIS_DISABLE_PREVIEWS;WEB_OPTION_DISABLE_PREVIEWS + name: OCIS_DISABLE_PREVIEWS;WEBDAV_DISABLE_PREVIEWS defaultValue: "false" type: bool - description: Set this option to 'true' to disable previews in all the different - web file listing views. This can speed up file listings in folders with many files. - The only list view that is not affected by this setting is the trash bin, as it - does not allow previewing at all. + description: Set this option to 'true' to disable rendering of thumbnails triggered + via webdav access. Note that when disabled, all access to preview related webdav + paths will return a 404. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -7712,63 +7889,63 @@ OCIS_ENABLE_RESHARING: removalVersion: "" deprecationInfo: Resharing will be removed in the future. OCIS_EVENTS_AUTH_PASSWORD: - name: OCIS_EVENTS_AUTH_PASSWORD;GRAPH_EVENTS_AUTH_PASSWORD + name: OCIS_EVENTS_AUTH_PASSWORD;PROXY_EVENTS_AUTH_PASSWORD defaultValue: "" type: string description: The password to authenticate with the events broker. The events broker is the ocis service which receives and delivers events between the services. - introductionVersion: "5.0" + introductionVersion: '%%NEXT%%' deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_EVENTS_AUTH_USERNAME: - name: OCIS_EVENTS_AUTH_USERNAME;GRAPH_EVENTS_AUTH_USERNAME + name: OCIS_EVENTS_AUTH_USERNAME;PROXY_EVENTS_AUTH_USERNAME defaultValue: "" type: string description: The username to authenticate with the events broker. The events broker is the ocis service which receives and delivers events between the services. - introductionVersion: "5.0" + introductionVersion: '%%NEXT%%' deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_EVENTS_CLUSTER: - name: OCIS_EVENTS_CLUSTER;GRAPH_EVENTS_CLUSTER + name: OCIS_EVENTS_CLUSTER;PROXY_EVENTS_CLUSTER defaultValue: ocis-cluster type: string description: The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. - introductionVersion: pre5.0 + introductionVersion: '%%NEXT%%' deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_EVENTS_ENABLE_TLS: - name: OCIS_EVENTS_ENABLE_TLS;NATS_EVENTS_ENABLE_TLS + name: OCIS_EVENTS_ENABLE_TLS;PROXY_EVENTS_ENABLE_TLS defaultValue: "false" type: bool description: Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services. - introductionVersion: pre5.0 + introductionVersion: '%%NEXT%%' deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_EVENTS_ENDPOINT: - name: OCIS_EVENTS_ENDPOINT;GRAPH_EVENTS_ENDPOINT + name: OCIS_EVENTS_ENDPOINT;PROXY_EVENTS_ENDPOINT defaultValue: 127.0.0.1:9233 type: string description: The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Set to a empty string to disable emitting events. - introductionVersion: pre5.0 + introductionVersion: '%%NEXT%%' deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE: - name: OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE;GRAPH_EVENTS_TLS_ROOT_CA_CERTIFICATE + name: OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE;PROXY_EVENTS_TLS_ROOT_CA_CERTIFICATE defaultValue: "" type: string description: The root CA certificate used to validate the server's TLS certificate. - If provided GRAPH_EVENTS_TLS_INSECURE will be seen as false. - introductionVersion: pre5.0 + If provided PROXY_EVENTS_TLS_INSECURE will be seen as false. + introductionVersion: '%%NEXT%%' deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -7836,16 +8013,16 @@ OCIS_HTTP_TLS_KEY: removalVersion: "" deprecationInfo: "" OCIS_INSECURE: - name: OCIS_INSECURE;OCDAV_INSECURE + name: OCIS_INSECURE;PROXY_EVENTS_TLS_INSECURE defaultValue: "false" type: bool - description: Allow insecure connections to the GATEWAY service. - introductionVersion: pre5.0 + description: Whether to verify the server TLS certificates. + introductionVersion: '%%NEXT%%' deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_JWT_SECRET: - name: OCIS_JWT_SECRET;OCDAV_JWT_SECRET + name: OCIS_JWT_SECRET;GATEWAY_JWT_SECRET defaultValue: "" type: string description: The secret to mint and validate jwt tokens. @@ -7909,8 +8086,8 @@ OCIS_KEYCLOAK_USER_REALM: removalVersion: "" deprecationInfo: "" OCIS_LDAP_BIND_DN: - name: OCIS_LDAP_BIND_DN;GROUPS_LDAP_BIND_DN - defaultValue: uid=reva,ou=sysusers,o=libregraph-idm + name: OCIS_LDAP_BIND_DN;IDP_LDAP_BIND_DN + defaultValue: uid=idp,ou=sysusers,o=libregraph-idm type: string description: LDAP DN to use for simple bind authentication with the target LDAP server. @@ -7919,7 +8096,7 @@ OCIS_LDAP_BIND_DN: removalVersion: "" deprecationInfo: "" OCIS_LDAP_BIND_PASSWORD: - name: OCIS_LDAP_BIND_PASSWORD;GROUPS_LDAP_BIND_PASSWORD + name: OCIS_LDAP_BIND_PASSWORD;IDP_LDAP_BIND_PASSWORD defaultValue: "" type: string description: Password to use for authenticating the 'bind_dn'. @@ -7928,31 +8105,31 @@ OCIS_LDAP_BIND_PASSWORD: removalVersion: "" deprecationInfo: "" OCIS_LDAP_CACERT: - name: OCIS_LDAP_CACERT;GROUPS_LDAP_CACERT + name: OCIS_LDAP_CACERT;IDP_LDAP_TLS_CACERT defaultValue: /var/lib/ocis/idm/ldap.crt type: string description: Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root - directory derives from $OCIS_BASE_DATA_PATH:/idm. + directory derives from $OCIS_BASE_DATA_PATH:/idp. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_DISABLE_USER_MECHANISM: - name: OCIS_LDAP_DISABLE_USER_MECHANISM;GRAPH_DISABLE_USER_MECHANISM + name: OCIS_LDAP_DISABLE_USER_MECHANISM;USERS_LDAP_DISABLE_USER_MECHANISM defaultValue: attribute type: string - description: An option to control the behavior for disabling users. Supported options + description: An option to control the behavior for disabling users. Valid options are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API will add the user to the configured group for disabled users, if set to 'attribute' this will be done in the ldap user entry, if set to 'none' the disable request - is not processed. Default is 'attribute'. + is not processed. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_DISABLED_USERS_GROUP_DN: - name: OCIS_LDAP_DISABLED_USERS_GROUP_DN;GRAPH_DISABLED_USERS_GROUP_DN + name: OCIS_LDAP_DISABLED_USERS_GROUP_DN;USERS_LDAP_DISABLED_USERS_GROUP_DN defaultValue: cn=DisabledUsersGroup,ou=groups,o=libregraph-idm type: string description: The distinguished name of the group to which added users will be classified @@ -7962,7 +8139,7 @@ OCIS_LDAP_DISABLED_USERS_GROUP_DN: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_BASE_DN: - name: OCIS_LDAP_GROUP_BASE_DN;GROUPS_LDAP_GROUP_BASE_DN + name: OCIS_LDAP_GROUP_BASE_DN;USERS_LDAP_GROUP_BASE_DN defaultValue: ou=groups,o=libregraph-idm type: string description: Search base DN for looking up LDAP groups. @@ -7971,7 +8148,7 @@ OCIS_LDAP_GROUP_BASE_DN: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_FILTER: - name: OCIS_LDAP_GROUP_FILTER;GROUPS_LDAP_GROUP_FILTER + name: OCIS_LDAP_GROUP_FILTER;USERS_LDAP_GROUP_FILTER defaultValue: "" type: string description: LDAP filter to add to the default filters for group searches. @@ -7980,17 +8157,17 @@ OCIS_LDAP_GROUP_FILTER: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_OBJECTCLASS: - name: OCIS_LDAP_GROUP_OBJECTCLASS;GROUPS_LDAP_GROUP_OBJECTCLASS + name: OCIS_LDAP_GROUP_OBJECTCLASS;USERS_LDAP_GROUP_OBJECTCLASS defaultValue: groupOfNames type: string description: The object class to use for groups in the default group search filter - ('groupOfNames'). + like 'groupOfNames'. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME: - name: OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME;GROUPS_LDAP_GROUP_SCHEMA_DISPLAYNAME + name: OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME;USERS_LDAP_GROUP_SCHEMA_DISPLAYNAME defaultValue: cn type: string description: LDAP Attribute to use for the displayname of groups (often the same @@ -8000,7 +8177,7 @@ OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_GROUPNAME: - name: OCIS_LDAP_GROUP_SCHEMA_GROUPNAME;GROUPS_LDAP_GROUP_SCHEMA_GROUPNAME + name: OCIS_LDAP_GROUP_SCHEMA_GROUPNAME;USERS_LDAP_GROUP_SCHEMA_GROUPNAME defaultValue: cn type: string description: LDAP Attribute to use for the name of groups. @@ -8009,17 +8186,17 @@ OCIS_LDAP_GROUP_SCHEMA_GROUPNAME: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_ID: - name: OCIS_LDAP_GROUP_SCHEMA_ID;GROUPS_LDAP_GROUP_SCHEMA_ID + name: OCIS_LDAP_GROUP_SCHEMA_ID;USERS_LDAP_GROUP_SCHEMA_ID defaultValue: ownclouduuid type: string - description: LDAP Attribute to use as the unique id for groups. This should be a + description: LDAP Attribute to use as the unique ID for groups. This should be a stable globally unique ID like a UUID. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING: - name: OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING;GROUPS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING + name: OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING;USERS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING defaultValue: "false" type: bool description: Set this to true if the defined 'id' attribute for groups is of the @@ -8030,7 +8207,7 @@ OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_MAIL: - name: OCIS_LDAP_GROUP_SCHEMA_MAIL;GROUPS_LDAP_GROUP_SCHEMA_MAIL + name: OCIS_LDAP_GROUP_SCHEMA_MAIL;USERS_LDAP_GROUP_SCHEMA_MAIL defaultValue: mail type: string description: LDAP Attribute to use for the email address of groups (can be empty). @@ -8039,7 +8216,7 @@ OCIS_LDAP_GROUP_SCHEMA_MAIL: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_MEMBER: - name: OCIS_LDAP_GROUP_SCHEMA_MEMBER;GROUPS_LDAP_GROUP_SCHEMA_MEMBER + name: OCIS_LDAP_GROUP_SCHEMA_MEMBER;USERS_LDAP_GROUP_SCHEMA_MEMBER defaultValue: member type: string description: LDAP Attribute that is used for group members. @@ -8048,17 +8225,17 @@ OCIS_LDAP_GROUP_SCHEMA_MEMBER: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCOPE: - name: OCIS_LDAP_GROUP_SCOPE;GROUPS_LDAP_GROUP_SCOPE + name: OCIS_LDAP_GROUP_SCOPE;USERS_LDAP_GROUP_SCOPE defaultValue: sub type: string - description: LDAP search scope to use when looking up groups. Supported scopes are + description: LDAP search scope to use when looking up groups. Supported values are 'base', 'one' and 'sub'. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_INSECURE: - name: OCIS_LDAP_INSECURE;GROUPS_LDAP_INSECURE + name: OCIS_LDAP_INSECURE;IDP_INSECURE defaultValue: "false" type: bool description: Disable TLS certificate validation for the LDAP connections. Do not @@ -8080,17 +8257,16 @@ OCIS_LDAP_SERVER_WRITE_ENABLED: removalVersion: "" deprecationInfo: "" OCIS_LDAP_URI: - name: OCIS_LDAP_URI;GROUPS_LDAP_URI + name: OCIS_LDAP_URI;IDP_LDAP_URI defaultValue: ldaps://localhost:9235 type: string - description: URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' - and 'ldap://' + description: Url of the LDAP service to use as IDP. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_BASE_DN: - name: OCIS_LDAP_USER_BASE_DN;GROUPS_LDAP_USER_BASE_DN + name: OCIS_LDAP_USER_BASE_DN;IDP_LDAP_BASE_DN defaultValue: ou=users,o=libregraph-idm type: string description: Search base DN for looking up LDAP users. @@ -8099,7 +8275,7 @@ OCIS_LDAP_USER_BASE_DN: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_ENABLED_ATTRIBUTE: - name: OCIS_LDAP_USER_ENABLED_ATTRIBUTE;GRAPH_USER_ENABLED_ATTRIBUTE + name: OCIS_LDAP_USER_ENABLED_ATTRIBUTE;IDP_USER_ENABLED_ATTRIBUTE defaultValue: ownCloudUserEnabled type: string description: LDAP Attribute to use as a flag telling if the user is enabled or disabled. @@ -8108,7 +8284,7 @@ OCIS_LDAP_USER_ENABLED_ATTRIBUTE: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_FILTER: - name: OCIS_LDAP_USER_FILTER;GROUPS_LDAP_USER_FILTER + name: OCIS_LDAP_USER_FILTER;IDP_LDAP_FILTER defaultValue: "" type: string description: LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'. @@ -8117,17 +8293,16 @@ OCIS_LDAP_USER_FILTER: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_OBJECTCLASS: - name: OCIS_LDAP_USER_OBJECTCLASS;GROUPS_LDAP_USER_OBJECTCLASS + name: OCIS_LDAP_USER_OBJECTCLASS;IDP_LDAP_OBJECTCLASS defaultValue: inetOrgPerson type: string - description: The object class to use for users in the default user search filter - ('inetOrgPerson'). + description: LDAP User ObjectClass like 'inetOrgPerson'. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_DISPLAYNAME: - name: OCIS_LDAP_USER_SCHEMA_DISPLAYNAME;GROUPS_LDAP_USER_SCHEMA_DISPLAYNAME + name: OCIS_LDAP_USER_SCHEMA_DISPLAYNAME;USERS_LDAP_USER_SCHEMA_DISPLAYNAME defaultValue: displayname type: string description: LDAP Attribute to use for the displayname of users. @@ -8136,17 +8311,16 @@ OCIS_LDAP_USER_SCHEMA_DISPLAYNAME: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_ID: - name: OCIS_LDAP_USER_SCHEMA_ID;GROUPS_LDAP_USER_SCHEMA_ID - defaultValue: ownclouduuid + name: OCIS_LDAP_USER_SCHEMA_ID;IDP_LDAP_UUID_ATTRIBUTE + defaultValue: ownCloudUUID type: string - description: LDAP Attribute to use as the unique id for users. This should be a - stable globally unique id like a UUID. + description: LDAP User UUID attribute like 'uid'. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING: - name: OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING;GROUPS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING + name: OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING;USERS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING defaultValue: "false" type: bool description: Set this to true if the defined 'ID' attribute for users is of the @@ -8157,16 +8331,16 @@ OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_MAIL: - name: OCIS_LDAP_USER_SCHEMA_MAIL;GROUPS_LDAP_USER_SCHEMA_MAIL + name: OCIS_LDAP_USER_SCHEMA_MAIL;IDP_LDAP_EMAIL_ATTRIBUTE defaultValue: mail type: string - description: LDAP Attribute to use for the email address of users. + description: LDAP User email attribute like 'mail'. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_USER_TYPE: - name: OCIS_LDAP_USER_SCHEMA_USER_TYPE;GRAPH_LDAP_USER_TYPE_ATTRIBUTE + name: OCIS_LDAP_USER_SCHEMA_USER_TYPE;USERS_LDAP_USER_TYPE_ATTRIBUTE defaultValue: ownCloudUserType type: string description: LDAP Attribute to distinguish between 'Member' and 'Guest' users. Default @@ -8176,16 +8350,16 @@ OCIS_LDAP_USER_SCHEMA_USER_TYPE: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_USERNAME: - name: OCIS_LDAP_USER_SCHEMA_USERNAME;GROUPS_LDAP_USER_SCHEMA_USERNAME - defaultValue: uid + name: OCIS_LDAP_USER_SCHEMA_USERNAME;IDP_LDAP_NAME_ATTRIBUTE + defaultValue: displayName type: string - description: LDAP Attribute to use for username of users. + description: LDAP User name attribute like 'displayName'. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCOPE: - name: OCIS_LDAP_USER_SCOPE;GROUPS_LDAP_USER_SCOPE + name: OCIS_LDAP_USER_SCOPE;IDP_LDAP_SCOPE defaultValue: sub type: string description: LDAP search scope to use when looking up users. Supported scopes are @@ -8195,7 +8369,7 @@ OCIS_LDAP_USER_SCOPE: removalVersion: "" deprecationInfo: "" OCIS_LOG_COLOR: - name: OCIS_LOG_COLOR;OCDAV_LOG_COLOR + name: OCIS_LOG_COLOR;PROXY_LOG_COLOR defaultValue: "false" type: bool description: Activates colorized log output. @@ -8204,7 +8378,7 @@ OCIS_LOG_COLOR: removalVersion: "" deprecationInfo: "" OCIS_LOG_FILE: - name: OCIS_LOG_FILE;OCDAV_LOG_FILE + name: OCIS_LOG_FILE;PROXY_LOG_FILE defaultValue: "" type: string description: The path to the log file. Activates logging to this file if set. @@ -8213,7 +8387,7 @@ OCIS_LOG_FILE: removalVersion: "" deprecationInfo: "" OCIS_LOG_LEVEL: - name: OCIS_LOG_LEVEL;OCDAV_LOG_LEVEL + name: OCIS_LOG_LEVEL;PROXY_LOG_LEVEL defaultValue: "" type: string description: 'The log level. Valid values are: ''panic'', ''fatal'', ''error'', @@ -8223,7 +8397,7 @@ OCIS_LOG_LEVEL: removalVersion: "" deprecationInfo: "" OCIS_LOG_PRETTY: - name: OCIS_LOG_PRETTY;OCDAV_LOG_PRETTY + name: OCIS_LOG_PRETTY;PROXY_LOG_PRETTY defaultValue: "false" type: bool description: Activates pretty log output. @@ -8232,11 +8406,11 @@ OCIS_LOG_PRETTY: removalVersion: "" deprecationInfo: "" OCIS_MACHINE_AUTH_API_KEY: - name: OCIS_MACHINE_AUTH_API_KEY;OCDAV_MACHINE_AUTH_API_KEY + name: OCIS_MACHINE_AUTH_API_KEY;PROXY_MACHINE_AUTH_API_KEY defaultValue: "" type: string - description: Machine auth API key used to validate internal requests necessary for - the access to resources from other services. + description: Machine auth API key used to validate internal requests necessary to + access resources from other services. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -8253,11 +8427,10 @@ OCIS_OIDC_CLIENT_ID: removalVersion: "" deprecationInfo: "" OCIS_OIDC_ISSUER: - name: OCIS_URL;OCIS_OIDC_ISSUER;GROUPS_IDP_URL + name: OCIS_URL;OCIS_OIDC_ISSUER;PROXY_OIDC_ISSUER defaultValue: https://localhost:9200 type: string - description: The identity provider value to set in the group IDs of the CS3 group - objects for groups returned by this group provider. + description: URL of the OIDC issuer. It defaults to URL of the builtin IDP. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -8330,7 +8503,7 @@ OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS: removalVersion: "" deprecationInfo: "" OCIS_PERSISTENT_STORE: - name: OCIS_PERSISTENT_STORE;ACTIVITYLOG_STORE + name: OCIS_PERSISTENT_STORE;POSTPROCESSING_STORE defaultValue: nats-js-kv type: string description: 'The type of the store. Supported values are: ''memory'', ''ocmem'', @@ -8341,7 +8514,7 @@ OCIS_PERSISTENT_STORE: removalVersion: "" deprecationInfo: "" OCIS_PERSISTENT_STORE_AUTH_PASSWORD: - name: OCIS_PERSISTENT_STORE_AUTH_PASSWORD;ACTIVITYLOG_STORE_AUTH_PASSWORD + name: OCIS_PERSISTENT_STORE_AUTH_PASSWORD;POSTPROCESSING_STORE_AUTH_PASSWORD defaultValue: "" type: string description: The password to authenticate with the store. Only applies when store @@ -8351,7 +8524,7 @@ OCIS_PERSISTENT_STORE_AUTH_PASSWORD: removalVersion: "" deprecationInfo: "" OCIS_PERSISTENT_STORE_AUTH_USERNAME: - name: OCIS_PERSISTENT_STORE_AUTH_USERNAME;ACTIVITYLOG_STORE_AUTH_USERNAME + name: OCIS_PERSISTENT_STORE_AUTH_USERNAME;POSTPROCESSING_STORE_AUTH_USERNAME defaultValue: "" type: string description: The username to authenticate with the store. Only applies when store @@ -8361,7 +8534,7 @@ OCIS_PERSISTENT_STORE_AUTH_USERNAME: removalVersion: "" deprecationInfo: "" OCIS_PERSISTENT_STORE_NODES: - name: OCIS_PERSISTENT_STORE_NODES;ACTIVITYLOG_STORE_NODES + name: OCIS_PERSISTENT_STORE_NODES;POSTPROCESSING_STORE_NODES defaultValue: '[127.0.0.1:9233]' type: '[]string' description: A list of nodes to access the configured store. This has no effect @@ -8373,18 +8546,18 @@ OCIS_PERSISTENT_STORE_NODES: removalVersion: "" deprecationInfo: "" OCIS_PERSISTENT_STORE_SIZE: - name: OCIS_PERSISTENT_STORE_SIZE;ACTIVITYLOG_STORE_SIZE + name: OCIS_PERSISTENT_STORE_SIZE;POSTPROCESSING_STORE_SIZE defaultValue: "0" type: int description: The maximum quantity of items in the store. Only applies when store type 'ocmem' is configured. Defaults to 512 which is derived from the ocmem package - though not explicitly set as default. + though not exclicitly set as default. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_PERSISTENT_STORE_TTL: - name: OCIS_PERSISTENT_STORE_TTL;ACTIVITYLOG_STORE_TTL + name: OCIS_PERSISTENT_STORE_TTL;POSTPROCESSING_STORE_TTL defaultValue: 0s type: Duration description: Time to live for events in the store. See the Environment Variable @@ -8434,7 +8607,7 @@ OCIS_REVA_GATEWAY_TLS_MODE: removalVersion: "" deprecationInfo: "" OCIS_SERVICE_ACCOUNT_ID: - name: OCIS_SERVICE_ACCOUNT_ID;GRAPH_SERVICE_ACCOUNT_ID + name: OCIS_SERVICE_ACCOUNT_ID;PROXY_SERVICE_ACCOUNT_ID defaultValue: "" type: string description: The ID of the service account the service should use. See the 'auth-service' @@ -8444,7 +8617,7 @@ OCIS_SERVICE_ACCOUNT_ID: removalVersion: "" deprecationInfo: "" OCIS_SERVICE_ACCOUNT_SECRET: - name: OCIS_SERVICE_ACCOUNT_SECRET;GRAPH_SERVICE_ACCOUNT_SECRET + name: OCIS_SERVICE_ACCOUNT_SECRET;PROXY_SERVICE_ACCOUNT_SECRET defaultValue: "" type: string description: The service account secret. @@ -8477,23 +8650,26 @@ OCIS_SHOW_USER_EMAIL_IN_RESULTS: name: OCIS_SHOW_USER_EMAIL_IN_RESULTS defaultValue: "false" type: bool - description: Mask user email addresses in responses. + description: Include user email addresses in responses. If absent or set to false + emails will be omitted from results. Please note that admin users can always see + all email addresses. introductionVersion: 6.