From 745c53c93271f0a8417f2432e68d2cc1d4e58b4b Mon Sep 17 00:00:00 2001 From: Martin Mattel Date: Mon, 5 Jan 2026 11:00:11 +0100 Subject: [PATCH] [docs-only] Update envvars_yaml (OCIS_MULTI_INSTANCE) --- docs/helpers/env_vars.yaml | 309 +++++++++++++++++++++---------------- 1 file changed, 173 insertions(+), 136 deletions(-) diff --git a/docs/helpers/env_vars.yaml b/docs/helpers/env_vars.yaml index aef6296634b..b74170f1eb3 100644 --- a/docs/helpers/env_vars.yaml +++ b/docs/helpers/env_vars.yaml @@ -7903,7 +7903,7 @@ OCIS_ASSET_THEMES_PATH: removalVersion: "" deprecationInfo: "" OCIS_ASYNC_UPLOADS: - name: OCIS_ASYNC_UPLOADS;SEARCH_EVENTS_ASYNC_UPLOADS + name: OCIS_ASYNC_UPLOADS defaultValue: "true" type: bool description: Enable asynchronous file uploads. @@ -7912,28 +7912,28 @@ OCIS_ASYNC_UPLOADS: removalVersion: "" deprecationInfo: "" OCIS_CACHE_AUTH_PASSWORD: - name: OCIS_CACHE_AUTH_PASSWORD + name: OCIS_CACHE_AUTH_PASSWORD;OCS_PRESIGNEDURL_SIGNING_KEYS_STORE_AUTH_PASSWORD defaultValue: "" type: string - description: The password to use for authentication. Only applies when using the - 'nats-js-kv' store type. + description: The password to authenticate with the store. Only applies when store + type 'nats-js-kv' is configured. introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CACHE_AUTH_USERNAME: - name: OCIS_CACHE_AUTH_USERNAME + name: OCIS_CACHE_AUTH_USERNAME;OCS_PRESIGNEDURL_SIGNING_KEYS_STORE_AUTH_USERNAME defaultValue: "" type: string - description: The username to use for authentication. Only applies when using the - 'nats-js-kv' store type. + description: The username to authenticate with the store. Only applies when store + type 'nats-js-kv' is configured. introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CACHE_DATABASE: name: OCIS_CACHE_DATABASE - defaultValue: cache-stat + defaultValue: settings-cache type: string description: The database name the configured store should use. introductionVersion: pre5.0 @@ -7941,45 +7941,43 @@ OCIS_CACHE_DATABASE: removalVersion: "" deprecationInfo: "" OCIS_CACHE_DISABLE_PERSISTENCE: - name: OCIS_CACHE_DISABLE_PERSISTENCE + name: OCIS_CACHE_DISABLE_PERSISTENCE;SETTINGS_CACHE_DISABLE_PERSISTENCE defaultValue: "false" type: bool - description: Disable persistence of the cache. Only applies when using the 'nats-js-kv' - store type. Defaults to false. + description: Disables persistence of the cache. Only applies when store type 'nats-js-kv' + is configured. Defaults to false. introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CACHE_STORE: - name: OCIS_CACHE_STORE - defaultValue: memory + name: OCIS_CACHE_STORE;OCS_PRESIGNEDURL_SIGNING_KEYS_STORE + defaultValue: nats-js-kv type: string - description: 'The type of the cache store. Supported values are: ''memory'', ''redis-sentinel'', - ''nats-js-kv'', ''noop''. See the text description for details.' - introductionVersion: pre5.0 + description: 'The type of the signing key store. Supported values are: ''redis-sentinel'' + and ''nats-js-kv''. See the text description for details.' + introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CACHE_STORE_NODES: - name: OCIS_CACHE_STORE_NODES + name: OCIS_CACHE_STORE_NODES;OCS_PRESIGNEDURL_SIGNING_KEYS_STORE_NODES defaultValue: '[127.0.0.1:9233]' type: '[]string' - description: A list of nodes to access the configured store. This has no effect - when 'memory' store is configured. Note that the behaviour how nodes are used - is dependent on the library of the configured store. See the Environment Variable - Types description for more details. - introductionVersion: pre5.0 + description: A list of nodes to access the configured store. Note that the behaviour + how nodes are used is dependent on the library of the configured store. See the + Environment Variable Types description for more details. + introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CACHE_TTL: - name: OCIS_CACHE_TTL - defaultValue: 5m0s + name: OCIS_CACHE_TTL;OCS_PRESIGNEDURL_SIGNING_KEYS_STORE_TTL + defaultValue: 12h0m0s type: Duration - description: Default time to live for user info in the cache. Only applied when - access tokens has no expiration. See the Environment Variable Types description - for more details. - introductionVersion: pre5.0 + description: Default time to live for signing keys. See the Environment Variable + Types description for more details. + introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -8021,49 +8019,46 @@ OCIS_CLAIM_MANAGED_SPACES_REGEXP: removalVersion: "" deprecationInfo: "" OCIS_CORS_ALLOW_CREDENTIALS: - name: OCIS_CORS_ALLOW_CREDENTIALS;OCM_CORS_ALLOW_CREDENTIALS - defaultValue: "false" + name: OCIS_CORS_ALLOW_CREDENTIALS;AUTH_APP_CORS_ALLOW_CREDENTIALS + defaultValue: "true" type: bool description: 'Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials.' - introductionVersion: "5.0" + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CORS_ALLOW_HEADERS: - name: OCIS_CORS_ALLOW_HEADERS;OCM_CORS_ALLOW_HEADERS - defaultValue: '[Origin Accept Content-Type Depth Authorization Ocs-Apirequest If-None-Match - If-Match Destination Overwrite X-Request-Id X-Requested-With Tus-Resumable Tus-Checksum-Algorithm - Upload-Concat Upload-Length Upload-Metadata Upload-Defer-Length Upload-Expires - Upload-Checksum Upload-Offset X-HTTP-Method-Override Cache-Control]' + name: OCIS_CORS_ALLOW_HEADERS;AUTH_APP_CORS_ALLOW_HEADERS + defaultValue: '[Authorization Origin Content-Type Accept X-Requested-With X-Request-Id + Ocs-Apirequest]' type: '[]string' description: 'A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details.' - introductionVersion: "5.0" + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CORS_ALLOW_METHODS: - name: OCIS_CORS_ALLOW_METHODS;OCM_CORS_ALLOW_METHODS - defaultValue: '[OPTIONS HEAD GET PUT POST DELETE MKCOL PROPFIND PROPPATCH MOVE COPY - REPORT SEARCH]' + name: OCIS_CORS_ALLOW_METHODS;AUTH_APP_CORS_ALLOW_METHODS + defaultValue: '[GET POST DELETE]' type: '[]string' description: 'A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details.' - introductionVersion: "5.0" + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_CORS_ALLOW_ORIGINS: - name: OCIS_CORS_ALLOW_ORIGINS;OCM_CORS_ALLOW_ORIGINS - defaultValue: '[https://localhost:9200]' + name: OCIS_CORS_ALLOW_ORIGINS;AUTH_APP_CORS_ALLOW_ORIGINS + defaultValue: '[*]' type: '[]string' description: 'A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details.' - introductionVersion: "5.0" + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -8180,7 +8175,7 @@ OCIS_ENABLE_OCM: removalVersion: "" deprecationInfo: "" OCIS_EVENTS_AUTH_PASSWORD: - name: OCIS_EVENTS_AUTH_PASSWORD;POSTPROCESSING_EVENTS_AUTH_PASSWORD + name: OCIS_EVENTS_AUTH_PASSWORD;EVENTHISTORY_EVENTS_AUTH_PASSWORD defaultValue: "" type: string description: The password to authenticate with the events broker. The events broker @@ -8190,7 +8185,7 @@ OCIS_EVENTS_AUTH_PASSWORD: removalVersion: "" deprecationInfo: "" OCIS_EVENTS_AUTH_USERNAME: - name: OCIS_EVENTS_AUTH_USERNAME;POSTPROCESSING_EVENTS_AUTH_USERNAME + name: OCIS_EVENTS_AUTH_USERNAME;EVENTHISTORY_EVENTS_AUTH_USERNAME defaultValue: "" type: string description: The username to authenticate with the events broker. The events broker @@ -8200,7 +8195,7 @@ OCIS_EVENTS_AUTH_USERNAME: removalVersion: "" deprecationInfo: "" OCIS_EVENTS_CLUSTER: - name: OCIS_EVENTS_CLUSTER;POSTPROCESSING_EVENTS_CLUSTER + name: OCIS_EVENTS_CLUSTER;EVENTHISTORY_EVENTS_CLUSTER defaultValue: ocis-cluster type: string description: The clusterID of the event system. The event system is the message @@ -8211,7 +8206,7 @@ OCIS_EVENTS_CLUSTER: removalVersion: "" deprecationInfo: "" OCIS_EVENTS_ENABLE_TLS: - name: OCIS_EVENTS_ENABLE_TLS;POSTPROCESSING_EVENTS_ENABLE_TLS + name: OCIS_EVENTS_ENABLE_TLS;EVENTHISTORY_EVENTS_ENABLE_TLS defaultValue: "false" type: bool description: