diff --git a/docs/README.md b/docs/README.md index 5cd1c04b4..acb18f00e 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1,3 +1,5 @@ -# documentation +# Documentation To contribute to documentation please see also: [Documentation](http://owncloud.dev/ocis/development/build-docs/) + +Note that when running a helper like `make -C docs docs-generate` locally, you will see the generated output in e.g. docs/services/. When merging a PR, the pipeline will generate the output in the master branch but finally moves it into the `docs` branch. You will therefor _not_ see changes in the docs folder of the master branch! diff --git a/docs/helpers/README.md b/docs/helpers/README.md index 560882b73..09bd720f4 100644 --- a/docs/helpers/README.md +++ b/docs/helpers/README.md @@ -12,16 +12,17 @@ * [General Extended Envvars Info](#general-extended-envvars-info) * [Extract Extended Envvars](#extract-extended-envvars) * [Generate Extended Envvar Docs](#generate-extended-envvar-docs) + * [Tasks for New Releases](#tasks-for-new-releases) * [Backporting](#backporting) ## Introduction -`docs/helpers` contains small go programs creating docs by extracting information from the code. The `main.go` program is manually started with `make docs-generate` or via the CI. It calls the other required programs and has these main responsibilities: +`docs/helpers` contains go programs creating docs by extracting information from the code. The `main.go` program is manually started with `make docs-generate` or via the CI. It calls the other required programs and has these main responsibilities: - Generate docs for envvars in config structs including deprecations if there are any. - Extract and generate docs for `extended` envvars that are not mentioned in config structs (aka "rogue" envvars). - Extract and generate docs for `global` envvars which occur in multiple services. -- Create `docs/service//_index.md` from `service//README.md` files while keeping the existing `_index.md` if the README.md has not been created so far. +- Create `docs/service//_index.md` from `service//README.md` files while keeping the existing `_index.md` if the service README.md has not been created so far. Also see the important note at [docs README](../README.md). ## Output Generated @@ -32,7 +33,7 @@ ## Admin Doc Process -Whenever a build from the [ocis admin](https://github.com/owncloud/docs-ocis) or any other related documentation is triggered, the files generated here are included into the build process and added in a proper manner defined by the admin documentation. The updated documentation will then show up on the [web](https://doc.owncloud.com/ocis/next/). +Whenever a build from the [ocis admin](https://github.com/owncloud/docs-ocis) documentation or any other admin related documentation is triggered, files generated here in the ocis repo are included into the build process and added in a proper manner defined by the admin documentation. The updated documentation will then show up on the public [admin documentation](https://doc.owncloud.com/ocis/next/). ## Branching @@ -76,7 +77,7 @@ Global envvars are gathered by checking if the envvar is available in more than It can happen that extended envvars are found but do not need to be published as they are for internal use only. Those envvars can be defined to be ignored for further processing. -IMPORTANT: +**IMPORTANT:** - First Time Identification Once an extended envvar has been identified, it is added to the `extended_vars.yaml` file found in this folder but never changed or touched by the process anymore. There is one exception with respect to single/double quote usage. While you can (and will) manually define a text like: `"'/var/lib/ocis'"`, quotes are transformed by the process in the .yaml file to: `'''/var/lib/ocis'''`. There is no need to change this back, as the final step transforms this correctly for the adoc table. @@ -140,20 +141,59 @@ type Variable struct { // DependendServices []Service `yaml:"dependend_services"` } ``` + This yaml file can later be manually edited to add descriptions, default values, etc. -IMPORTANT: `RawName`, `Path` and `FoundInCode` are automatically filled by the program. DO NOT EDIT THESE VALUES MANUALLY. +**IMPORTANT**: `RawName`, `Path` and `FoundInCode` are automatically filled by the program. DO NOT EDIT THESE VALUES MANUALLY. ### Generate Extended Envvar Docs The process further picks up the `yaml` file generated in the `Extract Rogue Envvars` step and renders it to an adoc file (a table is created) using a go template. The template file for this step can be found at `docs/templates/ADOC_extended.tmpl`. +## Tasks for New Releases + +Close before a new release gets publsihed, but **before** a new ocis admin docs branch is created, some tasks need to be done manually. These tasks cant be done automatically! By processing these manual tasks, doc related and important files get updated respectively created, ready to be consumed by the admin docs. The following situations can occur, see the solution provided: + +1. A new admin docs branch gets created. Building the branched admin docs report inexisting referenced delta files.\ +→ Run the manual tasks described below and restart building the branched admin docs. + +2. A new ocis release is close to be released, the manual tasks **have not been** processed so far.\ +→ Run the manual tasks. + +3. A new ocis release is close to be released, the manual tasks **have been** processed some time ago.\ +→ Re-run the manual tasks. + +4. Re-running the manual tasks have been forgotten to be processed before publishing the final release.\ +→ Re-run the manual tasks AND backport the results into the `docs-stable-x.y` branch. + +### Task List + +1. From the ocis root, run `make -C docs docs-generate` and check if there is a change in the `extended-envars.yaml` output.\ +→ In case, process [Extended Envvars](#extended-envvars). When done, re-run the make command and check if the output of `./docs/services/_includes/adoc/extended_configvars.adoc` matches the expectations. + +2. In `./docs/helpers` run: `go run . --help` This will give you an overview of available commands. + 1. Run `go run . all` to generate respectively update required base files.\ + → Any change in `env_vars.yaml` must be check out to be available in master. + 2. Create delta files for added, removed and deprecated envvars. To do so type:\ + `go run . env-var-delta-table` and use as parameter the versions you want to compare. Example: `v5.0.0 v6.0.0`. + 3. List and check the files created in `./docs/helpers/output/env-deltas/`. These are the files defining a table in markdown and asciidoc where the former is used in the dev docs and the latter is consumed by the admin docs build process.\ + **Important**: To make the files consumable, the following attribute must be changed in the respective admin docs branch definition: [docs-ocis/antora.yml](https://github.com/owncloud/docs-ocis/blob/master/antora.yml) `env_var_delta_name`. Only the delta filename part needs to be used. The complete filenames will be assembled automatically. + ``` + v5.0.0-v6.0.0 --> + + v5.0.0-v6.0.0-added.md + v5.0.0-v6.0.0-deprecated.md + v5.0.0-v6.0.0-removed.md + ``` + +3. Commit all changes, create a PR and post merging, adapt, if necessary, the ocis admin docs. With any merge in the admin docs, the newly created content for that ocis admin docs branch will be consumed. + ## Backporting The ocis repo contains branches which are necessary for the documentation. The `docs` branch is related to changes in master, necessary for owncloud.dev and the admin docs referencing master content when it comes to envvars and yaml files. -When a new stable ocis release (branch) is published, like `stable-2.0`, an additional branch (including CI) is set up manually by the dev team for referencing docs content like `docs-stable-2.0` - related to envvars and yaml files only - and added to the CI. +When a new stable ocis release (branch) is published, like `stable-5.0`, an additional branch (including CI) is set up manually by the dev team for referencing docs content like `docs-stable-5.0` - related to envvars and yaml files only - and added to the CI. -In case it is necessary to transport a change from master to a stable branch like `docs-stable-2.0`, you must backport the original changes that will create that file to the `stable-2.0` branch. The CI will then take care of creating the results in the target `docs-stable-2.0`. +In case it is necessary to transport a change from master to a stable branch like `docs-stable-5.0`, you must backport the original changes that will create that file to the `stable-5.0` branch. The CI will then take care of creating the results in the target `docs-stable-5.0`. Cases for a backport can be a typo in an envvar description you want to have fixed in a stable branch too or a file was created after the stable branch was set up but needs to be available in that branch. diff --git a/docs/helpers/env_vars.yaml b/docs/helpers/env_vars.yaml index 70682e314..18e1a522b 100644 --- a/docs/helpers/env_vars.yaml +++ b/docs/helpers/env_vars.yaml @@ -1642,11 +1642,11 @@ AUTH_BEARER_TRACING_TYPE: removalVersion: "" deprecationInfo: "" AUTH_MACHINE_API_KEY: - name: OCIS_MACHINE_AUTH_API_KEY;PROXY_MACHINE_AUTH_API_KEY + name: OCIS_MACHINE_AUTH_API_KEY;AUTH_MACHINE_API_KEY defaultValue: "" type: string - description: Machine auth API key used to validate internal requests necessary to - access resources from other services. + description: Machine auth API key used to validate internal requests necessary for + the access to resources from other services. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -1708,7 +1708,7 @@ AUTH_MACHINE_GRPC_PROTOCOL: removalVersion: "" deprecationInfo: "" AUTH_MACHINE_JWT_SECRET: - name: OCIS_JWT_SECRET;SETTINGS_JWT_SECRET + name: OCIS_JWT_SECRET;AUTH_MACHINE_JWT_SECRET defaultValue: "" type: string description: The secret to mint and validate jwt tokens. @@ -1717,7 +1717,7 @@ AUTH_MACHINE_JWT_SECRET: removalVersion: "" deprecationInfo: "" AUTH_MACHINE_LOG_COLOR: - name: OCIS_LOG_COLOR;SETTINGS_LOG_COLOR + name: OCIS_LOG_COLOR;AUTH_MACHINE_LOG_COLOR defaultValue: "false" type: bool description: Activates colorized log output. @@ -1726,7 +1726,7 @@ AUTH_MACHINE_LOG_COLOR: removalVersion: "" deprecationInfo: "" AUTH_MACHINE_LOG_FILE: - name: OCIS_LOG_FILE;SETTINGS_LOG_FILE + name: OCIS_LOG_FILE;AUTH_MACHINE_LOG_FILE defaultValue: "" type: string description: The path to the log file. Activates logging to this file if set. @@ -1735,7 +1735,7 @@ AUTH_MACHINE_LOG_FILE: removalVersion: "" deprecationInfo: "" AUTH_MACHINE_LOG_LEVEL: - name: OCIS_LOG_LEVEL;SETTINGS_LOG_LEVEL + name: OCIS_LOG_LEVEL;AUTH_MACHINE_LOG_LEVEL defaultValue: "" type: string description: 'The log level. Valid values are: ''panic'', ''fatal'', ''error'', @@ -1745,7 +1745,7 @@ AUTH_MACHINE_LOG_LEVEL: removalVersion: "" deprecationInfo: "" AUTH_MACHINE_LOG_PRETTY: - name: OCIS_LOG_PRETTY;SETTINGS_LOG_PRETTY + name: OCIS_LOG_PRETTY;AUTH_MACHINE_LOG_PRETTY defaultValue: "false" type: bool description: Activates pretty log output. @@ -1765,7 +1765,7 @@ AUTH_MACHINE_SKIP_USER_GROUPS_IN_TOKEN: removalVersion: "" deprecationInfo: "" AUTH_MACHINE_TRACING_COLLECTOR: - name: OCIS_TRACING_COLLECTOR;SETTINGS_TRACING_COLLECTOR + name: OCIS_TRACING_COLLECTOR;AUTH_MACHINE_TRACING_COLLECTOR defaultValue: "" type: string description: The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. @@ -1775,7 +1775,7 @@ AUTH_MACHINE_TRACING_COLLECTOR: removalVersion: "" deprecationInfo: "" AUTH_MACHINE_TRACING_ENABLED: - name: OCIS_TRACING_ENABLED;SETTINGS_TRACING_ENABLED + name: OCIS_TRACING_ENABLED;AUTH_MACHINE_TRACING_ENABLED defaultValue: "false" type: bool description: Activates tracing. @@ -1784,7 +1784,7 @@ AUTH_MACHINE_TRACING_ENABLED: removalVersion: "" deprecationInfo: "" AUTH_MACHINE_TRACING_ENDPOINT: - name: OCIS_TRACING_ENDPOINT;SETTINGS_TRACING_ENDPOINT + name: OCIS_TRACING_ENDPOINT;AUTH_MACHINE_TRACING_ENDPOINT defaultValue: "" type: string description: The endpoint of the tracing agent. @@ -1793,7 +1793,7 @@ AUTH_MACHINE_TRACING_ENDPOINT: removalVersion: "" deprecationInfo: "" AUTH_MACHINE_TRACING_TYPE: - name: OCIS_TRACING_TYPE;SETTINGS_TRACING_TYPE + name: OCIS_TRACING_TYPE;AUTH_MACHINE_TRACING_TYPE defaultValue: "" type: string description: The type of tracing. Defaults to '', which is the same as 'jaeger'. @@ -2525,7 +2525,7 @@ FRONTEND_CHECKSUMS_SUPPORTED_TYPES: deprecationInfo: "" FRONTEND_CORS_ALLOW_CREDENTIALS: name: OCIS_CORS_ALLOW_CREDENTIALS;FRONTEND_CORS_ALLOW_CREDENTIALS - defaultValue: "true" + defaultValue: "false" type: bool description: 'Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.' @@ -2561,7 +2561,7 @@ FRONTEND_CORS_ALLOW_METHODS: deprecationInfo: "" FRONTEND_CORS_ALLOW_ORIGINS: name: OCIS_CORS_ALLOW_ORIGINS;FRONTEND_CORS_ALLOW_ORIGINS - defaultValue: '[*]' + defaultValue: '[https://localhost:9200]' type: '[]string' description: 'A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. @@ -4284,7 +4284,7 @@ GRAPH_LDAP_SERVER_UUID: removalVersion: "" deprecationInfo: "" GRAPH_LDAP_SERVER_WRITE_ENABLED: - name: OCIS_LDAP_SERVER_WRITE_ENABLED;FRONTEND_LDAP_SERVER_WRITE_ENABLED + name: OCIS_LDAP_SERVER_WRITE_ENABLED;GRAPH_LDAP_SERVER_WRITE_ENABLED defaultValue: "true" type: bool description: Allow creating, modifying and deleting LDAP users via the GRAPH API. @@ -5107,10 +5107,10 @@ IDM_ADMIN_USER_ID: removalVersion: "" deprecationInfo: "" IDM_CREATE_DEMO_USERS: - name: SETTINGS_SETUP_DEFAULT_ASSIGNMENTS;IDM_CREATE_DEMO_USERS + name: IDM_CREATE_DEMO_USERS defaultValue: "false" type: bool - description: The default role assignments the demo users should be setup. + description: Flag to enable or disable the creation of the demo users. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -5801,8 +5801,8 @@ IDP_VALIDATION_KEYS_PATH: removalVersion: "" deprecationInfo: "" INVITATIONS_CORS_ALLOW_CREDENTIALS: - name: OCIS_CORS_ALLOW_CREDENTIALS;SETTINGS_CORS_ALLOW_CREDENTIALS - defaultValue: "true" + name: OCIS_CORS_ALLOW_CREDENTIALS;INVITATIONS_CORS_ALLOW_CREDENTIALS + defaultValue: "false" type: bool description: 'Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.' @@ -5811,8 +5811,8 @@ INVITATIONS_CORS_ALLOW_CREDENTIALS: removalVersion: "" deprecationInfo: "" INVITATIONS_CORS_ALLOW_HEADERS: - name: OCIS_CORS_ALLOW_HEADERS;SETTINGS_CORS_ALLOW_HEADERS - defaultValue: '[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id]' + name: OCIS_CORS_ALLOW_HEADERS;INVITATIONS_CORS_ALLOW_HEADERS + defaultValue: '[]' type: '[]string' description: 'A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. @@ -5822,8 +5822,8 @@ INVITATIONS_CORS_ALLOW_HEADERS: removalVersion: "" deprecationInfo: "" INVITATIONS_CORS_ALLOW_METHODS: - name: OCIS_CORS_ALLOW_METHODS;SETTINGS_CORS_ALLOW_METHODS - defaultValue: '[GET POST PUT PATCH DELETE OPTIONS]' + name: OCIS_CORS_ALLOW_METHODS;INVITATIONS_CORS_ALLOW_METHODS + defaultValue: '[]' type: '[]string' description: 'A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. @@ -5833,8 +5833,8 @@ INVITATIONS_CORS_ALLOW_METHODS: removalVersion: "" deprecationInfo: "" INVITATIONS_CORS_ALLOW_ORIGINS: - name: OCIS_CORS_ALLOW_ORIGINS;SETTINGS_CORS_ALLOW_ORIGINS - defaultValue: '[*]' + name: OCIS_CORS_ALLOW_ORIGINS;INVITATIONS_CORS_ALLOW_ORIGINS + defaultValue: '[https://localhost:9200]' type: '[]string' description: 'A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. @@ -5909,7 +5909,7 @@ INVITATIONS_JWT_SECRET: removalVersion: "" deprecationInfo: "" INVITATIONS_KEYCLOAK_BASE_PATH: - name: OCIS_KEYCLOAK_BASE_PATH;GRAPH_KEYCLOAK_BASE_PATH + name: OCIS_KEYCLOAK_BASE_PATH;INVITATIONS_KEYCLOAK_BASE_PATH defaultValue: "" type: string description: The URL to access keycloak. @@ -5918,16 +5918,16 @@ INVITATIONS_KEYCLOAK_BASE_PATH: removalVersion: "" deprecationInfo: "" INVITATIONS_KEYCLOAK_CLIENT_ID: - name: OCIS_KEYCLOAK_CLIENT_ID;GRAPH_KEYCLOAK_CLIENT_ID + name: OCIS_KEYCLOAK_CLIENT_ID;INVITATIONS_KEYCLOAK_CLIENT_ID defaultValue: "" type: string - description: The client id to authenticate with keycloak. + description: The client ID to authenticate with keycloak. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" INVITATIONS_KEYCLOAK_CLIENT_REALM: - name: OCIS_KEYCLOAK_CLIENT_REALM;GRAPH_KEYCLOAK_CLIENT_REALM + name: OCIS_KEYCLOAK_CLIENT_REALM;INVITATIONS_KEYCLOAK_CLIENT_REALM defaultValue: "" type: string description: The realm the client is defined in. @@ -5936,7 +5936,7 @@ INVITATIONS_KEYCLOAK_CLIENT_REALM: removalVersion: "" deprecationInfo: "" INVITATIONS_KEYCLOAK_CLIENT_SECRET: - name: OCIS_KEYCLOAK_CLIENT_SECRET;GRAPH_KEYCLOAK_CLIENT_SECRET + name: OCIS_KEYCLOAK_CLIENT_SECRET;INVITATIONS_KEYCLOAK_CLIENT_SECRET defaultValue: "" type: string description: The client secret to use in authentication. @@ -5945,7 +5945,7 @@ INVITATIONS_KEYCLOAK_CLIENT_SECRET: removalVersion: "" deprecationInfo: "" INVITATIONS_KEYCLOAK_INSECURE_SKIP_VERIFY: - name: OCIS_KEYCLOAK_INSECURE_SKIP_VERIFY;GRAPH_KEYCLOAK_INSECURE_SKIP_VERIFY + name: OCIS_KEYCLOAK_INSECURE_SKIP_VERIFY;INVITATIONS_KEYCLOAK_INSECURE_SKIP_VERIFY defaultValue: "false" type: bool description: Disable TLS certificate validation for Keycloak connections. Do not @@ -5955,7 +5955,7 @@ INVITATIONS_KEYCLOAK_INSECURE_SKIP_VERIFY: removalVersion: "" deprecationInfo: "" INVITATIONS_KEYCLOAK_USER_REALM: - name: OCIS_KEYCLOAK_USER_REALM;GRAPH_KEYCLOAK_USER_REALM + name: OCIS_KEYCLOAK_USER_REALM;INVITATIONS_KEYCLOAK_USER_REALM defaultValue: "" type: string description: The realm users are defined. @@ -6591,7 +6591,7 @@ OCDAV_ALLOW_PROPFIND_DEPTH_INFINITY: deprecationInfo: "" OCDAV_CORS_ALLOW_CREDENTIALS: name: OCIS_CORS_ALLOW_CREDENTIALS;OCDAV_CORS_ALLOW_CREDENTIALS - defaultValue: "true" + defaultValue: "false" type: bool description: 'Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.' @@ -6627,7 +6627,7 @@ OCDAV_CORS_ALLOW_METHODS: deprecationInfo: "" OCDAV_CORS_ALLOW_ORIGINS: name: OCIS_CORS_ALLOW_ORIGINS;OCDAV_CORS_ALLOW_ORIGINS - defaultValue: '[*]' + defaultValue: '[https://localhost:9200]' type: '[]string' description: 'A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. @@ -6675,10 +6675,10 @@ OCDAV_DEBUG_ZPAGES: removalVersion: "" deprecationInfo: "" OCDAV_EDITION: - name: OCIS_EDITION;FRONTEND_EDITION + name: OCIS_EDITION;OCDAV_EDITION defaultValue: Community type: string - description: Edition of oCIS. Used for branding pruposes. + description: Edition of oCIS. Used for branding purposes. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -6882,7 +6882,7 @@ OCDAV_WEBDAV_NAMESPACE: removalVersion: "" deprecationInfo: "" OCIS_ADMIN_USER_ID: - name: OCIS_ADMIN_USER_ID;SETTINGS_ADMIN_USER_ID + name: OCIS_ADMIN_USER_ID;IDM_ADMIN_USER_ID defaultValue: "" type: string description: ID of the user that should receive admin privileges. Consider that @@ -6893,7 +6893,7 @@ OCIS_ADMIN_USER_ID: removalVersion: "" deprecationInfo: "" OCIS_ASYNC_UPLOADS: - name: OCIS_ASYNC_UPLOADS;SEARCH_EVENTS_ASYNC_UPLOADS + name: OCIS_ASYNC_UPLOADS defaultValue: "true" type: bool description: Enable asynchronous file uploads. @@ -6902,20 +6902,20 @@ OCIS_ASYNC_UPLOADS: removalVersion: "" deprecationInfo: "" OCIS_CACHE_AUTH_PASSWORD: - name: OCIS_CACHE_AUTH_PASSWORD;SETTINGS_CACHE_AUTH_PASSWORD + name: OCIS_CACHE_AUTH_PASSWORD;PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE_AUTH_PASSWORD defaultValue: "" type: string - description: The password to authenticate with the cache. Only applies when store + description: The password to authenticate with the store. Only applies when store type 'nats-js-kv' is configured. introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CACHE_AUTH_USERNAME: - name: OCIS_CACHE_AUTH_USERNAME;SETTINGS_CACHE_AUTH_USERNAME + name: OCIS_CACHE_AUTH_USERNAME;PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE_AUTH_USERNAME defaultValue: "" type: string - description: The username to authenticate with the cache. Only applies when store + description: The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured. introductionVersion: "5.0" deprecationVersion: "" @@ -6923,7 +6923,7 @@ OCIS_CACHE_AUTH_USERNAME: deprecationInfo: "" OCIS_CACHE_DATABASE: name: OCIS_CACHE_DATABASE - defaultValue: settings-cache + defaultValue: cache-userinfo type: string description: The database name the configured store should use. introductionVersion: pre5.0 @@ -6931,62 +6931,61 @@ OCIS_CACHE_DATABASE: removalVersion: "" deprecationInfo: "" OCIS_CACHE_DISABLE_PERSISTENCE: - name: OCIS_CACHE_DISABLE_PERSISTENCE;SETTINGS_CACHE_DISABLE_PERSISTENCE - defaultValue: "false" + name: OCIS_CACHE_DISABLE_PERSISTENCE;PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE_DISABLE_PERSISTENCE + defaultValue: "true" type: bool - description: Disables persistence of the cache. Only applies when store type 'nats-js-kv' - is configured. Defaults to false. + description: Disables persistence of the store. Only applies when store type 'nats-js-kv' + is configured. Defaults to true. introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CACHE_SIZE: - name: OCIS_CACHE_SIZE;SETTINGS_CACHE_SIZE + name: OCIS_CACHE_SIZE;PROXY_OIDC_USERINFO_CACHE_SIZE defaultValue: "0" type: int - description: The maximum quantity of items in the cache. Only applies when store - type 'ocmem' is configured. Defaults to 512 which is derived from the ocmem package - though not exclicitely set as default. + description: The maximum quantity of items in the user info cache. Only applies + when store type 'ocmem' is configured. Defaults to 512 which is derived from the + ocmem package though not exclicitely set as default. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CACHE_STORE: - name: OCIS_CACHE_STORE;SETTINGS_CACHE_STORE - defaultValue: memory + name: OCIS_CACHE_STORE;PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE + defaultValue: nats-js-kv type: string - description: 'The type of the cache store. Supported values are: ''memory'', ''redis-sentinel'', - ''nats-js-kv'', ''noop''. See the text description for details.' - introductionVersion: pre5.0 + description: 'The type of the signing key store. Supported values are: ''redis-sentinel'', + ''nats-js-kv'' and ''ocisstoreservice'' (deprecated). See the text description + for details.' + introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CACHE_STORE_NODES: - name: OCIS_CACHE_STORE_NODES;SETTINGS_CACHE_STORE_NODES + name: OCIS_CACHE_STORE_NODES;PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE_NODES defaultValue: '[127.0.0.1:9233]' type: '[]string' - description: A list of nodes to access the configured store. This has no effect - when 'memory' or 'ocmem' stores are configured. Note that the behaviour how nodes - are used is dependent on the library of the configured store. See the Environment - Variable Types description for more details. - introductionVersion: pre5.0 + description: A list of nodes to access the configured store. Note that the behaviour + how nodes are used is dependent on the library of the configured store. See the + Environment Variable Types description for more details. + introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CACHE_TTL: - name: OCIS_CACHE_TTL;SETTINGS_CACHE_TTL - defaultValue: 10m0s + name: OCIS_CACHE_TTL;PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE_TTL + defaultValue: 12h0m0s type: Duration - description: Default time to live for entries in the cache. Only applied when access - tokens has no expiration. See the Environment Variable Types description for more - details. - introductionVersion: pre5.0 + description: Default time to live for signing keys. See the Environment Variable + Types description for more details. + introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CORS_ALLOW_CREDENTIALS: - name: OCIS_CORS_ALLOW_CREDENTIALS;SETTINGS_CORS_ALLOW_CREDENTIALS - defaultValue: "true" + name: OCIS_CORS_ALLOW_CREDENTIALS;INVITATIONS_CORS_ALLOW_CREDENTIALS + defaultValue: "false" type: bool description: 'Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.' @@ -6995,8 +6994,8 @@ OCIS_CORS_ALLOW_CREDENTIALS: removalVersion: "" deprecationInfo: "" OCIS_CORS_ALLOW_HEADERS: - name: OCIS_CORS_ALLOW_HEADERS;SETTINGS_CORS_ALLOW_HEADERS - defaultValue: '[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id]' + name: OCIS_CORS_ALLOW_HEADERS;INVITATIONS_CORS_ALLOW_HEADERS + defaultValue: '[]' type: '[]string' description: 'A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. @@ -7006,8 +7005,8 @@ OCIS_CORS_ALLOW_HEADERS: removalVersion: "" deprecationInfo: "" OCIS_CORS_ALLOW_METHODS: - name: OCIS_CORS_ALLOW_METHODS;SETTINGS_CORS_ALLOW_METHODS - defaultValue: '[GET POST PUT PATCH DELETE OPTIONS]' + name: OCIS_CORS_ALLOW_METHODS;INVITATIONS_CORS_ALLOW_METHODS + defaultValue: '[]' type: '[]string' description: 'A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. @@ -7017,8 +7016,8 @@ OCIS_CORS_ALLOW_METHODS: removalVersion: "" deprecationInfo: "" OCIS_CORS_ALLOW_ORIGINS: - name: OCIS_CORS_ALLOW_ORIGINS;SETTINGS_CORS_ALLOW_ORIGINS - defaultValue: '[*]' + name: OCIS_CORS_ALLOW_ORIGINS;INVITATIONS_CORS_ALLOW_ORIGINS + defaultValue: '[https://localhost:9200]' type: '[]string' description: 'A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. @@ -7052,7 +7051,7 @@ OCIS_CORS_MAX_AGE: removalVersion: "" deprecationInfo: "" OCIS_DECOMPOSEDFS_METADATA_BACKEND: - name: OCIS_DECOMPOSEDFS_METADATA_BACKEND;STORAGE_SYSTEM_OCIS_METADATA_BACKEND + name: OCIS_DECOMPOSEDFS_METADATA_BACKEND;STORAGE_USERS_OCIS_METADATA_BACKEND defaultValue: messagepack type: string description: The backend to use for storing metadata. Supported values are 'messagepack' @@ -7083,12 +7082,13 @@ OCIS_DEFAULT_LANGUAGE: removalVersion: "" deprecationInfo: "" OCIS_DISABLE_PREVIEWS: - name: OCIS_DISABLE_PREVIEWS;WEBDAV_DISABLE_PREVIEWS + name: OCIS_DISABLE_PREVIEWS;WEB_OPTION_DISABLE_PREVIEWS defaultValue: "false" type: bool - description: Set this option to 'true' to disable rendering of thumbnails triggered - via webdav access. Note that when disabled, all access to preview related webdav - paths will return a 404. + description: Set this option to 'true' to disable previews in all the different + web file listing views. This can speed up file listings in folders with many files. + The only list view that is not affected by this setting is the trash bin, as it + does not allow previewing at all. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -7114,10 +7114,10 @@ OCIS_DISABLE_SSE,USERLOG_DISABLE_SSE: removalVersion: "" deprecationInfo: "" OCIS_EDITION: - name: OCIS_EDITION;FRONTEND_EDITION + name: OCIS_EDITION;OCDAV_EDITION defaultValue: Community type: string - description: Edition of oCIS. Used for branding pruposes. + description: Edition of oCIS. Used for branding purposes. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -7132,82 +7132,79 @@ OCIS_EMAIL_TEMPLATE_PATH: removalVersion: "" deprecationInfo: "" OCIS_ENABLE_RESHARING: - name: OCIS_ENABLE_RESHARING;FRONTEND_ENABLE_RESHARING + name: OCIS_ENABLE_RESHARING;SHARING_ENABLE_RESHARING defaultValue: "true" type: bool - description: Changing this value is NOT supported. Enables the support for resharing - in the clients. - introductionVersion: pre5.0 + description: Changing this value is NOT supported. Enables the support for resharing. + introductionVersion: "5.0" deprecationVersion: "5.0" removalVersion: "" deprecationInfo: Resharing will be removed in the future. OCIS_EVENTS_AUTH_PASSWORD: - name: OCIS_EVENTS_AUTH_PASSWORD;FRONTEND_EVENTS_AUTH_PASSWORD + name: OCIS_EVENTS_AUTH_PASSWORD;SHARING_EVENTS_AUTH_PASSWORD defaultValue: "" type: string - description: The password to authenticate with the events broker. The events broker - is the ocis service which receives and delivers events between the services. + description: Password for the events broker. introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_EVENTS_AUTH_USERNAME: - name: OCIS_EVENTS_AUTH_USERNAME;FRONTEND_EVENTS_AUTH_USERNAME + name: OCIS_EVENTS_AUTH_USERNAME;SHARING_EVENTS_AUTH_USERNAME defaultValue: "" type: string - description: The username to authenticate with the events broker. The events broker - is the ocis service which receives and delivers events between the services. + description: Username for the events broker. introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_EVENTS_CLUSTER: - name: OCIS_EVENTS_CLUSTER;FRONTEND_EVENTS_CLUSTER + name: OCIS_EVENTS_CLUSTER;SHARING_EVENTS_CLUSTER defaultValue: ocis-cluster type: string description: The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system. - introductionVersion: "5.0" + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_EVENTS_ENABLE_TLS: - name: OCIS_EVENTS_ENABLE_TLS;FRONTEND_EVENTS_ENABLE_TLS + name: OCIS_EVENTS_ENABLE_TLS;SHARING_EVENTS_ENABLE_TLS defaultValue: "false" type: bool description: Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services. - introductionVersion: "5.0" + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_EVENTS_ENDPOINT: - name: OCIS_EVENTS_ENDPOINT;FRONTEND_EVENTS_ENDPOINT + name: OCIS_EVENTS_ENDPOINT;SHARING_EVENTS_ENDPOINT defaultValue: 127.0.0.1:9233 type: string description: The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. - introductionVersion: "5.0" + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE: - name: OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE;AUDIT_EVENTS_TLS_ROOT_CA_CERTIFICATE + name: OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE;SHARING_EVENTS_TLS_ROOT_CA_CERTIFICATE defaultValue: "" type: string description: The root CA certificate used to validate the server's TLS certificate. - If provided AUDIT_EVENTS_TLS_INSECURE will be seen as false. + If provided SHARING_EVENTS_TLS_INSECURE will be seen as false. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_GATEWAY_GRPC_ADDR: - name: OCIS_GATEWAY_GRPC_ADDR;GATEWAY_GRPC_ADDR + name: OCIS_GATEWAY_GRPC_ADDR;STORAGE_USERS_GATEWAY_GRPC_ADDR defaultValue: 127.0.0.1:9142 type: string - description: The bind address of the GRPC service. - introductionVersion: pre5.0 + description: The bind address of the gateway GRPC address. + introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -7266,17 +7263,16 @@ OCIS_HTTP_TLS_KEY: removalVersion: "" deprecationInfo: "" OCIS_INSECURE: - name: OCIS_INSECURE;PROXY_OIDC_INSECURE + name: OCIS_INSECURE;SHARING_EVENTS_TLS_INSECURE defaultValue: "false" type: bool - description: Disable TLS certificate validation for connections to the IDP. Note - that this is not recommended for production environments. + description: Whether to verify the server TLS certificates. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_JWT_SECRET: - name: OCIS_JWT_SECRET;SETTINGS_JWT_SECRET + name: OCIS_JWT_SECRET;SHARING_JWT_SECRET defaultValue: "" type: string description: The secret to mint and validate jwt tokens. @@ -7285,7 +7281,7 @@ OCIS_JWT_SECRET: removalVersion: "" deprecationInfo: "" OCIS_KEYCLOAK_BASE_PATH: - name: OCIS_KEYCLOAK_BASE_PATH;GRAPH_KEYCLOAK_BASE_PATH + name: OCIS_KEYCLOAK_BASE_PATH;INVITATIONS_KEYCLOAK_BASE_PATH defaultValue: "" type: string description: The URL to access keycloak. @@ -7294,16 +7290,16 @@ OCIS_KEYCLOAK_BASE_PATH: removalVersion: "" deprecationInfo: "" OCIS_KEYCLOAK_CLIENT_ID: - name: OCIS_KEYCLOAK_CLIENT_ID;GRAPH_KEYCLOAK_CLIENT_ID + name: OCIS_KEYCLOAK_CLIENT_ID;INVITATIONS_KEYCLOAK_CLIENT_ID defaultValue: "" type: string - description: The client id to authenticate with keycloak. + description: The client ID to authenticate with keycloak. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_KEYCLOAK_CLIENT_REALM: - name: OCIS_KEYCLOAK_CLIENT_REALM;GRAPH_KEYCLOAK_CLIENT_REALM + name: OCIS_KEYCLOAK_CLIENT_REALM;INVITATIONS_KEYCLOAK_CLIENT_REALM defaultValue: "" type: string description: The realm the client is defined in. @@ -7312,7 +7308,7 @@ OCIS_KEYCLOAK_CLIENT_REALM: removalVersion: "" deprecationInfo: "" OCIS_KEYCLOAK_CLIENT_SECRET: - name: OCIS_KEYCLOAK_CLIENT_SECRET;GRAPH_KEYCLOAK_CLIENT_SECRET + name: OCIS_KEYCLOAK_CLIENT_SECRET;INVITATIONS_KEYCLOAK_CLIENT_SECRET defaultValue: "" type: string description: The client secret to use in authentication. @@ -7321,7 +7317,7 @@ OCIS_KEYCLOAK_CLIENT_SECRET: removalVersion: "" deprecationInfo: "" OCIS_KEYCLOAK_INSECURE_SKIP_VERIFY: - name: OCIS_KEYCLOAK_INSECURE_SKIP_VERIFY;GRAPH_KEYCLOAK_INSECURE_SKIP_VERIFY + name: OCIS_KEYCLOAK_INSECURE_SKIP_VERIFY;INVITATIONS_KEYCLOAK_INSECURE_SKIP_VERIFY defaultValue: "false" type: bool description: Disable TLS certificate validation for Keycloak connections. Do not @@ -7331,7 +7327,7 @@ OCIS_KEYCLOAK_INSECURE_SKIP_VERIFY: removalVersion: "" deprecationInfo: "" OCIS_KEYCLOAK_USER_REALM: - name: OCIS_KEYCLOAK_USER_REALM;GRAPH_KEYCLOAK_USER_REALM + name: OCIS_KEYCLOAK_USER_REALM;INVITATIONS_KEYCLOAK_USER_REALM defaultValue: "" type: string description: The realm users are defined. @@ -7340,7 +7336,7 @@ OCIS_KEYCLOAK_USER_REALM: removalVersion: "" deprecationInfo: "" OCIS_LDAP_BIND_DN: - name: OCIS_LDAP_BIND_DN;AUTH_BASIC_LDAP_BIND_DN + name: OCIS_LDAP_BIND_DN;GROUPS_LDAP_BIND_DN defaultValue: uid=reva,ou=sysusers,o=libregraph-idm type: string description: LDAP DN to use for simple bind authentication with the target LDAP @@ -7350,7 +7346,7 @@ OCIS_LDAP_BIND_DN: removalVersion: "" deprecationInfo: "" OCIS_LDAP_BIND_PASSWORD: - name: OCIS_LDAP_BIND_PASSWORD;AUTH_BASIC_LDAP_BIND_PASSWORD + name: OCIS_LDAP_BIND_PASSWORD;GROUPS_LDAP_BIND_PASSWORD defaultValue: "" type: string description: Password to use for authenticating the 'bind_dn'. @@ -7359,7 +7355,7 @@ OCIS_LDAP_BIND_PASSWORD: removalVersion: "" deprecationInfo: "" OCIS_LDAP_CACERT: - name: OCIS_LDAP_CACERT;AUTH_BASIC_LDAP_CACERT + name: OCIS_LDAP_CACERT;GROUPS_LDAP_CACERT defaultValue: /var/lib/ocis/idm/ldap.crt type: string description: Path/File name for the root CA certificate (in PEM format) used to @@ -7370,20 +7366,20 @@ OCIS_LDAP_CACERT: removalVersion: "" deprecationInfo: "" OCIS_LDAP_DISABLE_USER_MECHANISM: - name: OCIS_LDAP_DISABLE_USER_MECHANISM;AUTH_BASIC_DISABLE_USER_MECHANISM + name: OCIS_LDAP_DISABLE_USER_MECHANISM;GRAPH_DISABLE_USER_MECHANISM defaultValue: attribute type: string - description: An option to control the behavior for disabling users. Valid options + description: An option to control the behavior for disabling users. Supported options are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API will add the user to the configured group for disabled users, if set to 'attribute' this will be done in the ldap user entry, if set to 'none' the disable request - is not processed. + is not processed. Default is 'attribute'. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_DISABLED_USERS_GROUP_DN: - name: OCIS_LDAP_DISABLED_USERS_GROUP_DN;AUTH_BASIC_DISABLED_USERS_GROUP_DN + name: OCIS_LDAP_DISABLED_USERS_GROUP_DN;GRAPH_DISABLED_USERS_GROUP_DN defaultValue: cn=DisabledUsersGroup,ou=groups,o=libregraph-idm type: string description: The distinguished name of the group to which added users will be classified @@ -7393,7 +7389,7 @@ OCIS_LDAP_DISABLED_USERS_GROUP_DN: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_BASE_DN: - name: OCIS_LDAP_GROUP_BASE_DN;AUTH_BASIC_LDAP_GROUP_BASE_DN + name: OCIS_LDAP_GROUP_BASE_DN;GROUPS_LDAP_GROUP_BASE_DN defaultValue: ou=groups,o=libregraph-idm type: string description: Search base DN for looking up LDAP groups. @@ -7402,7 +7398,7 @@ OCIS_LDAP_GROUP_BASE_DN: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_FILTER: - name: OCIS_LDAP_GROUP_FILTER;AUTH_BASIC_LDAP_GROUP_FILTER + name: OCIS_LDAP_GROUP_FILTER;GROUPS_LDAP_GROUP_FILTER defaultValue: "" type: string description: LDAP filter to add to the default filters for group searches. @@ -7411,7 +7407,7 @@ OCIS_LDAP_GROUP_FILTER: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_OBJECTCLASS: - name: OCIS_LDAP_GROUP_OBJECTCLASS;AUTH_BASIC_LDAP_GROUP_OBJECTCLASS + name: OCIS_LDAP_GROUP_OBJECTCLASS;GROUPS_LDAP_GROUP_OBJECTCLASS defaultValue: groupOfNames type: string description: The object class to use for groups in the default group search filter @@ -7421,7 +7417,7 @@ OCIS_LDAP_GROUP_OBJECTCLASS: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME: - name: OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME;AUTH_BASIC_LDAP_GROUP_SCHEMA_DISPLAYNAME + name: OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME;GROUPS_LDAP_GROUP_SCHEMA_DISPLAYNAME defaultValue: cn type: string description: LDAP Attribute to use for the displayname of groups (often the same @@ -7431,7 +7427,7 @@ OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_GROUPNAME: - name: OCIS_LDAP_GROUP_SCHEMA_GROUPNAME;AUTH_BASIC_LDAP_GROUP_SCHEMA_GROUPNAME + name: OCIS_LDAP_GROUP_SCHEMA_GROUPNAME;GROUPS_LDAP_GROUP_SCHEMA_GROUPNAME defaultValue: cn type: string description: LDAP Attribute to use for the name of groups. @@ -7440,28 +7436,28 @@ OCIS_LDAP_GROUP_SCHEMA_GROUPNAME: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_ID: - name: OCIS_LDAP_GROUP_SCHEMA_ID;AUTH_BASIC_LDAP_GROUP_SCHEMA_ID + name: OCIS_LDAP_GROUP_SCHEMA_ID;GROUPS_LDAP_GROUP_SCHEMA_ID defaultValue: ownclouduuid type: string description: LDAP Attribute to use as the unique id for groups. This should be a - stable globally unique id (e.g. a UUID). + stable globally unique ID like a UUID. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING: - name: OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING;AUTH_BASIC_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING + name: OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING;GROUPS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING defaultValue: "false" type: bool description: Set this to true if the defined 'id' attribute for groups is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute - of Active Directory for the group IDs. + of Active Directory for the group ID's. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_MAIL: - name: OCIS_LDAP_GROUP_SCHEMA_MAIL;AUTH_BASIC_LDAP_GROUP_SCHEMA_MAIL + name: OCIS_LDAP_GROUP_SCHEMA_MAIL;GROUPS_LDAP_GROUP_SCHEMA_MAIL defaultValue: mail type: string description: LDAP Attribute to use for the email address of groups (can be empty). @@ -7470,7 +7466,7 @@ OCIS_LDAP_GROUP_SCHEMA_MAIL: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_MEMBER: - name: OCIS_LDAP_GROUP_SCHEMA_MEMBER;AUTH_BASIC_LDAP_GROUP_SCHEMA_MEMBER + name: OCIS_LDAP_GROUP_SCHEMA_MEMBER;GROUPS_LDAP_GROUP_SCHEMA_MEMBER defaultValue: member type: string description: LDAP Attribute that is used for group members. @@ -7479,17 +7475,17 @@ OCIS_LDAP_GROUP_SCHEMA_MEMBER: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCOPE: - name: OCIS_LDAP_GROUP_SCOPE;AUTH_BASIC_LDAP_GROUP_SCOPE + name: OCIS_LDAP_GROUP_SCOPE;GROUPS_LDAP_GROUP_SCOPE defaultValue: sub type: string - description: LDAP search scope to use when looking up groups. Supported values are + description: LDAP search scope to use when looking up groups. Supported scopes are 'base', 'one' and 'sub'. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_INSECURE: - name: OCIS_LDAP_INSECURE;AUTH_BASIC_LDAP_INSECURE + name: OCIS_LDAP_INSECURE;GROUPS_LDAP_INSECURE defaultValue: "false" type: bool description: Disable TLS certificate validation for the LDAP connections. Do not @@ -7499,7 +7495,7 @@ OCIS_LDAP_INSECURE: removalVersion: "" deprecationInfo: "" OCIS_LDAP_SERVER_WRITE_ENABLED: - name: OCIS_LDAP_SERVER_WRITE_ENABLED;FRONTEND_LDAP_SERVER_WRITE_ENABLED + name: OCIS_LDAP_SERVER_WRITE_ENABLED;GRAPH_LDAP_SERVER_WRITE_ENABLED defaultValue: "true" type: bool description: Allow creating, modifying and deleting LDAP users via the GRAPH API. @@ -7511,7 +7507,7 @@ OCIS_LDAP_SERVER_WRITE_ENABLED: removalVersion: "" deprecationInfo: "" OCIS_LDAP_URI: - name: OCIS_LDAP_URI;AUTH_BASIC_LDAP_URI + name: OCIS_LDAP_URI;GROUPS_LDAP_URI defaultValue: ldaps://localhost:9235 type: string description: URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' @@ -7521,7 +7517,7 @@ OCIS_LDAP_URI: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_BASE_DN: - name: OCIS_LDAP_USER_BASE_DN;AUTH_BASIC_LDAP_USER_BASE_DN + name: OCIS_LDAP_USER_BASE_DN;GROUPS_LDAP_USER_BASE_DN defaultValue: ou=users,o=libregraph-idm type: string description: Search base DN for looking up LDAP users. @@ -7530,16 +7526,16 @@ OCIS_LDAP_USER_BASE_DN: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_ENABLED_ATTRIBUTE: - name: OCIS_LDAP_USER_ENABLED_ATTRIBUTE;AUTH_BASIC_LDAP_USER_ENABLED_ATTRIBUTE + name: OCIS_LDAP_USER_ENABLED_ATTRIBUTE;GRAPH_USER_ENABLED_ATTRIBUTE defaultValue: ownCloudUserEnabled type: string - description: LDAP attribute to use as a flag telling if the user is enabled or disabled. + description: LDAP Attribute to use as a flag telling if the user is enabled or disabled. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_FILTER: - name: OCIS_LDAP_USER_FILTER;AUTH_BASIC_LDAP_USER_FILTER + name: OCIS_LDAP_USER_FILTER;GROUPS_LDAP_USER_FILTER defaultValue: "" type: string description: LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'. @@ -7548,7 +7544,7 @@ OCIS_LDAP_USER_FILTER: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_OBJECTCLASS: - name: OCIS_LDAP_USER_OBJECTCLASS;AUTH_BASIC_LDAP_USER_OBJECTCLASS + name: OCIS_LDAP_USER_OBJECTCLASS;GROUPS_LDAP_USER_OBJECTCLASS defaultValue: inetOrgPerson type: string description: The object class to use for users in the default user search filter @@ -7558,7 +7554,7 @@ OCIS_LDAP_USER_OBJECTCLASS: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_DISPLAYNAME: - name: OCIS_LDAP_USER_SCHEMA_DISPLAYNAME;AUTH_BASIC_LDAP_USER_SCHEMA_DISPLAYNAME + name: OCIS_LDAP_USER_SCHEMA_DISPLAYNAME;GROUPS_LDAP_USER_SCHEMA_DISPLAYNAME defaultValue: displayname type: string description: LDAP Attribute to use for the displayname of users. @@ -7567,28 +7563,28 @@ OCIS_LDAP_USER_SCHEMA_DISPLAYNAME: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_ID: - name: OCIS_LDAP_USER_SCHEMA_ID;AUTH_BASIC_LDAP_USER_SCHEMA_ID + name: OCIS_LDAP_USER_SCHEMA_ID;GROUPS_LDAP_USER_SCHEMA_ID defaultValue: ownclouduuid type: string - description: LDAP Attribute to use as the unique ID for users. This should be a - stable globally unique ID like a UUID. + description: LDAP Attribute to use as the unique id for users. This should be a + stable globally unique id like a UUID. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING: - name: OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING;AUTH_BASIC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING + name: OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING;GROUPS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING defaultValue: "false" type: bool description: Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute - of Active Directory for the user IDs. + of Active Directory for the user ID's. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_MAIL: - name: OCIS_LDAP_USER_SCHEMA_MAIL;AUTH_BASIC_LDAP_USER_SCHEMA_MAIL + name: OCIS_LDAP_USER_SCHEMA_MAIL;GROUPS_LDAP_USER_SCHEMA_MAIL defaultValue: mail type: string description: LDAP Attribute to use for the email address of users. @@ -7607,7 +7603,7 @@ OCIS_LDAP_USER_SCHEMA_USER_TYPE: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_USERNAME: - name: OCIS_LDAP_USER_SCHEMA_USERNAME;AUTH_BASIC_LDAP_USER_SCHEMA_USERNAME + name: OCIS_LDAP_USER_SCHEMA_USERNAME;GROUPS_LDAP_USER_SCHEMA_USERNAME defaultValue: uid type: string description: LDAP Attribute to use for username of users. @@ -7616,17 +7612,17 @@ OCIS_LDAP_USER_SCHEMA_USERNAME: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCOPE: - name: OCIS_LDAP_USER_SCOPE;AUTH_BASIC_LDAP_USER_SCOPE + name: OCIS_LDAP_USER_SCOPE;GROUPS_LDAP_USER_SCOPE defaultValue: sub type: string - description: LDAP search scope to use when looking up users. Supported values are + description: LDAP search scope to use when looking up users. Supported scopes are 'base', 'one' and 'sub'. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LOG_COLOR: - name: OCIS_LOG_COLOR;SETTINGS_LOG_COLOR + name: OCIS_LOG_COLOR;SHARING_LOG_COLOR defaultValue: "false" type: bool description: Activates colorized log output. @@ -7635,7 +7631,7 @@ OCIS_LOG_COLOR: removalVersion: "" deprecationInfo: "" OCIS_LOG_FILE: - name: OCIS_LOG_FILE;SETTINGS_LOG_FILE + name: OCIS_LOG_FILE;SHARING_LOG_FILE defaultValue: "" type: string description: The path to the log file. Activates logging to this file if set. @@ -7644,7 +7640,7 @@ OCIS_LOG_FILE: removalVersion: "" deprecationInfo: "" OCIS_LOG_LEVEL: - name: OCIS_LOG_LEVEL;SETTINGS_LOG_LEVEL + name: OCIS_LOG_LEVEL;SHARING_LOG_LEVEL defaultValue: "" type: string description: 'The log level. Valid values are: ''panic'', ''fatal'', ''error'', @@ -7654,7 +7650,7 @@ OCIS_LOG_LEVEL: removalVersion: "" deprecationInfo: "" OCIS_LOG_PRETTY: - name: OCIS_LOG_PRETTY;SETTINGS_LOG_PRETTY + name: OCIS_LOG_PRETTY;SHARING_LOG_PRETTY defaultValue: "false" type: bool description: Activates pretty log output. @@ -7663,11 +7659,11 @@ OCIS_LOG_PRETTY: removalVersion: "" deprecationInfo: "" OCIS_MACHINE_AUTH_API_KEY: - name: OCIS_MACHINE_AUTH_API_KEY;PROXY_MACHINE_AUTH_API_KEY + name: OCIS_MACHINE_AUTH_API_KEY;AUTH_MACHINE_API_KEY defaultValue: "" type: string - description: Machine auth API key used to validate internal requests necessary to - access resources from other services. + description: Machine auth API key used to validate internal requests necessary for + the access to resources from other services. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -7684,7 +7680,7 @@ OCIS_OIDC_CLIENT_ID: removalVersion: "" deprecationInfo: "" OCIS_OIDC_ISSUER: - name: OCIS_URL;OCIS_OIDC_ISSUER;PROXY_OIDC_ISSUER + name: OCIS_URL;OCIS_OIDC_ISSUER;AUTH_BEARER_OIDC_ISSUER defaultValue: https://localhost:9200 type: string description: URL of the OIDC issuer. It defaults to URL of the builtin IDP. @@ -7693,7 +7689,7 @@ OCIS_OIDC_ISSUER: removalVersion: "" deprecationInfo: "" OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: - name: OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST;FRONTEND_PASSWORD_POLICY_BANNED_PASSWORDS_LIST + name: OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST;SHARING_PASSWORD_POLICY_BANNED_PASSWORDS_LIST defaultValue: "" type: string description: Path to the 'banned passwords list' file. See the documentation for @@ -7703,7 +7699,7 @@ OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: removalVersion: "" deprecationInfo: "" OCIS_PASSWORD_POLICY_DISABLED: - name: OCIS_PASSWORD_POLICY_DISABLED;FRONTEND_PASSWORD_POLICY_DISABLED + name: OCIS_PASSWORD_POLICY_DISABLED;SHARING_PASSWORD_POLICY_DISABLED defaultValue: "false" type: bool description: Disable the password policy. Defaults to false if not set. @@ -7712,7 +7708,7 @@ OCIS_PASSWORD_POLICY_DISABLED: removalVersion: "" deprecationInfo: "" OCIS_PASSWORD_POLICY_MIN_CHARACTERS: - name: OCIS_PASSWORD_POLICY_MIN_CHARACTERS;FRONTEND_PASSWORD_POLICY_MIN_CHARACTERS + name: OCIS_PASSWORD_POLICY_MIN_CHARACTERS;SHARING_PASSWORD_POLICY_MIN_CHARACTERS defaultValue: "8" type: int description: Define the minimum password length. Defaults to 8 if not set. @@ -7721,7 +7717,7 @@ OCIS_PASSWORD_POLICY_MIN_CHARACTERS: removalVersion: "" deprecationInfo: "" OCIS_PASSWORD_POLICY_MIN_DIGITS: - name: OCIS_PASSWORD_POLICY_MIN_DIGITS;FRONTEND_PASSWORD_POLICY_MIN_DIGITS + name: OCIS_PASSWORD_POLICY_MIN_DIGITS;SHARING_PASSWORD_POLICY_MIN_DIGITS defaultValue: "1" type: int description: Define the minimum number of digits. Defaults to 1 if not set. @@ -7730,7 +7726,7 @@ OCIS_PASSWORD_POLICY_MIN_DIGITS: removalVersion: "" deprecationInfo: "" OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS: - name: OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS;FRONTEND_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS + name: OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS;SHARING_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS defaultValue: "1" type: int description: Define the minimum number of uppercase letters. Defaults to 1 if not @@ -7740,7 +7736,7 @@ OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS: removalVersion: "" deprecationInfo: "" OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS: - name: OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS;FRONTEND_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS + name: OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS;SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS defaultValue: "1" type: int description: Define the minimum number of characters from the special characters @@ -7750,7 +7746,7 @@ OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS: removalVersion: "" deprecationInfo: "" OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS: - name: OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS;FRONTEND_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS + name: OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS;SHARING_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS defaultValue: "1" type: int description: Define the minimum number of lowercase letters. Defaults to 1 if not @@ -7864,19 +7860,17 @@ OCIS_REVA_GATEWAY_TLS_MODE: removalVersion: "" deprecationInfo: "" OCIS_SERVICE_ACCOUNT_ID: - name: SETTINGS_SERVICE_ACCOUNT_IDS;OCIS_SERVICE_ACCOUNT_ID + name: OCIS_SERVICE_ACCOUNT_ID;CLIENTLOG_SERVICE_ACCOUNT_ID defaultValue: "" - type: '[]string' - description: 'The list of all service account IDs. These will be assigned the hidden - ''service-account'' role. Note: When using ''OCIS_SERVICE_ACCOUNT_ID'' this will - contain only one value while ''SETTINGS_SERVICE_ACCOUNT_IDS'' can have multiple. - See the ''auth-service'' service description for more details about service accounts.' + type: string + description: The ID of the service account the service should use. See the 'auth-service' + service description for more details. introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_SERVICE_ACCOUNT_SECRET: - name: OCIS_SERVICE_ACCOUNT_SECRET;PROXY_SERVICE_ACCOUNT_SECRET + name: OCIS_SERVICE_ACCOUNT_SECRET;CLIENTLOG_SERVICE_ACCOUNT_SECRET defaultValue: "" type: string description: The service account secret. @@ -7885,7 +7879,7 @@ OCIS_SERVICE_ACCOUNT_SECRET: removalVersion: "" deprecationInfo: "" OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD: - name: OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD;FRONTEND_OCS_PUBLIC_SHARE_MUST_HAVE_PASSWORD + name: OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD;SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD defaultValue: "true" type: bool description: Set this to true if you want to enforce passwords on all public shares. @@ -7894,27 +7888,30 @@ OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD: removalVersion: "" deprecationInfo: "" OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD: - name: OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD;FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD + name: OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD;SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD defaultValue: "false" type: bool description: Set this to true if you want to enforce passwords on Uploader, Editor - or Contributor shares. + or Contributor shares. If not using the global OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD, + you must define the FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD in + the frontend service. introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_SPACES_MAX_QUOTA: - name: OCIS_SPACES_MAX_QUOTA;FRONTEND_MAX_QUOTA + name: OCIS_SPACES_MAX_QUOTA;STORAGE_USERS_OCIS_MAX_QUOTA defaultValue: "0" type: uint64 - description: Set the global max quota value in bytes. A value of 0 equals unlimited. - The value is provided via capabilities. + description: Set a global max quota for spaces in bytes. A value of 0 equals unlimited. + If not using the global OCIS_SPACES_MAX_QUOTA, you must define the FRONTEND_MAX_QUOTA + in the frontend service. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_SYSTEM_USER_API_KEY: - name: OCIS_SYSTEM_USER_API_KEY + name: OCIS_SYSTEM_USER_API_KEY;SHARING_PUBLIC_CS3_SYSTEM_USER_API_KEY defaultValue: "" type: string description: API key for the STORAGE-SYSTEM system user. @@ -7923,7 +7920,7 @@ OCIS_SYSTEM_USER_API_KEY: removalVersion: "" deprecationInfo: "" OCIS_SYSTEM_USER_ID: - name: OCIS_SYSTEM_USER_ID;SETTINGS_SYSTEM_USER_ID + name: OCIS_SYSTEM_USER_ID;SHARING_PUBLIC_CS3_SYSTEM_USER_ID defaultValue: "" type: string description: ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID @@ -7935,7 +7932,7 @@ OCIS_SYSTEM_USER_ID: removalVersion: "" deprecationInfo: "" OCIS_SYSTEM_USER_IDP: - name: OCIS_SYSTEM_USER_IDP;SETTINGS_SYSTEM_USER_IDP + name: OCIS_SYSTEM_USER_IDP;SHARING_PUBLIC_CS3_SYSTEM_USER_IDP defaultValue: internal type: string description: IDP of the oCIS STORAGE-SYSTEM system user. @@ -7944,7 +7941,7 @@ OCIS_SYSTEM_USER_IDP: removalVersion: "" deprecationInfo: "" OCIS_TRACING_COLLECTOR: - name: OCIS_TRACING_COLLECTOR;SETTINGS_TRACING_COLLECTOR + name: OCIS_TRACING_COLLECTOR;SHARING_TRACING_COLLECTOR defaultValue: "" type: string description: The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. @@ -7954,7 +7951,7 @@ OCIS_TRACING_COLLECTOR: removalVersion: "" deprecationInfo: "" OCIS_TRACING_ENABLED: - name: OCIS_TRACING_ENABLED;SETTINGS_TRACING_ENABLED + name: OCIS_TRACING_ENABLED;SHARING_TRACING_ENABLED defaultValue: "false" type: bool description: Activates tracing. @@ -7963,7 +7960,7 @@ OCIS_TRACING_ENABLED: removalVersion: "" deprecationInfo: "" OCIS_TRACING_ENDPOINT: - name: OCIS_TRACING_ENDPOINT;SETTINGS_TRACING_ENDPOINT + name: OCIS_TRACING_ENDPOINT;SHARING_TRACING_ENDPOINT defaultValue: "" type: string description: The endpoint of the tracing agent. @@ -7972,7 +7969,7 @@ OCIS_TRACING_ENDPOINT: removalVersion: "" deprecationInfo: "" OCIS_TRACING_TYPE: - name: OCIS_TRACING_TYPE;SETTINGS_TRACING_TYPE + name: OCIS_TRACING_TYPE;SHARING_TRACING_TYPE defaultValue: "" type: string description: The type of tracing. Defaults to '', which is the same as 'jaeger'. @@ -8002,7 +7999,7 @@ OCIS_TRANSLATION_PATH: removalVersion: "" deprecationInfo: "" OCIS_URL: - name: OCIS_URL;OCIS_OIDC_ISSUER;PROXY_OIDC_ISSUER + name: OCIS_URL;OCIS_OIDC_ISSUER;AUTH_BEARER_OIDC_ISSUER defaultValue: https://localhost:9200 type: string description: URL of the OIDC issuer. It defaults to URL of the builtin IDP. @@ -8012,7 +8009,7 @@ OCIS_URL: deprecationInfo: "" OCM_CORS_ALLOW_CREDENTIALS: name: OCIS_CORS_ALLOW_CREDENTIALS;OCM_CORS_ALLOW_CREDENTIALS - defaultValue: "true" + defaultValue: "false" type: bool description: 'Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.' @@ -8048,7 +8045,7 @@ OCM_CORS_ALLOW_METHODS: deprecationInfo: "" OCM_CORS_ALLOW_ORIGINS: name: OCIS_CORS_ALLOW_ORIGINS;OCM_CORS_ALLOW_ORIGINS - defaultValue: '[*]' + defaultValue: '[https://localhost:9200]' type: '[]string' description: 'A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. @@ -8704,7 +8701,7 @@ POLICIES_ENGINE_TIMEOUT: removalVersion: "" deprecationInfo: "" POLICIES_EVENTS_AUTH_PASSWORD: - name: OCIS_EVENTS_AUTH_PASSWORD;FRONTEND_EVENTS_AUTH_PASSWORD + name: OCIS_EVENTS_AUTH_PASSWORD;POLICIES_EVENTS_AUTH_PASSWORD defaultValue: "" type: string description: The password to authenticate with the events broker. The events broker @@ -8714,7 +8711,7 @@ POLICIES_EVENTS_AUTH_PASSWORD: removalVersion: "" deprecationInfo: "" POLICIES_EVENTS_AUTH_USERNAME: - name: OCIS_EVENTS_AUTH_USERNAME;FRONTEND_EVENTS_AUTH_USERNAME + name: OCIS_EVENTS_AUTH_USERNAME;POLICIES_EVENTS_AUTH_USERNAME defaultValue: "" type: string description: The username to authenticate with the events broker. The events broker @@ -8724,52 +8721,52 @@ POLICIES_EVENTS_AUTH_USERNAME: removalVersion: "" deprecationInfo: "" POLICIES_EVENTS_CLUSTER: - name: OCIS_EVENTS_CLUSTER;FRONTEND_EVENTS_CLUSTER + name: OCIS_EVENTS_CLUSTER;POLICIES_EVENTS_CLUSTER defaultValue: ocis-cluster type: string description: The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system. - introductionVersion: "5.0" + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" POLICIES_EVENTS_ENABLE_TLS: - name: OCIS_EVENTS_ENABLE_TLS;FRONTEND_EVENTS_ENABLE_TLS + name: OCIS_EVENTS_ENABLE_TLS;POLICIES_EVENTS_ENABLE_TLS defaultValue: "false" type: bool description: Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services. - introductionVersion: "5.0" + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" POLICIES_EVENTS_ENDPOINT: - name: OCIS_EVENTS_ENDPOINT;FRONTEND_EVENTS_ENDPOINT + name: OCIS_EVENTS_ENDPOINT;POLICIES_EVENTS_ENDPOINT defaultValue: 127.0.0.1:9233 type: string description: The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. - introductionVersion: "5.0" + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" POLICIES_EVENTS_TLS_INSECURE: - name: OCIS_INSECURE;PROXY_OIDC_INSECURE + name: OCIS_INSECURE;POLICIES_EVENTS_TLS_INSECURE defaultValue: "false" type: bool - description: Disable TLS certificate validation for connections to the IDP. Note - that this is not recommended for production environments. + description: Whether the server should skip the client certificate verification + during the TLS handshake. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" POLICIES_EVENTS_TLS_ROOT_CA_CERTIFICATE: - name: OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE;AUDIT_EVENTS_TLS_ROOT_CA_CERTIFICATE + name: OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE;POLICIES_EVENTS_TLS_ROOT_CA_CERTIFICATE defaultValue: "" type: string description: The root CA certificate used to validate the server's TLS certificate. - If provided AUDIT_EVENTS_TLS_INSECURE will be seen as false. + If provided POLICIES_EVENTS_TLS_INSECURE will be seen as false. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -10446,12 +10443,11 @@ SHARING_DEBUG_ZPAGES: removalVersion: "" deprecationInfo: "" SHARING_ENABLE_RESHARING: - name: OCIS_ENABLE_RESHARING;FRONTEND_ENABLE_RESHARING + name: OCIS_ENABLE_RESHARING;SHARING_ENABLE_RESHARING defaultValue: "true" type: bool - description: Changing this value is NOT supported. Enables the support for resharing - in the clients. - introductionVersion: pre5.0 + description: Changing this value is NOT supported. Enables the support for resharing. + introductionVersion: "5.0" deprecationVersion: "5.0" removalVersion: "" deprecationInfo: Resharing will be removed in the future. @@ -10597,7 +10593,7 @@ SHARING_OCM_PROVIDER_AUTHORIZER_DRIVER: removalVersion: "" deprecationInfo: "" SHARING_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: - name: OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST;FRONTEND_PASSWORD_POLICY_BANNED_PASSWORDS_LIST + name: OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST;SHARING_PASSWORD_POLICY_BANNED_PASSWORDS_LIST defaultValue: "" type: string description: Path to the 'banned passwords list' file. See the documentation for @@ -10607,7 +10603,7 @@ SHARING_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: removalVersion: "" deprecationInfo: "" SHARING_PASSWORD_POLICY_DISABLED: - name: OCIS_PASSWORD_POLICY_DISABLED;FRONTEND_PASSWORD_POLICY_DISABLED + name: OCIS_PASSWORD_POLICY_DISABLED;SHARING_PASSWORD_POLICY_DISABLED defaultValue: "false" type: bool description: Disable the password policy. Defaults to false if not set. @@ -10616,7 +10612,7 @@ SHARING_PASSWORD_POLICY_DISABLED: removalVersion: "" deprecationInfo: "" SHARING_PASSWORD_POLICY_MIN_CHARACTERS: - name: OCIS_PASSWORD_POLICY_MIN_CHARACTERS;FRONTEND_PASSWORD_POLICY_MIN_CHARACTERS + name: OCIS_PASSWORD_POLICY_MIN_CHARACTERS;SHARING_PASSWORD_POLICY_MIN_CHARACTERS defaultValue: "8" type: int description: Define the minimum password length. Defaults to 8 if not set. @@ -10625,7 +10621,7 @@ SHARING_PASSWORD_POLICY_MIN_CHARACTERS: removalVersion: "" deprecationInfo: "" SHARING_PASSWORD_POLICY_MIN_DIGITS: - name: OCIS_PASSWORD_POLICY_MIN_DIGITS;FRONTEND_PASSWORD_POLICY_MIN_DIGITS + name: OCIS_PASSWORD_POLICY_MIN_DIGITS;SHARING_PASSWORD_POLICY_MIN_DIGITS defaultValue: "1" type: int description: Define the minimum number of digits. Defaults to 1 if not set. @@ -10634,7 +10630,7 @@ SHARING_PASSWORD_POLICY_MIN_DIGITS: removalVersion: "" deprecationInfo: "" SHARING_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS: - name: OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS;FRONTEND_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS + name: OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS;SHARING_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS defaultValue: "1" type: int description: Define the minimum number of uppercase letters. Defaults to 1 if not @@ -10644,7 +10640,7 @@ SHARING_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS: removalVersion: "" deprecationInfo: "" SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS: - name: OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS;FRONTEND_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS + name: OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS;SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS defaultValue: "1" type: int description: Define the minimum number of characters from the special characters @@ -10654,7 +10650,7 @@ SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS: removalVersion: "" deprecationInfo: "" SHARING_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS: - name: OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS;FRONTEND_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS + name: OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS;SHARING_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS defaultValue: "1" type: int description: Define the minimum number of lowercase letters. Defaults to 1 if not @@ -10763,7 +10759,7 @@ SHARING_PUBLIC_JSONCS3_SYSTEM_USER_IDP: removalVersion: "" deprecationInfo: "" SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD: - name: OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD;FRONTEND_OCS_PUBLIC_SHARE_MUST_HAVE_PASSWORD + name: OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD;SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD defaultValue: "true" type: bool description: Set this to true if you want to enforce passwords on all public shares. @@ -10772,11 +10768,13 @@ SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD: removalVersion: "" deprecationInfo: "" SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD: - name: OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD;FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD + name: OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD;SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD defaultValue: "false" type: bool description: Set this to true if you want to enforce passwords on Uploader, Editor - or Contributor shares. + or Contributor shares. If not using the global OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD, + you must define the FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD in + the frontend service. introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" @@ -10907,7 +10905,7 @@ SHARING_USER_JSONCS3_PROVIDER_ADDR: removalVersion: "" deprecationInfo: "" SHARING_USER_JSONCS3_SYSTEM_USER_API_KEY: - name: OCIS_SYSTEM_USER_API_KEY + name: OCIS_SYSTEM_USER_API_KEY;SHARING_USER_JSONCS3_SYSTEM_USER_API_KEY defaultValue: "" type: string description: API key for the STORAGE-SYSTEM system user. @@ -10916,7 +10914,7 @@ SHARING_USER_JSONCS3_SYSTEM_USER_API_KEY: removalVersion: "" deprecationInfo: "" SHARING_USER_JSONCS3_SYSTEM_USER_ID: - name: OCIS_SYSTEM_USER_ID;SETTINGS_SYSTEM_USER_ID + name: OCIS_SYSTEM_USER_ID;SHARING_USER_JSONCS3_SYSTEM_USER_ID defaultValue: "" type: string description: ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID @@ -10928,7 +10926,7 @@ SHARING_USER_JSONCS3_SYSTEM_USER_ID: removalVersion: "" deprecationInfo: "" SHARING_USER_JSONCS3_SYSTEM_USER_IDP: - name: OCIS_SYSTEM_USER_IDP;SETTINGS_SYSTEM_USER_IDP + name: OCIS_SYSTEM_USER_IDP;SHARING_USER_JSONCS3_SYSTEM_USER_IDP defaultValue: internal type: string description: IDP of the oCIS STORAGE-SYSTEM system user. @@ -11930,7 +11928,7 @@ STORAGE_USERS_CLI_MAX_ATTEMPTS_RENAME_FILE: deprecationInfo: "" STORAGE_USERS_CORS_ALLOW_CREDENTIALS: name: OCIS_CORS_ALLOW_CREDENTIALS;STORAGE_USERS_CORS_ALLOW_CREDENTIALS - defaultValue: "true" + defaultValue: "false" type: bool description: 'Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.' @@ -11964,7 +11962,7 @@ STORAGE_USERS_CORS_ALLOW_METHODS: deprecationInfo: "" STORAGE_USERS_CORS_ALLOW_ORIGINS: name: OCIS_CORS_ALLOW_ORIGINS;STORAGE_USERS_CORS_ALLOW_ORIGINS - defaultValue: '[*]' + defaultValue: '[https://localhost:9200]' type: '[]string' description: 'A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. @@ -12160,27 +12158,27 @@ STORAGE_USERS_EXPOSE_DATA_SERVER: removalVersion: "" deprecationInfo: "" STORAGE_USERS_FILEMETADATA_CACHE_AUTH_PASSWORD: - name: OCIS_CACHE_AUTH_PASSWORD;SETTINGS_CACHE_AUTH_PASSWORD + name: OCIS_CACHE_AUTH_PASSWORD;STORAGE_USERS_FILEMETADATA_CACHE_AUTH_PASSWORD defaultValue: "" type: string - description: The password to authenticate with the cache. Only applies when store - type 'nats-js-kv' is configured. + description: The password to authenticate with the cache store. Only applies when + store type 'nats-js-kv' is configured. introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" STORAGE_USERS_FILEMETADATA_CACHE_AUTH_USERNAME: - name: OCIS_CACHE_AUTH_USERNAME;SETTINGS_CACHE_AUTH_USERNAME + name: OCIS_CACHE_AUTH_USERNAME;STORAGE_USERS_FILEMETADATA_CACHE_AUTH_USERNAME defaultValue: "" type: string - description: The username to authenticate with the cache. Only applies when store - type 'nats-js-kv' is configured. + description: The username to authenticate with the cache store. Only applies when + store type 'nats-js-kv' is configured. introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" STORAGE_USERS_FILEMETADATA_CACHE_DISABLE_PERSISTENCE: - name: OCIS_CACHE_DISABLE_PERSISTENCE;SETTINGS_CACHE_DISABLE_PERSISTENCE + name: OCIS_CACHE_DISABLE_PERSISTENCE;STORAGE_USERS_FILEMETADATA_CACHE_DISABLE_PERSISTENCE defaultValue: "false" type: bool description: Disables persistence of the cache. Only applies when store type 'nats-js-kv' @@ -12190,18 +12188,18 @@ STORAGE_USERS_FILEMETADATA_CACHE_DISABLE_PERSISTENCE: removalVersion: "" deprecationInfo: "" STORAGE_USERS_FILEMETADATA_CACHE_SIZE: - name: OCIS_CACHE_SIZE;SETTINGS_CACHE_SIZE + name: OCIS_CACHE_SIZE;STORAGE_USERS_FILEMETADATA_CACHE_SIZE defaultValue: "0" type: int - description: The maximum quantity of items in the cache. Only applies when store - type 'ocmem' is configured. Defaults to 512 which is derived from the ocmem package - though not exclicitely set as default. + description: The maximum quantity of items in the user info cache. Only applies + when store type 'ocmem' is configured. Defaults to 512 which is derived from the + ocmem package though not exclicitely set as default. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" STORAGE_USERS_FILEMETADATA_CACHE_STORE: - name: OCIS_CACHE_STORE;SETTINGS_CACHE_STORE + name: OCIS_CACHE_STORE;STORAGE_USERS_FILEMETADATA_CACHE_STORE defaultValue: memory type: string description: 'The type of the cache store. Supported values are: ''memory'', ''redis-sentinel'', @@ -12211,7 +12209,7 @@ STORAGE_USERS_FILEMETADATA_CACHE_STORE: removalVersion: "" deprecationInfo: "" STORAGE_USERS_FILEMETADATA_CACHE_STORE_NODES: - name: OCIS_CACHE_STORE_NODES;SETTINGS_CACHE_STORE_NODES + name: OCIS_CACHE_STORE_NODES;STORAGE_USERS_FILEMETADATA_CACHE_STORE_NODES defaultValue: '[127.0.0.1:9233]' type: '[]string' description: A list of nodes to access the configured store. This has no effect @@ -12223,22 +12221,22 @@ STORAGE_USERS_FILEMETADATA_CACHE_STORE_NODES: removalVersion: "" deprecationInfo: "" STORAGE_USERS_FILEMETADATA_CACHE_TTL: - name: OCIS_CACHE_TTL;SETTINGS_CACHE_TTL - defaultValue: 10m0s + name: OCIS_CACHE_TTL;STORAGE_USERS_FILEMETADATA_CACHE_TTL + defaultValue: 24m0s type: Duration - description: Default time to live for entries in the cache. Only applied when access - tokens has no expiration. See the Environment Variable Types description for more - details. + description: Default time to live for user info in the user info cache. Only applied + when access tokens has no expiration. See the Environment Variable Types description + for more details. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" STORAGE_USERS_GATEWAY_GRPC_ADDR: - name: OCIS_GATEWAY_GRPC_ADDR;GATEWAY_GRPC_ADDR + name: OCIS_GATEWAY_GRPC_ADDR;STORAGE_USERS_GATEWAY_GRPC_ADDR defaultValue: 127.0.0.1:9142 type: string - description: The bind address of the GRPC service. - introductionVersion: pre5.0 + description: The bind address of the gateway GRPC address. + introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -12475,17 +12473,18 @@ STORAGE_USERS_OCIS_MAX_CONCURRENCY: removalVersion: "" deprecationInfo: "" STORAGE_USERS_OCIS_MAX_QUOTA: - name: OCIS_SPACES_MAX_QUOTA;FRONTEND_MAX_QUOTA + name: OCIS_SPACES_MAX_QUOTA;STORAGE_USERS_OCIS_MAX_QUOTA defaultValue: "0" type: uint64 - description: Set the global max quota value in bytes. A value of 0 equals unlimited. - The value is provided via capabilities. + description: Set a global max quota for spaces in bytes. A value of 0 equals unlimited. + If not using the global OCIS_SPACES_MAX_QUOTA, you must define the FRONTEND_MAX_QUOTA + in the frontend service. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" STORAGE_USERS_OCIS_METADATA_BACKEND: - name: OCIS_DECOMPOSEDFS_METADATA_BACKEND;STORAGE_SYSTEM_OCIS_METADATA_BACKEND + name: OCIS_DECOMPOSEDFS_METADATA_BACKEND;STORAGE_USERS_OCIS_METADATA_BACKEND defaultValue: messagepack type: string description: The backend to use for storing metadata. Supported values are 'messagepack' @@ -12496,7 +12495,7 @@ STORAGE_USERS_OCIS_METADATA_BACKEND: removalVersion: "" deprecationInfo: "" STORAGE_USERS_OCIS_PERMISSIONS_ENDPOINT: - name: STORAGE_USERS_PERMISSION_ENDPOINT;STORAGE_USERS_S3NG_PERMISSIONS_ENDPOINT + name: STORAGE_USERS_PERMISSION_ENDPOINT;STORAGE_USERS_OCIS_PERMISSIONS_ENDPOINT defaultValue: com.owncloud.api.settings type: string description: Endpoint of the permissions service. The endpoints can differ for 'ocis' @@ -12515,7 +12514,7 @@ STORAGE_USERS_OCIS_PERSONAL_SPACE_ALIAS_TEMPLATE: removalVersion: "" deprecationInfo: "" STORAGE_USERS_OCIS_PROPAGATOR: - name: OCIS_DECOMPOSEDFS_PROPAGATOR;STORAGE_USERS_S3NG_PROPAGATOR + name: OCIS_DECOMPOSEDFS_PROPAGATOR;STORAGE_USERS_OCIS_PROPAGATOR defaultValue: sync type: string description: The propagator used for decomposedfs. At the moment, only 'sync' is @@ -12678,12 +12677,12 @@ STORAGE_USERS_PURGE_TRASH_BIN_PROJECT_DELETE_BEFORE: removalVersion: "" deprecationInfo: "" STORAGE_USERS_PURGE_TRASH_BIN_USER_ID: - name: OCIS_ADMIN_USER_ID;SETTINGS_ADMIN_USER_ID + name: OCIS_ADMIN_USER_ID;STORAGE_USERS_PURGE_TRASH_BIN_USER_ID defaultValue: "" type: string - description: ID of the user that should receive admin privileges. Consider that - the UUID can be encoded in some LDAP deployment configurations like in .ldif files. - These need to be decoded beforehand. + description: ID of the user who collects all necessary information for deletion. + Consider that the UUID can be encoded in some LDAP deployment configurations like + in .ldif files. These need to be decoded beforehand. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -13563,19 +13562,17 @@ USERLOG_LOG_PRETTY: removalVersion: "" deprecationInfo: "" USERLOG_SERVICE_ACCOUNT_ID: - name: SETTINGS_SERVICE_ACCOUNT_IDS;OCIS_SERVICE_ACCOUNT_ID + name: OCIS_SERVICE_ACCOUNT_ID;USERLOG_SERVICE_ACCOUNT_ID defaultValue: "" - type: '[]string' - description: 'The list of all service account IDs. These will be assigned the hidden - ''service-account'' role. Note: When using ''OCIS_SERVICE_ACCOUNT_ID'' this will - contain only one value while ''SETTINGS_SERVICE_ACCOUNT_IDS'' can have multiple. - See the ''auth-service'' service description for more details about service accounts.' + type: string + description: The ID of the service account the service should use. See the 'auth-service' + service description for more details. introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" USERLOG_SERVICE_ACCOUNT_SECRET: - name: OCIS_SERVICE_ACCOUNT_SECRET;PROXY_SERVICE_ACCOUNT_SECRET + name: OCIS_SERVICE_ACCOUNT_SECRET;USERLOG_SERVICE_ACCOUNT_SECRET defaultValue: "" type: string description: The service account secret. @@ -13584,7 +13581,7 @@ USERLOG_SERVICE_ACCOUNT_SECRET: removalVersion: "" deprecationInfo: "" USERLOG_STORE: - name: OCIS_PERSISTENT_STORE;EVENTHISTORY_STORE + name: OCIS_PERSISTENT_STORE;USERLOG_STORE defaultValue: memory type: string description: 'The type of the store. Supported values are: ''memory'', ''ocmem'', @@ -13595,7 +13592,7 @@ USERLOG_STORE: removalVersion: "" deprecationInfo: "" USERLOG_STORE_AUTH_PASSWORD: - name: OCIS_PERSISTENT_STORE_AUTH_PASSWORD;EVENTHISTORY_STORE_AUTH_PASSWORD + name: OCIS_PERSISTENT_STORE_AUTH_PASSWORD;USERLOG_STORE_AUTH_PASSWORD defaultValue: "" type: string description: The password to authenticate with the store. Only applies when store @@ -13605,7 +13602,7 @@ USERLOG_STORE_AUTH_PASSWORD: removalVersion: "" deprecationInfo: "" USERLOG_STORE_AUTH_USERNAME: - name: OCIS_PERSISTENT_STORE_AUTH_USERNAME;EVENTHISTORY_STORE_AUTH_USERNAME + name: OCIS_PERSISTENT_STORE_AUTH_USERNAME;USERLOG_STORE_AUTH_USERNAME defaultValue: "" type: string description: The username to authenticate with the store. Only applies when store @@ -13624,7 +13621,7 @@ USERLOG_STORE_DATABASE: removalVersion: "" deprecationInfo: "" USERLOG_STORE_NODES: - name: OCIS_PERSISTENT_STORE_NODES;EVENTHISTORY_STORE_NODES + name: OCIS_PERSISTENT_STORE_NODES;USERLOG_STORE_NODES defaultValue: '[]' type: '[]string' description: A list of nodes to access the configured store. This has no effect @@ -13636,12 +13633,12 @@ USERLOG_STORE_NODES: removalVersion: "" deprecationInfo: "" USERLOG_STORE_SIZE: - name: OCIS_PERSISTENT_STORE_SIZE;EVENTHISTORY_STORE_SIZE + name: OCIS_PERSISTENT_STORE_SIZE;USERLOG_STORE_SIZE defaultValue: "0" type: int description: The maximum quantity of items in the store. Only applies when store - type 'ocmem' is configured. Defaults to 512 which is derived and used from the - ocmem package though no explicit default was set. + type 'ocmem' is configured. Defaults to 512 which is derived from the ocmem package + though not exclicitely set as default. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -13656,7 +13653,7 @@ USERLOG_STORE_TABLE: removalVersion: "" deprecationInfo: "" USERLOG_STORE_TTL: - name: OCIS_PERSISTENT_STORE_TTL;EVENTHISTORY_STORE_TTL + name: OCIS_PERSISTENT_STORE_TTL;USERLOG_STORE_TTL defaultValue: 336h0m0s type: Duration description: Time to live for events in the store. Defaults to '336h' (2 weeks). @@ -13704,7 +13701,7 @@ USERLOG_TRACING_TYPE: removalVersion: "" deprecationInfo: "" USERLOG_TRANSLATION_PATH: - name: OCIS_TRANSLATION_PATH;NOTIFICATIONS_TRANSLATION_PATH + name: OCIS_TRANSLATION_PATH;USERLOG_TRANSLATION_PATH defaultValue: "" type: string description: (optional) Set this to a path with custom translations to overwrite @@ -13781,10 +13778,11 @@ USERS_GRPC_PROTOCOL: removalVersion: "" deprecationInfo: "" USERS_IDP_URL: - name: OCIS_URL;OCIS_OIDC_ISSUER;PROXY_OIDC_ISSUER + name: OCIS_URL;OCIS_OIDC_ISSUER;USERS_IDP_URL defaultValue: https://localhost:9200 type: string - description: URL of the OIDC issuer. It defaults to URL of the builtin IDP. + description: The identity provider value to set in the userids of the CS3 user objects + for users returned by this user provider. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -13799,7 +13797,7 @@ USERS_JWT_SECRET: removalVersion: "" deprecationInfo: "" USERS_LDAP_BIND_DN: - name: OCIS_LDAP_BIND_DN;AUTH_BASIC_LDAP_BIND_DN + name: OCIS_LDAP_BIND_DN;USERS_LDAP_BIND_DN defaultValue: uid=reva,ou=sysusers,o=libregraph-idm type: string description: LDAP DN to use for simple bind authentication with the target LDAP @@ -13809,7 +13807,7 @@ USERS_LDAP_BIND_DN: removalVersion: "" deprecationInfo: "" USERS_LDAP_BIND_PASSWORD: - name: OCIS_LDAP_BIND_PASSWORD;AUTH_BASIC_LDAP_BIND_PASSWORD + name: OCIS_LDAP_BIND_PASSWORD;USERS_LDAP_BIND_PASSWORD defaultValue: "" type: string description: Password to use for authenticating the 'bind_dn'. @@ -13818,7 +13816,7 @@ USERS_LDAP_BIND_PASSWORD: removalVersion: "" deprecationInfo: "" USERS_LDAP_CACERT: - name: OCIS_LDAP_CACERT;AUTH_BASIC_LDAP_CACERT + name: OCIS_LDAP_CACERT;USERS_LDAP_CACERT defaultValue: /var/lib/ocis/idm/ldap.crt type: string description: Path/File name for the root CA certificate (in PEM format) used to @@ -13829,7 +13827,7 @@ USERS_LDAP_CACERT: removalVersion: "" deprecationInfo: "" USERS_LDAP_DISABLE_USER_MECHANISM: - name: OCIS_LDAP_DISABLE_USER_MECHANISM;AUTH_BASIC_DISABLE_USER_MECHANISM + name: OCIS_LDAP_DISABLE_USER_MECHANISM;USERS_LDAP_DISABLE_USER_MECHANISM defaultValue: attribute type: string description: An option to control the behavior for disabling users. Valid options @@ -13842,7 +13840,7 @@ USERS_LDAP_DISABLE_USER_MECHANISM: removalVersion: "" deprecationInfo: "" USERS_LDAP_DISABLED_USERS_GROUP_DN: - name: OCIS_LDAP_DISABLED_USERS_GROUP_DN;AUTH_BASIC_DISABLED_USERS_GROUP_DN + name: OCIS_LDAP_DISABLED_USERS_GROUP_DN;USERS_LDAP_DISABLED_USERS_GROUP_DN defaultValue: cn=DisabledUsersGroup,ou=groups,o=libregraph-idm type: string description: The distinguished name of the group to which added users will be classified @@ -13852,7 +13850,7 @@ USERS_LDAP_DISABLED_USERS_GROUP_DN: removalVersion: "" deprecationInfo: "" USERS_LDAP_GROUP_BASE_DN: - name: OCIS_LDAP_GROUP_BASE_DN;AUTH_BASIC_LDAP_GROUP_BASE_DN + name: OCIS_LDAP_GROUP_BASE_DN;USERS_LDAP_GROUP_BASE_DN defaultValue: ou=groups,o=libregraph-idm type: string description: Search base DN for looking up LDAP groups. @@ -13861,7 +13859,7 @@ USERS_LDAP_GROUP_BASE_DN: removalVersion: "" deprecationInfo: "" USERS_LDAP_GROUP_FILTER: - name: OCIS_LDAP_GROUP_FILTER;AUTH_BASIC_LDAP_GROUP_FILTER + name: OCIS_LDAP_GROUP_FILTER;USERS_LDAP_GROUP_FILTER defaultValue: "" type: string description: LDAP filter to add to the default filters for group searches. @@ -13870,17 +13868,17 @@ USERS_LDAP_GROUP_FILTER: removalVersion: "" deprecationInfo: "" USERS_LDAP_GROUP_OBJECTCLASS: - name: OCIS_LDAP_GROUP_OBJECTCLASS;AUTH_BASIC_LDAP_GROUP_OBJECTCLASS + name: OCIS_LDAP_GROUP_OBJECTCLASS;USERS_LDAP_GROUP_OBJECTCLASS defaultValue: groupOfNames type: string description: The object class to use for groups in the default group search filter - ('groupOfNames'). + like 'groupOfNames'. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" USERS_LDAP_GROUP_SCHEMA_DISPLAYNAME: - name: OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME;AUTH_BASIC_LDAP_GROUP_SCHEMA_DISPLAYNAME + name: OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME;USERS_LDAP_GROUP_SCHEMA_DISPLAYNAME defaultValue: cn type: string description: LDAP Attribute to use for the displayname of groups (often the same @@ -13890,7 +13888,7 @@ USERS_LDAP_GROUP_SCHEMA_DISPLAYNAME: removalVersion: "" deprecationInfo: "" USERS_LDAP_GROUP_SCHEMA_GROUPNAME: - name: OCIS_LDAP_GROUP_SCHEMA_GROUPNAME;AUTH_BASIC_LDAP_GROUP_SCHEMA_GROUPNAME + name: OCIS_LDAP_GROUP_SCHEMA_GROUPNAME;USERS_LDAP_GROUP_SCHEMA_GROUPNAME defaultValue: cn type: string description: LDAP Attribute to use for the name of groups. @@ -13899,28 +13897,28 @@ USERS_LDAP_GROUP_SCHEMA_GROUPNAME: removalVersion: "" deprecationInfo: "" USERS_LDAP_GROUP_SCHEMA_ID: - name: OCIS_LDAP_GROUP_SCHEMA_ID;AUTH_BASIC_LDAP_GROUP_SCHEMA_ID + name: OCIS_LDAP_GROUP_SCHEMA_ID;USERS_LDAP_GROUP_SCHEMA_ID defaultValue: ownclouduuid type: string - description: LDAP Attribute to use as the unique id for groups. This should be a - stable globally unique id (e.g. a UUID). + description: LDAP Attribute to use as the unique ID for groups. This should be a + stable globally unique ID like a UUID. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" USERS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING: - name: OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING;AUTH_BASIC_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING + name: OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING;USERS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING defaultValue: "false" type: bool description: Set this to true if the defined 'id' attribute for groups is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute - of Active Directory for the group IDs. + of Active Directory for the group ID's. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" USERS_LDAP_GROUP_SCHEMA_MAIL: - name: OCIS_LDAP_GROUP_SCHEMA_MAIL;AUTH_BASIC_LDAP_GROUP_SCHEMA_MAIL + name: OCIS_LDAP_GROUP_SCHEMA_MAIL;USERS_LDAP_GROUP_SCHEMA_MAIL defaultValue: mail type: string description: LDAP Attribute to use for the email address of groups (can be empty). @@ -13929,7 +13927,7 @@ USERS_LDAP_GROUP_SCHEMA_MAIL: removalVersion: "" deprecationInfo: "" USERS_LDAP_GROUP_SCHEMA_MEMBER: - name: OCIS_LDAP_GROUP_SCHEMA_MEMBER;AUTH_BASIC_LDAP_GROUP_SCHEMA_MEMBER + name: OCIS_LDAP_GROUP_SCHEMA_MEMBER;USERS_LDAP_GROUP_SCHEMA_MEMBER defaultValue: member type: string description: LDAP Attribute that is used for group members. @@ -13938,7 +13936,7 @@ USERS_LDAP_GROUP_SCHEMA_MEMBER: removalVersion: "" deprecationInfo: "" USERS_LDAP_GROUP_SCOPE: - name: OCIS_LDAP_GROUP_SCOPE;AUTH_BASIC_LDAP_GROUP_SCOPE + name: OCIS_LDAP_GROUP_SCOPE;USERS_LDAP_GROUP_SCOPE defaultValue: sub type: string description: LDAP search scope to use when looking up groups. Supported values are @@ -13948,7 +13946,7 @@ USERS_LDAP_GROUP_SCOPE: removalVersion: "" deprecationInfo: "" USERS_LDAP_INSECURE: - name: OCIS_LDAP_INSECURE;AUTH_BASIC_LDAP_INSECURE + name: OCIS_LDAP_INSECURE;USERS_LDAP_INSECURE defaultValue: "false" type: bool description: Disable TLS certificate validation for the LDAP connections. Do not @@ -13958,7 +13956,7 @@ USERS_LDAP_INSECURE: removalVersion: "" deprecationInfo: "" USERS_LDAP_URI: - name: OCIS_LDAP_URI;AUTH_BASIC_LDAP_URI + name: OCIS_LDAP_URI;USERS_LDAP_URI defaultValue: ldaps://localhost:9235 type: string description: URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' @@ -13968,7 +13966,7 @@ USERS_LDAP_URI: removalVersion: "" deprecationInfo: "" USERS_LDAP_USER_BASE_DN: - name: OCIS_LDAP_USER_BASE_DN;AUTH_BASIC_LDAP_USER_BASE_DN + name: OCIS_LDAP_USER_BASE_DN;USERS_LDAP_USER_BASE_DN defaultValue: ou=users,o=libregraph-idm type: string description: Search base DN for looking up LDAP users. @@ -13977,7 +13975,7 @@ USERS_LDAP_USER_BASE_DN: removalVersion: "" deprecationInfo: "" USERS_LDAP_USER_ENABLED_ATTRIBUTE: - name: OCIS_LDAP_USER_ENABLED_ATTRIBUTE;AUTH_BASIC_LDAP_USER_ENABLED_ATTRIBUTE + name: OCIS_LDAP_USER_ENABLED_ATTRIBUTE;USERS_LDAP_USER_ENABLED_ATTRIBUTE defaultValue: ownCloudUserEnabled type: string description: LDAP attribute to use as a flag telling if the user is enabled or disabled. @@ -13986,7 +13984,7 @@ USERS_LDAP_USER_ENABLED_ATTRIBUTE: removalVersion: "" deprecationInfo: "" USERS_LDAP_USER_FILTER: - name: OCIS_LDAP_USER_FILTER;AUTH_BASIC_LDAP_USER_FILTER + name: OCIS_LDAP_USER_FILTER;USERS_LDAP_USER_FILTER defaultValue: "" type: string description: LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'. @@ -13995,17 +13993,17 @@ USERS_LDAP_USER_FILTER: removalVersion: "" deprecationInfo: "" USERS_LDAP_USER_OBJECTCLASS: - name: OCIS_LDAP_USER_OBJECTCLASS;AUTH_BASIC_LDAP_USER_OBJECTCLASS + name: OCIS_LDAP_USER_OBJECTCLASS;USERS_LDAP_USER_OBJECTCLASS defaultValue: inetOrgPerson type: string description: The object class to use for users in the default user search filter - ('inetOrgPerson'). + like 'inetOrgPerson'. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" USERS_LDAP_USER_SCHEMA_DISPLAYNAME: - name: OCIS_LDAP_USER_SCHEMA_DISPLAYNAME;AUTH_BASIC_LDAP_USER_SCHEMA_DISPLAYNAME + name: OCIS_LDAP_USER_SCHEMA_DISPLAYNAME;USERS_LDAP_USER_SCHEMA_DISPLAYNAME defaultValue: displayname type: string description: LDAP Attribute to use for the displayname of users. @@ -14014,7 +14012,7 @@ USERS_LDAP_USER_SCHEMA_DISPLAYNAME: removalVersion: "" deprecationInfo: "" USERS_LDAP_USER_SCHEMA_ID: - name: OCIS_LDAP_USER_SCHEMA_ID;AUTH_BASIC_LDAP_USER_SCHEMA_ID + name: OCIS_LDAP_USER_SCHEMA_ID;USERS_LDAP_USER_SCHEMA_ID defaultValue: ownclouduuid type: string description: LDAP Attribute to use as the unique ID for users. This should be a @@ -14024,18 +14022,18 @@ USERS_LDAP_USER_SCHEMA_ID: removalVersion: "" deprecationInfo: "" USERS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING: - name: OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING;AUTH_BASIC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING + name: OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING;USERS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING defaultValue: "false" type: bool description: Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute - of Active Directory for the user IDs. + of Active Directory for the user ID's. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" USERS_LDAP_USER_SCHEMA_MAIL: - name: OCIS_LDAP_USER_SCHEMA_MAIL;AUTH_BASIC_LDAP_USER_SCHEMA_MAIL + name: OCIS_LDAP_USER_SCHEMA_MAIL;USERS_LDAP_USER_SCHEMA_MAIL defaultValue: mail type: string description: LDAP Attribute to use for the email address of users. @@ -14044,7 +14042,7 @@ USERS_LDAP_USER_SCHEMA_MAIL: removalVersion: "" deprecationInfo: "" USERS_LDAP_USER_SCHEMA_USERNAME: - name: OCIS_LDAP_USER_SCHEMA_USERNAME;AUTH_BASIC_LDAP_USER_SCHEMA_USERNAME + name: OCIS_LDAP_USER_SCHEMA_USERNAME;USERS_LDAP_USER_SCHEMA_USERNAME defaultValue: uid type: string description: LDAP Attribute to use for username of users. @@ -14053,7 +14051,7 @@ USERS_LDAP_USER_SCHEMA_USERNAME: removalVersion: "" deprecationInfo: "" USERS_LDAP_USER_SCOPE: - name: OCIS_LDAP_USER_SCOPE;AUTH_BASIC_LDAP_USER_SCOPE + name: OCIS_LDAP_USER_SCOPE;USERS_LDAP_USER_SCOPE defaultValue: sub type: string description: LDAP search scope to use when looking up users. Supported values are @@ -14074,7 +14072,7 @@ USERS_LDAP_USER_SUBSTRING_FILTER_TYPE: removalVersion: "" deprecationInfo: "" USERS_LDAP_USER_TYPE_ATTRIBUTE: - name: OCIS_LDAP_USER_SCHEMA_USER_TYPE;GRAPH_LDAP_USER_TYPE_ATTRIBUTE + name: OCIS_LDAP_USER_SCHEMA_USER_TYPE;USERS_LDAP_USER_TYPE_ATTRIBUTE defaultValue: ownCloudUserType type: string description: LDAP Attribute to distinguish between 'Member' and 'Guest' users. Default @@ -14301,7 +14299,7 @@ WEB_CACHE_TTL: deprecationInfo: "" WEB_CORS_ALLOW_CREDENTIALS: name: OCIS_CORS_ALLOW_CREDENTIALS;WEB_CORS_ALLOW_CREDENTIALS - defaultValue: "true" + defaultValue: "false" type: bool description: 'Allow credentials for CORS. See following chapter for more details: *Access-Control-Allow-Credentials* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.' @@ -14337,7 +14335,7 @@ WEB_CORS_ALLOW_METHODS: deprecationInfo: "" WEB_CORS_ALLOW_ORIGINS: name: OCIS_CORS_ALLOW_ORIGINS;WEB_CORS_ALLOW_ORIGINS - defaultValue: '[*]' + defaultValue: '[https://localhost:9200]' type: '[]string' description: 'A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. @@ -14580,12 +14578,13 @@ WEB_OPTION_DISABLE_FEEDBACK_LINK: removalVersion: "" deprecationInfo: "" WEB_OPTION_DISABLE_PREVIEWS: - name: OCIS_DISABLE_PREVIEWS;WEBDAV_DISABLE_PREVIEWS + name: OCIS_DISABLE_PREVIEWS;WEB_OPTION_DISABLE_PREVIEWS defaultValue: "false" type: bool - description: Set this option to 'true' to disable rendering of thumbnails triggered - via webdav access. Note that when disabled, all access to preview related webdav - paths will return a 404. + description: Set this option to 'true' to disable previews in all the different + web file listing views. This can speed up file listings in folders with many files. + The only list view that is not affected by this setting is the trash bin, as it + does not allow previewing at all. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -15054,7 +15053,7 @@ WEBFINGER_CORS_ALLOW_METHODS: deprecationInfo: "" WEBFINGER_CORS_ALLOW_ORIGINS: name: OCIS_CORS_ALLOW_ORIGINS;WEBFINGER_CORS_ALLOW_ORIGINS - defaultValue: '[*]' + defaultValue: '[https://localhost:9200]' type: '[]string' description: 'A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. diff --git a/docs/helpers/extended_vars.yaml b/docs/helpers/extended_vars.yaml index 28091b1a8..6cf4dbe25 100644 --- a/docs/helpers/extended_vars.yaml +++ b/docs/helpers/extended_vars.yaml @@ -16,9 +16,17 @@ variables: description: "" do_ignore: true - rawname: MICRO_LOG_LEVEL - path: ocis-pkg/log/log.go:31 + path: ocis-pkg/log/log.go:36 foundincode: true name: MICRO_LOG_LEVEL + type: "" + default_value: "" + description: "" + do_ignore: false +- rawname: MICRO_LOG_LEVEL + path: ocis-pkg/log/log.go:31 + foundincode: false + name: MICRO_LOG_LEVEL type: string default_value: Error description: Set the log level for the internal go micro framework. Only change @@ -26,12 +34,20 @@ variables: do_ignore: false - rawname: MICRO_LOG_LEVEL path: ocis-pkg/log/log.go:35 - foundincode: true + foundincode: false name: MICRO_LOG_LEVEL type: "" default_value: "" description: "" do_ignore: true +- rawname: MICRO_LOG_LEVEL + path: ocis-pkg/log/log.go:32 + foundincode: true + name: MICRO_LOG_LEVEL + type: "" + default_value: "" + description: "" + do_ignore: false - rawname: _registryEnv path: ocis-pkg/registry/registry.go:114 foundincode: true @@ -43,6 +59,14 @@ variables: and ''mdns'' are deprecated and will be removed in a later version. Only change on supervision of ownCloud Support.' do_ignore: false +- rawname: _registryAddressEnv + path: ocis-pkg/registry/registry.go:118 + foundincode: true + name: MICRO_REGISTRY_ADDRESS + type: "" + default_value: "" + description: "" + do_ignore: true - rawname: _registryAddressEnv path: ocis-pkg/natsjsregistry/registry.go:145 foundincode: true @@ -52,14 +76,6 @@ variables: description: The bind address of the internal go micro framework. Only change on supervision of ownCloud Support. do_ignore: false -- rawname: _registryAddressEnv - path: ocis-pkg/registry/registry.go:118 - foundincode: true - name: MICRO_REGISTRY_ADDRESS - type: "" - default_value: "" - description: "" - do_ignore: true - rawname: _registryPasswordEnv path: ocis-pkg/natsjsregistry/registry.go:163 foundincode: true @@ -96,6 +112,14 @@ variables: description: The default directory location for config files. See the General Info section in the documentation for more details on defaults. do_ignore: false +- rawname: RUN_CMD_TEST + path: internal/testenv/test.go:33 + foundincode: true + name: RUN_CMD_TEST + type: "" + default_value: "" + description: "" + do_ignore: true - rawname: parts[0] path: ocis-pkg/config/envdecode/envdecode.go:382 foundincode: true