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_SPACES_MAX_QUOTA: - name: OCIS_SPACES_MAX_QUOTA;FRONTEND_MAX_QUOTA + name: OCIS_SPACES_MAX_QUOTA;STORAGE_USERS_OCIS_MAX_QUOTA defaultValue: "0" type: uint64 - description: Set the global max quota value in bytes. A value of 0 equals unlimited. - The value is provided via capabilities. + description: Set a global max quota for spaces in bytes. A value of 0 equals unlimited. + If not using the global OCIS_SPACES_MAX_QUOTA, you must define the FRONTEND_MAX_QUOTA + in the frontend service. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_SYSTEM_USER_API_KEY: - name: OCIS_SYSTEM_USER_API_KEY;SHARING_PUBLIC_CS3_SYSTEM_USER_API_KEY + name: OCIS_SYSTEM_USER_API_KEY defaultValue: "" type: string description: API key for the STORAGE-SYSTEM system user. @@ -8502,10 +8678,10 @@ OCIS_SYSTEM_USER_API_KEY: removalVersion: "" deprecationInfo: "" OCIS_SYSTEM_USER_ID: - name: OCIS_SYSTEM_USER_ID;SHARING_PUBLIC_CS3_SYSTEM_USER_ID + name: OCIS_SYSTEM_USER_ID defaultValue: "" type: string - description: ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID + description: ID of the oCIS storage-system system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format. @@ -8523,7 +8699,7 @@ OCIS_SYSTEM_USER_IDP: removalVersion: "" deprecationInfo: "" OCIS_TRACING_COLLECTOR: - name: OCIS_TRACING_COLLECTOR;OCDAV_TRACING_COLLECTOR + name: OCIS_TRACING_COLLECTOR;PROXY_TRACING_COLLECTOR defaultValue: "" type: string description: The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. @@ -8533,7 +8709,7 @@ OCIS_TRACING_COLLECTOR: removalVersion: "" deprecationInfo: "" OCIS_TRACING_ENABLED: - name: OCIS_TRACING_ENABLED;OCDAV_TRACING_ENABLED + name: OCIS_TRACING_ENABLED;PROXY_TRACING_ENABLED defaultValue: "false" type: bool description: Activates tracing. @@ -8542,7 +8718,7 @@ OCIS_TRACING_ENABLED: removalVersion: "" deprecationInfo: "" OCIS_TRACING_ENDPOINT: - name: OCIS_TRACING_ENDPOINT;OCDAV_TRACING_ENDPOINT + name: OCIS_TRACING_ENDPOINT;PROXY_TRACING_ENDPOINT defaultValue: "" type: string description: The endpoint of the tracing agent. @@ -8551,7 +8727,7 @@ OCIS_TRACING_ENDPOINT: removalVersion: "" deprecationInfo: "" OCIS_TRACING_TYPE: - name: OCIS_TRACING_TYPE;OCDAV_TRACING_TYPE + name: OCIS_TRACING_TYPE;PROXY_TRACING_TYPE defaultValue: "" type: string description: The type of tracing. Defaults to '', which is the same as 'jaeger'. @@ -8581,10 +8757,10 @@ OCIS_TRANSLATION_PATH: removalVersion: "" deprecationInfo: "" OCIS_URL: - name: OCIS_URL;OCDAV_PUBLIC_URL + name: OCIS_URL;OCIS_OIDC_ISSUER;PROXY_OIDC_ISSUER defaultValue: https://localhost:9200 type: string - description: URL where oCIS is reachable for users. + description: URL of the OIDC issuer. It defaults to URL of the builtin IDP. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -9889,6 +10065,16 @@ PROXY_DEBUG_ZPAGES: deprecationVersion: "" removalVersion: "" deprecationInfo: "" +PROXY_ENABLE_APP_AUTH: + name: PROXY_ENABLE_APP_AUTH + defaultValue: "false" + type: bool + description: Allow app authentication. This can be used to authenticate 3rd party + applications. Note that auth-app service must be running for this feature to work. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" PROXY_ENABLE_BASIC_AUTH: name: PROXY_ENABLE_BASIC_AUTH defaultValue: "false" @@ -13765,6 +13951,17 @@ STORAGE_USERS_SERVICE_ACCOUNT_SECRET: deprecationVersion: "" removalVersion: "" deprecationInfo: "" +STORAGE_USERS_SERVICE_NAME: + name: STORAGE_USERS_SERVICE_NAME + defaultValue: storage-users + type: string + description: Service name to use. Change this when starting an additional storage + provider with a custom configuration to prevent it from colliding with the default + 'storage-users' service. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" STORAGE_USERS_SKIP_USER_GROUPS_IN_TOKEN: name: STORAGE_USERS_SKIP_USER_GROUPS_IN_TOKEN defaultValue: "false" @@ -15532,6 +15729,68 @@ WEB_OPTION_DISABLED_EXTENSIONS: deprecationVersion: "" removalVersion: "" deprecationInfo: "" +WEB_OPTION_EMBED_DELEGATE_AUTHENTICATION: + name: WEB_OPTION_EMBED_DELEGATE_AUTHENTICATION + defaultValue: "false" + type: bool + description: Defines whether Web should require authentication to be done by the + parent application when running in 'embed' mode. If set to 'true' Web will not + try to authenticate the user on its own but will require an access token coming + from the parent application. Defaults to being unset. + introductionVersion: "5.0" + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +WEB_OPTION_EMBED_DELEGATE_AUTHENTICATION_ORIGIN: + name: WEB_OPTION_EMBED_DELEGATE_AUTHENTICATION_ORIGIN + defaultValue: "" + type: string + description: Defines the host to validate the message event origin against when + running Web in 'embed' mode with delegated authentication. Defaults to event message + origin validation being omitted, which is only recommended for development setups. + introductionVersion: "5.0" + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +WEB_OPTION_EMBED_ENABLED: + name: WEB_OPTION_EMBED_ENABLED + defaultValue: "" + type: string + description: Defines whether Web should be running in 'embed' mode. Setting this + to 'true' will enable a stripped down version of Web with reduced functionality + used to integrate Web into other applications like via iFrame. Setting it to 'false' + or not setting it (default) will run Web as usual with all functionality enabled. + See the text description for more details. + introductionVersion: "5.0" + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +WEB_OPTION_EMBED_MESSAGES_ORIGIN: + name: WEB_OPTION_EMBED_MESSAGES_ORIGIN + defaultValue: "" + type: string + description: Defines a URL under which Web can be integrated via iFrame in 'embed' + mode. Note that setting this is mandatory when running Web in 'embed' mode. Use + '*' as value to allow running the iFrame under any URL, although this is not recommended + for security reasons. See the text description for more details. + introductionVersion: "5.0" + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +WEB_OPTION_EMBED_TARGET: + name: WEB_OPTION_EMBED_TARGET + defaultValue: "" + type: string + description: Defines how Web is being integrated when running in 'embed' mode. Currently, + the only supported options are '' (empty) and 'location'. With '' which is the + default, Web will run regular as defined via the 'embed.enabled' config option. + With 'location', Web will run embedded as location picker. Resource selection + will be disabled and the selected resources array always includes the current + folder as the only item. See the text description for more details. + introductionVersion: "5.0" + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" WEB_OPTION_HOME_FOLDER: name: WEB_OPTION_HOME_FOLDER defaultValue: ""