diff --git a/docs/helpers/env_vars.yaml b/docs/helpers/env_vars.yaml index 672bda70273..cfefb990239 100644 --- a/docs/helpers/env_vars.yaml +++ b/docs/helpers/env_vars.yaml @@ -1,3 +1,149 @@ +ACTIVITYLOG_CORS_ALLOW_CREDENTIALS: + name: OCIS_CORS_ALLOW_CREDENTIALS;ACTIVITYLOG_CORS_ALLOW_CREDENTIALS + defaultValue: "true" + type: bool + description: 'Allow credentials for CORS.See following chapter for more details: + *Access-Control-Allow-Credentials* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.' + introductionVersion: pre5.0 + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +ACTIVITYLOG_CORS_ALLOW_HEADERS: + name: OCIS_CORS_ALLOW_HEADERS;ACTIVITYLOG_CORS_ALLOW_HEADERS + defaultValue: '[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id + Ocs-Apirequest]' + type: '[]string' + description: 'A list of allowed CORS headers. See following chapter for more details: + *Access-Control-Request-Headers* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. + See the Environment Variable Types description for more details.' + introductionVersion: pre5.0 + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +ACTIVITYLOG_CORS_ALLOW_METHODS: + name: OCIS_CORS_ALLOW_METHODS;ACTIVITYLOG_CORS_ALLOW_METHODS + defaultValue: '[GET]' + type: '[]string' + description: 'A list of allowed CORS methods. See following chapter for more details: + *Access-Control-Request-Method* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. + See the Environment Variable Types description for more details.' + introductionVersion: pre5.0 + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +ACTIVITYLOG_CORS_ALLOW_ORIGINS: + name: OCIS_CORS_ALLOW_ORIGINS;ACTIVITYLOG_CORS_ALLOW_ORIGINS + defaultValue: '[*]' + type: '[]string' + description: 'A list of allowed CORS origins. See following chapter for more details: + *Access-Control-Allow-Origin* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. + See the Environment Variable Types description for more details.' + introductionVersion: pre5.0 + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +ACTIVITYLOG_DEBUG_ADDR: + name: ACTIVITYLOG_DEBUG_ADDR + defaultValue: 127.0.0.1:9197 + type: string + description: Bind address of the debug server, where metrics, health, config and + debug endpoints will be exposed. + introductionVersion: "5.0" + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +ACTIVITYLOG_DEBUG_PPROF: + name: ACTIVITYLOG_DEBUG_PPROF + defaultValue: "false" + type: bool + description: Enables pprof, which can be used for profiling. + introductionVersion: "5.0" + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +ACTIVITYLOG_DEBUG_TOKEN: + name: ACTIVITYLOG_DEBUG_TOKEN + defaultValue: "" + type: string + description: Token to secure the metrics endpoint. + introductionVersion: "5.0" + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +ACTIVITYLOG_DEBUG_ZPAGES: + name: ACTIVITYLOG_DEBUG_ZPAGES + defaultValue: "false" + type: bool + description: Enables zpages, which can be used for collecting and viewing in-memory + traces. + introductionVersion: "5.0" + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +ACTIVITYLOG_HTTP_ADDR: + name: ACTIVITYLOG_HTTP_ADDR + defaultValue: 127.0.0.1:0 + type: string + description: The bind address of the HTTP service. + introductionVersion: pre5.0 + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +ACTIVITYLOG_HTTP_ROOT: + name: ACTIVITYLOG_HTTP_ROOT + defaultValue: / + type: string + description: Subdirectory that serves as the root for this HTTP service. + introductionVersion: pre5.0 + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +ACTIVITYLOG_JWT_SECRET: + name: OCIS_JWT_SECRET;ACTIVITYLOG_JWT_SECRET + defaultValue: "" + type: string + description: The secret to mint and validate jwt tokens. + introductionVersion: pre5.0 + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +ACTIVITYLOG_LOG_COLOR: + name: OCIS_LOG_COLOR;ACTIVITYLOG_LOG_COLOR + defaultValue: "false" + type: bool + description: Activates colorized log output. + introductionVersion: "5.0" + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +ACTIVITYLOG_LOG_FILE: + name: OCIS_LOG_FILE;ACTIVITYLOG_LOG_FILE + defaultValue: "" + type: string + description: The path to the log file. Activates logging to this file if set. + introductionVersion: "5.0" + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +ACTIVITYLOG_LOG_LEVEL: + name: OCIS_LOG_LEVEL;ACTIVITYLOG_LOG_LEVEL + defaultValue: "" + type: string + description: 'The log level. Valid values are: ''panic'', ''fatal'', ''error'', + ''warn'', ''info'', ''debug'', ''trace''.' + introductionVersion: "5.0" + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +ACTIVITYLOG_LOG_PRETTY: + name: OCIS_LOG_PRETTY;ACTIVITYLOG_LOG_PRETTY + defaultValue: "false" + type: bool + description: Activates pretty log output. + introductionVersion: "5.0" + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" ACTIVITYLOG_SERVICE_ACCOUNT_ID: name: OCIS_SERVICE_ACCOUNT_ID;ACTIVITYLOG_SERVICE_ACCOUNT_ID defaultValue: "" @@ -66,7 +212,7 @@ ACTIVITYLOG_STORE_SIZE: type: int description: The maximum quantity of items in the store. Only applies when store type 'ocmem' is configured. Defaults to 512 which is derived from the ocmem package - though not exclicitly set as default. + though not explicitly set as default. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -90,6 +236,44 @@ ACTIVITYLOG_STORE_TTL: deprecationVersion: "" removalVersion: "" deprecationInfo: "" +ACTIVITYLOG_TRACING_COLLECTOR: + name: OCIS_TRACING_COLLECTOR;ACTIVITYLOG_TRACING_COLLECTOR + defaultValue: "" + type: string + description: The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. + Only used if the tracing endpoint is unset. + introductionVersion: "5.0" + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +ACTIVITYLOG_TRACING_ENABLED: + name: OCIS_TRACING_ENABLED;ACTIVITYLOG_TRACING_ENABLED + defaultValue: "false" + type: bool + description: Activates tracing. + introductionVersion: "5.0" + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +ACTIVITYLOG_TRACING_ENDPOINT: + name: OCIS_TRACING_ENDPOINT;ACTIVITYLOG_TRACING_ENDPOINT + defaultValue: "" + type: string + description: The endpoint of the tracing agent. + introductionVersion: "5.0" + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +ACTIVITYLOG_TRACING_TYPE: + name: OCIS_TRACING_TYPE;ACTIVITYLOG_TRACING_TYPE + defaultValue: "" + type: string + description: The type of tracing. Defaults to '', which is the same as 'jaeger'. + Allowed tracing types are 'jaeger' and '' as of now. + introductionVersion: "5.0" + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" ACTIVITYOG_SERVICE_ACCOUNT_SECRET: name: OCIS_SERVICE_ACCOUNT_SECRET;ACTIVITYOG_SERVICE_ACCOUNT_SECRET defaultValue: "" @@ -2064,7 +2248,7 @@ AUTH_SERVICE_TRACING_TYPE: deprecationInfo: "" CLIENTLOG_DEBUG_ADDR: name: CLIENTLOG_DEBUG_ADDR - defaultValue: 127.0.0.1:9197 + defaultValue: 127.0.0.1:9260 type: string description: Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed. @@ -2671,7 +2855,7 @@ EVENTHISTORY_LOG_PRETTY: deprecationInfo: "" EVENTHISTORY_STORE: name: OCIS_PERSISTENT_STORE;EVENTHISTORY_STORE - defaultValue: memory + defaultValue: nats-js-kv type: string description: 'The type of the store. Supported values are: ''memory'', ''ocmem'', ''etcd'', ''redis'', ''redis-sentinel'', ''nats-js'', ''noop''. See the text description @@ -2711,7 +2895,7 @@ EVENTHISTORY_STORE_DATABASE: deprecationInfo: "" EVENTHISTORY_STORE_NODES: name: OCIS_PERSISTENT_STORE_NODES;EVENTHISTORY_STORE_NODES - defaultValue: '[]' + defaultValue: '[127.0.0.1:9233]' type: '[]string' description: A list of nodes to access the configured store. This has no effect when 'memory' or 'ocmem' stores are configured. Note that the behaviour how nodes @@ -2734,7 +2918,7 @@ EVENTHISTORY_STORE_SIZE: deprecationInfo: "" EVENTHISTORY_STORE_TABLE: name: EVENTHISTORY_STORE_TABLE - defaultValue: events + defaultValue: "" type: string description: The database table the store should use. introductionVersion: pre5.0 @@ -7226,12 +7410,12 @@ OCDAV_WEBDAV_NAMESPACE: removalVersion: "" deprecationInfo: "" OCIS_ADMIN_USER_ID: - name: OCIS_ADMIN_USER_ID;IDM_ADMIN_USER_ID + name: OCIS_ADMIN_USER_ID;STORAGE_USERS_PURGE_TRASH_BIN_USER_ID defaultValue: "" type: string - description: ID of the user that should receive admin privileges. Consider that - the UUID can be encoded in some LDAP deployment configurations like in .ldif files. - These need to be decoded beforehand. + description: ID of the user who collects all necessary information for deletion. + Consider that the UUID can be encoded in some LDAP deployment configurations like + in .ldif files. These need to be decoded beforehand. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -7247,7 +7431,7 @@ OCIS_ASSET_THEMES_PATH: removalVersion: "" deprecationInfo: "" OCIS_ASYNC_UPLOADS: - name: OCIS_ASYNC_UPLOADS;SEARCH_EVENTS_ASYNC_UPLOADS + name: OCIS_ASYNC_UPLOADS defaultValue: "true" type: bool description: Enable asynchronous file uploads. @@ -7256,28 +7440,28 @@ OCIS_ASYNC_UPLOADS: removalVersion: "" deprecationInfo: "" OCIS_CACHE_AUTH_PASSWORD: - name: OCIS_CACHE_AUTH_PASSWORD;PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE_AUTH_PASSWORD + name: OCIS_CACHE_AUTH_PASSWORD;GATEWAY_CREATE_HOME_CACHE_AUTH_PASSWORD defaultValue: "" type: string - description: The password to authenticate with the store. Only applies when store - type 'nats-js-kv' is configured. + description: The password to use for authentication. Only applies when store type + 'nats-js-kv' is configured. introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CACHE_AUTH_USERNAME: - name: OCIS_CACHE_AUTH_USERNAME;PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE_AUTH_USERNAME + name: OCIS_CACHE_AUTH_USERNAME;GATEWAY_CREATE_HOME_CACHE_AUTH_USERNAME defaultValue: "" type: string - description: The username to authenticate with the store. Only applies when store - type 'nats-js-kv' is configured. + description: The username to use for authentication. Only applies when store type + 'nats-js-kv' is configured. introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CACHE_DATABASE: name: OCIS_CACHE_DATABASE - defaultValue: cache-userinfo + defaultValue: cache-createhome type: string description: The database name the configured store should use. introductionVersion: pre5.0 @@ -7285,102 +7469,103 @@ OCIS_CACHE_DATABASE: removalVersion: "" deprecationInfo: "" OCIS_CACHE_DISABLE_PERSISTENCE: - name: OCIS_CACHE_DISABLE_PERSISTENCE;PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE_DISABLE_PERSISTENCE - defaultValue: "true" + name: OCIS_CACHE_DISABLE_PERSISTENCE;GATEWAY_CREATE_HOME_CACHE_DISABLE_PERSISTENCE + defaultValue: "false" type: bool - description: Disables persistence of the store. Only applies when store type 'nats-js-kv' - is configured. Defaults to true. + description: Disables persistence of the create home cache. Only applies when store + type 'nats-js-kv' is configured. Defaults to false. introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CACHE_SIZE: - name: OCIS_CACHE_SIZE;PROXY_OIDC_USERINFO_CACHE_SIZE + name: OCIS_CACHE_SIZE;GATEWAY_CREATE_HOME_CACHE_SIZE defaultValue: "0" type: int - description: The maximum quantity of items in the user info cache. Only applies - when store type 'ocmem' is configured. Defaults to 512 which is derived from the - ocmem package though not explicitly set as default. + description: The maximum quantity of items in the cache. Only applies when store + type 'ocmem' is configured. Defaults to 512 which is derived from the ocmem package + though not explicitly set as default. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CACHE_STORE: - name: OCIS_CACHE_STORE;PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE - defaultValue: nats-js-kv + name: OCIS_CACHE_STORE;GATEWAY_CREATE_HOME_CACHE_STORE + defaultValue: memory type: string - description: 'The type of the signing key store. Supported values are: ''redis-sentinel'', - ''nats-js-kv'' and ''ocisstoreservice'' (deprecated). See the text description - for details.' - introductionVersion: "5.0" + description: 'The type of the cache store. Supported values are: ''memory'', ''redis-sentinel'', + ''nats-js-kv'', ''noop''. See the text description for details.' + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CACHE_STORE_NODES: - name: OCIS_CACHE_STORE_NODES;PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE_NODES + name: OCIS_CACHE_STORE_NODES;GATEWAY_CREATE_HOME_CACHE_STORE_NODES defaultValue: '[127.0.0.1:9233]' type: '[]string' - description: A list of nodes to access the configured store. Note that the behaviour - how nodes are used is dependent on the library of the configured store. See the - Environment Variable Types description for more details. - introductionVersion: "5.0" + description: A list of nodes to access the configured store. This has no effect + when 'memory' or 'ocmem' stores are configured. Note that the behaviour how nodes + are used is dependent on the library of the configured store. See the Environment + Variable Types description for more details. + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CACHE_TTL: - name: OCIS_CACHE_TTL;PROXY_PRESIGNEDURL_SIGNING_KEYS_STORE_TTL - defaultValue: 12h0m0s + name: OCIS_CACHE_TTL;GATEWAY_CREATE_HOME_CACHE_TTL + defaultValue: 5m0s type: Duration - description: Default time to live for signing keys. See the Environment Variable - Types description for more details. - introductionVersion: "5.0" + description: Default time to live for user info in the cache. Only applied when + access tokens has no expiration. See the Environment Variable Types description + for more details. + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CORS_ALLOW_CREDENTIALS: - name: OCIS_CORS_ALLOW_CREDENTIALS;OCM_CORS_ALLOW_CREDENTIALS + name: OCIS_CORS_ALLOW_CREDENTIALS;WEB_CORS_ALLOW_CREDENTIALS defaultValue: "false" type: bool - description: 'Allow credentials for CORS.See following chapter for more details: + description: 'Allow credentials for CORS. See following chapter for more details: *Access-Control-Allow-Credentials* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.' - introductionVersion: "5.0" + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CORS_ALLOW_HEADERS: - name: OCIS_CORS_ALLOW_HEADERS;OCM_CORS_ALLOW_HEADERS + name: OCIS_CORS_ALLOW_HEADERS;WEB_CORS_ALLOW_HEADERS defaultValue: '[Origin Accept Content-Type Depth Authorization Ocs-Apirequest If-None-Match If-Match Destination Overwrite X-Request-Id X-Requested-With Tus-Resumable Tus-Checksum-Algorithm Upload-Concat Upload-Length Upload-Metadata Upload-Defer-Length Upload-Expires - Upload-Checksum Upload-Offset X-HTTP-Method-Override Cache-Control]' + Upload-Checksum Upload-Offset X-HTTP-Method-Override]' type: '[]string' description: 'A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.' - introductionVersion: "5.0" + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CORS_ALLOW_METHODS: - name: OCIS_CORS_ALLOW_METHODS;OCM_CORS_ALLOW_METHODS - defaultValue: '[OPTIONS HEAD GET PUT POST DELETE MKCOL PROPFIND PROPPATCH MOVE COPY - REPORT SEARCH]' + name: OCIS_CORS_ALLOW_METHODS;WEB_CORS_ALLOW_METHODS + defaultValue: '[OPTIONS HEAD GET PUT PATCH POST DELETE MKCOL PROPFIND PROPPATCH + MOVE COPY REPORT SEARCH]' type: '[]string' description: 'A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.' - introductionVersion: "5.0" + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CORS_ALLOW_ORIGINS: - name: OCIS_CORS_ALLOW_ORIGINS;OCM_CORS_ALLOW_ORIGINS + name: OCIS_CORS_ALLOW_ORIGINS;WEB_CORS_ALLOW_ORIGINS defaultValue: '[https://localhost:9200]' type: '[]string' description: 'A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.' - introductionVersion: "5.0" + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -7409,7 +7594,7 @@ OCIS_CORS_MAX_AGE: removalVersion: "" deprecationInfo: "" OCIS_DECOMPOSEDFS_METADATA_BACKEND: - name: OCIS_DECOMPOSEDFS_METADATA_BACKEND;STORAGE_SYSTEM_OCIS_METADATA_BACKEND + name: OCIS_DECOMPOSEDFS_METADATA_BACKEND;STORAGE_USERS_OCIS_METADATA_BACKEND defaultValue: messagepack type: string description: The backend