Enable TLS for the connection to the events broker. The events broker @@ -8221,7 +8216,7 @@ OCIS_EVENTS_ENABLE_TLS: removalVersion: "" deprecationInfo: "" OCIS_EVENTS_ENDPOINT: - name: OCIS_EVENTS_ENDPOINT;POSTPROCESSING_EVENTS_ENDPOINT + name: OCIS_EVENTS_ENDPOINT;EVENTHISTORY_EVENTS_ENDPOINT defaultValue: 127.0.0.1:9233 type: string description: The address of the event system. The event system is the message queuing @@ -8231,21 +8226,21 @@ OCIS_EVENTS_ENDPOINT: removalVersion: "" deprecationInfo: "" OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE: - name: OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE;POSTPROCESSING_EVENTS_TLS_ROOT_CA_CERTIFICATE + name: OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE;EVENTHISTORY_EVENTS_TLS_ROOT_CA_CERTIFICATE defaultValue: "" type: string description: The root CA certificate used to validate the server's TLS certificate. - If provided POSTPROCESSING_EVENTS_TLS_INSECURE will be seen as false. + Will be seen as empty if NOTIFICATIONS_EVENTS_TLS_INSECURE is provided. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_GATEWAY_GRPC_ADDR: - name: OCIS_GATEWAY_GRPC_ADDR;STORAGE_USERS_GATEWAY_GRPC_ADDR + name: OCIS_GATEWAY_GRPC_ADDR;GATEWAY_GRPC_ADDR defaultValue: 127.0.0.1:9142 type: string - description: The bind address of the gateway GRPC address. - introductionVersion: "5.0" + description: The bind address of the GRPC service. + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -8273,11 +8268,11 @@ OCIS_GRPC_CLIENT_TLS_MODE: removalVersion: "" deprecationInfo: "" OCIS_GRPC_PROTOCOL: - name: OCIS_GRPC_PROTOCOL;OCM_GRPC_PROTOCOL + name: OCIS_GRPC_PROTOCOL;AUTH_APP_GRPC_PROTOCOL defaultValue: "" type: string description: The transport protocol of the GRPC service. - introductionVersion: "5.0" + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -8313,21 +8308,20 @@ OCIS_HTTP_TLS_KEY: removalVersion: "" deprecationInfo: "" OCIS_INSECURE: - name: OCIS_INSECURE;POSTPROCESSING_EVENTS_TLS_INSECURE + name: OCIS_INSECURE;EVENTHISTORY_EVENTS_TLS_INSECURE defaultValue: "false" type: bool - description: Whether the ocis server should skip the client certificate verification - during the TLS handshake. + description: Whether to verify the server TLS certificates. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_JWT_SECRET: - name: OCIS_JWT_SECRET;OCM_JWT_SECRET + name: OCIS_JWT_SECRET;CLIENTLOG_JWT_SECRET defaultValue: "" type: string description: The secret to mint and validate jwt tokens. - introductionVersion: pre5.0 + introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -8387,7 +8381,7 @@ OCIS_KEYCLOAK_USER_REALM: removalVersion: "" deprecationInfo: "" OCIS_LDAP_BIND_DN: - name: OCIS_LDAP_BIND_DN;GROUPS_LDAP_BIND_DN + name: OCIS_LDAP_BIND_DN;AUTH_BASIC_LDAP_BIND_DN defaultValue: uid=reva,ou=sysusers,o=libregraph-idm type: string description: LDAP DN to use for simple bind authentication with the target LDAP @@ -8397,7 +8391,7 @@ OCIS_LDAP_BIND_DN: removalVersion: "" deprecationInfo: "" OCIS_LDAP_BIND_PASSWORD: - name: OCIS_LDAP_BIND_PASSWORD;GROUPS_LDAP_BIND_PASSWORD + name: OCIS_LDAP_BIND_PASSWORD;AUTH_BASIC_LDAP_BIND_PASSWORD defaultValue: "" type: string description: Password to use for authenticating the 'bind_dn'. @@ -8406,7 +8400,7 @@ OCIS_LDAP_BIND_PASSWORD: removalVersion: "" deprecationInfo: "" OCIS_LDAP_CACERT: - name: OCIS_LDAP_CACERT;GROUPS_LDAP_CACERT + name: OCIS_LDAP_CACERT;AUTH_BASIC_LDAP_CACERT defaultValue: /var/lib/ocis/idm/ldap.crt type: string description: Path/File name for the root CA certificate (in PEM format) used to @@ -8417,20 +8411,20 @@ OCIS_LDAP_CACERT: removalVersion: "" deprecationInfo: "" OCIS_LDAP_DISABLE_USER_MECHANISM: - name: OCIS_LDAP_DISABLE_USER_MECHANISM;GRAPH_DISABLE_USER_MECHANISM + name: OCIS_LDAP_DISABLE_USER_MECHANISM;AUTH_BASIC_DISABLE_USER_MECHANISM defaultValue: attribute type: string - description: An option to control the behavior for disabling users. Supported options + description: An option to control the behavior for disabling users. Valid options are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API will add the user to the configured group for disabled users, if set to 'attribute' this will be done in the ldap user entry, if set to 'none' the disable request - is not processed. Default is 'attribute'. + is not processed. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_DISABLED_USERS_GROUP_DN: - name: OCIS_LDAP_DISABLED_USERS_GROUP_DN;GRAPH_DISABLED_USERS_GROUP_DN + name: OCIS_LDAP_DISABLED_USERS_GROUP_DN;AUTH_BASIC_DISABLED_USERS_GROUP_DN defaultValue: cn=DisabledUsersGroup,ou=groups,o=libregraph-idm type: string description: The distinguished name of the group to which added users will be classified @@ -8440,7 +8434,7 @@ OCIS_LDAP_DISABLED_USERS_GROUP_DN: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_BASE_DN: - name: OCIS_LDAP_GROUP_BASE_DN;GROUPS_LDAP_GROUP_BASE_DN + name: OCIS_LDAP_GROUP_BASE_DN;AUTH_BASIC_LDAP_GROUP_BASE_DN defaultValue: ou=groups,o=libregraph-idm type: string description: Search base DN for looking up LDAP groups. @@ -8449,7 +8443,7 @@ OCIS_LDAP_GROUP_BASE_DN: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_FILTER: - name: OCIS_LDAP_GROUP_FILTER;GROUPS_LDAP_GROUP_FILTER + name: OCIS_LDAP_GROUP_FILTER;AUTH_BASIC_LDAP_GROUP_FILTER defaultValue: "" type: string description: LDAP filter to add to the default filters for group searches. @@ -8458,7 +8452,7 @@ OCIS_LDAP_GROUP_FILTER: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_OBJECTCLASS: - name: OCIS_LDAP_GROUP_OBJECTCLASS;GROUPS_LDAP_GROUP_OBJECTCLASS + name: OCIS_LDAP_GROUP_OBJECTCLASS;AUTH_BASIC_LDAP_GROUP_OBJECTCLASS defaultValue: groupOfNames type: string description: The object class to use for groups in the default group search filter @@ -8468,7 +8462,7 @@ OCIS_LDAP_GROUP_OBJECTCLASS: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME: - name: OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME;GROUPS_LDAP_GROUP_SCHEMA_DISPLAYNAME + name: OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME;AUTH_BASIC_LDAP_GROUP_SCHEMA_DISPLAYNAME defaultValue: cn type: string description: LDAP Attribute to use for the displayname of groups (often the same @@ -8478,7 +8472,7 @@ OCIS_LDAP_GROUP_SCHEMA_DISPLAYNAME: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_GROUPNAME: - name: OCIS_LDAP_GROUP_SCHEMA_GROUPNAME;GROUPS_LDAP_GROUP_SCHEMA_GROUPNAME + name: OCIS_LDAP_GROUP_SCHEMA_GROUPNAME;AUTH_BASIC_LDAP_GROUP_SCHEMA_GROUPNAME defaultValue: cn type: string description: LDAP Attribute to use for the name of groups. @@ -8487,28 +8481,28 @@ OCIS_LDAP_GROUP_SCHEMA_GROUPNAME: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_ID: - name: OCIS_LDAP_GROUP_SCHEMA_ID;GROUPS_LDAP_GROUP_SCHEMA_ID + name: OCIS_LDAP_GROUP_SCHEMA_ID;AUTH_BASIC_LDAP_GROUP_SCHEMA_ID defaultValue: ownclouduuid type: string description: LDAP Attribute to use as the unique id for groups. This should be a - stable globally unique ID like a UUID. + stable globally unique id (e.g. a UUID). introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING: - name: OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING;GROUPS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING + name: OCIS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING;AUTH_BASIC_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING defaultValue: "false" type: bool description: Set this to true if the defined 'id' attribute for groups is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute - of Active Directory for the group ID's. + of Active Directory for the group IDs. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_MAIL: - name: OCIS_LDAP_GROUP_SCHEMA_MAIL;GROUPS_LDAP_GROUP_SCHEMA_MAIL + name: OCIS_LDAP_GROUP_SCHEMA_MAIL;AUTH_BASIC_LDAP_GROUP_SCHEMA_MAIL defaultValue: mail type: string description: LDAP Attribute to use for the email address of groups (can be empty). @@ -8517,7 +8511,7 @@ OCIS_LDAP_GROUP_SCHEMA_MAIL: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCHEMA_MEMBER: - name: OCIS_LDAP_GROUP_SCHEMA_MEMBER;GROUPS_LDAP_GROUP_SCHEMA_MEMBER + name: OCIS_LDAP_GROUP_SCHEMA_MEMBER;AUTH_BASIC_LDAP_GROUP_SCHEMA_MEMBER defaultValue: member type: string description: LDAP Attribute that is used for group members. @@ -8526,17 +8520,17 @@ OCIS_LDAP_GROUP_SCHEMA_MEMBER: removalVersion: "" deprecationInfo: "" OCIS_LDAP_GROUP_SCOPE: - name: OCIS_LDAP_GROUP_SCOPE;GROUPS_LDAP_GROUP_SCOPE + name: OCIS_LDAP_GROUP_SCOPE;AUTH_BASIC_LDAP_GROUP_SCOPE defaultValue: sub type: string - description: LDAP search scope to use when looking up groups. Supported scopes are + description: LDAP search scope to use when looking up groups. Supported values are 'base', 'one' and 'sub'. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_INSECURE: - name: OCIS_LDAP_INSECURE;GROUPS_LDAP_INSECURE + name: OCIS_LDAP_INSECURE;AUTH_BASIC_LDAP_INSECURE defaultValue: "false" type: bool description: Disable TLS certificate validation for the LDAP connections. Do not @@ -8558,7 +8552,7 @@ OCIS_LDAP_SERVER_WRITE_ENABLED: removalVersion: "" deprecationInfo: "" OCIS_LDAP_URI: - name: OCIS_LDAP_URI;GROUPS_LDAP_URI + name: OCIS_LDAP_URI;AUTH_BASIC_LDAP_URI defaultValue: ldaps://localhost:9235 type: string description: URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' @@ -8568,7 +8562,7 @@ OCIS_LDAP_URI: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_BASE_DN: - name: OCIS_LDAP_USER_BASE_DN;GROUPS_LDAP_USER_BASE_DN + name: OCIS_LDAP_USER_BASE_DN;AUTH_BASIC_LDAP_USER_BASE_DN defaultValue: ou=users,o=libregraph-idm type: string description: Search base DN for looking up LDAP users. @@ -8577,16 +8571,16 @@ OCIS_LDAP_USER_BASE_DN: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_ENABLED_ATTRIBUTE: - name: OCIS_LDAP_USER_ENABLED_ATTRIBUTE;GRAPH_USER_ENABLED_ATTRIBUTE + name: OCIS_LDAP_USER_ENABLED_ATTRIBUTE;AUTH_BASIC_LDAP_USER_ENABLED_ATTRIBUTE defaultValue: ownCloudUserEnabled type: string - description: LDAP Attribute to use as a flag telling if the user is enabled or disabled. + description: LDAP attribute to use as a flag telling if the user is enabled or disabled. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_FILTER: - name: OCIS_LDAP_USER_FILTER;GROUPS_LDAP_USER_FILTER + name: OCIS_LDAP_USER_FILTER;AUTH_BASIC_LDAP_USER_FILTER defaultValue: "" type: string description: LDAP filter to add to the default filters for user search like '(objectclass=ownCloud)'. @@ -8595,7 +8589,7 @@ OCIS_LDAP_USER_FILTER: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_OBJECTCLASS: - name: OCIS_LDAP_USER_OBJECTCLASS;GROUPS_LDAP_USER_OBJECTCLASS + name: OCIS_LDAP_USER_OBJECTCLASS;AUTH_BASIC_LDAP_USER_OBJECTCLASS defaultValue: inetOrgPerson type: string description: The object class to use for users in the default user search filter @@ -8605,14 +8599,14 @@ OCIS_LDAP_USER_OBJECTCLASS: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_DISPLAYNAME: - name: OCIS_LDAP_USER_SCHEMA_DISPLAYNAME;GROUPS_LDAP_USER_SCHEMA_DISPLAYNAME + name: OCIS_LDAP_USER_SCHEMA_DISPLAYNAME;AUTH_BASIC_LDAP_USER_SCHEMA_DISPLAYNAME defaultValue: displayname type: string description: LDAP Attribute to use for the displayname of users. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" - deprecationInfo: 'LDAP_USER_SCHEMA_DISPLAY_NAME changing name for consistency | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ' + deprecationInfo: 'LDAP_USER_SCHEMA_DISPLAY_NAME changing name for consistency | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ' OCIS_LDAP_USER_SCHEMA_EXTERNAL_ID: name: OCIS_LDAP_USER_SCHEMA_EXTERNAL_ID;GRAPH_LDAP_EXTERNAL_ID_ATTRIBUTE defaultValue: owncloudExternalID @@ -8625,28 +8619,28 @@ OCIS_LDAP_USER_SCHEMA_EXTERNAL_ID: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_ID: - name: OCIS_LDAP_USER_SCHEMA_ID;GROUPS_LDAP_USER_SCHEMA_ID + name: OCIS_LDAP_USER_SCHEMA_ID;AUTH_BASIC_LDAP_USER_SCHEMA_ID defaultValue: ownclouduuid type: string - description: LDAP Attribute to use as the unique id for users. This should be a - stable globally unique id like a UUID. + description: LDAP Attribute to use as the unique ID for users. This should be a + stable globally unique ID like a UUID. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING: - name: OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING;GROUPS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING + name: OCIS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING;AUTH_BASIC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING defaultValue: "false" type: bool description: Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute - of Active Directory for the user ID's. + of Active Directory for the user IDs. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_MAIL: - name: OCIS_LDAP_USER_SCHEMA_MAIL;GROUPS_LDAP_USER_SCHEMA_MAIL + name: OCIS_LDAP_USER_SCHEMA_MAIL;AUTH_BASIC_LDAP_USER_SCHEMA_MAIL defaultValue: mail type: string description: LDAP Attribute to use for the email address of users. @@ -8655,7 +8649,7 @@ OCIS_LDAP_USER_SCHEMA_MAIL: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_USER_TYPE: - name: OCIS_LDAP_USER_SCHEMA_USER_TYPE;GRAPH_LDAP_USER_TYPE_ATTRIBUTE + name: OCIS_LDAP_USER_SCHEMA_USER_TYPE;USERS_LDAP_USER_TYPE_ATTRIBUTE defaultValue: ownCloudUserType type: string description: LDAP Attribute to distinguish between 'Member' and 'Guest' users. Default @@ -8665,7 +8659,7 @@ OCIS_LDAP_USER_SCHEMA_USER_TYPE: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCHEMA_USERNAME: - name: OCIS_LDAP_USER_SCHEMA_USERNAME;GROUPS_LDAP_USER_SCHEMA_USERNAME + name: OCIS_LDAP_USER_SCHEMA_USERNAME;AUTH_BASIC_LDAP_USER_SCHEMA_USERNAME defaultValue: uid type: string description: LDAP Attribute to use for username of users. @@ -8674,17 +8668,17 @@ OCIS_LDAP_USER_SCHEMA_USERNAME: removalVersion: "" deprecationInfo: "" OCIS_LDAP_USER_SCOPE: - name: OCIS_LDAP_USER_SCOPE;GROUPS_LDAP_USER_SCOPE + name: OCIS_LDAP_USER_SCOPE;AUTH_BASIC_LDAP_USER_SCOPE defaultValue: sub type: string - description: LDAP search scope to use when looking up users. Supported scopes are + description: LDAP search scope to use when looking up users. Supported values are 'base', 'one' and 'sub'. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_LOG_COLOR: - name: OCIS_LOG_COLOR;POSTPROCESSING_LOG_COLOR + name: OCIS_LOG_COLOR;EVENTHISTORY_LOG_COLOR defaultValue: "false" type: bool description: Activates colorized log output. @@ -8693,7 +8687,7 @@ OCIS_LOG_COLOR: removalVersion: "" deprecationInfo: "" OCIS_LOG_FILE: - name: OCIS_LOG_FILE;POSTPROCESSING_LOG_FILE + name: OCIS_LOG_FILE;EVENTHISTORY_LOG_FILE defaultValue: "" type: string description: The path to the log file. Activates logging to this file if set. @@ -8702,7 +8696,7 @@ OCIS_LOG_FILE: removalVersion: "" deprecationInfo: "" OCIS_LOG_LEVEL: - name: OCIS_LOG_LEVEL;POSTPROCESSING_LOG_LEVEL + name: OCIS_LOG_LEVEL;EVENTHISTORY_LOG_LEVEL defaultValue: "" type: string description: 'The log level. Valid values are: ''panic'', ''fatal'', ''error'', @@ -8712,7 +8706,7 @@ OCIS_LOG_LEVEL: removalVersion: "" deprecationInfo: "" OCIS_LOG_PRETTY: - name: OCIS_LOG_PRETTY;POSTPROCESSING_LOG_PRETTY + name: OCIS_LOG_PRETTY;EVENTHISTORY_LOG_PRETTY defaultValue: "false" type: bool description: Activates pretty log output. @@ -8721,17 +8715,17 @@ OCIS_LOG_PRETTY: removalVersion: "" deprecationInfo: "" OCIS_MACHINE_AUTH_API_KEY: - name: OCIS_MACHINE_AUTH_API_KEY;FRONTEND_MACHINE_AUTH_API_KEY + name: OCIS_MACHINE_AUTH_API_KEY;AUTH_APP_MACHINE_AUTH_API_KEY defaultValue: "" type: string description: The machine auth API key used to validate internal requests necessary to access resources from other services. - introductionVersion: pre5.0 + introductionVersion: 7.0.