diff --git a/docs/helpers/env_vars.yaml b/docs/helpers/env_vars.yaml index 157c31981b7..dc6de75d9b3 100644 --- a/docs/helpers/env_vars.yaml +++ b/docs/helpers/env_vars.yaml @@ -3026,6 +3026,17 @@ COLLABORATION_WOPI_DISABLE_CHAT: deprecationVersion: "" removalVersion: "" deprecationInfo: "" +COLLABORATION_WOPI_DISABLED_EXTENSIONS: + name: COLLABORATION_WOPI_DISABLED_EXTENSIONS + defaultValue: '[]' + type: '[]string' + description: 'List of extensions to disable: Disabling an extension will make it + unavailable to the Office web front end. The list is comma-separated with no spaces + between the items, such as ''docx,xlsx,pptx''.' + introductionVersion: curie + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" COLLABORATION_WOPI_ENABLE_MOBILE: name: COLLABORATION_WOPI_ENABLE_MOBILE defaultValue: "false" @@ -7850,12 +7861,12 @@ OCDAV_WEBDAV_NAMESPACE: removalVersion: "" deprecationInfo: "" OCIS_ADMIN_USER_ID: - name: OCIS_ADMIN_USER_ID;SETTINGS_ADMIN_USER_ID + name: OCIS_ADMIN_USER_ID;STORAGE_USERS_PURGE_TRASH_BIN_USER_ID defaultValue: "" type: string - description: ID of the user that should receive admin privileges. Consider that - the UUID can be encoded in some LDAP deployment configurations like in .ldif files. - These need to be decoded beforehand. + description: ID of the user who collects all necessary information for deletion. + Consider that the UUID can be encoded in some LDAP deployment configurations like + in .ldif files. These need to be decoded beforehand. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -7871,7 +7882,7 @@ OCIS_ASSET_THEMES_PATH: removalVersion: "" deprecationInfo: "" OCIS_ASYNC_UPLOADS: - name: OCIS_ASYNC_UPLOADS;SEARCH_EVENTS_ASYNC_UPLOADS + name: OCIS_ASYNC_UPLOADS defaultValue: "true" type: bool description: Enable asynchronous file uploads. @@ -7880,28 +7891,28 @@ OCIS_ASYNC_UPLOADS: removalVersion: "" deprecationInfo: "" OCIS_CACHE_AUTH_PASSWORD: - name: OCIS_CACHE_AUTH_PASSWORD;OCS_PRESIGNEDURL_SIGNING_KEYS_STORE_AUTH_PASSWORD + name: OCIS_CACHE_AUTH_PASSWORD;STORAGE_USERS_ID_CACHE_AUTH_PASSWORD defaultValue: "" type: string - description: The password to authenticate with the store. Only applies when store - type 'nats-js-kv' is configured. + description: The password to authenticate with the cache store. Only applies when + store type 'nats-js-kv' is configured. introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CACHE_AUTH_USERNAME: - name: OCIS_CACHE_AUTH_USERNAME;OCS_PRESIGNEDURL_SIGNING_KEYS_STORE_AUTH_USERNAME + name: OCIS_CACHE_AUTH_USERNAME;STORAGE_USERS_ID_CACHE_AUTH_USERNAME defaultValue: "" type: string - description: The username to authenticate with the store. Only applies when store - type 'nats-js-kv' is configured. + description: The username to authenticate with the cache store. Only applies when + store type 'nats-js-kv' is configured. introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CACHE_DATABASE: name: OCIS_CACHE_DATABASE - defaultValue: storage-system + defaultValue: ids-storage-users type: string description: The database name the configured store should use. introductionVersion: pre5.0 @@ -7909,7 +7920,7 @@ OCIS_CACHE_DATABASE: removalVersion: "" deprecationInfo: "" OCIS_CACHE_DISABLE_PERSISTENCE: - name: OCIS_CACHE_DISABLE_PERSISTENCE;STORAGE_SYSTEM_CACHE_DISABLE_PERSISTENCE + name: OCIS_CACHE_DISABLE_PERSISTENCE;STORAGE_USERS_ID_CACHE_DISABLE_PERSISTENCE defaultValue: "false" type: bool description: Disables persistence of the cache. Only applies when store type 'nats-js-kv' @@ -7919,33 +7930,36 @@ OCIS_CACHE_DISABLE_PERSISTENCE: removalVersion: "" deprecationInfo: "" OCIS_CACHE_STORE: - name: OCIS_CACHE_STORE;OCS_PRESIGNEDURL_SIGNING_KEYS_STORE - defaultValue: nats-js-kv + name: OCIS_CACHE_STORE;STORAGE_USERS_ID_CACHE_STORE + defaultValue: memory type: string - description: 'The type of the signing key store. Supported values are: ''redis-sentinel'' - and ''nats-js-kv''. See the text description for details.' - introductionVersion: "5.0" + description: 'The type of the cache store. Supported values are: ''memory'', ''redis-sentinel'', + ''nats-js-kv'', ''noop''. See the text description for details.' + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CACHE_STORE_NODES: - name: OCIS_CACHE_STORE_NODES;OCS_PRESIGNEDURL_SIGNING_KEYS_STORE_NODES + name: OCIS_CACHE_STORE_NODES;STORAGE_USERS_ID_CACHE_STORE_NODES defaultValue: '[127.0.0.1:9233]' type: '[]string' - description: A list of nodes to access the configured store. Note that the behaviour - how nodes are used is dependent on the library of the configured store. See the - Environment Variable Types description for more details. - introductionVersion: "5.0" + description: A list of nodes to access the configured store. This has no effect + when 'memory' store is configured. Note that the behaviour how nodes are used + is dependent on the library of the configured store. See the Environment Variable + Types description for more details. + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CACHE_TTL: - name: OCIS_CACHE_TTL;OCS_PRESIGNEDURL_SIGNING_KEYS_STORE_TTL - defaultValue: 12h0m0s + name: OCIS_CACHE_TTL;STORAGE_USERS_ID_CACHE_TTL + defaultValue: 24m0s type: Duration - description: Default time to live for signing keys. See the Environment Variable - Types description for more details. - introductionVersion: "5.0" + description: Default time to live for user info in the user info cache. Only applied + when access tokens have no expiration. Defaults to 300s which is derived from + the underlaying package though not explicitly set as default. See the Environment + Variable Types description for more details. + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -7987,8 +8001,8 @@ OCIS_CLAIM_MANAGED_SPACES_REGEXP: removalVersion: "" deprecationInfo: "" OCIS_CORS_ALLOW_CREDENTIALS: - name: OCIS_CORS_ALLOW_CREDENTIALS;OCS_CORS_ALLOW_CREDENTIALS - defaultValue: "true" + name: OCIS_CORS_ALLOW_CREDENTIALS;OCDAV_CORS_ALLOW_CREDENTIALS + defaultValue: "false" type: bool description: 'Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.' @@ -7997,9 +8011,11 @@ OCIS_CORS_ALLOW_CREDENTIALS: removalVersion: "" deprecationInfo: "" OCIS_CORS_ALLOW_HEADERS: - name: OCIS_CORS_ALLOW_HEADERS;OCS_CORS_ALLOW_HEADERS - defaultValue: '[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id - Cache-Control]' + name: OCIS_CORS_ALLOW_HEADERS;OCDAV_CORS_ALLOW_HEADERS + defaultValue: '[Origin Accept Content-Type Depth Authorization Ocs-Apirequest If-None-Match + If-Match Destination Overwrite X-Request-Id X-Requested-With Tus-Resumable Tus-Checksum-Algorithm + Upload-Concat Upload-Length Upload-Metadata Upload-Defer-Length Upload-Expires + Upload-Checksum Upload-Offset X-HTTP-Method-Override Cache-Control]' type: '[]string' description: 'A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. @@ -8009,8 +8025,9 @@ OCIS_CORS_ALLOW_HEADERS: removalVersion: "" deprecationInfo: "" OCIS_CORS_ALLOW_METHODS: - name: OCIS_CORS_ALLOW_METHODS;OCS_CORS_ALLOW_METHODS - defaultValue: '[GET POST PUT PATCH DELETE OPTIONS]' + name: OCIS_CORS_ALLOW_METHODS;OCDAV_CORS_ALLOW_METHODS + defaultValue: '[OPTIONS HEAD GET PUT POST DELETE MKCOL PROPFIND PROPPATCH MOVE COPY + REPORT SEARCH]' type: '[]string' description: 'A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. @@ -8020,8 +8037,8 @@ OCIS_CORS_ALLOW_METHODS: removalVersion: "" deprecationInfo: "" OCIS_CORS_ALLOW_ORIGINS: - name: OCIS_CORS_ALLOW_ORIGINS;OCS_CORS_ALLOW_ORIGINS - defaultValue: '[*]' + name: OCIS_CORS_ALLOW_ORIGINS;OCDAV_CORS_ALLOW_ORIGINS + defaultValue: '[https://localhost:9200]' type: '[]string' description: 'A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. @@ -8116,7 +8133,7 @@ OCIS_DISABLE_VERSIONING: removalVersion: "" deprecationInfo: "" OCIS_EDITION: - name: OCIS_EDITION;FRONTEND_EDITION + name: OCIS_EDITION;OCDAV_EDITION defaultValue: Community type: string description: Edition of oCIS. Used for branding purposes. @@ -8143,7 +8160,7 @@ OCIS_ENABLE_OCM: removalVersion: "" deprecationInfo: "" OCIS_EVENTS_AUTH_PASSWORD: - name: OCIS_EVENTS_AUTH_PASSWORD;POLICIES_EVENTS_AUTH_PASSWORD + name: OCIS_EVENTS_AUTH_PASSWORD;POSTPROCESSING_EVENTS_AUTH_PASSWORD defaultValue: "" type: string description: The password to authenticate with the events broker. The events broker @@ -8153,7 +8170,7 @@ OCIS_EVENTS_AUTH_PASSWORD: removalVersion: "" deprecationInfo: "" OCIS_EVENTS_AUTH_USERNAME: - name: OCIS_EVENTS_AUTH_USERNAME;POLICIES_EVENTS_AUTH_USERNAME + name: OCIS_EVENTS_AUTH_USERNAME;POSTPROCESSING_EVENTS_AUTH_USERNAME defaultValue: "" type: string description: The username to authenticate with the events broker. The events broker @@ -8163,7 +8180,7 @@ OCIS_EVENTS_AUTH_USERNAME: removalVersion: "" deprecationInfo: "" OCIS_EVENTS_CLUSTER: - name: OCIS_EVENTS_CLUSTER;POLICIES_EVENTS_CLUSTER + name: OCIS_EVENTS_CLUSTER;POSTPROCESSING_EVENTS_CLUSTER defaultValue: ocis-cluster type: string description: The clusterID of the event system. The event system is the message @@ -8174,7 +8191,7 @@ OCIS_EVENTS_CLUSTER: removalVersion: "" deprecationInfo: "" OCIS_EVENTS_ENABLE_TLS: - name: OCIS_EVENTS_ENABLE_TLS;POLICIES_EVENTS_ENABLE_TLS + name: OCIS_EVENTS_ENABLE_TLS;POSTPROCESSING_EVENTS_ENABLE_TLS defaultValue: "false" type: bool description: Enable TLS for the connection to the events broker. The events broker @@ -8184,7 +8201,7 @@ OCIS_EVENTS_ENABLE_TLS: removalVersion: "" deprecationInfo: "" OCIS_EVENTS_ENDPOINT: - name: OCIS_EVENTS_ENDPOINT;POLICIES_EVENTS_ENDPOINT + name: OCIS_EVENTS_ENDPOINT;POSTPROCESSING_EVENTS_ENDPOINT defaultValue: 127.0.0.1:9233 type: string description: The address of the event system. The event system is the message queuing @@ -8194,11 +8211,11 @@ OCIS_EVENTS_ENDPOINT: removalVersion: "" deprecationInfo: "" OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE: - name: OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE;POLICIES_EVENTS_TLS_ROOT_CA_CERTIFICATE + name: OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE;POSTPROCESSING_EVENTS_TLS_ROOT_CA_CERTIFICATE defaultValue: "" type: string description: The root CA certificate used to validate the server's TLS certificate. - If provided POLICIES_EVENTS_TLS_INSECURE will be seen as false. + If provided POSTPROCESSING_EVENTS_TLS_INSECURE will be seen as false. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -8236,7 +8253,7 @@ OCIS_GRPC_CLIENT_TLS_MODE: removalVersion: "" deprecationInfo: "" OCIS_GRPC_PROTOCOL: - name: OCIS_GRPC_PROTOCOL;STORAGE_SYSTEM_GRPC_PROTOCOL + name: OCIS_GRPC_PROTOCOL;STORAGE_USERS_GRPC_PROTOCOL defaultValue: "" type: string description: The transport protocol of the GPRC service. @@ -8276,17 +8293,17 @@ OCIS_HTTP_TLS_KEY: removalVersion: "" deprecationInfo: "" OCIS_INSECURE: - name: OCIS_INSECURE;POLICIES_EVENTS_TLS_INSECURE + name: OCIS_INSECURE;POSTPROCESSING_EVENTS_TLS_INSECURE defaultValue: "false" type: bool - description: Whether the server should skip the client certificate verification + description: Whether the ocis server should skip the client certificate verification during the TLS handshake. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_JWT_SECRET: - name: OCIS_JWT_SECRET;OCS_JWT_SECRET + name: OCIS_JWT_SECRET;OCDAV_JWT_SECRET defaultValue: "" type: string description: The secret to mint and validate jwt tokens. @@ -8295,7 +8312,7 @@ OCIS_JWT_SECRET: removalVersion: "" deprecationInfo: "" OCIS_KEYCLOAK_BASE_PATH: - name: OCIS_KEYCLOAK_BASE_PATH;GRAPH_KEYCLOAK_BASE_PATH + name: OCIS_KEYCLOAK_BASE_PATH;INVITATIONS_KEYCLOAK_BASE_PATH defaultValue: "" type: string description: The URL to access keycloak. @@ -8304,16 +8321,16 @@ OCIS_KEYCLOAK_BASE_PATH: removalVersion: "" deprecationInfo: "" OCIS_KEYCLOAK_CLIENT_ID: - name: OCIS_KEYCLOAK_CLIENT_ID;GRAPH_KEYCLOAK_CLIENT_ID + name: OCIS_KEYCLOAK_CLIENT_ID;INVITATIONS_KEYCLOAK_CLIENT_ID defaultValue: "" type: string - description: The client id to authenticate with keycloak. + description: The client ID to authenticate with keycloak. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_KEYCLOAK_CLIENT_REALM: - name: OCIS_KEYCLOAK_CLIENT_REALM;GRAPH_KEYCLOAK_CLIENT_REALM + name: OCIS_KEYCLOAK_CLIENT_REALM;INVITATIONS_KEYCLOAK_CLIENT_REALM defaultValue: "" type: string description: The realm the client is defined in. @@ -8322,7 +8339,7 @@ OCIS_KEYCLOAK_CLIENT_REALM: removalVersion: "" deprecationInfo: "" OCIS_KEYCLOAK_CLIENT_SECRET: - name: OCIS_KEYCLOAK_CLIENT_SECRET;GRAPH_KEYCLOAK_CLIENT_SECRET + name: OCIS_KEYCLOAK_CLIENT_SECRET;INVITATIONS_KEYCLOAK_CLIENT_SECRET defaultValue: "" type: string description: The client secret to use in authentication. @@ -8331,7 +8348,7 @@ OCIS_KEYCLOAK_CLIENT_SECRET: removalVersion: "" deprecationInfo: "" OCIS_KEYCLOAK_INSECURE_SKIP_VERIFY: - name: OCIS_KEYCLOAK_INSECURE_SKIP_VERIFY;GRAPH_KEYCLOAK_INSECURE_SKIP_VERIFY + name: OCIS_KEYCLOAK_INSECURE_SKIP_VERIFY;INVITATIONS_KEYCLOAK_INSECURE_SKIP_VERIFY defaultValue: "false" type: bool description: Disable TLS certificate validation for Keycloak connections. Do not @@ -8341,7 +8358,7 @@ OCIS_KEYCLOAK_INSECURE_SKIP_VERIFY: removalVersion: "" deprecationInfo: "" OCIS_KEYCLOAK_USER_REALM: - name: OCIS_KEYCLOAK_USER_REALM;GRAPH_KEYCLOAK_USER_REALM + name: OCIS_KEYCLOAK_USER_REALM;INVITATIONS_KEYCLOAK_USER_REALM defaultValue: "" type: string description: The realm users are defined. @@ -8575,7 +8592,7 @@ OCIS_LDAP_USER_SCHEMA_DISPLAYNAME: introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" - deprecationInfo: 'LDAP_USER_SCHEMA_DISPLAY_NAME changing name for consistency | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ' + deprecationInfo: 'LDAP_USER_SCHEMA_DISPLAY_NAME changing name for consistency | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ' OCIS_LDAP_USER_SCHEMA_ID: name: OCIS_LDAP_USER_SCHEMA_ID;GROUPS_LDAP_USER_SCHEMA_ID defaultValue: ownclouduuid @@ -8636,7 +8653,7 @@ OCIS_LDAP_USER_SCOPE: removalVersion: "" deprecationInfo: "" OCIS_LOG_COLOR: - name: OCIS_LOG_COLOR;POLICIES_LOG_COLOR + name: OCIS_LOG_COLOR;POSTPROCESSING_LOG_COLOR defaultValue: "false" type: bool description: Activates colorized log output. @@ -8645,7 +8662,7 @@ OCIS_LOG_COLOR: removalVersion: "" deprecationInfo: "" OCIS_LOG_FILE: - name: OCIS_LOG_FILE;POLICIES_LOG_FILE + name: OCIS_LOG_FILE;POSTPROCESSING_LOG_FILE defaultValue: "" type: string description: The path to the log file. Activates logging to this file if set. @@ -8654,7 +8671,7 @@ OCIS_LOG_FILE: removalVersion: "" deprecationInfo: "" OCIS_LOG_LEVEL: - name: OCIS_LOG_LEVEL;POLICIES_LOG_LEVEL + name: OCIS_LOG_LEVEL;POSTPROCESSING_LOG_LEVEL defaultValue: "" type: string description: 'The log level. Valid values are: ''panic'', ''fatal'', ''error'', @@ -8664,7 +8681,7 @@ OCIS_LOG_LEVEL: removalVersion: "" deprecationInfo: "" OCIS_LOG_PRETTY: - name: OCIS_LOG_PRETTY;POLICIES_LOG_PRETTY + name: OCIS_LOG_PRETTY;POSTPROCESSING_LOG_PRETTY defaultValue: "false" type: bool description: Activates pretty log output. @@ -8673,21 +8690,23 @@ OCIS_LOG_PRETTY: removalVersion: "" deprecationInfo: "" OCIS_MACHINE_AUTH_API_KEY: - name: OCIS_MACHINE_AUTH_API_KEY;FRONTEND_MACHINE_AUTH_API_KEY + name: OCIS_MACHINE_AUTH_API_KEY;OCDAV_MACHINE_AUTH_API_KEY defaultValue: "" type: string - description: The machine auth API key used to validate internal requests necessary - to access resources from other services. + description: Machine auth API key used to validate internal requests necessary for + the access to resources from other services. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_MAX_CONCURRENCY: - name: OCIS_MAX_CONCURRENCY;GRAPH_MAX_CONCURRENCY - defaultValue: "20" + name: OCIS_MAX_CONCURRENCY;STORAGE_USERS_S3NG_MAX_CONCURRENCY + defaultValue: "5" type: int - description: The maximum number of concurrent requests the service will handle. - introductionVersion: 7.0.0 + description: Maximum number of concurrent go-routines. Higher values can potentially + get work done faster but will also cause more load on the system. Values of 0 + or below will be ignored and the default value of 100 will be used. + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -8718,9 +8737,9 @@ OCIS_MFA_ENABLED: name: OCIS_MFA_ENABLED defaultValue: "false" type: bool - description: Set to true to enable multi factor authentication. See the documentation - for more details. - introductionVersion: 7.3.0 + description: Enable MFA enforcement. If enabled users need to complete MFA before + they can access specific paths + introductionVersion: Balch deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -8736,16 +8755,16 @@ OCIS_OIDC_CLIENT_ID: removalVersion: "" deprecationInfo: "" OCIS_OIDC_ISSUER: - name: OCIS_URL;OCIS_OIDC_ISSUER;WEBFINGER_OIDC_ISSUER + name: OCIS_URL;OCIS_OIDC_ISSUER;PROXY_OIDC_ISSUER defaultValue: https://localhost:9200 type: string - description: The identity provider href for the openid-discovery relation. + description: URL of the OIDC issuer. It defaults to URL of the builtin IDP. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: - name: OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST;FRONTEND_PASSWORD_POLICY_BANNED_PASSWORDS_LIST + name: OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST;SHARING_PASSWORD_POLICY_BANNED_PASSWORDS_LIST defaultValue: "" type: string description: Path to the 'banned passwords list' file. This only impacts public @@ -8755,7 +8774,7 @@ OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: removalVersion: "" deprecationInfo: "" OCIS_PASSWORD_POLICY_DISABLED: - name: OCIS_PASSWORD_POLICY_DISABLED;FRONTEND_PASSWORD_POLICY_DISABLED + name: OCIS_PASSWORD_POLICY_DISABLED;SHARING_PASSWORD_POLICY_DISABLED defaultValue: "false" type: bool description: Disable the password policy. Defaults to false if not set. @@ -8764,7 +8783,7 @@ OCIS_PASSWORD_POLICY_DISABLED: removalVersion: "" deprecationInfo: "" OCIS_PASSWORD_POLICY_MIN_CHARACTERS: - name: OCIS_PASSWORD_POLICY_MIN_CHARACTERS;FRONTEND_PASSWORD_POLICY_MIN_CHARACTERS + name: OCIS_PASSWORD_POLICY_MIN_CHARACTERS;SHARING_PASSWORD_POLICY_MIN_CHARACTERS defaultValue: "8" type: int description: Define the minimum password length. Defaults to 8 if not set. @@ -8773,7 +8792,7 @@ OCIS_PASSWORD_POLICY_MIN_CHARACTERS: removalVersion: "" deprecationInfo: "" OCIS_PASSWORD_POLICY_MIN_DIGITS: - name: OCIS_PASSWORD_POLICY_MIN_DIGITS;FRONTEND_PASSWORD_POLICY_MIN_DIGITS + name: OCIS_PASSWORD_POLICY_MIN_DIGITS;SHARING_PASSWORD_POLICY_MIN_DIGITS defaultValue: "1" type: int description: Define the minimum number of digits. Defaults to 1 if not set. @@ -8782,7 +8801,7 @@ OCIS_PASSWORD_POLICY_MIN_DIGITS: removalVersion: "" deprecationInfo: "" OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS: - name: OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS;FRONTEND_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS + name: OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS;SHARING_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS defaultValue: "1" type: int description: Define the minimum number of uppercase letters. Defaults to 1 if not @@ -8792,7 +8811,7 @@ OCIS_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS: removalVersion: "" deprecationInfo: "" OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS: - name: OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS;FRONTEND_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS + name: OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS;SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS defaultValue: "1" type: int description: Define the minimum number of characters from the special characters @@ -8802,7 +8821,7 @@ OCIS_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS: removalVersion: "" deprecationInfo: "" OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS: - name: OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS;FRONTEND_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS + name: OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS;SHARING_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS defaultValue: "1" type: int description: Define the minimum number of lowercase letters. Defaults to 1 if not @@ -8812,17 +8831,17 @@ OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS: removalVersion: "" deprecationInfo: "" OCIS_PERSISTENT_STORE: - name: OCIS_PERSISTENT_STORE;USERLOG_STORE - defaultValue: memory + name: OCIS_PERSISTENT_STORE;POSTPROCESSING_STORE + defaultValue: nats-js-kv type: string - description: 'The type of the store. Supported values are: ''memory'', ''nats-js-kv'', - ''redis-sentinel'', ''noop''. See the text description for details.' + description: 'The type of the store. Supported values are: ''memory'', ''redis-sentinel'', + ''nats-js-kv'', ''noop''. See the text description for details.' introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_PERSISTENT_STORE_AUTH_PASSWORD: - name: OCIS_PERSISTENT_STORE_AUTH_PASSWORD;USERLOG_STORE_AUTH_PASSWORD + name: OCIS_PERSISTENT_STORE_AUTH_PASSWORD;POSTPROCESSING_STORE_AUTH_PASSWORD defaultValue: "" type: string description: The password to authenticate with the store. Only applies when store @@ -8832,7 +8851,7 @@ OCIS_PERSISTENT_STORE_AUTH_PASSWORD: removalVersion: "" deprecationInfo: "" OCIS_PERSISTENT_STORE_AUTH_USERNAME: - name: OCIS_PERSISTENT_STORE_AUTH_USERNAME;USERLOG_STORE_AUTH_USERNAME + name: OCIS_PERSISTENT_STORE_AUTH_USERNAME;POSTPROCESSING_STORE_AUTH_USERNAME defaultValue: "" type: string description: The username to authenticate with the store. Only applies when store @@ -8842,8 +8861,8 @@ OCIS_PERSISTENT_STORE_AUTH_USERNAME: removalVersion: "" deprecationInfo: "" OCIS_PERSISTENT_STORE_NODES: - name: OCIS_PERSISTENT_STORE_NODES;USERLOG_STORE_NODES - defaultValue: '[]' + name: OCIS_PERSISTENT_STORE_NODES;POSTPROCESSING_STORE_NODES + defaultValue: '[127.0.0.1:9233]' type: '[]string' description: A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used @@ -8854,11 +8873,11 @@ OCIS_PERSISTENT_STORE_NODES: removalVersion: "" deprecationInfo: "" OCIS_PERSISTENT_STORE_TTL: - name: OCIS_PERSISTENT_STORE_TTL;USERLOG_STORE_TTL - defaultValue: 336h0m0s + name: OCIS_PERSISTENT_STORE_TTL;POSTPROCESSING_STORE_TTL + defaultValue: 0s type: Duration - description: Time to live for events in the store. Defaults to '336h' (2 weeks). - See the Environment Variable Types description for more details. + description: Time to live for events in the store. See the Environment Variable + Types description for more details. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -8904,7 +8923,7 @@ OCIS_REVA_GATEWAY_TLS_MODE: removalVersion: "" deprecationInfo: "" OCIS_SERVICE_ACCOUNT_ID: - name: OCIS_SERVICE_ACCOUNT_ID;GRAPH_SERVICE_ACCOUNT_ID + name: OCIS_SERVICE_ACCOUNT_ID;NOTIFICATIONS_SERVICE_ACCOUNT_ID defaultValue: "" type: string description: The ID of the service account the service should use. See the 'auth-service' @@ -8914,7 +8933,7 @@ OCIS_SERVICE_ACCOUNT_ID: removalVersion: "" deprecationInfo: "" OCIS_SERVICE_ACCOUNT_SECRET: - name: OCIS_SERVICE_ACCOUNT_SECRET;GRAPH_SERVICE_ACCOUNT_SECRET + name: OCIS_SERVICE_ACCOUNT_SECRET;NOTIFICATIONS_SERVICE_ACCOUNT_SECRET defaultValue: "" type: string description: The service account secret. @@ -8923,7 +8942,7 @@ OCIS_SERVICE_ACCOUNT_SECRET: removalVersion: "" deprecationInfo: "" OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD: - name: OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD + name: OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD;SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD defaultValue: "true" type: bool description: Set this to true if you want to enforce passwords on all public shares. @@ -8932,11 +8951,11 @@ OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD: removalVersion: "" deprecationInfo: "" OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD: - name: OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD + name: OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD;SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD defaultValue: "false" type: bool - description: Set this to true if you want to enforce passwords for writable shares. - Only effective if the setting for 'passwords on all public shares' is set to false. + description: Set this to true if you want to enforce passwords on Uploader, Editor + or Contributor shares. introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" @@ -8953,17 +8972,18 @@ OCIS_SHOW_USER_EMAIL_IN_RESULTS: removalVersion: "" deprecationInfo: "" OCIS_SPACES_MAX_QUOTA: - name: OCIS_SPACES_MAX_QUOTA;FRONTEND_MAX_QUOTA + name: OCIS_SPACES_MAX_QUOTA;STORAGE_USERS_OCIS_MAX_QUOTA defaultValue: "0" type: uint64 - description: Set the global max quota value in bytes. A value of 0 equals unlimited. - The value is provided via capabilities. + description: Set a global max quota for spaces in bytes. A value of 0 equals unlimited. + If not using the global OCIS_SPACES_MAX_QUOTA, you must define the FRONTEND_MAX_QUOTA + in the frontend service. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_SYSTEM_USER_API_KEY: - name: OCIS_SYSTEM_USER_API_KEY + name: OCIS_SYSTEM_USER_API_KEY;SHARING_PUBLIC_CS3_SYSTEM_USER_API_KEY defaultValue: "" type: string description: API key for the STORAGE-SYSTEM system user. @@ -8972,10 +8992,10 @@ OCIS_SYSTEM_USER_API_KEY: removalVersion: "" deprecationInfo: "" OCIS_SYSTEM_USER_ID: - name: OCIS_SYSTEM_USER_ID + name: OCIS_SYSTEM_USER_ID;SHARING_PUBLIC_CS3_SYSTEM_USER_ID defaultValue: "" type: string - description: ID of the oCIS storage-system system user. Admins need to set the ID + description: ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format. @@ -8984,7 +9004,7 @@ OCIS_SYSTEM_USER_ID: removalVersion: "" deprecationInfo: "" OCIS_SYSTEM_USER_IDP: - name: OCIS_SYSTEM_USER_IDP;SETTINGS_SYSTEM_USER_IDP + name: OCIS_SYSTEM_USER_IDP;SHARING_PUBLIC_CS3_SYSTEM_USER_IDP defaultValue: internal type: string description: IDP of the oCIS STORAGE-SYSTEM system user. @@ -8993,7 +9013,7 @@ OCIS_SYSTEM_USER_IDP: removalVersion: "" deprecationInfo: "" OCIS_TRACING_COLLECTOR: - name: OCIS_TRACING_COLLECTOR;POLICIES_TRACING_COLLECTOR + name: OCIS_TRACING_COLLECTOR;POSTPROCESSING_TRACING_COLLECTOR defaultValue: "" type: string description: The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. @@ -9003,7 +9023,7 @@ OCIS_TRACING_COLLECTOR: removalVersion: "" deprecationInfo: "" OCIS_TRACING_ENABLED: - name: OCIS_TRACING_ENABLED;POLICIES_TRACING_ENABLED + name: OCIS_TRACING_ENABLED;POSTPROCESSING_TRACING_ENABLED defaultValue: "false" type: bool description: Activates tracing. @@ -9012,7 +9032,7 @@ OCIS_TRACING_ENABLED: removalVersion: "" deprecationInfo: "" OCIS_TRACING_ENDPOINT: - name: OCIS_TRACING_ENDPOINT;POLICIES_TRACING_ENDPOINT + name: OCIS_TRACING_ENDPOINT;POSTPROCESSING_TRACING_ENDPOINT defaultValue: "" type: string description: The endpoint of the tracing agent. @@ -9021,7 +9041,7 @@ OCIS_TRACING_ENDPOINT: removalVersion: "" deprecationInfo: "" OCIS_TRACING_TYPE: - name: OCIS_TRACING_TYPE;POLICIES_TRACING_TYPE + name: OCIS_TRACING_TYPE;POSTPROCESSING_TRACING_TYPE defaultValue: "" type: string description: The type of tracing. Defaults to '', which is the same as 'jaeger'. @@ -9040,24 +9060,21 @@ OCIS_TRANSFER_SECRET: removalVersion: "" deprecationInfo: "" OCIS_TRANSLATION_PATH: - name: OCIS_TRANSLATION_PATH;GRAPH_TRANSLATION_PATH + name: OCIS_TRANSLATION_PATH;NOTIFICATIONS_TRANSLATION_PATH defaultValue: "" type: string description: (optional) Set this to a path with custom translations to overwrite the builtin translations. Note that file and folder naming rules apply, see the documentation for more details. - introductionVersion: 7.0.0 + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_URL: - name: OCIS_URL;WEBFINGER_OWNCLOUD_SERVER_INSTANCE_URL + name: OCIS_URL;OCDAV_PUBLIC_URL defaultValue: https://localhost:9200 type: string - description: The URL for the legacy ownCloud server instance relation (not to be - confused with the product ownCloud Server). It defaults to the OCIS_URL but can - be overridden to support some reverse proxy corner cases. To shard the deployment, - multiple instances can be configured in the configuration file. + description: URL where oCIS is reachable for users. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: ""