to use for storing metadata. Supported values are 'messagepack' @@ -7440,12 +7625,13 @@ OCIS_DEFAULT_LANGUAGE: removalVersion: "" deprecationInfo: "" OCIS_DISABLE_PREVIEWS: - name: OCIS_DISABLE_PREVIEWS;WEBDAV_DISABLE_PREVIEWS + name: OCIS_DISABLE_PREVIEWS;WEB_OPTION_DISABLE_PREVIEWS defaultValue: "false" type: bool - description: Set this option to 'true' to disable rendering of thumbnails triggered - via webdav access. Note that when disabled, all access to preview related webdav - paths will return a 404. + description: Set this option to 'true' to disable previews in all the different + web file listing views. This can speed up file listings in folders with many files. + The only list view that is not affected by this setting is the trash bin, as it + does not allow previewing at all. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -7471,7 +7657,7 @@ OCIS_DISABLE_SSE,USERLOG_DISABLE_SSE: removalVersion: "" deprecationInfo: "" OCIS_EDITION: - name: OCIS_EDITION;FRONTEND_EDITION + name: OCIS_EDITION;OCDAV_EDITION defaultValue: Community type: string description: Edition of oCIS. Used for branding purposes. @@ -7623,16 +7809,16 @@ OCIS_HTTP_TLS_KEY: removalVersion: "" deprecationInfo: "" OCIS_INSECURE: - name: OCIS_INSECURE;AUDIT_EVENTS_TLS_INSECURE + name: OCIS_INSECURE;AUTH_BEARER_OIDC_INSECURE defaultValue: "false" type: bool - description: Whether to verify the server TLS certificates. + description: Allow insecure connections to the OIDC issuer. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_JWT_SECRET: - name: OCIS_JWT_SECRET;COLLABORATION_JWT_SECRET + name: OCIS_JWT_SECRET;AUTH_BEARER_JWT_SECRET defaultValue: "" type: string description: The secret to mint and validate jwt tokens. @@ -7696,8 +7882,8 @@ OCIS_KEYCLOAK_USER_REALM: removalVersion: "" deprecationInfo: "" OCIS_LDAP_BIND_DN: - name: OCIS_LDAP_BIND_DN;AUTH_BASIC_LDAP_BIND_DN - defaultValue: uid=reva,ou=sysusers,o=libregraph-idm + name: OCIS_LDAP_BIND_DN;IDP_LDAP_BIND_DN + defaultValue: uid=idp,ou=sysusers,o=libregraph-idm type: string description: LDAP DN to use for simple bind authentication with the target LDAP server. @@ -7706,7 +7892,7 @@ OCIS_LDAP_BIND_DN: removalVersion: "" deprecationInfo: "" OCIS_LDAP_BIND_PASSWORD: - name: OCIS_LDAP_BIND_PASSWORD;AUTH_BASIC_LDAP_BIND_PASSWORD + name: OCIS_LDAP_BIND_PASSWORD;IDP_LDAP_BIND_PASSWORD defaultValue: "" type: string description: Password to use for authenticating the 'bind_dn'. @@ -7715,12 +7901,12 @@ OCIS_LDAP_BIND_PASSWORD: removalVersion: "" deprecationInfo: "" OCIS_LDAP_CACERT: - name: OCIS_LDAP_CACERT;AUTH_BASIC_LDAP_CACERT + name: OCIS_LDAP_CACERT;IDP_LDAP_TLS_CACERT defaultValue: /var/lib/ocis/idm/ldap.crt type: string description: Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root - directory derives from $OCIS_BASE_DATA_PATH:/idm. + directory derives from $OCIS_BASE_DATA_PATH:/idp. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -7845,7 +8031,7 @@ OCIS_LDAP_GROUP_SCOPE: removalVersion: "" deprecationInfo: "" OCIS_LDAP_INSECURE: - name: OCIS_LDAP_INSECURE;AUTH_BASIC_LDAP_INSECURE + name: OCIS_LDAP_INSECURE;IDP_INSECURE defaultValue: "false" type: bool description: Disable TLS certificate validation for the LDAP connections. Do not @@ -7867,17 +8053,16 @@ OCIS_LDAP_SERVER_WRITE_ENABLED: removalVersion: "" deprecationInfo: "" OCIS_LDAP_URI: - name: OCIS_LDAP_URI;AUTH_BASIC_LDAP_URI + name: OCIS_LDAP_URI;IDP_LDAP_URI defaultValue: ldaps://localhost:9235 type: string - description: URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' - and 'ldap://' + description: Url of the LDAP service to use as IDP. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_BASE_DN: - name: OCIS_LDAP_USER_BASE_DN;AUTH_BASIC_LDAP_USER_BASE_DN + name: OCIS_LDAP_USER_BASE_DN;IDP_LDAP_BASE_DN defaultValue: ou=users,o=libregraph-idm type: string description: Search base DN for looking up LDAP users. @@ -7886,16 +8071,16 @@ OCIS_LDAP_USER_BASE_DN: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_ENABLED_ATTRIBUTE: - name: OCIS_LDAP_USER_ENABLED_ATTRIBUTE;AUTH_BASIC_LDAP_USER_ENABLED_ATTRIBUTE + name: OCIS_LDAP_USER_ENABLED_ATTRIBUTE;IDP_USER_ENABLED_ATTRIBUTE defaultValue: ownCloudUserEnabled type: string - description: LDAP attribute to use as a flag telling if the user is enabled or disabled. + description: LDAP Attribute to use as a flag telling if the user is enabled or disabled. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_FILTER: - name: OCIS_LDAP_USER_FILTER;AUTH_BASIC_LDAP_USER_FILTER + name: OCIS_LDAP_USER_FILTER;IDP_LDAP_FILTER defaultValue: "" type: string description: LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'. @@ -7904,11 +8089,10 @@ OCIS_LDAP_USER_FILTER: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_OBJECTCLASS: - name: OCIS_LDAP_USER_OBJECTCLASS;AUTH_BASIC_LDAP_USER_OBJECTCLASS + name: OCIS_LDAP_USER_OBJECTCLASS;IDP_LDAP_OBJECTCLASS defaultValue: inetOrgPerson type: string - description: The object class to use for users in the default user search filter - ('inetOrgPerson'). + description: LDAP User ObjectClass like 'inetOrgPerson'. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -7923,11 +8107,10 @@ OCIS_LDAP_USER_SCHEMA_DISPLAYNAME: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_ID: - name: OCIS_LDAP_USER_SCHEMA_ID;AUTH_BASIC_LDAP_USER_SCHEMA_ID - defaultValue: ownclouduuid + name: OCIS_LDAP_USER_SCHEMA_ID;IDP_LDAP_UUID_ATTRIBUTE + defaultValue: ownCloudUUID type: string - description: LDAP Attribute to use as the unique ID for users. This should be a - stable globally unique ID like a UUID. + description: LDAP User UUID attribute like 'uid'. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -7944,10 +8127,10 @@ OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_MAIL: - name: OCIS_LDAP_USER_SCHEMA_MAIL;AUTH_BASIC_LDAP_USER_SCHEMA_MAIL + name: OCIS_LDAP_USER_SCHEMA_MAIL;IDP_LDAP_EMAIL_ATTRIBUTE defaultValue: mail type: string - description: LDAP Attribute to use for the email address of users. + description: LDAP User email attribute like 'mail'. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -7963,26 +8146,26 @@ OCIS_LDAP_USER_SCHEMA_USER_TYPE: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_USERNAME: - name: OCIS_LDAP_USER_SCHEMA_USERNAME;AUTH_BASIC_LDAP_USER_SCHEMA_USERNAME - defaultValue: uid + name: OCIS_LDAP_USER_SCHEMA_USERNAME;IDP_LDAP_NAME_ATTRIBUTE + defaultValue: displayName type: string - description: LDAP Attribute to use for username of users. + description: LDAP User name attribute like 'displayName'. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCOPE: - name: OCIS_LDAP_USER_SCOPE;AUTH_BASIC_LDAP_USER_SCOPE + name: OCIS_LDAP_USER_SCOPE;IDP_LDAP_SCOPE defaultValue: sub type: string - description: LDAP search scope to use when looking up users. Supported values are + description: LDAP search scope to use when looking up users. Supported scopes are 'base', 'one' and 'sub'. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LOG_COLOR: - name: OCIS_LOG_COLOR;AUDIT_LOG_COLOR + name: OCIS_LOG_COLOR;AUTH_BEARER_LOG_COLOR defaultValue: "false" type: bool description: Activates colorized log output. @@ -7991,7 +8174,7 @@ OCIS_LOG_COLOR: removalVersion: "" deprecationInfo: "" OCIS_LOG_FILE: - name: OCIS_LOG_FILE;AUDIT_LOG_FILE + name: OCIS_LOG_FILE;AUTH_BEARER_LOG_FILE defaultValue: "" type: string description: The path to the log file. Activates logging to this file if set. @@ -8000,7 +8183,7 @@ OCIS_LOG_FILE: removalVersion: "" deprecationInfo: "" OCIS_LOG_LEVEL: - name: OCIS_LOG_LEVEL;AUDIT_LOG_LEVEL + name: OCIS_LOG_LEVEL;AUTH_BEARER_LOG_LEVEL defaultValue: "" type: string description: 'The log level. Valid values are: ''panic'', ''fatal'', ''error'', @@ -8010,7 +8193,7 @@ OCIS_LOG_LEVEL: removalVersion: "" deprecationInfo: "" OCIS_LOG_PRETTY: - name: OCIS_LOG_PRETTY;AUDIT_LOG_PRETTY + name: OCIS_LOG_PRETTY;AUTH_BEARER_LOG_PRETTY defaultValue: "false" type: bool description: Activates pretty log output. @@ -8019,11 +8202,11 @@ OCIS_LOG_PRETTY: removalVersion: "" deprecationInfo: "" OCIS_MACHINE_AUTH_API_KEY: - name: OCIS_MACHINE_AUTH_API_KEY;PROXY_MACHINE_AUTH_API_KEY + name: OCIS_MACHINE_AUTH_API_KEY;IDP_MACHINE_AUTH_API_KEY defaultValue: "" type: string - description: Machine auth API key used to validate internal requests necessary to - access resources from other services. + description: Machine auth API key used to validate internal requests necessary for + the access to resources from other services. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -8040,11 +8223,10 @@ OCIS_OIDC_CLIENT_ID: removalVersion: "" deprecationInfo: "" OCIS_OIDC_ISSUER: - name: OCIS_URL;OCIS_OIDC_ISSUER;AUTH_BASIC_IDP_URL + name: OCIS_URL;OCIS_OIDC_ISSUER;AUTH_BEARER_OIDC_ISSUER defaultValue: https://localhost:9200 type: string - description: The identity provider value to set in the userids of the CS3 user objects - for users returned by this user provider. + description: URL of the OIDC issuer. It defaults to URL of the builtin IDP. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -8165,7 +8347,7 @@ OCIS_PERSISTENT_STORE_SIZE: type: int description: The maximum quantity of items in the store. Only applies when store type 'ocmem' is configured. Defaults to 512 which is derived from the ocmem package - though not exclicitly set as default. + though not explicitly set as default. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -8193,8 +8375,8 @@ OCIS_REVA_GATEWAY: name: OCIS_REVA_GATEWAY defaultValue: com.owncloud.api.gateway type: string - description: CS3 gateway used to look up user metadata - introductionVersion: "5.0" + description: The CS3 gateway endpoint. + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -8221,7 +8403,7 @@ OCIS_REVA_GATEWAY_TLS_MODE: removalVersion: "" deprecationInfo: "" OCIS_SERVICE_ACCOUNT_ID: - name: OCIS_SERVICE_ACCOUNT_ID;ACTIVITYLOG_SERVICE_ACCOUNT_ID + name: OCIS_SERVICE_ACCOUNT_ID;STORAGE_USERS_SERVICE_ACCOUNT_ID defaultValue: "" type: string description: The ID of the service account the service should use. See the 'auth-service' @@ -8231,7 +8413,7 @@ OCIS_SERVICE_ACCOUNT_ID: removalVersion: "" deprecationInfo: "" OCIS_SERVICE_ACCOUNT_SECRET: - name: OCIS_SERVICE_ACCOUNT_SECRET;ACTIVITYOG_SERVICE_ACCOUNT_SECRET + name: OCIS_SERVICE_ACCOUNT_SECRET;STORAGE_USERS_SERVICE_ACCOUNT_SECRET defaultValue: "" type: string description: The service account secret. @@ -8268,11 +8450,12 @@ OCIS_SHOW_USER_EMAIL_IN_RESULTS: removalVersion: "" deprecationInfo: "" OCIS_SPACES_MAX_QUOTA: - name: OCIS_SPACES_MAX_QUOTA;FRONTEND_MAX_QUOTA + name: OCIS_SPACES_MAX_QUOTA;STORAGE_USERS_OCIS_MAX_QUOTA defaultValue: "0" type: uint64 - description: Set the global max quota value in bytes. A value of 0 equals unlimited. - The value is provided via capabilities. + description: Set a global max quota for spaces in bytes. A value of 0 equals unlimited. + If not using the global OCIS_SPACES_MAX_QUOTA, you must define the FRONTEND_MAX_QUOTA + in the frontend service. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -8299,7 +8482,7 @@ OCIS_SYSTEM_USER_ID: removalVersion: "" deprecationInfo: "" OCIS_SYSTEM_USER_IDP: - name: OCIS_SYSTEM_USER_IDP;SHARING_PUBLIC_CS3_SYSTEM_USER_IDP + name: OCIS_SYSTEM_USER_IDP;SETTINGS_SYSTEM_USER_IDP defaultValue: internal type: string description: IDP of the oCIS STORAGE-SYSTEM system user. @@ -8308,7 +8491,7 @@ OCIS_SYSTEM_USER_IDP: removalVersion: "" deprecationInfo: "" OCIS_TRACING_COLLECTOR: - name: OCIS_TRACING_COLLECTOR;AUDIT_TRACING_COLLECTOR + name: OCIS_TRACING_COLLECTOR;AUTH_BEARER_TRACING_COLLECTOR defaultValue: "" type: string description: The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. @@ -8318,7 +8501,7 @@ OCIS_TRACING_COLLECTOR: removalVersion: "" deprecationInfo: "" OCIS_TRACING_ENABLED: - name: OCIS_TRACING_ENABLED;AUDIT_TRACING_ENABLED + name: OCIS_TRACING_ENABLED;AUTH_BEARER_TRACING_ENABLED defaultValue: "false" type: bool description: Activates tracing. @@ -8327,7 +8510,7 @@ OCIS_TRACING_ENABLED: removalVersion: "" deprecationInfo: "" OCIS_TRACING_ENDPOINT: - name: OCIS_TRACING_ENDPOINT;AUDIT_TRACING_ENDPOINT + name: OCIS_TRACING_ENDPOINT;AUTH_BEARER_TRACING_ENDPOINT defaultValue: "" type: string description: The endpoint of the tracing agent. @@ -8336,7 +8519,7 @@ OCIS_TRACING_ENDPOINT: removalVersion: "" deprecationInfo: "" OCIS_TRACING_TYPE: - name: OCIS_TRACING_TYPE;AUDIT_TRACING_TYPE + name: OCIS_TRACING_TYPE;AUTH_BEARER_TRACING_TYPE defaultValue: "" type: string description: The type of tracing. Defaults to '', which is the same as 'jaeger'. @@ -8349,13 +8532,13 @@ OCIS_TRANSFER_SECRET: name: OCIS_TRANSFER_SECRET defaultValue: "" type: string - description: Transfer secret for signing file up- and download requests. + description: The storage transfer secret. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_TRANSLATION_PATH: - name: OCIS_TRANSLATION_PATH;USERLOG_TRANSLATION_PATH + name: OCIS_TRANSLATION_PATH;NOTIFICATIONS_TRANSLATION_PATH defaultValue: "" type: string description: (optional) Set this to a path with custom translations to overwrite @@ -8366,11 +8549,10 @@ OCIS_TRANSLATION_PATH: removalVersion: "" deprecationInfo: "" OCIS_URL: - name: OCIS_URL;OCIS_OIDC_ISSUER;AUTH_BASIC_IDP_URL + name: OCIS_URL;OCIS_OIDC_ISSUER;AUTH_BEARER_OIDC_ISSUER defaultValue: https://localhost:9200 type: string - description: The identity provider value to set in the userids of the CS3 user objects - for users returned by this user provider. + description: URL of the OIDC issuer. It defaults to URL of the builtin IDP. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -9657,6 +9839,76 @@ PROXY_ENABLE_PRESIGNEDURLS: deprecationVersion: "" removalVersion: "" deprecationInfo: "" +PROXY_EVENTS_AUTH_PASSWORD: + name: OCIS_EVENTS_AUTH_PASSWORD;PROXY_EVENTS_AUTH_PASSWORD + defaultValue: "" + type: string + description: The password to authenticate with the events broker. The events broker + is the ocis service which receives and delivers events between the services. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +PROXY_EVENTS_AUTH_USERNAME: + name: OCIS_EVENTS_AUTH_USERNAME;PROXY_EVENTS_AUTH_USERNAME + defaultValue: "" + type: string + description: The username to authenticate with the events broker. The events broker + is the ocis service which receives and delivers events between the services. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +PROXY_EVENTS_CLUSTER: + name: OCIS_EVENTS_CLUSTER;PROXY_EVENTS_CLUSTER + defaultValue: ocis-cluster + type: string + description: The clusterID of the event system. The event system is the message + queuing service. It is used as message broker for the microservice architecture. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +PROXY_EVENTS_ENABLE_TLS: + name: OCIS_EVENTS_ENABLE_TLS;PROXY_EVENTS_ENABLE_TLS + defaultValue: "false" + type: bool + description: Enable TLS for the connection to the events broker. The events broker + is the ocis service which receives and delivers events between the services. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +PROXY_EVENTS_ENDPOINT: + name: OCIS_EVENTS_ENDPOINT;PROXY_EVENTS_ENDPOINT + defaultValue: 127.0.0.1:9233 + type: string + description: The address of the event system. The event system is the message queuing + service. It is used as message broker for the microservice architecture. Set to + a empty string to disable emitting events. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +PROXY_EVENTS_TLS_INSECURE: + name: OCIS_INSECURE;PROXY_EVENTS_TLS_INSECURE + defaultValue: "false" + type: bool + description: Whether to verify the server TLS certificates. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +PROXY_EVENTS_TLS_ROOT_CA_CERTIFICATE: + name: OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE;PROXY_EVENTS_TLS_ROOT_CA_CERTIFICATE + defaultValue: "" + type: string + description: The root CA certificate used to validate the server's TLS certificate. + If provided PROXY_EVENTS_TLS_INSECURE will be seen as false. + introductionVersion: '%%NEXT%%' + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" PROXY_HTTP_ADDR: name: PROXY_HTTP_ADDR defaultValue: 0.0.0.0:9200