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_MAX_CONCURRENCY: - name: OCIS_MAX_CONCURRENCY;USERLOG_MAX_CONCURRENCY + name: OCIS_MAX_CONCURRENCY;SHARING_USER_JSONCS3_MAX_CONCURRENCY defaultValue: "1" type: int description: Maximum number of concurrent go-routines. Higher values can potentially @@ -8774,6 +8768,51 @@ OCIS_MFA_ENABLED: deprecationVersion: "" removalVersion: "" deprecationInfo: "" +OCIS_MULTI_INSTANCE_ENABLED: + name: OCIS_MULTI_INSTANCE_ENABLED + defaultValue: "false" + type: bool + description: Enable multiple instances of Infinite Scale. + introductionVersion: Curie + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +OCIS_MULTI_INSTANCE_GUEST_CLAIM: + name: OCIS_MULTI_INSTANCE_GUEST_CLAIM + defaultValue: guestOf + type: string + description: The claim name for the 'guestOf' property + introductionVersion: Curie + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +OCIS_MULTI_INSTANCE_GUEST_ROLE: + name: OCIS_MULTI_INSTANCE_GUEST_ROLE + defaultValue: user-light + type: string + description: The role that should be assigned to a guest user + introductionVersion: Curie + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +OCIS_MULTI_INSTANCE_INSTANCEID: + name: OCIS_MULTI_INSTANCE_INSTANCEID + defaultValue: c1f28cf2-d363-4671-a8fe-8d7a80b36b87 + type: string + description: The unique id of this instance + introductionVersion: Curie + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" +OCIS_MULTI_INSTANCE_MEMBER_CLAIM: + name: OCIS_MULTI_INSTANCE_MEMBER_CLAIM + defaultValue: memberOf + type: string + description: The claim name for the 'memberOf' property + introductionVersion: Curie + deprecationVersion: "" + removalVersion: "" + deprecationInfo: "" OCIS_OIDC_CLIENT_ID: name: OCIS_OIDC_CLIENT_ID;WEB_OIDC_CLIENT_ID defaultValue: web @@ -8786,11 +8825,10 @@ OCIS_OIDC_CLIENT_ID: removalVersion: "" deprecationInfo: "" OCIS_OIDC_ISSUER: - name: OCIS_URL;OCIS_OIDC_ISSUER;GROUPS_IDP_URL + name: OCIS_URL;OCIS_OIDC_ISSUER;WEB_OIDC_AUTHORITY defaultValue: https://localhost:9200 type: string - description: The identity provider value to set in the group IDs of the CS3 group - objects for groups returned by this group provider. + description: URL of the OIDC issuer. It defaults to URL of the builtin IDP. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -8863,17 +8901,17 @@ OCIS_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS: removalVersion: "" deprecationInfo: "" OCIS_PERSISTENT_STORE: - name: OCIS_PERSISTENT_STORE;POSTPROCESSING_STORE + name: OCIS_PERSISTENT_STORE;EVENTHISTORY_STORE defaultValue: nats-js-kv type: string - description: 'The type of the store. Supported values are: ''memory'', ''redis-sentinel'', - ''nats-js-kv'', ''noop''. See the text description for details.' + description: 'The type of the store. Supported values are: ''memory'', ''nats-js-kv'', + ''redis-sentinel'', ''noop''. See the text description for details.' introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_PERSISTENT_STORE_AUTH_PASSWORD: - name: OCIS_PERSISTENT_STORE_AUTH_PASSWORD;POSTPROCESSING_STORE_AUTH_PASSWORD + name: OCIS_PERSISTENT_STORE_AUTH_PASSWORD;EVENTHISTORY_STORE_AUTH_PASSWORD defaultValue: "" type: string description: The password to authenticate with the store. Only applies when store @@ -8883,7 +8921,7 @@ OCIS_PERSISTENT_STORE_AUTH_PASSWORD: removalVersion: "" deprecationInfo: "" OCIS_PERSISTENT_STORE_AUTH_USERNAME: - name: OCIS_PERSISTENT_STORE_AUTH_USERNAME;POSTPROCESSING_STORE_AUTH_USERNAME + name: OCIS_PERSISTENT_STORE_AUTH_USERNAME;EVENTHISTORY_STORE_AUTH_USERNAME defaultValue: "" type: string description: The username to authenticate with the store. Only applies when store @@ -8893,7 +8931,7 @@ OCIS_PERSISTENT_STORE_AUTH_USERNAME: removalVersion: "" deprecationInfo: "" OCIS_PERSISTENT_STORE_NODES: - name: OCIS_PERSISTENT_STORE_NODES;POSTPROCESSING_STORE_NODES + name: OCIS_PERSISTENT_STORE_NODES;EVENTHISTORY_STORE_NODES defaultValue: '[127.0.0.1:9233]' type: '[]string' description: A list of nodes to access the configured store. This has no effect @@ -8905,11 +8943,11 @@ OCIS_PERSISTENT_STORE_NODES: removalVersion: "" deprecationInfo: "" OCIS_PERSISTENT_STORE_TTL: - name: OCIS_PERSISTENT_STORE_TTL;POSTPROCESSING_STORE_TTL - defaultValue: 0s + name: OCIS_PERSISTENT_STORE_TTL;EVENTHISTORY_STORE_TTL + defaultValue: 336h0m0s type: Duration - description: Time to live for events in the store. See the Environment Variable - Types description for more details. + description: Time to live for events in the store. Defaults to '336h' (2 weeks). + See the Environment Variable Types description for more details. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -8927,8 +8965,8 @@ OCIS_REVA_GATEWAY: name: OCIS_REVA_GATEWAY defaultValue: com.owncloud.api.gateway type: string - description: The CS3 gateway endpoint. - introductionVersion: pre5.0 + description: CS3 gateway used to look up user metadata + introductionVersion: "5.0" deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -8955,7 +8993,7 @@ OCIS_REVA_GATEWAY_TLS_MODE: removalVersion: "" deprecationInfo: "" OCIS_SERVICE_ACCOUNT_ID: - name: OCIS_SERVICE_ACCOUNT_ID;OCM_SERVICE_ACCOUNT_ID + name: OCIS_SERVICE_ACCOUNT_ID;CLIENTLOG_SERVICE_ACCOUNT_ID defaultValue: "" type: string description: The ID of the service account the service should use. See the 'auth-service' @@ -8965,7 +9003,7 @@ OCIS_SERVICE_ACCOUNT_ID: removalVersion: "" deprecationInfo: "" OCIS_SERVICE_ACCOUNT_SECRET: - name: OCIS_SERVICE_ACCOUNT_SECRET;OCM_SERVICE_ACCOUNT_SECRET + name: OCIS_SERVICE_ACCOUNT_SECRET;CLIENTLOG_SERVICE_ACCOUNT_SECRET defaultValue: "" type: string description: The service account secret. @@ -9044,40 +9082,40 @@ OCIS_SYSTEM_USER_IDP: removalVersion: "" deprecationInfo: "" OCIS_TRACING_COLLECTOR: - name: OCIS_TRACING_COLLECTOR;POSTPROCESSING_TRACING_COLLECTOR + name: OCIS_TRACING_COLLECTOR;EVENTHISTORY_TRACING_COLLECTOR defaultValue: "" type: string description: The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset. - introductionVersion: "5.0" + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_TRACING_ENABLED: - name: OCIS_TRACING_ENABLED;POSTPROCESSING_TRACING_ENABLED + name: OCIS_TRACING_ENABLED;EVENTHISTORY_TRACING_ENABLED defaultValue: "false" type: bool description: Activates tracing. - introductionVersion: "5.0" + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_TRACING_ENDPOINT: - name: OCIS_TRACING_ENDPOINT;POSTPROCESSING_TRACING_ENDPOINT + name: OCIS_TRACING_ENDPOINT;EVENTHISTORY_TRACING_ENDPOINT defaultValue: "" type: string description: The endpoint of the tracing agent. - introductionVersion: "5.0" + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" OCIS_TRACING_TYPE: - name: OCIS_TRACING_TYPE;POSTPROCESSING_TRACING_TYPE + name: OCIS_TRACING_TYPE;EVENTHISTORY_TRACING_TYPE defaultValue: "" type: string description: The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger', 'otlp' and '' as of now. - introductionVersion: "5.0" + introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" deprecationInfo: "" @@ -9085,7 +9123,7 @@ OCIS_TRANSFER_SECRET: name: OCIS_TRANSFER_SECRET defaultValue: "" type: string - description: Transfer secret for signing file up- and download requests. + description: The storage transfer secret. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: "" @@ -9102,11 +9140,10 @@ OCIS_TRANSLATION_PATH: removalVersion: "" deprecationInfo: "" OCIS_URL: - name: OCIS_URL;OCIS_OIDC_ISSUER;GROUPS_IDP_URL + name: OCIS_URL;OCIS_OIDC_ISSUER;WEB_OIDC_AUTHORITY defaultValue: https://localhost:9200 type: string - description: The identity provider value to set in the group IDs of the CS3 group - objects for groups returned by this group provider. + description: URL of the OIDC issuer. It defaults to URL of the builtin IDP. introductionVersion: pre5.0 deprecationVersion: "" removalVersion: ""